[webkit-changes] [158400] trunk/Source/JavaScriptCore

Thu, 31 Oct 2013 15:28:14 -0700

Title: [158400] trunk/Source/_javascript_Core
Revision
158400
Author
[email protected]
Date
2013-10-31 15:29:39 -0700 (Thu, 31 Oct 2013)

Log Message

FTL::Location::restoreInto() doesn't handle stack-related registers correctly if you're using it after pushing a new stack frame
https://bugs.webkit.org/show_bug.cgi?id=123591

Reviewed by Mark Hahnenberg.
        
This gets us to pass more tests with ftlUsesStackmaps.

* ftl/FTLLocation.cpp:
(JSC::FTL::Location::restoreInto):
* ftl/FTLLocation.h:
* ftl/FTLThunks.cpp:
(JSC::FTL::osrExitGenerationWithStackMapThunkGenerator):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (158399 => 158400)


--- trunk/Source/_javascript_Core/ChangeLog	2013-10-31 22:21:55 UTC (rev 158399)
+++ trunk/Source/_javascript_Core/ChangeLog	2013-10-31 22:29:39 UTC (rev 158400)
@@ -1,3 +1,18 @@
+2013-10-31  Filip Pizlo  <[email protected]>
+
+        FTL::Location::restoreInto() doesn't handle stack-related registers correctly if you're using it after pushing a new stack frame
+        https://bugs.webkit.org/show_bug.cgi?id=123591
+
+        Reviewed by Mark Hahnenberg.
+        
+        This gets us to pass more tests with ftlUsesStackmaps.
+
+        * ftl/FTLLocation.cpp:
+        (JSC::FTL::Location::restoreInto):
+        * ftl/FTLLocation.h:
+        * ftl/FTLThunks.cpp:
+        (JSC::FTL::osrExitGenerationWithStackMapThunkGenerator):
+
 2013-10-31  Alexey Proskuryakov  <[email protected]>
 
         Enable WebCrypto on Mac

Modified: trunk/Source/_javascript_Core/ftl/FTLLocation.cpp (158399 => 158400)


--- trunk/Source/_javascript_Core/ftl/FTLLocation.cpp	2013-10-31 22:21:55 UTC (rev 158399)
+++ trunk/Source/_javascript_Core/ftl/FTLLocation.cpp	2013-10-31 22:29:39 UTC (rev 158400)
@@ -126,12 +126,27 @@
     return static_cast<FPRReg>(dwarfRegNum() - 17);
 }
 
-void Location::restoreInto(MacroAssembler& jit, char* savedRegisters, GPRReg result) const
+void Location::restoreInto(MacroAssembler& jit, char* savedRegisters, GPRReg result, unsigned numFramesToPop) const
 {
+    if (involvesGPR() && MacroAssembler::isStackRelated(gpr())) {
+        // Make the result GPR contain the appropriate stack register.
+        if (numFramesToPop) {
+            jit.move(MacroAssembler::framePointerRegister, result);
+            
+            for (unsigned i = numFramesToPop - 1; i--;)
+                jit.loadPtr(result, result);
+            
+            if (gpr() == MacroAssembler::framePointerRegister)
+                jit.loadPtr(result, result);
+            else
+                jit.addPtr(MacroAssembler::TrustedImmPtr(sizeof(void*) * 2), result);
+        } else
+            jit.move(gpr(), result);
+    }
+    
     if (isGPR()) {
         if (MacroAssembler::isStackRelated(gpr())) {
-            // These don't get saved.
-            jit.move(gpr(), result);
+            // Already restored into result.
         } else
             jit.load64(savedRegisters + offsetOfGPR(gpr()), result);
         
@@ -154,8 +169,8 @@
         
     case Indirect:
         if (MacroAssembler::isStackRelated(gpr())) {
-            // These don't get saved.
-            jit.load64(MacroAssembler::Address(gpr(), offset()), result);
+            // The stack register is already recovered into result.
+            jit.load64(MacroAssembler::Address(result, offset()), result);
             return;
         }

Modified: trunk/Source/_javascript_Core/ftl/FTLLocation.h (158399 => 158400)


--- trunk/Source/_javascript_Core/ftl/FTLLocation.h	2013-10-31 22:21:55 UTC (rev 158399)
+++ trunk/Source/_javascript_Core/ftl/FTLLocation.h	2013-10-31 22:29:39 UTC (rev 158400)
@@ -166,10 +166,10 @@
     // to FTLSaveRestore convention, this loads the value into the given register.
     // The code that this generates isn't exactly super fast. This assumes that FP
     // and SP contain the same values that they would have contained in the original
-    // frame. If we did push things onto the stack then probably we'll have to change
-    // the signature of this method to take a stack offset for stack-relative
-    // indirects.
-    void restoreInto(MacroAssembler&, char* savedRegisters, GPRReg result) const;
+    // frame, or that you've done one or more canonically formed calls (i.e. can
+    // restore the FP by following the call frame linked list numFramesToPop times,
+    // and SP can be recovered by popping FP numFramesToPop-1 times and adding 16).
+    void restoreInto(MacroAssembler&, char* savedRegisters, GPRReg result, unsigned numFramesToPop = 0) const;
     
 private:
     Kind m_kind;

Modified: trunk/Source/_javascript_Core/ftl/FTLThunks.cpp (158399 => 158400)


--- trunk/Source/_javascript_Core/ftl/FTLThunks.cpp	2013-10-31 22:21:55 UTC (rev 158399)
+++ trunk/Source/_javascript_Core/ftl/FTLThunks.cpp	2013-10-31 22:29:39 UTC (rev 158400)
@@ -113,7 +113,7 @@
     jit.move(MacroAssembler::TrustedImmPtr(scratchBuffer->activeLengthPtr()), GPRInfo::nonArgGPR1);
     jit.storePtr(MacroAssembler::TrustedImmPtr(requiredScratchMemorySizeInBytes()), GPRInfo::nonArgGPR1);
 
-    location.restoreInto(jit, buffer, GPRInfo::argumentGPR0);
+    location.restoreInto(jit, buffer, GPRInfo::argumentGPR0, 1);
     jit.peek(GPRInfo::argumentGPR1, 3);
     MacroAssembler::Call functionCall = jit.call();
     

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to