Title: [271596] trunk
- Revision
- 271596
- Author
- [email protected]
- Date
- 2021-01-18 20:59:55 -0800 (Mon, 18 Jan 2021)
Log Message
[JSC] FTL::prepareOSREntry can clear OSR entry CodeBlock if it is already invalidated
https://bugs.webkit.org/show_bug.cgi?id=220718
<rdar://problem/70527068>
Reviewed by Mark Lam.
JSTests:
* stress/ftl-osr-failure-clear-twice.js: Added.
(foo):
Source/_javascript_Core:
FTL::prepareOSREntry can clear OSR entry CodeBlock if it is already invalidated. However, the caller is not assuming that,
and it calls clearOSREntryBlockAndResetThresholds again. And clearOSREntryBlockAndResetThresholds's assertion hit.
This patch correctly handles the invalidated case.
* dfg/DFGOperations.cpp:
(JSC::DFG::tierUpCommon):
Modified Paths
Added Paths
Diff
Modified: trunk/JSTests/ChangeLog (271595 => 271596)
--- trunk/JSTests/ChangeLog 2021-01-19 04:28:51 UTC (rev 271595)
+++ trunk/JSTests/ChangeLog 2021-01-19 04:59:55 UTC (rev 271596)
@@ -1,5 +1,16 @@
2021-01-18 Yusuke Suzuki <[email protected]>
+ [JSC] FTL::prepareOSREntry can clear OSR entry CodeBlock if it is already invalidated
+ https://bugs.webkit.org/show_bug.cgi?id=220718
+ <rdar://problem/70527068>
+
+ Reviewed by Mark Lam.
+
+ * stress/ftl-osr-failure-clear-twice.js: Added.
+ (foo):
+
+2021-01-18 Yusuke Suzuki <[email protected]>
+
[JSC] earlyReturnFromInfiniteLoopsLimit should check all caller functions when emitting
https://bugs.webkit.org/show_bug.cgi?id=220700
<rdar://problem/71229150>
Added: trunk/JSTests/stress/ftl-osr-failure-clear-twice.js (0 => 271596)
--- trunk/JSTests/stress/ftl-osr-failure-clear-twice.js (rev 0)
+++ trunk/JSTests/stress/ftl-osr-failure-clear-twice.js 2021-01-19 04:59:55 UTC (rev 271596)
@@ -0,0 +1,14 @@
+//@ runDefault("--jitPolicyScale=0", "--osrExitCountForReoptimization=40", "--watchdog=500", "--watchdog-exception-ok")
+function foo() {
+ const xs = 'x'.repeat(1000);
+ for (let x of xs) {
+ for (let i=0; i<1000; i++) {}
+ try {
+ zzz
+ } catch {}
+ }
+}
+
+for (let i=0; i<100; i++) {
+ foo();
+}
Modified: trunk/Source/_javascript_Core/ChangeLog (271595 => 271596)
--- trunk/Source/_javascript_Core/ChangeLog 2021-01-19 04:28:51 UTC (rev 271595)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-01-19 04:59:55 UTC (rev 271596)
@@ -1,3 +1,18 @@
+2021-01-18 Yusuke Suzuki <[email protected]>
+
+ [JSC] FTL::prepareOSREntry can clear OSR entry CodeBlock if it is already invalidated
+ https://bugs.webkit.org/show_bug.cgi?id=220718
+ <rdar://problem/70527068>
+
+ Reviewed by Mark Lam.
+
+ FTL::prepareOSREntry can clear OSR entry CodeBlock if it is already invalidated. However, the caller is not assuming that,
+ and it calls clearOSREntryBlockAndResetThresholds again. And clearOSREntryBlockAndResetThresholds's assertion hit.
+ This patch correctly handles the invalidated case.
+
+ * dfg/DFGOperations.cpp:
+ (JSC::DFG::tierUpCommon):
+
2021-01-18 Xan López <[email protected]>
[JSC] Implement a B3::Compilation replacement for wasm-llint
Modified: trunk/Source/_javascript_Core/dfg/DFGOperations.cpp (271595 => 271596)
--- trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2021-01-19 04:28:51 UTC (rev 271595)
+++ trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2021-01-19 04:59:55 UTC (rev 271596)
@@ -3785,7 +3785,16 @@
return nullptr;
}
- auto failedOSREntry = [&] (CodeBlock* entryBlock) {
+ auto failedOSREntry = [&] (JITCode* jitCode) {
+ CodeBlock* entryBlock = jitCode->osrEntryBlock();
+ if (!entryBlock) {
+ CODEBLOCK_LOG_EVENT(codeBlock, "delayFTLCompile", ("OSR entry code is already invalidated"));
+ codeBlock->baselineVersion()->countReoptimization();
+ // clearOSREntryBlockAndResetThresholds is already called in FTL::prepareOSREntry and because of that,
+ // jitCode->osrEntryBlock() is nullptr.
+ return nullptr;
+ }
+
FTL::ForOSREntryJITCode* entryCode = entryBlock->jitCode()->ftlForOSREntry();
entryCode->countEntryFailure();
if (entryCode->entryFailureCount() <
@@ -3816,7 +3825,7 @@
return tagCodePtrWithStackPointerForJITCall(untagCodePtr<char*, JSEntryPtrTag>(address), callFrame);
}
- return failedOSREntry(entryBlock);
+ return failedOSREntry(jitCode);
}
}
}
@@ -3858,7 +3867,7 @@
return nullptr;
}
- return failedOSREntry(entryBlock);
+ return failedOSREntry(jitCode);
}
// It's time to try to compile code for OSR entry.
@@ -3955,7 +3964,7 @@
ASSERT(canOSREnterHere);
void* address = FTL::prepareOSREntry(vm, callFrame, codeBlock, jitCode->osrEntryBlock(), originBytecodeIndex, streamIndex);
if (!address)
- return failedOSREntry(jitCode->osrEntryBlock());
+ return failedOSREntry(jitCode);
return tagCodePtrWithStackPointerForJITCall(untagCodePtr<char*, JSEntryPtrTag>(address), callFrame);
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
