[webkit-changes] [219172] trunk/Source

Wed, 05 Jul 2017 17:06:06 -0700

Title: [219172] trunk/Source
Revision
219172
Author
[email protected]
Date
2017-07-05 17:05:36 -0700 (Wed, 05 Jul 2017)

Log Message

Crashing with information should have an abort reason
https://bugs.webkit.org/show_bug.cgi?id=174185

Reviewed by Saam Barati.

Source/_javascript_Core:

Add crash information for the abstract interpreter and add an enum
value for object allocation sinking.

* assembler/AbortReason.h:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::verifyEdge):
* dfg/DFGGraph.cpp:
(JSC::DFG::logDFGAssertionFailure):
* dfg/DFGObjectAllocationSinkingPhase.cpp:

Source/WTF:

Fix an ifdef to actually work with X86_64. It turns out X64_64 is
not an architecture... Whoops.

* wtf/Assertions.cpp:

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (219171 => 219172)


--- trunk/Source/_javascript_Core/ChangeLog	2017-07-06 00:05:11 UTC (rev 219171)
+++ trunk/Source/_javascript_Core/ChangeLog	2017-07-06 00:05:36 UTC (rev 219172)
@@ -1,3 +1,20 @@
+2017-07-05  Keith Miller  <[email protected]>
+
+        Crashing with information should have an abort reason
+        https://bugs.webkit.org/show_bug.cgi?id=174185
+
+        Reviewed by Saam Barati.
+
+        Add crash information for the abstract interpreter and add an enum
+        value for object allocation sinking.
+
+        * assembler/AbortReason.h:
+        * dfg/DFGAbstractInterpreterInlines.h:
+        (JSC::DFG::AbstractInterpreter<AbstractStateType>::verifyEdge):
+        * dfg/DFGGraph.cpp:
+        (JSC::DFG::logDFGAssertionFailure):
+        * dfg/DFGObjectAllocationSinkingPhase.cpp:
+
 2017-07-03  Myles C. Maxfield  <[email protected]>
 
         Remove copy of ICU headers from WebKit

Modified: trunk/Source/_javascript_Core/assembler/AbortReason.h (219171 => 219172)


--- trunk/Source/_javascript_Core/assembler/AbortReason.h	2017-07-06 00:05:11 UTC (rev 219171)
+++ trunk/Source/_javascript_Core/assembler/AbortReason.h	2017-07-06 00:05:36 UTC (rev 219172)
@@ -76,4 +76,12 @@
     YARRNoInputConsumed                               = 340,
 };
 
+// This enum is for CRASH_WITH_SECURITY_IMPLICATION_AND_INFO so we can easily identify which assertion
+// we are looking at even if the calls to crash get coalesed. The same numbering rules above for
+// AbortReason apply here.
+enum CompilerAbortReason {
+    AbstractInterpreterInvalidType                =  10,
+    ObjectAllocationSinkingAssertionFailure       = 100,
+};
+
 } // namespace JSC

Modified: trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h (219171 => 219172)


--- trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h	2017-07-06 00:05:11 UTC (rev 219171)
+++ trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h	2017-07-06 00:05:36 UTC (rev 219172)
@@ -131,7 +131,7 @@
     if (!(forNode(edge).m_type & ~typeFilterFor(edge.useKind())))
         return;
     
-    DFG_CRASH(m_graph, node, toCString("Edge verification error: ", node, "->", edge, " was expected to have type ", SpeculationDump(typeFilterFor(edge.useKind())), " but has type ", SpeculationDump(forNode(edge).m_type), " (", forNode(edge).m_type, ")").data());
+    DFG_CRASH(m_graph, node, toCString("Edge verification error: ", node, "->", edge, " was expected to have type ", SpeculationDump(typeFilterFor(edge.useKind())), " but has type ", SpeculationDump(forNode(edge).m_type), " (", forNode(edge).m_type, ")").data(), AbstractInterpreterInvalidType, node->op(), edge->op(), edge.useKind(), forNode(edge).m_type);
 }
 
 template<typename AbstractStateType>

Modified: trunk/Source/_javascript_Core/dfg/DFGGraph.cpp (219171 => 219172)


--- trunk/Source/_javascript_Core/dfg/DFGGraph.cpp	2017-07-06 00:05:11 UTC (rev 219171)
+++ trunk/Source/_javascript_Core/dfg/DFGGraph.cpp	2017-07-06 00:05:36 UTC (rev 219172)
@@ -1452,7 +1452,6 @@
     dataLog("\n");
     dataLog("DFG ASSERTION FAILED: ", assertion, "\n");
     dataLog(file, "(", line, ") : ", function, "\n");
-    WTFReportBacktrace();
 }
 
 void Graph::logAssertionFailure(

Modified: trunk/Source/_javascript_Core/dfg/DFGObjectAllocationSinkingPhase.cpp (219171 => 219172)


--- trunk/Source/_javascript_Core/dfg/DFGObjectAllocationSinkingPhase.cpp	2017-07-06 00:05:11 UTC (rev 219171)
+++ trunk/Source/_javascript_Core/dfg/DFGObjectAllocationSinkingPhase.cpp	2017-07-06 00:05:36 UTC (rev 219172)
@@ -50,7 +50,7 @@
 
 NO_RETURN_DUE_TO_CRASH NEVER_INLINE void crash(const char*, int line, int)
 {
-    CRASH_WITH_SECURITY_IMPLICATION_AND_INFO(line);
+    CRASH_WITH_SECURITY_IMPLICATION_AND_INFO(ObjectAllocationSinkingAssertionFailure, line);
 }
 
 #undef RELEASE_ASSERT

Modified: trunk/Source/WTF/ChangeLog (219171 => 219172)


--- trunk/Source/WTF/ChangeLog	2017-07-06 00:05:11 UTC (rev 219171)
+++ trunk/Source/WTF/ChangeLog	2017-07-06 00:05:36 UTC (rev 219172)
@@ -1,3 +1,15 @@
+2017-07-05  Keith Miller  <[email protected]>
+
+        Crashing with information should have an abort reason
+        https://bugs.webkit.org/show_bug.cgi?id=174185
+
+        Reviewed by Saam Barati.
+
+        Fix an ifdef to actually work with X86_64. It turns out X64_64 is
+        not an architecture... Whoops.
+
+        * wtf/Assertions.cpp:
+
 2017-07-03  Myles C. Maxfield  <[email protected]>
 
         Remove copy of ICU headers from WebKit

Modified: trunk/Source/WTF/wtf/Assertions.cpp (219171 => 219172)


--- trunk/Source/WTF/wtf/Assertions.cpp	2017-07-06 00:05:11 UTC (rev 219171)
+++ trunk/Source/WTF/wtf/Assertions.cpp	2017-07-06 00:05:36 UTC (rev 219172)
@@ -559,7 +559,7 @@
 
 } // extern "C"
 
-#if OS(DARWIN) && (CPU(X64_64) || CPU(ARM64))
+#if OS(DARWIN) && (CPU(X86_64) || CPU(ARM64))
 #if CPU(X86_64)
 #define STUFF_REGISTER_FOR_CRASH(reg, info) __asm__ volatile ("movq %0, %%" reg : : "r" (static_cast<uint64_t>(info)) : reg)
 

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to