Diff
Modified: branches/safari-601-branch/Source/_javascript_Core/ChangeLog (191654 => 191655)
--- branches/safari-601-branch/Source/_javascript_Core/ChangeLog 2015-10-28 05:19:25 UTC (rev 191654)
+++ branches/safari-601-branch/Source/_javascript_Core/ChangeLog 2015-10-28 05:19:30 UTC (rev 191655)
@@ -1,5 +1,24 @@
2015-10-27 Matthew Hanson <matthew_han...@apple.com>
+ Merge r191395. rdar://problem/22847057
+
+ 2015-10-21 Filip Pizlo <fpi...@apple.com>
+
+ Failures in PutStackSinkingPhase should be less severe
+ https://bugs.webkit.org/show_bug.cgi?id=150400
+
+ Reviewed by Geoffrey Garen.
+
+ Make the PutStackSinkingPhase abort instead of asserting. To test that it's OK to not have
+ PutStackSinkingPhase run, this adds a test mode where we run without PutStackSinkingPhase.
+
+ * dfg/DFGPlan.cpp: Make it possible to not run PutStackSinkingPhase for tests.
+ (JSC::DFG::Plan::compileInThreadImpl):
+ * dfg/DFGPutStackSinkingPhase.cpp: PutStackSinkingPhase should abort instead of asserting, except when validation is enabled.
+ * runtime/Options.h: Add an option for disabling PutStackSinkingPhase.
+
+2015-10-27 Matthew Hanson <matthew_han...@apple.com>
+
Merge r187510. rdar://problem/22847057
2015-07-28 Filip Pizlo <fpi...@apple.com>
Modified: branches/safari-601-branch/Source/_javascript_Core/dfg/DFGPlan.cpp (191654 => 191655)
--- branches/safari-601-branch/Source/_javascript_Core/dfg/DFGPlan.cpp 2015-10-28 05:19:25 UTC (rev 191654)
+++ branches/safari-601-branch/Source/_javascript_Core/dfg/DFGPlan.cpp 2015-10-28 05:19:30 UTC (rev 191655)
@@ -354,7 +354,8 @@
// Ideally, these would be run to fixpoint with the object allocation sinking phase.
performArgumentsElimination(dfg);
- performPutStackSinking(dfg);
+ if (Options::usePutStackSinking())
+ performPutStackSinking(dfg);
performConstantHoisting(dfg);
performGlobalCSE(dfg);
Modified: branches/safari-601-branch/Source/_javascript_Core/dfg/DFGPutStackSinkingPhase.cpp (191654 => 191655)
--- branches/safari-601-branch/Source/_javascript_Core/dfg/DFGPutStackSinkingPhase.cpp 2015-10-28 05:19:25 UTC (rev 191654)
+++ branches/safari-601-branch/Source/_javascript_Core/dfg/DFGPutStackSinkingPhase.cpp 2015-10-28 05:19:30 UTC (rev 191655)
@@ -231,10 +231,39 @@
dataLog("Deferred at ", node, ":", deferred, "\n");
if (node->op() == GetStack) {
- DFG_ASSERT(
- m_graph, node,
- deferred.operand(node->stackAccessData()->local) != ConflictingFlush);
+ // Handle the case that the input doesn't match our requirements. This is
+ // really a bug, but it's a benign one if we simply don't run this phase.
+ // It usually arises because of patterns like:
+ //
+ // if (thing)
+ // PutStack()
+ // ...
+ // if (thing)
+ // GetStack()
+ //
+ // Or:
+ //
+ // if (never happens)
+ // GetStack()
+ //
+ // Because this phase runs early in SSA, it should be sensible to enforce
+ // that no such code pattern has arisen yet. So, when validation is
+ // enabled, we assert that we aren't seeing this. But with validation
+ // disabled we silently let this fly and we just abort this phase.
+ // FIXME: Get rid of all remaining cases of conflicting GetStacks.
+ // https://bugs.webkit.org/show_bug.cgi?id=150398
+
+ bool isConflicting =
+ deferred.operand(node->stackAccessData()->local) == ConflictingFlush;
+ if (validationEnabled())
+ DFG_ASSERT(m_graph, node, !isConflicting);
+
+ if (isConflicting) {
+ // Oh noes! Abort!!
+ return false;
+ }
+
// A GetStack doesn't affect anything, since we know which local we are reading
// from.
continue;
Modified: branches/safari-601-branch/Source/_javascript_Core/runtime/Options.h (191654 => 191655)
--- branches/safari-601-branch/Source/_javascript_Core/runtime/Options.h 2015-10-28 05:19:25 UTC (rev 191654)
+++ branches/safari-601-branch/Source/_javascript_Core/runtime/Options.h 2015-10-28 05:19:30 UTC (rev 191655)
@@ -190,6 +190,7 @@
v(bool, optimizeNativeCalls, false, nullptr) \
v(bool, enableMovHintRemoval, true, nullptr) \
v(bool, enableObjectAllocationSinking, true, nullptr) \
+ v(bool, usePutStackSinking, true, nullptr) \
\
v(bool, enableConcurrentJIT, true, "allows the DFG / FTL compilation in threads other than the executing JS thread") \
v(unsigned, numberOfDFGCompilerThreads, computeNumberOfWorkerThreads(2, 2) - 1, nullptr) \
Modified: branches/safari-601-branch/Tools/ChangeLog (191654 => 191655)
--- branches/safari-601-branch/Tools/ChangeLog 2015-10-28 05:19:25 UTC (rev 191654)
+++ branches/safari-601-branch/Tools/ChangeLog 2015-10-28 05:19:30 UTC (rev 191655)
@@ -1,3 +1,18 @@
+2015-10-27 Matthew Hanson <matthew_han...@apple.com>
+
+ Merge r191395. rdar://problem/22847057
+
+ 2015-10-21 Filip Pizlo <fpi...@apple.com>
+
+ Failures in PutStackSinkingPhase should be less severe
+ https://bugs.webkit.org/show_bug.cgi?id=150400
+
+ Reviewed by Geoffrey Garen.
+
+ Add a test mode for no PutStackSinkingPhase.
+
+ * Scripts/run-jsc-stress-tests:
+
2015-10-26 Matthew Hanson <matthew_han...@apple.com>
Merge r191530. rdar://problem/23206864
Modified: branches/safari-601-branch/Tools/Scripts/run-jsc-stress-tests (191654 => 191655)
--- branches/safari-601-branch/Tools/Scripts/run-jsc-stress-tests 2015-10-28 05:19:25 UTC (rev 191654)
+++ branches/safari-601-branch/Tools/Scripts/run-jsc-stress-tests 2015-10-28 05:19:30 UTC (rev 191655)
@@ -710,6 +710,10 @@
run("ftl-no-cjit-validate", "--validateGraph=true", *(FTL_OPTIONS + NO_CJIT_OPTIONS)) if $enableFTL
end
+def runFTLNoCJITNoPutStackValidate
+ run("ftl-no-cjit-no-put-stack-validate", "--validateGraph=true", "--usePutStackSinking=false", *(FTL_OPTIONS + NO_CJIT_OPTIONS)) if $enableFTL
+end
+
def runFTLNoCJITNoInlineValidate
run("ftl-no-cjit-no-inline-validate", "--validateGraph=true", "--maximumInliningDepth=1", *(FTL_OPTIONS + NO_CJIT_OPTIONS)) if $enableFTL
end
@@ -773,6 +777,7 @@
runDefaultFTL
runFTLNoCJITValidate
runFTLNoCJITNoInlineValidate
+ runFTLNoCJITNoPutStackValidate
runFTLEager
runFTLEagerNoCJITValidate
runFTLNoCJITSmallPool
