Closed Bug 504705 Opened 15 years ago Closed 15 years ago

TM/nanojit: use NULL as the condition for unconditional guards

Categories

(Core :: JavaScript Engine, defect)

x86
macOS
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: n.nethercote, Assigned: n.nethercote)

Details

(Whiteboard: fixed-in-tracemonkey)

Attachments

(2 files)

Attached patch patch (deleted) — Splinter Review
This is a cut-down version of the patch from bug 498807, which was controversial and has stalled. Currently we always use insImm(1) as the condition for x/xbarrier/loop instructions. This patch changes things so that we just use NULL instead. It avoids creating quite a few unnecessary immediates and I'm seeing a 3--5ms speedup for SunSpider (but I don't entirely trust that number). Furthermore, my real motivation for this is that the CseFilter needs some work, and all these unnecessary immediates are clouding my analysis of how effective CseFilter is.
Attachment #389055 - Flags: review?(gal)
Attachment #389055 - Flags: review?(gal) → review+
Whiteboard: fixed-in-tracemonkey
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
This crashes debug builds on startup with TMFLAGS=full. Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x00000003 0x003d6799 in nanojit::LIns::opcode (this=0x0) at LIR.h:632 632 inline LOpcode opcode() const { return lastWord.opcode; } There are several places where we don't null check operands (hash, live). #3 0x003f7e59 in nanojit::live (gc=0x44be4b, frag=0x1b028bc0, logc=0x44be68) at ../../../js/src/nanojit/LIR.cpp:1578 1578 live.add(i->oprnd1(),i); (gdb) list 1573 live.add(i->oprnd1(),i); 1574 live.add(i->oprnd2()->oprnd1(),i); 1575 live.add(i->oprnd2()->oprnd2(),i); 1576 } 1577 else if (operandCount[i->opcode()] == 1) { 1578 live.add(i->oprnd1(),i); 1579 } 1580 else if (operandCount[i->opcode()] == 2) { 1581 live.add(i->oprnd1(),i); 1582 live.add(i->oprnd2(),i); Backing out.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
I collided with a lirasm patch quite a bit. I hope I got the merge right. CCing jorendorff just to be sure.
The backout looks fine to me.
Attached patch patch that fixes problems (deleted) — Splinter Review
This should fix the problems.
Attachment #389651 - Flags: review?(gal)
Comment on attachment 389651 [details] [diff] [review] patch that fixes problems I don't think this is enough. LiveTable::live calls add() for the 2nd operand of xbarrier, for example, which is NULL, and add() does ->isconst() on it. There are a bunch of other places like that. The insImm() was there for a reason. We have to find all locations where we relied on this before and properly null-check. Might result in some ugly code here and there.
(In reply to comment #8) > LiveTable::live calls add() for the 2nd operand > of xbarrier, for example, which is NULL, It doesn't. xbarrier has an operandCount of 0 now, so LiveTable::live does nothing with it. > and add() does ->isconst() on it. You mean RetiredEntry::add()? ->isconst() shouldn't be a problem, it just checks the opcode. > There are a bunch of other places like that. The insImm() was there for a > reason. We have to find all locations where we relied on this before and > properly null-check. Might result in some ugly code here and there. With the updated patch I can successfully run trace-test.js under the shell with opt, debug, and debug/TMFLAGS=full builds, and also the unit tests with a debug build. Can you list any of these other places? They're not being hit with the above tests.
Attachment #389651 - Flags: review?(gal) → review+
Comment on attachment 389651 [details] [diff] [review] patch that fixes problems Ok, sounds good. Looks like xbarrier was the only weird case then with a middle argument being NULL.
x and loop also have NULL middle args, but their operandCounts were correctly 0 in LIRopcode.tbl. Thanks for the review!
Status: REOPENED → RESOLVED
Closed: 15 years ago15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: