Title: [187868] branches/jsc-tailcall/Source/_javascript_Core
- Revision
- 187868
- Author
- basile_clem...@apple.com
- Date
- 2015-08-04 11:30:20 -0700 (Tue, 04 Aug 2015)
Log Message
jsc-tailcall: We should abortWithReason() if we ever return from a tail call
https://bugs.webkit.org/show_bug.cgi?id=147634
Reviewed by Michael Saboff.
Previously, we were using a breakpoint in that case, but it really
should be an abortWithReason(). Note that this is mostly useful for the
slow path, since the fast path is always a jump - if we ever have a
slow path that does not perform the tail call, we have no idea in what
state the stack will be when we return here, and it would be dangerous
to continue executing (especially since the next instruction is
guaranteed to be a return).
* assembler/AbortReason.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* jit/JITCall.cpp:
(JSC::JIT::compileOpCallSlowCase):
* jit/JITCall32_64.cpp:
(JSC::JIT::compileOpCallSlowCase):
Modified Paths
Diff
Modified: branches/jsc-tailcall/Source/_javascript_Core/ChangeLog (187867 => 187868)
--- branches/jsc-tailcall/Source/_javascript_Core/ChangeLog 2015-08-04 18:03:30 UTC (rev 187867)
+++ branches/jsc-tailcall/Source/_javascript_Core/ChangeLog 2015-08-04 18:30:20 UTC (rev 187868)
@@ -1,3 +1,28 @@
+2015-08-04 Basile Clement <basile_clem...@apple.com>
+
+ jsc-tailcall: We should abortWithReason() if we ever return from a tail call
+ https://bugs.webkit.org/show_bug.cgi?id=147634
+
+ Reviewed by Michael Saboff.
+
+ Previously, we were using a breakpoint in that case, but it really
+ should be an abortWithReason(). Note that this is mostly useful for the
+ slow path, since the fast path is always a jump - if we ever have a
+ slow path that does not perform the tail call, we have no idea in what
+ state the stack will be when we return here, and it would be dangerous
+ to continue executing (especially since the next instruction is
+ guaranteed to be a return).
+
+ * assembler/AbortReason.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCallSlowCase):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCallSlowCase):
+
2015-07-31 Basile Clement <basile_clem...@apple.com>
jsc-tailcall: Implement the tail call opcodes in the DFG
Modified: branches/jsc-tailcall/Source/_javascript_Core/assembler/AbortReason.h (187867 => 187868)
--- branches/jsc-tailcall/Source/_javascript_Core/assembler/AbortReason.h 2015-08-04 18:03:30 UTC (rev 187867)
+++ branches/jsc-tailcall/Source/_javascript_Core/assembler/AbortReason.h 2015-08-04 18:30:20 UTC (rev 187868)
@@ -58,6 +58,7 @@
DFGUnreachableBasicBlock = 220,
DFGUnreasonableOSREntryJumpDestination = 230,
DFGVarargsThrowingPathDidNotThrow = 235,
+ JITDidReturnFromTailCall = 237,
JITDivOperandsAreNotNumbers = 240,
JITGetByValResultIsNotEmpty = 250,
JITNotSupported = 260,
Modified: branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (187867 => 187868)
--- branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2015-08-04 18:03:30 UTC (rev 187867)
+++ branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2015-08-04 18:30:20 UTC (rev 187868)
@@ -878,7 +878,7 @@
done.link(&m_jit);
if (isTail)
- m_jit.breakpoint();
+ m_jit.abortWithReason(JITDidReturnFromTailCall);
else {
m_jit.setupResults(resultPayloadGPR, resultTagGPR);
Modified: branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (187867 => 187868)
--- branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2015-08-04 18:03:30 UTC (rev 187867)
+++ branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2015-08-04 18:30:20 UTC (rev 187868)
@@ -839,7 +839,7 @@
done.link(&m_jit);
if (isTail)
- m_jit.breakpoint();
+ m_jit.abortWithReason(JITDidReturnFromTailCall);
else {
m_jit.move(GPRInfo::returnValueGPR, resultGPR);
Modified: branches/jsc-tailcall/Source/_javascript_Core/jit/JITCall.cpp (187867 => 187868)
--- branches/jsc-tailcall/Source/_javascript_Core/jit/JITCall.cpp 2015-08-04 18:03:30 UTC (rev 187867)
+++ branches/jsc-tailcall/Source/_javascript_Core/jit/JITCall.cpp 2015-08-04 18:30:20 UTC (rev 187868)
@@ -197,8 +197,6 @@
if (opcodeID == op_tail_call || opcodeID == op_tail_call_varargs) {
prepareForTailCallSlow();
m_callCompilationInfo[callLinkInfoIndex].hotPathOther = emitNakedTailCall();
- // We must never come back here
- breakpoint();
return;
}
@@ -226,8 +224,7 @@
m_callCompilationInfo[callLinkInfoIndex].callReturnLocation = emitNakedCall(m_vm->getCTIStub(linkCallThunkGenerator).code());
if (opcodeID == op_tail_call || opcodeID == op_tail_call_varargs) {
- // We must never come back here
- breakpoint();
+ abortWithReason(JITDidReturnFromTailCall);
return;
}
Modified: branches/jsc-tailcall/Source/_javascript_Core/jit/JITCall32_64.cpp (187867 => 187868)
--- branches/jsc-tailcall/Source/_javascript_Core/jit/JITCall32_64.cpp 2015-08-04 18:03:30 UTC (rev 187867)
+++ branches/jsc-tailcall/Source/_javascript_Core/jit/JITCall32_64.cpp 2015-08-04 18:30:20 UTC (rev 187868)
@@ -282,8 +282,6 @@
if (opcodeID == op_tail_call || opcodeID == op_tail_call_varargs) {
prepareForTailCallSlow();
m_callCompilationInfo[callLinkInfoIndex].hotPathOther = emitNakedTailCall();
- // We must never come back here
- breakpoint();
return;
}
@@ -311,8 +309,7 @@
m_callCompilationInfo[callLinkInfoIndex].callReturnLocation = emitNakedCall(m_vm->getCTIStub(linkCallThunkGenerator).code());
if (opcodeID == op_tail_call || opcodeID == op_tail_call_varargs) {
- // We must never come back here
- breakpoint();
+ abortWithReason(JITDidReturnFromTailCall);
return;
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
