Title: [228076] branches/safari-605-branch/Source/_javascript_Core

Diff

Modified: branches/safari-605-branch/Source/_javascript_Core/ChangeLog (228075 => 228076)


--- branches/safari-605-branch/Source/_javascript_Core/ChangeLog	2018-02-05 05:30:48 UTC (rev 228075)
+++ branches/safari-605-branch/Source/_javascript_Core/ChangeLog	2018-02-05 05:30:51 UTC (rev 228076)
@@ -1,5 +1,72 @@
 2018-02-04  Jason Marcell  <jmarc...@apple.com>
 
+        Cherry-pick r228035. rdar://problem/37220146
+
+    2018-02-02  Saam Barati  <sbar...@apple.com>
+
+            Make various DFG_ASSERTs provide more data to WTFCrashWithInfo
+            https://bugs.webkit.org/show_bug.cgi?id=182453
+            <rdar://problem/37174236>
+
+            Reviewed by JF Bastien and Mark Lam.
+
+            * dfg/DFGAbstractInterpreterInlines.h:
+            (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
+            * dfg/DFGArgumentsEliminationPhase.cpp:
+            * dfg/DFGArgumentsUtilities.cpp:
+            (JSC::DFG::emitCodeToGetArgumentsArrayLength):
+            * dfg/DFGFixupPhase.cpp:
+            (JSC::DFG::FixupPhase::fixupChecksInBlock):
+            * dfg/DFGFlowIndexing.h:
+            (JSC::DFG::FlowIndexing::shadowIndex const):
+            * dfg/DFGLICMPhase.cpp:
+            (JSC::DFG::LICMPhase::run):
+            (JSC::DFG::LICMPhase::attemptHoist):
+            * dfg/DFGLoopPreHeaderCreationPhase.cpp:
+            (JSC::DFG::LoopPreHeaderCreationPhase::run):
+            * dfg/DFGPutStackSinkingPhase.cpp:
+            * dfg/DFGSpeculativeJIT.cpp:
+            (JSC::DFG::SpeculativeJIT::compileArithAbs):
+            (JSC::DFG::SpeculativeJIT::compileArithRounding):
+            (JSC::DFG::SpeculativeJIT::compileToPrimitive):
+            * dfg/DFGSpeculativeJIT64.cpp:
+            (JSC::DFG::SpeculativeJIT::fillJSValue):
+            (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
+            (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Strict):
+            (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
+            (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+            (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
+            (JSC::DFG::SpeculativeJIT::compile):
+            * dfg/DFGStoreBarrierClusteringPhase.cpp:
+            * dfg/DFGStoreBarrierInsertionPhase.cpp:
+            * ftl/FTLLowerDFGToB3.cpp:
+            (JSC::FTL::DFG::LowerDFGToB3::compileGetStack):
+            (JSC::FTL::DFG::LowerDFGToB3::compileArithClz32):
+            (JSC::FTL::DFG::LowerDFGToB3::compileArithAbs):
+            (JSC::FTL::DFG::LowerDFGToB3::compileArithRound):
+            (JSC::FTL::DFG::LowerDFGToB3::compileArithFloor):
+            (JSC::FTL::DFG::LowerDFGToB3::compileArithCeil):
+            (JSC::FTL::DFG::LowerDFGToB3::compileArithTrunc):
+            (JSC::FTL::DFG::LowerDFGToB3::compileArithNegate):
+            (JSC::FTL::DFG::LowerDFGToB3::compilePutById):
+            (JSC::FTL::DFG::LowerDFGToB3::compileGetIndexedPropertyStorage):
+            (JSC::FTL::DFG::LowerDFGToB3::compileGetByVal):
+            (JSC::FTL::DFG::LowerDFGToB3::compileStringFromCharCode):
+            (JSC::FTL::DFG::LowerDFGToB3::compileMultiPutByOffset):
+            (JSC::FTL::DFG::LowerDFGToB3::compileCompareEq):
+            (JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
+            (JSC::FTL::DFG::LowerDFGToB3::compileIn):
+            (JSC::FTL::DFG::LowerDFGToB3::compare):
+            (JSC::FTL::DFG::LowerDFGToB3::switchStringRecurse):
+            (JSC::FTL::DFG::LowerDFGToB3::lowInt32):
+            (JSC::FTL::DFG::LowerDFGToB3::lowInt52):
+            (JSC::FTL::DFG::LowerDFGToB3::lowCell):
+            (JSC::FTL::DFG::LowerDFGToB3::lowBoolean):
+            (JSC::FTL::DFG::LowerDFGToB3::lowDouble):
+            (JSC::FTL::DFG::LowerDFGToB3::lowJSValue):
+
+2018-02-04  Jason Marcell  <jmarc...@apple.com>
+
         Cherry-pick r228031. rdar://problem/37220129
 
     2018-02-02  Saam Barati  <sbar...@apple.com>

Modified: branches/safari-605-branch/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h (228075 => 228076)


--- branches/safari-605-branch/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h	2018-02-05 05:30:48 UTC (rev 228075)
+++ branches/safari-605-branch/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h	2018-02-05 05:30:51 UTC (rev 228076)
@@ -763,7 +763,7 @@
                     forNode(node->child1()).m_type));
             break;
         default:
-            DFG_ASSERT(m_graph, node, node->child1().useKind() == UntypedUse);
+            DFG_ASSERT(m_graph, node, node->child1().useKind() == UntypedUse, node->child1().useKind());
             clobberWorld(node->origin.semantic, clobberLimit);
             forNode(node).setType(SpecBytecodeNumber);
             break;
@@ -978,7 +978,7 @@
             forNode(node).setType(typeOfDoubleAbs(forNode(node->child1()).m_type));
             break;
         default:
-            DFG_ASSERT(m_graph, node, node->child1().useKind() == UntypedUse);
+            DFG_ASSERT(m_graph, node, node->child1().useKind() == UntypedUse, node->child1().useKind());
             clobberWorld(node->origin.semantic, clobberLimit);
             forNode(node).setType(SpecFullNumber);
             break;
@@ -1055,7 +1055,7 @@
             else if (node->child1().useKind() == DoubleRepUse)
                 forNode(node).setType(typeOfDoubleRounding(forNode(node->child1()).m_type));
         } else {
-            DFG_ASSERT(m_graph, node, node->child1().useKind() == UntypedUse);
+            DFG_ASSERT(m_graph, node, node->child1().useKind() == UntypedUse, node->child1().useKind());
             clobberWorld(node->origin.semantic, clobberLimit);
             forNode(node).setType(SpecFullNumber);
         }

Modified: branches/safari-605-branch/Source/_javascript_Core/dfg/DFGArgumentsEliminationPhase.cpp (228075 => 228076)


--- branches/safari-605-branch/Source/_javascript_Core/dfg/DFGArgumentsEliminationPhase.cpp	2018-02-05 05:30:48 UTC (rev 228075)
+++ branches/safari-605-branch/Source/_javascript_Core/dfg/DFGArgumentsEliminationPhase.cpp	2018-02-05 05:30:51 UTC (rev 228076)
@@ -689,7 +689,7 @@
                         break;
                     
                     DFG_ASSERT(
-                        m_graph, node, node->child1()->op() == PhantomDirectArguments);
+                        m_graph, node, node->child1()->op() == PhantomDirectArguments, node->child1()->op());
                     VirtualRegister reg =
                         virtualRegisterForArgument(node->capturedArgumentsOffset().offset() + 1) +
                         node->origin.semantic.stackOffset();
@@ -882,7 +882,7 @@
                             if (argumentCountIncludingThis <= varargsData->limit) {
                                 storeArgumentCountIncludingThis(argumentCountIncludingThis);
 
-                                DFG_ASSERT(m_graph, node, varargsData->limit - 1 >= varargsData->mandatoryMinimum);
+                                DFG_ASSERT(m_graph, node, varargsData->limit - 1 >= varargsData->mandatoryMinimum, varargsData->limit, varargsData->mandatoryMinimum);
                                 // Define our limit to exclude "this", since that's a bit easier to reason about.
                                 unsigned limit = varargsData->limit - 1;
 
@@ -971,7 +971,7 @@
                                 
                                 storeArgumentCountIncludingThis(argumentCountIncludingThis);
 
-                                DFG_ASSERT(m_graph, node, varargsData->limit - 1 >= varargsData->mandatoryMinimum);
+                                DFG_ASSERT(m_graph, node, varargsData->limit - 1 >= varargsData->mandatoryMinimum, varargsData->limit, varargsData->mandatoryMinimum);
                                 // Define our limit to exclude "this", since that's a bit easier to reason about.
                                 unsigned limit = varargsData->limit - 1;
                                 Node* undefined = nullptr;

Modified: branches/safari-605-branch/Source/_javascript_Core/dfg/DFGArgumentsUtilities.cpp (228075 => 228076)


--- branches/safari-605-branch/Source/_javascript_Core/dfg/DFGArgumentsUtilities.cpp	2018-02-05 05:30:48 UTC (rev 228075)
+++ branches/safari-605-branch/Source/_javascript_Core/dfg/DFGArgumentsUtilities.cpp	2018-02-05 05:30:51 UTC (rev 228076)
@@ -66,7 +66,8 @@
         graph, arguments,
         arguments->op() == CreateDirectArguments || arguments->op() == CreateScopedArguments
         || arguments->op() == CreateClonedArguments || arguments->op() == CreateRest
-        || arguments->op() == PhantomDirectArguments || arguments->op() == PhantomClonedArguments || arguments->op() == PhantomCreateRest);
+        || arguments->op() == PhantomDirectArguments || arguments->op() == PhantomClonedArguments || arguments->op() == PhantomCreateRest,
+        arguments->op());
     
     InlineCallFrame* inlineCallFrame = arguments->origin.semantic.inlineCallFrame;
 

Modified: branches/safari-605-branch/Source/_javascript_Core/dfg/DFGFixupPhase.cpp (228075 => 228076)


--- branches/safari-605-branch/Source/_javascript_Core/dfg/DFGFixupPhase.cpp	2018-02-05 05:30:48 UTC (rev 228075)
+++ branches/safari-605-branch/Source/_javascript_Core/dfg/DFGFixupPhase.cpp	2018-02-05 05:30:51 UTC (rev 228076)
@@ -3600,7 +3600,7 @@
                         default:
                             // This can only arise if we have a Check node, and in that case, we can
                             // just remove the original check.
-                            DFG_ASSERT(m_graph, node, node->op() == Check);
+                            DFG_ASSERT(m_graph, node, node->op() == Check, node->op(), edge.useKind());
                             knownUseKind = UntypedUse;
                             break;
                         }

Modified: branches/safari-605-branch/Source/_javascript_Core/dfg/DFGFlowIndexing.h (228075 => 228076)


--- branches/safari-605-branch/Source/_javascript_Core/dfg/DFGFlowIndexing.h	2018-02-05 05:30:48 UTC (rev 228075)
+++ branches/safari-605-branch/Source/_javascript_Core/dfg/DFGFlowIndexing.h	2018-02-05 05:30:51 UTC (rev 228076)
@@ -57,7 +57,7 @@
     
     unsigned shadowIndex(Node* node) const
     {
-        DFG_ASSERT(m_graph, node, node->op() == Phi);
+        DFG_ASSERT(m_graph, node, node->op() == Phi, node->op());
         return shadowIndex(node->index());
     }
     

Modified: branches/safari-605-branch/Source/_javascript_Core/dfg/DFGLICMPhase.cpp (228075 => 228076)


--- branches/safari-605-branch/Source/_javascript_Core/dfg/DFGLICMPhase.cpp	2018-02-05 05:30:48 UTC (rev 228075)
+++ branches/safari-605-branch/Source/_javascript_Core/dfg/DFGLICMPhase.cpp	2018-02-05 05:30:51 UTC (rev 228076)
@@ -126,7 +126,7 @@
             // This is guaranteed because we expect the CFG not to have unreachable code. Therefore, a
             // loop header must have a predecessor. (Also, we don't allow the root block to be a loop,
             // which cuts out the one other way of having a loop header with only one predecessor.)
-            DFG_ASSERT(m_graph, header->at(0), header->predecessors.size() > 1);
+            DFG_ASSERT(m_graph, header->at(0), header->predecessors.size() > 1, header->predecessors.size());
             
             for (unsigned i = header->predecessors.size(); i--;) {
                 BasicBlock* predecessor = header->predecessors[i];
@@ -155,7 +155,7 @@
             // This is guaranteed because the header has multiple predecessors and critical edges are
             // broken. Therefore the predecessors must all have one successor, which implies that they
             // must end in a Jump.
-            DFG_ASSERT(m_graph, preHeader->terminal(), preHeader->terminal()->op() == Jump);
+            DFG_ASSERT(m_graph, preHeader->terminal(), preHeader->terminal()->op() == Jump, preHeader->terminal()->op());
 
             if (!preHeader->terminal()->origin.exitOK)
                 continue;
@@ -346,7 +346,7 @@
         // It just so happens that all of the nodes we currently know how to hoist
         // don't have var-arg children. That may change and then we can fix this
         // code. But for now we just assert that's the case.
-        DFG_ASSERT(m_graph, node, !(node->flags() & NodeHasVarArgs));
+        DFG_ASSERT(m_graph, node, !(node->flags() & NodeHasVarArgs), node->op(), node->flags());
         
         nodeRef = m_graph.addNode(Check, originalOrigin, node->children);
         

Modified: branches/safari-605-branch/Source/_javascript_Core/dfg/DFGLoopPreHeaderCreationPhase.cpp (228075 => 228076)


--- branches/safari-605-branch/Source/_javascript_Core/dfg/DFGLoopPreHeaderCreationPhase.cpp	2018-02-05 05:30:48 UTC (rev 228075)
+++ branches/safari-605-branch/Source/_javascript_Core/dfg/DFGLoopPreHeaderCreationPhase.cpp	2018-02-05 05:30:51 UTC (rev 228076)
@@ -163,7 +163,7 @@
             // some predecessor other than the pre-header. We must have broken critical edges
             // because that is the DFG SSA convention. Therefore, each predecessor of the loop
             // header must have only one successor.
-            DFG_ASSERT(m_graph, nullptr, existingPreHeader->terminal()->op() == Jump);
+            DFG_ASSERT(m_graph, nullptr, existingPreHeader->terminal()->op() == Jump, existingPreHeader->terminal()->op());
 
             // A pre-header is most useful if it's possible to exit from its terminal. Hence
             // if the terminal of the existing pre-header doesn't allow for exit, but the first

Modified: branches/safari-605-branch/Source/_javascript_Core/dfg/DFGPutStackSinkingPhase.cpp (228075 => 228076)


--- branches/safari-605-branch/Source/_javascript_Core/dfg/DFGPutStackSinkingPhase.cpp	2018-02-05 05:30:48 UTC (rev 228075)
+++ branches/safari-605-branch/Source/_javascript_Core/dfg/DFGPutStackSinkingPhase.cpp	2018-02-05 05:30:51 UTC (rev 228076)
@@ -453,7 +453,7 @@
                     if (!isConcrete(format)) {
                         DFG_ASSERT(
                             m_graph, node,
-                            deferred.operand(data->local) != ConflictingFlush);
+                            deferred.operand(data->local) != ConflictingFlush, deferred.operand(data->local));
                         
                         // This means there is no deferral. No deferral means that the most
                         // authoritative value for this stack slot is what is stored in the stack. So,
@@ -466,7 +466,7 @@
                     // would have stored a value with a certain format. That format must match our
                     // format. But more importantly, we can simply use the value that the PutStack would
                     // have stored and get rid of the GetStack.
-                    DFG_ASSERT(m_graph, node, format == data->format);
+                    DFG_ASSERT(m_graph, node, format == data->format, format, data->format);
                     
                     Node* incoming = mapping.operand(data->local);
                     node->child1() = incoming->defaultEdge();
@@ -534,7 +534,7 @@
                     if (DFGPutStackSinkingPhaseInternal::verbose)
                         dataLog("Creating Upsilon for ", operand, " at ", pointerDump(block), "->", pointerDump(successorBlock), "\n");
                     FlushFormat format = deferredAtHead[successorBlock].operand(operand);
-                    DFG_ASSERT(m_graph, nullptr, isConcrete(format));
+                    DFG_ASSERT(m_graph, nullptr, isConcrete(format), format);
                     UseKind useKind = uncheckedUseKindFor(format);
                     
                     // We need to get a value for the stack slot. This phase doesn't really have a

Modified: branches/safari-605-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (228075 => 228076)


--- branches/safari-605-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp	2018-02-05 05:30:48 UTC (rev 228075)
+++ branches/safari-605-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp	2018-02-05 05:30:51 UTC (rev 228076)
@@ -4287,7 +4287,7 @@
     }
 
     default: {
-        DFG_ASSERT(m_jit.graph(), node, node->child1().useKind() == UntypedUse);
+        DFG_ASSERT(m_jit.graph(), node, node->child1().useKind() == UntypedUse, node->child1().useKind());
         JSValueOperand op1(this, node->child1());
         JSValueRegs op1Regs = op1.jsValueRegs();
         flushRegisters();
@@ -5457,7 +5457,7 @@
         return;
     }
 
-    DFG_ASSERT(m_jit.graph(), node, node->child1().useKind() == UntypedUse);
+    DFG_ASSERT(m_jit.graph(), node, node->child1().useKind() == UntypedUse, node->child1().useKind());
 
     JSValueOperand argument(this, node->child1());
     JSValueRegs argumentRegs = argument.jsValueRegs();
@@ -11487,7 +11487,7 @@
 
 void SpeculativeJIT::compileToPrimitive(Node* node)
 {
-    DFG_ASSERT(m_jit.graph(), node, node->child1().useKind() == UntypedUse);
+    DFG_ASSERT(m_jit.graph(), node, node->child1().useKind() == UntypedUse, node->child1().useKind());
     JSValueOperand argument(this, node->child1());
     JSValueRegsTemporary result(this, Reuse, argument);
 

Modified: branches/safari-605-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (228075 => 228076)


--- branches/safari-605-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp	2018-02-05 05:30:48 UTC (rev 228075)
+++ branches/safari-605-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp	2018-02-05 05:30:51 UTC (rev 228076)
@@ -107,7 +107,7 @@
                 
             default:
                 m_jit.load64(JITCompiler::addressFor(virtualRegister), gpr);
-                DFG_ASSERT(m_jit.graph(), m_currentNode, spillFormat & DataFormatJS);
+                DFG_ASSERT(m_jit.graph(), m_currentNode, spillFormat & DataFormatJS, spillFormat);
                 break;
             }
             info.fillJSValue(*m_stream, gpr, spillFormat);
@@ -1111,7 +1111,7 @@
         
         DataFormat spillFormat = info.spillFormat();
         
-        DFG_ASSERT(m_jit.graph(), m_currentNode, (spillFormat & DataFormatJS) || spillFormat == DataFormatInt32);
+        DFG_ASSERT(m_jit.graph(), m_currentNode, (spillFormat & DataFormatJS) || spillFormat == DataFormatInt32, spillFormat);
         
         m_gprs.retain(gpr, virtualRegister, SpillOrderSpilled);
         
@@ -1221,7 +1221,7 @@
 {
     DataFormat mustBeDataFormatInt32;
     GPRReg result = fillSpeculateInt32Internal<true>(edge, mustBeDataFormatInt32);
-    DFG_ASSERT(m_jit.graph(), m_currentNode, mustBeDataFormatInt32 == DataFormatInt32);
+    DFG_ASSERT(m_jit.graph(), m_currentNode, mustBeDataFormatInt32 == DataFormatInt32, mustBeDataFormatInt32);
     return result;
 }
 
@@ -1257,7 +1257,7 @@
         
         DataFormat spillFormat = info.spillFormat();
         
-        DFG_ASSERT(m_jit.graph(), m_currentNode, spillFormat == DataFormatInt52 || spillFormat == DataFormatStrictInt52);
+        DFG_ASSERT(m_jit.graph(), m_currentNode, spillFormat == DataFormatInt52 || spillFormat == DataFormatStrictInt52, spillFormat);
         
         m_gprs.retain(gpr, virtualRegister, SpillOrderSpilled);
         
@@ -1350,7 +1350,7 @@
                     "Expected ", edge, " to have double format but instead it is spilled as ",
                     dataFormatToString(spillFormat)).data());
         }
-        DFG_ASSERT(m_jit.graph(), m_currentNode, spillFormat == DataFormatDouble);
+        DFG_ASSERT(m_jit.graph(), m_currentNode, spillFormat == DataFormatDouble, spillFormat);
         FPRReg fpr = fprAllocate();
         m_jit.loadDouble(JITCompiler::addressFor(virtualRegister), fpr);
         m_fprs.retain(fpr, virtualRegister, SpillOrderDouble);
@@ -1358,7 +1358,7 @@
         return fpr;
     }
 
-    DFG_ASSERT(m_jit.graph(), m_currentNode, info.registerFormat() == DataFormatDouble);
+    DFG_ASSERT(m_jit.graph(), m_currentNode, info.registerFormat() == DataFormatDouble, info.registerFormat());
     FPRReg fpr = info.fpr();
     m_fprs.lock(fpr);
     return fpr;
@@ -1465,7 +1465,7 @@
             info.fillJSValue(*m_stream, gpr, DataFormatJSBoolean);
             return gpr;
         }
-        DFG_ASSERT(m_jit.graph(), m_currentNode, info.spillFormat() & DataFormatJS);
+        DFG_ASSERT(m_jit.graph(), m_currentNode, info.spillFormat() & DataFormatJS, info.spillFormat());
         m_gprs.retain(gpr, virtualRegister, SpillOrderSpilled);
         m_jit.load64(JITCompiler::addressFor(virtualRegister), gpr);
 
@@ -2963,7 +2963,7 @@
             DFG_CRASH(m_jit.graph(), node, "Bad array mode type");
             break;
         case Array::Generic: {
-            DFG_ASSERT(m_jit.graph(), node, node->op() == PutByVal || node->op() == PutByValDirect);
+            DFG_ASSERT(m_jit.graph(), node, node->op() == PutByVal || node->op() == PutByValDirect, node->op());
 
             if (child1.useKind() == CellUse) {
                 if (child2.useKind() == StringUse) {
@@ -3717,7 +3717,7 @@
         JSGlobalObject* globalObject = m_jit.graph().globalObjectFor(node->origin.semantic);
         if (!globalObject->isHavingABadTime() && !hasAnyArrayStorage(node->indexingType())) {
             RegisteredStructure structure = m_jit.graph().registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(node->indexingType()));
-            DFG_ASSERT(m_jit.graph(), node, structure->indexingType() == node->indexingType());
+            DFG_ASSERT(m_jit.graph(), node, structure->indexingType() == node->indexingType(), structure->indexingType(), node->indexingType());
             ASSERT(
                 hasUndecided(structure->indexingType())
                 || hasInt32(structure->indexingType())
@@ -3918,7 +3918,7 @@
 
             emitAllocateRawObject(resultGPR, m_jit.graph().registerStructure(globalObject->arrayStructureForIndexingTypeDuringAllocation(indexingType)), storageGPR, numElements, vectorLengthHint);
             
-            DFG_ASSERT(m_jit.graph(), node, indexingType & IsArray);
+            DFG_ASSERT(m_jit.graph(), node, indexingType & IsArray, indexingType);
 
             for (unsigned index = 0; index < numElements; ++index) {
                 int64_t value;

Modified: branches/safari-605-branch/Source/_javascript_Core/dfg/DFGStoreBarrierClusteringPhase.cpp (228075 => 228076)


--- branches/safari-605-branch/Source/_javascript_Core/dfg/DFGStoreBarrierClusteringPhase.cpp	2018-02-05 05:30:48 UTC (rev 228075)
+++ branches/safari-605-branch/Source/_javascript_Core/dfg/DFGStoreBarrierClusteringPhase.cpp	2018-02-05 05:30:51 UTC (rev 228076)
@@ -116,7 +116,7 @@
                 continue;
             
             DFG_ASSERT(m_graph, node, !node->origin.wasHoisted);
-            DFG_ASSERT(m_graph, node, node->child1().useKind() == KnownCellUse);
+            DFG_ASSERT(m_graph, node, node->child1().useKind() == KnownCellUse, node->op(), node->child1().useKind());
             
             NodeOrigin origin = node->origin;
             m_neededBarriers.append(ChildAndOrigin(node->child1().node(), origin.semantic));

Modified: branches/safari-605-branch/Source/_javascript_Core/dfg/DFGStoreBarrierInsertionPhase.cpp (228075 => 228076)


--- branches/safari-605-branch/Source/_javascript_Core/dfg/DFGStoreBarrierInsertionPhase.cpp	2018-02-05 05:30:48 UTC (rev 228075)
+++ branches/safari-605-branch/Source/_javascript_Core/dfg/DFGStoreBarrierInsertionPhase.cpp	2018-02-05 05:30:51 UTC (rev 228076)
@@ -467,7 +467,7 @@
         // FIXME: We could support StoreBarrier(UntypedUse:). That would be sort of cool.
         // But right now we don't need it.
 
-        DFG_ASSERT(m_graph, m_node, isCell(base.useKind()));
+        DFG_ASSERT(m_graph, m_node, isCell(base.useKind()), m_node->op(), base.useKind());
         
         // Barriers are always inserted after the node that they service. Therefore, we always know
         // that the thing is a cell now.

Modified: branches/safari-605-branch/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (228075 => 228076)


--- branches/safari-605-branch/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp	2018-02-05 05:30:48 UTC (rev 228075)
+++ branches/safari-605-branch/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp	2018-02-05 05:30:51 UTC (rev 228076)
@@ -1654,8 +1654,8 @@
         StackAccessData* data = ""
         AbstractValue& value = m_state.variables().operand(data->local);
         
-        DFG_ASSERT(m_graph, m_node, isConcrete(data->format));
-        DFG_ASSERT(m_graph, m_node, data->format != FlushedDouble); // This just happens to not arise for GetStacks, right now. It would be trivial to support.
+        DFG_ASSERT(m_graph, m_node, isConcrete(data->format), data->format);
+        DFG_ASSERT(m_graph, m_node, data->format != FlushedDouble, data->format); // This just happens to not arise for GetStacks, right now. It would be trivial to support.
         
         if (isInt32Speculation(value.m_type))
             setInt32(m_out.load32(payloadFor(data->machineLocal)));
@@ -2056,7 +2056,7 @@
             setInt32(m_out.ctlz32(operand));
             return;
         }
-        DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == UntypedUse);
+        DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == UntypedUse, m_node->child1().useKind());
         LValue argument = lowJSValue(m_node->child1());
         LValue result = vmCall(Int32, m_out.operation(operationArithClz32), m_callFrame, argument);
         setInt32(result);
@@ -2347,7 +2347,7 @@
         }
             
         default: {
-            DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == UntypedUse);
+            DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == UntypedUse, m_node->child1().useKind());
             LValue argument = lowJSValue(m_node->child1());
             LValue result = vmCall(Double, m_out.operation(operationArithAbs), m_callFrame, argument);
             setDouble(result);
@@ -2587,7 +2587,7 @@
             return;
         }
 
-        DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == UntypedUse);
+        DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == UntypedUse, m_node->child1().useKind());
         LValue argument = lowJSValue(m_node->child1());
         setJSValue(vmCall(Int64, m_out.operation(operationArithRound), m_callFrame, argument));
     }
@@ -2603,7 +2603,7 @@
                 setDouble(integerValue);
             return;
         }
-        DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == UntypedUse);
+        DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == UntypedUse, m_node->child1().useKind());
         LValue argument = lowJSValue(m_node->child1());
         setJSValue(vmCall(Int64, m_out.operation(operationArithFloor), m_callFrame, argument));
     }
@@ -2619,7 +2619,7 @@
                 setDouble(integerValue);
             return;
         }
-        DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == UntypedUse);
+        DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == UntypedUse, m_node->child1().useKind());
         LValue argument = lowJSValue(m_node->child1());
         setJSValue(vmCall(Int64, m_out.operation(operationArithCeil), m_callFrame, argument));
     }
@@ -2635,7 +2635,7 @@
                 setDouble(result);
             return;
         }
-        DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == UntypedUse);
+        DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == UntypedUse, m_node->child1().useKind());
         LValue argument = lowJSValue(m_node->child1());
         setJSValue(vmCall(Int64, m_out.operation(operationArithTrunc), m_callFrame, argument));
     }
@@ -2710,7 +2710,7 @@
         }
             
         default:
-            DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == UntypedUse);
+            DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == UntypedUse, m_node->child1().useKind());
             ArithProfile* arithProfile = m_ftlState.graph.baselineCodeBlockFor(m_node->origin.semantic)->arithProfileForBytecodeOffset(m_node->origin.semantic.bytecodeIndex);
             auto repatchingFunction = operationArithNegateOptimize;
             auto nonRepatchingFunction = operationArithNegate;
@@ -3353,7 +3353,7 @@
     
     void compilePutById()
     {
-        DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == CellUse);
+        DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == CellUse, m_node->child1().useKind());
 
         Node* node = m_node;
         LValue base = lowCell(node->child1());
@@ -3459,7 +3459,7 @@
             return;
         }
 
-        DFG_ASSERT(m_graph, m_node, isTypedView(m_node->arrayMode().typedArrayType()));
+        DFG_ASSERT(m_graph, m_node, isTypedView(m_node->arrayMode().typedArrayType()), m_node->arrayMode().typedArrayType());
         LValue poisonedVector = m_out.loadPtr(cell, m_heaps.JSArrayBufferView_poisonedVector);
 #if ENABLE(POISON)
         auto typedArrayType = m_node->arrayMode().typedArrayType();
@@ -3693,7 +3693,7 @@
                 LValue isHole = m_out.isZero64(result);
                 if (m_node->arrayMode().isSaneChain()) {
                     DFG_ASSERT(
-                        m_graph, m_node, m_node->arrayMode().type() == Array::Contiguous);
+                        m_graph, m_node, m_node->arrayMode().type() == Array::Contiguous, m_node->arrayMode().type());
                     result = m_out.select(
                         isHole, m_out.constInt64(JSValue::encode(jsUndefined())), result);
                 } else
@@ -6121,7 +6121,7 @@
             return;
         }
 
-        DFG_ASSERT(m_graph, m_node, childEdge.useKind() == Int32Use);
+        DFG_ASSERT(m_graph, m_node, childEdge.useKind() == Int32Use, childEdge.useKind());
 
         LValue value = lowInt32(childEdge);
         
@@ -6302,7 +6302,7 @@
                 else
                     storage = m_out.loadPtr(base, m_heaps.JSObject_butterfly);
             } else {
-                DFG_ASSERT(m_graph, m_node, variant.kind() == PutByIdVariant::Transition);
+                DFG_ASSERT(m_graph, m_node, variant.kind() == PutByIdVariant::Transition, variant.kind());
                 m_graph.m_plan.transitions.addLazily(
                     codeBlock(), m_node->origin.semantic.codeOriginOwner(),
                     variant.oldStructureForTransition(), variant.newStructure());
@@ -6497,7 +6497,7 @@
             return;
         }
 
-        DFG_ASSERT(m_graph, m_node, m_node->isBinaryUseKind(UntypedUse));
+        DFG_ASSERT(m_graph, m_node, m_node->isBinaryUseKind(UntypedUse), m_node->child1().useKind(), m_node->child2().useKind());
         nonSpeculativeCompare(
             [&] (LValue left, LValue right) {
                 return m_out.equal(left, right);
@@ -6662,7 +6662,7 @@
             return;
         }
 
-        DFG_ASSERT(m_graph, m_node, m_node->isBinaryUseKind(UntypedUse));
+        DFG_ASSERT(m_graph, m_node, m_node->isBinaryUseKind(UntypedUse), m_node->child1().useKind(), m_node->child2().useKind());
         nonSpeculativeCompare(
             [&] (LValue left, LValue right) {
                 return m_out.equal(left, right);
@@ -9279,7 +9279,7 @@
     
     void compileIn()
     {
-        DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == CellUse);
+        DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == CellUse, m_node->child1().useKind());
 
         Node* node = m_node;
         Edge base = node->child1();
@@ -11195,7 +11195,7 @@
             return;
         }
 
-        DFG_ASSERT(m_graph, m_node, m_node->isBinaryUseKind(UntypedUse));
+        DFG_ASSERT(m_graph, m_node, m_node->isBinaryUseKind(UntypedUse), m_node->child1().useKind(), m_node->child2().useKind());
         nonSpeculativeCompare(intFunctor, fallbackFunction);
     }
 
@@ -12922,11 +12922,11 @@
         }
         
         if (checkedExactLength) {
-            DFG_ASSERT(m_graph, m_node, alreadyCheckedLength == minLength);
+            DFG_ASSERT(m_graph, m_node, alreadyCheckedLength == minLength, alreadyCheckedLength, minLength);
             DFG_ASSERT(m_graph, m_node, allLengthsEqual);
         }
         
-        DFG_ASSERT(m_graph, m_node, minLength >= commonChars);
+        DFG_ASSERT(m_graph, m_node, minLength >= commonChars, minLength, commonChars);
         
         if (!allLengthsEqual && alreadyCheckedLength < minLength)
             m_out.check(m_out.below(length, m_out.constInt32(minLength)), unsure(fallThrough));
@@ -12946,12 +12946,12 @@
             // We've already checked that the input string is a prefix of all of the cases,
             // so we just check length to jump to that case.
             
-            DFG_ASSERT(m_graph, m_node, cases[begin].string->length() == commonChars);
+            DFG_ASSERT(m_graph, m_node, cases[begin].string->length() == commonChars, cases[begin].string->length(), commonChars);
             for (unsigned i = begin + 1; i < end; ++i)
-                DFG_ASSERT(m_graph, m_node, cases[i].string->length() > commonChars);
+                DFG_ASSERT(m_graph, m_node, cases[i].string->length() > commonChars, cases[i].string->length(), commonChars);
             
             if (allLengthsEqual) {
-                DFG_ASSERT(m_graph, m_node, end == begin + 1);
+                DFG_ASSERT(m_graph, m_node, end == begin + 1, end, begin);
                 m_out.jump(cases[begin].target);
                 return;
             }
@@ -12972,7 +12972,7 @@
         // commonChars. Use a binary switch on the next unchecked character, i.e.
         // string[commonChars].
         
-        DFG_ASSERT(m_graph, m_node, end >= begin + 2);
+        DFG_ASSERT(m_graph, m_node, end >= begin + 2, end, begin);
         
         LValue uncheckedChar = m_out.load8ZeroExt32(buffer, m_heaps.characters8[commonChars]);
         
@@ -13675,7 +13675,7 @@
             return result;
         }
 
-        DFG_ASSERT(m_graph, m_node, !(provenType(edge) & SpecInt32Only));
+        DFG_ASSERT(m_graph, m_node, !(provenType(edge) & SpecInt32Only), provenType(edge));
         terminate(Uncountable);
         return m_out.int32Zero;
     }
@@ -13683,7 +13683,7 @@
     enum Int52Kind { StrictInt52, Int52 };
     LValue lowInt52(Edge edge, Int52Kind kind)
     {
-        DFG_ASSERT(m_graph, m_node, edge.useKind() == Int52RepUse);
+        DFG_ASSERT(m_graph, m_node, edge.useKind() == Int52RepUse, edge.useKind());
         
         LoweredNodeValue value;
         
@@ -13709,7 +13709,7 @@
             break;
         }
 
-        DFG_ASSERT(m_graph, m_node, !provenType(edge));
+        DFG_ASSERT(m_graph, m_node, !provenType(edge), provenType(edge));
         terminate(Uncountable);
         return m_out.int64Zero;
     }
@@ -13757,7 +13757,7 @@
     
     LValue lowCell(Edge edge, OperandSpeculationMode mode = AutomaticOperandSpeculation)
     {
-        DFG_ASSERT(m_graph, m_node, mode == ManualOperandSpeculation || DFG::isCell(edge.useKind()));
+        DFG_ASSERT(m_graph, m_node, mode == ManualOperandSpeculation || DFG::isCell(edge.useKind()), edge.useKind());
         
         if (edge->op() == JSConstant) {
             FrozenValue* value = edge->constant();
@@ -13778,7 +13778,7 @@
             return uncheckedValue;
         }
         
-        DFG_ASSERT(m_graph, m_node, !(provenType(edge) & SpecCellCheck));
+        DFG_ASSERT(m_graph, m_node, !(provenType(edge) & SpecCellCheck), provenType(edge));
         terminate(Uncountable);
         return m_out.intPtrZero;
     }
@@ -13893,7 +13893,7 @@
             return result;
         }
         
-        DFG_ASSERT(m_graph, m_node, !(provenType(edge) & SpecBoolean));
+        DFG_ASSERT(m_graph, m_node, !(provenType(edge) & SpecBoolean), provenType(edge));
         terminate(Uncountable);
         return m_out.booleanFalse;
     }
@@ -13900,12 +13900,12 @@
     
     LValue lowDouble(Edge edge)
     {
-        DFG_ASSERT(m_graph, m_node, isDouble(edge.useKind()));
+        DFG_ASSERT(m_graph, m_node, isDouble(edge.useKind()), edge.useKind());
         
         LoweredNodeValue value = m_doubleValues.get(edge.node());
         if (isValid(value))
             return value.value();
-        DFG_ASSERT(m_graph, m_node, !provenType(edge));
+        DFG_ASSERT(m_graph, m_node, !provenType(edge), provenType(edge));
         terminate(Uncountable);
         return m_out.doubleZero;
     }
@@ -13912,9 +13912,9 @@
     
     LValue lowJSValue(Edge edge, OperandSpeculationMode mode = AutomaticOperandSpeculation)
     {
-        DFG_ASSERT(m_graph, m_node, mode == ManualOperandSpeculation || edge.useKind() == UntypedUse);
-        DFG_ASSERT(m_graph, m_node, !isDouble(edge.useKind()));
-        DFG_ASSERT(m_graph, m_node, edge.useKind() != Int52RepUse);
+        DFG_ASSERT(m_graph, m_node, mode == ManualOperandSpeculation || edge.useKind() == UntypedUse, m_node->op(), edge.useKind());
+        DFG_ASSERT(m_graph, m_node, !isDouble(edge.useKind()), m_node->op(), edge.useKind());
+        DFG_ASSERT(m_graph, m_node, edge.useKind() != Int52RepUse, m_node->op(), edge.useKind());
         
         if (edge->hasConstant()) {
             LValue result = m_out.constInt64(JSValue::encode(edge->asJSValue()));
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to