Changeset 138669 in webkit for trunk/Source/JavaScriptCore/interpreter

Timestamp:

Jan 2, 2013, 3:54:42 PM (12 years ago)

Author:

[email protected]

Message:

DFG inlining machinery should be robust against the inline callee varying while the executable stays the same
​https://bugs.webkit.org/show_bug.cgi?id=105953

Reviewed by Mark Hahnenberg.

This institutes the policy that if InlineCallFrame::callee is null, then the callee and scope have already
been stored into the true call frame (i.e. the place where the call frame of the inlined call would have
been) and so any attempt to access the callee or scope should do a load instead of assuming that the value
is constant. This wires the changes through the bytecode parser, the stack scanning logic, and the compiler
optimization phases and backends.

• bytecode/CodeOrigin.cpp:

(JSC::InlineCallFrame::dump):

• bytecode/CodeOrigin.h:

(CodeOrigin):
(InlineCallFrame):
(JSC::InlineCallFrame::isClosureCall):
(JSC::CodeOrigin::stackOffset):
(JSC):

• dfg/DFGAssemblyHelpers.h:
• dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::get):
(InlineStackEntry):
(JSC::DFG::ByteCodeParser::getScope):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):

• dfg/DFGCSEPhase.cpp:

(CSEPhase):
(JSC::DFG::CSEPhase::genericPureCSE):
(JSC::DFG::CSEPhase::pureCSE):
(JSC::DFG::CSEPhase::pureCSERequiringSameInlineCallFrame):
(JSC::DFG::CSEPhase::getMyScopeLoadElimination):
(JSC::DFG::CSEPhase::performNodeCSE):

• dfg/DFGOSRExitCompiler32_64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

• dfg/DFGOSRExitCompiler64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

• dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

• dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

• interpreter/CallFrame.cpp:

(JSC::CallFrame::trueCallFrame):

File:

• trunk/Source/JavaScriptCore/interpreter/CallFrame.cpp (modified) (3 diffs)

trunk/Source/JavaScriptCore/interpreter/CallFrame.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2008 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008, 2013 Apple Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -139 +139 @@
         // Fill in the inlinedCaller
         inlinedCaller->setCodeBlock(machineCodeBlock);
-        
-        inlinedCaller->setScope(calleeAsFunction->scope());
+        if (calleeAsFunction)
+            inlinedCaller->setScope(calleeAsFunction->scope());
         if (nextInlineCallFrame)
             inlinedCaller->setCallerFrame(this + nextInlineCallFrame->stackOffset);
@@ -148 +148 @@
         inlinedCaller->setInlineCallFrame(inlineCallFrame);
         inlinedCaller->setArgumentCountIncludingThis(inlineCallFrame->arguments.size());
-        inlinedCaller->setCallee(calleeAsFunction);
+        if (calleeAsFunction)
+            inlinedCaller->setCallee(calleeAsFunction);
         
         inlineCallFrame = nextInlineCallFrame;