Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (169972 => 169973)
--- trunk/Source/_javascript_Core/ChangeLog 2014-06-14 17:40:49 UTC (rev 169972)
+++ trunk/Source/_javascript_Core/ChangeLog 2014-06-14 17:43:32 UTC (rev 169973)
@@ -1,3 +1,20 @@
+2014-06-14 Michael Saboff <[email protected]>
+
+ operationCreateArguments could cause a GC during OSR exit
+ https://bugs.webkit.org/show_bug.cgi?id=133905
+
+ Reviewed by Filip Pizlo.
+
+ Defer GC via new wrapper functions for operationCreateArguments and operationCreateInlinedArguments
+ for use by OSR exit stubs.
+
+ * dfg/DFGOSRExitCompilerCommon.cpp:
+ (JSC::DFG::ArgumentsRecoveryGenerator::generateFor):
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * jit/JITOperations.cpp:
+ * jit/JITOperations.h:
+
2014-06-13 Mark Hahnenberg <[email protected]>
OSR exit should barrier the Executables for all InlineCallFrames, not just those on the stack at the time of exit
Modified: trunk/Source/_javascript_Core/dfg/DFGOSRExitCompilerCommon.cpp (169972 => 169973)
--- trunk/Source/_javascript_Core/dfg/DFGOSRExitCompilerCommon.cpp 2014-06-14 17:40:49 UTC (rev 169972)
+++ trunk/Source/_javascript_Core/dfg/DFGOSRExitCompilerCommon.cpp 2014-06-14 17:43:32 UTC (rev 169973)
@@ -264,7 +264,7 @@
jit.setupArgumentsExecState();
jit.move(
AssemblyHelpers::TrustedImmPtr(
- bitwise_cast<void*>(operationCreateArguments)),
+ bitwise_cast<void*>(operationCreateArgumentsDuringOSRExit)),
GPRInfo::nonArgGPR0);
jit.call(GPRInfo::nonArgGPR0);
jit.store64(GPRInfo::returnValueGPR, AssemblyHelpers::addressFor(argumentsRegister));
@@ -278,13 +278,13 @@
AssemblyHelpers::TrustedImmPtr(inlineCallFrame));
jit.move(
AssemblyHelpers::TrustedImmPtr(
- bitwise_cast<void*>(operationCreateInlinedArguments)),
+ bitwise_cast<void*>(operationCreateInlinedArgumentsDuringOSRExit)),
GPRInfo::nonArgGPR0);
} else {
jit.setupArgumentsExecState();
jit.move(
AssemblyHelpers::TrustedImmPtr(
- bitwise_cast<void*>(operationCreateArguments)),
+ bitwise_cast<void*>(operationCreateArgumentsDuringOSRExit)),
GPRInfo::nonArgGPR0);
}
jit.call(GPRInfo::nonArgGPR0);
Modified: trunk/Source/_javascript_Core/dfg/DFGOperations.cpp (169972 => 169973)
--- trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2014-06-14 17:40:49 UTC (rev 169972)
+++ trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2014-06-14 17:43:32 UTC (rev 169973)
@@ -769,6 +769,12 @@
return result;
}
+JSCell* JIT_OPERATION operationCreateInlinedArgumentsDuringOSRExit(ExecState* exec, InlineCallFrame* inlineCallFrame)
+{
+ DeferGCForAWhile(exec->vm().heap);
+ return operationCreateInlinedArguments(exec, inlineCallFrame);
+}
+
void JIT_OPERATION operationTearOffInlinedArguments(
ExecState* exec, JSCell* argumentsCell, JSCell* activationCell, InlineCallFrame* inlineCallFrame)
{
Modified: trunk/Source/_javascript_Core/dfg/DFGOperations.h (169972 => 169973)
--- trunk/Source/_javascript_Core/dfg/DFGOperations.h 2014-06-14 17:40:49 UTC (rev 169972)
+++ trunk/Source/_javascript_Core/dfg/DFGOperations.h 2014-06-14 17:43:32 UTC (rev 169973)
@@ -97,6 +97,7 @@
size_t JIT_OPERATION operationCompareStrictEqCell(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) WTF_INTERNAL;
size_t JIT_OPERATION operationCompareStrictEq(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) WTF_INTERNAL;
JSCell* JIT_OPERATION operationCreateInlinedArguments(ExecState*, InlineCallFrame*) WTF_INTERNAL;
+JSCell* JIT_OPERATION operationCreateInlinedArgumentsDuringOSRExit(ExecState*, InlineCallFrame*) WTF_INTERNAL;
void JIT_OPERATION operationTearOffInlinedArguments(ExecState*, JSCell*, JSCell*, InlineCallFrame*) WTF_INTERNAL;
EncodedJSValue JIT_OPERATION operationGetInlinedArgumentByVal(ExecState*, int32_t, InlineCallFrame*, int32_t) WTF_INTERNAL;
EncodedJSValue JIT_OPERATION operationGetArgumentByVal(ExecState*, int32_t, int32_t) WTF_INTERNAL;
Modified: trunk/Source/_javascript_Core/jit/JITOperations.cpp (169972 => 169973)
--- trunk/Source/_javascript_Core/jit/JITOperations.cpp 2014-06-14 17:40:49 UTC (rev 169972)
+++ trunk/Source/_javascript_Core/jit/JITOperations.cpp 2014-06-14 17:43:32 UTC (rev 169973)
@@ -1391,6 +1391,12 @@
return result;
}
+JSCell* JIT_OPERATION operationCreateArgumentsDuringOSRExit(ExecState* exec)
+{
+ DeferGCForAWhile(exec->vm().heap);
+ return operationCreateArguments(exec);
+}
+
EncodedJSValue JIT_OPERATION operationGetArgumentsLength(ExecState* exec, int32_t argumentsRegister)
{
VM& vm = exec->vm();
Modified: trunk/Source/_javascript_Core/jit/JITOperations.h (169972 => 169973)
--- trunk/Source/_javascript_Core/jit/JITOperations.h 2014-06-14 17:40:49 UTC (rev 169972)
+++ trunk/Source/_javascript_Core/jit/JITOperations.h 2014-06-14 17:43:32 UTC (rev 169973)
@@ -269,6 +269,7 @@
EncodedJSValue JIT_OPERATION operationCheckHasInstance(ExecState*, EncodedJSValue, EncodedJSValue baseVal) WTF_INTERNAL;
JSCell* JIT_OPERATION operationCreateActivation(ExecState*, int32_t offset) WTF_INTERNAL;
JSCell* JIT_OPERATION operationCreateArguments(ExecState*) WTF_INTERNAL;
+JSCell* JIT_OPERATION operationCreateArgumentsDuringOSRExit(ExecState*) WTF_INTERNAL;
EncodedJSValue JIT_OPERATION operationGetArgumentsLength(ExecState*, int32_t) WTF_INTERNAL;
EncodedJSValue JIT_OPERATION operationGetByValDefault(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript) WTF_INTERNAL;
EncodedJSValue JIT_OPERATION operationGetByValGeneric(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedSubscript) WTF_INTERNAL;
