149531 2015-09-24 10:27:31 -0700 We should only expect a RareCaseProfile to exist if the rare case actually exists 2015-09-24 11:40:19 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Local Build Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 mark.lam mark.lam oldest_to_newest 1128523 0 mark.lam 2015-09-24 10:27:31 -0700 The current code that calls rareCaseProfileForBytecodeOffset() always assumes that it will always return a non-null RareCaseProfile. As a result, op_add in the baseline JIT is forced to add a dummy slow case that will never be taken, only to ensure that the RareCaseProfile for that bytecode is created, and it will always produce a counter value of 0 (since that path will never be taken). Instead, we'll make the callers of rareCaseProfileForBytecodeOffset() check if the profile actually exist before dereferencing it. 1128526 1 261875 mark.lam 2015-09-24 10:44:03 -0700 Created attachment 261875 the fix. 1128542 2 261875 saam 2015-09-24 11:25:43 -0700 Comment on attachment 261875 the fix. View in context: https://bugs.webkit.org/attachment.cgi?id=261875&action=review r=me with comments. > Source/JavaScriptCore/bytecode/CodeBlock.cpp:3974 > + auto profile = rareCaseProfileForBytecodeOffset(bytecodeOffset); nit: Can we write the actual type here? > Source/JavaScriptCore/jit/JITArithmetic.cpp:797 > if (!types.first().mightBeNumber() || !types.second().mightBeNumber()) { We need 32-bit code too. > Source/JavaScriptCore/jit/JITArithmetic.cpp:826 > + RELEASE_ASSERT(!(!types.first().mightBeNumber() || !types.second().mightBeNumber())); I think this reads better as: RELEASE_ASSERT(types.first().mightBeNumber() && types.second().mightBeNumber())) 1128548 3 mark.lam 2015-09-24 11:40:19 -0700 Thanks. I've fixed the issues before landing. Landed in r190213: <http://trac.webkit.org/r190213>. 261875 2015-09-24 10:44:03 -0700 2015-09-24 11:25:43 -0700 the fix. bug-149531.patch text/plain 6154 mark.lam SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTkwMjA4KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDM1IEBA CisyMDE1LTA5LTI0ICBNYXJrIExhbSAgPG1hcmsubGFtQGFwcGxlLmNvbT4KKworICAgICAgICBX ZSBzaG91bGQgb25seSBleHBlY3QgYSBSYXJlQ2FzZVByb2ZpbGUgdG8gZXhpc3QgaWYgdGhlIHJh cmUgY2FzZSBhY3R1YWxseSBleGlzdHMuCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3Jn L3Nob3dfYnVnLmNnaT9pZD0xNDk1MzEKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9P UFMhKS4KKworICAgICAgICBUaGUgY3VycmVudCBjb2RlIHRoYXQgY2FsbHMgcmFyZUNhc2VQcm9m aWxlRm9yQnl0ZWNvZGVPZmZzZXQoKSBhc3N1bWVzIHRoYXQgaXQKKyAgICAgICAgd2lsbCBhbHdh eXMgcmV0dXJuIGEgbm9uLW51bGwgUmFyZUNhc2VQcm9maWxlLiAgQXMgYSByZXN1bHQsIG9wX2Fk ZCBpbiB0aGUKKyAgICAgICAgYmFzZWxpbmUgSklUIGlzIGZvcmNlZCB0byBhZGQgYSBkdW1teSBz bG93IGNhc2UgdGhhdCB3aWxsIG5ldmVyIGJlIHRha2VuLCBvbmx5IHRvCisgICAgICAgIGVuc3Vy ZSB0aGF0IHRoZSBSYXJlQ2FzZVByb2ZpbGUgZm9yIHRoYXQgYnl0ZWNvZGUgaXMgY3JlYXRlZC4g IFRoaXMgcHJvZmlsZSB3aWxsCisgICAgICAgIGFsd2F5cyBwcm9kdWNlIGEgY291bnRlciB2YWx1 ZSBvZiAwIChzaW5jZSB0aGF0IHBhdGggd2lsbCBuZXZlciBiZSB0YWtlbikuCisKKyAgICAgICAg SW5zdGVhZCwgd2UnbGwgbWFrZSB0aGUgY2FsbGVycyBvZiByYXJlQ2FzZVByb2ZpbGVGb3JCeXRl Y29kZU9mZnNldCgpIGNoZWNrIGlmCisgICAgICAgIHRoZSBwcm9maWxlIGFjdHVhbGx5IGV4aXN0 IGJlZm9yZSBkZXJlZmVyZW5jaW5nIGl0LgorCisgICAgICAgICogYnl0ZWNvZGUvQ29kZUJsb2Nr LmNwcDoKKyAgICAgICAgKEpTQzo6Q29kZUJsb2NrOjpyYXJlQ2FzZVByb2ZpbGVGb3JCeXRlY29k ZU9mZnNldCk6CisgICAgICAgIChKU0M6OkNvZGVCbG9jazo6cmFyZUNhc2VQcm9maWxlQ291bnRG b3JCeXRlY29kZU9mZnNldCk6CisgICAgICAgIChKU0M6OkNvZGVCbG9jazo6Y2FwYWJpbGl0eUxl dmVsKToKKyAgICAgICAgKiBieXRlY29kZS9Db2RlQmxvY2suaDoKKyAgICAgICAgKEpTQzo6Q29k ZUJsb2NrOjphZGRSYXJlQ2FzZVByb2ZpbGUpOgorICAgICAgICAoSlNDOjpDb2RlQmxvY2s6Om51 bWJlck9mUmFyZUNhc2VQcm9maWxlcyk6CisgICAgICAgIChKU0M6OkNvZGVCbG9jazo6bGlrZWx5 VG9UYWtlU2xvd0Nhc2UpOgorICAgICAgICAoSlNDOjpDb2RlQmxvY2s6OmNvdWxkVGFrZVNsb3dD YXNlKToKKyAgICAgICAgKEpTQzo6Q29kZUJsb2NrOjpsaWtlbHlUb1Rha2VEZWVwZXN0U2xvd0Nh c2UpOgorICAgICAgICAoSlNDOjpDb2RlQmxvY2s6Omxpa2VseVRvVGFrZUFueVNsb3dDYXNlKToK KyAgICAgICAgKEpTQzo6Q29kZUJsb2NrOjpyYXJlQ2FzZVByb2ZpbGUpOiBEZWxldGVkLgorICAg ICAgICAqIGppdC9KSVRBcml0aG1ldGljLmNwcDoKKyAgICAgICAgKEpTQzo6SklUOjplbWl0X29w X2FkZCk6CisgICAgICAgIChKU0M6OkpJVDo6ZW1pdFNsb3dfb3BfYWRkKToKKwogMjAxNS0wOS0y NCAgUnlvc3VrZSBOaXdhICA8cm5pd2FAd2Via2l0Lm9yZz4KIAogICAgICAgICBSYW4gc29ydC1Y Y29kZS1wcm9qZWN0LWZpbGUuCkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvYnl0ZWNvZGUv Q29kZUJsb2NrLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlwdENvcmUvYnl0ZWNv ZGUvQ29kZUJsb2NrLmNwcAkocmV2aXNpb24gMTkwMTg5KQorKysgU291cmNlL0phdmFTY3JpcHRD b3JlL2J5dGVjb2RlL0NvZGVCbG9jay5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTM5NjksNiArMzk2 OSwxNCBAQCBSYXJlQ2FzZVByb2ZpbGUqIENvZGVCbG9jazo6cmFyZUNhc2VQcm9mCiAgICAgICAg IGdldFJhcmVDYXNlUHJvZmlsZUJ5dGVjb2RlT2Zmc2V0KTsKIH0KIAordW5zaWduZWQgQ29kZUJs b2NrOjpyYXJlQ2FzZVByb2ZpbGVDb3VudEZvckJ5dGVjb2RlT2Zmc2V0KGludCBieXRlY29kZU9m ZnNldCkKK3sKKyAgICBhdXRvIHByb2ZpbGUgPSByYXJlQ2FzZVByb2ZpbGVGb3JCeXRlY29kZU9m ZnNldChieXRlY29kZU9mZnNldCk7CisgICAgaWYgKHByb2ZpbGUpCisgICAgICAgIHJldHVybiBw cm9maWxlLT5tX2NvdW50ZXI7CisgICAgcmV0dXJuIDA7Cit9CisKICNpZiBFTkFCTEUoSklUKQog REZHOjpDYXBhYmlsaXR5TGV2ZWwgQ29kZUJsb2NrOjpjYXBhYmlsaXR5TGV2ZWwoKQogewpJbmRl eDogU291cmNlL0phdmFTY3JpcHRDb3JlL2J5dGVjb2RlL0NvZGVCbG9jay5oCj09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0K LS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ieXRlY29kZS9Db2RlQmxvY2suaAkocmV2aXNpb24g MTkwMTg5KQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL2J5dGVjb2RlL0NvZGVCbG9jay5oCSh3 b3JraW5nIGNvcHkpCkBAIC00MDYsMTQgKzQwNiwxNCBAQCBwdWJsaWM6CiAgICAgICAgIHJldHVy biAmbV9yYXJlQ2FzZVByb2ZpbGVzLmxhc3QoKTsKICAgICB9CiAgICAgdW5zaWduZWQgbnVtYmVy T2ZSYXJlQ2FzZVByb2ZpbGVzKCkgeyByZXR1cm4gbV9yYXJlQ2FzZVByb2ZpbGVzLnNpemUoKTsg fQotICAgIFJhcmVDYXNlUHJvZmlsZSogcmFyZUNhc2VQcm9maWxlKGludCBpbmRleCkgeyByZXR1 cm4gJm1fcmFyZUNhc2VQcm9maWxlc1tpbmRleF07IH0KICAgICBSYXJlQ2FzZVByb2ZpbGUqIHJh cmVDYXNlUHJvZmlsZUZvckJ5dGVjb2RlT2Zmc2V0KGludCBieXRlY29kZU9mZnNldCk7CisgICAg dW5zaWduZWQgcmFyZUNhc2VQcm9maWxlQ291bnRGb3JCeXRlY29kZU9mZnNldChpbnQgYnl0ZWNv ZGVPZmZzZXQpOwogCiAgICAgYm9vbCBsaWtlbHlUb1Rha2VTbG93Q2FzZShpbnQgYnl0ZWNvZGVP ZmZzZXQpCiAgICAgewogICAgICAgICBpZiAoIWhhc0Jhc2VsaW5lSklUUHJvZmlsaW5nKCkpCiAg ICAgICAgICAgICByZXR1cm4gZmFsc2U7Ci0gICAgICAgIHVuc2lnbmVkIHZhbHVlID0gcmFyZUNh c2VQcm9maWxlRm9yQnl0ZWNvZGVPZmZzZXQoYnl0ZWNvZGVPZmZzZXQpLT5tX2NvdW50ZXI7Cisg ICAgICAgIHVuc2lnbmVkIHZhbHVlID0gcmFyZUNhc2VQcm9maWxlQ291bnRGb3JCeXRlY29kZU9m ZnNldChieXRlY29kZU9mZnNldCk7CiAgICAgICAgIHJldHVybiB2YWx1ZSA+PSBPcHRpb25zOjps aWtlbHlUb1Rha2VTbG93Q2FzZU1pbmltdW1Db3VudCgpOwogICAgIH0KIApAQCAtNDIxLDcgKzQy MSw3IEBAIHB1YmxpYzoKICAgICB7CiAgICAgICAgIGlmICghaGFzQmFzZWxpbmVKSVRQcm9maWxp bmcoKSkKICAgICAgICAgICAgIHJldHVybiBmYWxzZTsKLSAgICAgICAgdW5zaWduZWQgdmFsdWUg PSByYXJlQ2FzZVByb2ZpbGVGb3JCeXRlY29kZU9mZnNldChieXRlY29kZU9mZnNldCktPm1fY291 bnRlcjsKKyAgICAgICAgdW5zaWduZWQgdmFsdWUgPSByYXJlQ2FzZVByb2ZpbGVDb3VudEZvckJ5 dGVjb2RlT2Zmc2V0KGJ5dGVjb2RlT2Zmc2V0KTsKICAgICAgICAgcmV0dXJuIHZhbHVlID49IE9w dGlvbnM6OmNvdWxkVGFrZVNsb3dDYXNlTWluaW11bUNvdW50KCk7CiAgICAgfQogCkBAIC00NTks NyArNDU5LDcgQEAgcHVibGljOgogICAgIHsKICAgICAgICAgaWYgKCFoYXNCYXNlbGluZUpJVFBy b2ZpbGluZygpKQogICAgICAgICAgICAgcmV0dXJuIGZhbHNlOwotICAgICAgICB1bnNpZ25lZCBz bG93Q2FzZUNvdW50ID0gcmFyZUNhc2VQcm9maWxlRm9yQnl0ZWNvZGVPZmZzZXQoYnl0ZWNvZGVP ZmZzZXQpLT5tX2NvdW50ZXI7CisgICAgICAgIHVuc2lnbmVkIHNsb3dDYXNlQ291bnQgPSByYXJl Q2FzZVByb2ZpbGVDb3VudEZvckJ5dGVjb2RlT2Zmc2V0KGJ5dGVjb2RlT2Zmc2V0KTsKICAgICAg ICAgdW5zaWduZWQgc3BlY2lhbEZhc3RDYXNlQ291bnQgPSBzcGVjaWFsRmFzdENhc2VQcm9maWxl Rm9yQnl0ZWNvZGVPZmZzZXQoYnl0ZWNvZGVPZmZzZXQpLT5tX2NvdW50ZXI7CiAgICAgICAgIHVu c2lnbmVkIHZhbHVlID0gc2xvd0Nhc2VDb3VudCAtIHNwZWNpYWxGYXN0Q2FzZUNvdW50OwogICAg ICAgICByZXR1cm4gdmFsdWUgPj0gT3B0aW9uczo6bGlrZWx5VG9UYWtlU2xvd0Nhc2VNaW5pbXVt Q291bnQoKTsKQEAgLTQ2OSw3ICs0NjksNyBAQCBwdWJsaWM6CiAgICAgewogICAgICAgICBpZiAo IWhhc0Jhc2VsaW5lSklUUHJvZmlsaW5nKCkpCiAgICAgICAgICAgICByZXR1cm4gZmFsc2U7Ci0g ICAgICAgIHVuc2lnbmVkIHNsb3dDYXNlQ291bnQgPSByYXJlQ2FzZVByb2ZpbGVGb3JCeXRlY29k ZU9mZnNldChieXRlY29kZU9mZnNldCktPm1fY291bnRlcjsKKyAgICAgICAgdW5zaWduZWQgc2xv d0Nhc2VDb3VudCA9IHJhcmVDYXNlUHJvZmlsZUNvdW50Rm9yQnl0ZWNvZGVPZmZzZXQoYnl0ZWNv ZGVPZmZzZXQpOwogICAgICAgICB1bnNpZ25lZCBzcGVjaWFsRmFzdENhc2VDb3VudCA9IHNwZWNp YWxGYXN0Q2FzZVByb2ZpbGVGb3JCeXRlY29kZU9mZnNldChieXRlY29kZU9mZnNldCktPm1fY291 bnRlcjsKICAgICAgICAgdW5zaWduZWQgdmFsdWUgPSBzbG93Q2FzZUNvdW50ICsgc3BlY2lhbEZh c3RDYXNlQ291bnQ7CiAgICAgICAgIHJldHVybiB2YWx1ZSA+PSBPcHRpb25zOjpsaWtlbHlUb1Rh a2VTbG93Q2FzZU1pbmltdW1Db3VudCgpOwpJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL2pp dC9KSVRBcml0aG1ldGljLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlwdENvcmUv aml0L0pJVEFyaXRobWV0aWMuY3BwCShyZXZpc2lvbiAxOTAxODkpCisrKyBTb3VyY2UvSmF2YVNj cmlwdENvcmUvaml0L0pJVEFyaXRobWV0aWMuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC03OTUsNyAr Nzk1LDYgQEAgdm9pZCBKSVQ6OmVtaXRfb3BfYWRkKEluc3RydWN0aW9uKiBjdXJyZQogICAgIE9w ZXJhbmRUeXBlcyB0eXBlcyA9IE9wZXJhbmRUeXBlczo6ZnJvbUludChjdXJyZW50SW5zdHJ1Y3Rp b25bNF0udS5vcGVyYW5kKTsKIAogICAgIGlmICghdHlwZXMuZmlyc3QoKS5taWdodEJlTnVtYmVy KCkgfHwgIXR5cGVzLnNlY29uZCgpLm1pZ2h0QmVOdW1iZXIoKSkgewotICAgICAgICBhZGRTbG93 Q2FzZSgpOwogICAgICAgICBKSVRTbG93UGF0aENhbGwgc2xvd1BhdGhDYWxsKHRoaXMsIGN1cnJl bnRJbnN0cnVjdGlvbiwgc2xvd19wYXRoX2FkZCk7CiAgICAgICAgIHNsb3dQYXRoQ2FsbC5jYWxs KCk7CiAgICAgICAgIHJldHVybjsKQEAgLTgyNCwxMCArODIzLDcgQEAgdm9pZCBKSVQ6OmVtaXRT bG93X29wX2FkZChJbnN0cnVjdGlvbiogYwogICAgIGludCBvcDIgPSBjdXJyZW50SW5zdHJ1Y3Rp b25bM10udS5vcGVyYW5kOwogICAgIE9wZXJhbmRUeXBlcyB0eXBlcyA9IE9wZXJhbmRUeXBlczo6 ZnJvbUludChjdXJyZW50SW5zdHJ1Y3Rpb25bNF0udS5vcGVyYW5kKTsKIAotICAgIGlmICghdHlw ZXMuZmlyc3QoKS5taWdodEJlTnVtYmVyKCkgfHwgIXR5cGVzLnNlY29uZCgpLm1pZ2h0QmVOdW1i ZXIoKSkgewotICAgICAgICBsaW5rRHVtbXlTbG93Q2FzZShpdGVyKTsKLSAgICAgICAgcmV0dXJu OwotICAgIH0KKyAgICBSRUxFQVNFX0FTU0VSVCghKCF0eXBlcy5maXJzdCgpLm1pZ2h0QmVOdW1i ZXIoKSB8fCAhdHlwZXMuc2Vjb25kKCkubWlnaHRCZU51bWJlcigpKSk7CiAKICAgICBib29sIG9w MUhhc0ltbWVkaWF0ZUludEZhc3RDYXNlID0gaXNPcGVyYW5kQ29uc3RhbnRJbW1lZGlhdGVJbnQo b3AxKTsKICAgICBib29sIG9wMkhhc0ltbWVkaWF0ZUludEZhc3RDYXNlID0gIW9wMUhhc0ltbWVk aWF0ZUludEZhc3RDYXNlICYmIGlzT3BlcmFuZENvbnN0YW50SW1tZWRpYXRlSW50KG9wMik7Cg==