Changeset 233772 in webkit
- Timestamp:
- Jul 12, 2018, 10:39:48 AM (6 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 5 edited
-
ChangeLog (modified) (1 diff)
-
bytecode/CodeBlock.cpp (modified) (4 diffs)
-
dfg/DFGOperations.cpp (modified) (1 diff)
-
dfg/DFGToFTLDeferredCompilationCallback.cpp (modified) (3 diffs)
-
jit/JITOperations.cpp (modified) (8 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r233765 r233772 1 2018-07-12 Mark Lam <mark.lam@apple.com> 2 3 Need to handle CodeBlock::replacement() being null. 4 https://bugs.webkit.org/show_bug.cgi?id=187569 5 <rdar://problem/41468692> 6 7 Reviewed by Saam Barati. 8 9 CodeBlock::replacement() may return a nullptr. Some of our code already checks 10 for this while others do not. We should add null checks in all the places that 11 need it. 12 13 * bytecode/CodeBlock.cpp: 14 (JSC::CodeBlock::hasOptimizedReplacement): 15 (JSC::CodeBlock::jettison): 16 (JSC::CodeBlock::numberOfDFGCompiles): 17 (JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult): 18 * dfg/DFGOperations.cpp: 19 * dfg/DFGToFTLDeferredCompilationCallback.cpp: 20 (JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidBecomeReadyAsynchronously): 21 (JSC::DFG::ToFTLDeferredCompilationCallback::compilationDidComplete): 22 * jit/JITOperations.cpp: 23 1 24 2018-07-12 Yusuke Suzuki <utatane.tea@gmail.com> 2 25 -
trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp
r233765 r233772 1657 1657 bool CodeBlock::hasOptimizedReplacement(JITCode::JITType typeToReplace) 1658 1658 { 1659 return JITCode::isHigherTier(replacement()->jitType(), typeToReplace); 1659 CodeBlock* replacement = this->replacement(); 1660 return replacement && JITCode::isHigherTier(replacement->jitType(), typeToReplace); 1660 1661 } 1661 1662 … … 2187 2188 return (m_hasBeenCompiledWithFTL ? 1 : 0) + m_reoptimizationRetryCounter; 2188 2189 } 2189 return (JITCode::isOptimizingJIT(replacement()->jitType()) ? 1 : 0) + m_reoptimizationRetryCounter; 2190 CodeBlock* replacement = this->replacement(); 2191 return ((replacement && JITCode::isOptimizingJIT(replacement->jitType())) ? 1 : 0) + m_reoptimizationRetryCounter; 2190 2192 } 2191 2193 … … 2422 2424 } 2423 2425 2424 CodeBlock* theReplacement = replacement(); 2425 if ((result == CompilationSuccessful) != (theReplacement != this)) { 2426 CodeBlock* replacement = this->replacement(); 2427 bool hasReplacement = (replacement && replacement != this); 2428 if ((result == CompilationSuccessful) != hasReplacement) { 2426 2429 dataLog(*this, ": we have result = ", result, " but "); 2427 if ( theReplacement == this)2430 if (replacement == this) 2428 2431 dataLog("we are our own replacement.\n"); 2429 2432 else 2430 dataLog("our replacement is ", pointerDump( theReplacement), "\n");2433 dataLog("our replacement is ", pointerDump(replacement), "\n"); 2431 2434 RELEASE_ASSERT_NOT_REACHED(); 2432 2435 } … … 2434 2437 switch (result) { 2435 2438 case CompilationSuccessful: 2436 RELEASE_ASSERT( JITCode::isOptimizingJIT(replacement()->jitType()));2439 RELEASE_ASSERT(replacement && JITCode::isOptimizingJIT(replacement->jitType())); 2437 2440 optimizeNextInvocation(); 2438 2441 return; -
trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp
r233722 r233772 2864 2864 // Note that even if optimizedCodeBlock is an FTLForOSREntry style CodeBlock, this condition is a 2865 2865 // sure bet that we don't have anything else left to do. 2866 if (codeBlock->replacement() == codeBlock) { 2866 CodeBlock* replacement = codeBlock->replacement(); 2867 if (!replacement || replacement == codeBlock) { 2867 2868 if (Options::verboseOSR()) 2868 2869 dataLog(*codeBlock, ": Not reoptimizing because we've already been jettisoned.\n"); -
trunk/Source/JavaScriptCore/dfg/DFGToFTLDeferredCompilationCallback.cpp
r208063 r233772 51 51 if (Options::verboseOSR()) { 52 52 dataLog( 53 "Optimizing compilation of ", *codeBlock, " (for ", *profiledDFGCodeBlock,53 "Optimizing compilation of ", codeBlock, " (for ", profiledDFGCodeBlock, 54 54 ") did become ready.\n"); 55 55 } … … 64 64 if (Options::verboseOSR()) { 65 65 dataLog( 66 "Optimizing compilation of ", *codeBlock, " (for ", *profiledDFGCodeBlock,66 "Optimizing compilation of ", codeBlock, " (for ", profiledDFGCodeBlock, 67 67 ") result: ", result, "\n"); 68 68 } … … 71 71 if (Options::verboseOSR()) { 72 72 dataLog( 73 "Dropping FTL code block ", *codeBlock, " on the floor because the "74 "DFG code block ", *profiledDFGCodeBlock, " was jettisoned.\n");73 "Dropping FTL code block ", codeBlock, " on the floor because the " 74 "DFG code block ", profiledDFGCodeBlock, " was jettisoned.\n"); 75 75 } 76 76 return; -
trunk/Source/JavaScriptCore/jit/JITOperations.cpp
r233630 r233772 1538 1538 } 1539 1539 } else if (codeBlock->hasOptimizedReplacement()) { 1540 CodeBlock* replacement = codeBlock->replacement(); 1540 1541 if (UNLIKELY(Options::verboseOSR())) 1541 dataLog("Considering OSR ", *codeBlock, " -> ", *codeBlock->replacement(), ".\n");1542 dataLog("Considering OSR ", codeBlock, " -> ", replacement, ".\n"); 1542 1543 // If we have an optimized replacement, then it must be the case that we entered 1543 1544 // cti_optimize from a loop. That's because if there's an optimized replacement, … … 1553 1554 // shouldReoptimizeFromLoopNow() to always return true. But we make it do some 1554 1555 // additional checking anyway, to reduce the amount of recompilation thrashing. 1555 if ( codeBlock->replacement()->shouldReoptimizeFromLoopNow()) {1556 if (replacement->shouldReoptimizeFromLoopNow()) { 1556 1557 CODEBLOCK_LOG_EVENT(codeBlock, "delayOptimizeToDFG", ("should reoptimize from loop now")); 1557 1558 if (UNLIKELY(Options::verboseOSR())) { 1558 1559 dataLog( 1559 "Triggering reoptimization of ", *codeBlock,1560 "(", *codeBlock->replacement(), ") (in loop).\n");1560 "Triggering reoptimization of ", codeBlock, 1561 "(", replacement, ") (in loop).\n"); 1561 1562 } 1562 codeBlock->replacement()->jettison(Profiler::JettisonDueToBaselineLoopReoptimizationTrigger, CountReoptimization);1563 replacement->jettison(Profiler::JettisonDueToBaselineLoopReoptimizationTrigger, CountReoptimization); 1563 1564 return encodeResult(0, 0); 1564 1565 } … … 1603 1604 1604 1605 CodeBlock* optimizedCodeBlock = codeBlock->replacement(); 1605 ASSERT( JITCode::isOptimizingJIT(optimizedCodeBlock->jitType()));1606 ASSERT(optimizedCodeBlock && JITCode::isOptimizingJIT(optimizedCodeBlock->jitType())); 1606 1607 1607 1608 if (void* dataBuffer = DFG::prepareOSREntry(exec, optimizedCodeBlock, bytecodeIndex)) { … … 1609 1610 if (UNLIKELY(Options::verboseOSR())) { 1610 1611 dataLog( 1611 "Performing OSR ", *codeBlock, " -> ", *optimizedCodeBlock, ".\n");1612 "Performing OSR ", codeBlock, " -> ", optimizedCodeBlock, ".\n"); 1612 1613 } 1613 1614 … … 1621 1622 if (UNLIKELY(Options::verboseOSR())) { 1622 1623 dataLog( 1623 "Optimizing ", *codeBlock, " -> ", *codeBlock->replacement(),1624 "Optimizing ", codeBlock, " -> ", codeBlock->replacement(), 1624 1625 " succeeded, OSR failed, after a delay of ", 1625 1626 codeBlock->optimizationDelayCounter(), ".\n"); … … 1642 1643 if (UNLIKELY(Options::verboseOSR())) { 1643 1644 dataLog( 1644 "Triggering reoptimization of ", *codeBlock, " -> ",1645 *codeBlock->replacement(), " (after OSR fail).\n");1645 "Triggering reoptimization of ", codeBlock, " -> ", 1646 codeBlock->replacement(), " (after OSR fail).\n"); 1646 1647 } 1647 1648 optimizedCodeBlock->jettison(Profiler::JettisonDueToBaselineLoopReoptimizationTriggerOnOSREntryFail, CountReoptimization); … … 1663 1664 1664 1665 CodeBlock* optimizedReplacement = exec->codeBlock()->replacement(); 1666 if (UNLIKELY(!optimizedReplacement)) 1667 return nullptr; 1668 1665 1669 switch (optimizedReplacement->jitType()) { 1666 1670 case JITCode::DFGJIT: … … 1682 1686 CodeBlock* codeBlock = exec->codeBlock(); 1683 1687 CodeBlock* optimizedReplacement = codeBlock->replacement(); 1688 if (UNLIKELY(!optimizedReplacement)) 1689 return nullptr; 1684 1690 1685 1691 switch (optimizedReplacement->jitType()) {
Note:
See TracChangeset
for help on using the changeset viewer.
