Ignore:
Timestamp:
Jan 11, 2018, 2:18:17 PM (8 years ago)
Author:
[email protected]
Message:

JITMathIC code in the FTL is wrong when code gets duplicated
https://bugs.webkit.org/show_bug.cgi?id=181525
<rdar://problem/36351993>

Reviewed by Michael Saboff and Keith Miller.

JSTests:

  • stress/allow-math-ic-b3-code-duplication.js: Added.

Source/JavaScriptCore:

B3/Air may duplicate code for various reasons. Patchpoint generators inside
FTLLower must be aware that they can be called multiple times because of this.
The patchpoint for math ICs was not aware of this, and shared state amongst
all invocations of the patchpoint's generator. This patch fixes this bug so
that each invocation of the patchpoint's generator gets a unique math IC.

  • bytecode/CodeBlock.h:

(JSC::CodeBlock::addMathIC):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):
(JSC::FTL::DFG::LowerDFGToB3::compileUnaryMathIC):
(JSC::FTL::DFG::LowerDFGToB3::compileBinaryMathIC):
(JSC::FTL::DFG::LowerDFGToB3::compileArithAddOrSub):
(JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
(JSC::FTL::DFG::LowerDFGToB3::compileArithNegate):
(JSC::FTL::DFG::LowerDFGToB3::compileMathIC): Deleted.

  • jit/JITMathIC.h:

(JSC::isProfileEmpty):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/bytecode/CodeBlock.h

    r226783 r226806  
    250250   
    251251#if ENABLE(JIT)
    252     StructureStubInfo* addStubInfo(AccessType);
    253252    JITAddIC* addJITAddIC(ArithProfile*);
    254253    JITMulIC* addJITMulIC(ArithProfile*);
    255254    JITNegIC* addJITNegIC(ArithProfile*);
    256255    JITSubIC* addJITSubIC(ArithProfile*);
     256
     257    template <typename Generator, typename = typename std::enable_if<std::is_same<Generator, JITAddGenerator>::value>::type>
     258    JITAddIC* addMathIC(ArithProfile* profile) { return addJITAddIC(profile); }
     259
     260    template <typename Generator, typename = typename std::enable_if<std::is_same<Generator, JITMulGenerator>::value>::type>
     261    JITMulIC* addMathIC(ArithProfile* profile) { return addJITMulIC(profile); }
     262
     263    template <typename Generator, typename = typename std::enable_if<std::is_same<Generator, JITNegGenerator>::value>::type>
     264    JITNegIC* addMathIC(ArithProfile* profile) { return addJITNegIC(profile); }
     265
     266    template <typename Generator, typename = typename std::enable_if<std::is_same<Generator, JITSubGenerator>::value>::type>
     267    JITSubIC* addMathIC(ArithProfile* profile) { return addJITSubIC(profile); }
     268
     269    StructureStubInfo* addStubInfo(AccessType);
    257270    auto stubInfoBegin() { return m_stubInfos.begin(); }
    258271    auto stubInfoEnd() { return m_stubInfos.end(); }
Note: See TracChangeset for help on using the changeset viewer.