24447 2009-03-07 15:04:36 -0800 REGRESSION (r41508): Google Maps does not complete initialization 2009-03-10 03:52:12 -0700 1 1 1 Unclassified WebKit New Bugs 528+ (Nightly build) Mac OS X 10.5 RESOLVED FIXED http://maps.google.com/ InRadar, NeedsReduction, Regression P1 Major --- 1 mitz oliver magnus whoughton oldest_to_newest 112739 0 mitz 2009-03-07 15:04:36 -0800 Google Maps does finish loading and the map cannot be dragged. The Web Inspector console says TypeError: Result of expression '(d.getScript||YY.xFa)' [0] is not a function. 112740 1 mitz 2009-03-07 15:05:04 -0800 <rdar://problem/6657774> 112741 2 mitz 2009-03-07 15:07:46 -0800 (In reply to comment #0) > Google Maps does finish loading does not* 112746 3 oliver 2009-03-07 17:17:48 -0800 Trying to work out what/why this broke 112820 4 28412 oliver 2009-03-09 06:10:03 -0700 Created attachment 28412 Fix dirtying of the register cache at branch targets From Radar: 3/7/09 8:13 PM Oliver Hunt: (This is an underlying bug exposes by r41508, not caused by it) 3/8/09 6:57 AM Oliver Hunt: Reduced to (print||q.c)() 3/8/09 7:04 AM Oliver Hunt: or (print?1:q.c)() This is very suckful, apparently we aren't checking for an instruction being a branch target -- i'm 90% sure we can get buy only tracking forward branches, although it will suck to do so, it should not be too difficult 3/8/09 4:00 PM Oliver Hunt: The basic cause of the issue is demonstrated thus: [ 1] resolve_global r4, [object global], print(@id0) // cachedResultRegister = r4 [ 7] jfalse r4, 6(->15) // cachedResultRegister = <nothing> [ 10] mov r3, r0 // no change [ 13] jmp 15(->29) // no change [ 15] resolve_global r4, [object global], q(@id1) // cachedResultRegister = r4 [ 21] get_by_id r3, r4, c(@id2) // cachedResultRegister = r3 // At this point we believe r4 is cached in eax, but if we come from [ 29] mov r4, r1 [ 32] call r3, r3, 1, 13 This patch ensures that the jit will correctly clobber the cache register when it hits the target of a forward branch. I have not yet determined whether it is possible to create code that can be hit by a loop that does not clobber the register cache. Currently have not test case written, and haven't been able to get stable perf numbers, so will finish this at work. 112905 5 oliver 2009-03-09 14:42:07 -0700 *** Bug 24466 has been marked as a duplicate of this bug. *** 112934 6 oliver 2009-03-09 18:10:07 -0700 Committing to http://svn.webkit.org/repository/webkit/trunk ... M JavaScriptCore/ChangeLog M JavaScriptCore/assembler/AbstractMacroAssembler.h M JavaScriptCore/assembler/X86Assembler.h M JavaScriptCore/jit/JIT.cpp M LayoutTests/ChangeLog A LayoutTests/fast/js/registerCachingAcrossBranchTargets-expected.txt A LayoutTests/fast/js/registerCachingAcrossBranchTargets.html A LayoutTests/fast/js/resources/registerCachingAcrossBranchTargets.js Committed r41544 112975 7 zwarich 2009-03-10 03:52:12 -0700 *** Bug 24471 has been marked as a duplicate of this bug. *** 28412 2009-03-09 06:10:03 -0700 2009-03-09 06:10:03 -0700 Fix dirtying of the register cache at branch targets fixRegisterCacheDirtying.patch text/plain 4910 oliver ZGlmZiAtLWdpdCBhL0phdmFTY3JpcHRDb3JlL2Fzc2VtYmxlci9BYnN0cmFjdE1hY3JvQXNzZW1i bGVyLmggYi9KYXZhU2NyaXB0Q29yZS9hc3NlbWJsZXIvQWJzdHJhY3RNYWNyb0Fzc2VtYmxlci5o CmluZGV4IGZkNDQ3MzQuLjg1MWI2ZDUgMTAwNjQ0Ci0tLSBhL0phdmFTY3JpcHRDb3JlL2Fzc2Vt Ymxlci9BYnN0cmFjdE1hY3JvQXNzZW1ibGVyLmgKKysrIGIvSmF2YVNjcmlwdENvcmUvYXNzZW1i bGVyL0Fic3RyYWN0TWFjcm9Bc3NlbWJsZXIuaApAQCAtMjA2LDYgKzIwNiw4IEBAIHB1YmxpYzoK ICAgICAgICAgewogICAgICAgICB9CiAgICAgICAgIAorICAgICAgICBib29sIGlzVXNlZCgpIGNv bnN0IHsgcmV0dXJuIG1fbGFiZWwuaXNVc2VkKCk7IH0KKyAgICAgICAgdm9pZCB1c2VkKCkgeyBt X2xhYmVsLnVzZWQoKTsgfQogICAgIHByaXZhdGU6CiAgICAgICAgIEptcERzdCBtX2xhYmVsOwog ICAgIH07CmRpZmYgLS1naXQgYS9KYXZhU2NyaXB0Q29yZS9hc3NlbWJsZXIvWDg2QXNzZW1ibGVy LmggYi9KYXZhU2NyaXB0Q29yZS9hc3NlbWJsZXIvWDg2QXNzZW1ibGVyLmgKaW5kZXggMjQ2ZjI0 Yy4uYmM1YTQ2YyAxMDA2NDQKLS0tIGEvSmF2YVNjcmlwdENvcmUvYXNzZW1ibGVyL1g4NkFzc2Vt Ymxlci5oCisrKyBiL0phdmFTY3JpcHRDb3JlL2Fzc2VtYmxlci9YODZBc3NlbWJsZXIuaApAQCAt MjQxLDE2ICsyNDEsMjEgQEAgcHVibGljOgogICAgIHB1YmxpYzoKICAgICAgICAgSm1wRHN0KCkK ICAgICAgICAgICAgIDogbV9vZmZzZXQoLTEpCisgICAgICAgICAgICAsIG1fdXNlZChmYWxzZSkK ICAgICAgICAgewogICAgICAgICB9CiAKKyAgICAgICAgYm9vbCBpc1VzZWQoKSBjb25zdCB7IHJl dHVybiBtX3VzZWQ7IH0KKyAgICAgICAgdm9pZCB1c2VkKCkgeyBtX3VzZWQgPSB0cnVlOyB9CiAg ICAgcHJpdmF0ZToKICAgICAgICAgSm1wRHN0KGludCBvZmZzZXQpCiAgICAgICAgICAgICA6IG1f b2Zmc2V0KG9mZnNldCkKKyAgICAgICAgICAgICwgbV91c2VkKGZhbHNlKQogICAgICAgICB7CiAg ICAgICAgIH0KIAotICAgICAgICBpbnQgbV9vZmZzZXQ7CisgICAgICAgIGludCBtX29mZnNldCA6 IDMxOworICAgICAgICBib29sIG1fdXNlZDsKICAgICB9OwogCiAgICAgWDg2QXNzZW1ibGVyKCkK ZGlmZiAtLWdpdCBhL0phdmFTY3JpcHRDb3JlL2ppdC9KSVQuY3BwIGIvSmF2YVNjcmlwdENvcmUv aml0L0pJVC5jcHAKaW5kZXggNWNlZWVjMi4uZTYxMTNmYyAxMDA2NDQKLS0tIGEvSmF2YVNjcmlw dENvcmUvaml0L0pJVC5jcHAKKysrIGIvSmF2YVNjcmlwdENvcmUvaml0L0pJVC5jcHAKQEAgLTI4 Miw2ICsyODIsOSBAQCB2b2lkIEpJVDo6ZW1pdFRpbWVvdXRDaGVjaygpCiAgICAgICAgIE5FWFRf T1BDT0RFKG5hbWUpOyBcCiAgICAgfQogCisjZGVmaW5lIFJFQ09SRF9KVU1QX1RBUkdFVCh0YXJn ZXRPZmZzZXQpIFwKKyAgIGRvIHsgbV9sYWJlbHNbbV9ieXRlY29kZUluZGV4ICsgKHRhcmdldE9m ZnNldCldLnVzZWQoKTsgfSB3aGlsZSAoZmFsc2UpCisKIHZvaWQgSklUOjpwcml2YXRlQ29tcGls ZU1haW5QYXNzKCkKIHsKICAgICBJbnN0cnVjdGlvbiogaW5zdHJ1Y3Rpb25zQmVnaW4gPSBtX2Nv ZGVCbG9jay0+aW5zdHJ1Y3Rpb25zKCkuYmVnaW4oKTsKQEAgLTI5OSw2ICszMDIsOSBAQCB2b2lk IEpJVDo6cHJpdmF0ZUNvbXBpbGVNYWluUGFzcygpCiAgICAgICAgICAgICBzYW1wbGVJbnN0cnVj dGlvbihjdXJyZW50SW5zdHJ1Y3Rpb24pOwogI2VuZGlmCiAKKyAgICAgICAgaWYgKG1fbGFiZWxz W21fYnl0ZWNvZGVJbmRleF0uaXNVc2VkKCkpCisgICAgICAgICAgICBraWxsTGFzdFJlc3VsdFJl Z2lzdGVyKCk7CisgICAgICAgIAogICAgICAgICBtX2xhYmVsc1ttX2J5dGVjb2RlSW5kZXhdID0g bGFiZWwoKTsKICAgICAgICAgT3Bjb2RlSUQgb3Bjb2RlSUQgPSBtX2ludGVycHJldGVyLT5nZXRP cGNvZGVJRChjdXJyZW50SW5zdHJ1Y3Rpb24tPnUub3Bjb2RlKTsKIApAQCAtMzM5LDYgKzM0NSw3 IEBAIHZvaWQgSklUOjpwcml2YXRlQ29tcGlsZU1haW5QYXNzKCkKICAgICAgICAgY2FzZSBvcF9q bXA6IHsKICAgICAgICAgICAgIHVuc2lnbmVkIHRhcmdldCA9IGN1cnJlbnRJbnN0cnVjdGlvblsx XS51Lm9wZXJhbmQ7CiAgICAgICAgICAgICBhZGRKdW1wKGp1bXAoKSwgdGFyZ2V0ICsgMSk7Cisg ICAgICAgICAgICBSRUNPUkRfSlVNUF9UQVJHRVQodGFyZ2V0ICsgMSk7CiAgICAgICAgICAgICBO RVhUX09QQ09ERShvcF9qbXApOwogICAgICAgICB9CiAgICAgICAgIGNhc2Ugb3BfcHJlX2luYzog ewpAQCAtNzQ1LDYgKzc1Miw3IEBAIHZvaWQgSklUOjpwcml2YXRlQ29tcGlsZU1haW5QYXNzKCkK ICAgICAgICAgICAgICAgICBlbWl0SnVtcFNsb3dDYXNlSWZOb3RJbW1lZGlhdGVJbnRlZ2VyKHJl Z1QxKTsKICAgICAgICAgICAgICAgICBhZGRKdW1wKGJyYW5jaDMyKEdyZWF0ZXJUaGFuT3JFcXVh bCwgcmVnVDAsIHJlZ1QxKSwgdGFyZ2V0ICsgMyk7CiAgICAgICAgICAgICB9CisgICAgICAgICAg ICBSRUNPUkRfSlVNUF9UQVJHRVQodGFyZ2V0ICsgMyk7CiAgICAgICAgICAgICBORVhUX09QQ09E RShvcF9qbmxlc3MpOwogICAgICAgICB9CiAgICAgICAgIGNhc2Ugb3Bfbm90OiB7CkBAIC03NjYs NiArNzc0LDcgQEAgdm9pZCBKSVQ6OnByaXZhdGVDb21waWxlTWFpblBhc3MoKQogICAgICAgICAg ICAgYWRkU2xvd0Nhc2UoYnJhbmNoUHRyKE5vdEVxdWFsLCByZWdUMCwgSW1tUHRyKEpTVmFsdWVQ dHI6OmVuY29kZShqc0Jvb2xlYW4odHJ1ZSkpKSkpOwogCiAgICAgICAgICAgICBpc05vblplcm8u bGluayh0aGlzKTsKKyAgICAgICAgICAgIFJFQ09SRF9KVU1QX1RBUkdFVCh0YXJnZXQgKyAyKTsK ICAgICAgICAgICAgIE5FWFRfT1BDT0RFKG9wX2pmYWxzZSk7CiAgICAgICAgIH07CiAgICAgICAg IGNhc2Ugb3BfamVxX251bGw6IHsKQEAgLTc4Niw2ICs3OTUsNyBAQCB2b2lkIEpJVDo6cHJpdmF0 ZUNvbXBpbGVNYWluUGFzcygpCiAgICAgICAgICAgICBhZGRKdW1wKGJyYW5jaFB0cihFcXVhbCwg cmVnVDAsIEltbVB0cihKU1ZhbHVlUHRyOjplbmNvZGUoanNOdWxsKCkpKSksIHRhcmdldCArIDIp OyAgICAgICAgICAgIAogCiAgICAgICAgICAgICB3YXNOb3RJbW1lZGlhdGUubGluayh0aGlzKTsK KyAgICAgICAgICAgIFJFQ09SRF9KVU1QX1RBUkdFVCh0YXJnZXQgKyAyKTsKICAgICAgICAgICAg IE5FWFRfT1BDT0RFKG9wX2plcV9udWxsKTsKICAgICAgICAgfTsKICAgICAgICAgY2FzZSBvcF9q bmVxX251bGw6IHsKQEAgLTgwNiw2ICs4MTYsNyBAQCB2b2lkIEpJVDo6cHJpdmF0ZUNvbXBpbGVN YWluUGFzcygpCiAgICAgICAgICAgICBhZGRKdW1wKGJyYW5jaFB0cihOb3RFcXVhbCwgcmVnVDAs IEltbVB0cihKU1ZhbHVlUHRyOjplbmNvZGUoanNOdWxsKCkpKSksIHRhcmdldCArIDIpOyAgICAg ICAgICAgIAogCiAgICAgICAgICAgICB3YXNOb3RJbW1lZGlhdGUubGluayh0aGlzKTsKKyAgICAg ICAgICAgIFJFQ09SRF9KVU1QX1RBUkdFVCh0YXJnZXQgKyAyKTsKICAgICAgICAgICAgIE5FWFRf T1BDT0RFKG9wX2puZXFfbnVsbCk7CiAgICAgICAgIH0KICAgICAgICAgY2FzZSBvcF9wb3N0X2lu YzogewpAQCAtODI0LDEwICs4MzUsMTMgQEAgdm9pZCBKSVQ6OnByaXZhdGVDb21waWxlTWFpblBh c3MoKQogICAgICAgICAgICAgRGF0YUxhYmVsUHRyIHN0b3JlTG9jYXRpb24gPSBzdG9yZVB0cldp dGhQYXRjaChBZGRyZXNzKGNhbGxGcmFtZVJlZ2lzdGVyLCBzaXplb2YoUmVnaXN0ZXIpICogcmV0 QWRkckRzdCkpOwogICAgICAgICAgICAgYWRkSnVtcChqdW1wKCksIHRhcmdldCArIDIpOwogICAg ICAgICAgICAgbV9qc3JTaXRlcy5hcHBlbmQoSlNSSW5mbyhzdG9yZUxvY2F0aW9uLCBsYWJlbCgp KSk7CisgICAgICAgICAgICBraWxsTGFzdFJlc3VsdFJlZ2lzdGVyKCk7CisgICAgICAgICAgICBS RUNPUkRfSlVNUF9UQVJHRVQodGFyZ2V0ICsgMik7CiAgICAgICAgICAgICBORVhUX09QQ09ERShv cF9qc3IpOwogICAgICAgICB9CiAgICAgICAgIGNhc2Ugb3Bfc3JldDogewogICAgICAgICAgICAg anVtcChBZGRyZXNzKGNhbGxGcmFtZVJlZ2lzdGVyLCBzaXplb2YoUmVnaXN0ZXIpICogY3VycmVu dEluc3RydWN0aW9uWzFdLnUub3BlcmFuZCkpOworICAgICAgICAgICAga2lsbExhc3RSZXN1bHRS ZWdpc3RlcigpOwogICAgICAgICAgICAgTkVYVF9PUENPREUob3Bfc3JldCk7CiAgICAgICAgIH0K ICAgICAgICAgY2FzZSBvcF9lcTogewpAQCAtODkyLDYgKzkwNiw3IEBAIHZvaWQgSklUOjpwcml2 YXRlQ29tcGlsZU1haW5QYXNzKCkKICAgICAgICAgICAgIGFkZFNsb3dDYXNlKGJyYW5jaFB0cihO b3RFcXVhbCwgcmVnVDAsIEltbVB0cihKU1ZhbHVlUHRyOjplbmNvZGUoanNCb29sZWFuKGZhbHNl KSkpKSk7CiAKICAgICAgICAgICAgIGlzWmVyby5saW5rKHRoaXMpOworICAgICAgICAgICAgUkVD T1JEX0pVTVBfVEFSR0VUKHRhcmdldCArIDIpOwogICAgICAgICAgICAgTkVYVF9PUENPREUob3Bf anRydWUpOwogICAgICAgICB9CiAgICAgICAgIENUSV9DT01QSUxFX0JJTkFSWV9PUChvcF9sZXNz KQpAQCAtMTAzMSw2ICsxMDQ2LDcgQEAgdm9pZCBKSVQ6OnByaXZhdGVDb21waWxlTWFpblBhc3Mo KQogICAgICAgICAgICAgZW1pdENUSUNhbGwoSklUU3R1YnM6OmN0aV9vcF9qbXBfc2NvcGVzKTsK ICAgICAgICAgICAgIHVuc2lnbmVkIHRhcmdldCA9IGN1cnJlbnRJbnN0cnVjdGlvblsyXS51Lm9w ZXJhbmQ7CiAgICAgICAgICAgICBhZGRKdW1wKGp1bXAoKSwgdGFyZ2V0ICsgMik7CisgICAgICAg ICAgICBSRUNPUkRfSlVNUF9UQVJHRVQodGFyZ2V0ICsgMik7CiAgICAgICAgICAgICBORVhUX09Q Q09ERShvcF9qbXBfc2NvcGVzKTsKICAgICAgICAgfQogICAgICAgICBjYXNlIG9wX3B1dF9ieV9p bmRleDogewo=