Bug 214289 - returnEarlyFromInfiniteLoopsForFuzzing and validateDoesGC may fail when used together in the FTL
Summary: returnEarlyFromInfiniteLoopsForFuzzing and validateDoesGC may fail when used ...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Saam Barati
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-07-13 17:50 PDT by Saam Barati
Modified: 2020-07-20 13:04 PDT (History)
16 users (show)

See Also:

Attachments
patch (1.31 KB, patch)
2020-07-13 18:43 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
patch (4.36 KB, patch)
2020-07-13 18:44 PDT, Saam Barati 		keith_miller: review+
Details | Formatted Diff | Diff
patch for landing (4.35 KB, patch)
2020-07-13 19:03 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
patch for landing (4.41 KB, patch)
2020-07-13 20:30 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Saam Barati 2020-07-13 17:50:04 PDT 
...
Comment 1 Saam Barati 2020-07-13 17:50:32 PDT 
<rdar://problem/65272138>
Comment 2 Saam Barati 2020-07-13 18:43:40 PDT 
Created attachment 404199 [details]
patch
Comment 3 Saam Barati 2020-07-13 18:44:11 PDT 
Created attachment 404200 [details]
patch
Comment 4 Keith Miller 2020-07-13 18:54:25 PDT 
Comment on attachment 404200 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=404200&action=review

r=me with nit.

> Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:14743
> +                    jit.store32(CCallHelpers::TrustedImm32(DoesGCCheck::encode(true, DoesGCCheck::Special::Uninitialized)), CCallHelpers::Address(GPRInfo::regT0));

Nit: I think this can be DoesGCCheck(). But maybe I'm missing something.
Comment 5 Saam Barati 2020-07-13 18:58:25 PDT 
Comment on attachment 404200 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=404200&action=review

>> Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:14743
>> +                    jit.store32(CCallHelpers::TrustedImm32(DoesGCCheck::encode(true, DoesGCCheck::Special::Uninitialized)), CCallHelpers::Address(GPRInfo::regT0));
> 
> Nit: I think this can be DoesGCCheck(). But maybe I'm missing something.

we don't have an accessor to read out the bits as is, that's why I'm calling encode
Comment 6 Saam Barati 2020-07-13 19:03:10 PDT 
Created attachment 404202 [details]
patch for landing
Comment 7 Saam Barati 2020-07-13 20:30:04 PDT 
Created attachment 404204 [details]
patch for landing
Comment 8 EWS 2020-07-13 20:53:31 PDT 
Committed r264330: <https://trac.webkit.org/changeset/264330>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 404204 [details].
Comment 9 Michael Catanzaro 2020-07-17 09:40:35 PDT 
Hi, this causes JSC stress tests to run forever on x86_64 when cloop is enabled. I think we need a different skip condition since --returnEarlyFromInfiniteLoopsForFuzzing is not implemented for cloop, right? Is there a way to skip tests depending on whether JIT is enabled?

Concerning: the tests are still passing an aarch64, meaning this test must be skipped despite the skip if $architecture != "arm64". That indicates we probably aren't detecting aarch64 correctly.
Comment 10 Saam Barati 2020-07-19 00:47:22 PDT 
(In reply to Michael Catanzaro from comment #9)
> Hi, this causes JSC stress tests to run forever on x86_64 when cloop is
> enabled. I think we need a different skip condition since
> --returnEarlyFromInfiniteLoopsForFuzzing is not implemented for cloop,
> right? Is there a way to skip tests depending on whether JIT is enabled?
> 
> Concerning: the tests are still passing an aarch64, meaning this test must
> be skipped despite the skip if $architecture != "arm64". That indicates we
> probably aren't detecting aarch64 correctly.


I can fix tomorrow or Monday. We probably should add $vm.isCloop() if it doesn’t exist already, and then return early from the test. 

Is the ARM64 bot cloop? Does it invoke run-JSC-stress-tests with “—arch arm64”?
Comment 11 Michael Catanzaro 2020-07-19 07:52:18 PDT 
(In reply to Saam Barati from comment #10) 
> I can fix tomorrow or Monday. We probably should add $vm.isCloop() if it
> doesn’t exist already, and then return early from the test. 

Thanks. See: bug #214491. I forgot to leave a link to that he re.

> Is the ARM64 bot cloop?

Yes. (Our internal testers actually only test cloop. The public bots are good enough to keep the JIT working. :)

> Does it invoke run-JSC-stress-tests with “—arch arm64”?

No, none of our runners use the --arch option. (Didn't know about that option.) It's determined by determineArchitectureFromELFBinary() in run-jsc-stress-tests, which I touched last in r261862. I might have to try to get access to a binary file to see if that function is working properly.
Comment 12 Saam Barati 2020-07-20 12:42:37 PDT 
(In reply to Michael Catanzaro from comment #11)
> (In reply to Saam Barati from comment #10) 
> > I can fix tomorrow or Monday. We probably should add $vm.isCloop() if it
> > doesn’t exist already, and then return early from the test. 
> 
> Thanks. See: bug #214491. I forgot to leave a link to that he re.
> 
> > Is the ARM64 bot cloop?
> 
> Yes. (Our internal testers actually only test cloop. The public bots are
> good enough to keep the JIT working. :)
> 
> > Does it invoke run-JSC-stress-tests with “—arch arm64”?
> 
> No, none of our runners use the --arch option. (Didn't know about that
> option.) It's determined by determineArchitectureFromELFBinary() in
> run-jsc-stress-tests, which I touched last in r261862. I might have to try
> to get access to a binary file to see if that function is working properly.

Yeah, if you're not passing "--arch", it's pretty likely that's the issue. I've ensured many times that these checks work in the tests themselves (because I've added many of them).