Modified: branches/safari-601-branch/Source/_javascript_Core/ChangeLog (191653 => 191654)
--- branches/safari-601-branch/Source/_javascript_Core/ChangeLog 2015-10-28 05:19:20 UTC (rev 191653)
+++ branches/safari-601-branch/Source/_javascript_Core/ChangeLog 2015-10-28 05:19:25 UTC (rev 191654)
@@ -1,3 +1,23 @@
+2015-10-27 Matthew Hanson <matthew_han...@apple.com>
+
+ Merge r187510. rdar://problem/22847057
+
+ 2015-07-28 Filip Pizlo <fpi...@apple.com>
+
+ DFG::PutStackSinkingPhase should be more aggressive about its "no GetStack until put" rule
+ https://bugs.webkit.org/show_bug.cgi?id=147371
+
+ Reviewed by Mark Lam.
+
+ Two fixes:
+
+ - Make ConflictingFlush really mean that you can't load from the stack slot. This means not
+ using ConflictingFlush for arguments.
+
+ - Assert that a GetStack never sees ConflictingFlush.
+
+ * dfg/DFGPutStackSinkingPhase.cpp:
+
2015-10-26 Matthew Hanson <matthew_han...@apple.com>
Merge r191530. rdar://problem/23206864
Modified: branches/safari-601-branch/Source/_javascript_Core/dfg/DFGPutStackSinkingPhase.cpp (191653 => 191654)
--- branches/safari-601-branch/Source/_javascript_Core/dfg/DFGPutStackSinkingPhase.cpp 2015-10-28 05:19:20 UTC (rev 191653)
+++ branches/safari-601-branch/Source/_javascript_Core/dfg/DFGPutStackSinkingPhase.cpp 2015-10-28 05:19:25 UTC (rev 191654)
@@ -216,9 +216,10 @@
deferredAtTail[block] =
Operands<FlushFormat>(OperandsLike, block->variablesAtHead);
}
+
+ for (unsigned local = deferredAtHead.atIndex(0).numberOfLocals(); local--;)
+ deferredAtHead.atIndex(0).local(local) = ConflictingFlush;
- deferredAtHead.atIndex(0).fill(ConflictingFlush);
-
do {
changed = false;
@@ -230,12 +231,18 @@
dataLog("Deferred at ", node, ":", deferred, "\n");
if (node->op() == GetStack) {
+ DFG_ASSERT(
+ m_graph, node,
+ deferred.operand(node->stackAccessData()->local) != ConflictingFlush);
+
// A GetStack doesn't affect anything, since we know which local we are reading
// from.
continue;
}
auto escapeHandler = [&] (VirtualRegister operand) {
+ if (verbose)
+ dataLog("For ", node, " escaping ", operand, "\n");
if (operand.isHeader())
return;
// We will materialize just before any reads.
@@ -406,6 +413,10 @@
StackAccessData* data = ""
FlushFormat format = deferred.operand(data->local);
if (!isConcrete(format)) {
+ DFG_ASSERT(
+ m_graph, node,
+ deferred.operand(data->local) != ConflictingFlush);
+
// This means there is no deferral. No deferral means that the most
// authoritative value for this stack slot is what is stored in the stack. So,
// keep the GetStack.
@@ -427,12 +438,18 @@
default: {
auto escapeHandler = [&] (VirtualRegister operand) {
+ if (verbose)
+ dataLog("For ", node, " escaping ", operand, "\n");
+
if (operand.isHeader())
return;
FlushFormat format = deferred.operand(operand);
- if (!isConcrete(format))
+ if (!isConcrete(format)) {
+ // It's dead now, rather than conflicting.
+ deferred.operand(operand) = DeadFlush;
return;
+ }
// Gotta insert a PutStack.
if (verbose)
