[webkit-changes] [169942] trunk/Source/JavaScriptCore

[fpizlo]

Title: [169942] trunk/Source/_javascript_Core

Revision

169942

Author

fpi...@apple.com

Date

2014-06-13 11:56:58 -0700 (Fri, 13 Jun 2014)

Log Message

Even better diagnostics from DFG traps
https://bugs.webkit.org/show_bug.cgi?id=133836

Reviewed by Oliver Hunt.
        
We now stuff the DFG::NodeType into a register before bailing. Also made the
DFGBailed abort reason a bit more specific. As planned, the new abort reasons use
different numbers than any previous abort reasons.

* assembler/AbortReason.h:
* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::abortWithReason):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::abortWithReason):
* assembler/MacroAssemblerX86.h:
(JSC::MacroAssemblerX86::abortWithReason):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::abortWithReason):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::SpeculativeJIT):
(JSC::DFG::SpeculativeJIT::bail):
(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
* dfg/DFGSpeculativeJIT.h:

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/assembler/AbortReason.h
• trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64.h
• trunk/Source/_javascript_Core/assembler/MacroAssemblerARMv7.h
• trunk/Source/_javascript_Core/assembler/MacroAssemblerX86.h
• trunk/Source/_javascript_Core/assembler/MacroAssemblerX86_64.h
• trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp
• trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (169941 => 169942)

--- trunk/Source/_javascript_Core/ChangeLog	2014-06-13 18:56:29 UTC (rev 169941)
+++ trunk/Source/_javascript_Core/ChangeLog	2014-06-13 18:56:58 UTC (rev 169942)
@@ -1,3 +1,29 @@
+2014-06-12  Filip Pizlo  <fpi...@apple.com>
+
+        Even better diagnostics from DFG traps
+        https://bugs.webkit.org/show_bug.cgi?id=133836
+
+        Reviewed by Oliver Hunt.
+        
+        We now stuff the DFG::NodeType into a register before bailing. Also made the
+        DFGBailed abort reason a bit more specific. As planned, the new abort reasons use
+        different numbers than any previous abort reasons.
+
+        * assembler/AbortReason.h:
+        * assembler/MacroAssemblerARM64.h:
+        (JSC::MacroAssemblerARM64::abortWithReason):
+        * assembler/MacroAssemblerARMv7.h:
+        (JSC::MacroAssemblerARMv7::abortWithReason):
+        * assembler/MacroAssemblerX86.h:
+        (JSC::MacroAssemblerX86::abortWithReason):
+        * assembler/MacroAssemblerX86_64.h:
+        (JSC::MacroAssemblerX86_64::abortWithReason):
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+        (JSC::DFG::SpeculativeJIT::bail):
+        (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
+        * dfg/DFGSpeculativeJIT.h:
+
 2014-06-12  Simon Fraser  <simon.fra...@apple.com>
 
         Fix assertions under JSC::setNeverInline() when running js tests in WebKitTestRunner

Modified: trunk/Source/_javascript_Core/assembler/AbortReason.h (169941 => 169942)

--- trunk/Source/_javascript_Core/assembler/AbortReason.h	2014-06-13 18:56:29 UTC (rev 169941)
+++ trunk/Source/_javascript_Core/assembler/AbortReason.h	2014-06-13 18:56:58 UTC (rev 169942)
@@ -48,7 +48,8 @@
     AHTagTypeNumberNotInPlace                         = 130,
     AHTypeInfoInlineTypeFlagsAreValid                 = 140,
     AHTypeInfoIsValid                                 = 150,
-    DFGBailed                                         = 160,
+    DFGBailedAtTopOfBlock                             = 161,
+    DFGBailedAtEndOfNode                              = 162,
     DFGBasicStorageAllocatorZeroSize                  = 170,
     DFGIsNotCell                                      = 180,
     DFGIneffectiveWatchpoint                          = 190,

Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64.h (169941 => 169942)

--- trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64.h	2014-06-13 18:56:29 UTC (rev 169941)
+++ trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64.h	2014-06-13 18:56:58 UTC (rev 169942)
@@ -812,6 +812,12 @@
         breakpoint();
     }
 
+    void abortWithReason(AbortReason reason, intptr_t misc)
+    {
+        move(TrustedImm64(misc), memoryTempRegister);
+        abortWithReason(reason);
+    }
+
     ConvertibleLoadLabel convertibleLoadPtr(Address address, RegisterID dest)
     {
         ConvertibleLoadLabel result(this);

Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerARMv7.h (169941 => 169942)

--- trunk/Source/_javascript_Core/assembler/MacroAssemblerARMv7.h	2014-06-13 18:56:29 UTC (rev 169941)
+++ trunk/Source/_javascript_Core/assembler/MacroAssemblerARMv7.h	2014-06-13 18:56:58 UTC (rev 169942)
@@ -638,6 +638,12 @@
         breakpoint();
     }
 
+    void abortWithReason(AbortReason reason, intptr_t misc)
+    {
+        move(TrustedImm32(misc), memoryTempRegister);
+        abortWithReason(reason);
+    }
+
     ConvertibleLoadLabel convertibleLoadPtr(Address address, RegisterID dest)
     {
         ConvertibleLoadLabel result(this);

Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerX86.h (169941 => 169942)

--- trunk/Source/_javascript_Core/assembler/MacroAssemblerX86.h	2014-06-13 18:56:29 UTC (rev 169941)
+++ trunk/Source/_javascript_Core/assembler/MacroAssemblerX86.h	2014-06-13 18:56:58 UTC (rev 169942)
@@ -117,6 +117,12 @@
         breakpoint();
     }
 
+    void abortWithReason(AbortReason reason, intptr_t misc)
+    {
+        move(TrustedImm32(misc), X86Registers::edx);
+        abortWithReason(reason);
+    }
+
     ConvertibleLoadLabel convertibleLoadPtr(Address address, RegisterID dest)
     {
         ConvertibleLoadLabel result = ConvertibleLoadLabel(this);

Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerX86_64.h (169941 => 169942)

--- trunk/Source/_javascript_Core/assembler/MacroAssemblerX86_64.h	2014-06-13 18:56:29 UTC (rev 169941)
+++ trunk/Source/_javascript_Core/assembler/MacroAssemblerX86_64.h	2014-06-13 18:56:58 UTC (rev 169942)
@@ -635,6 +635,12 @@
         breakpoint();
     }
 
+    void abortWithReason(AbortReason reason, intptr_t misc)
+    {
+        move(TrustedImm64(misc), X86Registers::r10);
+        abortWithReason(reason);
+    }
+
     ConvertibleLoadLabel convertibleLoadPtr(Address address, RegisterID dest)
     {
         ConvertibleLoadLabel result = ConvertibleLoadLabel(this);

Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (169941 => 169942)

--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp	2014-06-13 18:56:29 UTC (rev 169941)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp	2014-06-13 18:56:58 UTC (rev 169942)
@@ -47,6 +47,7 @@
     : m_compileOkay(true)
     , m_jit(jit)
     , m_currentNode(0)
+    , m_lastGeneratedNode(LastNodeType)
     , m_indexInBlock(0)
     , m_generationInfo(m_jit.graph().frameRegisterCount())
     , m_state(m_jit.graph())
@@ -1338,10 +1339,10 @@
     m_stream->appendAndLog(VariableEvent::movHint(MinifiedID(child), node->unlinkedLocal()));
 }
 
-void SpeculativeJIT::bail()
+void SpeculativeJIT::bail(AbortReason reason)
 {
     m_compileOkay = true;
-    m_jit.abortWithReason(DFGBailed);
+    m_jit.abortWithReason(reason, m_lastGeneratedNode);
     clearGenerationInfo();
 }
 
@@ -1397,10 +1398,10 @@
     for (m_indexInBlock = 0; m_indexInBlock < m_block->size(); ++m_indexInBlock) {
         m_currentNode = m_block->at(m_indexInBlock);
         
-        // We may have his a contradiction that the CFA was aware of but that the JIT
+        // We may have hit a contradiction that the CFA was aware of but that the JIT
         // didn't cause directly.
         if (!m_state.isValid()) {
-            bail();
+            bail(DFGBailedAtTopOfBlock);
             return;
         }
         
@@ -1409,6 +1410,7 @@
         m_jit.setForNode(m_currentNode);
         m_codeOriginForExitTarget = m_currentNode->origin.forExit;
         m_codeOriginForExitProfile = m_currentNode->origin.semantic;
+        m_lastGeneratedNode = m_currentNode->op();
         if (!m_currentNode->shouldGenerate()) {
             switch (m_currentNode->op()) {
             case JSConstant:
@@ -1455,7 +1457,7 @@
 #endif
 
             if (!m_compileOkay) {
-                bail();
+                bail(DFGBailedAtEndOfNode);
                 return;
             }
             

Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h (169941 => 169942)

--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h	2014-06-13 18:56:29 UTC (rev 169941)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h	2014-06-13 18:56:58 UTC (rev 169942)
@@ -321,7 +321,7 @@
     
     void compile(Node*);
     void noticeOSRBirth(Node*);
-    void bail();
+    void bail(AbortReason);
     void compileCurrentBlock();
 
     void checkArgumentTypes();
@@ -2309,6 +2309,7 @@
     // The current node being generated.
     BasicBlock* m_block;
     Node* m_currentNode;
+    NodeType m_lastGeneratedNode;
     bool m_canExit;
     unsigned m_indexInBlock;
     // Virtual and physical register maps.

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes