Diff
Modified: branches/safari-600.5-branch/Source/_javascript_Core/ChangeLog (180678 => 180679)
--- branches/safari-600.5-branch/Source/_javascript_Core/ChangeLog 2015-02-26 17:30:37 UTC (rev 180678)
+++ branches/safari-600.5-branch/Source/_javascript_Core/ChangeLog 2015-02-26 18:03:17 UTC (rev 180679)
@@ -1,3 +1,81 @@
+2015-02-26 Babak Shafiei <bshaf...@apple.com>
+
+ Merge patch for r180247 and r180249.
+
+ 2015-02-20 Michael Saboff <msab...@apple.com>
+
+ CrashTracer: DFG_CRASH beneath JSC::FTL::LowerDFGToLLVM::compileNode
+ https://bugs.webkit.org/show_bug.cgi?id=141730
+
+ Reviewed by Geoffrey Garen.
+
+ Added a new failure handler, loweringFailed(), to LowerDFGToLLVM that reports failures
+ while processing DFG lowering. For debug builds, the failures are logged identical
+ to the way the DFG_CRASH() reports them. For release builds, the failures are reported
+ and that FTL compilation is terminated, but the process is allowed to continue.
+ Wrapped calls to loweringFailed() in a macro LOWERING_FAILED so the function and
+ line number are reported at the point of the inconsistancy.
+
+ Converted instances of DFG_CRASH to LOWERING_FAILED.
+
+ * dfg/DFGPlan.cpp:
+ (JSC::DFG::Plan::compileInThreadImpl): Added lowerDFGToLLVM() failure check that
+ will fail the FTL compile.
+
+ * ftl/FTLLowerDFGToLLVM.cpp:
+ (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
+ Added new member variable, m_loweringSucceeded, to stop compilation on the first
+ reported failure.
+
+ * ftl/FTLLowerDFGToLLVM.cpp:
+ (JSC::FTL::LowerDFGToLLVM::lower):
+ * ftl/FTLLowerDFGToLLVM.h:
+ Added check for compilation failures and now report those failures via a boolean
+ return value.
+
+ * ftl/FTLLowerDFGToLLVM.cpp:
+ (JSC::FTL::LowerDFGToLLVM::createPhiVariables):
+ (JSC::FTL::LowerDFGToLLVM::compileNode):
+ (JSC::FTL::LowerDFGToLLVM::compileUpsilon):
+ (JSC::FTL::LowerDFGToLLVM::compilePhi):
+ (JSC::FTL::LowerDFGToLLVM::compileDoubleRep):
+ (JSC::FTL::LowerDFGToLLVM::compileValueRep):
+ (JSC::FTL::LowerDFGToLLVM::compileValueToInt32):
+ (JSC::FTL::LowerDFGToLLVM::compilePutLocal):
+ (JSC::FTL::LowerDFGToLLVM::compileArithAddOrSub):
+ (JSC::FTL::LowerDFGToLLVM::compileArithMul):
+ (JSC::FTL::LowerDFGToLLVM::compileArithDiv):
+ (JSC::FTL::LowerDFGToLLVM::compileArithMod):
+ (JSC::FTL::LowerDFGToLLVM::compileArithMinOrMax):
+ (JSC::FTL::LowerDFGToLLVM::compileArithAbs):
+ (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
+ (JSC::FTL::LowerDFGToLLVM::compileArrayifyToStructure):
+ (JSC::FTL::LowerDFGToLLVM::compileGetById):
+ (JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentByVal):
+ (JSC::FTL::LowerDFGToLLVM::compileGetArrayLength):
+ (JSC::FTL::LowerDFGToLLVM::compileGetByVal):
+ (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
+ (JSC::FTL::LowerDFGToLLVM::compileArrayPush):
+ (JSC::FTL::LowerDFGToLLVM::compileArrayPop):
+ (JSC::FTL::LowerDFGToLLVM::compileNewArray):
+ (JSC::FTL::LowerDFGToLLVM::compileToString):
+ (JSC::FTL::LowerDFGToLLVM::compileMakeRope):
+ (JSC::FTL::LowerDFGToLLVM::compileCompareEq):
+ (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
+ (JSC::FTL::LowerDFGToLLVM::compileSwitch):
+ (JSC::FTL::LowerDFGToLLVM::compare):
+ (JSC::FTL::LowerDFGToLLVM::boolify):
+ (JSC::FTL::LowerDFGToLLVM::opposite):
+ (JSC::FTL::LowerDFGToLLVM::lowJSValue):
+ (JSC::FTL::LowerDFGToLLVM::speculate):
+ (JSC::FTL::LowerDFGToLLVM::isArrayType):
+ (JSC::FTL::LowerDFGToLLVM::exitValueForAvailability):
+ (JSC::FTL::LowerDFGToLLVM::exitValueForNode):
+ (JSC::FTL::LowerDFGToLLVM::setInt52):
+ Changed DFG_CRASH() to LOWERING_FAILED(). Updated related control flow as appropriate.
+
+ (JSC::FTL::LowerDFGToLLVM::loweringFailed): New error reporting member function.
+
2015-02-20 Dana Burkart <dburk...@apple.com>
Merged r180325. <rdar://problem/19828591>
Modified: branches/safari-600.5-branch/Source/_javascript_Core/dfg/DFGPlan.cpp (180678 => 180679)
--- branches/safari-600.5-branch/Source/_javascript_Core/dfg/DFGPlan.cpp 2015-02-26 17:30:37 UTC (rev 180678)
+++ branches/safari-600.5-branch/Source/_javascript_Core/dfg/DFGPlan.cpp 2015-02-26 18:03:17 UTC (rev 180679)
@@ -348,7 +348,10 @@
}
FTL::State state(dfg);
- FTL::lowerDFGToLLVM(state);
+ if (!FTL::lowerDFGToLLVM(state)) {
+ FTL::fail(state);
+ return FTLPath;
+ }
if (reportCompileTimes())
beforeFTL = currentTimeMS();
Modified: branches/safari-600.5-branch/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp (180678 => 180679)
--- branches/safari-600.5-branch/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp 2015-02-26 17:30:37 UTC (rev 180678)
+++ branches/safari-600.5-branch/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp 2015-02-26 18:03:17 UTC (rev 180679)
@@ -68,6 +68,7 @@
LowerDFGToLLVM(State& state)
: m_graph(state.graph)
, m_ftlState(state)
+ , m_loweringSucceeded(true)
, m_heaps(state.context)
, m_out(state.context)
, m_availability(OperandsLike, state.graph.block(0)->variablesAtHead)
@@ -76,8 +77,12 @@
, m_stackmapIDs(0)
{
}
-
- void lower()
+
+
+#define LOWERING_FAILED(node, reason) \
+ loweringFailed((node), __FILE__, __LINE__, WTF_PRETTY_FUNCTION, (reason));
+
+ bool lower()
{
CString name;
if (verboseCompilationEnabled()) {
@@ -157,10 +162,16 @@
m_out.constInt32(MacroAssembler::maxJumpReplacementSize()));
m_out.unreachable();
+ if (!m_loweringSucceeded)
+ return m_loweringSucceeded;
+
Vector<BasicBlock*> depthFirst;
m_graph.getBlocksInDepthFirstOrder(depthFirst);
- for (unsigned i = 0; i < depthFirst.size(); ++i)
+ for (unsigned i = 0; i < depthFirst.size(); ++i) {
compileBlock(depthFirst[i]);
+ if (!m_loweringSucceeded)
+ return m_loweringSucceeded;
+ }
if (Options::dumpLLVMIR())
dumpModule(m_ftlState.module);
@@ -169,6 +180,8 @@
m_ftlState.dumpState("after lowering");
if (validationEnabled())
verifyModule(m_ftlState.module);
+
+ return m_loweringSucceeded;
}
private:
@@ -201,8 +214,8 @@
type = m_out.int64;
break;
default:
- RELEASE_ASSERT_NOT_REACHED();
- break;
+ LOWERING_FAILED(node, "Bad Phi node result type");
+ return;
}
m_phis.add(node, buildAlloca(m_out.m_builder, type));
}
@@ -631,15 +644,13 @@
case AllocationProfileWatchpoint:
break;
default:
- dataLog("Unrecognized node in FTL backend:\n");
- m_graph.dump(WTF::dataFile(), " ", m_node);
- dataLog("\n");
- dataLog("Full graph dump:\n");
- m_graph.dump();
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Unrecognized node in FTL backend");
break;
}
+ if (!m_loweringSucceeded)
+ return false;
+
if (shouldExecuteEffects)
m_interpreter.executeEffects(nodeIndex);
@@ -670,7 +681,7 @@
m_out.set(lowJSValue(m_node->child1()), destination);
break;
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad use kind");
break;
}
}
@@ -696,7 +707,7 @@
setJSValue(m_out.get(source));
break;
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad use kind");
break;
}
}
@@ -739,7 +750,7 @@
}
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad use kind");
}
}
@@ -764,7 +775,7 @@
}
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad use kind");
}
}
@@ -788,7 +799,7 @@
return;
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad use kind");
}
}
@@ -827,7 +838,7 @@
}
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad use kind");
break;
}
}
@@ -860,7 +871,7 @@
}
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad flush format");
return;
}
}
@@ -890,7 +901,7 @@
setJSValue(jsValue);
break;
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad use kind");
break;
}
}
@@ -961,8 +972,8 @@
}
default:
- RELEASE_ASSERT_NOT_REACHED();
- break;
+ LOWERING_FAILED(m_node, "Bad flush format for argument");
+ return;
}
m_availability.operand(variable->local()) = Availability(variable->flushedAt());
@@ -1137,7 +1148,7 @@
}
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad use kind");
break;
}
}
@@ -1211,7 +1222,7 @@
}
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad use kind");
break;
}
}
@@ -1314,7 +1325,7 @@
}
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad use kind");
break;
}
}
@@ -1412,7 +1423,7 @@
}
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad use kind");
break;
}
}
@@ -1463,7 +1474,7 @@
}
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad use kind");
break;
}
}
@@ -1489,7 +1500,7 @@
}
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad use kind");
break;
}
}
@@ -1556,7 +1567,7 @@
}
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad use kind");
break;
}
}
@@ -1722,8 +1733,8 @@
vmCall(m_out.operation(operationEnsureArrayStorage), m_callFrame, cell);
break;
default:
- RELEASE_ASSERT_NOT_REACHED();
- break;
+ LOWERING_FAILED(m_node, "Bad array type");
+ return;
}
structureID = m_out.load32(cell, m_heaps.JSCell_structureID);
@@ -1796,7 +1807,7 @@
}
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad use kind");
return;
}
}
@@ -1948,7 +1959,8 @@
// FIXME: FTL should support activations.
// https://bugs.webkit.org/show_bug.cgi?id=129576
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Unimplemented");
+ return;
}
TypedPointer base;
@@ -1985,7 +1997,7 @@
return;
}
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad array type");
return;
}
}
@@ -2135,7 +2147,8 @@
result = m_out.load32(pointer);
break;
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad element size");
+ return;
}
if (elementSize(type) < 4) {
@@ -2179,14 +2192,15 @@
result = m_out.loadDouble(pointer);
break;
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad typed array type");
+ return;
}
setDouble(result);
return;
}
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad array type");
return;
} }
}
@@ -2292,7 +2306,8 @@
}
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad array type");
+ return;
}
m_out.jump(continuation);
@@ -2385,7 +2400,8 @@
}
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad use kind");
+ return;
}
switch (elementSize(type)) {
@@ -2402,7 +2418,8 @@
refType = m_out.ref32;
break;
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad element size");
+ return;
}
} else /* !isInt(type) */ {
LValue value = lowDouble(child3);
@@ -2416,7 +2433,8 @@
refType = m_out.refDouble;
break;
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad typed array type");
+ return;
}
}
@@ -2440,8 +2458,8 @@
return;
}
- RELEASE_ASSERT_NOT_REACHED();
- break;
+ LOWERING_FAILED(m_node, "Bad array type");
+ return;
}
}
@@ -2512,7 +2530,7 @@
}
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad array type");
return;
}
}
@@ -2570,7 +2588,7 @@
}
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad array type");
return;
}
}
@@ -2929,8 +2947,8 @@
}
default:
- RELEASE_ASSERT_NOT_REACHED();
- break;
+ LOWERING_FAILED(m_node, "Bad use kind");
+ return;
}
}
@@ -3021,7 +3039,8 @@
m_out.operation(operationMakeRope3), m_callFrame, kids[0], kids[1], kids[2]));
break;
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad number of children");
+ return;
break;
}
m_out.jump(continuation);
@@ -3426,8 +3445,8 @@
nonSpeculativeCompare(LLVMIntEQ, operationCompareEq);
return;
}
-
- RELEASE_ASSERT_NOT_REACHED();
+
+ LOWERING_FAILED(m_node, "Bad use kinds");
}
void compileCompareEqConstant()
@@ -3520,7 +3539,7 @@
return;
}
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad use kinds");
}
void compileCompareStrictEqConstant()
@@ -3656,8 +3675,8 @@
}
default:
- RELEASE_ASSERT_NOT_REACHED();
- break;
+ LOWERING_FAILED(m_node, "Bad use kind");
+ return;
}
m_out.appendTo(switchOnInts, lastNext);
@@ -3702,8 +3721,8 @@
}
default:
- RELEASE_ASSERT_NOT_REACHED();
- break;
+ LOWERING_FAILED(m_node, "Bad use kind");
+ return;
}
LBasicBlock lengthIs1 = FTL_NEW_BLOCK(m_out, ("Switch/SwitchChar length is 1"));
@@ -3755,11 +3774,11 @@
}
case SwitchString:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Unimplemented");
break;
}
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad switch kind");
}
void compileReturn()
@@ -4216,7 +4235,7 @@
return;
}
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad use kinds");
}
void compareEqObjectOrOtherToObject(Edge leftChild, Edge rightChild)
@@ -4495,7 +4514,7 @@
return m_out.phi(m_out.boolean, fastResult, slowResult);
}
default:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad use kind");
return 0;
}
}
@@ -4868,7 +4887,7 @@
case StrictInt52:
return Int52;
}
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Bad use kind");
return Int52;
}
@@ -5013,7 +5032,7 @@
return result;
}
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Corrupt array class");
return 0;
}
@@ -5325,8 +5344,8 @@
speculateMisc(edge);
break;
default:
- dataLog("Unsupported speculation use kind: ", edge.useKind(), "\n");
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Unsupported speculation use kind");
+ return;
}
}
@@ -5387,7 +5406,7 @@
switch (arrayMode.arrayClass()) {
case Array::OriginalArray:
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Unexpected original array");
return 0;
case Array::Array:
@@ -5407,7 +5426,8 @@
m_out.constInt8(arrayMode.shapeMask()));
}
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Corrupt array class");
+ return 0;
}
default:
@@ -6043,7 +6063,7 @@
return;
}
- RELEASE_ASSERT_NOT_REACHED();
+ LOWERING_FAILED(m_node, "Corrupt int52 kind");
}
void setJSValue(Node* node, LValue value)
{
@@ -6170,11 +6190,24 @@
return addressFor(operand, TagOffset);
}
+ NO_RETURN_DUE_TO_ASSERT void loweringFailed(Node* node, const char* file, int line, const char* function, const char* assertion)
+ {
+ if (!ASSERT_DISABLED) {
+ dataLog("FTL ASSERTION FAILED: ", assertion, "\n");
+ dataLog(file, "(", line, ") : ", function, "\n");
+ dataLog("While handling node ", node, "\n");
+ RELEASE_ASSERT_NOT_REACHED();
+ }
+
+ m_loweringSucceeded = false;
+ }
+
VM& vm() { return m_graph.m_vm; }
CodeBlock* codeBlock() { return m_graph.m_codeBlock; }
Graph& m_graph;
State& m_ftlState;
+ bool m_loweringSucceeded;
AbstractHeapRepository m_heaps;
Output m_out;
@@ -6215,10 +6248,10 @@
uint32_t m_stackmapIDs;
};
-void lowerDFGToLLVM(State& state)
+bool lowerDFGToLLVM(State& state)
{
LowerDFGToLLVM lowering(state);
- lowering.lower();
+ return lowering.lower();
}
} } // namespace JSC::FTL
Modified: branches/safari-600.5-branch/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.h (180678 => 180679)
--- branches/safari-600.5-branch/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.h 2015-02-26 17:30:37 UTC (rev 180678)
+++ branches/safari-600.5-branch/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.h 2015-02-26 18:03:17 UTC (rev 180679)
@@ -33,7 +33,7 @@
namespace JSC { namespace FTL {
-void lowerDFGToLLVM(State&);
+bool lowerDFGToLLVM(State&);
} } // namespace JSC::FTL
_______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
