Ignore:
Timestamp:
Dec 19, 2011, 7:16:21 PM (13 years ago)
Author:
[email protected]
Message:

https://bugs.webkit.org/show_bug.cgi?id=74903
Exceptions not thrown correctly from DFG JIT on 32bit

Reviewed by Oliver Hunt.

Arguments for lookupExceptionHandler are not setup correctly.
In the case of ARMv7 we rely on lr being preserved over a call,
this in invalid. On x86 we don't should be poking the arguments onto the stack!

Source/JavaScriptCore:

  • bytecode/CodeBlock.h:

(JSC::CodeBlock::bytecodeOffsetForCallAtIndex):

  • dfg/DFGAssemblyHelpers.h:

(JSC::DFG::AssemblyHelpers::restoreReturnAddressBeforeReturn):

  • dfg/DFGGPRInfo.h:
  • dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::compileBody):

  • dfg/DFGJITCompiler.h:

(JSC::DFG::JITCompiler::addExceptionCheck):
(JSC::DFG::JITCompiler::addFastExceptionCheck):

  • dfg/DFGOperations.cpp:
  • dfg/DFGOperations.h:

LayoutTests:

  • fast/js/dfg-exception-expected.txt: Added.
  • fast/js/dfg-exception.html: Added.
  • fast/js/script-tests/dfg-exception.js: Added.

(doesntDFGCompile):
(test):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp

    r102545 r103294  
    9696    if (didLinkExceptionCheck) {
    9797        // lookupExceptionHandler is passed two arguments, exec (the CallFrame*), and
    98         // an identifier for the operation that threw the exception, which we can use
    99         // to look up handler information. The identifier we use is the return address
    100         // of the call out from JIT code that threw the exception; this is still
    101         // available on the stack, just below the stack pointer!
     98        // the index into the CodeBlock's callReturnIndexVector corresponding to the
     99        // call that threw the exception (this was set in nonPreservedNonReturnGPR, when
     100        // the exception check was planted).
     101        move(GPRInfo::nonPreservedNonReturnGPR, GPRInfo::argumentGPR1);
    102102        move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
    103         getPCAfterCall(GPRInfo::argumentGPR1);
     103#if CPU(X86)
     104        // FIXME: should use the call abstraction, but this is currently in the SpeculativeJIT layer!
     105        poke(GPRInfo::argumentGPR0);
     106        poke(GPRInfo::argumentGPR1, 1);
     107#endif
    104108        m_calls.append(CallLinkRecord(call(), lookupExceptionHandler));
    105109        // lookupExceptionHandler leaves the handler CallFrame* in the returnValueGPR,
Note: See TracChangeset for help on using the changeset viewer.