Changeset 182167 in webkit
- Timestamp:
- Mar 30, 2015 5:43:49 PM (9 years ago)
- Location:
- trunk
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r182157 r182167 1 2015-03-30 Mark Lam <mark.lam@apple.com> 2 3 REGRESSION (r181993): inspector-protocol/debugger/setBreakpoint-dfg-and-modify-local.html crashes. 4 <https://webkit.org/b/143105> 5 6 Reviewed by Filip Pizlo. 7 8 * TestExpectations: 9 - Undid test skipped in r182072. 10 1 11 2015-03-30 Chris Dumez <cdumez@apple.com> 2 12 -
trunk/LayoutTests/TestExpectations
r182147 r182167 128 128 129 129 webkit.org/b/128736 inspector-protocol/debugger/setBreakpoint-dfg.html [ Failure Pass ] 130 webkit.org/b/1 43105 inspector-protocol/debugger/setBreakpoint-dfg-and-modify-local.html [ Skip ] # Crashing130 webkit.org/b/134982 inspector-protocol/debugger/setBreakpoint-dfg-and-modify-local.html [ Failure Pass ] 131 131 132 132 # CSS Font Loading is not yet enabled on all platforms -
trunk/Source/JavaScriptCore/ChangeLog
r182158 r182167 1 2015-03-30 Mark Lam <mark.lam@apple.com> 2 3 REGRESSION (r181993): inspector-protocol/debugger/setBreakpoint-dfg-and-modify-local.html crashes. 4 <https://webkit.org/b/143105> 5 6 Reviewed by Filip Pizlo. 7 8 With r181993, the DFG and FTL may elide the storing of the scope register. As a result, 9 on OSR exits from DFG / FTL frames where this elision has take place, we may get baseline 10 JIT frames that may have its scope register not set. The Debugger's current implementation 11 which relies on the scope register is not happy about this. For example, this results in a 12 crash in the layout test inspector-protocol/debugger/setBreakpoint-dfg-and-modify-local.html. 13 14 The fix is to disable inlining when the debugger is in use. Also, we add Flush nodes to 15 ensure that the scope register value is flushed to the register in the stack frame. 16 17 * dfg/DFGByteCodeParser.cpp: 18 (JSC::DFG::ByteCodeParser::ByteCodeParser): 19 (JSC::DFG::ByteCodeParser::setLocal): 20 (JSC::DFG::ByteCodeParser::flush): 21 - Add code to flush the scope register. 22 (JSC::DFG::ByteCodeParser::inliningCost): 23 - Pretend that all codeBlocks are too expensive to inline if the debugger is in use, thereby 24 disabling inlining whenever the debugger is in use. 25 * dfg/DFGGraph.cpp: 26 (JSC::DFG::Graph::Graph): 27 * dfg/DFGGraph.h: 28 (JSC::DFG::Graph::hasDebuggerEnabled): 29 * dfg/DFGStackLayoutPhase.cpp: 30 (JSC::DFG::StackLayoutPhase::run): 31 - Update the DFG codeBlock's scopeRegister since it can be moved during stack layout. 32 * ftl/FTLCompile.cpp: 33 (JSC::FTL::mmAllocateDataSection): 34 - Update the FTL codeBlock's scopeRegister since it can be moved during stack layout. 35 1 36 2015-03-30 Michael Saboff <msaboff@apple.com> 2 37 -
trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
r181993 r182167 148 148 , m_haveBuiltOperandMaps(false) 149 149 , m_currentInstruction(0) 150 , m_hasDebuggerEnabled(graph.hasDebuggerEnabled()) 150 151 { 151 152 ASSERT(m_profiledBlock); … … 386 387 if (argumentPosition) 387 388 flushDirect(operand, argumentPosition); 389 else if (m_hasDebuggerEnabled && operand == m_codeBlock->scopeRegister()) 390 flush(operand); 388 391 } 389 392 … … 523 526 int numArguments; 524 527 if (InlineCallFrame* inlineCallFrame = inlineStackEntry->m_inlineCallFrame) { 528 ASSERT(!m_hasDebuggerEnabled); 525 529 numArguments = inlineCallFrame->arguments.size(); 526 530 if (inlineCallFrame->isClosureCall) … … 532 536 for (unsigned argument = numArguments; argument-- > 1;) 533 537 flushDirect(inlineStackEntry->remapOperand(virtualRegisterForArgument(argument))); 538 if (m_hasDebuggerEnabled) 539 flush(m_codeBlock->scopeRegister()); 534 540 } 535 541 … … 998 1004 999 1005 Instruction* m_currentInstruction; 1006 bool m_hasDebuggerEnabled; 1000 1007 }; 1001 1008 … … 1169 1176 dataLog("Considering inlining ", callee, " into ", currentCodeOrigin(), "\n"); 1170 1177 1178 if (m_hasDebuggerEnabled) { 1179 if (verbose) 1180 dataLog(" Failing because the debugger is in use.\n"); 1181 return UINT_MAX; 1182 } 1183 1171 1184 FunctionExecutable* executable = callee.functionExecutable(); 1172 1185 if (!executable) { -
trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp
r181993 r182167 75 75 for (unsigned i = m_mustHandleValues.size(); i--;) 76 76 m_mustHandleValues[i] = freezeFragile(plan.mustHandleValues[i]); 77 78 m_hasDebuggerEnabled = m_profiledBlock->globalObject()->hasDebugger() 79 || Options::forceDebuggerBytecodeGeneration(); 77 80 } 78 81 -
trunk/Source/JavaScriptCore/dfg/DFGGraph.h
r181993 r182167 710 710 BasicBlock*, const char* file, int line, const char* function, 711 711 const char* assertion); 712 712 713 bool hasDebuggerEnabled() const { return m_hasDebuggerEnabled; } 714 713 715 VM& m_vm; 714 716 Plan& m_plan; … … 792 794 PlanStage m_planStage { PlanStage::Initial }; 793 795 RefCountState m_refCountState; 796 bool m_hasDebuggerEnabled; 794 797 private: 795 798 -
trunk/Source/JavaScriptCore/dfg/DFGStackLayoutPhase.cpp
r181993 r182167 176 176 // This register is never valid for DFG code blocks. 177 177 codeBlock()->setActivationRegister(VirtualRegister()); 178 codeBlock()->setScopeRegister(VirtualRegister()); 178 if (LIKELY(!m_graph.hasDebuggerEnabled())) 179 codeBlock()->setScopeRegister(VirtualRegister()); 180 else 181 codeBlock()->setScopeRegister(assign(allocation, codeBlock()->scopeRegister())); 179 182 180 183 for (unsigned i = m_graph.m_inlineVariableData.size(); i--;) { -
trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp
r182004 r182167 323 323 inlineCallFrame->calleeRecovery.withLocalsOffset(localsOffset); 324 324 } 325 326 if (graph.hasDebuggerEnabled()) 327 codeBlock->setScopeRegister(codeBlock->scopeRegister() + localsOffset); 325 328 } 326 329
Note: See TracChangeset
for help on using the changeset viewer.