Changeset 244811 in webkit

Timestamp:

Apr 30, 2019, 4:37:27 PM (6 years ago)

Author:

[email protected]

Message:

CodeBlock::m_instructionCount is wrong
​https://bugs.webkit.org/show_bug.cgi?id=197304

Reviewed by Yusuke Suzuki.

What we were calling instructionCount() was wrong, as evidenced by
us using it incorrectly both in the sampling profiler and when we
dumped bytecode for a given CodeBlock. Prior to the bytecode rewrite,
instructionCount() was probably valid to do bounds checks against.
However, this is no longer the case. This patch renames what we called
instructionCount() to bytecodeCost(). It is now only used to make decisions
about inlining and tier up heuristics. I've also named options related to
this appropriately.

This patch also introduces instructionsSize(). The result of this method
is valid to do bounds checks against.

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpAssumingJITType const):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::optimizationThresholdScalingFactor):
(JSC::CodeBlock::predictedMachineCodeSize):

• bytecode/CodeBlock.h:

(JSC::CodeBlock::instructionsSize const):
(JSC::CodeBlock::bytecodeCost const):
(JSC::CodeBlock::instructionCount const): Deleted.

• dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::inliningCost):
(JSC::DFG::ByteCodeParser::getInliningBalance):

• dfg/DFGCapabilities.cpp:

(JSC::DFG::mightCompileEval):
(JSC::DFG::mightCompileProgram):
(JSC::DFG::mightCompileFunctionForCall):
(JSC::DFG::mightCompileFunctionForConstruct):
(JSC::DFG::mightInlineFunctionForCall):
(JSC::DFG::mightInlineFunctionForClosureCall):
(JSC::DFG::mightInlineFunctionForConstruct):

• dfg/DFGCapabilities.h:

(JSC::DFG::isSmallEnoughToInlineCodeInto):

• dfg/DFGDisassembler.cpp:

(JSC::DFG::Disassembler::dumpHeader):

• dfg/DFGDriver.cpp:

(JSC::DFG::compileImpl):

• dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThread):

• dfg/DFGTierUpCheckInjectionPhase.cpp:

(JSC::DFG::TierUpCheckInjectionPhase::run):

• ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

• ftl/FTLCompile.cpp:

(JSC::FTL::compile):

• ftl/FTLLink.cpp:

(JSC::FTL::link):

• jit/JIT.cpp:

(JSC::JIT::link):

• jit/JITDisassembler.cpp:

(JSC::JITDisassembler::dumpHeader):

• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::shouldJIT):

• profiler/ProfilerBytecodes.cpp:

(JSC::Profiler::Bytecodes::Bytecodes):

• runtime/Options.h:
• runtime/SamplingProfiler.cpp:

(JSC::tryGetBytecodeIndex):
(JSC::SamplingProfiler::processUnverifiedStackTraces):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• bytecode/CodeBlock.cpp (modified) (6 diffs)
• bytecode/CodeBlock.h (modified) (2 diffs)
• dfg/DFGByteCodeParser.cpp (modified) (2 diffs)
• dfg/DFGCapabilities.cpp (modified) (5 diffs)
• dfg/DFGCapabilities.h (modified) (1 diff)
• dfg/DFGDisassembler.cpp (modified) (1 diff)
• dfg/DFGDriver.cpp (modified) (2 diffs)
• dfg/DFGPlan.cpp (modified) (1 diff)
• dfg/DFGTierUpCheckInjectionPhase.cpp (modified) (1 diff)
• ftl/FTLCapabilities.cpp (modified) (1 diff)
• ftl/FTLCompile.cpp (modified) (1 diff)
• ftl/FTLLink.cpp (modified) (1 diff)
• jit/JIT.cpp (modified) (1 diff)
• jit/JITDisassembler.cpp (modified) (1 diff)
• llint/LLIntSlowPaths.cpp (modified) (1 diff)
• profiler/ProfilerBytecodes.cpp (modified) (1 diff)
• runtime/Options.h (modified) (3 diffs)
• runtime/SamplingProfiler.cpp (modified) (2 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2019-04-30  Saam barati  <[email protected]>
+
+        CodeBlock::m_instructionCount is wrong
+        https://bugs.webkit.org/show_bug.cgi?id=197304
+
+        Reviewed by Yusuke Suzuki.
+
+        What we were calling instructionCount() was wrong, as evidenced by
+        us using it incorrectly both in the sampling profiler and when we
+        dumped bytecode for a given CodeBlock. Prior to the bytecode rewrite,
+        instructionCount() was probably valid to do bounds checks against.
+        However, this is no longer the case. This patch renames what we called
+        instructionCount() to bytecodeCost(). It is now only used to make decisions
+        about inlining and tier up heuristics. I've also named options related to
+        this appropriately.
+        
+        This patch also introduces instructionsSize(). The result of this method
+        is valid to do bounds checks against.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dumpAssumingJITType const):
+        (JSC::CodeBlock::CodeBlock):
+        (JSC::CodeBlock::finishCreation):
+        (JSC::CodeBlock::optimizationThresholdScalingFactor):
+        (JSC::CodeBlock::predictedMachineCodeSize):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::instructionsSize const):
+        (JSC::CodeBlock::bytecodeCost const):
+        (JSC::CodeBlock::instructionCount const): Deleted.
+        * dfg/DFGByteCodeParser.cpp:
+        (JSC::DFG::ByteCodeParser::inliningCost):
+        (JSC::DFG::ByteCodeParser::getInliningBalance):
+        * dfg/DFGCapabilities.cpp:
+        (JSC::DFG::mightCompileEval):
+        (JSC::DFG::mightCompileProgram):
+        (JSC::DFG::mightCompileFunctionForCall):
+        (JSC::DFG::mightCompileFunctionForConstruct):
+        (JSC::DFG::mightInlineFunctionForCall):
+        (JSC::DFG::mightInlineFunctionForClosureCall):
+        (JSC::DFG::mightInlineFunctionForConstruct):
+        * dfg/DFGCapabilities.h:
+        (JSC::DFG::isSmallEnoughToInlineCodeInto):
+        * dfg/DFGDisassembler.cpp:
+        (JSC::DFG::Disassembler::dumpHeader):
+        * dfg/DFGDriver.cpp:
+        (JSC::DFG::compileImpl):
+        * dfg/DFGPlan.cpp:
+        (JSC::DFG::Plan::compileInThread):
+        * dfg/DFGTierUpCheckInjectionPhase.cpp:
+        (JSC::DFG::TierUpCheckInjectionPhase::run):
+        * ftl/FTLCapabilities.cpp:
+        (JSC::FTL::canCompile):
+        * ftl/FTLCompile.cpp:
+        (JSC::FTL::compile):
+        * ftl/FTLLink.cpp:
+        (JSC::FTL::link):
+        * jit/JIT.cpp:
+        (JSC::JIT::link):
+        * jit/JITDisassembler.cpp:
+        (JSC::JITDisassembler::dumpHeader):
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::shouldJIT):
+        * profiler/ProfilerBytecodes.cpp:
+        (JSC::Profiler::Bytecodes::Bytecodes):
+        * runtime/Options.h:
+        * runtime/SamplingProfiler.cpp:
+        (JSC::tryGetBytecodeIndex):
+        (JSC::SamplingProfiler::processUnverifiedStackTraces):
+
 2019-04-30  Tadeu Zagallo  <[email protected]>
 

trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp

@@ -191 +191 @@
     if (codeType() == FunctionCode)
         out.print(specializationKind());
-    out.print(", ", instructionCount());
+    out.print(", ", instructionsSize());
     if (this->jitType() == JITType::BaselineJIT && m_shouldAlwaysBeInlined)
         out.print(" (ShouldAlwaysBeInlined)");
@@ -299 +299 @@
     , m_steppingMode(SteppingModeDisabled)
     , m_numBreakpoints(0)
-    , m_instructionCount(other.m_instructionCount)
+    , m_bytecodeCost(other.m_bytecodeCost)
     , m_scopeRegister(other.m_scopeRegister)
     , m_hash(other.m_hash)
@@ -525 +525 @@
     for (const auto& instruction : instructionStream) {
         OpcodeID opcodeID = instruction->opcodeID();
-        m_instructionCount += opcodeLengths[opcodeID];
+        m_bytecodeCost += opcodeLengths[opcodeID];
         switch (opcodeID) {
         LINK(OpHasIndexedProperty, arrayProfile)
@@ -2336 +2336 @@
     const double d = 0.825914;
     
-    double instructionCount = this->instructionCount();
-    
-    ASSERT(instructionCount); // Make sure this is called only after we have an instruction stream; otherwise it'll just return the value of d, which makes no sense.
-    
-    double result = d + a * sqrt(instructionCount + b) + c * instructionCount;
+    double bytecodeCost = this->bytecodeCost();
+    
+    ASSERT(bytecodeCost); // Make sure this is called only after we have an instruction stream; otherwise it'll just return the value of d, which makes no sense.
+    
+    double result = d + a * sqrt(bytecodeCost + b) + c * bytecodeCost;
     
     result *= codeTypeThresholdMultiplier();
@@ -2346 +2346 @@
     if (Options::verboseOSR()) {
         dataLog(
-            *this, ": instruction count is ", instructionCount,
+            *this, ": bytecode cost is ", bytecodeCost,
             ", scaling execution counter by ", result, " * ", codeTypeThresholdMultiplier(),
             "\n");
@@ -2871 +2871 @@
         return 0;
     
-    double doubleResult = multiplier * instructionCount();
+    double doubleResult = multiplier * bytecodeCost();
     
     // Be even more paranoid: silently reject values that won't fit into a size_t. If

trunk/Source/JavaScriptCore/bytecode/CodeBlock.h

@@ -385 +385 @@
     size_t predictedMachineCodeSize();
 
-    unsigned instructionCount() const { return m_instructionCount; }
+    unsigned instructionsSize() const { return instructions().size(); }
+    unsigned bytecodeCost() const { return m_bytecodeCost; }
 
     // Exactly equivalent to codeBlock->ownerExecutable()->newReplacementCodeBlockFor(codeBlock->specializationKind())
@@ -964 +965 @@
         };
     };
-    unsigned m_instructionCount { 0 };
+    unsigned m_bytecodeCost { 0 };
     VirtualRegister m_scopeRegister;
     mutable CodeBlockHash m_hash;

trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

@@ -1560 +1560 @@
     
     // It might be possible to inline.
-    return codeBlock->instructionCount();
+    return codeBlock->bytecodeCost();
 }
 
@@ -1905 +1905 @@
 unsigned ByteCodeParser::getInliningBalance(const CallLinkStatus& callLinkStatus, CodeSpecializationKind specializationKind)
 {
-    unsigned inliningBalance = Options::maximumFunctionForCallInlineCandidateInstructionCount();
+    unsigned inliningBalance = Options::maximumFunctionForCallInlineCandidateBytecodeCost();
     if (specializationKind == CodeForConstruct)
-        inliningBalance = std::min(inliningBalance, Options::maximumFunctionForConstructInlineCandidateInstructionCount());
+        inliningBalance = std::min(inliningBalance, Options::maximumFunctionForConstructInlineCandidateBytecoodeCost());
     if (callLinkStatus.isClosureCall())
-        inliningBalance = std::min(inliningBalance, Options::maximumFunctionForClosureCallInlineCandidateInstructionCount());
+        inliningBalance = std::min(inliningBalance, Options::maximumFunctionForClosureCallInlineCandidateBytecodeCost());
     return inliningBalance;
 }

trunk/Source/JavaScriptCore/dfg/DFGCapabilities.cpp

@@ -50 +50 @@
 {
     return isSupported()
-        && codeBlock->instructionCount() <= Options::maximumOptimizationCandidateInstructionCount()
+        && codeBlock->bytecodeCost() <= Options::maximumOptimizationCandidateBytecodeCost()
         && codeBlock->ownerExecutable()->isOkToOptimize();
 }
@@ -56 +56 @@
 {
     return isSupported()
-        && codeBlock->instructionCount() <= Options::maximumOptimizationCandidateInstructionCount()
+        && codeBlock->bytecodeCost() <= Options::maximumOptimizationCandidateBytecodeCost()
         && codeBlock->ownerExecutable()->isOkToOptimize();
 }
@@ -62 +62 @@
 {
     return isSupported()
-        && codeBlock->instructionCount() <= Options::maximumOptimizationCandidateInstructionCount()
+        && codeBlock->bytecodeCost() <= Options::maximumOptimizationCandidateBytecodeCost()
         && codeBlock->ownerExecutable()->isOkToOptimize();
 }
@@ -68 +68 @@
 {
     return isSupported()
-        && codeBlock->instructionCount() <= Options::maximumOptimizationCandidateInstructionCount()
+        && codeBlock->bytecodeCost() <= Options::maximumOptimizationCandidateBytecodeCost()
         && codeBlock->ownerExecutable()->isOkToOptimize();
 }
@@ -74 +74 @@
 bool mightInlineFunctionForCall(CodeBlock* codeBlock)
 {
-    return codeBlock->instructionCount() <= Options::maximumFunctionForCallInlineCandidateInstructionCount()
+    return codeBlock->bytecodeCost() <= Options::maximumFunctionForCallInlineCandidateBytecodeCost()
         && isSupportedForInlining(codeBlock);
 }
 bool mightInlineFunctionForClosureCall(CodeBlock* codeBlock)
 {
-    return codeBlock->instructionCount() <= Options::maximumFunctionForClosureCallInlineCandidateInstructionCount()
+    return codeBlock->bytecodeCost() <= Options::maximumFunctionForClosureCallInlineCandidateBytecodeCost()
         && isSupportedForInlining(codeBlock);
 }
 bool mightInlineFunctionForConstruct(CodeBlock* codeBlock)
 {
-    return codeBlock->instructionCount() <= Options::maximumFunctionForConstructInlineCandidateInstructionCount()
+    return codeBlock->bytecodeCost() <= Options::maximumFunctionForConstructInlineCandidateBytecoodeCost()
         && isSupportedForInlining(codeBlock);
 }

trunk/Source/JavaScriptCore/dfg/DFGCapabilities.h

@@ -167 +167 @@
 inline bool isSmallEnoughToInlineCodeInto(CodeBlock* codeBlock)
 {
-    return codeBlock->instructionCount() <= Options::maximumInliningCallerSize();
+    return codeBlock->bytecodeCost() <= Options::maximumInliningCallerBytecodeCost();
 }
 

trunk/Source/JavaScriptCore/dfg/DFGDisassembler.cpp

@@ -75 +75 @@
 void Disassembler::dumpHeader(PrintStream& out, LinkBuffer& linkBuffer)
 {
-    out.print("Generated DFG JIT code for ", CodeBlockWithJITType(m_graph.m_codeBlock, JITType::DFGJIT), ", instruction count = ", m_graph.m_codeBlock->instructionCount(), ":\n");
+    out.print("Generated DFG JIT code for ", CodeBlockWithJITType(m_graph.m_codeBlock, JITType::DFGJIT), ", instructions size = ", m_graph.m_codeBlock->instructionsSize(), ":\n");
     out.print("    Optimized with execution counter = ", m_graph.m_profiledBlock->jitExecuteCounter(), "\n");
     out.print("    Code at [", RawPointer(linkBuffer.debugAddress()), ", ", RawPointer(static_cast<char*>(linkBuffer.debugAddress()) + linkBuffer.size()), "):\n");

trunk/Source/JavaScriptCore/dfg/DFGDriver.cpp

@@ -74 +74 @@
     Ref<DeferredCompilationCallback>&& callback)
 {
-    if (!Options::bytecodeRangeToDFGCompile().isInRange(codeBlock->instructionCount())
+    if (!Options::bytecodeRangeToDFGCompile().isInRange(codeBlock->instructionsSize())
         || !ensureGlobalDFGWhitelist().contains(codeBlock))
         return CompilationFailed;
@@ -86 +86 @@
     
     if (logCompilationChanges(mode))
-        dataLog("DFG(Driver) compiling ", *codeBlock, " with ", mode, ", number of instructions = ", codeBlock->instructionCount(), "\n");
+        dataLog("DFG(Driver) compiling ", *codeBlock, " with ", mode, ", instructions size = ", codeBlock->instructionsSize(), "\n");
     
     // Make sure that any stubs that the DFG is going to use are initialized. We want to

trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp

@@ -185 +185 @@
 
     if (logCompilationChanges(m_mode) || Options::logPhaseTimes())
-        dataLog("DFG(Plan) compiling ", *m_codeBlock, " with ", m_mode, ", number of instructions = ", m_codeBlock->instructionCount(), "\n");
+        dataLog("DFG(Plan) compiling ", *m_codeBlock, " with ", m_mode, ", instructions size = ", m_codeBlock->instructionsSize(), "\n");
 
     CompilationPath path = compileInThreadImpl();

trunk/Source/JavaScriptCore/dfg/DFGTierUpCheckInjectionPhase.cpp

@@ -70 +70 @@
             return false;
 
-        if (!Options::bytecodeRangeToFTLCompile().isInRange(m_graph.m_profiledBlock->instructionCount()))
+        if (!Options::bytecodeRangeToFTLCompile().isInRange(m_graph.m_profiledBlock->instructionsSize()))
             return false;
 

trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp

@@ -402 +402 @@
 CapabilityLevel canCompile(Graph& graph)
 {
-    if (graph.m_codeBlock->instructionCount() > Options::maximumFTLCandidateInstructionCount()) {
+    if (graph.m_codeBlock->bytecodeCost() > Options::maximumFTLCandidateBytecodeCost()) {
         if (verboseCapabilities())
             dataLog("FTL rejecting ", *graph.m_codeBlock, " because it's too big.\n");

trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp

@@ -169 +169 @@
         PrintStream& out = WTF::dataFile();
 
-        out.print("Generated ", state.graph.m_plan.mode(), " code for ", CodeBlockWithJITType(state.graph.m_codeBlock, JITType::FTLJIT), ", instruction count = ", state.graph.m_codeBlock->instructionCount(), ":\n");
+        out.print("Generated ", state.graph.m_plan.mode(), " code for ", CodeBlockWithJITType(state.graph.m_codeBlock, JITType::FTLJIT), ", instructions size = ", state.graph.m_codeBlock->instructionsSize(), ":\n");
 
         LinkBuffer& linkBuffer = *state.finalizer->b3CodeLinkBuffer;

trunk/Source/JavaScriptCore/ftl/FTLLink.cpp

@@ -72 +72 @@
         compilation->addDescription(
             Profiler::OriginStack(),
-            toCString("Generated FTL JIT code for ", CodeBlockWithJITType(codeBlock, JITType::FTLJIT), ", instruction count = ", graph.m_codeBlock->instructionCount(), ":\n"));
+            toCString("Generated FTL JIT code for ", CodeBlockWithJITType(codeBlock, JITType::FTLJIT), ", instructions size = ", graph.m_codeBlock->instructionsSize(), ":\n"));
         
         graph.ensureSSADominators();

trunk/Source/JavaScriptCore/jit/JIT.cpp

@@ -908 +908 @@
     m_vm->machineCodeBytesPerBytecodeWordForBaselineJIT->add(
         static_cast<double>(result.size()) /
-        static_cast<double>(m_codeBlock->instructionCount()));
+        static_cast<double>(m_codeBlock->instructionsSize()));
 
     m_codeBlock->shrinkToFit(CodeBlock::LateShrink);

trunk/Source/JavaScriptCore/jit/JITDisassembler.cpp

@@ -90 +90 @@
 void JITDisassembler::dumpHeader(PrintStream& out, LinkBuffer& linkBuffer)
 {
-    out.print("Generated Baseline JIT code for ", CodeBlockWithJITType(m_codeBlock, JITType::BaselineJIT), ", instruction count = ", m_codeBlock->instructionCount(), "\n");
+    out.print("Generated Baseline JIT code for ", CodeBlockWithJITType(m_codeBlock, JITType::BaselineJIT), ", instructions size = ", m_codeBlock->instructionsSize(), "\n");
     out.print("   Source: ", m_codeBlock->sourceCodeOnOneLine(), "\n");
     out.print("   Code at [", RawPointer(linkBuffer.debugAddress()), ", ", RawPointer(static_cast<char*>(linkBuffer.debugAddress()) + linkBuffer.size()), "):\n");

trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

@@ -358 +358 @@
 inline bool shouldJIT(CodeBlock* codeBlock)
 {
-    if (!Options::bytecodeRangeToJITCompile().isInRange(codeBlock->instructionCount())
+    if (!Options::bytecodeRangeToJITCompile().isInRange(codeBlock->instructionsSize())
         || !ensureGlobalJITWhitelist().contains(codeBlock))
         return false;

trunk/Source/JavaScriptCore/profiler/ProfilerBytecodes.cpp

@@ -41 +41 @@
     , m_sourceCode(codeBlock->sourceCodeForTools())
     , m_hash(codeBlock->hash())
-    , m_instructionCount(codeBlock->instructionCount())
+    , m_instructionCount(codeBlock->instructionsSize())
 {
 }

trunk/Source/JavaScriptCore/runtime/Options.h

@@ -301 +301 @@
     v(bool, breakOnThrow, false, Normal, nullptr) \
     \
-    v(unsigned, maximumOptimizationCandidateInstructionCount, 100000, Normal, nullptr) \
-    \
-    v(unsigned, maximumFunctionForCallInlineCandidateInstructionCount, 120, Normal, nullptr) \
-    v(unsigned, maximumFunctionForClosureCallInlineCandidateInstructionCount, 100, Normal, nullptr) \
-    v(unsigned, maximumFunctionForConstructInlineCandidateInstructionCount, 100, Normal, nullptr) \
-    \
-    v(unsigned, maximumFTLCandidateInstructionCount, 20000, Normal, nullptr) \
+    v(unsigned, maximumOptimizationCandidateBytecodeCost, 100000, Normal, nullptr) \
+    \
+    v(unsigned, maximumFunctionForCallInlineCandidateBytecodeCost, 120, Normal, nullptr) \
+    v(unsigned, maximumFunctionForClosureCallInlineCandidateBytecodeCost, 100, Normal, nullptr) \
+    v(unsigned, maximumFunctionForConstructInlineCandidateBytecoodeCost, 100, Normal, nullptr) \
+    \
+    v(unsigned, maximumFTLCandidateBytecodeCost, 20000, Normal, nullptr) \
     \
     /* Depth of inline stack, so 1 = no inlining, 2 = one level, etc. */ \
@@ -315 +315 @@
     /* Maximum size of a caller for enabling inlining. This is purely to protect us */\
     /* from super long compiles that take a lot of memory. */\
-    v(unsigned, maximumInliningCallerSize, 10000, Normal, nullptr) \
+    v(unsigned, maximumInliningCallerBytecodeCost, 10000, Normal, nullptr) \
     \
     v(unsigned, maximumVarargsForInlining, 100, Normal, nullptr) \
@@ -559 +559 @@
     v(enableWebAssembly, useWebAssembly, SameOption) \
     v(verboseDFGByteCodeParsing, verboseDFGBytecodeParsing, SameOption) \
+    v(maximumOptimizationCandidateInstructionCount, maximumOptimizationCandidateBytecodeCost, SameOption) \
+    v(maximumFunctionForCallInlineCandidateInstructionCount, maximumFunctionForCallInlineCandidateBytecodeCost, SameOption) \
+    v(maximumFunctionForClosureCallInlineCandidateInstructionCount, maximumFunctionForClosureCallInlineCandidateBytecodeCost, SameOption) \
+    v(maximumFunctionForConstructInlineCandidateInstructionCount, maximumFunctionForConstructInlineCandidateBytecoodeCost, SameOption) \
+    v(maximumFTLCandidateInstructionCount, maximumFTLCandidateBytecodeCost, SameOption) \
+    v(maximumInliningCallerSize, maximumInliningCallerBytecodeCost, SameOption) \
 
 

trunk/Source/JavaScriptCore/runtime/SamplingProfiler.cpp

@@ -435 +435 @@
 #if USE(JSVALUE64)
     unsigned bytecodeIndex = llintPC;
-    if (bytecodeIndex < codeBlock->instructionCount()) {
+    if (bytecodeIndex < codeBlock->instructionsSize()) {
         isValid = true;
         return bytecodeIndex;
@@ -466 +466 @@
 
         auto populateCodeLocation = [] (CodeBlock* codeBlock, unsigned bytecodeIndex, StackFrame::CodeLocation& location) {
-            if (bytecodeIndex < codeBlock->instructionCount()) {
+            if (bytecodeIndex < codeBlock->instructionsSize()) {
                 int divot;
                 int startOffset;