DFG::AbstractValue::validateOSREntry is wrong when isHeapTop and the incoming value...
authorsbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 21 Mar 2019 05:43:08 +0000 (05:43 +0000)
committersbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 21 Mar 2019 05:43:08 +0000 (05:43 +0000)
https://bugs.webkit.org/show_bug.cgi?id=195721

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

There was a check in AbstractValue::validateOSREntry where it checked
if isHeapTop(), and if so, just returned true. However, this is wrong
if the value we're checking against is the empty value, since HeapTop
does not include the Empty value. Instead, this check should be
isBytecodeTop(), which does account for the empty value.

This patch also does a couple of other things:
- For our OSR entry AbstractValues, we were using HeapTop to mark
 a dead value. That is now changed to BytecodeTop. (The idea here
 is just to have validateOSREntry return early.)
- It wasn't obvious to me how I could make this fail in JS code.
 The symptom we'd end up seeing is something like a nullptr derefernece
 from forgetting to do a TDZ check. Instead, I've added a unit test.
 This unit test lives in a new test file: testdfg. testdfg is similar
 to testb3/testair/testapi.

* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/SpeculatedType.h:
* dfg/DFGAbstractValue.h:
(JSC::DFG::AbstractValue::isBytecodeTop const):
(JSC::DFG::AbstractValue::validateOSREntryValue const):
* dfg/testdfg.cpp: Added.
(hiddenTruthBecauseNoReturnIsStupid):
(usage):
(JSC::DFG::testEmptyValueDoesNotValidateWithHeapTop):
(JSC::DFG::run):
(run):
(main):
* shell/CMakeLists.txt:

Tools:

* Scripts/run-javascriptcore-tests:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@243278 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
Source/JavaScriptCore/bytecode/ArrayProfile.h
Source/JavaScriptCore/bytecode/SpeculatedType.h
Source/JavaScriptCore/dfg/DFGAbstractValue.h
Source/JavaScriptCore/dfg/DFGJITCompiler.cpp
Source/JavaScriptCore/dfg/DFGStructureAbstractValue.h
Source/JavaScriptCore/dfg/testdfg.cpp [new file with mode: 0644]
Source/JavaScriptCore/shell/CMakeLists.txt
Tools/ChangeLog
Tools/Scripts/run-javascriptcore-tests

index f658d2a..03753e7 100644 (file)
@@ -1,5 +1,42 @@
 2019-03-20  Saam Barati  <sbarati@apple.com>
 
+        DFG::AbstractValue::validateOSREntry is wrong when isHeapTop and the incoming value is Empty
+        https://bugs.webkit.org/show_bug.cgi?id=195721
+
+        Reviewed by Filip Pizlo.
+
+        There was a check in AbstractValue::validateOSREntry where it checked
+        if isHeapTop(), and if so, just returned true. However, this is wrong
+        if the value we're checking against is the empty value, since HeapTop
+        does not include the Empty value. Instead, this check should be
+        isBytecodeTop(), which does account for the empty value.
+        
+        This patch also does a couple of other things:
+        - For our OSR entry AbstractValues, we were using HeapTop to mark
+         a dead value. That is now changed to BytecodeTop. (The idea here
+         is just to have validateOSREntry return early.)
+        - It wasn't obvious to me how I could make this fail in JS code.
+         The symptom we'd end up seeing is something like a nullptr derefernece
+         from forgetting to do a TDZ check. Instead, I've added a unit test.
+         This unit test lives in a new test file: testdfg. testdfg is similar
+         to testb3/testair/testapi.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bytecode/SpeculatedType.h:
+        * dfg/DFGAbstractValue.h:
+        (JSC::DFG::AbstractValue::isBytecodeTop const):
+        (JSC::DFG::AbstractValue::validateOSREntryValue const):
+        * dfg/testdfg.cpp: Added.
+        (hiddenTruthBecauseNoReturnIsStupid):
+        (usage):
+        (JSC::DFG::testEmptyValueDoesNotValidateWithHeapTop):
+        (JSC::DFG::run):
+        (run):
+        (main):
+        * shell/CMakeLists.txt:
+
+2019-03-20  Saam Barati  <sbarati@apple.com>
+
         typeOfDoubleSum is wrong for when NaN can be produced
         https://bugs.webkit.org/show_bug.cgi?id=196030
 
index ab4e1b2..9e812fa 100644 (file)
@@ -59,6 +59,7 @@
                        buildPhases = (
                        );
                        dependencies = (
+                               52CD0F662242F5A3004A18A5 /* PBXTargetDependency */,
                                7954BE0D20B63348009BC83A /* PBXTargetDependency */,
                                FE533CAF1F217EC60016A1FE /* PBXTargetDependency */,
                                0F6183471C45F67A0072450B /* PBXTargetDependency */,
                52B311011975B4670080857C /* TypeLocationCache.h in Headers */ = {isa = PBXBuildFile; fileRef = 52B311001975B4670080857C /* TypeLocationCache.h */; settings = {ATTRIBUTES = (Private, ); }; };
                52C0611F1AA51E1C00B4ADBA /* RuntimeType.h in Headers */ = {isa = PBXBuildFile; fileRef = 52C0611D1AA51E1B00B4ADBA /* RuntimeType.h */; settings = {ATTRIBUTES = (Private, ); }; };
                52C952B719A289850069B386 /* TypeProfiler.h in Headers */ = {isa = PBXBuildFile; fileRef = 52C952B619A289850069B386 /* TypeProfiler.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               52CD0F5D2242F569004A18A5 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 51F0EB6105C86C6B00E6DF1B /* Foundation.framework */; };
+               52CD0F5E2242F569004A18A5 /* JavaScriptCore.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 932F5BD90822A1C700736975 /* JavaScriptCore.framework */; };
+               52CD0F682242F71C004A18A5 /* testdfg.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 52CD0F672242F71C004A18A5 /* testdfg.cpp */; };
                52D13091221CE176009C836C /* foo.js in Copy Support Script */ = {isa = PBXBuildFile; fileRef = 52D1308F221CE03A009C836C /* foo.js */; };
                52F6C35E1E71EB080081F4CC /* WebAssemblyWrapperFunction.h in Headers */ = {isa = PBXBuildFile; fileRef = 52F6C35C1E71EB080081F4CC /* WebAssemblyWrapperFunction.h */; };
                530A66B91FA3E78B0026A545 /* UnifiedSource3-mm.mm in Sources */ = {isa = PBXBuildFile; fileRef = 530A66B11FA3E77A0026A545 /* UnifiedSource3-mm.mm */; };
                        remoteGlobalIDString = 65FB3F6609D11E9100F49DEB;
                        remoteInfo = "Derived Sources";
                };
+               52CD0F652242F5A3004A18A5 /* PBXContainerItemProxy */ = {
+                       isa = PBXContainerItemProxy;
+                       containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+                       proxyType = 1;
+                       remoteGlobalIDString = 52CD0F592242F569004A18A5;
+                       remoteInfo = testdfg;
+               };
                53B4BD131F68C2AA00D2BEA3 /* PBXContainerItemProxy */ = {
                        isa = PBXContainerItemProxy;
                        containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
                52C0611D1AA51E1B00B4ADBA /* RuntimeType.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RuntimeType.h; sourceTree = "<group>"; };
                52C952B619A289850069B386 /* TypeProfiler.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = TypeProfiler.h; sourceTree = "<group>"; };
                52C952B819A28A1C0069B386 /* TypeProfiler.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = TypeProfiler.cpp; sourceTree = "<group>"; };
+               52CD0F642242F569004A18A5 /* testdfg */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = testdfg; sourceTree = BUILT_PRODUCTS_DIR; };
+               52CD0F672242F71C004A18A5 /* testdfg.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = testdfg.cpp; path = dfg/testdfg.cpp; sourceTree = "<group>"; };
                52D1308F221CE03A009C836C /* foo.js */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.javascript; path = foo.js; sourceTree = "<group>"; };
                52F6C35B1E71EB080081F4CC /* WebAssemblyWrapperFunction.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = WebAssemblyWrapperFunction.cpp; path = js/WebAssemblyWrapperFunction.cpp; sourceTree = "<group>"; };
                52F6C35C1E71EB080081F4CC /* WebAssemblyWrapperFunction.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = WebAssemblyWrapperFunction.h; path = js/WebAssemblyWrapperFunction.h; sourceTree = "<group>"; };
                        );
                        runOnlyForDeploymentPostprocessing = 0;
                };
+               52CD0F5C2242F569004A18A5 /* Frameworks */ = {
+                       isa = PBXFrameworksBuildPhase;
+                       buildActionMask = 2147483647;
+                       files = (
+                               52CD0F5D2242F569004A18A5 /* Foundation.framework in Frameworks */,
+                               52CD0F5E2242F569004A18A5 /* JavaScriptCore.framework in Frameworks */,
+                       );
+                       runOnlyForDeploymentPostprocessing = 0;
+               };
                651122FC14046A4C002B101D /* Frameworks */ = {
                        isa = PBXFrameworksBuildPhase;
                        buildActionMask = 2147483647;
                                79281BDC20B62B3E002E2A60 /* testmem */,
                                6511230514046A4C002B101D /* testRegExp */,
                                932F5BD90822A1C700736975 /* JavaScriptCore.framework */,
+                               52CD0F642242F569004A18A5 /* testdfg */,
                        );
                        name = Products;
                        sourceTree = "<group>";
                                0FDB2CE5174830A2007B3C1B /* DFGWorklist.cpp */,
                                0FDB2CE6174830A2007B3C1B /* DFGWorklist.h */,
                                0F1FB3951E1AF7DF00A9BE50 /* DFGWorklistInlines.h */,
+                               52CD0F672242F71C004A18A5 /* testdfg.cpp */,
                        );
                        name = dfg;
                        sourceTree = "<group>";
                        productReference = 14BD688E215191310050DAFF /* JSCLLIntSettingsExtractor */;
                        productType = "com.apple.product-type.tool";
                };
+               52CD0F592242F569004A18A5 /* testdfg */ = {
+                       isa = PBXNativeTarget;
+                       buildConfigurationList = 52CD0F5F2242F569004A18A5 /* Build configuration list for PBXNativeTarget "testdfg" */;
+                       buildPhases = (
+                               52CD0F5A2242F569004A18A5 /* Sources */,
+                               52CD0F5C2242F569004A18A5 /* Frameworks */,
+                       );
+                       buildRules = (
+                       );
+                       dependencies = (
+                       );
+                       name = testdfg;
+                       productName = testapi;
+                       productReference = 52CD0F642242F569004A18A5 /* testdfg */;
+                       productType = "com.apple.product-type.tool";
+               };
                651122F714046A4C002B101D /* testRegExp */ = {
                        isa = PBXNativeTarget;
                        buildConfigurationList = 6511230014046A4C002B101D /* Build configuration list for PBXNativeTarget "testRegExp" */;
                                FE533CA11F217DB30016A1FE /* testmasm */,
                                79281BBD20B62B3E002E2A60 /* testmem */,
                                5325BDBF21DFF2B100A0DEE1 /* Apply Configuration to XCFileLists */,
+                               52CD0F592242F569004A18A5 /* testdfg */,
                        );
                };
 /* End PBXProject section */
                        );
                        runOnlyForDeploymentPostprocessing = 0;
                };
+               52CD0F5A2242F569004A18A5 /* Sources */ = {
+                       isa = PBXSourcesBuildPhase;
+                       buildActionMask = 2147483647;
+                       files = (
+                               52CD0F682242F71C004A18A5 /* testdfg.cpp in Sources */,
+                       );
+                       runOnlyForDeploymentPostprocessing = 0;
+               };
                651122FA14046A4C002B101D /* Sources */ = {
                        isa = PBXSourcesBuildPhase;
                        buildActionMask = 2147483647;
                        target = 65FB3F6609D11E9100F49DEB /* Derived Sources */;
                        targetProxy = 14D9D9D9218462B5009126C2 /* PBXContainerItemProxy */;
                };
+               52CD0F662242F5A3004A18A5 /* PBXTargetDependency */ = {
+                       isa = PBXTargetDependency;
+                       target = 52CD0F592242F569004A18A5 /* testdfg */;
+                       targetProxy = 52CD0F652242F5A3004A18A5 /* PBXContainerItemProxy */;
+               };
                53B4BD141F68C2AA00D2BEA3 /* PBXTargetDependency */ = {
                        isa = PBXTargetDependency;
                        target = 53B4BD041F68AF8900D2BEA3 /* Generate Unified Sources */;
                        };
                        name = Production;
                };
+               52CD0F602242F569004A18A5 /* Debug */ = {
+                       isa = XCBuildConfiguration;
+                       baseConfigurationReference = BC021BF2136900C300FC5467 /* ToolExecutable.xcconfig */;
+                       buildSettings = {
+                               PRODUCT_NAME = "$(TARGET_NAME)";
+                       };
+                       name = Debug;
+               };
+               52CD0F612242F569004A18A5 /* Release */ = {
+                       isa = XCBuildConfiguration;
+                       baseConfigurationReference = BC021BF2136900C300FC5467 /* ToolExecutable.xcconfig */;
+                       buildSettings = {
+                               PRODUCT_NAME = "$(TARGET_NAME)";
+                       };
+                       name = Release;
+               };
+               52CD0F622242F569004A18A5 /* Profiling */ = {
+                       isa = XCBuildConfiguration;
+                       baseConfigurationReference = BC021BF2136900C300FC5467 /* ToolExecutable.xcconfig */;
+                       buildSettings = {
+                               PRODUCT_NAME = "$(TARGET_NAME)";
+                       };
+                       name = Profiling;
+               };
+               52CD0F632242F569004A18A5 /* Production */ = {
+                       isa = XCBuildConfiguration;
+                       baseConfigurationReference = BC021BF2136900C300FC5467 /* ToolExecutable.xcconfig */;
+                       buildSettings = {
+                               PRODUCT_NAME = "$(TARGET_NAME)";
+                       };
+                       name = Production;
+               };
                5325BDC021DFF2B200A0DEE1 /* Debug */ = {
                        isa = XCBuildConfiguration;
                        baseConfigurationReference = 1C9051430BA9E8A70081E9D0 /* JavaScriptCore.xcconfig */;
                        defaultConfigurationIsVisible = 0;
                        defaultConfigurationName = Production;
                };
+               52CD0F5F2242F569004A18A5 /* Build configuration list for PBXNativeTarget "testdfg" */ = {
+                       isa = XCConfigurationList;
+                       buildConfigurations = (
+                               52CD0F602242F569004A18A5 /* Debug */,
+                               52CD0F612242F569004A18A5 /* Release */,
+                               52CD0F622242F569004A18A5 /* Profiling */,
+                               52CD0F632242F569004A18A5 /* Production */,
+                       );
+                       defaultConfigurationIsVisible = 0;
+                       defaultConfigurationName = Production;
+               };
                5325BDC421DFF2B200A0DEE1 /* Build configuration list for PBXAggregateTarget "Apply Configuration to XCFileLists" */ = {
                        isa = XCConfigurationList;
                        buildConfigurations = (
index ee204e1..bfe38e3 100644 (file)
@@ -58,7 +58,7 @@ const ArrayModes Uint32ArrayMode = 1 << 27;
 const ArrayModes Float32ArrayMode = 1 << 28;
 const ArrayModes Float64ArrayMode = 1 << 29;
 
-extern const ArrayModes typedArrayModes[NumberOfTypedArrayTypesExcludingDataView];
+JS_EXPORT_PRIVATE extern const ArrayModes typedArrayModes[NumberOfTypedArrayTypesExcludingDataView];
 
 constexpr ArrayModes asArrayModesIgnoringTypedArrays(IndexingType indexingMode)
 {
index f2bc0e6..62e407c 100644 (file)
@@ -482,7 +482,7 @@ inline bool speculationChecked(SpeculatedType actual, SpeculatedType desired)
 SpeculatedType speculationFromClassInfo(const ClassInfo*);
 SpeculatedType speculationFromStructure(Structure*);
 SpeculatedType speculationFromCell(JSCell*);
-SpeculatedType speculationFromValue(JSValue);
+JS_EXPORT_PRIVATE SpeculatedType speculationFromValue(JSValue);
 SpeculatedType speculationFromJSType(JSType);
 
 SpeculatedType speculationFromTypedArrayType(TypedArrayType); // only valid for typed views.
index a490253..a012de3 100644 (file)
@@ -188,6 +188,14 @@ struct AbstractValue {
             && m_arrayModes == ALL_ARRAY_MODES
             && !m_value;
     }
+
+    bool isBytecodeTop() const
+    {
+        return (m_type | SpecBytecodeTop) == m_type
+            && m_structure.isTop()
+            && m_arrayModes == ALL_ARRAY_MODES
+            && !m_value;
+    }
     
     bool valueIsTop() const
     {
@@ -372,7 +380,7 @@ struct AbstractValue {
 
     bool validateOSREntryValue(JSValue value, FlushFormat format) const
     {
-        if (isHeapTop())
+        if (isBytecodeTop())
             return true;
         
         if (!!m_value && m_value != value)
@@ -411,7 +419,7 @@ struct AbstractValue {
     void checkConsistency() const { }
     void assertIsRegistered(Graph&) const { }
 #else
-    void checkConsistency() const;
+    JS_EXPORT_PRIVATE void checkConsistency() const;
     void assertIsRegistered(Graph&) const;
 #endif
 
@@ -536,7 +544,7 @@ private:
     void filterArrayModesByType();
 
 #if USE(JSVALUE64) && !defined(NDEBUG)
-    void ensureCanInitializeWithZeros();
+    JS_EXPORT_PRIVATE void ensureCanInitializeWithZeros();
 #endif
     
     bool shouldBeClear() const;
index 23444f4..639043e 100644 (file)
@@ -584,12 +584,12 @@ void JITCompiler::noticeOSREntry(BasicBlock& basicBlock, JITCompiler::Label bloc
     for (size_t argument = 0; argument < basicBlock.variablesAtHead.numberOfArguments(); ++argument) {
         Node* node = basicBlock.variablesAtHead.argument(argument);
         if (!node || !node->shouldGenerate())
-            entry->m_expectedValues.argument(argument).makeHeapTop();
+            entry->m_expectedValues.argument(argument).makeBytecodeTop();
     }
     for (size_t local = 0; local < basicBlock.variablesAtHead.numberOfLocals(); ++local) {
         Node* node = basicBlock.variablesAtHead.local(local);
         if (!node || !node->shouldGenerate())
-            entry->m_expectedValues.local(local).makeHeapTop();
+            entry->m_expectedValues.local(local).makeBytecodeTop();
         else {
             VariableAccessData* variable = node->variableAccessData();
             entry->m_machineStackUsed.set(variable->machineLocal().toLocal());
index e3bfbc4..e885991 100644 (file)
@@ -232,7 +232,7 @@ public:
     // contains(), true for isSubsetOf(), false for isSupersetOf(), and false for overlaps().
 
     bool contains(RegisteredStructure) const;
-    bool contains(Structure* structure) const;
+    JS_EXPORT_PRIVATE bool contains(Structure* structure) const;
     
     bool isSubsetOf(const RegisteredStructureSet& other) const;
     bool isSubsetOf(const StructureAbstractValue& other) const;
diff --git a/Source/JavaScriptCore/dfg/testdfg.cpp b/Source/JavaScriptCore/dfg/testdfg.cpp
new file mode 100644 (file)
index 0000000..b604fd1
--- /dev/null
@@ -0,0 +1,119 @@
+/*
+ * Copyright (C) 2019 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+
+#include "HeapCellInlines.h"
+#include "JSCJSValueInlines.h"
+// The above are needed before DFGAbstractValue.h
+#include "DFGAbstractValue.h"
+#include "InitializeThreading.h"
+#include <wtf/DataLog.h>
+
+// We don't have a NO_RETURN_DUE_TO_EXIT, nor should we. That's ridiculous.
+static bool hiddenTruthBecauseNoReturnIsStupid() { return true; }
+
+static void usage()
+{
+    dataLog("Usage: testdfg [<filter>]\n");
+    if (hiddenTruthBecauseNoReturnIsStupid())
+        exit(1);
+}
+
+#if ENABLE(DFG_JIT)
+
+using namespace JSC;
+using namespace JSC::DFG;
+
+namespace {
+
+// Nothing fancy for now; we just use the existing WTF assertion machinery.
+#define CHECK(x) do {                                                           \
+        if (!!(x))                                                              \
+            break;                                                              \
+        WTFReportAssertionFailure(__FILE__, __LINE__, WTF_PRETTY_FUNCTION, #x); \
+        CRASH();                                                                \
+    } while (false)
+
+
+#define RUN_NOW(test) do {                      \
+        if (!shouldRun(#test))                  \
+            break;                              \
+        dataLog(#test "...\n");          \
+        test;                                   \
+        dataLog(#test ": OK!\n");        \
+    } while (false)
+
+static void testEmptyValueDoesNotValidateWithHeapTop()
+{
+    AbstractValue value;
+
+    value.makeHeapTop();
+    CHECK(!value.validateOSREntryValue(JSValue(), FlushedJSValue));
+
+    value.makeBytecodeTop();
+    CHECK(value.validateOSREntryValue(JSValue(), FlushedJSValue));
+}
+
+void run(const char* filter)
+{
+    auto shouldRun = [&] (const char* testName) -> bool {
+        return !filter || !!strcasestr(testName, filter);
+    };
+
+    RUN_NOW(testEmptyValueDoesNotValidateWithHeapTop());
+}
+
+} // anonymous namespace
+
+#else // ENABLE(DFG_JIT)
+
+static void run(const char*)
+{
+    dataLog("DFG JIT is not enabled.\n");
+}
+
+#endif // ENABLE(DFG_JIT)
+
+int main(int argc, char** argv)
+{
+    const char* filter = nullptr;
+    switch (argc) {
+    case 1:
+        break;
+    case 2:
+        filter = argv[1];
+        break;
+    default:
+        usage();
+        break;
+    }
+
+    JSC::initializeThreading();
+    
+    run(filter);
+
+    return 0;
+}
index 1a4c508..aa7ce64 100644 (file)
@@ -68,6 +68,10 @@ set(TESTAIR_SOURCES
     ../b3/air/testair.cpp
 )
 
+set(TESTDFG_SOURCES
+    ../dfg/testdfg.cpp
+)
+
 if (DEVELOPER_MODE AND NOT WIN32)
     add_executable(testmasm ${TESTMASM_SOURCES})
     target_link_libraries(testmasm ${JSC_LIBRARIES})
@@ -78,6 +82,9 @@ if (DEVELOPER_MODE AND NOT WIN32)
     add_executable(testair ${TESTAIR_SOURCES})
     target_link_libraries(testair ${JSC_LIBRARIES})
 
+    add_executable(testdfg ${TESTDFG_SOURCES})
+    target_link_libraries(testdfg ${JSC_LIBRARIES})
+
     add_executable(testapi ${TESTAPI_SOURCES})
     target_link_libraries(testapi ${JSC_LIBRARIES})
 endif ()
index 6d81362..b584020 100644 (file)
@@ -1,3 +1,12 @@
+2019-03-20  Saam Barati  <sbarati@apple.com>
+
+        DFG::AbstractValue::validateOSREntry is wrong when isHeapTop and the incoming value is Empty
+        https://bugs.webkit.org/show_bug.cgi?id=195721
+
+        Reviewed by Filip Pizlo.
+
+        * Scripts/run-javascriptcore-tests:
+
 2019-03-20  Simon Fraser  <simon.fraser@apple.com>
 
         Rename ENABLE_ACCELERATED_OVERFLOW_SCROLLING macro to ENABLE_OVERFLOW_SCROLLING_TOUCH
index f1a31e4..216bbe1 100755 (executable)
@@ -71,6 +71,7 @@ use constant {
 my $runTestMasm = RUN_IF_NO_TESTS_SPECIFIED;
 my $runTestAir = RUN_IF_NO_TESTS_SPECIFIED;
 my $runTestB3 = RUN_IF_NO_TESTS_SPECIFIED;
+my $runTestDFG = RUN_IF_NO_TESTS_SPECIFIED;
 my $runTestAPI = RUN_IF_NO_TESTS_SPECIFIED;
 my $runJSCStress = RUN_IF_NO_TESTS_SPECIFIED;
 my $runMozillaTests = RUN_IF_NO_TESTS_SPECIFIED;
@@ -128,6 +129,17 @@ if ($ENV{RUN_JAVASCRIPTCORE_TESTS_TESTB3}) {
     }
 }
 
+if ($ENV{RUN_JAVASCRIPTCORE_TESTS_TESTDFG}) {
+    if ($ENV{RUN_JAVASCRIPTCORE_TESTS_TESTDFG} eq "true") {
+        $runTestDFG = ENV_VAR_SAYS_DO_RUN;
+    } elsif ($ENV{RUN_JAVASCRIPTCORE_TESTS_TESTDFG} eq "false") {
+        $runTestDFG = ENV_VAR_SAYS_DONT_RUN;
+    } else {
+        print "Don't recognize value for RUN_JAVASCRIPTCORE_TESTS_TESTDFG environment variable: '"
+            . $ENV{RUN_JAVASCRIPTCORE_TESTS_TESTDFG} . "'. Should be set to 'true' or 'false'.\n";
+    }
+}
+
 if ($ENV{RUN_JAVASCRIPTCORE_TESTS_TESTAPI}) {
     if ($ENV{RUN_JAVASCRIPTCORE_TESTS_TESTAPI} eq "true") {
         $runTestAPI = ENV_VAR_SAYS_DO_RUN;
@@ -181,6 +193,7 @@ my $buildJSCDefault = $buildJSC ? "will check" : "will not check";
 my $testmasmDefault = defaultStringForTestState($runTestMasm);
 my $testairDefault = defaultStringForTestState($runTestAir);
 my $testb3Default = defaultStringForTestState($runTestB3);
+my $testDFGDefault = defaultStringForTestState($runTestDFG);
 my $testapiDefault = defaultStringForTestState($runTestAPI);
 my $jscStressDefault = defaultStringForTestState($runJSCStress);
 my $mozillaTestsDefault = defaultStringForTestState($runMozillaTests);
@@ -198,6 +211,7 @@ Usage: $programName [options] [options to pass to build system]
   --[no-]testmasm               Only run (or don't run) testmasm (default: $testmasmDefault)
   --[no-]testair                Only run (or don't run) testair (default: $testairDefault)
   --[no-]testb3                 Only run (or don't run) testb3 (default: $testb3Default)
+  --[no-]testdfg                Only run (or don't run) testdfg (default: $testDFGDefault)
   --[no-]testapi                Only run (or don't run) testapi (default: $testapiDefault)
   --[no-]jsc-stress             Only run (or don't run) the JSC stress tests (default: $jscStressDefault)
   --[no-]mozilla-tests          Only run (or don't run) the Mozilla tests (default: $mozillaTestsDefault)
@@ -238,6 +252,7 @@ Environment Variables:
   - set RUN_JAVASCRIPTCORE_TESTS_TESTMASM to "true" or "false" (no quotes) to determine if we run testmasm by default.
   - set RUN_JAVASCRIPTCORE_TESTS_TESTAIR to "true" or "false" (no quotes) to determine if we run testair by default.
   - set RUN_JAVASCRIPTCORE_TESTS_TESTB3 to "true" or "false" (no quotes) to determine if we run testb3 by default.
+  - set RUN_JAVASCRIPTCORE_TESTS_TESTDFG to "true" or "false" (no quotes) to determine if we run testdfg by default.
   - set RUN_JAVASCRIPTCORE_TESTS_TESTAPI to "true" or "false" (no quotes) to determine if we run testapi by default.
   - set RUN_JAVASCRIPTCORE_TESTS_BUILD to "true" or "false" (no quotes) to set the should-we-build-before-running-tests setting.
   - set RUN_JAVASCRIPTCORE_TESTS_EXTRA_TESTS to the path of a yaml file or a directory of JS files to be run as part of run-javascriptcore-tests.
@@ -257,6 +272,7 @@ GetOptions(
     'testmasm!' => \$runTestMasm,
     'testair!' => \$runTestAir,
     'testb3!' => \$runTestB3,
+    'testdfg!' => \$runTestDFG,
     'testapi!' => \$runTestAPI,
     'jsc-stress!' => \$runJSCStress,
     'mozilla-tests!' => \$runMozillaTests,
@@ -287,6 +303,7 @@ my $specificTestsSpecified = 0;
 if ($runTestMasm == DO_RUN
    || $runTestAir == DO_RUN
    || $runTestB3 == DO_RUN
+   || $runTestDFG == DO_RUN
    || $runTestAPI == DO_RUN
    || $runJSCStress == DO_RUN
    || $runMozillaTests == DO_RUN) {
@@ -306,6 +323,7 @@ sub enableTestOrNot {
 $runTestMasm = enableTestOrNot($runTestMasm);
 $runTestAir = enableTestOrNot($runTestAir);
 $runTestB3 = enableTestOrNot($runTestB3);
+$runTestDFG = enableTestOrNot($runTestDFG);
 $runTestAPI = enableTestOrNot($runTestAPI);
 $runJSCStress = enableTestOrNot($runJSCStress);
 $runMozillaTests = enableTestOrNot($runMozillaTests);
@@ -394,6 +412,7 @@ sub runTest {
 if ($runTestMasm) { runTest("testmasm", "allMasmTestsPassed") }
 if ($runTestAir) { runTest("testair", "allAirTestsPassed") }
 if ($runTestB3) { runTest("testb3", "allB3TestsPassed") }
+if ($runTestDFG) { runTest("testdfg", "allDFGTestsPassed") }
 if ($runTestAPI) { runTest("testapi", "allApiTestsPassed") }