Title: [289937] branches/safari-613-branch
- Revision
- 289937
- Author
- repst...@apple.com
- Date
- 2022-02-16 12:16:17 -0800 (Wed, 16 Feb 2022)
Log Message
Cherry-pick r289877. rdar://problem/81337114
Defer TerminationsExceptions while in operationMaterializeObjectInOSR.
https://bugs.webkit.org/show_bug.cgi?id=236686
rdar://81337114
Reviewed by Saam Barati.
JSTests:
These tests are identical except that they are customized with different watchdog
timeout periods for a Debug / Release build. This is a necessary condition in
order for the test to manifest this issue if the code is regressed.
* stress/termination-exception-in-operationMaterializeObjectInOSR-debug.js: Added.
* stress/termination-exception-in-operationMaterializeObjectInOSR-release.js: Added.
Source/_javascript_Core:
operationMaterializeObjectInOSR expects to always succeed. It is difficult (and
not worth the effort) to make it be able to handle interruptions by the
TerminationException. Since operationMaterializeObjectInOSR is guaranteed to
finish running in some finite time, it is reasonable to just defer handling a
pending TerminationException until the function returns.
* ftl/FTLOperations.cpp:
(JSC::FTL::JSC_DEFINE_JIT_OPERATION):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289877 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Added Paths
Diff
Added: branches/safari-613-branch/JSTests/stress/termination-exception-in-operationMaterializeObjectInOSR-debug.js (0 => 289937)
--- branches/safari-613-branch/JSTests/stress/termination-exception-in-operationMaterializeObjectInOSR-debug.js (rev 0)
+++ branches/safari-613-branch/JSTests/stress/termination-exception-in-operationMaterializeObjectInOSR-debug.js 2022-02-16 20:16:17 UTC (rev 289937)
@@ -0,0 +1,22 @@
+//@ skip if $buildType == "release"
+//@ runDefault("--watchdog=100", "--watchdog-exception-ok")
+
+function baz(c) {
+ if (c) {
+ $vm.haveABadTime();
+ }
+}
+noInline(baz);
+
+function bar() {}
+
+function foo(c, ...args) {
+ let args2 = [...args];
+ baz(c);
+ bar.apply(undefined, args2);
+}
+
+for (let i = 0; i < 70000; i++) {
+ foo(false, 0);
+}
+foo(true, 0);
Added: branches/safari-613-branch/JSTests/stress/termination-exception-in-operationMaterializeObjectInOSR-release.js (0 => 289937)
--- branches/safari-613-branch/JSTests/stress/termination-exception-in-operationMaterializeObjectInOSR-release.js (rev 0)
+++ branches/safari-613-branch/JSTests/stress/termination-exception-in-operationMaterializeObjectInOSR-release.js 2022-02-16 20:16:17 UTC (rev 289937)
@@ -0,0 +1,22 @@
+//@ skip if $buildType == "debug"
+//@ runDefault("--watchdog=4", "--watchdog-exception-ok")
+
+function baz(c) {
+ if (c) {
+ $vm.haveABadTime();
+ }
+}
+noInline(baz);
+
+function bar() {}
+
+function foo(c, ...args) {
+ let args2 = [...args];
+ baz(c);
+ bar.apply(undefined, args2);
+}
+
+for (let i = 0; i < 70000; i++) {
+ foo(false, 0);
+}
+foo(true, 0);
Modified: branches/safari-613-branch/Source/_javascript_Core/ftl/FTLOperations.cpp (289936 => 289937)
--- branches/safari-613-branch/Source/_javascript_Core/ftl/FTLOperations.cpp 2022-02-16 20:16:15 UTC (rev 289936)
+++ branches/safari-613-branch/Source/_javascript_Core/ftl/FTLOperations.cpp 2022-02-16 20:16:17 UTC (rev 289937)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014-2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2022 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -47,6 +47,7 @@
#include "JSMapIterator.h"
#include "JSSetIterator.h"
#include "RegExpObject.h"
+#include "VMTrapsInlines.h"
#include <wtf/Assertions.h>
IGNORE_WARNINGS_BEGIN("frame-address")
@@ -189,6 +190,10 @@
CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
+ // It's too hairy to handle TerminationExceptions during OSR object materialization.
+ // Let's just wait until after.
+ DeferTermination deferTermination(vm);
+
// We cannot GC. We've got pointers in evil places.
DeferGCForAWhile deferGC(vm);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
