[webkit-changes] [98188] trunk

Fri, 21 Oct 2011 20:57:55 -0700

Title: [98188] trunk
Revision
98188
Author
fpi...@apple.com
Date
2011-10-21 20:58:55 -0700 (Fri, 21 Oct 2011)

Log Message

DFG inlining sometimes fails to reset constant references
https://bugs.webkit.org/show_bug.cgi?id=70668

Source/_javascript_Core: 

Reviewed by Anders Carlsson.
        
Reset constant references when we need to (new block created) and not
when we don't (change of inlining depth).

* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::prepareToParseBlock):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::parseCodeBlock):

LayoutTests: 

Reviewed by Anders Carlsson.
        
Added a new test that covers this specific bug as well as the general
ability to perform inlining, and the ability to OSR out of an inline
stack.

* fast/js/dfg-inline-constant-expected.txt: Added.
* fast/js/dfg-inline-constant.html: Added.
* fast/js/script-tests/dfg-inline-constant.js: Added.
(foo):
(bar):

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (98187 => 98188)


--- trunk/LayoutTests/ChangeLog	2011-10-22 03:56:01 UTC (rev 98187)
+++ trunk/LayoutTests/ChangeLog	2011-10-22 03:58:55 UTC (rev 98188)
@@ -1,3 +1,20 @@
+2011-10-21  Filip Pizlo  <fpi...@apple.com>
+
+        DFG inlining sometimes fails to reset constant references
+        https://bugs.webkit.org/show_bug.cgi?id=70668
+
+        Reviewed by Anders Carlsson.
+        
+        Added a new test that covers this specific bug as well as the general
+        ability to perform inlining, and the ability to OSR out of an inline
+        stack.
+
+        * fast/js/dfg-inline-constant-expected.txt: Added.
+        * fast/js/dfg-inline-constant.html: Added.
+        * fast/js/script-tests/dfg-inline-constant.js: Added.
+        (foo):
+        (bar):
+
 2011-10-21  Ojan Vafai  <o...@chromium.org>
 
         Fixup test expectations now that http://trac.webkit.org/changeset/98173 has landed.

Added: trunk/LayoutTests/fast/js/dfg-inline-constant-expected.txt (0 => 98188)


--- trunk/LayoutTests/fast/js/dfg-inline-constant-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/js/dfg-inline-constant-expected.txt	2011-10-22 03:58:55 UTC (rev 98188)
@@ -0,0 +1,13 @@
+This tests that function inlining in the DFG JIT doesn't get confused by constants being reused between inliner and inlinee.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS bar(6, 0) is 10
+PASS bar(6, 1) is 15
+PASS bar(6, false) is 10
+PASS bar(6, true) is 15
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: trunk/LayoutTests/fast/js/dfg-inline-constant.html (0 => 98188)


--- trunk/LayoutTests/fast/js/dfg-inline-constant.html	                        (rev 0)
+++ trunk/LayoutTests/fast/js/dfg-inline-constant.html	2011-10-22 03:58:55 UTC (rev 98188)
@@ -0,0 +1,10 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script src=""
+<script src=""
+</body>
+</html>

Added: trunk/LayoutTests/fast/js/script-tests/dfg-inline-constant.js (0 => 98188)


--- trunk/LayoutTests/fast/js/script-tests/dfg-inline-constant.js	                        (rev 0)
+++ trunk/LayoutTests/fast/js/script-tests/dfg-inline-constant.js	2011-10-22 03:58:55 UTC (rev 98188)
@@ -0,0 +1,23 @@
+description(
+"This tests that function inlining in the DFG JIT doesn't get confused by constants being reused between inliner and inlinee."
+);
+
+function foo(a, b) {
+    if (b)
+        return a + 4;
+    return b + 5;
+}
+
+function bar(a, b) {
+    return foo(a, b) + 5;
+}
+
+for (var i = 0; i < 1000; ++i)
+    bar(i, i + 1);
+
+shouldBe("bar(6, 0)", "10");
+shouldBe("bar(6, 1)", "15");
+shouldBe("bar(6, false)", "10");
+shouldBe("bar(6, true)", "15");
+
+var successfullyParsed = true;

Modified: trunk/Source/_javascript_Core/ChangeLog (98187 => 98188)


--- trunk/Source/_javascript_Core/ChangeLog	2011-10-22 03:56:01 UTC (rev 98187)
+++ trunk/Source/_javascript_Core/ChangeLog	2011-10-22 03:58:55 UTC (rev 98188)
@@ -1,5 +1,21 @@
 2011-10-21  Filip Pizlo  <fpi...@apple.com>
 
+        DFG inlining sometimes fails to reset constant references
+        https://bugs.webkit.org/show_bug.cgi?id=70668
+
+        Reviewed by Anders Carlsson.
+        
+        Reset constant references when we need to (new block created) and not
+        when we don't (change of inlining depth).
+
+        * dfg/DFGByteCodeParser.cpp:
+        (JSC::DFG::ByteCodeParser::handleInlining):
+        (JSC::DFG::ByteCodeParser::prepareToParseBlock):
+        (JSC::DFG::ByteCodeParser::parseBlock):
+        (JSC::DFG::ByteCodeParser::parseCodeBlock):
+
+2011-10-21  Filip Pizlo  <fpi...@apple.com>
+
         DFG should have inlining
         https://bugs.webkit.org/show_bug.cgi?id=69996

Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (98187 => 98188)


--- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp	2011-10-22 03:56:01 UTC (rev 98187)
+++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp	2011-10-22 03:58:55 UTC (rev 98188)
@@ -82,6 +82,8 @@
     bool handleInlining(bool usesResult, int callTarget, NodeIndex callTargetNodeIndex, int resultOperand, bool certainAboutExpectedFunction, JSFunction*, int firstArg, int lastArg, unsigned nextOffset);
     // Handle intrinsic functions. Return true if it succeeded, false if we need to plant a call.
     bool handleIntrinsic(bool usesResult, int resultOperand, Intrinsic, int firstArg, int lastArg, PredictedType prediction);
+    // Prepare to parse a block.
+    void prepareToParseBlock();
     // Parse a single basic block of bytecode instructions.
     bool parseBlock(unsigned limit);
     // Find reachable code and setup predecessor links in the graph's BasicBlocks.
@@ -1027,6 +1029,7 @@
     m_inlineStackTop->m_caller->m_unlinkedBlocks.append(UnlinkedBlock(m_graph.m_blocks.size()));
     m_inlineStackTop->m_caller->m_blockLinkingTargets.append(m_graph.m_blocks.size());
     m_graph.m_blocks.append(block.release());
+    prepareToParseBlock();
     
     // At this point we return and continue to generate code for the caller, but
     // in the new basic block.
@@ -1122,14 +1125,14 @@
     }
 }
 
+void ByteCodeParser::prepareToParseBlock()
+{
+    for (unsigned i = 0; i < m_constants.size(); ++i)
+        m_constants[i] = ConstantRecord();
+}
+
 bool ByteCodeParser::parseBlock(unsigned limit)
 {
-    // No need to reset state initially, since it has been set by the constructor.
-    if (m_currentIndex) {
-        for (unsigned i = 0; i < m_constants.size(); ++i)
-            m_constants[i] = ConstantRecord();
-    }
-    
     // If we are the first basic block, introduce markers for arguments. This allows
     // us to track if a use of an argument may use the actual argument passed, as
     // opposed to using a value we set explicitly.
@@ -2379,6 +2382,7 @@
                     m_inlineStackTop->m_unlinkedBlocks.append(UnlinkedBlock(m_graph.m_blocks.size()));
                     m_inlineStackTop->m_blockLinkingTargets.append(m_graph.m_blocks.size());
                     m_graph.m_blocks.append(block.release());
+                    prepareToParseBlock();
                 }
             }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to