[webkit-changes] [237595] trunk/Source/JavaScriptCore

[ross . kirsling]

Title: [237595] trunk/Source/_javascript_Core

Revision

237595

Author

ross.kirsl...@sony.com

Date

2018-10-30 11:32:20 -0700 (Tue, 30 Oct 2018)

Log Message

useProbeOSRExit causes failures for Win64 DFG JIT
https://bugs.webkit.org/show_bug.cgi?id=190656

Reviewed by Keith Miller.

* assembler/ProbeContext.cpp:
(JSC::Probe::executeProbe):
If lowWatermark is expected to equal lowWatermarkFromVisitingDirtyPages *regardless* of the input param,
then let's just call lowWatermarkFromVisitingDirtyPages instead.

* dfg/DFGOSRExit.cpp:
(JSC::DFG::OSRExit::executeOSRExit):
The result of VariableEventStream::reconstruct appears to be inappropriate for direct use as a stack pointer offset;
mimic the non-probe case and use requiredRegisterCountForExit from DFGCommonData instead.
(Also, stop redundantly setting the stack pointer twice in a row.)

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/assembler/ProbeContext.cpp
• trunk/Source/_javascript_Core/dfg/DFGOSRExit.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (237594 => 237595)

--- trunk/Source/_javascript_Core/ChangeLog	2018-10-30 18:12:21 UTC (rev 237594)
+++ trunk/Source/_javascript_Core/ChangeLog	2018-10-30 18:32:20 UTC (rev 237595)
@@ -1,3 +1,21 @@
+2018-10-30  Ross Kirsling  <ross.kirsl...@sony.com>
+
+        useProbeOSRExit causes failures for Win64 DFG JIT
+        https://bugs.webkit.org/show_bug.cgi?id=190656
+
+        Reviewed by Keith Miller.
+
+        * assembler/ProbeContext.cpp:
+        (JSC::Probe::executeProbe):
+        If lowWatermark is expected to equal lowWatermarkFromVisitingDirtyPages *regardless* of the input param,
+        then let's just call lowWatermarkFromVisitingDirtyPages instead.
+
+        * dfg/DFGOSRExit.cpp:
+        (JSC::DFG::OSRExit::executeOSRExit):
+        The result of VariableEventStream::reconstruct appears to be inappropriate for direct use as a stack pointer offset;
+        mimic the non-probe case and use requiredRegisterCountForExit from DFGCommonData instead.
+        (Also, stop redundantly setting the stack pointer twice in a row.)
+
 2018-10-30  Yusuke Suzuki  <yusukesuz...@slowstart.org>
 
         "Unreviewed, partial rolling in r237254"

Modified: trunk/Source/_javascript_Core/assembler/ProbeContext.cpp (237594 => 237595)

--- trunk/Source/_javascript_Core/assembler/ProbeContext.cpp	2018-10-30 18:12:21 UTC (rev 237594)
+++ trunk/Source/_javascript_Core/assembler/ProbeContext.cpp	2018-10-30 18:32:20 UTC (rev 237595)
@@ -60,7 +60,7 @@
 
     if (context.hasWritesToFlush()) {
         context.stack().setSavedStackPointer(state->cpu.sp());
-        void* lowWatermark = context.stack().lowWatermark(state->cpu.sp());
+        void* lowWatermark = context.stack().lowWatermarkFromVisitingDirtyPages();
         state->cpu.sp() = std::min(lowWatermark, state->cpu.sp());
 
         state->initializeStackFunction = flushDirtyStackPages;

Modified: trunk/Source/_javascript_Core/dfg/DFGOSRExit.cpp (237594 => 237595)

--- trunk/Source/_javascript_Core/dfg/DFGOSRExit.cpp	2018-10-30 18:12:21 UTC (rev 237594)
+++ trunk/Source/_javascript_Core/dfg/DFGOSRExit.cpp	2018-10-30 18:32:20 UTC (rev 237595)
@@ -398,8 +398,8 @@
         // Compute the value recoveries.
         Operands<ValueRecovery> operands;
         Vector<UndefinedOperandSpan> undefinedOperandSpans;
-        unsigned numVariables = dfgJITCode->variableEventStream.reconstruct(codeBlock, exit.m_codeOrigin, dfgJITCode->minifiedDFG, exit.m_streamIndex, operands, &undefinedOperandSpans);
-        ptrdiff_t stackPointerOffset = -static_cast<ptrdiff_t>(numVariables) * sizeof(Register);
+        dfgJITCode->variableEventStream.reconstruct(codeBlock, exit.m_codeOrigin, dfgJITCode->minifiedDFG, exit.m_streamIndex, operands, &undefinedOperandSpans);
+        ptrdiff_t stackPointerOffset = -static_cast<ptrdiff_t>(codeBlock->jitCode()->dfgCommon()->requiredRegisterCountForExit) * sizeof(Register);
 
         exit.exitState = adoptRef(new OSRExitState(exit, codeBlock, baselineCodeBlock, operands, WTFMove(undefinedOperandSpans), recovery, stackPointerOffset, activeThreshold, adjustedThreshold, jumpTarget, arrayProfile));
 
@@ -440,10 +440,8 @@
     do {
         auto extraInitializationLevel = static_cast<ExtraInitializationLevel>(exitState.extraInitializationLevel);
 
-        if (extraInitializationLevel == ExtraInitializationLevel::None) {
-            context.sp() = context.fp<uint8_t*>() + exitState.stackPointerOffset;
+        if (extraInitializationLevel == ExtraInitializationLevel::None)
             break;
-        }
 
         // Begin extra initilization level: SpeculationRecovery
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes