Bug 146562 - DFG and FTL should have an OSR exit fuzzer
Summary: DFG and FTL should have an OSR exit fuzzer
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Filip Pizlo
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-07-02 15:49 PDT by Filip Pizlo
Modified: 2015-07-02 18:49 PDT (History)
13 users (show)

See Also:

Attachments
work in progress (10.58 KB, patch)
2015-07-02 15:49 PDT, Filip Pizlo 		no flags Details | Formatted Diff | Diff
the patch (19.66 KB, patch)
2015-07-02 18:37 PDT, Filip Pizlo 		benjamin: review+
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Filip Pizlo 2015-07-02 15:49:23 PDT 
Patch forthcoming.
Comment 1 Filip Pizlo 2015-07-02 15:49:51 PDT 
Created attachment 256043 [details]
work in progress
Comment 2 Filip Pizlo 2015-07-02 18:37:07 PDT 
Created attachment 256066 [details]
the patch
Comment 3 WebKit Commit Bot 2015-07-02 18:39:10 PDT 
Attachment 256066 [details] did not pass style-queue:


ERROR: Source/JavaScriptCore/dfg/DFGOSRExitFuzz.h:32:  g_numberOfOSRExitFuzzChecks is incorrectly named. Don't use underscores in your identifier names.  [readability/naming/underscores] [4]
ERROR: Source/JavaScriptCore/dfg/DFGOSRExitFuzz.cpp:33:  g_numberOfOSRExitFuzzChecks is incorrectly named. Don't use underscores in your identifier names.  [readability/naming/underscores] [4]
Total errors found: 2 in 12 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 4 Benjamin Poulain 2015-07-02 18:46:08 PDT 
Comment on attachment 256066 [details]
the patch

View in context: https://bugs.webkit.org/attachment.cgi?id=256066&action=review

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:182
> +        MacroAssembler::RelationalCondition condition;
> +        if (atOrAfter) {
> +            threshold = atOrAfter;
> +            condition = MacroAssembler::Below;
> +        } else {
> +            threshold = at;
> +            condition = MacroAssembler::NotEqual;
> +        }

You could return a JumpList and not have those exclusive.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:184
> +        MacroAssembler::Jump ok = m_jit.branch32(
> +            condition, GPRInfo::regT0, MacroAssembler::TrustedImm32(threshold));

Could be on one line.

> Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp:8186
> +            if (unsigned at = Options::fireOSRExitFuzzAt()) {
> +                failCondition = m_out.bitOr(
> +                    failCondition,
> +                    m_out.equal(numberOfFuzzChecks, m_out.constInt32(at)));
> +            }

Oh, this one is not exclusive...
Comment 5 Filip Pizlo 2015-07-02 18:49:52 PDT 
Landed in http://trac.webkit.org/changeset/186252