67551 2011-09-02 20:48:53 -0700 DFG JIT speculation failure does recovery of additions without reboxing 2011-09-06 13:08:09 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 1 fpizlo webkit-unassigned ggaren webkit.review.bot oldest_to_newest 461715 0 fpizlo 2011-09-02 20:48:53 -0700 The DFG JIT speculation failure code can undo additions - so if we realize that we executed a destructive addition incorrectly, we can revert it. But the code does not work: it performs an addition on the wrong register (it reverses the source and destination) and then fails to rebox the result, if the destructive addition also did implicit unboxing via zero extension. 461717 1 fpizlo 2011-09-02 21:02:19 -0700 Correction: the recovery is done in the right order. The bug here is that it does not do reboxing. 461721 2 106243 fpizlo 2011-09-02 21:15:59 -0700 Created attachment 106243 the patch 461722 3 webkit.review.bot 2011-09-02 21:17:48 -0700 Attachment 106243 did not pass style-queue: Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'Source/JavaScriptCore/ChangeLog', u'Source..." exit_code: 1 Source/JavaScriptCore/ChangeLog:3: Line contains tab character. [whitespace/tab] [5] Source/JavaScriptCore/ChangeLog:4: Line contains tab character. [whitespace/tab] [5] Source/JavaScriptCore/ChangeLog:5: Line contains tab character. [whitespace/tab] [5] Total errors found: 3 in 2 files If any of these errors are false positives, please file a bug against check-webkit-style. 461727 4 106243 sam 2011-09-02 21:27:12 -0700 Comment on attachment 106243 the patch View in context: https://bugs.webkit.org/attachment.cgi?id=106243&action=review > Source/JavaScriptCore/ChangeLog:6 > + Please remove tabs. 461728 5 106244 fpizlo 2011-09-02 21:30:32 -0700 Created attachment 106244 the patch - removed tabs 461743 6 106244 webkit.review.bot 2011-09-02 22:22:41 -0700 Comment on attachment 106244 the patch - removed tabs Clearing flags on attachment: 106244 Committed r94478: <http://trac.webkit.org/changeset/94478> 461744 7 webkit.review.bot 2011-09-02 22:22:45 -0700 All reviewed patches have been landed. Closing bug. 462774 8 ggaren 2011-09-06 13:03:08 -0700 Could this patch have included a regression test? 462780 9 fpizlo 2011-09-06 13:08:09 -0700 (In reply to comment #8) > Could this patch have included a regression test? It could have; at the time I wasn't sure if I could even repro it without tiered compilation but now I know I can. A test case is on the way. 106243 2011-09-02 21:15:59 -0700 2011-09-02 21:30:32 -0700 the patch goodrecover_patch_2.diff text/plain 1866 fpizlo SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gOTQ0NzYpCisrKyBTb3VyY2Uv SmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTQgQEAK KzIwMTEtMDktMDIgIEZpbGlwIFBpemxvICA8ZnBpemxvQGFwcGxlLmNvbT4KKworCURGRyBKSVQg c3BlY3VsYXRpb24gZmFpbHVyZSBkb2VzIHJlY292ZXJ5IG9mIGFkZGl0aW9ucyBpbiByZXZlcnNl IGFuZAorCWRvZXNuJ3QgcmVib3gKKwlodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5j Z2k/aWQ9Njc1NTEKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAg ICAgICAqIGRmZy9ERkdKSVRDb21waWxlci5jcHA6CisgICAgICAgIChKU0M6OkRGRzo6SklUQ29t cGlsZXI6Omp1bXBGcm9tU3BlY3VsYXRpdmVUb05vblNwZWN1bGF0aXZlKToKKwogMjAxMS0wOS0w MiAgTWljaGFlbCBTYWJvZmYgIDxtc2Fib2ZmQGFwcGxlLmNvbT4KIAogICAgICAgICBSZXBsYWNl IGxvY2FsIGltcGxlbWVudGF0aW9uIG9mIHN0cmluZyBlcXVhbHMoKSBtZXRob2RzIHdpdGggVVN0 cmluZyB2ZXJzaW9ucwpJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL2RmZy9ERkdKSVRDb21w aWxlci5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL2RmZy9ERkdKSVRD b21waWxlci5jcHAJKHJldmlzaW9uIDk0NDc2KQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL2Rm Zy9ERkdKSVRDb21waWxlci5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTQ5NSw4ICs0OTUsMTYgQEAg dm9pZCBKSVRDb21waWxlcjo6anVtcEZyb21TcGVjdWxhdGl2ZVRvTgogICAgIGlmIChyZWNvdmVy eSkgewogICAgICAgICAvLyBUaGUgb25seSBhZGRpdGlvbmFsIHJlY292ZXJ5IHdlIGN1cnJlbnRs eSBzdXBwb3J0IGlzIGZvciBpbnRlZ2VyIGFkZCBvcGVyYXRpb24KICAgICAgICAgQVNTRVJUKHJl Y292ZXJ5LT50eXBlKCkgPT0gU3BlY3VsYXRpdmVBZGQpOworICAgICAgICBBU1NFUlQoY2hlY2su bV9ncHJJbmZvW0dQUkluZm86OnRvSW5kZXgocmVjb3ZlcnktPmRlc3QoKSldLm5vZGVJbmRleCAh PSBOb05vZGUpOwogICAgICAgICAvLyBSZXZlcnQgdGhlIGFkZC4KICAgICAgICAgc3ViMzIocmVj b3ZlcnktPnNyYygpLCByZWNvdmVyeS0+ZGVzdCgpKTsKKyAgICAgICAgCisgICAgICAgIC8vIElm IHJlY292ZXJ5LT5kZXN0KCkgc2hvdWxkIGhhdmUgYmVlbiBib3hlZCBwcmlvciB0byB0aGUgYWRk aXRpb24sIHRoZW4gcmVib3gKKyAgICAgICAgLy8gaXQuCisgICAgICAgIERhdGFGb3JtYXQgZm9y bWF0ID0gY2hlY2subV9ncHJJbmZvW0dQUkluZm86OnRvSW5kZXgocmVjb3ZlcnktPmRlc3QoKSld LmZvcm1hdDsKKyAgICAgICAgQVNTRVJUKGZvcm1hdCA9PSBEYXRhRm9ybWF0SW50ZWdlciB8fCBm b3JtYXQgPT0gRGF0YUZvcm1hdEpTSW50ZWdlciB8fCBmb3JtYXQgPT0gRGF0YUZvcm1hdEpTKTsK KyAgICAgICAgaWYgKGZvcm1hdCAhPSBEYXRhRm9ybWF0SW50ZWdlcikKKyAgICAgICAgICAgIG9y UHRyKEdQUkluZm86OnRhZ1R5cGVOdW1iZXJSZWdpc3RlciwgcmVjb3ZlcnktPmRlc3QoKSk7CiAg ICAgfQogICAgIAogICAgIC8vIEZpcnN0LCB3ZSBuZWVkIGEgcmV2ZXJzZSBtYXBwaW5nIHRoYXQg dGVsbHMgdXMsIGZvciBhIE5vZGVJbmRleCwgd2hpY2ggcmVnaXN0ZXIK 106244 2011-09-02 21:30:32 -0700 2011-09-02 22:22:41 -0700 the patch - removed tabs goodrecover_patch_4.diff text/plain 1883 fpizlo SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gOTQ0NzYpCisrKyBTb3VyY2Uv SmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTQgQEAK KzIwMTEtMDktMDIgIEZpbGlwIFBpemxvICA8ZnBpemxvQGFwcGxlLmNvbT4KKworICAgICAgICBE RkcgSklUIHNwZWN1bGF0aW9uIGZhaWx1cmUgZG9lcyByZWNvdmVyeSBvZiBhZGRpdGlvbnMgaW4g cmV2ZXJzZSBhbmQKKyAgICAgICAgZG9lc24ndCByZWJveAorICAgICAgICBodHRwczovL2J1Z3Mu d2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9Njc1NTEKKworICAgICAgICBSZXZpZXdlZCBieSBT YW0gV2VpbmlnLgorCisgICAgICAgICogZGZnL0RGR0pJVENvbXBpbGVyLmNwcDoKKyAgICAgICAg KEpTQzo6REZHOjpKSVRDb21waWxlcjo6anVtcEZyb21TcGVjdWxhdGl2ZVRvTm9uU3BlY3VsYXRp dmUpOgorCiAyMDExLTA5LTAyICBNaWNoYWVsIFNhYm9mZiAgPG1zYWJvZmZAYXBwbGUuY29tPgog CiAgICAgICAgIFJlcGxhY2UgbG9jYWwgaW1wbGVtZW50YXRpb24gb2Ygc3RyaW5nIGVxdWFscygp IG1ldGhvZHMgd2l0aCBVU3RyaW5nIHZlcnNpb25zCkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENv cmUvZGZnL0RGR0pJVENvbXBpbGVyLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlw dENvcmUvZGZnL0RGR0pJVENvbXBpbGVyLmNwcAkocmV2aXNpb24gOTQ0NzYpCisrKyBTb3VyY2Uv SmF2YVNjcmlwdENvcmUvZGZnL0RGR0pJVENvbXBpbGVyLmNwcAkod29ya2luZyBjb3B5KQpAQCAt NDk1LDggKzQ5NSwxNiBAQCB2b2lkIEpJVENvbXBpbGVyOjpqdW1wRnJvbVNwZWN1bGF0aXZlVG9O CiAgICAgaWYgKHJlY292ZXJ5KSB7CiAgICAgICAgIC8vIFRoZSBvbmx5IGFkZGl0aW9uYWwgcmVj b3Zlcnkgd2UgY3VycmVudGx5IHN1cHBvcnQgaXMgZm9yIGludGVnZXIgYWRkIG9wZXJhdGlvbgog ICAgICAgICBBU1NFUlQocmVjb3ZlcnktPnR5cGUoKSA9PSBTcGVjdWxhdGl2ZUFkZCk7CisgICAg ICAgIEFTU0VSVChjaGVjay5tX2dwckluZm9bR1BSSW5mbzo6dG9JbmRleChyZWNvdmVyeS0+ZGVz dCgpKV0ubm9kZUluZGV4ICE9IE5vTm9kZSk7CiAgICAgICAgIC8vIFJldmVydCB0aGUgYWRkLgog ICAgICAgICBzdWIzMihyZWNvdmVyeS0+c3JjKCksIHJlY292ZXJ5LT5kZXN0KCkpOworICAgICAg ICAKKyAgICAgICAgLy8gSWYgcmVjb3ZlcnktPmRlc3QoKSBzaG91bGQgaGF2ZSBiZWVuIGJveGVk IHByaW9yIHRvIHRoZSBhZGRpdGlvbiwgdGhlbiByZWJveAorICAgICAgICAvLyBpdC4KKyAgICAg ICAgRGF0YUZvcm1hdCBmb3JtYXQgPSBjaGVjay5tX2dwckluZm9bR1BSSW5mbzo6dG9JbmRleChy ZWNvdmVyeS0+ZGVzdCgpKV0uZm9ybWF0OworICAgICAgICBBU1NFUlQoZm9ybWF0ID09IERhdGFG b3JtYXRJbnRlZ2VyIHx8IGZvcm1hdCA9PSBEYXRhRm9ybWF0SlNJbnRlZ2VyIHx8IGZvcm1hdCA9 PSBEYXRhRm9ybWF0SlMpOworICAgICAgICBpZiAoZm9ybWF0ICE9IERhdGFGb3JtYXRJbnRlZ2Vy KQorICAgICAgICAgICAgb3JQdHIoR1BSSW5mbzo6dGFnVHlwZU51bWJlclJlZ2lzdGVyLCByZWNv dmVyeS0+ZGVzdCgpKTsKICAgICB9CiAgICAgCiAgICAgLy8gRmlyc3QsIHdlIG5lZWQgYSByZXZl cnNlIG1hcHBpbmcgdGhhdCB0ZWxscyB1cywgZm9yIGEgTm9kZUluZGV4LCB3aGljaCByZWdpc3Rl cgo=