Title: [161012] branches/jsCStack/Source/_javascript_Core
- Revision
- 161012
- Author
- [email protected]
- Date
- 2013-12-23 12:44:28 -0800 (Mon, 23 Dec 2013)
Log Message
CStack Branch: Several dfg-arguments-osr-exit tests fail
https://bugs.webkit.org/show_bug.cgi?id=126170
Reviewed by Michael Saboff.
OSR exit makes calls. It makes those calls after putting things into the stack at offsets
that make sense in the baseline JIT. That means that if those calls spill things to the
stack, they'll overwrite what the OSR exit had recovered for the baseline JIT.
Need to adjust SP to a conservative value for the baseline JIT at the top of exit. Note
that the FTL OSR exit already does this.
* dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
Modified Paths
Diff
Modified: branches/jsCStack/Source/_javascript_Core/ChangeLog (161011 => 161012)
--- branches/jsCStack/Source/_javascript_Core/ChangeLog 2013-12-23 20:25:45 UTC (rev 161011)
+++ branches/jsCStack/Source/_javascript_Core/ChangeLog 2013-12-23 20:44:28 UTC (rev 161012)
@@ -1,5 +1,24 @@
2013-12-23 Filip Pizlo <[email protected]>
+ CStack Branch: Several dfg-arguments-osr-exit tests fail
+ https://bugs.webkit.org/show_bug.cgi?id=126170
+
+ Reviewed by Michael Saboff.
+
+ OSR exit makes calls. It makes those calls after putting things into the stack at offsets
+ that make sense in the baseline JIT. That means that if those calls spill things to the
+ stack, they'll overwrite what the OSR exit had recovered for the baseline JIT.
+
+ Need to adjust SP to a conservative value for the baseline JIT at the top of exit. Note
+ that the FTL OSR exit already does this.
+
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+
+2013-12-23 Filip Pizlo <[email protected]>
+
cStack branch doesn't run navier-stokes because closure calls aren't implemented yet
https://bugs.webkit.org/show_bug.cgi?id=126141
Modified: branches/jsCStack/Source/_javascript_Core/dfg/DFGOSRExitCompiler32_64.cpp (161011 => 161012)
--- branches/jsCStack/Source/_javascript_Core/dfg/DFGOSRExitCompiler32_64.cpp 2013-12-23 20:25:45 UTC (rev 161011)
+++ branches/jsCStack/Source/_javascript_Core/dfg/DFGOSRExitCompiler32_64.cpp 2013-12-23 20:44:28 UTC (rev 161012)
@@ -45,6 +45,12 @@
m_jit.debugCall(debugOperationPrintSpeculationFailure, debugInfo);
}
+ // Need to ensure that the stack pointer accounts for the worst-case stack usage at exit.
+ m_jit.addPtr(
+ CCallHelpers::TrustedImm32(
+ -m_jit.codeBlock()->jitCode()->dfgCommon()->requiredRegisterCountForExit * sizeof(Register)),
+ CCallHelpers::framePointerRegister, CCallHelpers::stackPointerRegister);
+
// 2) Perform speculation recovery. This only comes into play when an operation
// starts mutating state before verifying the speculation it has already made.
Modified: branches/jsCStack/Source/_javascript_Core/dfg/DFGOSRExitCompiler64.cpp (161011 => 161012)
--- branches/jsCStack/Source/_javascript_Core/dfg/DFGOSRExitCompiler64.cpp 2013-12-23 20:25:45 UTC (rev 161011)
+++ branches/jsCStack/Source/_javascript_Core/dfg/DFGOSRExitCompiler64.cpp 2013-12-23 20:44:28 UTC (rev 161012)
@@ -49,6 +49,12 @@
m_jit.debugCall(debugOperationPrintSpeculationFailure, debugInfo);
}
+ // Need to ensure that the stack pointer accounts for the worst-case stack usage at exit.
+ m_jit.addPtr(
+ CCallHelpers::TrustedImm32(
+ -m_jit.codeBlock()->jitCode()->dfgCommon()->requiredRegisterCountForExit * sizeof(Register)),
+ CCallHelpers::framePointerRegister, CCallHelpers::stackPointerRegister);
+
// 2) Perform speculation recovery. This only comes into play when an operation
// starts mutating state before verifying the speculation it has already made.
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
