Don't dump OSRAvailabilityData in Graph::dump because a stale Availability may point...
authorsbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 14 Sep 2018 23:47:55 +0000 (23:47 +0000)
committersbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 14 Sep 2018 23:47:55 +0000 (23:47 +0000)
https://bugs.webkit.org/show_bug.cgi?id=189628
<rdar://problem/39481690>

Reviewed by Mark Lam.

JSTests:

* stress/verbose-failure-dont-graph-dump-availability-already-freed.js: Added.
(foo):

Source/JavaScriptCore:

An Availability may point to a Node. And that Node may be removed from
the graph, e.g, it's freed and its memory is no longer owned by Graph.
This patch makes it so we no longer dump this metadata by default. If
this metadata is interesting to you, you'll need to go in and change
Graph::dump to dump the needed metadata.

* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@236022 268f45cc-cd09-0410-ab3c-d52691b4dbfc

JSTests/ChangeLog
JSTests/stress/verbose-failure-dont-graph-dump-availability-already-freed.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGGraph.cpp

index 8f96e50..66fb980 100644 (file)
@@ -1,3 +1,14 @@
+2018-09-14  Saam barati  <sbarati@apple.com>
+
+        Don't dump OSRAvailabilityData in Graph::dump because a stale Availability may point to a Node that is already freed
+        https://bugs.webkit.org/show_bug.cgi?id=189628
+        <rdar://problem/39481690>
+
+        Reviewed by Mark Lam.
+
+        * stress/verbose-failure-dont-graph-dump-availability-already-freed.js: Added.
+        (foo):
+
 2018-09-11  Mark Lam  <mark.lam@apple.com>
 
         Test for array initialization in arrayProtoFuncSplice.
diff --git a/JSTests/stress/verbose-failure-dont-graph-dump-availability-already-freed.js b/JSTests/stress/verbose-failure-dont-graph-dump-availability-already-freed.js
new file mode 100644 (file)
index 0000000..0738fcf
--- /dev/null
@@ -0,0 +1,9 @@
+//@ runDefault("--verboseValidationFailure=true")
+
+function foo() {
+    arguments.length;
+}
+let a = 0;
+for (var i = 0; i < 1000000; i++) {
+    a += foo();
+}
index aece429..66cb764 100644 (file)
@@ -1,3 +1,20 @@
+2018-09-14  Saam barati  <sbarati@apple.com>
+
+        Don't dump OSRAvailabilityData in Graph::dump because a stale Availability may point to a Node that is already freed
+        https://bugs.webkit.org/show_bug.cgi?id=189628
+        <rdar://problem/39481690>
+
+        Reviewed by Mark Lam.
+
+        An Availability may point to a Node. And that Node may be removed from
+        the graph, e.g, it's freed and its memory is no longer owned by Graph.
+        This patch makes it so we no longer dump this metadata by default. If
+        this metadata is interesting to you, you'll need to go in and change
+        Graph::dump to dump the needed metadata.
+
+        * dfg/DFGGraph.cpp:
+        (JSC::DFG::Graph::dump):
+
 2018-09-14  Mark Lam  <mark.lam@apple.com>
 
         Refactor some ForInContext code for better encapsulation.
index d4483c6..146d727 100644 (file)
@@ -60,6 +60,8 @@
 
 namespace JSC { namespace DFG {
 
+static constexpr bool dumpOSRAvailabilityData = false;
+
 // Creates an array of stringized names.
 static const char* dfgOpNames[] = {
 #define STRINGIZE_DFG_OP_ENUM(opcode, flags) #opcode ,
@@ -569,7 +571,8 @@ void Graph::dump(PrintStream& out, DumpContext* context)
             
         case SSA: {
             RELEASE_ASSERT(block->ssa);
-            out.print("  Availability: ", block->ssa->availabilityAtHead, "\n");
+            if (dumpOSRAvailabilityData)
+                out.print("  Availability: ", block->ssa->availabilityAtHead, "\n");
             out.print("  Live: ", nodeListDump(block->ssa->liveAtHead), "\n");
             out.print("  Values: ", nodeValuePairListDump(block->ssa->valuesAtHead, context), "\n");
             break;
@@ -597,7 +600,8 @@ void Graph::dump(PrintStream& out, DumpContext* context)
             
         case SSA: {
             RELEASE_ASSERT(block->ssa);
-            out.print("  Availability: ", block->ssa->availabilityAtTail, "\n");
+            if (dumpOSRAvailabilityData)
+                out.print("  Availability: ", block->ssa->availabilityAtTail, "\n");
             out.print("  Live: ", nodeListDump(block->ssa->liveAtTail), "\n");
             out.print("  Values: ", nodeValuePairListDump(block->ssa->valuesAtTail, context), "\n");
             break;