Bug 146562

Summary: DFG and FTL should have an OSR exit fuzzer
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: JavaScriptCoreAssignee: Filip Pizlo <fpizlo>
Status: RESOLVED FIXED    
Severity: Normal CC: barraclough, basile_clement, benjamin, commit-queue, ggaren, mark.lam, mhahnenb, mmirman, msaboff, nrotem, oliver, saam, sam
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
work in progress
none
the patch benjamin: review+

Description Filip Pizlo 2015-07-02 15:49:23 PDT 
Patch forthcoming.
Comment 1 Filip Pizlo 2015-07-02 15:49:51 PDT 
Created attachment 256043 [details]
work in progress
Comment 2 Filip Pizlo 2015-07-02 18:37:07 PDT 
Created attachment 256066 [details]
the patch
Comment 3 WebKit Commit Bot 2015-07-02 18:39:10 PDT 
Attachment 256066 [details] did not pass style-queue:


ERROR: Source/JavaScriptCore/dfg/DFGOSRExitFuzz.h:32:  g_numberOfOSRExitFuzzChecks is incorrectly named. Don't use underscores in your identifier names.  [readability/naming/underscores] [4]
ERROR: Source/JavaScriptCore/dfg/DFGOSRExitFuzz.cpp:33:  g_numberOfOSRExitFuzzChecks is incorrectly named. Don't use underscores in your identifier names.  [readability/naming/underscores] [4]
Total errors found: 2 in 12 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 4 Benjamin Poulain 2015-07-02 18:46:08 PDT 
Comment on attachment 256066 [details]
the patch

View in context: https://bugs.webkit.org/attachment.cgi?id=256066&action=review

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:182
> +        MacroAssembler::RelationalCondition condition;
> +        if (atOrAfter) {
> +            threshold = atOrAfter;
> +            condition = MacroAssembler::Below;
> +        } else {
> +            threshold = at;
> +            condition = MacroAssembler::NotEqual;
> +        }

You could return a JumpList and not have those exclusive.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:184
> +        MacroAssembler::Jump ok = m_jit.branch32(
> +            condition, GPRInfo::regT0, MacroAssembler::TrustedImm32(threshold));

Could be on one line.

> Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp:8186
> +            if (unsigned at = Options::fireOSRExitFuzzAt()) {
> +                failCondition = m_out.bitOr(
> +                    failCondition,
> +                    m_out.equal(numberOfFuzzChecks, m_out.constInt32(at)));
> +            }

Oh, this one is not exclusive...
Comment 5 Filip Pizlo 2015-07-02 18:49:52 PDT 
Landed in http://trac.webkit.org/changeset/186252