<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[212018] branches/safari-603-branch/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/212018">212018</a></dd>
<dt>Author</dt> <dd>matthew_hanson@apple.com</dd>
<dt>Date</dt> <dd>2017-02-09 17:49:41 -0800 (Thu, 09 Feb 2017)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/211896">r211896</a>. rdar://problem/29754721</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branchessafari603branchSourceJavaScriptCoreChangeLog">branches/safari-603-branch/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#branchessafari603branchSourceJavaScriptCoreb3airAirInsertionSetcpp">branches/safari-603-branch/Source/JavaScriptCore/b3/air/AirInsertionSet.cpp</a></li>
<li><a href="#branchessafari603branchSourceJavaScriptCoreb3airAirInsertionSeth">branches/safari-603-branch/Source/JavaScriptCore/b3/air/AirInsertionSet.h</a></li>
<li><a href="#branchessafari603branchSourceJavaScriptCoreb3airAirIteratedRegisterCoalescingcpp">branches/safari-603-branch/Source/JavaScriptCore/b3/air/AirIteratedRegisterCoalescing.cpp</a></li>
<li><a href="#branchessafari603branchSourceJavaScriptCoreb3testb3cpp">branches/safari-603-branch/Source/JavaScriptCore/b3/testb3.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchessafari603branchSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/JavaScriptCore/ChangeLog (212017 => 212018)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/ChangeLog 2017-02-10 01:49:38 UTC (rev 212017)
+++ branches/safari-603-branch/Source/JavaScriptCore/ChangeLog 2017-02-10 01:49:41 UTC (rev 212018)
</span><span class="lines">@@ -1,5 +1,39 @@
</span><span class="cx"> 2017-02-09 Matthew Hanson <matthew_hanson@apple.com>
</span><span class="cx">
</span><ins>+ Merge r211896. rdar://problem/29754721
+
+ 2017-02-08 Saam Barati <sbarati@apple.com>
+
+ Air IRC might spill a terminal that produces a value after the terminal
+ https://bugs.webkit.org/show_bug.cgi?id=167919
+ <rdar://problem/29754721>
+
+ Reviewed by Filip Pizlo.
+
+ IRC may spill a value-producing terminal (a patchpoint can be a value-producing terminal).
+ It used to do this by placing the spill *after* the terminal. This produces an invalid
+ graph because no instructions are allowed after the terminal.
+
+ I fixed this bug by having a cleanup pass over the IR after IRC is done.
+ The pass detects this problem, and fixes it by moving the spill into the
+ successors. However, it is careful to detect when the edge to the
+ successor is a critical edge. If the value-producing patchpoint is
+ the only predecessor of the successor, it just moves the spill
+ code to the beginning of the successor. Otherwise, it's a critical
+ edge and it breaks it by adding a block that does the spilling then
+ jumps to the successor.
+
+ * b3/air/AirInsertionSet.cpp:
+ * b3/air/AirInsertionSet.h:
+ (JSC::B3::Air::InsertionSet::insertInsts):
+ * b3/air/AirIteratedRegisterCoalescing.cpp:
+ * b3/testb3.cpp:
+ (JSC::B3::testTerminalPatchpointThatNeedsToBeSpilled):
+ (JSC::B3::testTerminalPatchpointThatNeedsToBeSpilled2):
+ (JSC::B3::run):
+
+2017-02-09 Matthew Hanson <matthew_hanson@apple.com>
+
</ins><span class="cx"> Merge r211642. rdar://problem/29542720
</span><span class="cx">
</span><span class="cx"> 2017-02-03 Saam Barati <sbarati@apple.com>
</span></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoreb3airAirInsertionSetcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/JavaScriptCore/b3/air/AirInsertionSet.cpp (212017 => 212018)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/b3/air/AirInsertionSet.cpp 2017-02-10 01:49:38 UTC (rev 212017)
+++ branches/safari-603-branch/Source/JavaScriptCore/b3/air/AirInsertionSet.cpp 2017-02-10 01:49:41 UTC (rev 212018)
</span><span class="lines">@@ -33,12 +33,6 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC { namespace B3 { namespace Air {
</span><span class="cx">
</span><del>-void InsertionSet::insertInsts(size_t index, const Vector<Inst>& insts)
-{
- for (const Inst& inst : insts)
- insertInst(index, inst);
-}
-
</del><span class="cx"> void InsertionSet::insertInsts(size_t index, Vector<Inst>&& insts)
</span><span class="cx"> {
</span><span class="cx"> for (Inst& inst : insts)
</span></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoreb3airAirInsertionSeth"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/JavaScriptCore/b3/air/AirInsertionSet.h (212017 => 212018)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/b3/air/AirInsertionSet.h 2017-02-10 01:49:38 UTC (rev 212017)
+++ branches/safari-603-branch/Source/JavaScriptCore/b3/air/AirInsertionSet.h 2017-02-10 01:49:41 UTC (rev 212018)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2015-2016 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2015-2017 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -59,7 +59,12 @@
</span><span class="cx"> appendInsertion(Insertion(index, std::forward<Inst>(inst)));
</span><span class="cx"> }
</span><span class="cx">
</span><del>- void insertInsts(size_t index, const Vector<Inst>&);
</del><ins>+ template <typename InstVector>
+ void insertInsts(size_t index, const InstVector& insts)
+ {
+ for (const Inst& inst : insts)
+ insertInst(index, inst);
+ }
</ins><span class="cx"> void insertInsts(size_t index, Vector<Inst>&&);
</span><span class="cx">
</span><span class="cx"> template<typename... Arguments>
</span></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoreb3airAirIteratedRegisterCoalescingcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/JavaScriptCore/b3/air/AirIteratedRegisterCoalescing.cpp (212017 => 212018)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/b3/air/AirIteratedRegisterCoalescing.cpp 2017-02-10 01:49:38 UTC (rev 212017)
+++ branches/safari-603-branch/Source/JavaScriptCore/b3/air/AirIteratedRegisterCoalescing.cpp 2017-02-10 01:49:41 UTC (rev 212018)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2015-2016 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2015-2017 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -1274,6 +1274,8 @@
</span><span class="cx"> iteratedRegisterCoalescingOnType<Arg::GP>();
</span><span class="cx"> iteratedRegisterCoalescingOnType<Arg::FP>();
</span><span class="cx">
</span><ins>+ fixSpillsAfterTerminals();
+
</ins><span class="cx"> if (reportStats)
</span><span class="cx"> dataLog("Num iterations = ", m_numIterations, "\n");
</span><span class="cx"> }
</span><span class="lines">@@ -1573,6 +1575,66 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ void fixSpillsAfterTerminals()
+ {
+ // Because there may be terminals that produce values, IRC may
+ // want to spill those terminals. It'll happen to spill it after
+ // the terminal. If we left the graph in this state, it'd be invalid
+ // because a terminal must be the last instruction in a block.
+ // We fix that here.
+
+ InsertionSet insertionSet(m_code);
+
+ bool addedBlocks = false;
+
+ for (BasicBlock* block : m_code) {
+ unsigned terminalIndex = block->size();
+ bool foundTerminal = false;
+ while (terminalIndex--) {
+ if (block->at(terminalIndex).isTerminal()) {
+ foundTerminal = true;
+ break;
+ }
+ }
+ ASSERT_UNUSED(foundTerminal, foundTerminal);
+
+ if (terminalIndex == block->size() - 1)
+ continue;
+
+ // There must be instructions after the terminal because it's not the last instruction.
+ ASSERT(terminalIndex < block->size() - 1);
+ Vector<Inst, 1> instsToMove;
+ for (unsigned i = terminalIndex + 1; i < block->size(); i++)
+ instsToMove.append(block->at(i));
+ RELEASE_ASSERT(instsToMove.size());
+
+ for (FrequentedBlock& frequentedSuccessor : block->successors()) {
+ BasicBlock* successor = frequentedSuccessor.block();
+ // If successor's only predecessor is block, we can plant the spill inside
+ // the successor. Otherwise, we must split the critical edge and create
+ // a new block for the spill.
+ if (successor->numPredecessors() == 1) {
+ insertionSet.insertInsts(0, instsToMove);
+ insertionSet.execute(successor);
+ } else {
+ addedBlocks = true;
+ // FIXME: We probably want better block ordering here.
+ BasicBlock* newBlock = m_code.addBlock();
+ for (const Inst& inst : instsToMove)
+ newBlock->appendInst(inst);
+ newBlock->appendInst(Inst(Jump, instsToMove.last().origin));
+ newBlock->successors().append(successor);
+ frequentedSuccessor.block() = newBlock;
+ }
+ }
+
+ block->resize(terminalIndex + 1);
+ }
+
+ if (addedBlocks)
+ m_code.resetReachability();
+ }
+
</ins><span class="cx"> Code& m_code;
</span><span class="cx"> TmpWidth m_tmpWidth;
</span><span class="cx"> UseCounts<Tmp> m_useCounts;
</span></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoreb3testb3cpp"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/JavaScriptCore/b3/testb3.cpp (212017 => 212018)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/b3/testb3.cpp 2017-02-10 01:49:38 UTC (rev 212017)
+++ branches/safari-603-branch/Source/JavaScriptCore/b3/testb3.cpp 2017-02-10 01:49:41 UTC (rev 212018)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2015-2016 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2015-2017 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -13199,6 +13199,166 @@
</span><span class="cx"> CHECK(terminal.args[2].kind() == Air::Arg::BitImm || terminal.args[2].kind() == Air::Arg::BitImm64);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void testTerminalPatchpointThatNeedsToBeSpilled()
+{
+ // This is a unit test for how FTL's heap allocation fast paths behave.
+ Procedure proc;
+
+ BasicBlock* root = proc.addBlock();
+ BasicBlock* success = proc.addBlock();
+ BasicBlock* slowPath = proc.addBlock();
+
+ PatchpointValue* patchpoint = root->appendNew<PatchpointValue>(proc, Int32, Origin());
+ patchpoint->effects.terminal = true;
+ patchpoint->clobber(RegisterSet::macroScratchRegisters());
+
+ root->appendSuccessor(success);
+ root->appendSuccessor(FrequentedBlock(slowPath, FrequencyClass::Rare));
+
+ patchpoint->setGenerator(
+ [&] (CCallHelpers& jit, const StackmapGenerationParams& params) {
+ AllowMacroScratchRegisterUsage allowScratch(jit);
+ jit.move(CCallHelpers::TrustedImm32(42), params[0].gpr());
+
+ CCallHelpers::Jump jumpToSuccess;
+ if (!params.fallsThroughToSuccessor(0))
+ jumpToSuccess = jit.jump();
+
+ Vector<Box<CCallHelpers::Label>> labels = params.successorLabels();
+
+ params.addLatePath(
+ [=] (CCallHelpers& jit) {
+ if (jumpToSuccess.isSet())
+ jumpToSuccess.linkTo(*labels[0], &jit);
+ });
+ });
+
+ Vector<Value*> args;
+ {
+ RegisterSet fillAllGPRsSet = RegisterSet::allGPRs();
+ fillAllGPRsSet.exclude(RegisterSet::stackRegisters());
+ fillAllGPRsSet.exclude(RegisterSet::reservedHardwareRegisters());
+
+ for (unsigned i = 0; i < fillAllGPRsSet.numberOfSetRegisters(); i++)
+ args.append(success->appendNew<Const32Value>(proc, Origin(), i));
+ }
+
+ {
+ // Now force all values into every available register.
+ PatchpointValue* p = success->appendNew<PatchpointValue>(proc, Void, Origin());
+ for (Value* v : args)
+ p->append(v, ValueRep::SomeRegister);
+ p->setGenerator([&] (CCallHelpers&, const StackmapGenerationParams&) { });
+ }
+
+ {
+ // Now require the original patchpoint to be materialized into a register.
+ PatchpointValue* p = success->appendNew<PatchpointValue>(proc, Void, Origin());
+ p->append(patchpoint, ValueRep::SomeRegister);
+ p->setGenerator([&] (CCallHelpers&, const StackmapGenerationParams&) { });
+ }
+
+ success->appendNew<Value>(proc, Return, Origin(), success->appendNew<Const32Value>(proc, Origin(), 10));
+
+ slowPath->appendNew<Value>(proc, Return, Origin(), slowPath->appendNew<Const32Value>(proc, Origin(), 20));
+
+ auto code = compile(proc);
+ CHECK_EQ(invoke<int>(*code), 10);
+}
+
+void testTerminalPatchpointThatNeedsToBeSpilled2()
+{
+ // This is a unit test for how FTL's heap allocation fast paths behave.
+ Procedure proc;
+
+ BasicBlock* root = proc.addBlock();
+ BasicBlock* one = proc.addBlock();
+ BasicBlock* success = proc.addBlock();
+ BasicBlock* slowPath = proc.addBlock();
+
+ Value* arg = root->appendNew<Value>(
+ proc, Trunc, Origin(),
+ root->appendNew<ArgumentRegValue>(proc, Origin(), GPRInfo::argumentGPR0));
+
+ root->appendNew<Value>(
+ proc, Branch, Origin(), arg);
+ root->appendSuccessor(one);
+ root->appendSuccessor(FrequentedBlock(slowPath, FrequencyClass::Rare));
+
+ PatchpointValue* patchpoint = one->appendNew<PatchpointValue>(proc, Int32, Origin());
+ patchpoint->effects.terminal = true;
+ patchpoint->clobber(RegisterSet::macroScratchRegisters());
+ patchpoint->append(arg, ValueRep::SomeRegister);
+
+ one->appendSuccessor(success);
+ one->appendSuccessor(FrequentedBlock(slowPath, FrequencyClass::Rare));
+
+ patchpoint->setGenerator(
+ [&] (CCallHelpers& jit, const StackmapGenerationParams& params) {
+ AllowMacroScratchRegisterUsage allowScratch(jit);
+ jit.move(CCallHelpers::TrustedImm32(666), params[0].gpr());
+ auto goToFastPath = jit.branch32(CCallHelpers::Equal, params[1].gpr(), CCallHelpers::TrustedImm32(42));
+ auto jumpToSlow = jit.jump();
+
+ // Make sure the asserts here pass.
+ params.fallsThroughToSuccessor(0);
+ params.fallsThroughToSuccessor(1);
+
+ Vector<Box<CCallHelpers::Label>> labels = params.successorLabels();
+
+ params.addLatePath(
+ [=] (CCallHelpers& jit) {
+ goToFastPath.linkTo(*labels[0], &jit);
+ jumpToSlow.linkTo(*labels[1], &jit);
+ });
+ });
+
+ Vector<Value*> args;
+ {
+ RegisterSet fillAllGPRsSet = RegisterSet::allGPRs();
+ fillAllGPRsSet.exclude(RegisterSet::stackRegisters());
+ fillAllGPRsSet.exclude(RegisterSet::reservedHardwareRegisters());
+
+ for (unsigned i = 0; i < fillAllGPRsSet.numberOfSetRegisters(); i++)
+ args.append(success->appendNew<Const32Value>(proc, Origin(), i));
+ }
+
+ {
+ // Now force all values into every available register.
+ PatchpointValue* p = success->appendNew<PatchpointValue>(proc, Void, Origin());
+ for (Value* v : args)
+ p->append(v, ValueRep::SomeRegister);
+ p->setGenerator([&] (CCallHelpers&, const StackmapGenerationParams&) { });
+ }
+
+ {
+ // Now require the original patchpoint to be materialized into a register.
+ PatchpointValue* p = success->appendNew<PatchpointValue>(proc, Void, Origin());
+ p->append(patchpoint, ValueRep::SomeRegister);
+ p->setGenerator([&] (CCallHelpers&, const StackmapGenerationParams&) { });
+ }
+
+ success->appendNew<Value>(proc, Return, Origin(), patchpoint);
+
+ slowPath->appendNew<Value>(proc, Return, Origin(), arg);
+
+ auto original1 = Options::maxB3TailDupBlockSize();
+ auto original2 = Options::maxB3TailDupBlockSuccessors();
+
+ // Tail duplication will break the critical edge we're trying to test because it
+ // will clone the slowPath block for both edges to it!
+ Options::maxB3TailDupBlockSize() = 0;
+ Options::maxB3TailDupBlockSuccessors() = 0;
+
+ auto code = compile(proc);
+ CHECK_EQ(invoke<int>(*code, 1), 1);
+ CHECK_EQ(invoke<int>(*code, 0), 0);
+ CHECK_EQ(invoke<int>(*code, 42), 666);
+
+ Options::maxB3TailDupBlockSize() = original1;
+ Options::maxB3TailDupBlockSuccessors() = original2;
+}
+
</ins><span class="cx"> void testPatchpointTerminalReturnValue(bool successIsRare)
</span><span class="cx"> {
</span><span class="cx"> // This is a unit test for how FTL's heap allocation fast paths behave.
</span><span class="lines">@@ -14083,6 +14243,10 @@
</span><span class="cx"> return !filter || !!strcasestr(testName, filter);
</span><span class="cx"> };
</span><span class="cx">
</span><ins>+ // We run this test first because it fiddles with some
+ // JSC options.
+ testTerminalPatchpointThatNeedsToBeSpilled2();
+
</ins><span class="cx"> RUN(test42());
</span><span class="cx"> RUN(testLoad42());
</span><span class="cx"> RUN(testLoadOffsetImm9Max());
</span><span class="lines">@@ -15458,6 +15622,7 @@
</span><span class="cx"> RUN(testSomeEarlyRegister());
</span><span class="cx"> RUN(testPatchpointTerminalReturnValue(true));
</span><span class="cx"> RUN(testPatchpointTerminalReturnValue(false));
</span><ins>+ RUN(testTerminalPatchpointThatNeedsToBeSpilled());
</ins><span class="cx">
</span><span class="cx"> RUN(testMemoryFence());
</span><span class="cx"> RUN(testStoreFence());
</span></span></pre>
</div>
</div>
</body>
</html>