[webkit-dev] (Legacy 2.1.1) LLINT: _llint_program_prologue CodeBlock::m_instructions[0] is NULL
Geoffrey Garen
ggaren at apple.com
Wed Aug 26 10:54:09 PDT 2015
The CodeBlock constructor is responsible for filling m_instructions. I’d start there.
Geoff
> On Aug 26, 2015, at 9:46 AM, Bryan Woodruff <bryan.woodruff at boxspy.com> wrote:
>
> Apologies in advance for cross-posting – not seeing any activity on webkit-help.
>
> Caveat: Due to divergence in the code base and the target platform, I’m working with an older port based on v2.1.1. But, I believe my question is broad enough that someone may be able to help point me in the right area.
>
> I’m enabling LLINT which was not enabled for the port we’re working with in this version. In the dispatch to llint_program_prologue, the CodeBlock.m_instructions[0] points to the value 0 which results into a jmp to 0 and a subsequent access violation.
>
> I’m looking to understand what conditions cause CodeBlock.m_instructions[0] to not point to code. Both JIT and LLINT are enabled.
>
> JSC::prepareForExecution builds a CTI stub with programEntryThunkGenerator, the prologue thunk executes and lands in the prologue code. I verified that the CodeBlock processed in prologue is the CodeBlock set up by this stack:
>
> x!JSC::prepareForExecution<JSC::ProgramCodeBlock>(JSC::ExecState *, WTF::OwnPtr<JSC::ProgramCodeBlock> & {...}, JSC::JITCode & {...}, JSC::JITCode::JITType BaselineJIT, unsigned int) executionharness.h line 42
> x!JSC::ProgramExecutable::compileInternal(JSC::ExecState *, JSC::JSScope *, JSC::JITCode::JITType BaselineJIT, unsigned int) executable.cpp line 328 + 19 bytes
> x!JSC::ProgramExecutable::compile(JSC::ExecState *, JSC::JSScope *) executable.h line 514 + 19 bytes
>
> Note that this code path is not taken as the profiler is not enabled, I’m not clear as to the design if this would impact this 0 index of m_instructions or not.
>
> if (exec->vm().m_perBytecodeProfiler)
> exec->vm().m_perBytecodeProfiler->ensureBytecodesFor(codeBlock.get());
>
> After the prepareForExecution and going through the thunk, it’s the processing of the CodeBlock that lands the instruction pointer at 0. The offset of m_instructions looks correct comparing the offset with other assembly generated for other modules (including CodeBlock.cpp itself). Inspecting the CodeBlock object and m_instructions[0] verifies it has a 0 in this entry. I am assuming this is unexpected – but I don’t understand where this is supposed to be set up when tracing step-by-step through this code path.
>
> Any suggestions/pointers appreciated.
>
> Thanks!
>
>
> _llint_program_prologue:
> prologue(notFunctionCodeBlockGetter, notFunctionCodeBlockSetter, _llint_entry_osr, _llint_trace_prologue)
> dispatch(0)
>
>
> # Set up the PC.
> if JSVALUE64
> loadp CodeBlock::m_instructions[t1], PB
> move 0, PC
> else
> loadp CodeBlock::m_instructions[t1], PC
> end
>
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org <mailto:webkit-dev at lists.webkit.org>
> https://lists.webkit.org/mailman/listinfo/webkit-dev <https://lists.webkit.org/mailman/listinfo/webkit-dev>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-dev/attachments/20150826/a3eee898/attachment.html>
More information about the webkit-dev
mailing list