RESOLVED FIXED 109389
DFG DCE might eliminate checks unsoundly 
https://bugs.webkit.org/show_bug.cgi?id=109389
Summary DFG DCE might eliminate checks unsoundly
Filip Pizlo
Reported 2013-02-10 14:07:58 PST
We sort of guard against this in common cases by preventing DCE entirely for some nodes (like ArithAdd and friends) but the bottom line is that DCE is just broken.
Attachments
work in progress (19.88 KB, patch)
2013-02-28 14:58 PST, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
more (46.42 KB, patch)
2013-02-28 17:08 PST, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
more (62.95 KB, patch)
2013-03-01 12:28 PST, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
it compiles (69.98 KB, patch)
2013-03-01 13:09 PST, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
it's starting to do things (71.52 KB, patch)
2013-03-01 13:42 PST, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
it's starting to run bigger things (84.88 KB, patch)
2013-03-01 16:09 PST, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
runs the main benchmarks (86.01 KB, patch)
2013-03-01 16:49 PST, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
getting close (88.63 KB, patch)
2013-03-01 18:22 PST, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
the patch (99.96 KB, patch)
2013-03-04 23:59 PST, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
the patch (99.92 KB, patch)
2013-03-05 13:34 PST, Filip Pizlo 		oliver: review+
DetailsFormatted DiffDiff
Show Obsolete (9) View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2013-02-10 14:54:32 PST
Note that https://bugs.webkit.org/show_bug.cgi?id=109371 is a great step towards fixing this. After that bug is fixed, we will be able to easily DCE while preserving checks by turning the relevant node into a Phantom that still has the same Edges.
Filip Pizlo
Comment 2 2013-02-28 12:43:51 PST
*** Bug 109388 has been marked as a duplicate of this bug. ***
Filip Pizlo
Comment 3 2013-02-28 14:58:18 PST
Created attachment 190815 [details] work in progress
Filip Pizlo
Comment 4 2013-02-28 17:08:17 PST
Created attachment 190848 [details] more
Filip Pizlo
Comment 5 2013-03-01 12:28:48 PST
Created attachment 191009 [details] more
Filip Pizlo
Comment 6 2013-03-01 13:09:38 PST
Created attachment 191020 [details] it compiles on 64-bit Mac at least
Filip Pizlo
Comment 7 2013-03-01 13:42:57 PST
Created attachment 191029 [details] it's starting to do things
Filip Pizlo
Comment 8 2013-03-01 16:09:36 PST
Created attachment 191061 [details] it's starting to run bigger things
Filip Pizlo
Comment 9 2013-03-01 16:49:56 PST
Created attachment 191071 [details] runs the main benchmarks But it still needs some performance love.
Filip Pizlo
Comment 10 2013-03-01 18:22:22 PST
Created attachment 191085 [details] getting close
Filip Pizlo
Comment 11 2013-03-04 23:59:18 PST
Created attachment 191416 [details] the patch
WebKit Review Bot
Comment 12 2013-03-05 00:42:29 PST
Attachment 191416 [details] did not pass style-queue: Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'Source/JavaScriptCore/CMakeLists.txt', u'Source/JavaScriptCore/ChangeLog', u'Source/JavaScriptCore/GNUmakefile.list.am', u'Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj', u'Source/JavaScriptCore/Target.pri', u'Source/JavaScriptCore/dfg/DFGAbstractState.cpp', u'Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.cpp', u'Source/JavaScriptCore/dfg/DFGBasicBlock.h', u'Source/JavaScriptCore/dfg/DFGBasicBlockInlines.h', u'Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp', u'Source/JavaScriptCore/dfg/DFGCFAPhase.cpp', u'Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp', u'Source/JavaScriptCore/dfg/DFGCPSRethreadingPhase.cpp', u'Source/JavaScriptCore/dfg/DFGCSEPhase.cpp', u'Source/JavaScriptCore/dfg/DFGCommon.cpp', u'Source/JavaScriptCore/dfg/DFGCommon.h', u'Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp', u'Source/JavaScriptCore/dfg/DFGDCEPhase.cpp', u'Source/JavaScriptCore/dfg/DFGDCEPhase.h', u'Source/JavaScriptCore/dfg/DFGDriver.cpp', u'Source/JavaScriptCore/dfg/DFGFixupPhase.cpp', u'Source/JavaScriptCore/dfg/DFGGraph.cpp', u'Source/JavaScriptCore/dfg/DFGGraph.h', u'Source/JavaScriptCore/dfg/DFGInsertionSet.h', u'Source/JavaScriptCore/dfg/DFGNode.h', u'Source/JavaScriptCore/dfg/DFGNodeType.h', u'Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp', u'Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp', u'Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h', u'Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp', u'Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp', u'Source/JavaScriptCore/dfg/DFGStructureCheckHoistingPhase.cpp', u'Source/JavaScriptCore/dfg/DFGValidate.cpp']" exit_code: 1 Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:2034: When wrapping a line, only indent 4 spaces. [whitespace/indent] [3] Source/JavaScriptCore/dfg/DFGBasicBlock.h:105: The parameter name "valueParams" adds no information, so it should be removed. [readability/parameter_name] [5] Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:1981: When wrapping a line, only indent 4 spaces. [whitespace/indent] [3] Total errors found: 3 in 33 files If any of these errors are false positives, please file a bug against check-webkit-style.
Filip Pizlo
Comment 13 2013-03-05 13:34:14 PST
Created attachment 191551 [details] the patch Rabased and fixed two style goofs.
WebKit Review Bot
Comment 14 2013-03-05 13:36:25 PST
Attachment 191551 [details] did not pass style-queue: Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'Source/JavaScriptCore/CMakeLists.txt', u'Source/JavaScriptCore/ChangeLog', u'Source/JavaScriptCore/GNUmakefile.list.am', u'Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj', u'Source/JavaScriptCore/Target.pri', u'Source/JavaScriptCore/dfg/DFGAbstractState.cpp', u'Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.cpp', u'Source/JavaScriptCore/dfg/DFGBasicBlock.h', u'Source/JavaScriptCore/dfg/DFGBasicBlockInlines.h', u'Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp', u'Source/JavaScriptCore/dfg/DFGCFAPhase.cpp', u'Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp', u'Source/JavaScriptCore/dfg/DFGCPSRethreadingPhase.cpp', u'Source/JavaScriptCore/dfg/DFGCSEPhase.cpp', u'Source/JavaScriptCore/dfg/DFGCommon.cpp', u'Source/JavaScriptCore/dfg/DFGCommon.h', u'Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp', u'Source/JavaScriptCore/dfg/DFGDCEPhase.cpp', u'Source/JavaScriptCore/dfg/DFGDCEPhase.h', u'Source/JavaScriptCore/dfg/DFGDriver.cpp', u'Source/JavaScriptCore/dfg/DFGFixupPhase.cpp', u'Source/JavaScriptCore/dfg/DFGGraph.cpp', u'Source/JavaScriptCore/dfg/DFGGraph.h', u'Source/JavaScriptCore/dfg/DFGInsertionSet.h', u'Source/JavaScriptCore/dfg/DFGNode.h', u'Source/JavaScriptCore/dfg/DFGNodeType.h', u'Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp', u'Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp', u'Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h', u'Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp', u'Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp', u'Source/JavaScriptCore/dfg/DFGStructureCheckHoistingPhase.cpp', u'Source/JavaScriptCore/dfg/DFGValidate.cpp']" exit_code: 1 Source/JavaScriptCore/dfg/DFGBasicBlock.h:105: The parameter name "valueParams" adds no information, so it should be removed. [readability/parameter_name] [5] Total errors found: 1 in 33 files If any of these errors are false positives, please file a bug against check-webkit-style.
Filip Pizlo
Comment 15 2013-03-05 18:29:37 PST
Landed in http://trac.webkit.org/changeset/144862
Note You need to log in before you can comment on or make changes to this bug.