Bug 65830

Summary: DFG JIT verbose mode does not report the generated types of nodes
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: dglazkov, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
the patch
sam: review+, webkit.review.bot: commit-queue-
the patch (fix merge) none

Description Filip Pizlo 2011-08-07 13:46:50 PDT 
The DFG JIT has a verbose mode that is intended for debugging, where it currently dumps the IR and the machine code offsets at which nodes in the IR were generated.  The IR is mostly untyped, with types being selected on-the-fly in the backend.  But the backend does not report the types that are selected for nodes, making it difficult to reason about what kind of code the JIT is emitting unless a machine code dump is produced.  The simplest solution is to have the DFG backends (both speculative and non-speculative) dump the DataFormat selected for the register into which the result of each node is placed.
Comment 1 Filip Pizlo 2011-08-07 13:49:09 PDT 
Created attachment 103187 [details]
the patch
Comment 2 WebKit Review Bot 2011-08-07 21:14:53 PDT 
Comment on attachment 103187 [details]
the patch

Attachment 103187 [details] did not pass chromium-ews (chromium-xvfb):
Output: http://queues.webkit.org/results/9324802

New failing tests:
svg/zoom/page/zoom-svg-through-object-with-percentage-size.xhtml
svg/custom/svg-fonts-word-spacing.html
Comment 3 Sam Weinig 2011-08-07 21:59:27 PDT 
Comment on attachment 103187 [details]
the patch

View in context: https://bugs.webkit.org/attachment.cgi?id=103187&action=review

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:1300
>          if (!m_compileOkay)
>              return;
> +#if DFG_DEBUG_VERBOSE
> +        if (node.hasResult())
> +            fprintf(stderr, "-> %s\n", dataFormatToString(m_generationInfo[node.virtualRegister()].registerFormat()));
> +        else
> +            fprintf(stderr, "\n");
> +#endif

It seems like this might give output without a newline in the case that the compile fails.
Comment 4 Filip Pizlo 2011-08-07 22:37:54 PDT 
(In reply to comment #3)
> (From update of attachment 103187 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=103187&action=review
> 
> > Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:1300
> >          if (!m_compileOkay)
> >              return;
> > +#if DFG_DEBUG_VERBOSE
> > +        if (node.hasResult())
> > +            fprintf(stderr, "-> %s\n", dataFormatToString(m_generationInfo[node.virtualRegister()].registerFormat()));
> > +        else
> > +            fprintf(stderr, "\n");
> > +#endif
> 
> It seems like this might give output without a newline in the case that the compile fails.

Actually it just changes the format of the output when speculation fails.  Previously it would have printed:

SpeculativeJIT generating Node @150 at JIT offset 0x73e
SpeculativeJIT generating Node @151 at JIT offset 0x742
SpeculativeJIT generating Node @152 at JIT offset 0x742
SpeculativeJIT generating Node @156 at JIT offset 0x74b
SpeculativeJIT generating Node @159 at JIT offset 0x74f 
SpeculativeJIT generating Node @160 at JIT offset 0x753
SpeculativeJIT generating Node @162 at JIT offset 0x7c0
SpeculativeJIT generating Node @164 at JIT offset 0x7e6
SpeculativeJIT generating Node @165 at JIT offset 0x7e6
SpeculativeJIT generating Node @167 at JIT offset 0x7f9   
SpeculativeJIT generating Node @169 at JIT offset 0x86f
SpeculativeJIT generating Node @170 at JIT offset 0x873
SpeculativeJIT was terminated.
NonSpeculativeJIT generating Node @8 at code offset 0x2d
NonSpeculativeJIT generating Node @9 at code offset 0x31
NonSpeculativeJIT generating Node @10 at code offset 0x5e   

Now it'll print:

SpeculativeJIT generating Node @150 at JIT offset 0x73e   -> Integer
SpeculativeJIT generating Node @151 at JIT offset 0x742   -> None
SpeculativeJIT generating Node @152 at JIT offset 0x742   -> None
SpeculativeJIT generating Node @156 at JIT offset 0x74b   -> JSCell
SpeculativeJIT generating Node @159 at JIT offset 0x74f   -> JS
SpeculativeJIT generating Node @160 at JIT offset 0x753   -> JS
SpeculativeJIT generating Node @162 at JIT offset 0x7c0   -> Double
SpeculativeJIT generating Node @164 at JIT offset 0x7e6   -> None
SpeculativeJIT generating Node @165 at JIT offset 0x7e6   -> Double
SpeculativeJIT generating Node @167 at JIT offset 0x7f9   
SpeculativeJIT generating Node @169 at JIT offset 0x86f   -> Integer
SpeculativeJIT generating Node @170 at JIT offset 0x873   SpeculativeJIT was terminated.
NonSpeculativeJIT generating Node @8 at code offset 0x2d   -> JS
NonSpeculativeJIT generating Node @9 at code offset 0x31   -> Cell
NonSpeculativeJIT generating Node @10 at code offset 0x5e   

If anyone feels strongly about having "SpeculativeJIT was terminated" printed after a newline after the line that reports the node on which the speculation fails, then I can certainly make that change!  But I left it this way because to me, this actually kind of looks better.  It implements the invariant that verbose mode prints one line per node, per JIT backend, and this one line contains all the info you want (the node number, the machine code offset, the result if there is one, and whether or not speculation terminated).
Comment 5 Sam Weinig 2011-08-11 15:24:34 PDT 
Comment on attachment 103187 [details]
the patch

My mistake, r=me.
Comment 6 Filip Pizlo 2011-08-11 16:11:12 PDT 
Created attachment 103696 [details]
the patch (fix merge)
Comment 7 WebKit Review Bot 2011-08-11 17:11:23 PDT 
Comment on attachment 103696 [details]
the patch (fix merge)

Clearing flags on attachment: 103696

Committed r92892: <http://trac.webkit.org/changeset/92892>
Comment 8 WebKit Review Bot 2011-08-11 17:11:27 PDT 
All reviewed patches have been landed.  Closing bug.