Skip to site navigation (Press enter)

[webkit-changes] [169951] trunk/Source

mhahnenberg Fri, 13 Jun 2014 15:19:28 -0700

Title: [169951] trunk/Source

Revision: 169951
Author: mhahnenb...@apple.com
Date: 2014-06-13 15:18:52 -0700 (Fri, 13 Jun 2014)

Log Message

OSR exit should barrier the Executables for all InlineCallFrames, not just those on the stack at the time of exit
https://bugs.webkit.org/show_bug.cgi?id=133880


Reviewed by Filip Pizlo.

Source/_javascript_Core:
We could have exited due to a value received from an inlined block that's no longer on
the stack, so we should just barrier all InlineCallFrames.

* dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::adjustAndJumpToTarget):

Source/WTF:
* wtf/Bag.h:
(WTF::Bag::iterator::operator!=): Add != to the Bag iterator so we can use it in range-based iteration.

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/dfg/DFGOSRExitCompilerCommon.cpp
trunk/Source/WTF/ChangeLog
trunk/Source/WTF/wtf/Bag.h

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (169950 => 169951)


--- trunk/Source/_javascript_Core/ChangeLog	2014-06-13 21:49:09 UTC (rev 169950)
+++ trunk/Source/_javascript_Core/ChangeLog	2014-06-13 22:18:52 UTC (rev 169951)
@@ -1,3 +1,16 @@
+2014-06-13  Mark Hahnenberg  <mhahnenb...@apple.com>
+
+        OSR exit should barrier the Executables for all InlineCallFrames, not just those on the stack at the time of exit
+        https://bugs.webkit.org/show_bug.cgi?id=133880
+
+        Reviewed by Filip Pizlo.
+
+        We could have exited due to a value received from an inlined block that's no longer on 
+        the stack, so we should just barrier all InlineCallFrames.
+
+        * dfg/DFGOSRExitCompilerCommon.cpp:
+        (JSC::DFG::adjustAndJumpToTarget):
+
 2014-06-13  Alex Christensen  <achristen...@webkit.org>
 
         Make css jit compile for armv7.

Modified: trunk/Source/_javascript_Core/dfg/DFGOSRExitCompilerCommon.cpp (169950 => 169951)


--- trunk/Source/_javascript_Core/dfg/DFGOSRExitCompilerCommon.cpp	2014-06-13 21:49:09 UTC (rev 169950)
+++ trunk/Source/_javascript_Core/dfg/DFGOSRExitCompilerCommon.cpp	2014-06-13 22:18:52 UTC (rev 169951)
@@ -199,13 +199,16 @@
 void adjustAndJumpToTarget(CCallHelpers& jit, const OSRExitBase& exit)
 {
 #if ENABLE(GGC) 
-    // 11) Write barrier the owner executable because we're jumping into a different block.
-    for (CodeOrigin codeOrigin = exit.m_codeOrigin; ; codeOrigin = codeOrigin.inlineCallFrame->caller) {
-        CodeBlock* baselineCodeBlock = jit.baselineCodeBlockFor(codeOrigin);
-        jit.move(AssemblyHelpers::TrustedImmPtr(baselineCodeBlock->ownerExecutable()), GPRInfo::nonArgGPR0); 
-        osrWriteBarrier(jit, GPRInfo::nonArgGPR0, GPRInfo::nonArgGPR1);
-        if (!codeOrigin.inlineCallFrame)
-            break;
+    // 11) Write barrier the owner executables because we're jumping into a different block.
+    jit.move(AssemblyHelpers::TrustedImmPtr(jit.codeBlock()->ownerExecutable()), GPRInfo::nonArgGPR0);
+    osrWriteBarrier(jit, GPRInfo::nonArgGPR0, GPRInfo::nonArgGPR1);
+    InlineCallFrameSet* inlineCallFrames = jit.codeBlock()->jitCode()->dfgCommon()->inlineCallFrames.get();
+    if (inlineCallFrames) {
+        for (InlineCallFrame* inlineCallFrame : *inlineCallFrames) {
+            ScriptExecutable* ownerExecutable = inlineCallFrame->executable.get();
+            jit.move(AssemblyHelpers::TrustedImmPtr(ownerExecutable), GPRInfo::nonArgGPR0); 
+            osrWriteBarrier(jit, GPRInfo::nonArgGPR0, GPRInfo::nonArgGPR1);
+        }
     }
 #endif

Modified: trunk/Source/WTF/ChangeLog (169950 => 169951)


--- trunk/Source/WTF/ChangeLog	2014-06-13 21:49:09 UTC (rev 169950)
+++ trunk/Source/WTF/ChangeLog	2014-06-13 22:18:52 UTC (rev 169951)
@@ -1,3 +1,13 @@
+2014-06-13  Mark Hahnenberg  <mhahnenb...@apple.com>
+
+        OSR exit should barrier the Executables for all InlineCallFrames, not just those on the stack at the time of exit
+        https://bugs.webkit.org/show_bug.cgi?id=133880
+
+        Reviewed by Filip Pizlo.
+
+        * wtf/Bag.h:
+        (WTF::Bag::iterator::operator!=): Add != to the Bag iterator so we can use it in range-based iteration.
+
 2014-06-12  Gavin Barraclough  <barraclo...@apple.com>
 
         Add support for thread/WorkQueue QoS

Modified: trunk/Source/WTF/wtf/Bag.h (169950 => 169951)


--- trunk/Source/WTF/wtf/Bag.h	2014-06-13 21:49:09 UTC (rev 169950)
+++ trunk/Source/WTF/wtf/Bag.h	2014-06-13 22:18:52 UTC (rev 169951)
@@ -83,6 +83,12 @@
         {
             return m_node == other.m_node;
         }
+
+        bool operator!=(const iterator& other) const
+        {
+            return !(*this == other);
+        }
+
     private:
         template<typename U> friend class WTF::Bag;
         Node* m_node;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes