Commit 1d325fa7 authored by oliver@apple.com's avatar oliver@apple.com

fourthTier: NaturalLoops + Profiler = Crash

https://bugs.webkit.org/show_bug.cgi?id=118486

Reviewed by Geoffrey Garen.

I borked dominators in:
http://trac.webkit.org/changeset/152431/branches/dfgFourthTier/Source/JavaScriptCore/dfg/DFGDominators.h

This patch also adds some debug support, and fixes the loop that adds a block to
an already-existing natural loop. Note that we currently don't take that path in
most programs, but it will arise, for example if you use 'continue' - though you'd
have to use it rather cleverly since the bytecode will not jump to the loop header
in most uses of 'continue'.

* dfg/DFGDominators.cpp:
(JSC::DFG::Dominators::dump):
(DFG):
* dfg/DFGDominators.h:
(JSC::DFG::Dominators::dominates):
(Dominators):
* dfg/DFGNaturalLoops.cpp:
(JSC::DFG::NaturalLoops::compute):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153272 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 06cf1a8b
2013-07-08 Filip Pizlo <fpizlo@apple.com>
NaturalLoops + Profiler = Crash
https://bugs.webkit.org/show_bug.cgi?id=118486
Reviewed by Geoffrey Garen.
I borked dominators in:
http://trac.webkit.org/changeset/152431/branches/dfgFourthTier/Source/JavaScriptCore/dfg/DFGDominators.h
This patch also adds some debug support, and fixes the loop that adds a block to
an already-existing natural loop. Note that we currently don't take that path in
most programs, but it will arise, for example if you use 'continue' - though you'd
have to use it rather cleverly since the bytecode will not jump to the loop header
in most uses of 'continue'.
* dfg/DFGDominators.cpp:
(JSC::DFG::Dominators::dump):
(DFG):
* dfg/DFGDominators.h:
(JSC::DFG::Dominators::dominates):
(Dominators):
* dfg/DFGNaturalLoops.cpp:
(JSC::DFG::NaturalLoops::compute):
2013-07-08 Filip Pizlo <fpizlo@apple.com>
fourthTier: DFG::AbstractState::beginBasicBlock() should set m_haveStructures if any of the valuesAtHead have either a current known structure or a non-top/non-bottom array modes
......
......@@ -100,6 +100,22 @@ bool Dominators::iterateForBlock(Graph& graph, BlockIndex i)
return m_results[i].setAndCheck(m_scratch);
}
void Dominators::dump(Graph& graph, PrintStream& out) const
{
for (BlockIndex blockIndex = 0; blockIndex < graph.numBlocks(); ++blockIndex) {
BasicBlock* block = graph.block(blockIndex);
if (!block)
continue;
out.print(" Block ", *block, ":");
for (BlockIndex otherIndex = 0; otherIndex < graph.numBlocks(); ++otherIndex) {
if (!dominates(block->index, otherIndex))
continue;
out.print(" #", otherIndex);
}
out.print("\n");
}
}
} } // namespace JSC::DFG
#endif // ENABLE(DFG_JIT)
......
......@@ -49,7 +49,7 @@ public:
bool dominates(BlockIndex from, BlockIndex to) const
{
ASSERT(isValid());
return m_results[from].get(to);
return m_results[to].get(from);
}
bool dominates(BasicBlock* from, BasicBlock* to) const
......@@ -57,10 +57,12 @@ public:
return dominates(from->index, to->index);
}
void dump(Graph& graph, PrintStream&) const;
private:
bool iterateForBlock(Graph& graph, BlockIndex);
Vector<FastBitVector> m_results;
Vector<FastBitVector> m_results; // For each block, the bitvector of blocks that dominate it.
FastBitVector m_scratch;
};
......
......@@ -58,6 +58,11 @@ void NaturalLoops::compute(Graph& graph)
graph.m_dominators.computeIfNecessary(graph);
if (verbose) {
dataLog("Dominators:\n");
graph.m_dominators.dump(graph, WTF::dataFile());
}
m_loops.resize(0);
for (BlockIndex blockIndex = graph.numBlocks(); blockIndex--;) {
......@@ -71,9 +76,10 @@ void NaturalLoops::compute(Graph& graph)
continue;
bool found = false;
for (unsigned j = m_loops.size(); j--;) {
if (m_loops[i].header() == successor) {
m_loops[i].addBlock(block);
if (m_loops[j].header() == successor) {
m_loops[j].addBlock(block);
found = true;
break;
}
}
if (found)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment