[webkit-changes] [188883] branches/jsc-tailcall/Source/JavaScriptCore

Mon, 24 Aug 2015 14:42:07 -0700

Title: [188883] branches/jsc-tailcall/Source/_javascript_Core
Revision
188883
Author
basile_clem...@apple.com
Date
2015-08-24 14:41:37 -0700 (Mon, 24 Aug 2015)

Log Message

jsc-tailcall: We can't assert that registers are flushed when making a tail call
https://bugs.webkit.org/show_bug.cgi?id=148396

Reviewed by Michael Saboff.

We should be able to assert that registers are flushed when making a
tail call, since no additional code should ever be executed after the
tail call. However, because we can have Phantom() nodes keeping values
alive across a tail call, this assertion can (and does) fail in some
cases - even though those nodes are dead nodes that will not actually
generate any code. So we can't have the assertion.

* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):

Modified Paths

Diff

Modified: branches/jsc-tailcall/Source/_javascript_Core/ChangeLog (188882 => 188883)


--- branches/jsc-tailcall/Source/_javascript_Core/ChangeLog	2015-08-24 21:39:54 UTC (rev 188882)
+++ branches/jsc-tailcall/Source/_javascript_Core/ChangeLog	2015-08-24 21:41:37 UTC (rev 188883)
@@ -1,5 +1,24 @@
 2015-08-24  Basile Clement  <basile_clem...@apple.com>
 
+        jsc-tailcall: We can't assert that registers are flushed when making a tail call
+        https://bugs.webkit.org/show_bug.cgi?id=148396
+
+        Reviewed by Michael Saboff.
+
+        We should be able to assert that registers are flushed when making a
+        tail call, since no additional code should ever be executed after the
+        tail call. However, because we can have Phantom() nodes keeping values
+        alive across a tail call, this assertion can (and does) fail in some
+        cases - even though those nodes are dead nodes that will not actually
+        generate any code. So we can't have the assertion.
+
+        * dfg/DFGSpeculativeJIT32_64.cpp:
+        (JSC::DFG::SpeculativeJIT::emitCall):
+        * dfg/DFGSpeculativeJIT64.cpp:
+        (JSC::DFG::SpeculativeJIT::emitCall):
+
+2015-08-24  Basile Clement  <basile_clem...@apple.com>
+
         jsc-tailcall: TailCallForwardVarargs must be considered as a terminal node
         https://bugs.webkit.org/show_bug.cgi?id=148395

Modified: branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (188882 => 188883)


--- branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp	2015-08-24 21:39:54 UTC (rev 188882)
+++ branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp	2015-08-24 21:41:37 UTC (rev 188883)
@@ -819,9 +819,7 @@
     // their target stack position instead of building then memmoving
     // the callee frame.
     // https://bugs.webkit.org/show_bug.cgi?id=147508
-    if (isTail)
-        ASSERT(isFlushed());
-    else
+    if (!isTail)
         flushRegisters();
 
     GPRFlushedCallResult resultPayload(this);

Modified: branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (188882 => 188883)


--- branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp	2015-08-24 21:39:54 UTC (rev 188882)
+++ branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp	2015-08-24 21:41:37 UTC (rev 188883)
@@ -796,9 +796,7 @@
     // their target stack position instead of building then memmoving
     // the callee frame.
     // https://bugs.webkit.org/show_bug.cgi?id=147508
-    if (isTail)
-        ASSERT(isFlushed());
-    else
+    if (!isTail)
         flushRegisters();
 
     GPRFlushedCallResult result(this);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to