| Summary: | DFG and FTL should have an OSR exit fuzzer | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Filip Pizlo <fpizlo> | ||||||
| Component: | JavaScriptCore | Assignee: | Filip Pizlo <fpizlo> | ||||||
| Status: | RESOLVED FIXED | ||||||||
| Severity: | Normal | CC: | barraclough, basile_clement, benjamin, commit-queue, ggaren, mark.lam, mhahnenb, mmirman, msaboff, nrotem, oliver, saam, sam | ||||||
| Priority: | P2 | ||||||||
| Version: | 528+ (Nightly build) | ||||||||
| Hardware: | All | ||||||||
| OS: | All | ||||||||
| Attachments: |
|
||||||||
|
Description
Filip Pizlo
2015-07-02 15:49:23 PDT
Created attachment 256043 [details]
work in progress
Created attachment 256066 [details]
the patch
Attachment 256066 [details] did not pass style-queue:
ERROR: Source/JavaScriptCore/dfg/DFGOSRExitFuzz.h:32: g_numberOfOSRExitFuzzChecks is incorrectly named. Don't use underscores in your identifier names. [readability/naming/underscores] [4]
ERROR: Source/JavaScriptCore/dfg/DFGOSRExitFuzz.cpp:33: g_numberOfOSRExitFuzzChecks is incorrectly named. Don't use underscores in your identifier names. [readability/naming/underscores] [4]
Total errors found: 2 in 12 files
If any of these errors are false positives, please file a bug against check-webkit-style.
Comment on attachment 256066 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=256066&action=review > Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:182 > + MacroAssembler::RelationalCondition condition; > + if (atOrAfter) { > + threshold = atOrAfter; > + condition = MacroAssembler::Below; > + } else { > + threshold = at; > + condition = MacroAssembler::NotEqual; > + } You could return a JumpList and not have those exclusive. > Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:184 > + MacroAssembler::Jump ok = m_jit.branch32( > + condition, GPRInfo::regT0, MacroAssembler::TrustedImm32(threshold)); Could be on one line. > Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp:8186 > + if (unsigned at = Options::fireOSRExitFuzzAt()) { > + failCondition = m_out.bitOr( > + failCondition, > + m_out.equal(numberOfFuzzChecks, m_out.constInt32(at))); > + } Oh, this one is not exclusive... Landed in http://trac.webkit.org/changeset/186252 |