Bug 146562

Summary:

DFG and FTL should have an OSR exit fuzzer

Product:

WebKit

Reporter:

Filip Pizlo <fpizlo>

Component:

JavaScriptCore

Assignee:

Filip Pizlo <fpizlo>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

barraclough, basile_clement, benjamin, commit-queue, ggaren, mark.lam, mhahnenb, mmirman, msaboff, nrotem, oliver, saam, sam

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
work in progress	none
the patch	benjamin: review+

Filip Pizlo

Reported 2015-07-02 15:49:23 PDT

Patch forthcoming.

Attachments
work in progress (10.58 KB, patch) 2015-07-02 15:49 PDT, Filip Pizlo	no flags	Details Formatted Diff Diff
the patch (19.66 KB, patch) 2015-07-02 18:37 PDT, Filip Pizlo	benjamin: review+	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Filip Pizlo

Comment 1 2015-07-02 15:49:51 PDT

Created attachment 256043 [details] work in progress

Filip Pizlo

Comment 2 2015-07-02 18:37:07 PDT

Created attachment 256066 [details] the patch

WebKit Commit Bot

Comment 3 2015-07-02 18:39:10 PDT

Attachment 256066 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/dfg/DFGOSRExitFuzz.h:32: g_numberOfOSRExitFuzzChecks is incorrectly named. Don't use underscores in your identifier names. [readability/naming/underscores] [4] ERROR: Source/JavaScriptCore/dfg/DFGOSRExitFuzz.cpp:33: g_numberOfOSRExitFuzzChecks is incorrectly named. Don't use underscores in your identifier names. [readability/naming/underscores] [4] Total errors found: 2 in 12 files If any of these errors are false positives, please file a bug against check-webkit-style.

Benjamin Poulain

Comment 4 2015-07-02 18:46:08 PDT

Comment on attachment 256066 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=256066&action=review > Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:182 > + MacroAssembler::RelationalCondition condition; > + if (atOrAfter) { > + threshold = atOrAfter; > + condition = MacroAssembler::Below; > + } else { > + threshold = at; > + condition = MacroAssembler::NotEqual; > + } You could return a JumpList and not have those exclusive. > Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:184 > + MacroAssembler::Jump ok = m_jit.branch32( > + condition, GPRInfo::regT0, MacroAssembler::TrustedImm32(threshold)); Could be on one line. > Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp:8186 > + if (unsigned at = Options::fireOSRExitFuzzAt()) { > + failCondition = m_out.bitOr( > + failCondition, > + m_out.equal(numberOfFuzzChecks, m_out.constInt32(at))); > + } Oh, this one is not exclusive...

Filip Pizlo

Comment 5 2015-07-02 18:49:52 PDT

Landed in http://trac.webkit.org/changeset/186252

Note You need to log in before you can comment on or make changes to this bug.