<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[244811] trunk/Source/JavaScriptCore</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/244811">244811</a></dd>
<dt>Author</dt> <dd>sbarati@apple.com</dd>
<dt>Date</dt> <dd>2019-04-30 16:37:27 -0700 (Tue, 30 Apr 2019)</dd>
</dl>

<h3>Log Message</h3>
<pre>CodeBlock::m_instructionCount is wrong
https://bugs.webkit.org/show_bug.cgi?id=197304

Reviewed by Yusuke Suzuki.

What we were calling instructionCount() was wrong, as evidenced by
us using it incorrectly both in the sampling profiler and when we
dumped bytecode for a given CodeBlock. Prior to the bytecode rewrite,
instructionCount() was probably valid to do bounds checks against.
However, this is no longer the case. This patch renames what we called
instructionCount() to bytecodeCost(). It is now only used to make decisions
about inlining and tier up heuristics. I've also named options related to
this appropriately.
        
This patch also introduces instructionsSize(). The result of this method
is valid to do bounds checks against.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpAssumingJITType const):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::optimizationThresholdScalingFactor):
(JSC::CodeBlock::predictedMachineCodeSize):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::instructionsSize const):
(JSC::CodeBlock::bytecodeCost const):
(JSC::CodeBlock::instructionCount const): Deleted.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::inliningCost):
(JSC::DFG::ByteCodeParser::getInliningBalance):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::mightCompileEval):
(JSC::DFG::mightCompileProgram):
(JSC::DFG::mightCompileFunctionForCall):
(JSC::DFG::mightCompileFunctionForConstruct):
(JSC::DFG::mightInlineFunctionForCall):
(JSC::DFG::mightInlineFunctionForClosureCall):
(JSC::DFG::mightInlineFunctionForConstruct):
* dfg/DFGCapabilities.h:
(JSC::DFG::isSmallEnoughToInlineCodeInto):
* dfg/DFGDisassembler.cpp:
(JSC::DFG::Disassembler::dumpHeader):
* dfg/DFGDriver.cpp:
(JSC::DFG::compileImpl):
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThread):
* dfg/DFGTierUpCheckInjectionPhase.cpp:
(JSC::DFG::TierUpCheckInjectionPhase::run):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLCompile.cpp:
(JSC::FTL::compile):
* ftl/FTLLink.cpp:
(JSC::FTL::link):
* jit/JIT.cpp:
(JSC::JIT::link):
* jit/JITDisassembler.cpp:
(JSC::JITDisassembler::dumpHeader):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::shouldJIT):
* profiler/ProfilerBytecodes.cpp:
(JSC::Profiler::Bytecodes::Bytecodes):
* runtime/Options.h:
* runtime/SamplingProfiler.cpp:
(JSC::tryGetBytecodeIndex):
(JSC::SamplingProfiler::processUnverifiedStackTraces):</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeCodeBlockcpp">trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeCodeBlockh">trunk/Source/JavaScriptCore/bytecode/CodeBlock.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGByteCodeParsercpp">trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGCapabilitiescpp">trunk/Source/JavaScriptCore/dfg/DFGCapabilities.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGCapabilitiesh">trunk/Source/JavaScriptCore/dfg/DFGCapabilities.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGDisassemblercpp">trunk/Source/JavaScriptCore/dfg/DFGDisassembler.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGDrivercpp">trunk/Source/JavaScriptCore/dfg/DFGDriver.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGPlancpp">trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGTierUpCheckInjectionPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGTierUpCheckInjectionPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLCapabilitiescpp">trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLCompilecpp">trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLLinkcpp">trunk/Source/JavaScriptCore/ftl/FTLLink.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITcpp">trunk/Source/JavaScriptCore/jit/JIT.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITDisassemblercpp">trunk/Source/JavaScriptCore/jit/JITDisassembler.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorellintLLIntSlowPathscpp">trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreprofilerProfilerBytecodescpp">trunk/Source/JavaScriptCore/profiler/ProfilerBytecodes.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeOptionsh">trunk/Source/JavaScriptCore/runtime/Options.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeSamplingProfilercpp">trunk/Source/JavaScriptCore/runtime/SamplingProfiler.cpp</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (244810 => 244811)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog    2019-04-30 23:18:44 UTC (rev 244810)
+++ trunk/Source/JavaScriptCore/ChangeLog       2019-04-30 23:37:27 UTC (rev 244811)
</span><span class="lines">@@ -1,3 +1,72 @@
</span><ins>+2019-04-30  Saam barati  <sbarati@apple.com>
+
+        CodeBlock::m_instructionCount is wrong
+        https://bugs.webkit.org/show_bug.cgi?id=197304
+
+        Reviewed by Yusuke Suzuki.
+
+        What we were calling instructionCount() was wrong, as evidenced by
+        us using it incorrectly both in the sampling profiler and when we
+        dumped bytecode for a given CodeBlock. Prior to the bytecode rewrite,
+        instructionCount() was probably valid to do bounds checks against.
+        However, this is no longer the case. This patch renames what we called
+        instructionCount() to bytecodeCost(). It is now only used to make decisions
+        about inlining and tier up heuristics. I've also named options related to
+        this appropriately.
+        
+        This patch also introduces instructionsSize(). The result of this method
+        is valid to do bounds checks against.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dumpAssumingJITType const):
+        (JSC::CodeBlock::CodeBlock):
+        (JSC::CodeBlock::finishCreation):
+        (JSC::CodeBlock::optimizationThresholdScalingFactor):
+        (JSC::CodeBlock::predictedMachineCodeSize):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::instructionsSize const):
+        (JSC::CodeBlock::bytecodeCost const):
+        (JSC::CodeBlock::instructionCount const): Deleted.
+        * dfg/DFGByteCodeParser.cpp:
+        (JSC::DFG::ByteCodeParser::inliningCost):
+        (JSC::DFG::ByteCodeParser::getInliningBalance):
+        * dfg/DFGCapabilities.cpp:
+        (JSC::DFG::mightCompileEval):
+        (JSC::DFG::mightCompileProgram):
+        (JSC::DFG::mightCompileFunctionForCall):
+        (JSC::DFG::mightCompileFunctionForConstruct):
+        (JSC::DFG::mightInlineFunctionForCall):
+        (JSC::DFG::mightInlineFunctionForClosureCall):
+        (JSC::DFG::mightInlineFunctionForConstruct):
+        * dfg/DFGCapabilities.h:
+        (JSC::DFG::isSmallEnoughToInlineCodeInto):
+        * dfg/DFGDisassembler.cpp:
+        (JSC::DFG::Disassembler::dumpHeader):
+        * dfg/DFGDriver.cpp:
+        (JSC::DFG::compileImpl):
+        * dfg/DFGPlan.cpp:
+        (JSC::DFG::Plan::compileInThread):
+        * dfg/DFGTierUpCheckInjectionPhase.cpp:
+        (JSC::DFG::TierUpCheckInjectionPhase::run):
+        * ftl/FTLCapabilities.cpp:
+        (JSC::FTL::canCompile):
+        * ftl/FTLCompile.cpp:
+        (JSC::FTL::compile):
+        * ftl/FTLLink.cpp:
+        (JSC::FTL::link):
+        * jit/JIT.cpp:
+        (JSC::JIT::link):
+        * jit/JITDisassembler.cpp:
+        (JSC::JITDisassembler::dumpHeader):
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::shouldJIT):
+        * profiler/ProfilerBytecodes.cpp:
+        (JSC::Profiler::Bytecodes::Bytecodes):
+        * runtime/Options.h:
+        * runtime/SamplingProfiler.cpp:
+        (JSC::tryGetBytecodeIndex):
+        (JSC::SamplingProfiler::processUnverifiedStackTraces):
+
</ins><span class="cx"> 2019-04-30  Tadeu Zagallo  <tzagallo@apple.com>
</span><span class="cx"> 
</span><span class="cx">         TypeArrays should not store properties that are canonical numeric indices
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp (244810 => 244811)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp       2019-04-30 23:18:44 UTC (rev 244810)
+++ trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp  2019-04-30 23:37:27 UTC (rev 244811)
</span><span class="lines">@@ -190,7 +190,7 @@
</span><span class="cx"> 
</span><span class="cx">     if (codeType() == FunctionCode)
</span><span class="cx">         out.print(specializationKind());
</span><del>-    out.print(", ", instructionCount());
</del><ins>+    out.print(", ", instructionsSize());
</ins><span class="cx">     if (this->jitType() == JITType::BaselineJIT && m_shouldAlwaysBeInlined)
</span><span class="cx">         out.print(" (ShouldAlwaysBeInlined)");
</span><span class="cx">     if (ownerExecutable()->neverInline())
</span><span class="lines">@@ -298,7 +298,7 @@
</span><span class="cx">     , m_hasDebuggerStatement(false)
</span><span class="cx">     , m_steppingMode(SteppingModeDisabled)
</span><span class="cx">     , m_numBreakpoints(0)
</span><del>-    , m_instructionCount(other.m_instructionCount)
</del><ins>+    , m_bytecodeCost(other.m_bytecodeCost)
</ins><span class="cx">     , m_scopeRegister(other.m_scopeRegister)
</span><span class="cx">     , m_hash(other.m_hash)
</span><span class="cx">     , m_unlinkedCode(*other.vm(), this, other.m_unlinkedCode.get())
</span><span class="lines">@@ -524,7 +524,7 @@
</span><span class="cx">     const InstructionStream& instructionStream = instructions();
</span><span class="cx">     for (const auto& instruction : instructionStream) {
</span><span class="cx">         OpcodeID opcodeID = instruction->opcodeID();
</span><del>-        m_instructionCount += opcodeLengths[opcodeID];
</del><ins>+        m_bytecodeCost += opcodeLengths[opcodeID];
</ins><span class="cx">         switch (opcodeID) {
</span><span class="cx">         LINK(OpHasIndexedProperty, arrayProfile)
</span><span class="cx"> 
</span><span class="lines">@@ -2335,17 +2335,17 @@
</span><span class="cx">     const double c = 0.0;
</span><span class="cx">     const double d = 0.825914;
</span><span class="cx">     
</span><del>-    double instructionCount = this->instructionCount();
</del><ins>+    double bytecodeCost = this->bytecodeCost();
</ins><span class="cx">     
</span><del>-    ASSERT(instructionCount); // Make sure this is called only after we have an instruction stream; otherwise it'll just return the value of d, which makes no sense.
</del><ins>+    ASSERT(bytecodeCost); // Make sure this is called only after we have an instruction stream; otherwise it'll just return the value of d, which makes no sense.
</ins><span class="cx">     
</span><del>-    double result = d + a * sqrt(instructionCount + b) + c * instructionCount;
</del><ins>+    double result = d + a * sqrt(bytecodeCost + b) + c * bytecodeCost;
</ins><span class="cx">     
</span><span class="cx">     result *= codeTypeThresholdMultiplier();
</span><span class="cx">     
</span><span class="cx">     if (Options::verboseOSR()) {
</span><span class="cx">         dataLog(
</span><del>-            *this, ": instruction count is ", instructionCount,
</del><ins>+            *this, ": bytecode cost is ", bytecodeCost,
</ins><span class="cx">             ", scaling execution counter by ", result, " * ", codeTypeThresholdMultiplier(),
</span><span class="cx">             "\n");
</span><span class="cx">     }
</span><span class="lines">@@ -2870,7 +2870,7 @@
</span><span class="cx">     if (multiplier < 0 || multiplier > 1000)
</span><span class="cx">         return 0;
</span><span class="cx">     
</span><del>-    double doubleResult = multiplier * instructionCount();
</del><ins>+    double doubleResult = multiplier * bytecodeCost();
</ins><span class="cx">     
</span><span class="cx">     // Be even more paranoid: silently reject values that won't fit into a size_t. If
</span><span class="cx">     // the function is so huge that we can't even fit it into virtual memory then we
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeCodeBlockh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/CodeBlock.h (244810 => 244811)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/CodeBlock.h 2019-04-30 23:18:44 UTC (rev 244810)
+++ trunk/Source/JavaScriptCore/bytecode/CodeBlock.h    2019-04-30 23:37:27 UTC (rev 244811)
</span><span class="lines">@@ -384,7 +384,8 @@
</span><span class="cx"> 
</span><span class="cx">     size_t predictedMachineCodeSize();
</span><span class="cx"> 
</span><del>-    unsigned instructionCount() const { return m_instructionCount; }
</del><ins>+    unsigned instructionsSize() const { return instructions().size(); }
+    unsigned bytecodeCost() const { return m_bytecodeCost; }
</ins><span class="cx"> 
</span><span class="cx">     // Exactly equivalent to codeBlock->ownerExecutable()->newReplacementCodeBlockFor(codeBlock->specializationKind())
</span><span class="cx">     CodeBlock* newReplacement();
</span><span class="lines">@@ -963,7 +964,7 @@
</span><span class="cx">             unsigned m_numBreakpoints : 30;
</span><span class="cx">         };
</span><span class="cx">     };
</span><del>-    unsigned m_instructionCount { 0 };
</del><ins>+    unsigned m_bytecodeCost { 0 };
</ins><span class="cx">     VirtualRegister m_scopeRegister;
</span><span class="cx">     mutable CodeBlockHash m_hash;
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGByteCodeParsercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp (244810 => 244811)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp    2019-04-30 23:18:44 UTC (rev 244810)
+++ trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp       2019-04-30 23:37:27 UTC (rev 244811)
</span><span class="lines">@@ -1559,7 +1559,7 @@
</span><span class="cx">     VERBOSE_LOG("    Inlining should be possible.\n");
</span><span class="cx">     
</span><span class="cx">     // It might be possible to inline.
</span><del>-    return codeBlock->instructionCount();
</del><ins>+    return codeBlock->bytecodeCost();
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> template<typename ChecksFunctor>
</span><span class="lines">@@ -1904,11 +1904,11 @@
</span><span class="cx"> 
</span><span class="cx"> unsigned ByteCodeParser::getInliningBalance(const CallLinkStatus& callLinkStatus, CodeSpecializationKind specializationKind)
</span><span class="cx"> {
</span><del>-    unsigned inliningBalance = Options::maximumFunctionForCallInlineCandidateInstructionCount();
</del><ins>+    unsigned inliningBalance = Options::maximumFunctionForCallInlineCandidateBytecodeCost();
</ins><span class="cx">     if (specializationKind == CodeForConstruct)
</span><del>-        inliningBalance = std::min(inliningBalance, Options::maximumFunctionForConstructInlineCandidateInstructionCount());
</del><ins>+        inliningBalance = std::min(inliningBalance, Options::maximumFunctionForConstructInlineCandidateBytecoodeCost());
</ins><span class="cx">     if (callLinkStatus.isClosureCall())
</span><del>-        inliningBalance = std::min(inliningBalance, Options::maximumFunctionForClosureCallInlineCandidateInstructionCount());
</del><ins>+        inliningBalance = std::min(inliningBalance, Options::maximumFunctionForClosureCallInlineCandidateBytecodeCost());
</ins><span class="cx">     return inliningBalance;
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGCapabilitiescpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGCapabilities.cpp (244810 => 244811)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGCapabilities.cpp      2019-04-30 23:18:44 UTC (rev 244810)
+++ trunk/Source/JavaScriptCore/dfg/DFGCapabilities.cpp 2019-04-30 23:37:27 UTC (rev 244811)
</span><span class="lines">@@ -49,41 +49,41 @@
</span><span class="cx"> bool mightCompileEval(CodeBlock* codeBlock)
</span><span class="cx"> {
</span><span class="cx">     return isSupported()
</span><del>-        && codeBlock->instructionCount() <= Options::maximumOptimizationCandidateInstructionCount()
</del><ins>+        && codeBlock->bytecodeCost() <= Options::maximumOptimizationCandidateBytecodeCost()
</ins><span class="cx">         && codeBlock->ownerExecutable()->isOkToOptimize();
</span><span class="cx"> }
</span><span class="cx"> bool mightCompileProgram(CodeBlock* codeBlock)
</span><span class="cx"> {
</span><span class="cx">     return isSupported()
</span><del>-        && codeBlock->instructionCount() <= Options::maximumOptimizationCandidateInstructionCount()
</del><ins>+        && codeBlock->bytecodeCost() <= Options::maximumOptimizationCandidateBytecodeCost()
</ins><span class="cx">         && codeBlock->ownerExecutable()->isOkToOptimize();
</span><span class="cx"> }
</span><span class="cx"> bool mightCompileFunctionForCall(CodeBlock* codeBlock)
</span><span class="cx"> {
</span><span class="cx">     return isSupported()
</span><del>-        && codeBlock->instructionCount() <= Options::maximumOptimizationCandidateInstructionCount()
</del><ins>+        && codeBlock->bytecodeCost() <= Options::maximumOptimizationCandidateBytecodeCost()
</ins><span class="cx">         && codeBlock->ownerExecutable()->isOkToOptimize();
</span><span class="cx"> }
</span><span class="cx"> bool mightCompileFunctionForConstruct(CodeBlock* codeBlock)
</span><span class="cx"> {
</span><span class="cx">     return isSupported()
</span><del>-        && codeBlock->instructionCount() <= Options::maximumOptimizationCandidateInstructionCount()
</del><ins>+        && codeBlock->bytecodeCost() <= Options::maximumOptimizationCandidateBytecodeCost()
</ins><span class="cx">         && codeBlock->ownerExecutable()->isOkToOptimize();
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> bool mightInlineFunctionForCall(CodeBlock* codeBlock)
</span><span class="cx"> {
</span><del>-    return codeBlock->instructionCount() <= Options::maximumFunctionForCallInlineCandidateInstructionCount()
</del><ins>+    return codeBlock->bytecodeCost() <= Options::maximumFunctionForCallInlineCandidateBytecodeCost()
</ins><span class="cx">         && isSupportedForInlining(codeBlock);
</span><span class="cx"> }
</span><span class="cx"> bool mightInlineFunctionForClosureCall(CodeBlock* codeBlock)
</span><span class="cx"> {
</span><del>-    return codeBlock->instructionCount() <= Options::maximumFunctionForClosureCallInlineCandidateInstructionCount()
</del><ins>+    return codeBlock->bytecodeCost() <= Options::maximumFunctionForClosureCallInlineCandidateBytecodeCost()
</ins><span class="cx">         && isSupportedForInlining(codeBlock);
</span><span class="cx"> }
</span><span class="cx"> bool mightInlineFunctionForConstruct(CodeBlock* codeBlock)
</span><span class="cx"> {
</span><del>-    return codeBlock->instructionCount() <= Options::maximumFunctionForConstructInlineCandidateInstructionCount()
</del><ins>+    return codeBlock->bytecodeCost() <= Options::maximumFunctionForConstructInlineCandidateBytecoodeCost()
</ins><span class="cx">         && isSupportedForInlining(codeBlock);
</span><span class="cx"> }
</span><span class="cx"> bool canUseOSRExitFuzzing(CodeBlock* codeBlock)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGCapabilitiesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGCapabilities.h (244810 => 244811)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGCapabilities.h        2019-04-30 23:18:44 UTC (rev 244810)
+++ trunk/Source/JavaScriptCore/dfg/DFGCapabilities.h   2019-04-30 23:37:27 UTC (rev 244811)
</span><span class="lines">@@ -166,7 +166,7 @@
</span><span class="cx"> 
</span><span class="cx"> inline bool isSmallEnoughToInlineCodeInto(CodeBlock* codeBlock)
</span><span class="cx"> {
</span><del>-    return codeBlock->instructionCount() <= Options::maximumInliningCallerSize();
</del><ins>+    return codeBlock->bytecodeCost() <= Options::maximumInliningCallerBytecodeCost();
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } } // namespace JSC::DFG
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGDisassemblercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGDisassembler.cpp (244810 => 244811)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGDisassembler.cpp      2019-04-30 23:18:44 UTC (rev 244810)
+++ trunk/Source/JavaScriptCore/dfg/DFGDisassembler.cpp 2019-04-30 23:37:27 UTC (rev 244811)
</span><span class="lines">@@ -74,7 +74,7 @@
</span><span class="cx"> 
</span><span class="cx"> void Disassembler::dumpHeader(PrintStream& out, LinkBuffer& linkBuffer)
</span><span class="cx"> {
</span><del>-    out.print("Generated DFG JIT code for ", CodeBlockWithJITType(m_graph.m_codeBlock, JITType::DFGJIT), ", instruction count = ", m_graph.m_codeBlock->instructionCount(), ":\n");
</del><ins>+    out.print("Generated DFG JIT code for ", CodeBlockWithJITType(m_graph.m_codeBlock, JITType::DFGJIT), ", instructions size = ", m_graph.m_codeBlock->instructionsSize(), ":\n");
</ins><span class="cx">     out.print("    Optimized with execution counter = ", m_graph.m_profiledBlock->jitExecuteCounter(), "\n");
</span><span class="cx">     out.print("    Code at [", RawPointer(linkBuffer.debugAddress()), ", ", RawPointer(static_cast<char*>(linkBuffer.debugAddress()) + linkBuffer.size()), "):\n");
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGDrivercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGDriver.cpp (244810 => 244811)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGDriver.cpp    2019-04-30 23:18:44 UTC (rev 244810)
+++ trunk/Source/JavaScriptCore/dfg/DFGDriver.cpp       2019-04-30 23:37:27 UTC (rev 244811)
</span><span class="lines">@@ -73,7 +73,7 @@
</span><span class="cx">     unsigned osrEntryBytecodeIndex, const Operands<Optional<JSValue>>& mustHandleValues,
</span><span class="cx">     Ref<DeferredCompilationCallback>&& callback)
</span><span class="cx"> {
</span><del>-    if (!Options::bytecodeRangeToDFGCompile().isInRange(codeBlock->instructionCount())
</del><ins>+    if (!Options::bytecodeRangeToDFGCompile().isInRange(codeBlock->instructionsSize())
</ins><span class="cx">         || !ensureGlobalDFGWhitelist().contains(codeBlock))
</span><span class="cx">         return CompilationFailed;
</span><span class="cx">     
</span><span class="lines">@@ -85,7 +85,7 @@
</span><span class="cx">     ASSERT(!profiledDFGCodeBlock || profiledDFGCodeBlock->jitType() == JITType::DFGJIT);
</span><span class="cx">     
</span><span class="cx">     if (logCompilationChanges(mode))
</span><del>-        dataLog("DFG(Driver) compiling ", *codeBlock, " with ", mode, ", number of instructions = ", codeBlock->instructionCount(), "\n");
</del><ins>+        dataLog("DFG(Driver) compiling ", *codeBlock, " with ", mode, ", instructions size = ", codeBlock->instructionsSize(), "\n");
</ins><span class="cx">     
</span><span class="cx">     // Make sure that any stubs that the DFG is going to use are initialized. We want to
</span><span class="cx">     // make sure that all JIT code generation does finalization on the main thread.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGPlancpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp (244810 => 244811)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp      2019-04-30 23:18:44 UTC (rev 244810)
+++ trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp 2019-04-30 23:37:27 UTC (rev 244811)
</span><span class="lines">@@ -184,7 +184,7 @@
</span><span class="cx">     CompilationScope compilationScope;
</span><span class="cx"> 
</span><span class="cx">     if (logCompilationChanges(m_mode) || Options::logPhaseTimes())
</span><del>-        dataLog("DFG(Plan) compiling ", *m_codeBlock, " with ", m_mode, ", number of instructions = ", m_codeBlock->instructionCount(), "\n");
</del><ins>+        dataLog("DFG(Plan) compiling ", *m_codeBlock, " with ", m_mode, ", instructions size = ", m_codeBlock->instructionsSize(), "\n");
</ins><span class="cx"> 
</span><span class="cx">     CompilationPath path = compileInThreadImpl();
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGTierUpCheckInjectionPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGTierUpCheckInjectionPhase.cpp (244810 => 244811)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGTierUpCheckInjectionPhase.cpp 2019-04-30 23:18:44 UTC (rev 244810)
+++ trunk/Source/JavaScriptCore/dfg/DFGTierUpCheckInjectionPhase.cpp    2019-04-30 23:37:27 UTC (rev 244811)
</span><span class="lines">@@ -69,7 +69,7 @@
</span><span class="cx">         if (m_graph.m_profiledBlock->m_didFailFTLCompilation)
</span><span class="cx">             return false;
</span><span class="cx"> 
</span><del>-        if (!Options::bytecodeRangeToFTLCompile().isInRange(m_graph.m_profiledBlock->instructionCount()))
</del><ins>+        if (!Options::bytecodeRangeToFTLCompile().isInRange(m_graph.m_profiledBlock->instructionsSize()))
</ins><span class="cx">             return false;
</span><span class="cx"> 
</span><span class="cx">         if (!ensureGlobalFTLWhitelist().contains(m_graph.m_profiledBlock))
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLCapabilitiescpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp (244810 => 244811)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp      2019-04-30 23:18:44 UTC (rev 244810)
+++ trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp 2019-04-30 23:37:27 UTC (rev 244811)
</span><span class="lines">@@ -401,7 +401,7 @@
</span><span class="cx"> 
</span><span class="cx"> CapabilityLevel canCompile(Graph& graph)
</span><span class="cx"> {
</span><del>-    if (graph.m_codeBlock->instructionCount() > Options::maximumFTLCandidateInstructionCount()) {
</del><ins>+    if (graph.m_codeBlock->bytecodeCost() > Options::maximumFTLCandidateBytecodeCost()) {
</ins><span class="cx">         if (verboseCapabilities())
</span><span class="cx">             dataLog("FTL rejecting ", *graph.m_codeBlock, " because it's too big.\n");
</span><span class="cx">         return CannotCompile;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLCompilecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp (244810 => 244811)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp   2019-04-30 23:18:44 UTC (rev 244810)
+++ trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp      2019-04-30 23:37:27 UTC (rev 244811)
</span><span class="lines">@@ -168,7 +168,7 @@
</span><span class="cx">     if (B3::Air::Disassembler* disassembler = state.proc->code().disassembler()) {
</span><span class="cx">         PrintStream& out = WTF::dataFile();
</span><span class="cx"> 
</span><del>-        out.print("Generated ", state.graph.m_plan.mode(), " code for ", CodeBlockWithJITType(state.graph.m_codeBlock, JITType::FTLJIT), ", instruction count = ", state.graph.m_codeBlock->instructionCount(), ":\n");
</del><ins>+        out.print("Generated ", state.graph.m_plan.mode(), " code for ", CodeBlockWithJITType(state.graph.m_codeBlock, JITType::FTLJIT), ", instructions size = ", state.graph.m_codeBlock->instructionsSize(), ":\n");
</ins><span class="cx"> 
</span><span class="cx">         LinkBuffer& linkBuffer = *state.finalizer->b3CodeLinkBuffer;
</span><span class="cx">         B3::Value* currentB3Value = nullptr;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLLinkcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLLink.cpp (244810 => 244811)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLLink.cpp      2019-04-30 23:18:44 UTC (rev 244810)
+++ trunk/Source/JavaScriptCore/ftl/FTLLink.cpp 2019-04-30 23:37:27 UTC (rev 244811)
</span><span class="lines">@@ -71,7 +71,7 @@
</span><span class="cx">     if (UNLIKELY(compilation)) {
</span><span class="cx">         compilation->addDescription(
</span><span class="cx">             Profiler::OriginStack(),
</span><del>-            toCString("Generated FTL JIT code for ", CodeBlockWithJITType(codeBlock, JITType::FTLJIT), ", instruction count = ", graph.m_codeBlock->instructionCount(), ":\n"));
</del><ins>+            toCString("Generated FTL JIT code for ", CodeBlockWithJITType(codeBlock, JITType::FTLJIT), ", instructions size = ", graph.m_codeBlock->instructionsSize(), ":\n"));
</ins><span class="cx">         
</span><span class="cx">         graph.ensureSSADominators();
</span><span class="cx">         graph.ensureSSANaturalLoops();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JIT.cpp (244810 => 244811)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JIT.cpp  2019-04-30 23:18:44 UTC (rev 244810)
+++ trunk/Source/JavaScriptCore/jit/JIT.cpp     2019-04-30 23:37:27 UTC (rev 244811)
</span><span class="lines">@@ -907,7 +907,7 @@
</span><span class="cx">     
</span><span class="cx">     m_vm->machineCodeBytesPerBytecodeWordForBaselineJIT->add(
</span><span class="cx">         static_cast<double>(result.size()) /
</span><del>-        static_cast<double>(m_codeBlock->instructionCount()));
</del><ins>+        static_cast<double>(m_codeBlock->instructionsSize()));
</ins><span class="cx"> 
</span><span class="cx">     m_codeBlock->shrinkToFit(CodeBlock::LateShrink);
</span><span class="cx">     m_codeBlock->setJITCode(
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITDisassemblercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITDisassembler.cpp (244810 => 244811)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITDisassembler.cpp      2019-04-30 23:18:44 UTC (rev 244810)
+++ trunk/Source/JavaScriptCore/jit/JITDisassembler.cpp 2019-04-30 23:37:27 UTC (rev 244811)
</span><span class="lines">@@ -89,7 +89,7 @@
</span><span class="cx"> 
</span><span class="cx"> void JITDisassembler::dumpHeader(PrintStream& out, LinkBuffer& linkBuffer)
</span><span class="cx"> {
</span><del>-    out.print("Generated Baseline JIT code for ", CodeBlockWithJITType(m_codeBlock, JITType::BaselineJIT), ", instruction count = ", m_codeBlock->instructionCount(), "\n");
</del><ins>+    out.print("Generated Baseline JIT code for ", CodeBlockWithJITType(m_codeBlock, JITType::BaselineJIT), ", instructions size = ", m_codeBlock->instructionsSize(), "\n");
</ins><span class="cx">     out.print("   Source: ", m_codeBlock->sourceCodeOnOneLine(), "\n");
</span><span class="cx">     out.print("   Code at [", RawPointer(linkBuffer.debugAddress()), ", ", RawPointer(static_cast<char*>(linkBuffer.debugAddress()) + linkBuffer.size()), "):\n");
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorellintLLIntSlowPathscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp (244810 => 244811)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp     2019-04-30 23:18:44 UTC (rev 244810)
+++ trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp        2019-04-30 23:37:27 UTC (rev 244811)
</span><span class="lines">@@ -357,7 +357,7 @@
</span><span class="cx"> 
</span><span class="cx"> inline bool shouldJIT(CodeBlock* codeBlock)
</span><span class="cx"> {
</span><del>-    if (!Options::bytecodeRangeToJITCompile().isInRange(codeBlock->instructionCount())
</del><ins>+    if (!Options::bytecodeRangeToJITCompile().isInRange(codeBlock->instructionsSize())
</ins><span class="cx">         || !ensureGlobalJITWhitelist().contains(codeBlock))
</span><span class="cx">         return false;
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreprofilerProfilerBytecodescpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/profiler/ProfilerBytecodes.cpp (244810 => 244811)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/profiler/ProfilerBytecodes.cpp       2019-04-30 23:18:44 UTC (rev 244810)
+++ trunk/Source/JavaScriptCore/profiler/ProfilerBytecodes.cpp  2019-04-30 23:37:27 UTC (rev 244811)
</span><span class="lines">@@ -40,7 +40,7 @@
</span><span class="cx">     , m_inferredName(codeBlock->inferredName())
</span><span class="cx">     , m_sourceCode(codeBlock->sourceCodeForTools())
</span><span class="cx">     , m_hash(codeBlock->hash())
</span><del>-    , m_instructionCount(codeBlock->instructionCount())
</del><ins>+    , m_instructionCount(codeBlock->instructionsSize())
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeOptionsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/Options.h (244810 => 244811)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/Options.h    2019-04-30 23:18:44 UTC (rev 244810)
+++ trunk/Source/JavaScriptCore/runtime/Options.h       2019-04-30 23:37:27 UTC (rev 244811)
</span><span class="lines">@@ -300,13 +300,13 @@
</span><span class="cx">     \
</span><span class="cx">     v(bool, breakOnThrow, false, Normal, nullptr) \
</span><span class="cx">     \
</span><del>-    v(unsigned, maximumOptimizationCandidateInstructionCount, 100000, Normal, nullptr) \
</del><ins>+    v(unsigned, maximumOptimizationCandidateBytecodeCost, 100000, Normal, nullptr) \
</ins><span class="cx">     \
</span><del>-    v(unsigned, maximumFunctionForCallInlineCandidateInstructionCount, 120, Normal, nullptr) \
-    v(unsigned, maximumFunctionForClosureCallInlineCandidateInstructionCount, 100, Normal, nullptr) \
-    v(unsigned, maximumFunctionForConstructInlineCandidateInstructionCount, 100, Normal, nullptr) \
</del><ins>+    v(unsigned, maximumFunctionForCallInlineCandidateBytecodeCost, 120, Normal, nullptr) \
+    v(unsigned, maximumFunctionForClosureCallInlineCandidateBytecodeCost, 100, Normal, nullptr) \
+    v(unsigned, maximumFunctionForConstructInlineCandidateBytecoodeCost, 100, Normal, nullptr) \
</ins><span class="cx">     \
</span><del>-    v(unsigned, maximumFTLCandidateInstructionCount, 20000, Normal, nullptr) \
</del><ins>+    v(unsigned, maximumFTLCandidateBytecodeCost, 20000, Normal, nullptr) \
</ins><span class="cx">     \
</span><span class="cx">     /* Depth of inline stack, so 1 = no inlining, 2 = one level, etc. */ \
</span><span class="cx">     v(unsigned, maximumInliningDepth, 5, Normal, "maximum allowed inlining depth.  Depth of 1 means no inlining") \
</span><span class="lines">@@ -314,7 +314,7 @@
</span><span class="cx">     \
</span><span class="cx">     /* Maximum size of a caller for enabling inlining. This is purely to protect us */\
</span><span class="cx">     /* from super long compiles that take a lot of memory. */\
</span><del>-    v(unsigned, maximumInliningCallerSize, 10000, Normal, nullptr) \
</del><ins>+    v(unsigned, maximumInliningCallerBytecodeCost, 10000, Normal, nullptr) \
</ins><span class="cx">     \
</span><span class="cx">     v(unsigned, maximumVarargsForInlining, 100, Normal, nullptr) \
</span><span class="cx">     \
</span><span class="lines">@@ -558,6 +558,12 @@
</span><span class="cx">     v(enableDollarVM, useDollarVM, SameOption) \
</span><span class="cx">     v(enableWebAssembly, useWebAssembly, SameOption) \
</span><span class="cx">     v(verboseDFGByteCodeParsing, verboseDFGBytecodeParsing, SameOption) \
</span><ins>+    v(maximumOptimizationCandidateInstructionCount, maximumOptimizationCandidateBytecodeCost, SameOption) \
+    v(maximumFunctionForCallInlineCandidateInstructionCount, maximumFunctionForCallInlineCandidateBytecodeCost, SameOption) \
+    v(maximumFunctionForClosureCallInlineCandidateInstructionCount, maximumFunctionForClosureCallInlineCandidateBytecodeCost, SameOption) \
+    v(maximumFunctionForConstructInlineCandidateInstructionCount, maximumFunctionForConstructInlineCandidateBytecoodeCost, SameOption) \
+    v(maximumFTLCandidateInstructionCount, maximumFTLCandidateBytecodeCost, SameOption) \
+    v(maximumInliningCallerSize, maximumInliningCallerBytecodeCost, SameOption) \
</ins><span class="cx"> 
</span><span class="cx"> 
</span><span class="cx"> class Options {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeSamplingProfilercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/SamplingProfiler.cpp (244810 => 244811)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/SamplingProfiler.cpp 2019-04-30 23:18:44 UTC (rev 244810)
+++ trunk/Source/JavaScriptCore/runtime/SamplingProfiler.cpp    2019-04-30 23:37:27 UTC (rev 244811)
</span><span class="lines">@@ -434,7 +434,7 @@
</span><span class="cx"> 
</span><span class="cx"> #if USE(JSVALUE64)
</span><span class="cx">     unsigned bytecodeIndex = llintPC;
</span><del>-    if (bytecodeIndex < codeBlock->instructionCount()) {
</del><ins>+    if (bytecodeIndex < codeBlock->instructionsSize()) {
</ins><span class="cx">         isValid = true;
</span><span class="cx">         return bytecodeIndex;
</span><span class="cx">     }
</span><span class="lines">@@ -465,7 +465,7 @@
</span><span class="cx">         stackTrace.timestamp = unprocessedStackTrace.timestamp;
</span><span class="cx"> 
</span><span class="cx">         auto populateCodeLocation = [] (CodeBlock* codeBlock, unsigned bytecodeIndex, StackFrame::CodeLocation& location) {
</span><del>-            if (bytecodeIndex < codeBlock->instructionCount()) {
</del><ins>+            if (bytecodeIndex < codeBlock->instructionsSize()) {
</ins><span class="cx">                 int divot;
</span><span class="cx">                 int startOffset;
</span><span class="cx">                 int endOffset;
</span></span></pre>
</div>
</div>

</body>
</html>