<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[189544] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/189544">189544</a></dd>
<dt>Author</dt> <dd>saambarati1@gmail.com</dd>
<dt>Date</dt> <dd>2015-09-09 13:18:57 -0700 (Wed, 09 Sep 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>DFG should have a debugging option that runs a phase that flushes all locals
https://bugs.webkit.org/show_bug.cgi?id=148916
Reviewed by Filip Pizlo.
Source/JavaScriptCore:
There is now an option to enable the DFG's new MaximalFlushInsertionPhase
phase to run. This phase ensures that we keep all locals and arguments flushed
to the stack at all places in the CFG. This phase is helpful for finding
a class of bugs where enabling this phase to run removes the bug.
This may also be useful in the development of a faster debugger
that doesn't capture all variables.
* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGMaximalFlushInsertionPhase.cpp: Added.
(JSC::DFG::MaximalFlushInsertionPhase::MaximalFlushInsertionPhase):
(JSC::DFG::MaximalFlushInsertionPhase::run):
(JSC::DFG::MaximalFlushInsertionPhase::treatRegularBlock):
(JSC::DFG::MaximalFlushInsertionPhase::treatRootBlock):
(JSC::DFG::MaximalFlushInsertionPhase::newVariableAccessData):
(JSC::DFG::performMaximalFlushInsertion):
* dfg/DFGMaximalFlushInsertionPhase.h: Added.
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* runtime/Options.cpp:
(JSC::recomputeDependentOptions):
* runtime/Options.h:
Tools:
* Scripts/run-jsc-stress-tests:</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreCMakeListstxt">trunk/Source/JavaScriptCore/CMakeLists.txt</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreJavaScriptCorevcxprojJavaScriptCorevcxproj">trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj</a></li>
<li><a href="#trunkSourceJavaScriptCoreJavaScriptCorevcxprojJavaScriptCorevcxprojfilters">trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters</a></li>
<li><a href="#trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj">trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGPlancpp">trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeOptionscpp">trunk/Source/JavaScriptCore/runtime/Options.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeOptionsh">trunk/Source/JavaScriptCore/runtime/Options.h</a></li>
<li><a href="#trunkToolsChangeLog">trunk/Tools/ChangeLog</a></li>
<li><a href="#trunkToolsScriptsrunjscstresstests">trunk/Tools/Scripts/run-jsc-stress-tests</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoredfgDFGMaximalFlushInsertionPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGMaximalFlushInsertionPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGMaximalFlushInsertionPhaseh">trunk/Source/JavaScriptCore/dfg/DFGMaximalFlushInsertionPhase.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreCMakeListstxt"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/CMakeLists.txt (189543 => 189544)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/CMakeLists.txt 2015-09-09 18:42:03 UTC (rev 189543)
+++ trunk/Source/JavaScriptCore/CMakeLists.txt 2015-09-09 20:18:57 UTC (rev 189544)
</span><span class="lines">@@ -204,6 +204,7 @@
</span><span class="cx"> dfg/DFGLivenessAnalysisPhase.cpp
</span><span class="cx"> dfg/DFGLongLivedState.cpp
</span><span class="cx"> dfg/DFGLoopPreHeaderCreationPhase.cpp
</span><ins>+ dfg/DFGMaximalFlushInsertionPhase.cpp
</ins><span class="cx"> dfg/DFGMayExit.cpp
</span><span class="cx"> dfg/DFGMinifiedGraph.cpp
</span><span class="cx"> dfg/DFGMinifiedNode.cpp
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (189543 => 189544)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2015-09-09 18:42:03 UTC (rev 189543)
+++ trunk/Source/JavaScriptCore/ChangeLog 2015-09-09 20:18:57 UTC (rev 189544)
</span><span class="lines">@@ -1,3 +1,35 @@
</span><ins>+2015-09-09 Saam barati <sbarati@apple.com>
+
+ DFG should have a debugging option that runs a phase that flushes all locals
+ https://bugs.webkit.org/show_bug.cgi?id=148916
+
+ Reviewed by Filip Pizlo.
+
+ There is now an option to enable the DFG's new MaximalFlushInsertionPhase
+ phase to run. This phase ensures that we keep all locals and arguments flushed
+ to the stack at all places in the CFG. This phase is helpful for finding
+ a class of bugs where enabling this phase to run removes the bug.
+ This may also be useful in the development of a faster debugger
+ that doesn't capture all variables.
+
+ * CMakeLists.txt:
+ * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
+ * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGMaximalFlushInsertionPhase.cpp: Added.
+ (JSC::DFG::MaximalFlushInsertionPhase::MaximalFlushInsertionPhase):
+ (JSC::DFG::MaximalFlushInsertionPhase::run):
+ (JSC::DFG::MaximalFlushInsertionPhase::treatRegularBlock):
+ (JSC::DFG::MaximalFlushInsertionPhase::treatRootBlock):
+ (JSC::DFG::MaximalFlushInsertionPhase::newVariableAccessData):
+ (JSC::DFG::performMaximalFlushInsertion):
+ * dfg/DFGMaximalFlushInsertionPhase.h: Added.
+ * dfg/DFGPlan.cpp:
+ (JSC::DFG::Plan::compileInThreadImpl):
+ * runtime/Options.cpp:
+ (JSC::recomputeDependentOptions):
+ * runtime/Options.h:
+
</ins><span class="cx"> 2015-09-08 Sukolsak Sakshuwong <sukolsak@gmail.com>
</span><span class="cx">
</span><span class="cx"> Refactor the test for the arithmetic instructions in WebAssembly
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreJavaScriptCorevcxprojJavaScriptCorevcxproj"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj (189543 => 189544)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj 2015-09-09 18:42:03 UTC (rev 189543)
+++ trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj 2015-09-09 20:18:57 UTC (rev 189544)
</span><span class="lines">@@ -441,6 +441,7 @@
</span><span class="cx"> <ClCompile Include="..\dfg\DFGLongLivedState.cpp" />
</span><span class="cx"> <ClCompile Include="..\dfg\DFGLoopPreHeaderCreationPhase.cpp" />
</span><span class="cx"> <ClCompile Include="..\dfg\DFGMayExit.cpp" />
</span><ins>+ <ClCompile Include="..\dfg\DFGMaximalFlushInsertionPhase.cpp" />
</ins><span class="cx"> <ClCompile Include="..\dfg\DFGMinifiedGraph.cpp" />
</span><span class="cx"> <ClCompile Include="..\dfg\DFGMinifiedNode.cpp" />
</span><span class="cx"> <ClCompile Include="..\dfg\DFGMovHintRemovalPhase.cpp" />
</span><span class="lines">@@ -1173,6 +1174,7 @@
</span><span class="cx"> <ClInclude Include="..\dfg\DFGLongLivedState.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGLoopPreHeaderCreationPhase.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGMayExit.h" />
</span><ins>+ <ClInclude Include="..\dfg\DFGMaximalFlushInsertionPhase.h" />
</ins><span class="cx"> <ClInclude Include="..\dfg\DFGMinifiedGraph.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGMinifiedID.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGMinifiedNode.h" />
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreJavaScriptCorevcxprojJavaScriptCorevcxprojfilters"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters (189543 => 189544)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters 2015-09-09 18:42:03 UTC (rev 189543)
+++ trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters 2015-09-09 20:18:57 UTC (rev 189544)
</span><span class="lines">@@ -1746,6 +1746,9 @@
</span><span class="cx"> <ClCompile Include="..\dfg\DFGMayExit.cpp">
</span><span class="cx"> <Filter>dfg</Filter>
</span><span class="cx"> </ClCompile>
</span><ins>+ <ClCompile Include="..\dfg\DFGMaximalFlushInsertionPhase.cpp">
+ <Filter>dfg</Filter>
+ </ClCompile>
</ins><span class="cx"> <ClCompile Include="..\dfg\DFGPureValue.cpp">
</span><span class="cx"> <Filter>dfg</Filter>
</span><span class="cx"> </ClCompile>
</span><span class="lines">@@ -4340,6 +4343,9 @@
</span><span class="cx"> <ClInclude Include="..\dfg\DFGMayExit.h">
</span><span class="cx"> <Filter>dfg</Filter>
</span><span class="cx"> </ClInclude>
</span><ins>+ <ClInclude Include="..\dfg\DFGMaximalFlushInsertionPhase.h">
+ <Filter>dfg</Filter>
+ </ClInclude>
</ins><span class="cx"> <ClInclude Include="..\dfg\DFGPureValue.h">
</span><span class="cx"> <Filter>dfg</Filter>
</span><span class="cx"> </ClInclude>
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (189543 => 189544)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2015-09-09 18:42:03 UTC (rev 189543)
+++ trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2015-09-09 20:18:57 UTC (rev 189544)
</span><span class="lines">@@ -1038,6 +1038,8 @@
</span><span class="cx"> 797E07AA1B8FCFB9008400BA /* JSGlobalLexicalEnvironment.h in Headers */ = {isa = PBXBuildFile; fileRef = 797E07A81B8FCFB9008400BA /* JSGlobalLexicalEnvironment.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 79EE0BFF1B4AFB85000385C9 /* VariableEnvironment.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 79EE0BFD1B4AFB85000385C9 /* VariableEnvironment.cpp */; };
</span><span class="cx"> 79EE0C001B4AFB85000385C9 /* VariableEnvironment.h in Headers */ = {isa = PBXBuildFile; fileRef = 79EE0BFE1B4AFB85000385C9 /* VariableEnvironment.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><ins>+ 79F8FC1E1B9FED0F00CA66AB /* DFGMaximalFlushInsertionPhase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 79F8FC1C1B9FED0F00CA66AB /* DFGMaximalFlushInsertionPhase.cpp */; };
+ 79F8FC1F1B9FED0F00CA66AB /* DFGMaximalFlushInsertionPhase.h in Headers */ = {isa = PBXBuildFile; fileRef = 79F8FC1D1B9FED0F00CA66AB /* DFGMaximalFlushInsertionPhase.h */; settings = {ATTRIBUTES = (Private, ); }; };
</ins><span class="cx"> 7B0247551B8682DD00542440 /* WASMConstants.h in Headers */ = {isa = PBXBuildFile; fileRef = 7B0247521B8682D500542440 /* WASMConstants.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 7B0247561B8682E100542440 /* WASMFunctionParser.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7B0247531B8682D500542440 /* WASMFunctionParser.cpp */; };
</span><span class="cx"> 7B0247571B8682E400542440 /* WASMFunctionParser.h in Headers */ = {isa = PBXBuildFile; fileRef = 7B0247541B8682D500542440 /* WASMFunctionParser.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="lines">@@ -2870,6 +2872,8 @@
</span><span class="cx"> 797E07A81B8FCFB9008400BA /* JSGlobalLexicalEnvironment.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSGlobalLexicalEnvironment.h; sourceTree = "<group>"; };
</span><span class="cx"> 79EE0BFD1B4AFB85000385C9 /* VariableEnvironment.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = VariableEnvironment.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 79EE0BFE1B4AFB85000385C9 /* VariableEnvironment.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = VariableEnvironment.h; sourceTree = "<group>"; };
</span><ins>+ 79F8FC1C1B9FED0F00CA66AB /* DFGMaximalFlushInsertionPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGMaximalFlushInsertionPhase.cpp; path = dfg/DFGMaximalFlushInsertionPhase.cpp; sourceTree = "<group>"; };
+ 79F8FC1D1B9FED0F00CA66AB /* DFGMaximalFlushInsertionPhase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGMaximalFlushInsertionPhase.h; path = dfg/DFGMaximalFlushInsertionPhase.h; sourceTree = "<group>"; };
</ins><span class="cx"> 7B0247521B8682D500542440 /* WASMConstants.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WASMConstants.h; sourceTree = "<group>"; };
</span><span class="cx"> 7B0247531B8682D500542440 /* WASMFunctionParser.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WASMFunctionParser.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 7B0247541B8682D500542440 /* WASMFunctionParser.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WASMFunctionParser.h; sourceTree = "<group>"; };
</span><span class="lines">@@ -5277,6 +5281,8 @@
</span><span class="cx"> A767B5B417A0B9650063D940 /* DFGLoopPreHeaderCreationPhase.h */,
</span><span class="cx"> 0F5874EB194FEB1200AAB2C1 /* DFGMayExit.cpp */,
</span><span class="cx"> 0F5874EC194FEB1200AAB2C1 /* DFGMayExit.h */,
</span><ins>+ 79F8FC1C1B9FED0F00CA66AB /* DFGMaximalFlushInsertionPhase.cpp */,
+ 79F8FC1D1B9FED0F00CA66AB /* DFGMaximalFlushInsertionPhase.h */,
</ins><span class="cx"> 0F1725FE1B48719A00AC3A55 /* DFGMinifiedGraph.cpp */,
</span><span class="cx"> 0F2BDC3D1522801700CD8910 /* DFGMinifiedGraph.h */,
</span><span class="cx"> 0FB4B51016B3A964003F696B /* DFGMinifiedID.h */,
</span><span class="lines">@@ -5924,6 +5930,7 @@
</span><span class="cx"> A1A009C11831A26E00CF8711 /* ARM64Assembler.h in Headers */,
</span><span class="cx"> 0F898F321B27689F0083A33C /* DFGIntegerRangeOptimizationPhase.h in Headers */,
</span><span class="cx"> 86D3B2C410156BDE002865E7 /* ARMAssembler.h in Headers */,
</span><ins>+ 79F8FC1F1B9FED0F00CA66AB /* DFGMaximalFlushInsertionPhase.h in Headers */,
</ins><span class="cx"> 99F1A7011B98FBEC00463B26 /* InspectorFrontendRouter.h in Headers */,
</span><span class="cx"> 7964656A1B952FF0003059EE /* GetPutInfo.h in Headers */,
</span><span class="cx"> 797E07AA1B8FCFB9008400BA /* JSGlobalLexicalEnvironment.h in Headers */,
</span><span class="lines">@@ -7995,6 +8002,7 @@
</span><span class="cx"> 0FA2C17B17D7CF84009D015F /* TestRunnerUtils.cpp in Sources */,
</span><span class="cx"> A7386555118697B400540279 /* ThunkGenerators.cpp in Sources */,
</span><span class="cx"> 0F2B670717B6B5AB00A7AE3F /* TypedArrayController.cpp in Sources */,
</span><ins>+ 79F8FC1E1B9FED0F00CA66AB /* DFGMaximalFlushInsertionPhase.cpp in Sources */,
</ins><span class="cx"> A1D792FC1B43864B004516F5 /* IntlNumberFormat.cpp in Sources */,
</span><span class="cx"> A1587D711B4DC14100D69849 /* IntlDateTimeFormatPrototype.cpp in Sources */,
</span><span class="cx"> 0F2B670A17B6B5AB00A7AE3F /* TypedArrayType.cpp in Sources */,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGMaximalFlushInsertionPhasecpp"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/dfg/DFGMaximalFlushInsertionPhase.cpp (0 => 189544)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGMaximalFlushInsertionPhase.cpp (rev 0)
+++ trunk/Source/JavaScriptCore/dfg/DFGMaximalFlushInsertionPhase.cpp 2015-09-09 20:18:57 UTC (rev 189544)
</span><span class="lines">@@ -0,0 +1,159 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "DFGMaximalFlushInsertionPhase.h"
+
+#if ENABLE(DFG_JIT)
+
+#include "DFGBasicBlockInlines.h"
+#include "DFGGraph.h"
+#include "DFGInsertionSet.h"
+#include "DFGPhase.h"
+#include "JSCInlines.h"
+
+namespace JSC { namespace DFG {
+
+class MaximalFlushInsertionPhase : public Phase {
+public:
+ MaximalFlushInsertionPhase(Graph& graph)
+ : Phase(graph, "maximal flush insertion phase")
+ {
+ }
+
+ bool run()
+ {
+ DFG_ASSERT(m_graph, nullptr, m_graph.m_form == LoadStore);
+
+ InsertionSet insertionSet(m_graph);
+ for (BasicBlock* block : m_graph.blocksInNaturalOrder()) {
+ treatRegularBlock(block, insertionSet);
+ insertionSet.execute(block);
+ }
+
+ treatRootBlock(m_graph.block(0), insertionSet);
+ insertionSet.execute(m_graph.block(0));
+
+ return true;
+ }
+
+ void treatRegularBlock(BasicBlock* block, InsertionSet& insertionSet)
+ {
+ Operands<VariableAccessData*> currentBlockAccessData(block->variablesAtTail.numberOfArguments(), block->variablesAtTail.numberOfLocals(), nullptr);
+ // Insert a Flush before every SetLocal to properly pattern the graph such that
+ // any range between SetLocal and Flush has access to the local on the stack.
+ {
+ for (unsigned i = 0; i < block->size(); i++) {
+ Node* node = block->at(i);
+ bool isPrimordialSetArgument = node->op() == SetArgument && node->local().isArgument() && node == m_graph.m_arguments[node->local().toArgument()];
+ if (node->op() == SetLocal || (node->op() == SetArgument && !isPrimordialSetArgument)) {
+ VirtualRegister operand = node->local();
+ VariableAccessData* flushAccessData = currentBlockAccessData.operand(operand);
+ if (!flushAccessData)
+ flushAccessData = newVariableAccessData(operand);
+
+ insertionSet.insertNode(i, SpecNone,
+ Flush, node->origin, OpInfo(flushAccessData));
+ }
+
+ if (node->hasVariableAccessData(m_graph))
+ currentBlockAccessData.operand(node->local()) = node->variableAccessData();
+ }
+ }
+
+ // Flush everything at the end of the block.
+ {
+ NodeOrigin origin = block->at(block->size() - 1)->origin;
+ auto insertFlushAtEnd = [&] (VirtualRegister operand) {
+ VariableAccessData* accessData = currentBlockAccessData.operand(operand);
+ if (!accessData)
+ accessData = newVariableAccessData(operand);
+
+ currentBlockAccessData.operand(operand) = accessData;
+
+ insertionSet.insertNode(block->size(), SpecNone,
+ Flush, origin, OpInfo(accessData));
+ };
+
+ for (unsigned i = 0; i < block->variablesAtTail.numberOfLocals(); i++)
+ insertFlushAtEnd(virtualRegisterForLocal(i));
+ for (unsigned i = 0; i < block->variablesAtTail.numberOfArguments(); i++)
+ insertFlushAtEnd(virtualRegisterForArgument(i));
+ }
+ }
+
+ void treatRootBlock(BasicBlock* block, InsertionSet& insertionSet)
+ {
+ Operands<VariableAccessData*> initialAccessData(block->variablesAtTail.numberOfArguments(), block->variablesAtTail.numberOfLocals(), nullptr);
+ Operands<Node*> initialAccessNodes(block->variablesAtTail.numberOfArguments(), block->variablesAtTail.numberOfLocals(), nullptr);
+ for (unsigned i = 0; i < block->size(); i++) {
+ Node* node = block->at(i);
+ if (!node->hasVariableAccessData(m_graph))
+ continue;
+
+ VirtualRegister operand = node->local();
+ if (initialAccessData.operand(operand))
+ continue;
+
+ DFG_ASSERT(m_graph, node, node->op() != SetLocal); // We should have inserted a Flush before this!
+ initialAccessData.operand(operand) = node->variableAccessData();
+ initialAccessNodes.operand(operand) = node;
+ }
+
+ // We want every Flush to be able to reach backwards to
+ // a SetLocal. Doing this in the root block achieves this goal.
+ NodeOrigin origin = block->at(0)->origin;
+ Node* undefined = insertionSet.insertConstant(0, origin, jsUndefined());
+
+ for (unsigned i = 0; i < block->variablesAtTail.numberOfLocals(); i++) {
+ VirtualRegister operand = virtualRegisterForLocal(i);
+ VariableAccessData* accessData;
+ DFG_ASSERT(m_graph, nullptr, initialAccessNodes.operand(operand)->op() == Flush); // We should have inserted a Flush before any SetLocal/SetArgument for the local that we are analyzing now.
+ accessData = initialAccessData.operand(operand);
+ DFG_ASSERT(m_graph, nullptr, accessData);
+ insertionSet.insertNode(0, SpecNone,
+ SetLocal, origin, OpInfo(accessData), Edge(undefined));
+ }
+ }
+
+
+ VariableAccessData* newVariableAccessData(VirtualRegister operand)
+ {
+ ASSERT(!operand.isConstant());
+
+ m_graph.m_variableAccessData.append(VariableAccessData(operand));
+ return &m_graph.m_variableAccessData.last();
+ }
+};
+
+bool performMaximalFlushInsertion(Graph& graph)
+{
+ SamplingRegion samplingRegion("DFG Flush Everything Insertion Phase");
+ return runPhase<MaximalFlushInsertionPhase>(graph);
+}
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGMaximalFlushInsertionPhaseh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/dfg/DFGMaximalFlushInsertionPhase.h (0 => 189544)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGMaximalFlushInsertionPhase.h (rev 0)
+++ trunk/Source/JavaScriptCore/dfg/DFGMaximalFlushInsertionPhase.h 2015-09-09 20:18:57 UTC (rev 189544)
</span><span class="lines">@@ -0,0 +1,57 @@
</span><ins>+/*
+ * Copyright (C) 2015 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef DFGMaximalFlushInsertionPhase_h
+#define DFGMaximalFlushInsertionPhase_h
+
+#if ENABLE(DFG_JIT)
+
+namespace JSC { namespace DFG {
+
+class Graph;
+
+// This phase ensures we keep all locals/arguments flushed.
+// What this means is: any node inbetween a SetLocal and a Flush should
+// be able to observe that particular local on the stack. This phase patterns
+// the graph by inserting a Flush before each SetLocal such that the Flush
+// we inserted can do a backwards search through all paths in the CFG and
+// reach a SetLocal.
+// ....
+// SetLocal(locX)
+// <
+// |
+// ... We ensure that locX is available on the stack to any nodes in this region that may ask for locX.
+// |
+// >
+// Flush(locX)
+// SetLocal(locX)
+
+bool performMaximalFlushInsertion(Graph&);
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
+#endif // DFGMaximalFlushInsertionPhase_h
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGPlancpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp (189543 => 189544)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp 2015-09-09 18:42:03 UTC (rev 189543)
+++ trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp 2015-09-09 20:18:57 UTC (rev 189544)
</span><span class="lines">@@ -50,6 +50,7 @@
</span><span class="cx"> #include "DFGLICMPhase.h"
</span><span class="cx"> #include "DFGLivenessAnalysisPhase.h"
</span><span class="cx"> #include "DFGLoopPreHeaderCreationPhase.h"
</span><ins>+#include "DFGMaximalFlushInsertionPhase.h"
</ins><span class="cx"> #include "DFGMovHintRemovalPhase.h"
</span><span class="cx"> #include "DFGOSRAvailabilityAnalysisPhase.h"
</span><span class="cx"> #include "DFGOSREntrypointCreationPhase.h"
</span><span class="lines">@@ -255,6 +256,9 @@
</span><span class="cx"> dataLog("Graph after parsing:\n");
</span><span class="cx"> dfg.dump();
</span><span class="cx"> }
</span><ins>+
+ if (Options::enableMaximalFlushInsertionPhase())
+ performMaximalFlushInsertion(dfg);
</ins><span class="cx">
</span><span class="cx"> performCPSRethreading(dfg);
</span><span class="cx"> performUnification(dfg);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeOptionscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/Options.cpp (189543 => 189544)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/Options.cpp 2015-09-09 18:42:03 UTC (rev 189543)
+++ trunk/Source/JavaScriptCore/runtime/Options.cpp 2015-09-09 20:18:57 UTC (rev 189544)
</span><span class="lines">@@ -319,6 +319,10 @@
</span><span class="cx"> Options::maximumEvalCacheableSourceLength() = 150000;
</span><span class="cx"> Options::enableConcurrentJIT() = false;
</span><span class="cx"> }
</span><ins>+ if (Options::enableMaximalFlushInsertionPhase()) {
+ Options::enableOSREntryToDFG() = false;
+ Options::enableOSREntryToFTL() = false;
+ }
</ins><span class="cx">
</span><span class="cx"> // Compute the maximum value of the reoptimization retry counter. This is simply
</span><span class="cx"> // the largest value at which we don't overflow the execute counter, when using it
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeOptionsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/Options.h (189543 => 189544)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/Options.h 2015-09-09 18:42:03 UTC (rev 189543)
+++ trunk/Source/JavaScriptCore/runtime/Options.h 2015-09-09 20:18:57 UTC (rev 189544)
</span><span class="lines">@@ -238,6 +238,8 @@
</span><span class="cx"> v(bool, enablePolyvariantCallInlining, true, nullptr) \
</span><span class="cx"> v(bool, enablePolyvariantByIdInlining, true, nullptr) \
</span><span class="cx"> \
</span><ins>+ v(bool, enableMaximalFlushInsertionPhase, false, "Setting to true enables the DFG's MaximalFlushInsertionPhase to run.") \
+ \
</ins><span class="cx"> v(unsigned, maximumBinaryStringSwitchCaseLength, 50, nullptr) \
</span><span class="cx"> v(unsigned, maximumBinaryStringSwitchTotalLength, 2000, nullptr) \
</span><span class="cx"> \
</span></span></pre></div>
<a id="trunkToolsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Tools/ChangeLog (189543 => 189544)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/ChangeLog 2015-09-09 18:42:03 UTC (rev 189543)
+++ trunk/Tools/ChangeLog 2015-09-09 20:18:57 UTC (rev 189544)
</span><span class="lines">@@ -1,3 +1,12 @@
</span><ins>+2015-09-09 Saam barati <sbarati@apple.com>
+
+ DFG should have a debugging option that runs a phase that flushes all locals
+ https://bugs.webkit.org/show_bug.cgi?id=148916
+
+ Reviewed by Filip Pizlo.
+
+ * Scripts/run-jsc-stress-tests:
+
</ins><span class="cx"> 2015-09-09 Commit Queue <commit-queue@webkit.org>
</span><span class="cx">
</span><span class="cx"> Unreviewed, rolling out r189530 and r189534.
</span></span></pre></div>
<a id="trunkToolsScriptsrunjscstresstests"></a>
<div class="modfile"><h4>Modified: trunk/Tools/Scripts/run-jsc-stress-tests (189543 => 189544)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/Scripts/run-jsc-stress-tests 2015-09-09 18:42:03 UTC (rev 189543)
+++ trunk/Tools/Scripts/run-jsc-stress-tests 2015-09-09 20:18:57 UTC (rev 189544)
</span><span class="lines">@@ -785,6 +785,10 @@
</span><span class="cx"> run("misc-ftl-no-cjit", *(FTL_OPTIONS + NO_CJIT_OPTIONS + options))
</span><span class="cx"> end
</span><span class="cx">
</span><ins>+def runDFGMaximalFlushPhase
+ run("dfg-maximal-flush-validate-no-cjit", "--validateGraph=true", "--enableMaximalFlushInsertionPhase=true", *NO_CJIT_OPTIONS)
+end
+
</ins><span class="cx"> def defaultRun
</span><span class="cx"> runDefault
</span><span class="cx"> runAlwaysTriggerCopyPhase
</span><span class="lines">@@ -799,6 +803,7 @@
</span><span class="cx"> runFTLEager
</span><span class="cx"> runFTLEagerNoCJITValidate
</span><span class="cx"> runFTLNoCJITSmallPool
</span><ins>+ runDFGMaximalFlushPhase
</ins><span class="cx"> end
</span><span class="cx"> end
</span><span class="cx">
</span><span class="lines">@@ -820,6 +825,7 @@
</span><span class="cx"> runFTLNoCJITOSRValidation
</span><span class="cx"> runNoCJITNoAccessInlining
</span><span class="cx"> runFTLNoCJITNoAccessInlining
</span><ins>+ runDFGMaximalFlushPhase
</ins><span class="cx"> end
</span><span class="cx">
</span><span class="cx"> # This is expected to not do eager runs because eager runs can have a lot of recompilations
</span></span></pre>
</div>
</div>
</body>
</html>