Changeset 160493 in webkit
- Timestamp:
- Dec 12, 2013 10:38:39 AM (10 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r160457 r160493 1 2013-12-11 Filip Pizlo <fpizlo@apple.com> 2 3 ARM64: Hang running pdfjs test, suspect DFG generated code for "in" 4 https://bugs.webkit.org/show_bug.cgi?id=124727 5 <rdar://problem/15566923> 6 7 Reviewed by Michael Saboff. 8 9 Get rid of In's hackish use of StructureStubInfo. Previously it was using hotPathBegin, 10 and it was the only IC that used that field, which was wasteful. Moreover, it used it 11 to store two separate locations: the label for patching the jump and the label right 12 after the jump. The code was relying on those two being the same label, which is true 13 on X86 and some other platforms, but it isn't true on ARM64. 14 15 This gets rid of hotPathBegin and makes In express those two locations as offsets from 16 the callReturnLocation, which is analogous to what the other IC's do. 17 18 This fixes a bug where any successful In patching would result in a trivially infinite 19 loop - and hence a hang - on ARM64. 20 21 * bytecode/StructureStubInfo.h: 22 * dfg/DFGJITCompiler.cpp: 23 (JSC::DFG::JITCompiler::link): 24 * dfg/DFGJITCompiler.h: 25 (JSC::DFG::InRecord::InRecord): 26 * dfg/DFGSpeculativeJIT.cpp: 27 (JSC::DFG::SpeculativeJIT::compileIn): 28 * jit/JITInlineCacheGenerator.cpp: 29 (JSC::JITByIdGenerator::finalize): 30 * jit/Repatch.cpp: 31 (JSC::replaceWithJump): 32 (JSC::patchJumpToGetByIdStub): 33 (JSC::tryCachePutByID): 34 (JSC::tryBuildPutByIdList): 35 (JSC::tryRepatchIn): 36 (JSC::resetGetByID): 37 (JSC::resetPutByID): 38 (JSC::resetIn): 39 1 40 2013-12-11 Joseph Pecoraro <pecoraro@apple.com> 2 41 -
trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.h
r158820 r160493 235 235 int32_t deltaCallToDone; 236 236 int32_t deltaCallToStorageLoad; 237 int32_t deltaCallTo StructCheck;237 int32_t deltaCallToJump; 238 238 int32_t deltaCallToSlowCase; 239 239 int32_t deltaCheckImmToCall; … … 292 292 RefPtr<JITStubRoutine> stubRoutine; 293 293 CodeLocationCall callReturnLocation; 294 CodeLocationLabel hotPathBegin; // FIXME: This is only used by DFG In IC.295 294 RefPtr<WatchpointsOnStructureStubInfo> watchpoints; 296 295 }; -
trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp
r159886 r160493 222 222 for (unsigned i = 0; i < m_ins.size(); ++i) { 223 223 StructureStubInfo& info = *m_ins[i].m_stubInfo; 224 CodeLocationLabel jump = linkBuffer.locationOf(m_ins[i].m_jump);225 224 CodeLocationCall callReturnLocation = linkBuffer.locationOf(m_ins[i].m_slowPathGenerator->call()); 226 info.hotPathBegin = jump; 225 info.patch.deltaCallToDone = differenceBetweenCodePtr(callReturnLocation, linkBuffer.locationOf(m_ins[i].m_done)); 226 info.patch.deltaCallToJump = differenceBetweenCodePtr(callReturnLocation, linkBuffer.locationOf(m_ins[i].m_jump)); 227 227 info.callReturnLocation = callReturnLocation; 228 228 info.patch.deltaCallToSlowCase = differenceBetweenCodePtr(callReturnLocation, linkBuffer.locationOf(m_ins[i].m_slowPathGenerator->label())); -
trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.h
r159826 r160493 82 82 struct InRecord { 83 83 InRecord( 84 MacroAssembler::PatchableJump jump, SlowPathGenerator* slowPathGenerator,85 S tructureStubInfo* stubInfo)84 MacroAssembler::PatchableJump jump, MacroAssembler::Label done, 85 SlowPathGenerator* slowPathGenerator, StructureStubInfo* stubInfo) 86 86 : m_jump(jump) 87 , m_done(done) 87 88 , m_slowPathGenerator(slowPathGenerator) 88 89 , m_stubInfo(stubInfo) … … 91 92 92 93 MacroAssembler::PatchableJump m_jump; 94 MacroAssembler::Label m_done; 93 95 SlowPathGenerator* m_slowPathGenerator; 94 96 StructureStubInfo* m_stubInfo; -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
r160411 r160493 973 973 974 974 use(node->child1()); 975 975 976 976 MacroAssembler::PatchableJump jump = m_jit.patchableJump(); 977 MacroAssembler::Label done = m_jit.label(); 977 978 978 979 OwnPtr<SlowPathGenerator> slowPath = slowPathCall( … … 987 988 stubInfo->patch.registersFlushed = false; 988 989 989 m_jit.addIn(InRecord(jump, slowPath.get(), stubInfo));990 m_jit.addIn(InRecord(jump, done, slowPath.get(), stubInfo)); 990 991 addSlowPathGenerator(slowPath.release()); 991 992 -
trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp
r158820 r160493 77 77 m_stubInfo->patch.deltaCheckImmToCall = MacroAssembler::differenceBetweenCodePtr( 78 78 fastPath.locationOf(m_structureImm), callReturnLocation); 79 m_stubInfo->patch.deltaCallTo StructCheck= MacroAssembler::differenceBetweenCodePtr(79 m_stubInfo->patch.deltaCallToJump = MacroAssembler::differenceBetweenCodePtr( 80 80 callReturnLocation, fastPath.locationOf(m_structureCheck)); 81 81 #if USE(JSVALUE64) -
trunk/Source/JavaScriptCore/jit/Repatch.cpp
r159593 r160493 175 175 repatchBuffer.relink( 176 176 stubInfo.callReturnLocation.jumpAtOffset( 177 stubInfo.patch.deltaCallTo StructCheck),177 stubInfo.patch.deltaCallToJump), 178 178 CodeLocationLabel(target)); 179 179 } … … 458 458 repatchBuffer.relink( 459 459 stubInfo.callReturnLocation.jumpAtOffset( 460 stubInfo.patch.deltaCallTo StructCheck),460 stubInfo.patch.deltaCallToJump), 461 461 CodeLocationLabel(stubRoutine->code().code())); 462 462 return; … … 1034 1034 repatchBuffer.relink( 1035 1035 stubInfo.callReturnLocation.jumpAtOffset( 1036 stubInfo.patch.deltaCallTo StructCheck),1036 stubInfo.patch.deltaCallToJump), 1037 1037 CodeLocationLabel(stubInfo.stubRoutine->code().code())); 1038 1038 repatchCall(repatchBuffer, stubInfo.callReturnLocation, appropriateListBuildingPutByIdFunction(slot, putKind)); … … 1138 1138 1139 1139 RepatchBuffer repatchBuffer(codeBlock); 1140 repatchBuffer.relink(stubInfo.callReturnLocation.jumpAtOffset(stubInfo.patch.deltaCallTo StructCheck), CodeLocationLabel(stubRoutine->code().code()));1140 repatchBuffer.relink(stubInfo.callReturnLocation.jumpAtOffset(stubInfo.patch.deltaCallToJump), CodeLocationLabel(stubRoutine->code().code())); 1141 1141 1142 1142 if (list->isFull()) … … 1182 1182 int listIndex; 1183 1183 1184 CodeLocationLabel successLabel = stubInfo. hotPathBegin;1184 CodeLocationLabel successLabel = stubInfo.callReturnLocation.labelAtOffset(stubInfo.patch.deltaCallToDone); 1185 1185 CodeLocationLabel slowCaseLabel; 1186 1186 … … 1260 1260 1261 1261 RepatchBuffer repatchBuffer(codeBlock); 1262 repatchBuffer.relink(stubInfo. hotPathBegin.jumpAtOffset(0), CodeLocationLabel(stubRoutine->code().code()));1262 repatchBuffer.relink(stubInfo.callReturnLocation.jumpAtOffset(stubInfo.patch.deltaCallToJump), CodeLocationLabel(stubRoutine->code().code())); 1263 1263 1264 1264 return listIndex < (POLYMORPHIC_LIST_CACHE_SIZE - 1); … … 1433 1433 repatchBuffer.repatch(stubInfo.callReturnLocation.dataLabelCompactAtOffset(stubInfo.patch.deltaCallToPayloadLoadOrStore), 0); 1434 1434 #endif 1435 repatchBuffer.relink(stubInfo.callReturnLocation.jumpAtOffset(stubInfo.patch.deltaCallTo StructCheck), stubInfo.callReturnLocation.labelAtOffset(stubInfo.patch.deltaCallToSlowCase));1435 repatchBuffer.relink(stubInfo.callReturnLocation.jumpAtOffset(stubInfo.patch.deltaCallToJump), stubInfo.callReturnLocation.labelAtOffset(stubInfo.patch.deltaCallToSlowCase)); 1436 1436 } 1437 1437 … … 1467 1467 repatchBuffer.repatch(stubInfo.callReturnLocation.dataLabel32AtOffset(stubInfo.patch.deltaCallToPayloadLoadOrStore), 0); 1468 1468 #endif 1469 repatchBuffer.relink(stubInfo.callReturnLocation.jumpAtOffset(stubInfo.patch.deltaCallTo StructCheck), stubInfo.callReturnLocation.labelAtOffset(stubInfo.patch.deltaCallToSlowCase));1469 repatchBuffer.relink(stubInfo.callReturnLocation.jumpAtOffset(stubInfo.patch.deltaCallToJump), stubInfo.callReturnLocation.labelAtOffset(stubInfo.patch.deltaCallToSlowCase)); 1470 1470 } 1471 1471 1472 1472 void resetIn(RepatchBuffer& repatchBuffer, StructureStubInfo& stubInfo) 1473 1473 { 1474 repatchBuffer.relink(stubInfo. hotPathBegin.jumpAtOffset(0), stubInfo.callReturnLocation.labelAtOffset(stubInfo.patch.deltaCallToSlowCase));1474 repatchBuffer.relink(stubInfo.callReturnLocation.jumpAtOffset(stubInfo.patch.deltaCallToJump), stubInfo.callReturnLocation.labelAtOffset(stubInfo.patch.deltaCallToSlowCase)); 1475 1475 } 1476 1476
Note: See TracChangeset
for help on using the changeset viewer.