DFG: Loop-invariant code motion (LICM) should not hoist dead code
authorrmorisset@apple.com <rmorisset@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 1 Mar 2019 19:24:08 +0000 (19:24 +0000)
committerrmorisset@apple.com <rmorisset@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 1 Mar 2019 19:24:08 +0000 (19:24 +0000)
https://bugs.webkit.org/show_bug.cgi?id=194945
<rdar://problem/48311657>

Reviewed by Saam Barati.

* dfg/DFGLICMPhase.cpp:
(JSC::DFG::LICMPhase::run):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@242276 268f45cc-cd09-0410-ab3c-d52691b4dbfc

JSTests/ChangeLog
JSTests/stress/licm-dead-code.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGLICMPhase.cpp

index c8b8194..710a9fa 100644 (file)
         (bar):
         (foo):
 
+2019-02-27  Robin Morisset  <rmorisset@apple.com>
+
+        DFG: Loop-invariant code motion (LICM) should not hoist dead code
+        https://bugs.webkit.org/show_bug.cgi?id=194945
+        <rdar://problem/48311657>
+
+        Reviewed by Mark Lam.
+
+        * stress/licm-dead-code.js: Added.
+
 2019-02-26  Yusuke Suzuki  <ysuzuki@apple.com>
 
         REGRESSION: stress/regress-178386.js is timing out on JSC debug bot
diff --git a/JSTests/stress/licm-dead-code.js b/JSTests/stress/licm-dead-code.js
new file mode 100644 (file)
index 0000000..3c0b848
--- /dev/null
@@ -0,0 +1,22 @@
+for (let i = 0; i < 1000; i++) {
+}
+for (let i = 0; i < 10; ++i) {
+    function foo() {
+        for (let j = 0; j < 3; j = j + "asdf") {
+            const cond = Error != Error;
+            if (!cond) {
+                42[0];
+            }
+
+            function bar(arg) {
+                return arg.baz = 42;
+            }
+            for (let k = 0; k < 10000; ++k) {
+                bar({}, ...arguments);
+            }
+        }
+        for (let j = 0; j < 1000000; ++j) {}
+    }
+    foo();
+}
+
index 18b5eb2..f79310d 100644 (file)
         * bytecode/CodeBlock.cpp:
         (JSC::CodeBlock::nameForRegister):
 
+2019-02-27  Robin Morisset  <rmorisset@apple.com>
+
+        DFG: Loop-invariant code motion (LICM) should not hoist dead code
+        https://bugs.webkit.org/show_bug.cgi?id=194945
+        <rdar://problem/48311657>
+
+        Reviewed by Saam Barati.
+
+        * dfg/DFGLICMPhase.cpp:
+        (JSC::DFG::LICMPhase::run):
+
 2019-02-27  Antoine Quint  <graouts@apple.com>
 
         Support Pointer Events on macOS
index e79b4e5..72b3548 100644 (file)
@@ -184,6 +184,9 @@ public:
         Vector<const NaturalLoop*> loopStack;
         bool changed = false;
         for (BasicBlock* block : m_graph.blocksInPreOrder()) {
+            if (!block->cfaHasVisited)
+                continue;
+
             const NaturalLoop* loop = m_graph.m_ssaNaturalLoops->innerMostLoopOf(block);
             if (!loop)
                 continue;
@@ -210,6 +213,8 @@ public:
             
             for (unsigned nodeIndex = 0; nodeIndex < block->size(); ++nodeIndex) {
                 Node*& nodeRef = block->at(nodeIndex);
+                if (nodeRef->op() == ForceOSRExit)
+                    break;
                 for (unsigned stackIndex = loopStack.size(); stackIndex--;)
                     changed |= attemptHoist(block, nodeRef, loopStack[stackIndex]);
             }