Branch: refs/heads/webkitglib/2.42 Home: https://github.com/WebKit/WebKit Commit: e960cdca544708c5eb699635438bf5e73c977c51 https://github.com/WebKit/WebKit/commit/e960cdca544708c5eb699635438bf5e73c977c51 Author: Keith Miller <keith_mil...@apple.com> Date: 2023-09-21 (Thu, 21 Sep 2023)
Changed paths: A JSTests/stress/getbyoffset-cse-consistency.js A JSTests/stress/multigetbyoffset-cse-consistency.js M Source/JavaScriptCore/dfg/DFGCSEPhase.cpp M Source/JavaScriptCore/dfg/DFGClobberize.h M Source/JavaScriptCore/dfg/DFGHeapLocation.h Log Message: ----------- Cherry-pick 265870.333@safari-7616.1.27.10-branch (ab5c6119c469). https://bugs.webkit.org/show_bug.cgi?id=261544 Cherry-pick 47e039ffd689. rdar://115399657 clobberize needs to be more precise with the *ByOffset nodes https://bugs.webkit.org/show_bug.cgi?id=261544 rdar://115399657 Reviewed by Yusuke Suzuki and Mark Lam. CSE phase uses clobberize to figure out if it's safe to merge two operations that def the same HeapLocation. Since HeapLocation does not currently have a way to track the offset used by the various *ByOffset nodes it can get confused and think that two ByOffset instructions produce the same value even if they don't use the same offset. This patch solves this by adding a new field to HeapLocation, which takes the metadata associated with the corresponding *ByOffset node. If two *ByOffset operations don't share the same metadata then they cannot be CSEed. * Source/JavaScriptCore/dfg/DFGCSEPhase.cpp: * Source/JavaScriptCore/dfg/DFGClobberize.h: (JSC::DFG::clobberize): * Source/JavaScriptCore/dfg/DFGHeapLocation.h: (JSC::DFG::HeapLocation::HeapLocation): (JSC::DFG::HeapLocation::extraState const): (JSC::DFG::HeapLocation::hash const): Canonical link: https://commits.webkit.org/265870.558@safari-7616-branch Identifier: 265423.780@safari-7616.1.27.10-branch _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes