Bug 212680 - Enhance DoesGC verification to print more useful info when verification fails.
Summary: Enhance DoesGC verification to print more useful info when verification fails.
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Lam
URL:
Keywords: InRadar
Depends on: 212687
Blocks:
  Show dependency treegraph
 
Reported: 2020-06-02 19:05 PDT by Mark Lam
Modified: 2020-06-04 02:23 PDT (History)
12 users (show)

See Also:

Attachments
proposed patch. (41.62 KB, patch)
2020-06-02 19:20 PDT, Mark Lam 		no flags Details | Formatted Diff | Diff
proposed patch. (41.64 KB, patch)
2020-06-02 19:27 PDT, Mark Lam 		no flags Details | Formatted Diff | Diff
proposed patch. (41.68 KB, patch)
2020-06-02 19:30 PDT, Mark Lam 		no flags Details | Formatted Diff | Diff
proposed patch. (42.12 KB, patch)
2020-06-02 20:06 PDT, Mark Lam 		no flags Details | Formatted Diff | Diff
proposed patch. (41.84 KB, patch)
2020-06-02 20:56 PDT, Mark Lam 		ysuzuki: review+
Details | Formatted Diff | Diff
test for Windows bot. (34.30 KB, patch)
2020-06-02 23:33 PDT, Mark Lam 		no flags Details | Formatted Diff | Diff
Show Obsolete (5) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Lam 2020-06-02 19:05:20 PDT 
Previously, we were just getting an assertion failure without too much extra info.
Comment 1 Mark Lam 2020-06-02 19:20:46 PDT 
Created attachment 400879 [details]
proposed patch.
Comment 2 Mark Lam 2020-06-02 19:27:50 PDT 
Created attachment 400881 [details]
proposed patch.
Comment 3 Mark Lam 2020-06-02 19:30:15 PDT 
Created attachment 400883 [details]
proposed patch.
Comment 4 Mark Lam 2020-06-02 20:06:44 PDT 
Created attachment 400887 [details]
proposed patch.
Comment 5 Mark Lam 2020-06-02 20:26:48 PDT 
Comment on attachment 400887 [details]
proposed patch.

Looks like the patch is ready for a review.
Comment 6 Yusuke Suzuki 2020-06-02 20:30:09 PDT 
Comment on attachment 400887 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=400887&action=review

> Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h:977
> +    }

We should do the same thing to `void store64(TrustedImm64 imm, ImplicitAddress address)`.
This is splitting store64 into two stores. This is not good since it is not atomic.
If the client assumes that this store is atomic in 64bit width, we have a bad time.
Comment 7 Mark Lam 2020-06-02 20:34:36 PDT 
Comment on attachment 400887 [details]
proposed patch.

Taking out of review while I address Yusuke's concern.
Comment 8 Mark Lam 2020-06-02 20:56:01 PDT 
Created attachment 400889 [details]
proposed patch.

Fixed store64 to use a single store.
Comment 9 Yusuke Suzuki 2020-06-02 21:24:31 PDT 
Comment on attachment 400889 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=400889&action=review

r=me with comment

> Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h:988
>  
> +    void store64(TrustedImm64 imm, void* address)
> +    {
> +        auto src = scratchRegister();
> +        move(imm, src);
> +        swap(src, X86Registers::eax);
> +        m_assembler.movq_EAXm(address);
> +        swap(src, X86Registers::eax);
> +    }
> +

Why not just doing the same thing to `void store64(TrustedImm64 imm, ImplicitAddress address)`?
Comment 10 Mark Lam 2020-06-02 21:45:17 PDT 
Comment on attachment 400889 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=400889&action=review

>> Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h:988
>> +
> 
> Why not just doing the same thing to `void store64(TrustedImm64 imm, ImplicitAddress address)`?

I talked with Yusuke offline about this: the ImplicitAddress takes a register as the base of the address.  My store64 does not have an extra register to use as that base.  However, we noted that in the scenario where the imm fits in 32-bits, we can use the scratchRegister to store the address instead of the imm value.  So, I added a fast path for this case.
Comment 11 Mark Lam 2020-06-02 21:48:15 PDT 
Thanks for the review.  Landed in r262475: <http://trac.webkit.org/r262475>.
Comment 12 Radar WebKit Bug Importer 2020-06-02 21:49:15 PDT 
<rdar://problem/63908362>
Comment 13 Mark Lam 2020-06-02 23:27:25 PDT 
Rolled out in r262478: <http://trac.webkit.org/r262478> because of broken Windows build.
Comment 14 Mark Lam 2020-06-02 23:33:28 PDT 
Created attachment 400902 [details]
test for Windows bot.
Comment 15 Mark Lam 2020-06-03 13:25:20 PDT 
Now that the true cause of the Windows bot build failure has been resolved in https://bugs.webkit.org/show_bug.cgi?id=212687, we can re-land this.


Re-landed in r262513: <http://trac.webkit.org/r262513>.
Comment 16 Mark Lam 2020-06-03 15:16:59 PDT 
Landed Windows debug build fix in r262517: <http://trac.webkit.org/r262517>.