- Revision
- 161445
- Author
- [email protected]
- Date
- 2014-01-07 12:16:37 -0800 (Tue, 07 Jan 2014)
Log Message
FTL OSR entry should only check input variable types after it has set up OSR exit availability of those OSR entry values
https://bugs.webkit.org/show_bug.cgi?id=126587
Not yet reviewed.
At the prologue of OSR entry, DFG IR knows where the arguments are but has no idea
where the locals are. So, before OSR entry starts doing speculation checks, it
should establish (via MovHints) where the locals are. Then it can do the checks
(namely, the SetArgument/SetLocal's).
Also make things a bit easier to debug by making verboseOSR() print OSR exit
disassemblies.
* assembler/LinkBuffer.cpp:
(JSC::LinkBuffer::finalizeCodeWithDisassembly):
* dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
(JSC::DFG::OSRAvailabilityAnalysisPhase::run):
* dfg/DFGOSREntrypointCreationPhase.cpp:
(JSC::DFG::OSREntrypointCreationPhase::run):
* dfg/DFGOSRExitCompiler.cpp:
* ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileStub):
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
Modified Paths
Diff
Modified: branches/jsCStack/Source/_javascript_Core/ChangeLog (161444 => 161445)
--- branches/jsCStack/Source/_javascript_Core/ChangeLog 2014-01-07 20:03:55 UTC (rev 161444)
+++ branches/jsCStack/Source/_javascript_Core/ChangeLog 2014-01-07 20:16:37 UTC (rev 161445)
@@ -1,3 +1,30 @@
+2014-01-07 Filip Pizlo <[email protected]>
+
+ FTL OSR entry should only check input variable types after it has set up OSR exit availability of those OSR entry values
+ https://bugs.webkit.org/show_bug.cgi?id=126587
+
+ Not yet reviewed.
+
+ At the prologue of OSR entry, DFG IR knows where the arguments are but has no idea
+ where the locals are. So, before OSR entry starts doing speculation checks, it
+ should establish (via MovHints) where the locals are. Then it can do the checks
+ (namely, the SetArgument/SetLocal's).
+
+ Also make things a bit easier to debug by making verboseOSR() print OSR exit
+ disassemblies.
+
+ * assembler/LinkBuffer.cpp:
+ (JSC::LinkBuffer::finalizeCodeWithDisassembly):
+ * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
+ (JSC::DFG::OSRAvailabilityAnalysisPhase::run):
+ * dfg/DFGOSREntrypointCreationPhase.cpp:
+ (JSC::DFG::OSREntrypointCreationPhase::run):
+ * dfg/DFGOSRExitCompiler.cpp:
+ * ftl/FTLOSRExitCompiler.cpp:
+ (JSC::FTL::compileStub):
+ * runtime/CommonSlowPaths.cpp:
+ (JSC::SLOW_PATH_DECL):
+
2014-01-07 Michael Saboff <[email protected]>
CStack Branch: ARM64 Crash running ecma/FunctionObjects/15.3.1.1-3.js
Modified: branches/jsCStack/Source/_javascript_Core/assembler/LinkBuffer.cpp (161444 => 161445)
--- branches/jsCStack/Source/_javascript_Core/assembler/LinkBuffer.cpp 2014-01-07 20:03:55 UTC (rev 161444)
+++ branches/jsCStack/Source/_javascript_Core/assembler/LinkBuffer.cpp 2014-01-07 20:16:37 UTC (rev 161445)
@@ -46,8 +46,6 @@
LinkBuffer::CodeRef LinkBuffer::finalizeCodeWithDisassembly(const char* format, ...)
{
- ASSERT(Options::showDisassembly() || Options::showDFGDisassembly());
-
CodeRef result = finalizeCodeWithoutDisassembly();
#if ENABLE(DISASSEMBLER)
Modified: branches/jsCStack/Source/_javascript_Core/dfg/DFGOSRAvailabilityAnalysisPhase.cpp (161444 => 161445)
--- branches/jsCStack/Source/_javascript_Core/dfg/DFGOSRAvailabilityAnalysisPhase.cpp 2014-01-07 20:03:55 UTC (rev 161444)
+++ branches/jsCStack/Source/_javascript_Core/dfg/DFGOSRAvailabilityAnalysisPhase.cpp 2014-01-07 20:16:37 UTC (rev 161445)
@@ -61,15 +61,13 @@
Availability::unavailable().withFlush(
FlushedAt(FlushedJSValue, virtualRegisterForArgument(argument)));
}
- for (unsigned local = root->ssa->availabilityAtHead.numberOfLocals(); local--;)
- root->ssa->availabilityAtHead.local(local) = Availability::unavailable();
-
+
if (m_graph.m_plan.mode == FTLForOSREntryMode) {
- for (unsigned local = m_graph.m_profiledBlock->m_numCalleeRegisters; local--;) {
- root->ssa->availabilityAtHead.local(local) =
- Availability::unavailable().withFlush(
- FlushedAt(FlushedJSValue, virtualRegisterForLocal(local)));
- }
+ for (unsigned local = m_graph.m_profiledBlock->m_numCalleeRegisters; local--;)
+ root->ssa->availabilityAtHead.local(local) = Availability::unavailable();
+ } else {
+ for (unsigned local = root->ssa->availabilityAtHead.numberOfLocals(); local--;)
+ root->ssa->availabilityAtHead.local(local) = Availability::unavailable();
}
// This could be made more efficient by processing blocks in reverse postorder.
Modified: branches/jsCStack/Source/_javascript_Core/dfg/DFGOSREntrypointCreationPhase.cpp (161444 => 161445)
--- branches/jsCStack/Source/_javascript_Core/dfg/DFGOSREntrypointCreationPhase.cpp 2014-01-07 20:03:55 UTC (rev 161444)
+++ branches/jsCStack/Source/_javascript_Core/dfg/DFGOSREntrypointCreationPhase.cpp 2014-01-07 20:16:37 UTC (rev 161445)
@@ -83,17 +83,6 @@
BasicBlock* newRoot = insertionSet.insert(0);
CodeOrigin codeOrigin = target->at(0)->codeOrigin;
- for (int argument = 0; argument < baseline->numParameters(); ++argument) {
- Node* oldNode = target->variablesAtHead.argument(argument);
- if (!oldNode) {
- // Just for sanity, always have a SetArgument even if it's not needed.
- oldNode = m_graph.m_arguments[argument];
- }
- Node* node = newRoot->appendNode(
- m_graph, SpecNone, SetArgument, codeOrigin,
- OpInfo(oldNode->variableAccessData()));
- m_graph.m_arguments[argument] = node;
- }
Vector<Node*> locals(baseline->m_numCalleeRegisters);
for (int local = 0; local < baseline->m_numCalleeRegisters; ++local) {
Node* previousHead = target->variablesAtHead.local(local);
@@ -108,6 +97,19 @@
m_graph, SpecNone, MovHint, codeOrigin, OpInfo(variable->local().offset()),
Edge(locals[local]));
}
+
+ for (int argument = 0; argument < baseline->numParameters(); ++argument) {
+ Node* oldNode = target->variablesAtHead.argument(argument);
+ if (!oldNode) {
+ // Just for sanity, always have a SetArgument even if it's not needed.
+ oldNode = m_graph.m_arguments[argument];
+ }
+ Node* node = newRoot->appendNode(
+ m_graph, SpecNone, SetArgument, codeOrigin,
+ OpInfo(oldNode->variableAccessData()));
+ m_graph.m_arguments[argument] = node;
+ }
+
for (int local = 0; local < baseline->m_numCalleeRegisters; ++local) {
Node* previousHead = target->variablesAtHead.local(local);
if (!previousHead)
Modified: branches/jsCStack/Source/_javascript_Core/dfg/DFGOSRExitCompiler.cpp (161444 => 161445)
--- branches/jsCStack/Source/_javascript_Core/dfg/DFGOSRExitCompiler.cpp 2014-01-07 20:03:55 UTC (rev 161444)
+++ branches/jsCStack/Source/_javascript_Core/dfg/DFGOSRExitCompiler.cpp 2014-01-07 20:16:37 UTC (rev 161445)
@@ -96,7 +96,7 @@
LinkBuffer patchBuffer(*vm, &jit, codeBlock);
exit.m_code = FINALIZE_CODE_IF(
- shouldShowDisassembly(),
+ shouldShowDisassembly() || Options::verboseOSR(),
patchBuffer,
("DFG OSR exit #%u (%s, %s) from %s, with operands = %s",
exitIndex, toCString(exit.m_codeOrigin).data(),
Modified: branches/jsCStack/Source/_javascript_Core/ftl/FTLOSRExitCompiler.cpp (161444 => 161445)
--- branches/jsCStack/Source/_javascript_Core/ftl/FTLOSRExitCompiler.cpp 2014-01-07 20:03:55 UTC (rev 161444)
+++ branches/jsCStack/Source/_javascript_Core/ftl/FTLOSRExitCompiler.cpp 2014-01-07 20:16:37 UTC (rev 161445)
@@ -291,7 +291,7 @@
LinkBuffer patchBuffer(*vm, &jit, codeBlock);
exit.m_code = FINALIZE_CODE_IF(
- shouldShowDisassembly(),
+ shouldShowDisassembly() || Options::verboseOSR(),
patchBuffer,
("FTL OSR exit #%u (%s, %s) from %s, with operands = %s, and record = %s",
exitID, toCString(exit.m_codeOrigin).data(),
Modified: branches/jsCStack/Source/_javascript_Core/runtime/CommonSlowPaths.cpp (161444 => 161445)
--- branches/jsCStack/Source/_javascript_Core/runtime/CommonSlowPaths.cpp 2014-01-07 20:03:55 UTC (rev 161444)
+++ branches/jsCStack/Source/_javascript_Core/runtime/CommonSlowPaths.cpp 2014-01-07 20:16:37 UTC (rev 161445)
@@ -360,6 +360,7 @@
SLOW_PATH_DECL(slow_path_add)
{
BEGIN();
+
JSValue v1 = OP_C(2).jsValue();
JSValue v2 = OP_C(3).jsValue();
