<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[180756] releases/WebKitGTK/webkit-2.8</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/180756">180756</a></dd>
<dt>Author</dt> <dd>carlosgc@webkit.org</dd>
<dt>Date</dt> <dd>2015-02-27 09:16:41 -0800 (Fri, 27 Feb 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/180423">r180423</a> - DFG JIT needs to check for stack overflow at the start of Program and Eval execution
https://bugs.webkit.org/show_bug.cgi?id=141676
Reviewed by Filip Pizlo.
Source/JavaScriptCore:
Added stack check to the beginning of the code the DFG copmiler emits for Program and Eval nodes.
To aid in testing the code, I replaced the EvalCodeCache::maxCacheableSourceLength const
a options in runtime/Options.h. The test script, run-jsc-stress-tests, sets that option
to a huge value when running with the "Eager" options. This allows the updated test to
reliably exercise the code in questions.
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compile):
Added stack check.
* bytecode/EvalCodeCache.h:
(JSC::EvalCodeCache::tryGet):
(JSC::EvalCodeCache::getSlow):
* runtime/Options.h:
Replaced EvalCodeCache::imaxCacheableSourceLength with Options::maximumEvalCacheableSourceLength
so that it can be configured when running the related test.
Tools:
Set the newly added --maximumEvalCacheableSourceLength option for eager test runs. This is needed
to allow the eval out of stack tests to tier up. Without this option, we don't cache the likely
large string expression that we want to eval.
* Scripts/run-jsc-stress-tests:
LayoutTests:
Updated the check for out of stack at eval entry test from using a fixed number of frame to
back track to now adjust the amount of back tracking up the stack based on where we can run a
simple eval(). At that point in the stack we try to cause an out of stack exception.
Also added a second pass of the test that takes the originally failing eval and tiers that
eval expression up to the DFG when used with the agreessive options of run-jsc-stress-tests.
This was done to reduce the amount of time the test takes to run in debug builds.
* js/regress-141098-expected.txt:
* js/script-tests/regress-141098.js:
(testEval):
(probeAndRecurse):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit28LayoutTestsChangeLog">releases/WebKitGTK/webkit-2.8/LayoutTests/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit28LayoutTestsjsregress141098expectedtxt">releases/WebKitGTK/webkit-2.8/LayoutTests/js/regress-141098-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit28LayoutTestsjsscripttestsregress141098js">releases/WebKitGTK/webkit-2.8/LayoutTests/js/script-tests/regress-141098.js</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourceJavaScriptCoreChangeLog">releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourceJavaScriptCorebytecodeEvalCodeCacheh">releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore/bytecode/EvalCodeCache.h</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourceJavaScriptCoredfgDFGJITCompilercpp">releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourceJavaScriptCoreruntimeOptionsh">releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore/runtime/Options.h</a></li>
<li><a href="#releasesWebKitGTKwebkit28ToolsChangeLog">releases/WebKitGTK/webkit-2.8/Tools/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit28ToolsScriptsrunjscstresstests">releases/WebKitGTK/webkit-2.8/Tools/Scripts/run-jsc-stress-tests</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="releasesWebKitGTKwebkit28LayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/LayoutTests/ChangeLog (180755 => 180756)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/LayoutTests/ChangeLog 2015-02-27 17:02:08 UTC (rev 180755)
+++ releases/WebKitGTK/webkit-2.8/LayoutTests/ChangeLog 2015-02-27 17:16:41 UTC (rev 180756)
</span><span class="lines">@@ -1,3 +1,23 @@
</span><ins>+2015-02-20 Michael Saboff <msaboff@apple.com>
+
+ DFG JIT needs to check for stack overflow at the start of Program and Eval execution
+ https://bugs.webkit.org/show_bug.cgi?id=141676
+
+ Reviewed by Filip Pizlo.
+
+ Updated the check for out of stack at eval entry test from using a fixed number of frame to
+ back track to now adjust the amount of back tracking up the stack based on where we can run a
+ simple eval(). At that point in the stack we try to cause an out of stack exception.
+
+ Also added a second pass of the test that takes the originally failing eval and tiers that
+ eval expression up to the DFG when used with the agreessive options of run-jsc-stress-tests.
+ This was done to reduce the amount of time the test takes to run in debug builds.
+
+ * js/regress-141098-expected.txt:
+ * js/script-tests/regress-141098.js:
+ (testEval):
+ (probeAndRecurse):
+
</ins><span class="cx"> 2015-02-20 Dhi Aurrahman <diorahman@rockybars.com>
</span><span class="cx">
</span><span class="cx"> Language ranges containing asterisks must be quoted as strings
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28LayoutTestsjsregress141098expectedtxt"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/LayoutTests/js/regress-141098-expected.txt (180755 => 180756)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/LayoutTests/js/regress-141098-expected.txt 2015-02-27 17:02:08 UTC (rev 180755)
+++ releases/WebKitGTK/webkit-2.8/LayoutTests/js/regress-141098-expected.txt 2015-02-27 17:16:41 UTC (rev 180756)
</span><span class="lines">@@ -3,6 +3,8 @@
</span><span class="cx"> On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
</span><span class="cx">
</span><span class="cx">
</span><ins>+PASS Exception: RangeError: Maximum call stack size exceeded.
+PASS Exception: RangeError: Maximum call stack size exceeded.
</ins><span class="cx"> PASS successfullyParsed is true
</span><span class="cx">
</span><span class="cx"> TEST COMPLETE
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28LayoutTestsjsscripttestsregress141098js"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/LayoutTests/js/script-tests/regress-141098.js (180755 => 180756)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/LayoutTests/js/script-tests/regress-141098.js 2015-02-27 17:02:08 UTC (rev 180755)
+++ releases/WebKitGTK/webkit-2.8/LayoutTests/js/script-tests/regress-141098.js 2015-02-27 17:16:41 UTC (rev 180756)
</span><span class="lines">@@ -1,46 +1,77 @@
</span><span class="cx"> description("Regression test for https://webkit.org/b/141098. Make sure eval() properly handles running out of stack space. This test should run without crashing.");
</span><span class="cx">
</span><del>-function probeAndRecurse(depth)
</del><ins>+// The tiering up to test higher levels of optimization will only test the DFG
+// if run in run-jsc-stress-tests with the eager settings.
+
+var lastEvalString = "";
+
+function testEval(maxIterations)
</ins><span class="cx"> {
</span><span class="cx"> var result;
</span><ins>+ var count = 1;
</ins><span class="cx">
</span><del>- // Probe stack depth
- try {
- result = probeAndRecurse(depth+1);
- if (result < 0)
- return result + 1;
- else if (result > 0)
- return result;
- } catch (e) {
- // Go up a many frames and then create an expression to eval that will consume the stack using
- // callee registers.
- return -60;
</del><ins>+ if (!maxIterations) {
+ var result = eval(lastEvalString);
+ } else {
+ for (var iter = 0; iter < maxIterations; count *= 4, iter++) {
+ var evalString = "\"dummy\".valueOf(";
+
+ for (var i = 0; i < count; i++) {
+ if (i > 0)
+ evalString += ", ";
+ evalString += i;
+ }
+
+ evalString += ");";
+
+ lastEvalString = evalString;
+ result = eval(evalString);
+ }
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- try {
- var count = 1;
</del><ins>+ return result;
+}
</ins><span class="cx">
</span><del>- for (var i = 0; i < 40; count *= 10, i++) {
- evalStringPrefix = "{ var first = " + count + "; ";
- var evalStringBody = "";
</del><ins>+function probeAndRecurse(depth)
+{
+ var result;
</ins><span class="cx">
</span><del>- for (var varIndex = 0; varIndex < count; varIndex++)
- evalStringBody += "var s" + varIndex + " = " + varIndex + ";";
</del><ins>+ // Probe stack depth
+ if (depth > 0) {
+ try {
+ result = probeAndRecurse(depth+1);
</ins><span class="cx">
</span><del>- evalStringBody += "var value = [";
- for (var varIndex = 0; varIndex < count; varIndex++) {
- if (varIndex > 0)
- evalStringBody += ", ";
- evalStringBody += "s" + varIndex;
- }
- evalStringBody += "]; ";
</del><ins>+ if (!result) {
+ try {
+ testEval(1);
+ } catch (e) {
+ return -49;
+ }
+ } else
+ return result + 1
+ } catch (e) {
+ // We exceeded stack space, now return up the stack until we can execute a simple eval.
+ // Then run an eval test to exceed stack.
+ return -49;
+ }
+ } else if (depth != 0)
+ return probeAndRecurse(depth+1);
</ins><span class="cx">
</span><del>- var evalResult = eval("{" + evalStringBody + "}");
- }
</del><ins>+ try {
+ testEval((depth > 0) ? 20 : 0);
</ins><span class="cx"> } catch (e) {
</span><ins>+ testPassed("Exception: " + e);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> return 1;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-probeAndRecurse(0);
</del><ins>+var depth = probeAndRecurse(1);
+
+// Tier up the eval'ed code.
+// When run with run-jsc-stress-tests and it's agressive options, this low of a count will
+// allow us to get up to the DFG.
+for (var i = 0; i < 200; i++)
+ testEval(0);
+
+probeAndRecurse(-depth);
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore/ChangeLog (180755 => 180756)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore/ChangeLog 2015-02-27 17:02:08 UTC (rev 180755)
+++ releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore/ChangeLog 2015-02-27 17:16:41 UTC (rev 180756)
</span><span class="lines">@@ -1,3 +1,27 @@
</span><ins>+2015-02-20 Michael Saboff <msaboff@apple.com>
+
+ DFG JIT needs to check for stack overflow at the start of Program and Eval execution
+ https://bugs.webkit.org/show_bug.cgi?id=141676
+
+ Reviewed by Filip Pizlo.
+
+ Added stack check to the beginning of the code the DFG copmiler emits for Program and Eval nodes.
+ To aid in testing the code, I replaced the EvalCodeCache::maxCacheableSourceLength const
+ a options in runtime/Options.h. The test script, run-jsc-stress-tests, sets that option
+ to a huge value when running with the "Eager" options. This allows the updated test to
+ reliably exercise the code in questions.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compile):
+ Added stack check.
+
+ * bytecode/EvalCodeCache.h:
+ (JSC::EvalCodeCache::tryGet):
+ (JSC::EvalCodeCache::getSlow):
+ * runtime/Options.h:
+ Replaced EvalCodeCache::imaxCacheableSourceLength with Options::maximumEvalCacheableSourceLength
+ so that it can be configured when running the related test.
+
</ins><span class="cx"> 2015-02-18 Csaba Osztrogonác <ossy@webkit.org>
</span><span class="cx">
</span><span class="cx"> URTBF after r180258 to fix Windows build.
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourceJavaScriptCorebytecodeEvalCodeCacheh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore/bytecode/EvalCodeCache.h (180755 => 180756)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore/bytecode/EvalCodeCache.h 2015-02-27 17:02:08 UTC (rev 180755)
+++ releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore/bytecode/EvalCodeCache.h 2015-02-27 17:16:41 UTC (rev 180756)
</span><span class="lines">@@ -31,6 +31,7 @@
</span><span class="cx">
</span><span class="cx"> #include "Executable.h"
</span><span class="cx"> #include "JSGlobalObject.h"
</span><ins>+#include "Options.h"
</ins><span class="cx"> #include "SourceCode.h"
</span><span class="cx"> #include <wtf/HashMap.h>
</span><span class="cx"> #include <wtf/RefPtr.h>
</span><span class="lines">@@ -44,7 +45,7 @@
</span><span class="cx"> public:
</span><span class="cx"> EvalExecutable* tryGet(bool inStrictContext, const String& evalSource, JSScope* scope)
</span><span class="cx"> {
</span><del>- if (!inStrictContext && evalSource.length() < maxCacheableSourceLength && scope->begin()->isVariableObject())
</del><ins>+ if (!inStrictContext && evalSource.length() < Options::maximumEvalCacheableSourceLength() && scope->begin()->isVariableObject())
</ins><span class="cx"> return m_cacheMap.get(evalSource.impl()).get();
</span><span class="cx"> return 0;
</span><span class="cx"> }
</span><span class="lines">@@ -55,7 +56,7 @@
</span><span class="cx"> if (!evalExecutable)
</span><span class="cx"> return 0;
</span><span class="cx">
</span><del>- if (!inStrictContext && evalSource.length() < maxCacheableSourceLength && scope->begin()->isVariableObject() && m_cacheMap.size() < maxCacheEntries)
</del><ins>+ if (!inStrictContext && evalSource.length() < Options::maximumEvalCacheableSourceLength() && scope->begin()->isVariableObject() && m_cacheMap.size() < maxCacheEntries)
</ins><span class="cx"> m_cacheMap.set(evalSource.impl(), WriteBarrier<EvalExecutable>(exec->vm(), owner, evalExecutable));
</span><span class="cx">
</span><span class="cx"> return evalExecutable;
</span><span class="lines">@@ -71,7 +72,6 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> private:
</span><del>- static const unsigned maxCacheableSourceLength = 256;
</del><span class="cx"> static const int maxCacheEntries = 64;
</span><span class="cx">
</span><span class="cx"> typedef HashMap<RefPtr<StringImpl>, WriteBarrier<EvalExecutable>> EvalCacheMap;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourceJavaScriptCoredfgDFGJITCompilercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp (180755 => 180756)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp 2015-02-27 17:02:08 UTC (rev 180755)
+++ releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp 2015-02-27 17:16:41 UTC (rev 180756)
</span><span class="lines">@@ -292,11 +292,29 @@
</span><span class="cx"> setStartOfCode();
</span><span class="cx"> compileEntry();
</span><span class="cx"> m_speculative = std::make_unique<SpeculativeJIT>(*this);
</span><ins>+
+ // Plant a check that sufficient space is available in the JSStack.
+ addPtr(TrustedImm32(virtualRegisterForLocal(m_graph.requiredRegisterCountForExecutionAndExit() - 1).offset() * sizeof(Register)), GPRInfo::callFrameRegister, GPRInfo::regT1);
+ Jump stackOverflow = branchPtr(Above, AbsoluteAddress(m_vm->addressOfStackLimit()), GPRInfo::regT1);
+
</ins><span class="cx"> addPtr(TrustedImm32(m_graph.stackPointerOffset() * sizeof(Register)), GPRInfo::callFrameRegister, stackPointerRegister);
</span><span class="cx"> checkStackPointerAlignment();
</span><span class="cx"> compileBody();
</span><span class="cx"> setEndOfMainPath();
</span><span class="cx">
</span><ins>+ // === Footer code generation ===
+ //
+ // Generate the stack overflow handling; if the stack check in the entry head fails,
+ // we need to call out to a helper function to throw the StackOverflowError.
+ stackOverflow.link(this);
+
+ emitStoreCodeOrigin(CodeOrigin(0));
+
+ if (maxFrameExtentForSlowPathCall)
+ addPtr(TrustedImm32(-maxFrameExtentForSlowPathCall), stackPointerRegister);
+
+ m_speculative->callOperationWithCallFrameRollbackOnException(operationThrowStackOverflowError, m_codeBlock);
+
</ins><span class="cx"> // Generate slow path code.
</span><span class="cx"> m_speculative->runSlowPathGenerators();
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourceJavaScriptCoreruntimeOptionsh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore/runtime/Options.h (180755 => 180756)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore/runtime/Options.h 2015-02-27 17:02:08 UTC (rev 180755)
+++ releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore/runtime/Options.h 2015-02-27 17:16:41 UTC (rev 180756)
</span><span class="lines">@@ -234,6 +234,7 @@
</span><span class="cx"> v(unsigned, ftlOSREntryRetryThreshold, 100) \
</span><span class="cx"> \
</span><span class="cx"> v(int32, evalThresholdMultiplier, 10) \
</span><ins>+ v(unsigned, maximumEvalCacheableSourceLength, 256) \
</ins><span class="cx"> \
</span><span class="cx"> v(bool, randomizeExecutionCountsBetweenCheckpoints, false) \
</span><span class="cx"> v(int32, maximumExecutionCountsBetweenCheckpointsForBaseline, 1000) \
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28ToolsChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Tools/ChangeLog (180755 => 180756)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Tools/ChangeLog 2015-02-27 17:02:08 UTC (rev 180755)
+++ releases/WebKitGTK/webkit-2.8/Tools/ChangeLog 2015-02-27 17:16:41 UTC (rev 180756)
</span><span class="lines">@@ -1,3 +1,16 @@
</span><ins>+2015-02-20 Michael Saboff <msaboff@apple.com>
+
+ DFG JIT needs to check for stack overflow at the start of Program and Eval execution
+ https://bugs.webkit.org/show_bug.cgi?id=141676
+
+ Reviewed by Filip Pizlo.
+
+ Set the newly added --maximumEvalCacheableSourceLength option for eager test runs. This is needed
+ to allow the eval out of stack tests to tier up. Without this option, we don't cache the likely
+ large string expression that we want to eval.
+
+ * Scripts/run-jsc-stress-tests:
+
</ins><span class="cx"> 2015-02-25 Mark Lam <mark.lam@apple.com>
</span><span class="cx">
</span><span class="cx"> ASan does not like JSC::MachineThreads::tryCopyOtherThreadStack.
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28ToolsScriptsrunjscstresstests"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Tools/Scripts/run-jsc-stress-tests (180755 => 180756)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Tools/Scripts/run-jsc-stress-tests 2015-02-27 17:02:08 UTC (rev 180755)
+++ releases/WebKitGTK/webkit-2.8/Tools/Scripts/run-jsc-stress-tests 2015-02-27 17:16:41 UTC (rev 180756)
</span><span class="lines">@@ -297,7 +297,7 @@
</span><span class="cx"> $numFailures = 0
</span><span class="cx">
</span><span class="cx"> BASE_OPTIONS = ["--useFTLJIT=false", "--enableFunctionDotArguments=true"]
</span><del>-EAGER_OPTIONS = ["--thresholdForJITAfterWarmUp=10", "--thresholdForJITSoon=10", "--thresholdForOptimizeAfterWarmUp=20", "--thresholdForOptimizeAfterLongWarmUp=20", "--thresholdForOptimizeSoon=20", "--thresholdForFTLOptimizeAfterWarmUp=20", "--thresholdForFTLOptimizeSoon=20"]
</del><ins>+EAGER_OPTIONS = ["--thresholdForJITAfterWarmUp=10", "--thresholdForJITSoon=10", "--thresholdForOptimizeAfterWarmUp=20", "--thresholdForOptimizeAfterLongWarmUp=20", "--thresholdForOptimizeSoon=20", "--thresholdForFTLOptimizeAfterWarmUp=20", "--thresholdForFTLOptimizeSoon=20", "--maximumEvalCacheableSourceLength=150000"]
</ins><span class="cx"> NO_CJIT_OPTIONS = ["--enableConcurrentJIT=false", "--thresholdForJITAfterWarmUp=100"]
</span><span class="cx"> FTL_OPTIONS = ["--useFTLJIT=true"]
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>