65490 2011-08-01 14:39:04 -0700 DFG JIT sometimes creates speculation check data structures that have invalid information about the format of a register 2011-08-01 15:32:26 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 1 fpizlo webkit-unassigned barraclough fpizlo webkit.review.bot oldest_to_newest 444884 0 fpizlo 2011-08-01 14:39:04 -0700 The DFG JIT speculation failure code requires knowing the format in which values are stored on both the speculative, and non-speculative, paths. For example, a number may be either boxed, unboxed as an integer, or unboxed as a double. But sometimes the speculative JIT creates a speculation failure in which it fails to correctly set the data format of a register, leading to either incorrect speculation failure code, or assertion failures. 444903 1 102564 fpizlo 2011-08-01 15:03:05 -0700 Created attachment 102564 the patch 444929 2 102564 webkit.review.bot 2011-08-01 15:32:22 -0700 Comment on attachment 102564 the patch Clearing flags on attachment: 102564 Committed r92148: <http://trac.webkit.org/changeset/92148> 444930 3 webkit.review.bot 2011-08-01 15:32:26 -0700 All reviewed patches have been landed. Closing bug. 102564 2011-08-01 15:03:05 -0700 2011-08-01 15:32:22 -0700 the patch fixregformat_patch_1.diff text/plain 5541 fpizlo SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gOTIxNDUpCisrKyBTb3VyY2Uv SmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMjcgQEAK KzIwMTEtMDgtMDEgIEZpbGlwIFBpemxvICA8ZnBpemxvQGFwcGxlLmNvbT4KKworICAgICAgICBE RkcgSklUIHNvbWV0aW1lcyBjcmVhdGVzIHNwZWN1bGF0aW9uIGNoZWNrIGRhdGEgc3RydWN0dXJl cyB0aGF0IGhhdmUKKyAgICAgICAgaW52YWxpZCBpbmZvcm1hdGlvbiBhYm91dCB0aGUgZm9ybWF0 IG9mIGEgcmVnaXN0ZXIKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcu Y2dpP2lkPTY1NDkwCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisgICAg ICAgIAorICAgICAgICBUaGUgY29kZSBub3cgbWFrZXMgc3VyZSB0byAoMSkgYWx3YXlzIGhhdmUg Y29ycmVjdCBhbmQgdXAtdG8tZGF0ZQorICAgICAgICBpbmZvcm1hdGlvbiBhYm91dCByZWdpc3Rl ciBmb3JtYXQgYXQgdGhlIHRpbWUgdGhhdCBhIHNwZWN1bGF0aW9uCisgICAgICAgIGNoZWNrIGlz IGVtaXR0ZWQsICgyKSBhc3NlcnQgdGhhdCBzcGVjdWxhdGlvbiBkYXRhIGlzIGNvcnJlY3QKKyAg ICAgICAgaW5zaWRlIHRoZSBzcGVjdWxhdGlvbiBjaGVjayBpbXBsZW1lbnRhdGlvbiwgYW5kICgz KSBhdm9pZCBjcmVhdGluZworICAgICAgICBzcGVjdWxhdGlvbiBkYXRhIGFsdG9nZXRoZXIgaWYg Y29tcGlsYXRpb24gaGFzIGFscmVhZHkgZmFpbGVkLCBzaW5jZQorICAgICAgICBhdCB0aGF0IHBv aW50IHRoZSBmb3JtYXQgZGF0YSBpcyBhbG1vc3QgZ3VhcmFudGVlZCB0byBiZSBib2d1cy4KKwor ICAgICAgICAqIGRmZy9ERkdOb25TcGVjdWxhdGl2ZUpJVC5jcHA6CisgICAgICAgIChKU0M6OkRG Rzo6RW50cnlMb2NhdGlvbjo6RW50cnlMb2NhdGlvbik6CisgICAgICAgICogZGZnL0RGR1NwZWN1 bGF0aXZlSklULmNwcDoKKyAgICAgICAgKEpTQzo6REZHOjpTcGVjdWxhdGlvbkNoZWNrOjpTcGVj dWxhdGlvbkNoZWNrKToKKyAgICAgICAgKEpTQzo6REZHOjpTcGVjdWxhdGl2ZUpJVDo6ZmlsbFNw ZWN1bGF0ZUNlbGwpOgorICAgICAgICAoSlNDOjpERkc6OlNwZWN1bGF0aXZlSklUOjpjb21waWxl KToKKyAgICAgICAgKiBkZmcvREZHU3BlY3VsYXRpdmVKSVQuaDoKKyAgICAgICAgKEpTQzo6REZH OjpTcGVjdWxhdGl2ZUpJVDo6c3BlY3VsYXRpb25DaGVjayk6CisKIDIwMTEtMDctMzEgIEdhdmlu IEJhcnJhY2xvdWdoICA8YmFycmFjbG91Z2hAYXBwbGUuY29tPgogCiAgICAgICAgIGh0dHBzOi8v YnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD02NDY3OQpJbmRleDogU291cmNlL0phdmFT Y3JpcHRDb3JlL2RmZy9ERkdOb25TcGVjdWxhdGl2ZUpJVC5jcHAKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL2RmZy9ERkdOb25TcGVjdWxhdGl2ZUpJVC5jcHAJKHJldmlzaW9u IDkyMTM2KQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL2RmZy9ERkdOb25TcGVjdWxhdGl2ZUpJ VC5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTQzLDYgKzQzLDcgQEAgRW50cnlMb2NhdGlvbjo6RW50 cnlMb2NhdGlvbihNYWNyb0Fzc2VtYgogICAgICAgICAgICAgR2VuZXJhdGlvbkluZm8mIGluZm8g PSAgaml0LT5tX2dlbmVyYXRpb25JbmZvW2l0ZXIubmFtZSgpXTsKICAgICAgICAgICAgIG1fZ3By SW5mb1tpdGVyLmluZGV4KCldLm5vZGVJbmRleCA9IGluZm8ubm9kZUluZGV4KCk7CiAgICAgICAg ICAgICBtX2dwckluZm9baXRlci5pbmRleCgpXS5mb3JtYXQgPSBpbmZvLnJlZ2lzdGVyRm9ybWF0 KCk7CisgICAgICAgICAgICBBU1NFUlQobV9ncHJJbmZvW2l0ZXIuaW5kZXgoKV0uZm9ybWF0ICE9 IERhdGFGb3JtYXROb25lKTsKICAgICAgICAgICAgIG1fZ3BySW5mb1tpdGVyLmluZGV4KCldLmlz U3BpbGxlZCA9IGluZm8uc3BpbGxGb3JtYXQoKSAhPSBEYXRhRm9ybWF0Tm9uZTsKICAgICAgICAg fSBlbHNlCiAgICAgICAgICAgICBtX2dwckluZm9baXRlci5pbmRleCgpXS5ub2RlSW5kZXggPSBO b05vZGU7CkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvZGZnL0RGR1NwZWN1bGF0aXZlSklU LmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlwdENvcmUvZGZnL0RGR1NwZWN1bGF0 aXZlSklULmNwcAkocmV2aXNpb24gOTIxMzYpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvZGZn L0RGR1NwZWN1bGF0aXZlSklULmNwcAkod29ya2luZyBjb3B5KQpAQCAtMTUwLDYgKzE1MCw3IEBA IFNwZWN1bGF0aW9uQ2hlY2s6OlNwZWN1bGF0aW9uQ2hlY2soTWFjcm8KICAgICAgICAgICAgIEdl bmVyYXRpb25JbmZvJiBpbmZvID0gIGppdC0+bV9nZW5lcmF0aW9uSW5mb1tpdGVyLm5hbWUoKV07 CiAgICAgICAgICAgICBtX2dwckluZm9baXRlci5pbmRleCgpXS5ub2RlSW5kZXggPSBpbmZvLm5v ZGVJbmRleCgpOwogICAgICAgICAgICAgbV9ncHJJbmZvW2l0ZXIuaW5kZXgoKV0uZm9ybWF0ID0g aW5mby5yZWdpc3RlckZvcm1hdCgpOworICAgICAgICAgICAgQVNTRVJUKG1fZ3BySW5mb1tpdGVy LmluZGV4KCldLmZvcm1hdCAhPSBEYXRhRm9ybWF0Tm9uZSk7CiAgICAgICAgICAgICBtX2dwcklu Zm9baXRlci5pbmRleCgpXS5pc1NwaWxsZWQgPSBpbmZvLnNwaWxsRm9ybWF0KCkgIT0gRGF0YUZv cm1hdE5vbmU7CiAgICAgICAgIH0gZWxzZQogICAgICAgICAgICAgbV9ncHJJbmZvW2l0ZXIuaW5k ZXgoKV0ubm9kZUluZGV4ID0gTm9Ob2RlOwpAQCAtMzE1LDYgKzMxNiw3IEBAIEdQUlJlZyBTcGVj dWxhdGl2ZUpJVDo6ZmlsbFNwZWN1bGF0ZUNlbGwKICAgICAgICAgbV9ncHJzLnJldGFpbihncHIs IHZpcnR1YWxSZWdpc3RlciwgU3BpbGxPcmRlclNwaWxsZWQpOwogICAgICAgICBtX2ppdC5sb2Fk UHRyKEpJVENvbXBpbGVyOjphZGRyZXNzRm9yKHZpcnR1YWxSZWdpc3RlciksIGdwcik7CiAKKyAg ICAgICAgaW5mby5maWxsSlNWYWx1ZShncHIsIERhdGFGb3JtYXRKUyk7CiAgICAgICAgIGlmIChp bmZvLnNwaWxsRm9ybWF0KCkgIT0gRGF0YUZvcm1hdEpTQ2VsbCkKICAgICAgICAgICAgIHNwZWN1 bGF0aW9uQ2hlY2sobV9qaXQuYnJhbmNoVGVzdFB0cihNYWNyb0Fzc2VtYmxlcjo6Tm9uWmVybywg Z3ByLCBHUFJJbmZvOjp0YWdNYXNrUmVnaXN0ZXIpKTsKICAgICAgICAgaW5mby5maWxsSlNWYWx1 ZShncHIsIERhdGFGb3JtYXRKU0NlbGwpOwpAQCAtNjg0LDcgKzY4Niw3IEBAIHZvaWQgU3BlY3Vs YXRpdmVKSVQ6OmNvbXBpbGUoTm9kZSYgbm9kZSkKICAgICAgICAgICAgICAgICBTcGVjdWxhdGVJ bnRlZ2VyT3BlcmFuZCBvcDEodGhpcywgbm9kZS5jaGlsZDEoKSk7CiAgICAgICAgICAgICAgICAg aW50MzJfdCBpbW0yID0gdmFsdWVPZkludDMyQ29uc3RhbnQobm9kZS5jaGlsZDIoKSk7CiAgICAg ICAgICAgICAgICAgR1BSVGVtcG9yYXJ5IHJlc3VsdCh0aGlzKTsKLQorICAgICAgICAgICAgICAg IAogICAgICAgICAgICAgICAgIHNwZWN1bGF0aW9uQ2hlY2sobV9qaXQuYnJhbmNoQWRkMzIoTWFj cm9Bc3NlbWJsZXI6Ok92ZXJmbG93LCBvcDEuZ3ByKCksIEltbTMyKGltbTIpLCByZXN1bHQuZ3By KCkpKTsKIAogICAgICAgICAgICAgICAgIGludGVnZXJSZXN1bHQocmVzdWx0LmdwcigpLCBtX2Nv bXBpbGVJbmRleCk7CkBAIC05MDMsNiArOTA1LDkgQEAgdm9pZCBTcGVjdWxhdGl2ZUpJVDo6Y29t cGlsZShOb2RlJiBub2RlKQogICAgICAgICBHUFJSZWcgYmFzZVJlZyA9IGJhc2UuZ3ByKCk7CiAg ICAgICAgIEdQUlJlZyBwcm9wZXJ0eVJlZyA9IHByb3BlcnR5LmdwcigpOwogICAgICAgICBHUFJS ZWcgc3RvcmFnZVJlZyA9IHN0b3JhZ2UuZ3ByKCk7CisgICAgICAgIAorICAgICAgICBpZiAoIW1f Y29tcGlsZU9rYXkpCisgICAgICAgICAgICByZXR1cm47CiAKICAgICAgICAgLy8gR2V0IHRoZSBh cnJheSBzdG9yYWdlLiBXZSBoYXZlbid0IHlldCBjaGVja2VkIHRoaXMgaXMgYSBKU0FycmF5LCBz byB0aGlzIGlzIG9ubHkgc2FmZSBpZgogICAgICAgICAvLyBhbiBhY2Nlc3Mgd2l0aCBvZmZzZXQg SlNBcnJheTo6c3RvcmFnZU9mZnNldCgpIGlzIHZhbGlkIGZvciBhbGwgSlNDZWxscyEKQEAgLTk0 MCw3ICs5NDUsNyBAQCB2b2lkIFNwZWN1bGF0aXZlSklUOjpjb21waWxlKE5vZGUmIG5vZGUpCiAg ICAgICAgIAogICAgICAgICBpZiAoIW1fY29tcGlsZU9rYXkpCiAgICAgICAgICAgICByZXR1cm47 Ci0KKyAgICAgICAgCiAgICAgICAgIHdyaXRlQmFycmllcihtX2ppdCwgYmFzZVJlZywgc2NyYXRj aFJlZyk7CiAKICAgICAgICAgLy8gQ2hlY2sgdGhhdCBiYXNlIGlzIGFuIGFycmF5LCBhbmQgdGhh dCBwcm9wZXJ0eSBpcyBjb250YWluZWQgd2l0aGluIG1fdmVjdG9yICg8IG1fdmVjdG9yTGVuZ3Ro KS4KSW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9kZmcvREZHU3BlY3VsYXRpdmVKSVQuaAo9 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlwdENvcmUvZGZnL0RGR1NwZWN1bGF0aXZlSklU LmgJKHJldmlzaW9uIDkyMTM2KQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL2RmZy9ERkdTcGVj dWxhdGl2ZUpJVC5oCSh3b3JraW5nIGNvcHkpCkBAIC0xODYsMTEgKzE4NiwxNSBAQCBwcml2YXRl OgogICAgIC8vIEFkZCBhIHNwZWN1bGF0aW9uIGNoZWNrIHdpdGhvdXQgYWRkaXRpb25hbCByZWNv dmVyeS4KICAgICB2b2lkIHNwZWN1bGF0aW9uQ2hlY2soTWFjcm9Bc3NlbWJsZXI6Okp1bXAganVt cFRvRmFpbCkKICAgICB7CisgICAgICAgIGlmICghbV9jb21waWxlT2theSkKKyAgICAgICAgICAg IHJldHVybjsKICAgICAgICAgbV9zcGVjdWxhdGlvbkNoZWNrcy5hcHBlbmQoU3BlY3VsYXRpb25D aGVjayhqdW1wVG9GYWlsLCB0aGlzKSk7CiAgICAgfQogICAgIC8vIEFkZCBhIHNwZWN1bGF0aW9u IGNoZWNrIHdpdGggYWRkaXRpb25hbCByZWNvdmVyeS4KICAgICB2b2lkIHNwZWN1bGF0aW9uQ2hl Y2soTWFjcm9Bc3NlbWJsZXI6Okp1bXAganVtcFRvRmFpbCwgY29uc3QgU3BlY3VsYXRpb25SZWNv dmVyeSYgcmVjb3ZlcnkpCiAgICAgeworICAgICAgICBpZiAoIW1fY29tcGlsZU9rYXkpCisgICAg ICAgICAgICByZXR1cm47CiAgICAgICAgIG1fc3BlY3VsYXRpb25SZWNvdmVyeUxpc3QuYXBwZW5k KHJlY292ZXJ5KTsKICAgICAgICAgbV9zcGVjdWxhdGlvbkNoZWNrcy5hcHBlbmQoU3BlY3VsYXRp b25DaGVjayhqdW1wVG9GYWlsLCB0aGlzLCBtX3NwZWN1bGF0aW9uUmVjb3ZlcnlMaXN0LnNpemUo KSkpOwogICAgIH0K