Ignore:
Timestamp:
Mar 25, 2015, 6:26:56 PM (10 years ago)
Author:
[email protected]
Message:

Use JITCompilationCanFail in more places, and make the fail path of JITCompilationMustSucceed a crash instead of attempting GC
https://bugs.webkit.org/show_bug.cgi?id=142993

Source/JavaScriptCore:

Reviewed by Geoffrey Garen and Mark Lam.

This changes the most commonly invoked paths that relied on JITCompilationMustSucceed
into using JITCompilationCanFail and having a legit fallback path. This mostly involves
having the FTL JIT do the same trick as the DFG JIT in case of any memory allocation
failure, but also involves adding the same kind of thing to the stub generators in
Repatch.

Because of that change, there are relatively few uses of JITCompilationMustSucceed. Most
of those uses cannot handle a GC, and so cannot do releaseExecutableMemory(). Only a few,
like host call stub generation, could handle a GC, but those get invoked very rarely. So,
this patch changes the releaseExecutableMemory() call into a crash with some diagnostic
printout.

Also add a way of inducing executable allocation failure, so that we can test this.

(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
(JSC::DFG::JITCompiler::link): Deleted.
(JSC::DFG::JITCompiler::linkFunction): Deleted.

  • dfg/DFGJITCompiler.h:
  • dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThreadImpl):

  • ftl/FTLCompile.cpp:

(JSC::FTL::mmAllocateCodeSection):
(JSC::FTL::mmAllocateDataSection):

  • ftl/FTLLink.cpp:

(JSC::FTL::link):

  • ftl/FTLState.h:
  • jit/ArityCheckFailReturnThunks.cpp:

(JSC::ArityCheckFailReturnThunks::returnPCsFor):

  • jit/ExecutableAllocationFuzz.cpp: Added.

(JSC::numberOfExecutableAllocationFuzzChecks):
(JSC::doExecutableAllocationFuzzing):

  • jit/ExecutableAllocationFuzz.h: Added.

(JSC::doExecutableAllocationFuzzingIfEnabled):

  • jit/ExecutableAllocatorFixedVMPool.cpp:

(JSC::ExecutableAllocator::allocate):

  • jit/JIT.cpp:

(JSC::JIT::privateCompile):

  • jit/JITCompilationEffort.h:
  • jit/Repatch.cpp:

(JSC::generateByIdStub):
(JSC::tryCacheGetByID):
(JSC::tryBuildGetByIDList):
(JSC::emitPutReplaceStub):
(JSC::emitPutTransitionStubAndGetOldStructure):
(JSC::tryCachePutByID):
(JSC::tryBuildPutByIdList):
(JSC::tryRepatchIn):
(JSC::linkPolymorphicCall):

  • jsc.cpp:

(jscmain):

  • runtime/Options.h:
  • runtime/TestRunnerUtils.h:
  • runtime/VM.cpp:
  • tests/executableAllocationFuzz: Added.
  • tests/executableAllocationFuzz.yaml: Added.
  • tests/executableAllocationFuzz/v8-raytrace.js: Added.

Tools:

Reviewed by Mark Lam.

Bunch of support for testing executable allocation failure.

  • Scripts/jsc-stress-test-helpers/js-executable-allocation-fuzz: Added.

(fail):

  • Scripts/run-javascriptcore-tests:

(runJSCStressTests):

  • Scripts/run-jsc-stress-tests:
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/jsc.cpp

    r181887 r181990  
    14991499        if (Options::enableExceptionFuzz())
    15001500            printf("JSC EXCEPTION FUZZ: encountered %u checks.\n", numberOfExceptionFuzzChecks());
     1501        bool fireAtEnabled =
     1502            Options::fireExecutableAllocationFuzzAt() || Options::fireExecutableAllocationFuzzAtOrAfter();
     1503        if (Options::enableExecutableAllocationFuzz() && (!fireAtEnabled || Options::verboseExecutableAllocationFuzz()))
     1504            printf("JSC EXECUTABLE ALLOCATION FUZZ: encountered %u checks.\n", numberOfExecutableAllocationFuzzChecks());
    15011505#endif
    15021506    }
Note: See TracChangeset for help on using the changeset viewer.