[Webkit-unassigned] [Bug 100364] New: LLInt C_Loop build is broken

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 25 04:09:39 PDT 2012


https://bugs.webkit.org/show_bug.cgi?id=100364

           Summary: LLInt C_Loop build is broken
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: hausmann at webkit.org
                CC: mark.lam at apple.com
            Blocks: 97648


The build with the C_LOOP back-end is broken in two ways:

The error is:

generated/LLIntAssembly.h: In static member function 'static JSC::JSValue JSC::LLInt::CLoop::execute(JSC::CallFrame*, JSC::OpcodeID, bool)':
generated/LLIntAssembly.h:3731:14: error: label 'llint_op_resolve' used but not defined
generated/LLIntAssembly.h:3917:10: error: label 'llint_op_resolve_base' used but not defined

These errors come from the following two snippets in LowLevelInterpreter.asm:


_llint_op_resolve_base_to_global_dynamic:
    jmp _llint_op_resolve_base

and as part of _llint_op_resolve_global_property:

    bpneq JSCell::m_structure[t1], t2, _llint_op_resolve

In both cases the destination label is referred to in the same way as it is defined. When creating the destination
labels, offlineasm/asm.rb uses OFFLINE_ASM_OPCODE_LABEL for both because their name contains with llint_op_. However
labels passed to _OPCODE_LABEL() have the _llint_ prefix stripped, so the resulting label in LLIntAssembly.h is actually
op_resolve_base and op_resolve. Therefore the "jmp _llint_op_resolve_base" and the bpneq cannot find their targets.

The second error is that even if LowLevelInterpreter.asm used _op_resolve_base as target if C_LOOP, turning the jmp into
a "goto op_resolve_base;", the build breaks when computed gotos are not available, because the OFFLINE_ASM_OPCODE_LABEL
only defines a "case Foo:" target instead of a combined target that can also be used with goto, like GLUE_LABEL does it:

    case label: label:


A possible workaround for both issues seems to be to use an extra local label:


--- a/Source/JavaScriptCore/llint/LowLevelInterpreter.asm
+++ b/Source/JavaScriptCore/llint/LowLevelInterpreter.asm
@@ -662,7 +662,7 @@ _llint_op_resolve_global_property:
     loadp CodeBlock[cfr], t1
     loadp CodeBlock::m_globalObject[t1], t1
     loadp ResolveOperation::m_structure[t0], t2
-    bpneq JSCell::m_structure[t1], t2, _llint_op_resolve
+    bpneq JSCell::m_structure[t1], t2, ._llint_op_resolve
     loadis ResolveOperation::m_offset[t0], t0
     if JSVALUE64
         loadPropertyAtVariableOffsetKnownNotInline(t0, t1, t2)
@@ -746,6 +746,7 @@ _llint_op_resolve_scoped_var_with_top_scope_check:
     moveJSValue(t1, t2, cfr, t3, 4, t0)
     dispatch(5)

+._llint_op_resolve:
 _llint_op_resolve:
     traceExecution()
     getResolveOperation(3, t0, t1)
@@ -780,7 +781,7 @@ _llint_op_resolve_base_to_global:
     dispatch(7)

 _llint_op_resolve_base_to_global_dynamic:
-    jmp _llint_op_resolve_base
+    jmp ._llint_resolve_base

 _llint_op_resolve_base_to_scope:
     traceExecution()
@@ -827,6 +828,7 @@ _llint_op_resolve_base_to_scope_with_top_scope_check:
     end
     dispatch(7)

+._llint_resolve_base:
 _llint_op_resolve_base:
     traceExecution()
     callSlowPath(_llint_slow_path_resolve_base)


But I'm not familiar enough with LLInt to be sure that this is the right solution.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list