[webkit-changes] [163838] trunk/Source/JavaScriptCore

Mon, 10 Feb 2014 16:43:27 -0800

Title: [163838] trunk/Source/_javascript_Core
Revision
163838
Author
msab...@apple.com
Date
2014-02-10 16:47:34 -0800 (Mon, 10 Feb 2014)

Log Message

Fail FTL compilation if the required stack is too big
https://bugs.webkit.org/show_bug.cgi?id=128560

Reviewed by Filip Pizlo.

Added StackSize struct to FTLStackMaps and populated it.  Added and updated
related dump functions.  Use the stack size found at the end of the compilation
to compare against the value of a new option, llvmMaxStackSize.  We fail the
compile if the function's stack size is greater than llvmMaxStackSize.

* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* ftl/FTLStackMaps.cpp:
(JSC::FTL::StackMaps::StackSize::parse):
(JSC::FTL::StackMaps::StackSize::dump):
(JSC::FTL::StackMaps::parse):
(JSC::FTL::StackMaps::dump):
(JSC::FTL::StackMaps::dumpMultiline):
(JSC::FTL::StackMaps::getStackSize):
* ftl/FTLStackMaps.h:
* runtime/Options.h:

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (163837 => 163838)


--- trunk/Source/_javascript_Core/ChangeLog	2014-02-11 00:24:58 UTC (rev 163837)
+++ trunk/Source/_javascript_Core/ChangeLog	2014-02-11 00:47:34 UTC (rev 163838)
@@ -1,3 +1,27 @@
+2014-02-10  Michael Saboff  <msab...@apple.com>
+
+        Fail FTL compilation if the required stack is too big
+        https://bugs.webkit.org/show_bug.cgi?id=128560
+
+        Reviewed by Filip Pizlo.
+
+        Added StackSize struct to FTLStackMaps and populated it.  Added and updated
+        related dump functions.  Use the stack size found at the end of the compilation
+        to compare against the value of a new option, llvmMaxStackSize.  We fail the
+        compile if the function's stack size is greater than llvmMaxStackSize.
+
+        * dfg/DFGPlan.cpp:
+        (JSC::DFG::Plan::compileInThreadImpl):
+        * ftl/FTLStackMaps.cpp:
+        (JSC::FTL::StackMaps::StackSize::parse):
+        (JSC::FTL::StackMaps::StackSize::dump):
+        (JSC::FTL::StackMaps::parse):
+        (JSC::FTL::StackMaps::dump):
+        (JSC::FTL::StackMaps::dumpMultiline):
+        (JSC::FTL::StackMaps::getStackSize):
+        * ftl/FTLStackMaps.h:
+        * runtime/Options.h:
+
 2014-02-10  Mark Lam  <mark....@apple.com>
 
         Change JSLock::dropAllLocks() and friends to use lock() and unlock().

Modified: trunk/Source/_javascript_Core/dfg/DFGPlan.cpp (163837 => 163838)


--- trunk/Source/_javascript_Core/dfg/DFGPlan.cpp	2014-02-11 00:24:58 UTC (rev 163837)
+++ trunk/Source/_javascript_Core/dfg/DFGPlan.cpp	2014-02-11 00:47:34 UTC (rev 163838)
@@ -339,7 +339,12 @@
             FTL::fail(state);
             return FTLPath;
         }
-        
+
+        if (state.jitCode->stackmaps.stackSize() > Options::llvmMaxStackSize()) {
+            FTL::fail(state);
+            return FTLPath;
+        }
+
         FTL::link(state);
         return FTLPath;
 #else

Modified: trunk/Source/_javascript_Core/ftl/FTLStackMaps.cpp (163837 => 163838)


--- trunk/Source/_javascript_Core/ftl/FTLStackMaps.cpp	2014-02-11 00:24:58 UTC (rev 163837)
+++ trunk/Source/_javascript_Core/ftl/FTLStackMaps.cpp	2014-02-11 00:47:34 UTC (rev 163838)
@@ -53,6 +53,17 @@
     out.printf("0x%016llx", integer);
 }
 
+void StackMaps::StackSize::parse(DataView* view, unsigned& offset)
+{
+    functionOffset = view->read<uint32_t>(offset, true);
+    size = view->read<uint32_t>(offset, true);
+}
+
+void StackMaps::StackSize::dump(PrintStream& out) const
+{
+    out.print("(off:", functionOffset, ", size:", size, ")");
+}
+
 void StackMaps::Location::parse(DataView* view, unsigned& offset)
 {
     kind = static_cast<Kind>(view->read<uint8_t>(offset, true));
@@ -116,15 +127,9 @@
     view->read<uint32_t>(offset, true); // Reserved (header)
     
     uint32_t numFunctions = view->read<uint32_t>(offset, true);
+    ASSERT(numFunctions == 1); // There should only be one stack size record
     while (numFunctions--) {
-        // FIXME: Actually use this data.
-        // https://bugs.webkit.org/show_bug.cgi?id=125650
-        uint32_t functionOffset = view->read<uint32_t>(offset, true);
-        uint32_t stackSize = view->read<uint32_t>(offset, true);
-        if (!stackSize || stackSize > (1 << 20)) {
-            dataLog("Bad stack size ", stackSize, " for function offset", functionOffset, "\n");
-            RELEASE_ASSERT_NOT_REACHED();
-        }
+        stackSizes.append(readObject<StackSize>(view, offset));
     }
     
     uint32_t numConstants = view->read<uint32_t>(offset, true);
@@ -144,11 +149,14 @@
 
 void StackMaps::dump(PrintStream& out) const
 {
-    out.print("Constants:[", listDump(constants), "], Records:[", listDump(records), "]");
+    out.print("StackSizes[", listDump(stackSizes), "], Constants:[", listDump(constants), "], Records:[", listDump(records), "]");
 }
 
 void StackMaps::dumpMultiline(PrintStream& out, const char* prefix) const
 {
+    out.print(prefix, "StackSizes:\n");
+    for (unsigned i = 0; i < stackSizes.size(); ++i)
+        out.print(prefix, "    ", stackSizes[i], "\n");
     out.print(prefix, "Constants:\n");
     for (unsigned i = 0; i < constants.size(); ++i)
         out.print(prefix, "    ", constants[i], "\n");
@@ -165,6 +173,13 @@
     return result;
 }
 
+unsigned StackMaps::stackSize() const
+{
+    RELEASE_ASSERT(stackSizes.size() == 1);
+
+    return stackSizes[0].size;
+}
+
 } } // namespace JSC::FTL
 
 namespace WTF {

Modified: trunk/Source/_javascript_Core/ftl/FTLStackMaps.h (163837 => 163838)


--- trunk/Source/_javascript_Core/ftl/FTLStackMaps.h	2014-02-11 00:24:58 UTC (rev 163837)
+++ trunk/Source/_javascript_Core/ftl/FTLStackMaps.h	2014-02-11 00:47:34 UTC (rev 163838)
@@ -47,7 +47,15 @@
         void parse(DataView*, unsigned& offset);
         void dump(PrintStream& out) const;
     };
-    
+
+    struct StackSize {
+        uint32_t functionOffset;
+        uint32_t size;
+
+        void parse(DataView*, unsigned& offset);
+        void dump(PrintStream&) const;
+    };
+
     struct Location {
         enum Kind : int8_t {
             Unprocessed,
@@ -80,7 +88,8 @@
         bool parse(DataView*, unsigned& offset);
         void dump(PrintStream&) const;
     };
-    
+
+    Vector<StackSize> stackSizes;
     Vector<Constant> constants;
     Vector<Record> records;
     
@@ -91,6 +100,8 @@
     typedef HashMap<uint32_t, Vector<Record>, WTF::IntHash<uint32_t>, WTF::UnsignedWithZeroKeyHashTraits<uint32_t>> RecordMap;
     
     RecordMap getRecordMap() const;
+
+    unsigned stackSize() const;
 };
 
 } } // namespace JSC::FTL

Modified: trunk/Source/_javascript_Core/runtime/Options.h (163837 => 163838)


--- trunk/Source/_javascript_Core/runtime/Options.h	2014-02-11 00:24:58 UTC (rev 163837)
+++ trunk/Source/_javascript_Core/runtime/Options.h	2014-02-11 00:47:34 UTC (rev 163838)
@@ -150,6 +150,7 @@
     v(unsigned, llvmBackendOptimizationLevel, 2) \
     v(unsigned, llvmOptimizationLevel, 2) \
     v(unsigned, llvmSizeLevel, 0) \
+    v(unsigned, llvmMaxStackSize, 128 * KB) \
     v(bool, llvmDisallowAVX, true) \
     v(bool, ftlCrashes, false) /* fool-proof way of checking that you ended up in the FTL. ;-) */\
     \

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to