[webkit-reviews] review granted: [Bug 213442] [JSC] llintTrue / jitTrue can encounter native functions : [Attachment 402414] Patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Jun 20 20:46:34 PDT 2020


Mark Lam <mark.lam at apple.com> has granted Yusuke Suzuki <ysuzuki at apple.com>'s
request for review:
Bug 213442: [JSC] llintTrue / jitTrue can encounter native functions
https://bugs.webkit.org/show_bug.cgi?id=213442

Attachment 402414: Patch

https://bugs.webkit.org/attachment.cgi?id=402414&action=review




--- Comment #4 from Mark Lam <mark.lam at apple.com> ---
Comment on attachment 402414
  --> https://bugs.webkit.org/attachment.cgi?id=402414
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=402414&action=review

r=me.  Can you make 2 changes?

1. rename jiTrue() to baselineJITTrue() or baselineTrue() to be consistent with
our now current distinction between useJIT() and useBaselineJIT()?
2. enhance your test case to actually verify that $vm.llintTrue() only returns
true when the function is a LLint function, and $vm.baselineJITTrue() only
returns true if the function is baseline compiled.

You can do this verification by doing str = $vm.codeBlockFor(func), and parsing
the str for "LLIntFunctionCall", "BaselineFunctionCall", "DFGFunctionCall", or
"FTLFunctionCall".

>> Source/JavaScriptCore/tools/JSDollarVM.cpp:1798
>> +		}
> 
> If the caller is not JS code, we continue traversing. I don't think this is
meaningful in practice, but keep this semantics as is.

I agree.  It should only check the immediate caller.  Let's fix it and test
accordingly.


More information about the webkit-reviews mailing list