[webkit-changes] [160714] branches/jsCStack/Source/JavaScriptCore

[msaboff]

Title: [160714] branches/jsCStack/Source/_javascript_Core

Revision

160714

Author

msab...@apple.com

Date

2013-12-17 10:25:27 -0800 (Tue, 17 Dec 2013)

Log Message

CStack Branch: Fix callee frame access in virtualForThunkGenerator when we don't emit prologue code
https://bugs.webkit.org/show_bug.cgi?id=125828

Not yet reviewed.

Added helpers to access the callee frame using the stack pointer taking into account that
the caller frame hasn't been pushed onto the stack.

* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::emitPutToCallFrameHeaderBeforePrologue):
(JSC::AssemblyHelpers::emitPutPayloadToCallFrameHeaderBeforePrologue):
(JSC::AssemblyHelpers::emitPutTagToCallFrameHeaderBeforePrologue):
* jit/ThunkGenerators.cpp:
(JSC::virtualForThunkGenerator):

Modified Paths

• branches/jsCStack/Source/_javascript_Core/ChangeLog
• branches/jsCStack/Source/_javascript_Core/jit/AssemblyHelpers.h
• branches/jsCStack/Source/_javascript_Core/jit/ThunkGenerators.cpp

Diff

Modified: branches/jsCStack/Source/_javascript_Core/ChangeLog (160713 => 160714)

--- branches/jsCStack/Source/_javascript_Core/ChangeLog	2013-12-17 18:14:06 UTC (rev 160713)
+++ branches/jsCStack/Source/_javascript_Core/ChangeLog	2013-12-17 18:25:27 UTC (rev 160714)
@@ -1,5 +1,22 @@
 2013-12-16  Michael Saboff  <msab...@apple.com>
 
+        CStack Branch: Fix callee frame access in virtualForThunkGenerator when we don't emit prologue code
+        https://bugs.webkit.org/show_bug.cgi?id=125828
+
+        Not yet reviewed.
+
+        Added helpers to access the callee frame using the stack pointer taking into account that
+        the caller frame hasn't been pushed onto the stack.
+
+        * jit/AssemblyHelpers.h:
+        (JSC::AssemblyHelpers::emitPutToCallFrameHeaderBeforePrologue):
+        (JSC::AssemblyHelpers::emitPutPayloadToCallFrameHeaderBeforePrologue):
+        (JSC::AssemblyHelpers::emitPutTagToCallFrameHeaderBeforePrologue):
+        * jit/ThunkGenerators.cpp:
+        (JSC::virtualForThunkGenerator):
+
+2013-12-16  Michael Saboff  <msab...@apple.com>
+
         CStack Branch: Need an implementation of sanitizeStack for C stack
         https://bugs.webkit.org/show_bug.cgi?id=125719
 

Modified: branches/jsCStack/Source/_javascript_Core/jit/AssemblyHelpers.h (160713 => 160714)

--- branches/jsCStack/Source/_javascript_Core/jit/AssemblyHelpers.h	2013-12-17 18:14:06 UTC (rev 160713)
+++ branches/jsCStack/Source/_javascript_Core/jit/AssemblyHelpers.h	2013-12-17 18:25:27 UTC (rev 160714)
@@ -96,6 +96,29 @@
     {
         push(address);
     }
+
+    // emitPutToCallFrameHeaderBeforePrologue() and related are used to access callee frame header
+    // fields before the code from emitFunctionPrologue() has executed.
+    // First, the access is via the stack pointer. Second, the address calculation must also take
+    // into account that the stack pointer may not have been adjusted down for the return PC and/or
+    // caller's frame pointer. On some platforms, the callee is responsible for pushing the
+    // "link register" containing the return address in the function prologue.
+#if USE(JSVALUE64)
+    void emitPutToCallFrameHeaderBeforePrologue(GPRReg from, JSStack::CallFrameHeaderEntry entry)
+    {
+        storePtr(from, Address(stackPointerRegister, entry * static_cast<ptrdiff_t>(sizeof(Register)) - sizeof(void*)));
+    }
+#else
+    void emitPutPayloadToCallFrameHeaderBeforePrologue(GPRReg from, JSStack::CallFrameHeaderEntry entry)
+    {
+        storePtr(from, Address(stackPointerRegister, entry * static_cast<ptrdiff_t>(sizeof(Register)) - sizeof(void*) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)));
+    }
+
+    void emitPutTagToCallFrameHeaderBeforePrologue(TrustedImm32 tag, JSStack::CallFrameHeaderEntry entry)
+    {
+        storePtr(tag, Address(stackPointerRegister, entry * static_cast<ptrdiff_t>(sizeof(Register)) - sizeof(void*) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)));
+    }
+#endif
 #endif // CPU(X86_64) || CPU(X86)
 
 #if CPU(ARM) || CPU(ARM64)

Modified: branches/jsCStack/Source/_javascript_Core/jit/ThunkGenerators.cpp (160713 => 160714)

--- branches/jsCStack/Source/_javascript_Core/jit/ThunkGenerators.cpp	2013-12-17 18:14:06 UTC (rev 160713)
+++ branches/jsCStack/Source/_javascript_Core/jit/ThunkGenerators.cpp	2013-12-17 18:25:27 UTC (rev 160714)
@@ -190,24 +190,11 @@
         CCallHelpers::Address(GPRInfo::regT0, JSFunction::offsetOfScopeChain()),
         GPRInfo::regT1);
 #if USE(JSVALUE64)
-    jit.store64(
-        GPRInfo::regT1,
-        CCallHelpers::Address(
-            GPRInfo::callFrameRegister,
-            static_cast<ptrdiff_t>(sizeof(Register)) * JSStack::ScopeChain));
+    jit.emitPutToCallFrameHeaderBeforePrologue(GPRInfo::regT1, JSStack::ScopeChain);
 #else
-    jit.storePtr(
-        GPRInfo::regT1,
-        CCallHelpers::Address(
-            GPRInfo::callFrameRegister,
-            static_cast<ptrdiff_t>(sizeof(Register)) * JSStack::ScopeChain +
-            OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)));
-    jit.store32(
-        CCallHelpers::TrustedImm32(JSValue::CellTag),
-        CCallHelpers::Address(
-            GPRInfo::callFrameRegister,
-            static_cast<ptrdiff_t>(sizeof(Register)) * JSStack::ScopeChain +
-            OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)));
+    jit.emitPutPayloadToCallFrameHeaderBeforePrologue(GPRInfo::regT1, JSStack::ScopeChain);
+    jit.emitPutTagToCallFrameHeaderBeforePrologue(CCallHelpers::TrustedImm32(JSValue::CellTag),
+        JSStack::ScopeChain);
 #endif
     
     jit.loadPtr(

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes