Modified: branches/safari-606-branch/Source/_javascript_Core/ChangeLog (236585 => 236586)
--- branches/safari-606-branch/Source/_javascript_Core/ChangeLog 2018-09-28 04:46:50 UTC (rev 236585)
+++ branches/safari-606-branch/Source/_javascript_Core/ChangeLog 2018-09-28 04:58:56 UTC (rev 236586)
@@ -1,3 +1,24 @@
+2018-09-27 Saam barati <[email protected]>
+
+ Cherry-pick r236584. rdar://problem/44848936
+
+ Don't use int offsets in StructureStubInfo
+ https://bugs.webkit.org/show_bug.cgi?id=190064
+ <rdar://problem/44784719>
+
+ Reviewed by Mark Lam.
+
+ bytecode/InlineAccess.cpp:
+ (JSC::linkCodeInline):
+
+ bytecode/StructureStubInfo.h:
+ (JSC::StructureStubInfo::slowPathCallLocation):
+ (JSC::StructureStubInfo::doneLocation):
+ (JSC::StructureStubInfo::slowPathStartLocation):
+
+ jit/JITInlineCacheGenerator.cpp:
+ (JSC::JITInlineCacheGenerator::finalize):
+
2018-09-21 Kocsen Chung <[email protected]>
Cherry-pick r236223. rdar://problem/44682814
Modified: branches/safari-606-branch/Source/_javascript_Core/bytecode/InlineAccess.cpp (236585 => 236586)
--- branches/safari-606-branch/Source/_javascript_Core/bytecode/InlineAccess.cpp 2018-09-28 04:46:50 UTC (rev 236585)
+++ branches/safari-606-branch/Source/_javascript_Core/bytecode/InlineAccess.cpp 2018-09-28 04:58:56 UTC (rev 236586)
@@ -130,9 +130,9 @@
template <typename Function>
ALWAYS_INLINE static bool linkCodeInline(const char* name, CCallHelpers& jit, StructureStubInfo& stubInfo, const Function& function)
{
- if (jit.m_assembler.buffer().codeSize() <= stubInfo.patch.inlineSize) {
+ if (jit.m_assembler.buffer().codeSize() <= stubInfo.patch.inlineSize()) {
bool needsBranchCompaction = false;
- LinkBuffer linkBuffer(jit, stubInfo.patch.start, stubInfo.patch.inlineSize, JITCompilationMustSucceed, needsBranchCompaction);
+ LinkBuffer linkBuffer(jit, stubInfo.patch.start, stubInfo.patch.inlineSize(), JITCompilationMustSucceed, needsBranchCompaction);
ASSERT(linkBuffer.isValid());
function(linkBuffer);
FINALIZE_CODE(linkBuffer, NoPtrTag, "InlineAccessType: '%s'", name);
@@ -147,7 +147,7 @@
const bool failIfCantInline = false;
if (failIfCantInline) {
dataLog("Failure for: ", name, "\n");
- dataLog("real size: ", jit.m_assembler.buffer().codeSize(), " inline size:", stubInfo.patch.inlineSize, "\n");
+ dataLog("real size: ", jit.m_assembler.buffer().codeSize(), " inline size:", stubInfo.patch.inlineSize(), "\n");
CRASH();
}
Modified: branches/safari-606-branch/Source/_javascript_Core/bytecode/StructureStubInfo.h (236585 => 236586)
--- branches/safari-606-branch/Source/_javascript_Core/bytecode/StructureStubInfo.h 2018-09-28 04:46:50 UTC (rev 236585)
+++ branches/safari-606-branch/Source/_javascript_Core/bytecode/StructureStubInfo.h 2018-09-28 04:58:56 UTC (rev 236586)
@@ -179,11 +179,19 @@
struct {
CodeLocationLabel<JITStubRoutinePtrTag> start; // This is either the start of the inline IC for *byId caches. or the location of patchable jump for 'instanceof' caches.
+ CodeLocationLabel<JSInternalPtrTag> doneLocation;
+ CodeLocationCall<JSInternalPtrTag> slowPathCallLocation;
+ CodeLocationLabel<JITStubRoutinePtrTag> slowPathStartLocation;
+
RegisterSet usedRegisters;
- uint32_t inlineSize;
- int32_t deltaFromStartToSlowPathCallLocation;
- int32_t deltaFromStartToSlowPathStart;
+ uint32_t inlineSize() const
+ {
+ int32_t inlineSize = MacroAssembler::differenceBetweenCodePtr(start, doneLocation);
+ ASSERT(inlineSize >= 0);
+ return inlineSize;
+ }
+
int8_t baseGPR;
int8_t valueGPR;
int8_t thisGPR;
@@ -194,9 +202,10 @@
#endif
} patch;
- CodeLocationCall<JSInternalPtrTag> slowPathCallLocation() { return patch.start.callAtOffset<JSInternalPtrTag>(patch.deltaFromStartToSlowPathCallLocation); }
- CodeLocationLabel<JSInternalPtrTag> doneLocation() { return patch.start.labelAtOffset<JSInternalPtrTag>(patch.inlineSize); }
- CodeLocationLabel<JITStubRoutinePtrTag> slowPathStartLocation() { return patch.start.labelAtOffset(patch.deltaFromStartToSlowPathStart); }
+ CodeLocationCall<JSInternalPtrTag> slowPathCallLocation() { return patch.slowPathCallLocation; }
+ CodeLocationLabel<JSInternalPtrTag> doneLocation() { return patch.doneLocation; }
+ CodeLocationLabel<JITStubRoutinePtrTag> slowPathStartLocation() { return patch.slowPathStartLocation; }
+
CodeLocationJump<JSInternalPtrTag> patchableJump()
{
ASSERT(accessType == AccessType::InstanceOf);
Modified: branches/safari-606-branch/Source/_javascript_Core/jit/JITInlineCacheGenerator.cpp (236585 => 236586)
--- branches/safari-606-branch/Source/_javascript_Core/jit/JITInlineCacheGenerator.cpp 2018-09-28 04:46:50 UTC (rev 236585)
+++ branches/safari-606-branch/Source/_javascript_Core/jit/JITInlineCacheGenerator.cpp 2018-09-28 04:58:56 UTC (rev 236586)
@@ -59,14 +59,10 @@
{
m_stubInfo->patch.start = start;
- int32_t inlineSize = MacroAssembler::differenceBetweenCodePtr(
- start, fastPath.locationOf<NoPtrTag>(m_done));
- m_stubInfo->patch.inlineSize = inlineSize;
+ m_stubInfo->patch.doneLocation = fastPath.locationOf<JSInternalPtrTag>(m_done);
- m_stubInfo->patch.deltaFromStartToSlowPathCallLocation = MacroAssembler::differenceBetweenCodePtr(
- start, slowPath.locationOf<NoPtrTag>(m_slowPathCall));
- m_stubInfo->patch.deltaFromStartToSlowPathStart = MacroAssembler::differenceBetweenCodePtr(
- start, slowPath.locationOf<NoPtrTag>(m_slowPathBegin));
+ m_stubInfo->patch.slowPathCallLocation = slowPath.locationOf<JSInternalPtrTag>(m_slowPathCall);
+ m_stubInfo->patch.slowPathStartLocation = slowPath.locationOf<JITStubRoutinePtrTag>(m_slowPathBegin);
}
JITByIdGenerator::JITByIdGenerator(
