Title: [98065] trunk/Source/_javascript_Core
- Revision
- 98065
- Author
- fpi...@apple.com
- Date
- 2011-10-20 22:14:06 -0700 (Thu, 20 Oct 2011)
Log Message
DFG call optimization handling will fail if the call had been unlinked due
to the callee being optimized
https://bugs.webkit.org/show_bug.cgi?id=70468
Reviewed by Geoff Garen.
If a call had ever been linked, we remember this fact as well as the function
to which it was linked even if unlinkIncomingCalls() or unlinkCalls() are
called.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitAggregate):
* bytecode/CodeBlock.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGRepatch.cpp:
(JSC::DFG::dfgLinkFor):
* jit/JIT.cpp:
(JSC::JIT::linkFor):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (98064 => 98065)
--- trunk/Source/_javascript_Core/ChangeLog 2011-10-21 04:14:10 UTC (rev 98064)
+++ trunk/Source/_javascript_Core/ChangeLog 2011-10-21 05:14:06 UTC (rev 98065)
@@ -1,3 +1,25 @@
+2011-10-20 Filip Pizlo <fpi...@apple.com>
+
+ DFG call optimization handling will fail if the call had been unlinked due
+ to the callee being optimized
+ https://bugs.webkit.org/show_bug.cgi?id=70468
+
+ Reviewed by Geoff Garen.
+
+ If a call had ever been linked, we remember this fact as well as the function
+ to which it was linked even if unlinkIncomingCalls() or unlinkCalls() are
+ called.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::visitAggregate):
+ * bytecode/CodeBlock.h:
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGRepatch.cpp:
+ (JSC::DFG::dfgLinkFor):
+ * jit/JIT.cpp:
+ (JSC::JIT::linkFor):
+
2011-10-20 Yuqiang Xian <yuqiang.x...@intel.com>
DFG JIT 32_64 - Fix ByteArray speculation
Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp (98064 => 98065)
--- trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2011-10-21 04:14:10 UTC (rev 98064)
+++ trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2011-10-21 05:14:06 UTC (rev 98065)
@@ -1545,9 +1545,12 @@
for (size_t i = 0; i < m_functionDecls.size(); ++i)
visitor.append(&m_functionDecls[i]);
#if ENABLE(JIT)
- for (unsigned i = 0; i < numberOfCallLinkInfos(); ++i)
+ for (unsigned i = 0; i < numberOfCallLinkInfos(); ++i) {
if (callLinkInfo(i).isLinked())
visitor.append(&callLinkInfo(i).callee);
+ if (!!callLinkInfo(i).lastSeenCallee)
+ visitor.append(&callLinkInfo(i).lastSeenCallee);
+ }
#endif
#if ENABLE(INTERPRETER)
for (size_t size = m_propertyAccessInstructions.size(), i = 0; i < size; ++i)
Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.h (98064 => 98065)
--- trunk/Source/_javascript_Core/bytecode/CodeBlock.h 2011-10-21 04:14:10 UTC (rev 98064)
+++ trunk/Source/_javascript_Core/bytecode/CodeBlock.h 2011-10-21 05:14:06 UTC (rev 98065)
@@ -121,6 +121,7 @@
CodeLocationDataLabelPtr hotPathBegin;
CodeLocationNearCall hotPathOther;
JITWriteBarrier<JSFunction> callee;
+ WriteBarrier<JSFunction> lastSeenCallee;
bool hasSeenShouldRepatch : 1;
bool isCall : 1;
bool isDFG : 1;
Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (98064 => 98065)
--- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2011-10-21 04:14:10 UTC (rev 98064)
+++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2011-10-21 05:14:06 UTC (rev 98065)
@@ -1642,7 +1642,7 @@
if (m_graph.isFunctionConstant(m_codeBlock, callTarget))
callType = ConstantFunction;
- else if (m_inlineStackTop->m_profiledBlock->getCallLinkInfo(m_currentIndex).isLinked() && !m_inlineStackTop->m_profiledBlock->likelyToTakeSlowCase(m_currentIndex))
+ else if (!!m_inlineStackTop->m_profiledBlock->getCallLinkInfo(m_currentIndex).lastSeenCallee && !m_profiledBlock->likelyToTakeSlowCase(m_currentIndex))
callType = LinkedFunction;
else
callType = UnknownFunction;
@@ -1667,7 +1667,7 @@
intrinsic = m_graph.valueOfFunctionConstant(m_codeBlock, callTarget)->executable()->intrinsic();
else {
ASSERT(callType == LinkedFunction);
- JSFunction* function = m_inlineStackTop->m_profiledBlock->getCallLinkInfo(m_currentIndex).callee.get();
+ JSFunction* function = m_inlineStackTop->m_profiledBlock->getCallLinkInfo(m_currentIndex).lastSeenCallee.get();
intrinsic = function->executable()->intrinsic();
if (intrinsic != NoIntrinsic)
addToGraph(CheckFunction, OpInfo(function), callTarget);
Modified: trunk/Source/_javascript_Core/dfg/DFGRepatch.cpp (98064 => 98065)
--- trunk/Source/_javascript_Core/dfg/DFGRepatch.cpp 2011-10-21 04:14:10 UTC (rev 98064)
+++ trunk/Source/_javascript_Core/dfg/DFGRepatch.cpp 2011-10-21 05:14:06 UTC (rev 98065)
@@ -638,6 +638,7 @@
if (!calleeCodeBlock || static_cast<int>(exec->argumentCountIncludingThis()) == calleeCodeBlock->m_numParameters) {
ASSERT(!callLinkInfo.isLinked());
callLinkInfo.callee.set(exec->callerFrame()->globalData(), callLinkInfo.hotPathBegin, callerCodeBlock->ownerExecutable(), callee);
+ callLinkInfo.lastSeenCallee.set(exec->callerFrame()->globalData(), callerCodeBlock->ownerExecutable(), callee);
repatchBuffer.relink(callLinkInfo.hotPathOther, codePtr);
if (calleeCodeBlock)
Modified: trunk/Source/_javascript_Core/jit/JIT.cpp (98064 => 98065)
--- trunk/Source/_javascript_Core/jit/JIT.cpp 2011-10-21 04:14:10 UTC (rev 98064)
+++ trunk/Source/_javascript_Core/jit/JIT.cpp 2011-10-21 05:14:06 UTC (rev 98065)
@@ -724,6 +724,7 @@
if (!calleeCodeBlock || (callerArgCount == calleeCodeBlock->m_numParameters)) {
ASSERT(!callLinkInfo->isLinked());
callLinkInfo->callee.set(*globalData, callLinkInfo->hotPathBegin, callerCodeBlock->ownerExecutable(), callee);
+ callLinkInfo->lastSeenCallee.set(*globalData, callerCodeBlock->ownerExecutable(), callee);
repatchBuffer.relink(callLinkInfo->hotPathOther, code);
if (calleeCodeBlock)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
