Diff
Modified: branches/jsc-tailcall/Source/_javascript_Core/ChangeLog (186814 => 186815)
--- branches/jsc-tailcall/Source/_javascript_Core/ChangeLog 2015-07-14 21:06:56 UTC (rev 186814)
+++ branches/jsc-tailcall/Source/_javascript_Core/ChangeLog 2015-07-14 21:18:22 UTC (rev 186815)
@@ -1,5 +1,25 @@
2015-07-13 Basile Clement <basile_clem...@apple.com>
+ _javascript_ functions should restore the stack pointer after a call
+ https://bugs.webkit.org/show_bug.cgi?id=146846
+
+ Reviewed by Michael Saboff.
+
+ This patch makes it so that the DFG and FTL JIT are restoring the stack
+ pointer after a call and no longer relying on it still being valid.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ * ftl/FTLCompile.cpp:
+ (JSC::FTL::mmAllocateDataSection):
+ * ftl/FTLJSCall.cpp:
+ (JSC::FTL::JSCall::emit):
+ * ftl/FTLJSCall.h:
+
+2015-07-13 Basile Clement <basile_clem...@apple.com>
+
jsc-tailcall: Clean up register naming
https://bugs.webkit.org/show_bug.cgi?id=146849
Modified: branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (186814 => 186815)
--- branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2015-07-14 21:06:56 UTC (rev 186814)
+++ branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2015-07-14 21:18:22 UTC (rev 186815)
@@ -832,9 +832,10 @@
info->setUpCall(callType, node->origin.semantic, calleePayloadGPR);
m_jit.addJSCall(fastCall, slowCall, targetToCheck, info);
- // If we were varargs, then after the calls are done, we need to reestablish our stack pointer.
- if (isVarargs || isForwardVarargs)
- m_jit.addPtr(TrustedImm32(m_jit.graph().stackPointerOffset() * sizeof(Register)), GPRInfo::callFrameRegister, JITCompiler::stackPointerRegister);
+ // After the calls are done, we need to reestablish our stack
+ // pointer. We rely on this for varargs calls, calls with arity
+ // mismatch (the callframe is slided) and tail calls.
+ m_jit.addPtr(TrustedImm32(m_jit.graph().stackPointerOffset() * sizeof(Register)), GPRInfo::callFrameRegister, JITCompiler::stackPointerRegister);
}
template<bool strict>
Modified: branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (186814 => 186815)
--- branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2015-07-14 21:06:56 UTC (rev 186814)
+++ branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2015-07-14 21:18:22 UTC (rev 186815)
@@ -794,10 +794,11 @@
callLinkInfo->setUpCall(callType, m_currentNode->origin.semantic, calleeGPR);
m_jit.addJSCall(fastCall, slowCall, targetToCheck, callLinkInfo);
-
- // If we were varargs, then after the calls are done, we need to reestablish our stack pointer.
- if (isVarargs || isForwardVarargs)
- m_jit.addPtr(TrustedImm32(m_jit.graph().stackPointerOffset() * sizeof(Register)), GPRInfo::callFrameRegister, JITCompiler::stackPointerRegister);
+
+ // After the calls are done, we need to reestablish our stack
+ // pointer. We rely on this for varargs calls, calls with arity
+ // mismatch (the callframe is slided) and tail calls.
+ m_jit.addPtr(TrustedImm32(m_jit.graph().stackPointerOffset() * sizeof(Register)), GPRInfo::callFrameRegister, JITCompiler::stackPointerRegister);
}
// Clang should allow unreachable [[clang::fallthrough]] in template functions if any template expansion uses it
Modified: branches/jsc-tailcall/Source/_javascript_Core/ftl/FTLCompile.cpp (186814 => 186815)
--- branches/jsc-tailcall/Source/_javascript_Core/ftl/FTLCompile.cpp 2015-07-14 21:06:56 UTC (rev 186814)
+++ branches/jsc-tailcall/Source/_javascript_Core/ftl/FTLCompile.cpp 2015-07-14 21:18:22 UTC (rev 186815)
@@ -590,7 +590,7 @@
JSCall& call = state.jsCalls[i];
CCallHelpers fastPathJIT(&vm, codeBlock);
- call.emit(fastPathJIT);
+ call.emit(fastPathJIT, state.jitCode->stackmaps.stackSize());
char* startOfIC = bitwise_cast<char*>(generatedFunction) + call.m_instructionOffset;
Modified: branches/jsc-tailcall/Source/_javascript_Core/ftl/FTLJSCall.cpp (186814 => 186815)
--- branches/jsc-tailcall/Source/_javascript_Core/ftl/FTLJSCall.cpp 2015-07-14 21:06:56 UTC (rev 186814)
+++ branches/jsc-tailcall/Source/_javascript_Core/ftl/FTLJSCall.cpp 2015-07-14 21:18:22 UTC (rev 186815)
@@ -51,6 +51,14 @@
ASSERT(node->op() == Call || node->op() == Construct);
}
+void JSCall::emit(CCallHelpers& jit, unsigned stackSize)
+{
+ JSCallBase::emit(jit);
+
+ // Restore the stack pointer
+ jit.addPtr(CCallHelpers::TrustedImm32(sizeof(Register) - static_cast<int64_t>(stackSize)), CCallHelpers::framePointerRegister, CCallHelpers::stackPointerRegister);
+}
+
} } // namespace JSC::FTL
#endif // ENABLE(FTL_JIT)
Modified: branches/jsc-tailcall/Source/_javascript_Core/ftl/FTLJSCall.h (186814 => 186815)
--- branches/jsc-tailcall/Source/_javascript_Core/ftl/FTLJSCall.h 2015-07-14 21:06:56 UTC (rev 186814)
+++ branches/jsc-tailcall/Source/_javascript_Core/ftl/FTLJSCall.h 2015-07-14 21:18:22 UTC (rev 186815)
@@ -42,6 +42,8 @@
public:
JSCall();
JSCall(unsigned stackmapID, DFG::Node*);
+
+ void emit(CCallHelpers&, unsigned stackSize);
unsigned stackmapID() const { return m_stackmapID; }
