Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (283556 => 283557)
--- trunk/Source/_javascript_Core/ChangeLog 2021-10-05 17:49:50 UTC (rev 283556)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-10-05 17:51:46 UTC (rev 283557)
@@ -1,3 +1,39 @@
+2021-10-05 Xan López <[email protected]>
+
+ [JSC][32bit] Fix bugs after unlinked baseline jit
+ https://bugs.webkit.org/show_bug.cgi?id=231232
+
+ Reviewed by Yusuke Suzuki.
+
+ Fix a bunch of bugs introduced with unlinked baseline jit. As of
+ now we are disabling DataIC on baseline JIT to get things working
+ ASAP, making that work will be the next step. This makes us almost
+ go back to green bots.
+
+ (Patch co-authored with Geza Lore)
+
+ * bytecode/CallLinkInfo.cpp:
+ (JSC::CallLinkInfo::emitDataICFastPath): ASSERT we are not using DataIC on 32-bit.
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::hasDebuggerRequests const):
+ (JSC::CodeBlock::debuggerRequestsAddress): Deleted.
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCall): don't use DataIC.
+ (JSC::JIT::compileOpCallSlowCase): set missing label.
+ * jit/JITCode.h:
+ (JSC::JITCode::useDataIC): disable DataIC on baseline JIT for 32-bit.
+ * jit/JITInlines.h:
+ (JSC::JIT::getConstantOperand): get constants from the CodeBlock,
+ since we don't do sharing on 32-bit.
+ (JSC::JIT::emitValueProfilingSite): remove an overzealous ASSERT.
+ (JSC::JIT::loadConstant): use sizeof(void*) instead of '8', makes
+ things work on 32-bit.
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_debug): share this with 32-bit.
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_debug): Deleted.
+ * llint/LowLevelInterpreter32_64.asm: do not thrash the PC register.
+
2021-10-05 Yusuke Suzuki <[email protected]>
[JSC] JSPropertyNameEnumerator should not have cached prototype chain since empty JSPropertyNameEnumerator is shared
Modified: trunk/Source/_javascript_Core/bytecode/CallLinkInfo.cpp (283556 => 283557)
--- trunk/Source/_javascript_Core/bytecode/CallLinkInfo.cpp 2021-10-05 17:49:50 UTC (rev 283556)
+++ trunk/Source/_javascript_Core/bytecode/CallLinkInfo.cpp 2021-10-05 17:51:46 UTC (rev 283557)
@@ -365,6 +365,9 @@
MacroAssembler::JumpList CallLinkInfo::emitDataICFastPath(CCallHelpers& jit, GPRReg calleeGPR, GPRReg callLinkInfoGPR)
{
RELEASE_ASSERT(callLinkInfoGPR != InvalidGPRReg);
+#if USE(JSVALUE32_64)
+ RELEASE_ASSERT_NOT_REACHED(); // Uses DataIC
+#endif
return emitFastPathImpl(nullptr, jit, calleeGPR, callLinkInfoGPR, UseDataIC::Yes, false, nullptr);
}
Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.h (283556 => 283557)
--- trunk/Source/_javascript_Core/bytecode/CodeBlock.h 2021-10-05 17:49:50 UTC (rev 283556)
+++ trunk/Source/_javascript_Core/bytecode/CodeBlock.h 2021-10-05 17:51:46 UTC (rev 283557)
@@ -757,7 +757,6 @@
bool hasOpDebugForLineAndColumn(unsigned line, std::optional<unsigned> column);
bool hasDebuggerRequests() const { return m_debuggerRequests; }
- void* debuggerRequestsAddress() { return &m_debuggerRequests; }
static ptrdiff_t offsetOfDebuggerRequests() { return OBJECT_OFFSETOF(CodeBlock, m_debuggerRequests); }
void addBreakpoint(unsigned numBreakpoints);
Modified: trunk/Source/_javascript_Core/jit/JITCall32_64.cpp (283556 => 283557)
--- trunk/Source/_javascript_Core/jit/JITCall32_64.cpp 2021-10-05 17:49:50 UTC (rev 283556)
+++ trunk/Source/_javascript_Core/jit/JITCall32_64.cpp 2021-10-05 17:51:46 UTC (rev 283557)
@@ -310,7 +310,7 @@
checkStackPointerAlignment();
if (opcodeID == op_tail_call || opcodeID == op_tail_call_varargs || opcodeID == op_tail_call_forward_arguments) {
- auto slowPaths = info->emitTailCallDataICFastPath(*this, regT0, regT2, [&] {
+ auto slowPaths = info->emitTailCallFastPath(*this, regT0, [&] {
emitRestoreCalleeSaves();
prepareForTailCallSlow(regT2);
});
@@ -342,6 +342,8 @@
linkAllSlowCases(iter);
+ m_callCompilationInfo[callLinkInfoIndex].slowPathStart = label();
+
if (opcodeID == op_tail_call || opcodeID == op_tail_call_varargs || opcodeID == op_tail_call_forward_arguments)
emitRestoreCalleeSaves();
Modified: trunk/Source/_javascript_Core/jit/JITCode.h (283556 => 283557)
--- trunk/Source/_javascript_Core/jit/JITCode.h 2021-10-05 17:49:50 UTC (rev 283556)
+++ trunk/Source/_javascript_Core/jit/JITCode.h 2021-10-05 17:51:46 UTC (rev 283557)
@@ -162,8 +162,12 @@
static bool useDataIC(JITType jitType)
{
+#if USE(JSVALUE64)
if (JITCode::isBaselineCode(jitType))
return true;
+#else
+ UNUSED_PARAM(jitType);
+#endif
if (!Options::useDataIC())
return false;
return Options::useDataICInOptimizingJIT();
Modified: trunk/Source/_javascript_Core/jit/JITInlines.h (283556 => 283557)
--- trunk/Source/_javascript_Core/jit/JITInlines.h 2021-10-05 17:49:50 UTC (rev 283556)
+++ trunk/Source/_javascript_Core/jit/JITInlines.h 2021-10-05 17:51:46 UTC (rev 283557)
@@ -65,8 +65,12 @@
ALWAYS_INLINE JSValue JIT::getConstantOperand(VirtualRegister src)
{
ASSERT(src.isConstant());
+#if USE(JSVALUE32_64)
+ return m_profiledCodeBlock->getConstant(src);
+#else
RELEASE_ASSERT(m_unlinkedCodeBlock->constantSourceCodeRepresentation(src) != SourceCodeRepresentation::LinkTimeConstant);
return m_unlinkedCodeBlock->getConstant(src);
+#endif
}
ALWAYS_INLINE void JIT::emitPutIntToCallFrameHeader(RegisterID from, VirtualRegister entry)
@@ -328,7 +332,8 @@
#if USE(JSVALUE32_64)
inline void JIT::emitValueProfilingSite(ValueProfile& valueProfile, JSValueRegs value)
{
- ASSERT(shouldEmitProfiling());
+ if (!shouldEmitProfiling())
+ return;
EncodedValueDescriptor* descriptor = bitwise_cast<EncodedValueDescriptor*>(valueProfile.m_buckets);
store32(value.payloadGPR(), &descriptor->asBits.payload);
@@ -735,7 +740,7 @@
ALWAYS_INLINE void JIT::loadConstant(JITConstantPool::Constant constantIndex, GPRReg result)
{
- loadPtr(Address(s_constantsGPR, static_cast<uintptr_t>(constantIndex) * 8), result);
+ loadPtr(Address(s_constantsGPR, static_cast<uintptr_t>(constantIndex) * sizeof(void*)), result);
}
ALWAYS_INLINE void JIT::loadGlobalObject(GPRReg result)
Modified: trunk/Source/_javascript_Core/jit/JITOpcodes.cpp (283556 => 283557)
--- trunk/Source/_javascript_Core/jit/JITOpcodes.cpp 2021-10-05 17:49:50 UTC (rev 283556)
+++ trunk/Source/_javascript_Core/jit/JITOpcodes.cpp 2021-10-05 17:51:46 UTC (rev 283557)
@@ -1135,16 +1135,6 @@
farJump(returnValueGPR, JSSwitchPtrTag);
}
-void JIT::emit_op_debug(const Instruction* currentInstruction)
-{
- auto bytecode = currentInstruction->as<OpDebug>();
- loadPtr(addressFor(CallFrameSlot::codeBlock), regT0);
- load32(Address(regT0, CodeBlock::offsetOfDebuggerRequests()), regT0);
- Jump noDebuggerRequests = branchTest32(Zero, regT0);
- callOperation(operationDebug, &vm(), static_cast<int>(bytecode.m_debugHookType));
- noDebuggerRequests.link(this);
-}
-
void JIT::emit_op_eq_null(const Instruction* currentInstruction)
{
auto bytecode = currentInstruction->as<OpEqNull>();
@@ -1457,6 +1447,16 @@
#endif // USE(JSVALUE64)
+void JIT::emit_op_debug(const Instruction* currentInstruction)
+{
+ auto bytecode = currentInstruction->as<OpDebug>();
+ loadPtr(addressFor(CallFrameSlot::codeBlock), regT0);
+ load32(Address(regT0, CodeBlock::offsetOfDebuggerRequests()), regT0);
+ Jump noDebuggerRequests = branchTest32(Zero, regT0);
+ callOperation(operationDebug, &vm(), static_cast<int>(bytecode.m_debugHookType));
+ noDebuggerRequests.link(this);
+}
+
void JIT::emit_op_loop_hint(const Instruction* instruction)
{
if (UNLIKELY(Options::returnEarlyFromInfiniteLoopsForFuzzing() && m_unlinkedCodeBlock->loopHintsAreEligibleForFuzzingEarlyReturn())) {
Modified: trunk/Source/_javascript_Core/jit/JITOpcodes32_64.cpp (283556 => 283557)
--- trunk/Source/_javascript_Core/jit/JITOpcodes32_64.cpp 2021-10-05 17:49:50 UTC (rev 283556)
+++ trunk/Source/_javascript_Core/jit/JITOpcodes32_64.cpp 2021-10-05 17:51:46 UTC (rev 283557)
@@ -1076,16 +1076,6 @@
farJump(returnValueGPR, NoPtrTag);
}
-void JIT::emit_op_debug(const Instruction* currentInstruction)
-{
- auto bytecode = currentInstruction->as<OpDebug>();
- load32(codeBlock()->debuggerRequestsAddress(), regT0);
- Jump noDebuggerRequests = branchTest32(Zero, regT0);
- callOperation(operationDebug, &vm(), static_cast<int>(bytecode.m_debugHookType));
- noDebuggerRequests.link(this);
-}
-
-
void JIT::emit_op_enter(const Instruction* currentInstruction)
{
emitEnterOptimizationCheck();
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm (283556 => 283557)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm 2021-10-05 17:49:50 UTC (rev 283556)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm 2021-10-05 17:51:46 UTC (rev 283557)
@@ -1123,12 +1123,12 @@
bia t2, LowestTag, .slow
bib t3, LowestTag, .op1NotIntOp2Double
bineq t3, Int32Tag, .slow
- updateBinaryArithProfile(size, opcodeStruct, ArithProfileNumberInt, t5, t4)
ci2ds t1, ft1
+ updateBinaryArithProfile(size, opcodeStruct, ArithProfileNumberInt, t5, t1)
jmp .op1NotIntReady
.op1NotIntOp2Double:
fii2d t1, t3, ft1
- updateBinaryArithProfile(size, opcodeStruct, ArithProfileNumberNumber, t5, t4)
+ updateBinaryArithProfile(size, opcodeStruct, ArithProfileNumberNumber, t5, t1)
.op1NotIntReady:
get(m_dst, t1)
fii2d t0, t2, ft0
@@ -1138,9 +1138,9 @@
.op2NotInt:
# First operand is definitely an int, the second operand is definitely not.
+ bia t3, LowestTag, .slow
+ updateBinaryArithProfile(size, opcodeStruct, ArithProfileIntNumber, t5, t2)
get(m_dst, t2)
- bia t3, LowestTag, .slow
- updateBinaryArithProfile(size, opcodeStruct, ArithProfileIntNumber, t5, t4)
ci2ds t0, ft0
fii2d t1, t3, ft1
doubleOperation(ft1, ft0)
