Title: [188883] branches/jsc-tailcall/Source/_javascript_Core
- Revision
- 188883
- Author
- basile_clem...@apple.com
- Date
- 2015-08-24 14:41:37 -0700 (Mon, 24 Aug 2015)
Log Message
jsc-tailcall: We can't assert that registers are flushed when making a tail call
https://bugs.webkit.org/show_bug.cgi?id=148396
Reviewed by Michael Saboff.
We should be able to assert that registers are flushed when making a
tail call, since no additional code should ever be executed after the
tail call. However, because we can have Phantom() nodes keeping values
alive across a tail call, this assertion can (and does) fail in some
cases - even though those nodes are dead nodes that will not actually
generate any code. So we can't have the assertion.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
Modified Paths
Diff
Modified: branches/jsc-tailcall/Source/_javascript_Core/ChangeLog (188882 => 188883)
--- branches/jsc-tailcall/Source/_javascript_Core/ChangeLog 2015-08-24 21:39:54 UTC (rev 188882)
+++ branches/jsc-tailcall/Source/_javascript_Core/ChangeLog 2015-08-24 21:41:37 UTC (rev 188883)
@@ -1,5 +1,24 @@
2015-08-24 Basile Clement <basile_clem...@apple.com>
+ jsc-tailcall: We can't assert that registers are flushed when making a tail call
+ https://bugs.webkit.org/show_bug.cgi?id=148396
+
+ Reviewed by Michael Saboff.
+
+ We should be able to assert that registers are flushed when making a
+ tail call, since no additional code should ever be executed after the
+ tail call. However, because we can have Phantom() nodes keeping values
+ alive across a tail call, this assertion can (and does) fail in some
+ cases - even though those nodes are dead nodes that will not actually
+ generate any code. So we can't have the assertion.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+
+2015-08-24 Basile Clement <basile_clem...@apple.com>
+
jsc-tailcall: TailCallForwardVarargs must be considered as a terminal node
https://bugs.webkit.org/show_bug.cgi?id=148395
Modified: branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (188882 => 188883)
--- branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2015-08-24 21:39:54 UTC (rev 188882)
+++ branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2015-08-24 21:41:37 UTC (rev 188883)
@@ -819,9 +819,7 @@
// their target stack position instead of building then memmoving
// the callee frame.
// https://bugs.webkit.org/show_bug.cgi?id=147508
- if (isTail)
- ASSERT(isFlushed());
- else
+ if (!isTail)
flushRegisters();
GPRFlushedCallResult resultPayload(this);
Modified: branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (188882 => 188883)
--- branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2015-08-24 21:39:54 UTC (rev 188882)
+++ branches/jsc-tailcall/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2015-08-24 21:41:37 UTC (rev 188883)
@@ -796,9 +796,7 @@
// their target stack position instead of building then memmoving
// the callee frame.
// https://bugs.webkit.org/show_bug.cgi?id=147508
- if (isTail)
- ASSERT(isFlushed());
- else
+ if (!isTail)
flushRegisters();
GPRFlushedCallResult result(this);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes