[webkit-changes] [276686] trunk/Source/JavaScriptCore

[fpizlo]

Title: [276686] trunk/Source/_javascript_Core

Revision

276686

Author

fpi...@apple.com

Date

2021-04-27 18:01:15 -0700 (Tue, 27 Apr 2021)

Log Message

Get the bytecode profiler working again
https://bugs.webkit.org/show_bug.cgi?id=225129

Reviewed by Saam Barati.

The bytecode profiler was broken because it was trying to look at unset labels. This patch
improves our label discipline a bit so we don't try to look at unset labels.

* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::linkOSRExits):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::emitInvalidationPoint):

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp
• trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (276685 => 276686)

--- trunk/Source/_javascript_Core/ChangeLog	2021-04-28 00:54:42 UTC (rev 276685)
+++ trunk/Source/_javascript_Core/ChangeLog	2021-04-28 01:01:15 UTC (rev 276686)
@@ -1,3 +1,18 @@
+2021-04-27  Filip Pizlo  <fpi...@apple.com>
+
+        Get the bytecode profiler working again
+        https://bugs.webkit.org/show_bug.cgi?id=225129
+
+        Reviewed by Saam Barati.
+
+        The bytecode profiler was broken because it was trying to look at unset labels. This patch
+        improves our label discipline a bit so we don't try to look at unset labels.
+
+        * dfg/DFGJITCompiler.cpp:
+        (JSC::DFG::JITCompiler::linkOSRExits):
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::emitInvalidationPoint):
+
 2021-04-27  Mark Lam  <mark....@apple.com>
 
         Move ExceptionExpectation into its own .h file.

Modified: trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp (276685 => 276686)

--- trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp	2021-04-28 00:54:42 UTC (rev 276685)
+++ trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp	2021-04-28 01:01:15 UTC (rev 276686)
@@ -71,11 +71,17 @@
         for (unsigned i = 0; i < m_osrExit.size(); ++i) {
             OSRExitCompilationInfo& info = m_exitCompilationInfo[i];
             Vector<Label> labels;
+
+            auto appendLabel = [&] (Label label) {
+                RELEASE_ASSERT(label.isSet());
+                labels.append(label);
+            };
+            
             if (!info.m_failureJumps.empty()) {
                 for (unsigned j = 0; j < info.m_failureJumps.jumps().size(); ++j)
-                    labels.append(info.m_failureJumps.jumps()[j].label());
-            } else
-                labels.append(info.m_replacementSource);
+                    appendLabel(info.m_failureJumps.jumps()[j].label());
+            } else if (info.m_replacementSource.isSet())
+                appendLabel(info.m_replacementSource);
             m_exitSiteLabels.append(labels);
         }
     }

Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (276685 => 276686)

--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp	2021-04-28 00:54:42 UTC (rev 276685)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp	2021-04-28 01:01:15 UTC (rev 276686)
@@ -334,7 +334,7 @@
         UncountableInvalidation, JSValueSource(), MethodOfGettingAValueProfile(),
         this, m_stream->size()));
     info.m_replacementSource = m_jit.watchpointLabel();
-    ASSERT(info.m_replacementSource.isSet());
+    RELEASE_ASSERT(info.m_replacementSource.isSet());
     noResult(node);
 }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes