Summary: | [JSC] Store CodeBlock in caller side | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Yusuke Suzuki <ysuzuki> | ||||||||||||||||||||||||||||||||||
Component: | JavaScriptCore | Assignee: | Yusuke Suzuki <ysuzuki> | ||||||||||||||||||||||||||||||||||
Status: | RESOLVED FIXED | ||||||||||||||||||||||||||||||||||||
Severity: | Normal | CC: | ews-watchlist, keith_miller, mark.lam, mcatanzaro, msaboff, saam, tzagallo, webkit-bug-importer | ||||||||||||||||||||||||||||||||||
Priority: | P2 | Keywords: | InRadar | ||||||||||||||||||||||||||||||||||
Version: | WebKit Nightly Build | ||||||||||||||||||||||||||||||||||||
Hardware: | Unspecified | ||||||||||||||||||||||||||||||||||||
OS: | Unspecified | ||||||||||||||||||||||||||||||||||||
See Also: | https://bugs.webkit.org/show_bug.cgi?id=238956 | ||||||||||||||||||||||||||||||||||||
Attachments: |
|
Description
Yusuke Suzuki
2022-03-29 20:12:43 PDT
Created attachment 456088 [details]
Patch
Created attachment 456103 [details]
Patch
Created attachment 456110 [details]
Patch
Created attachment 456157 [details]
Patch
Created attachment 456176 [details]
Patch
Created attachment 456193 [details]
Patch
Created attachment 456199 [details]
Patch
Created attachment 456303 [details]
Patch
Created attachment 456307 [details]
Patch
Created attachment 456317 [details]
Patch
Created attachment 456325 [details]
Patch
Created attachment 456395 [details]
Patch
Created attachment 456447 [details]
Patch
Created attachment 456642 [details]
Patch
Comment on attachment 456642 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=456642&action=review r=me > Source/JavaScriptCore/ChangeLog:9 > + This helps unlinked Baseline and DFG since we no longer need to load CodeBlock from callee via costly dependent loads: unlinked ones and LLInt > Source/JavaScriptCore/jit/JIT.cpp:754 > +#if ASSERT_ENABLED > + probeDebug([=](Probe::Context& ctx) { > + CodeBlock* codeBlock = ctx.fp<CallFrame*>()->codeBlock(); > + if (codeBlock->jitType() != JITType::BaselineJIT) { > + dataLogLn("FP ", RawPointer(ctx.fp<CallFrame*>())); > + RELEASE_ASSERT_NOT_REACHED(); > + } > + }); > +#endif Why do we only do this release assert for function code? It should always be correct. Same for DFG/FTL > Source/JavaScriptCore/runtime/FunctionExecutable.h:302 > + return 0; can you RELEASE_ASSERT_NOT_REACHED here? Comment on attachment 456642 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=456642&action=review >> Source/JavaScriptCore/jit/JIT.cpp:754 >> +#endif > > Why do we only do this release assert for function code? It should always be correct. Same for DFG/FTL My unlinked baseline patch might've done things this way. But I think it's worth doing always. Comment on attachment 456642 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=456642&action=review Thank you! >> Source/JavaScriptCore/ChangeLog:9 >> + This helps unlinked Baseline and DFG since we no longer need to load CodeBlock from callee via costly dependent loads: unlinked ones > > and LLInt Fixed. >>> Source/JavaScriptCore/jit/JIT.cpp:754 >>> +#endif >> >> Why do we only do this release assert for function code? It should always be correct. Same for DFG/FTL > > My unlinked baseline patch might've done things this way. But I think it's worth doing always. Sounds good! Changed. >> Source/JavaScriptCore/runtime/FunctionExecutable.h:302 >> + return 0; > > can you RELEASE_ASSERT_NOT_REACHED here? Nice, fixed. Created attachment 456661 [details]
Patch
Created attachment 456664 [details]
Patch
Committed r292372 (249237@trunk): <https://commits.webkit.org/249237@trunk> This broke s390x, see bug #238956 |