Bug 118946 - fourthTier: It should be possible for a DFG::Node to claim to exit to one CodeOrigin, but then claim that it belongs to a different CodeOrigin for all other purposes
Summary: fourthTier: It should be possible for a DFG::Node to claim to exit to one Cod...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Filip Pizlo
URL:
Keywords:
Depends on:
Blocks: 118749
  Show dependency treegraph
 
Reported: 2013-07-20 16:47 PDT by Filip Pizlo
Modified: 2013-07-21 16:41 PDT (History)
7 users (show)

See Also:


Attachments
the patch (14.70 KB, patch)
2013-07-21 12:30 PDT, Filip Pizlo
ggaren: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Filip Pizlo 2013-07-20 16:47:18 PDT
Currently a DFG::Node exits and contributes profiling to the same CodeOrigin.  Not only should we allow these origins to be different, but we want a node to have a set of CodeOrigins to which it supplies profiling.
Comment 1 Filip Pizlo 2013-07-21 11:38:37 PDT
I don't think we actually need there to be a set bigger than one for the profiling code origins.
Comment 2 Filip Pizlo 2013-07-21 11:41:34 PDT
Interestingly, the profiling code origin should also be the code origin we use for doing things like finding the global object.

The exit target code origin is the only true special case.
Comment 3 Filip Pizlo 2013-07-21 12:30:37 PDT
Created attachment 207212 [details]
the patch
Comment 4 Geoffrey Garen 2013-07-21 16:16:01 PDT
Comment on attachment 207212 [details]
the patch

View in context: https://bugs.webkit.org/attachment.cgi?id=207212&action=review

r=me

> Source/JavaScriptCore/dfg/DFGNode.h:1388
> +    // Code origin for profiling.
> +    CodeOrigin codeOriginForExitTarget;

The JIT does this:

 1712        m_codeOriginForExitTarget = m_currentNode->codeOriginForExitTarget;
 1713        m_codeOriginForExitProfiling = m_currentNode->codeOrigin;

So, I don't think this comment that says codeOriginForExitTarget is used for profiling is correct.

> Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp:2875
> +    CodeOrigin m_codeOriginForExitProfile;

Can you pick either "ForExitProfile" or "ForExitProfiling", and use it everywhere?
Comment 5 Filip Pizlo 2013-07-21 16:25:20 PDT
(In reply to comment #4)
> (From update of attachment 207212 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=207212&action=review
> 
> r=me
> 
> > Source/JavaScriptCore/dfg/DFGNode.h:1388
> > +    // Code origin for profiling.
> > +    CodeOrigin codeOriginForExitTarget;
> 
> The JIT does this:
> 
>  1712        m_codeOriginForExitTarget = m_currentNode->codeOriginForExitTarget;
>  1713        m_codeOriginForExitProfiling = m_currentNode->codeOrigin;
> 
> So, I don't think this comment that says codeOriginForExitTarget is used for profiling is correct.

Oops, I will fix.  It should say "// Code origin for where the node exits to".

> 
> > Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp:2875
> > +    CodeOrigin m_codeOriginForExitProfile;
> 
> Can you pick either "ForExitProfile" or "ForExitProfiling", and use it everywhere?

Yeah, ForExitProfile it is.
Comment 6 Filip Pizlo 2013-07-21 16:41:15 PDT
Landed in http://trac.webkit.org/changeset/152954