<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[162244] branches/jsCStack/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/162244">162244</a></dd>
<dt>Author</dt> <dd>fpizlo@apple.com</dd>
<dt>Date</dt> <dd>2014-01-17 21:48:09 -0800 (Fri, 17 Jan 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>FTL should update machine virtual registers in runtime meta-data according to the captured stackmap
https://bugs.webkit.org/show_bug.cgi?id=125725
Reviewed by Michael Saboff.
This is pretty awesome - it closes the loop on our FTL stackwalking story. We use
an alloca for storing all of the things that the runtime will want to discover
during a stack walk, like the closure pointer for inlined closure calls and the
arguments to inlined functions. We then pass that alloca as an argument to a
stackmap in the prologue, and LLVM reports the alloca's frame offset using a
stackmap direct entry. We call this the "localsOffset". Previously we just used
this to update some OSR exit meta-data. Now we also use it to properly adjust the
ValueRecovery meta-data in inline call frames.
Currently we only have to do this for inline call frames and OSR exits, but in the
future we'll use similar techniques for activations. This bug doesn't cover that
since the FTL doesn't support compiling functions that create activations, yet.
This change makes us incorporate localsOffset into all of the relevant things that
the FTL supports.
This fixes:
jsc-layout-tests.yaml/js/script-tests/dfg-inline-arguments-use-from-all-the-places.js.layout-ftl-eager-no-cjit
With this fix, the FTL only fails one of the JSC layout tests.
* bytecode/ValueRecovery.h:
(JSC::ValueRecovery::withLocalsOffset):
* ftl/FTLCompile.cpp:
(JSC::FTL::fixFunctionBasedOnStackMaps):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branchesjsCStackSourceJavaScriptCoreChangeLog">branches/jsCStack/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCorebytecodeValueRecoveryh">branches/jsCStack/Source/JavaScriptCore/bytecode/ValueRecovery.h</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoreftlFTLCompilecpp">branches/jsCStack/Source/JavaScriptCore/ftl/FTLCompile.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchesjsCStackSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/ChangeLog (162243 => 162244)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/ChangeLog 2014-01-18 05:33:34 UTC (rev 162243)
+++ branches/jsCStack/Source/JavaScriptCore/ChangeLog 2014-01-18 05:48:09 UTC (rev 162244)
</span><span class="lines">@@ -1,3 +1,36 @@
</span><ins>+2014-01-17 Filip Pizlo <fpizlo@apple.com>
+
+ FTL should update machine virtual registers in runtime meta-data according to the captured stackmap
+ https://bugs.webkit.org/show_bug.cgi?id=125725
+
+ Reviewed by Michael Saboff.
+
+ This is pretty awesome - it closes the loop on our FTL stackwalking story. We use
+ an alloca for storing all of the things that the runtime will want to discover
+ during a stack walk, like the closure pointer for inlined closure calls and the
+ arguments to inlined functions. We then pass that alloca as an argument to a
+ stackmap in the prologue, and LLVM reports the alloca's frame offset using a
+ stackmap direct entry. We call this the "localsOffset". Previously we just used
+ this to update some OSR exit meta-data. Now we also use it to properly adjust the
+ ValueRecovery meta-data in inline call frames.
+
+ Currently we only have to do this for inline call frames and OSR exits, but in the
+ future we'll use similar techniques for activations. This bug doesn't cover that
+ since the FTL doesn't support compiling functions that create activations, yet.
+ This change makes us incorporate localsOffset into all of the relevant things that
+ the FTL supports.
+
+ This fixes:
+
+ jsc-layout-tests.yaml/js/script-tests/dfg-inline-arguments-use-from-all-the-places.js.layout-ftl-eager-no-cjit
+
+ With this fix, the FTL only fails one of the JSC layout tests.
+
+ * bytecode/ValueRecovery.h:
+ (JSC::ValueRecovery::withLocalsOffset):
+ * ftl/FTLCompile.cpp:
+ (JSC::FTL::fixFunctionBasedOnStackMaps):
+
</ins><span class="cx"> 2014-01-17 Michael Saboff <msaboff@apple.com>
</span><span class="cx">
</span><span class="cx"> CStack Branch: Fix Baseline JIT for X86-32
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCorebytecodeValueRecoveryh"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/bytecode/ValueRecovery.h (162243 => 162244)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/bytecode/ValueRecovery.h 2014-01-18 05:33:34 UTC (rev 162243)
+++ branches/jsCStack/Source/JavaScriptCore/bytecode/ValueRecovery.h 2014-01-18 05:48:09 UTC (rev 162244)
</span><span class="lines">@@ -230,6 +230,27 @@
</span><span class="cx"> return VirtualRegister(m_source.virtualReg);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ ValueRecovery withLocalsOffset(int offset) const
+ {
+ switch (m_technique) {
+ case DisplacedInJSStack:
+ case Int32DisplacedInJSStack:
+ case DoubleDisplacedInJSStack:
+ case CellDisplacedInJSStack:
+ case BooleanDisplacedInJSStack:
+ case Int52DisplacedInJSStack:
+ case StrictInt52DisplacedInJSStack: {
+ ValueRecovery result;
+ result.m_technique = m_technique;
+ result.m_source.virtualReg = m_source.virtualReg + offset;
+ return result;
+ }
+
+ default:
+ return *this;
+ }
+ }
+
</ins><span class="cx"> JSValue constant() const
</span><span class="cx"> {
</span><span class="cx"> ASSERT(m_technique == Constant);
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoreftlFTLCompilecpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/ftl/FTLCompile.cpp (162243 => 162244)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/ftl/FTLCompile.cpp 2014-01-18 05:33:34 UTC (rev 162243)
+++ branches/jsCStack/Source/JavaScriptCore/ftl/FTLCompile.cpp 2014-01-18 05:48:09 UTC (rev 162244)
</span><span class="lines">@@ -168,8 +168,24 @@
</span><span class="cx"> RELEASE_ASSERT(!(capturedLocation.addend() % sizeof(Register)));
</span><span class="cx"> int32_t localsOffset = capturedLocation.addend() / sizeof(Register) + graph.m_nextMachineLocal;
</span><span class="cx">
</span><del>- // FIXME: Need to update all machine virtual registers in runtime meta-data.
- // https://bugs.webkit.org/show_bug.cgi?id=125725
</del><ins>+ for (unsigned i = graph.m_inlineVariableData.size(); i--;) {
+ InlineCallFrame* inlineCallFrame = graph.m_inlineVariableData[i].inlineCallFrame;
+
+ if (inlineCallFrame->argumentsRegister.isValid()) {
+ inlineCallFrame->argumentsRegister = VirtualRegister(
+ inlineCallFrame->argumentsRegister.offset() + localsOffset);
+ }
+
+ for (unsigned argument = inlineCallFrame->arguments.size(); argument-- > 1;) {
+ inlineCallFrame->arguments[argument] =
+ inlineCallFrame->arguments[argument].withLocalsOffset(localsOffset);
+ }
+
+ if (inlineCallFrame->isClosureCall) {
+ inlineCallFrame->calleeRecovery =
+ inlineCallFrame->calleeRecovery.withLocalsOffset(localsOffset);
+ }
+ }
</ins><span class="cx">
</span><span class="cx"> {
</span><span class="cx"> CCallHelpers checkJIT(&vm, codeBlock);
</span></span></pre>
</div>
</div>
</body>
</html>