[webkit-changes] [155209] trunk/Source/JavaScriptCore

[fpizlo]

Title: [155209] trunk/Source/_javascript_Core

Revision

155209

Author

fpi...@apple.com

Date

2013-09-06 13:20:23 -0700 (Fri, 06 Sep 2013)

Log Message

Concurrent FTL causes !hasOptimizedReplacement() asserts in cti_optimize
https://bugs.webkit.org/show_bug.cgi?id=120890

Reviewed by Mark Hahnenberg.
        
Don't install an FTL code block if the DFG code block has already been jettisoned.

* dfg/DFGToFTLDeferredCompilationCallback.cpp:
(JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidComplete):

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/dfg/DFGToFTLDeferredCompilationCallback.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (155208 => 155209)

--- trunk/Source/_javascript_Core/ChangeLog	2013-09-06 20:04:19 UTC (rev 155208)
+++ trunk/Source/_javascript_Core/ChangeLog	2013-09-06 20:20:23 UTC (rev 155209)
@@ -1,5 +1,17 @@
 2013-09-06  Filip Pizlo  <fpi...@apple.com>
 
+        Concurrent FTL causes !hasOptimizedReplacement() asserts in cti_optimize
+        https://bugs.webkit.org/show_bug.cgi?id=120890
+
+        Reviewed by Mark Hahnenberg.
+        
+        Don't install an FTL code block if the DFG code block has already been jettisoned.
+
+        * dfg/DFGToFTLDeferredCompilationCallback.cpp:
+        (JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidComplete):
+
+2013-09-06  Filip Pizlo  <fpi...@apple.com>
+
         REGRESSION(149636, merged in 153145): ToThis conversion doesn't work in the DFG
         https://bugs.webkit.org/show_bug.cgi?id=120781
 

Modified: trunk/Source/_javascript_Core/dfg/DFGToFTLDeferredCompilationCallback.cpp (155208 => 155209)

--- trunk/Source/_javascript_Core/dfg/DFGToFTLDeferredCompilationCallback.cpp	2013-09-06 20:04:19 UTC (rev 155208)
+++ trunk/Source/_javascript_Core/dfg/DFGToFTLDeferredCompilationCallback.cpp	2013-09-06 20:20:23 UTC (rev 155209)
@@ -70,6 +70,15 @@
             ") result: ", result, "\n");
     }
     
+    if (m_dfgCodeBlock->replacement() != m_dfgCodeBlock) {
+        if (Options::verboseOSR()) {
+            dataLog(
+                "Dropping FTL code block ", *codeBlock, " on the floor because the "
+                "DFG code block ", *m_dfgCodeBlock, " was jettisoned.\n");
+        }
+        return;
+    }
+    
     if (result == CompilationSuccessful)
         codeBlock->install();
     

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes