<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[186688] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/186688">186688</a></dd>
<dt>Author</dt> <dd>fpizlo@apple.com</dd>
<dt>Date</dt> <dd>2015-07-10 14:12:46 -0700 (Fri, 10 Jul 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>It should be possible to run the OSR exit fuzzer
https://bugs.webkit.org/show_bug.cgi?id=146814
Reviewed by Mark Lam.
Source/JavaScriptCore:
Fix a silly bug: the option matching was accidentally allowing a prefix match, which
always did the wrong thing for --fireOSRExitFuzzAt and --fireOSRExitFuzzAtStatic. Make
this an exact match instead.
* runtime/Options.cpp:
(JSC::Options::setOption):
Tools:
This runs a test command to detect how many static OSR exit sites it had, and then for
each exit site, it triggers three exits (earliest opportunity, last opportunity, some
middle opportunity), plus a mode where the check always exits. This is an exhaustive
search, so in the future it'll be very appropriate for cases where we have a simple test
and we want to see what happens when you eventually exit in this test.
Right now this isn't hooked into any specific tests, but I've done some spot checks on it
and it seems to do the right thing.
* Scripts/jsc-stress-test-helpers/js-osr-exit-fuzz: Added.
(fail):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeOptionscpp">trunk/Source/JavaScriptCore/runtime/Options.cpp</a></li>
<li><a href="#trunkToolsChangeLog">trunk/Tools/ChangeLog</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkToolsScriptsjscstresstesthelpersjsosrexitfuzz">trunk/Tools/Scripts/jsc-stress-test-helpers/js-osr-exit-fuzz</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (186687 => 186688)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2015-07-10 20:40:27 UTC (rev 186687)
+++ trunk/Source/JavaScriptCore/ChangeLog 2015-07-10 21:12:46 UTC (rev 186688)
</span><span class="lines">@@ -1,3 +1,17 @@
</span><ins>+2015-07-09 Filip Pizlo <fpizlo@apple.com>
+
+ It should be possible to run the OSR exit fuzzer
+ https://bugs.webkit.org/show_bug.cgi?id=146814
+
+ Reviewed by Mark Lam.
+
+ Fix a silly bug: the option matching was accidentally allowing a prefix match, which
+ always did the wrong thing for --fireOSRExitFuzzAt and --fireOSRExitFuzzAtStatic. Make
+ this an exact match instead.
+
+ * runtime/Options.cpp:
+ (JSC::Options::setOption):
+
</ins><span class="cx"> 2015-07-09 Mark Lam <mark.lam@apple.com>
</span><span class="cx">
</span><span class="cx"> SymbolTable::entryFor() should do a bounds check before indexing into the localToEntry vector.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeOptionscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/Options.cpp (186687 => 186688)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/Options.cpp 2015-07-10 20:40:27 UTC (rev 186687)
+++ trunk/Source/JavaScriptCore/runtime/Options.cpp 2015-07-10 21:12:46 UTC (rev 186688)
</span><span class="lines">@@ -389,16 +389,17 @@
</span><span class="cx"> // For each option, check if the specify arg is a match. If so, set the arg
</span><span class="cx"> // if the value makes sense. Otherwise, move on to checking the next option.
</span><span class="cx"> #define FOR_EACH_OPTION(type_, name_, defaultValue_, description_) \
</span><del>- if (!strncmp(arg, #name_, equalStr - arg)) { \
- type_ value; \
- value = (defaultValue_); \
- bool success = parse(valueStr, value); \
- if (success) { \
- name_() = value; \
- recomputeDependentOptions(); \
- return true; \
- } \
- return false; \
</del><ins>+ if (strlen(#name_) == static_cast<size_t>(equalStr - arg) \
+ && !strncmp(arg, #name_, equalStr - arg)) { \
+ type_ value; \
+ value = (defaultValue_); \
+ bool success = parse(valueStr, value); \
+ if (success) { \
+ name_() = value; \
+ recomputeDependentOptions(); \
+ return true; \
+ } \
+ return false; \
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> JSC_OPTIONS(FOR_EACH_OPTION)
</span></span></pre></div>
<a id="trunkToolsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Tools/ChangeLog (186687 => 186688)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/ChangeLog 2015-07-10 20:40:27 UTC (rev 186687)
+++ trunk/Tools/ChangeLog 2015-07-10 21:12:46 UTC (rev 186688)
</span><span class="lines">@@ -1,3 +1,22 @@
</span><ins>+2015-07-09 Filip Pizlo <fpizlo@apple.com>
+
+ It should be possible to run the OSR exit fuzzer
+ https://bugs.webkit.org/show_bug.cgi?id=146814
+
+ Reviewed by Mark Lam.
+
+ This runs a test command to detect how many static OSR exit sites it had, and then for
+ each exit site, it triggers three exits (earliest opportunity, last opportunity, some
+ middle opportunity), plus a mode where the check always exits. This is an exhaustive
+ search, so in the future it'll be very appropriate for cases where we have a simple test
+ and we want to see what happens when you eventually exit in this test.
+
+ Right now this isn't hooked into any specific tests, but I've done some spot checks on it
+ and it seems to do the right thing.
+
+ * Scripts/jsc-stress-test-helpers/js-osr-exit-fuzz: Added.
+ (fail):
+
</ins><span class="cx"> 2015-07-10 Alex Christensen <achristensen@webkit.org>
</span><span class="cx">
</span><span class="cx"> Add tests for r186649
</span></span></pre></div>
<a id="trunkToolsScriptsjscstresstesthelpersjsosrexitfuzz"></a>
<div class="addfile"><h4>Added: trunk/Tools/Scripts/jsc-stress-test-helpers/js-osr-exit-fuzz (0 => 186688)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/Scripts/jsc-stress-test-helpers/js-osr-exit-fuzz (rev 0)
+++ trunk/Tools/Scripts/jsc-stress-test-helpers/js-osr-exit-fuzz 2015-07-10 21:12:46 UTC (rev 186688)
</span><span class="lines">@@ -0,0 +1,151 @@
</span><ins>+#!/usr/bin/perl
+
+# Copyright (C) 2014-2015 Apple Inc. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+use strict;
+use FindBin;
+use Getopt::Long qw(:config pass_through);
+use POSIX;
+
+# First we run the test once to determine what the number of static OSR exits is. Then
+# we run it for each static OSR exit index, and for each index, we force exit on the
+# first dynamic time that exit is taken, the last, and something in the middle.
+
+my $verbose = 0;
+
+# We allow flags to be passed via environment variables, which is rather useful for
+# running with the run-jsc-stress-tests harness.
+if (defined($ENV{JS_OSRFUZZ_VERBOSE})) {
+ $verbose = $ENV{JS_OSRFUZZ_VERBOSE};
+}
+
+GetOptions(
+ 'verbose' => \$verbose
+);
+
+my $commandString = shift @ARGV;
+
+my $staticCheckCount;
+
+sub fail {
+ my $context = shift;
+ select((select(STDOUT), $ |= 1)[0]); # This is a perlism for flush. We need to do it this way to support older perls.
+ select((select(STDERR), $ |= 1)[0]);
+ die "Failure for command $commandString: $context";
+}
+
+if (shift @ARGV) {
+ die "Ignoring garbage arguments; only the first non-option argument is used as the command string.";
+}
+
+open (my $testInput, "$commandString |") or fail("Cannot execute initial command when getting static OSR exit count");
+while (my $inputLine = <$testInput>) {
+ chomp($inputLine);
+ my $handled = 0;
+ if ($inputLine =~ /^JSC OSR EXIT FUZZ:/) {
+ if ($' =~ /encountered ([0-9]+) static checks\./) {
+ $staticCheckCount = $1;
+ }
+ $handled = 1;
+ }
+ if (!$handled || $verbose) {
+ print "staticCheckCount: $inputLine\n";
+ }
+}
+close($testInput);
+
+if ($verbose) {
+ print "Static check count: $staticCheckCount\n";
+}
+
+if (!$staticCheckCount) {
+ print "OSR exit fuzz testing not supported by jsc binary.\n";
+ exit 0;
+}
+
+for (my $staticCheckIndex = 1; $staticCheckIndex <= $staticCheckCount; ++$staticCheckIndex) {
+ if ($verbose) {
+ print "Detecting number of dynamic checks for static check at index $staticCheckIndex.\n";
+ }
+ open (my $testInput, "$commandString --fireOSRExitFuzzAtStatic=$staticCheckIndex |") or fail("Cannot execute command for static check index $staticCheckIndex");
+ my $dynamicCheckCount;
+ while (my $inputLine = <$testInput>) {
+ chomp($inputLine);
+ my $handled = 0;
+ if ($inputLine =~ /^JSC OSR EXIT FUZZ:/) {
+ if ($' =~ /encountered ([0-9]+) dynamic checks\./) {
+ $dynamicCheckCount = $1;
+ }
+ $handled = 1;
+ }
+ if (!$handled || $verbose) {
+ print "dynamicCheckCount: $inputLine\n";
+ }
+ }
+ close($testInput);
+
+ if ($verbose) {
+ print "Dynamic check count: $dynamicCheckCount\n";
+ }
+
+ # Now test triggering the exit at three points: always, immediately, at the last possible
+ # moment, and somewhere in between. We use "0" to mean always.
+ my @triggers = (0, 1, int((1 + $dynamicCheckCount) / 2), $dynamicCheckCount);
+ for (my $triggerIndex = 0; $triggerIndex < scalar @triggers; ++$triggerIndex) {
+ my $dynamicCheckIndex = $triggers[$triggerIndex];
+ if ($verbose) {
+ if ($dynamicCheckIndex == 0) {
+ print "Running with static check index = $staticCheckIndex and all dynamic check indices.\n";
+ } else {
+ print "Running with static check index = $staticCheckIndex and dynamic check index = $dynamicCheckIndex.\n";
+ }
+ }
+ my $optionToUse;
+ if ($dynamicCheckIndex == 0) {
+ $optionToUse = "--fireOSRExitFuzzAtOrAfter=1";
+ } else {
+ $optionToUse = "--fireOSRExitFuzzAt=$dynamicCheckIndex";
+ }
+ open ($testInput, "$commandString --fireOSRExitFuzzAtStatic=$staticCheckIndex $optionToUse |") or fail("Cannot execute command for static check index $staticCheckIndex and dynamic check index $dynamicCheckIndex");
+ while (my $inputLine = <$testInput>) {
+ chomp($inputLine);
+ my $handled = 0;
+ if ($inputLine =~ /^JSC OSR EXIT FUZZ:/) {
+ $handled = 1;
+ }
+ if (!$handled || $verbose) {
+ print "testRun: $inputLine\n";
+ }
+ }
+ close($testInput);
+ }
+ if ($verbose) {
+ print "\n";
+ }
+}
+
+if ($verbose) {
+ print "Success!\n";
+}
+
</ins><span class="cx">Property changes on: trunk/Tools/Scripts/jsc-stress-test-helpers/js-osr-exit-fuzz
</span><span class="cx">___________________________________________________________________
</span></span></pre></div>
<a id="svnexecutable"></a>
<div class="addfile"><h4>Added: svn:executable</h4></div>
</div>
</body>
</html>