[webkit-changes] [222035] trunk/Source/JavaScriptCore

Thu, 14 Sep 2017 11:06:21 -0700

Title: [222035] trunk/Source/_javascript_Core
Revision
222035
Author
[email protected]
Date
2017-09-14 11:05:55 -0700 (Thu, 14 Sep 2017)

Log Message

[JSC] Disable Arity Fixup Inlining until crash in facebook.com is fixed
https://bugs.webkit.org/show_bug.cgi?id=176917

Reviewed by Saam Barati.

* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::inliningCost):
* runtime/Options.h:

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (222034 => 222035)


--- trunk/Source/_javascript_Core/ChangeLog	2017-09-14 18:04:44 UTC (rev 222034)
+++ trunk/Source/_javascript_Core/ChangeLog	2017-09-14 18:05:55 UTC (rev 222035)
@@ -1,5 +1,16 @@
 2017-09-14  Yusuke Suzuki  <[email protected]>
 
+        [JSC] Disable Arity Fixup Inlining until crash in facebook.com is fixed
+        https://bugs.webkit.org/show_bug.cgi?id=176917
+
+        Reviewed by Saam Barati.
+
+        * dfg/DFGByteCodeParser.cpp:
+        (JSC::DFG::ByteCodeParser::inliningCost):
+        * runtime/Options.h:
+
+2017-09-14  Yusuke Suzuki  <[email protected]>
+
         [JSC] Add PrivateSymbolMode::{Include,Exclude} for PropertyNameArray
         https://bugs.webkit.org/show_bug.cgi?id=176867

Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (222034 => 222035)


--- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp	2017-09-14 18:04:44 UTC (rev 222034)
+++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp	2017-09-14 18:05:55 UTC (rev 222035)
@@ -1422,7 +1422,7 @@
         addToGraph(Phantom, get(virtualRegisterForArgument(i, registerOffset)));
 }
 
-unsigned ByteCodeParser::inliningCost(CallVariant callee, int, InlineCallFrame::Kind kind)
+unsigned ByteCodeParser::inliningCost(CallVariant callee, int argumentCountIncludingThis, InlineCallFrame::Kind kind)
 {
     CallMode callMode = InlineCallFrame::callModeFor(kind);
     CodeSpecializationKind specializationKind = specializationKindFor(callMode);
@@ -1456,6 +1456,15 @@
         return UINT_MAX;
     }
 
+
+    if (!Options::useArityFixupInlining()) {
+        if (codeBlock->numParameters() > argumentCountIncludingThis) {
+            if (DFGByteCodeParserInternal::verbose)
+                dataLog("    Failing because of arity mismatch.\n");
+            return UINT_MAX;
+        }
+    }
+
     CapabilityLevel capabilityLevel = inlineFunctionForCapabilityLevel(
         codeBlock, specializationKind, callee.isClosureCall());
     if (DFGByteCodeParserInternal::verbose) {

Modified: trunk/Source/_javascript_Core/runtime/Options.h (222034 => 222035)


--- trunk/Source/_javascript_Core/runtime/Options.h	2017-09-14 18:04:44 UTC (rev 222034)
+++ trunk/Source/_javascript_Core/runtime/Options.h	2017-09-14 18:05:55 UTC (rev 222035)
@@ -257,6 +257,7 @@
     v(bool, useMovHintRemoval, true, Normal, nullptr) \
     v(bool, usePutStackSinking, true, Normal, nullptr) \
     v(bool, useObjectAllocationSinking, true, Normal, nullptr) \
+    v(bool, useArityFixupInlining, false, Normal, nullptr) \
     v(bool, logExecutableAllocation, false, Normal, nullptr) \
     \
     v(bool, useConcurrentJIT, true, Normal, "allows the DFG / FTL compilation in threads other than the executing JS thread") \

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to