[webkit-changes] [258603] trunk/Source/JavaScriptCore

[ysuzuki]

Title: [258603] trunk/Source/_javascript_Core

Revision

258603

Author

ysuz...@apple.com

Date

2020-03-17 15:29:03 -0700 (Tue, 17 Mar 2020)

Log Message

[JSC] DeleteIC patchpoint in FTL should require tag and mask registers
https://bugs.webkit.org/show_bug.cgi?id=209197
<rdar://problem/60531308>

Reviewed by Tadeu Zagallo and Saam Barati.

DeleteIC patchpoint is emitting `branchIfNotCell` machine code. This requires a mask register
while we are not reserving them when creating a patchpoint.

In general, our IC code is assuming usual CCallHelpers environment which provides macro-assembler
scratch, tag, and mask registers. We should offer them even if IC is emitted from FTL. In this
patch, we offer tag and mask registers for Delete IC even if this IC is not currently using tag
register.

* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileDelBy):

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (258602 => 258603)

--- trunk/Source/_javascript_Core/ChangeLog	2020-03-17 22:04:48 UTC (rev 258602)
+++ trunk/Source/_javascript_Core/ChangeLog	2020-03-17 22:29:03 UTC (rev 258603)
@@ -1,3 +1,22 @@
+2020-03-17  Yusuke Suzuki  <ysuz...@apple.com>
+
+        [JSC] DeleteIC patchpoint in FTL should require tag and mask registers
+        https://bugs.webkit.org/show_bug.cgi?id=209197
+        <rdar://problem/60531308>
+
+        Reviewed by Tadeu Zagallo and Saam Barati.
+
+        DeleteIC patchpoint is emitting `branchIfNotCell` machine code. This requires a mask register
+        while we are not reserving them when creating a patchpoint.
+
+        In general, our IC code is assuming usual CCallHelpers environment which provides macro-assembler
+        scratch, tag, and mask registers. We should offer them even if IC is emitted from FTL. In this
+        patch, we offer tag and mask registers for Delete IC even if this IC is not currently using tag
+        register.
+
+        * ftl/FTLLowerDFGToB3.cpp:
+        (JSC::FTL::DFG::LowerDFGToB3::compileDelBy):
+
 2020-03-17  Tadeu Zagallo  <tzaga...@apple.com>
 
         AccessCase::canReplace should allow a Getter to replace an IntrinsicGetter

Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (258602 => 258603)

--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp	2020-03-17 22:04:48 UTC (rev 258602)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp	2020-03-17 22:29:03 UTC (rev 258603)
@@ -5163,6 +5163,8 @@
             patchpoint->append(ConstrainedValue(base, ValueRep::SomeLateRegister));
             patchpoint->append(ConstrainedValue(subscriptValue, ValueRep::SomeLateRegister));
         }
+        patchpoint->append(m_notCellMask, ValueRep::lateReg(GPRInfo::notCellMaskRegister));
+        patchpoint->append(m_numberTag, ValueRep::lateReg(GPRInfo::numberTagRegister));
         patchpoint->clobber(RegisterSet::macroScratchRegisters());
         patchpoint->numGPScratchRegisters = 1;
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes