[webkit-changes] [164653] trunk/Source/JavaScriptCore

Tue, 25 Feb 2014 10:15:20 -0800

Title: [164653] trunk/Source/_javascript_Core
Revision
164653
Author
[email protected]
Date
2014-02-25 09:53:33 -0800 (Tue, 25 Feb 2014)

Log Message

JIT Engines use the wrong stack limit for stack checks
https://bugs.webkit.org/show_bug.cgi?id=129314

Reviewed by Filip Pizlo.

Change the Baseline and DFG code to use VM::m_stackLimit for stack limit checks.

* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileFunction):
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
* jit/JITCall.cpp:
(JSC::JIT::compileLoadVarargs):
* jit/JITCall32_64.cpp:
(JSC::JIT::compileLoadVarargs):
* runtime/VM.h:
(JSC::VM::addressOfStackLimit):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (164652 => 164653)


--- trunk/Source/_javascript_Core/ChangeLog	2014-02-25 17:48:03 UTC (rev 164652)
+++ trunk/Source/_javascript_Core/ChangeLog	2014-02-25 17:53:33 UTC (rev 164653)
@@ -1,3 +1,23 @@
+2014-02-25  Michael Saboff  <[email protected]>
+
+        JIT Engines use the wrong stack limit for stack checks
+        https://bugs.webkit.org/show_bug.cgi?id=129314
+
+        Reviewed by Filip Pizlo.
+
+        Change the Baseline and DFG code to use VM::m_stackLimit for stack limit checks.
+
+        * dfg/DFGJITCompiler.cpp:
+        (JSC::DFG::JITCompiler::compileFunction):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompile):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileLoadVarargs):
+        * jit/JITCall32_64.cpp:
+        (JSC::JIT::compileLoadVarargs):
+        * runtime/VM.h:
+        (JSC::VM::addressOfStackLimit):
+
 2014-02-25  Filip Pizlo  <[email protected]>
 
         Unreviewed, roll out http://trac.webkit.org/changeset/164493.

Modified: trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp (164652 => 164653)


--- trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp	2014-02-25 17:48:03 UTC (rev 164652)
+++ trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp	2014-02-25 17:53:33 UTC (rev 164653)
@@ -336,7 +336,7 @@
     Label fromArityCheck(this);
     // Plant a check that sufficient space is available in the JSStack.
     addPtr(TrustedImm32(virtualRegisterForLocal(m_graph.requiredRegisterCountForExecutionAndExit() - 1).offset() * sizeof(Register)), GPRInfo::callFrameRegister, GPRInfo::regT1);
-    Jump stackOverflow = branchPtr(Above, AbsoluteAddress(m_vm->addressOfJSStackLimit()), GPRInfo::regT1);
+    Jump stackOverflow = branchPtr(Above, AbsoluteAddress(m_vm->addressOfStackLimit()), GPRInfo::regT1);
 
     // Move the stack pointer down to accommodate locals
     addPtr(TrustedImm32(m_graph.stackPointerOffset() * sizeof(Register)), GPRInfo::callFrameRegister, stackPointerRegister);

Modified: trunk/Source/_javascript_Core/jit/JIT.cpp (164652 => 164653)


--- trunk/Source/_javascript_Core/jit/JIT.cpp	2014-02-25 17:48:03 UTC (rev 164652)
+++ trunk/Source/_javascript_Core/jit/JIT.cpp	2014-02-25 17:53:33 UTC (rev 164653)
@@ -519,7 +519,7 @@
         }
 
         addPtr(TrustedImm32(stackPointerOffsetFor(m_codeBlock) * sizeof(Register)), callFrameRegister, regT1);
-        stackOverflow = branchPtr(Above, AbsoluteAddress(m_vm->addressOfJSStackLimit()), regT1);
+        stackOverflow = branchPtr(Above, AbsoluteAddress(m_vm->addressOfStackLimit()), regT1);
     }
 
     addPtr(TrustedImm32(stackPointerOffsetFor(m_codeBlock) * sizeof(Register)), callFrameRegister, stackPointerRegister);

Modified: trunk/Source/_javascript_Core/jit/JITCall.cpp (164652 => 164653)


--- trunk/Source/_javascript_Core/jit/JITCall.cpp	2014-02-25 17:48:03 UTC (rev 164652)
+++ trunk/Source/_javascript_Core/jit/JITCall.cpp	2014-02-25 17:53:33 UTC (rev 164653)
@@ -87,7 +87,7 @@
         addPtr(callFrameRegister, regT1);
         // regT1: newCallFrame
 
-        slowCase.append(branchPtr(Above, AbsoluteAddress(m_vm->addressOfJSStackLimit()), regT1));
+        slowCase.append(branchPtr(Above, AbsoluteAddress(m_vm->addressOfStackLimit()), regT1));
 
         // Initialize ArgumentCount.
         store32(regT0, Address(regT1, JSStack::ArgumentCount * static_cast<int>(sizeof(Register)) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)));

Modified: trunk/Source/_javascript_Core/jit/JITCall32_64.cpp (164652 => 164653)


--- trunk/Source/_javascript_Core/jit/JITCall32_64.cpp	2014-02-25 17:48:03 UTC (rev 164652)
+++ trunk/Source/_javascript_Core/jit/JITCall32_64.cpp	2014-02-25 17:53:33 UTC (rev 164653)
@@ -160,7 +160,7 @@
         addPtr(callFrameRegister, regT3);
         // regT3: newCallFrame
 
-        slowCase.append(branchPtr(Above, AbsoluteAddress(m_vm->addressOfJSStackLimit()), regT3));
+        slowCase.append(branchPtr(Above, AbsoluteAddress(m_vm->addressOfStackLimit()), regT3));
 
         // Initialize ArgumentCount.
         store32(regT2, payloadFor(JSStack::ArgumentCount, regT3));

Modified: trunk/Source/_javascript_Core/runtime/VM.h (164652 => 164653)


--- trunk/Source/_javascript_Core/runtime/VM.h	2014-02-25 17:48:03 UTC (rev 164652)
+++ trunk/Source/_javascript_Core/runtime/VM.h	2014-02-25 17:53:33 UTC (rev 164653)
@@ -389,12 +389,12 @@
         void** addressOfFTLStackLimit() { return &m_ftlStackLimit; }
 #endif
 
-        void** addressOfJSStackLimit() { return &m_jsStackLimit; }
 #if ENABLE(LLINT_C_LOOP)
         void* jsStackLimit() { return m_jsStackLimit; }
         void setJSStackLimit(void* limit) { m_jsStackLimit = limit; }
 #endif
         void* stackLimit() { return m_stackLimit; }
+        void** addressOfStackLimit() { return &m_stackLimit; }
 
         bool isSafeToRecurse(size_t neededStackInBytes = 0) const
         {

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to