Changeset 173282 in webkit for trunk/Source/JavaScriptCore/jit/JITCall.cpp

Timestamp:

Sep 4, 2014, 2:23:38 PM (11 years ago)

Author:

[email protected]

Message:

REGRESSION(r173031): crashes during run-layout-jsc on x86/Linux
​https://bugs.webkit.org/show_bug.cgi?id=136436

Reviewed by Geoffrey Garen.

Instead of trying to calculate a stack pointer that allows for possible
stacked argument space, just use the "home" stack pointer location.
That stack pointer provides space for the worst case number of stacked
arguments on architectures that use stacked arguments. It also provides
stack space so that the return PC and caller frame pointer that are stored
as part of making the call to operationCallEval will not override any part
of the callee frame created on the stack.

Changed compileCallEval() to use the stackPointer value of the calling
function. That stack pointer is calculated to have enough space for
outgoing stacked arguments. By moving the stack pointer to its "home"
position, the caller frame and return PC are not set as part of making
the call to operationCallEval(). Moved the explicit setting of the
callerFrame field of the callee CallFrame from operationCallEval() to
compileCallEval() since it has been the artifact of making a call for
most architectures. Simplified the exception logic in compileCallEval()
as a result of the change. To be compliant with the stack state
expected by virtualCallThunkGenerator(), moved the stack pointer to
point above the CallerFrameAndPC of the callee CallFrame.

• jit/JIT.h: Changed callOperationNoExceptionCheck(J_JITOperation_EE, ...)

to callOperation(J_JITOperation_EE, ...) as it now can do a typical exception
check.

• jit/JITCall.cpp & jit/JITCall32_64.cpp:

(JSC::JIT::compileCallEval): Use the home stack pointer when making the call
to operationCallEval. Since the stack pointer adjustment no longer needs
to be done after making the call to operationCallEval(), the exception check
logic can be simplified.
(JSC::JIT::compileCallEvalSlowCase): Restored the stack pointer to point
to above the calleeFrame as this is what the generated thunk expects.

• jit/JITInlines.h:

(JSC::JIT::callOperation): Refactor of callOperationNoExceptionCheck
with the addition of a standard exception check.
(JSC::JIT::callOperationNoExceptionCheck): Deleted.

• jit/JITOperations.cpp:

(JSC::operationCallEval): Eliminated the explicit setting of caller frame
as that is now done in the code generated by compileCallEval().

File:

• trunk/Source/JavaScriptCore/jit/JITCall.cpp (modified) (2 diffs)

trunk/Source/JavaScriptCore/jit/JITCall.cpp

@@ -137 +137 @@
 {
     addPtr(TrustedImm32(-static_cast<ptrdiff_t>(sizeof(CallerFrameAndPC))), stackPointerRegister, regT1);
-    callOperationNoExceptionCheck(operationCallEval, regT1);
-
-    Jump noException = emitExceptionCheck(InvertedExceptionCheck);
-    addPtr(TrustedImm32(stackPointerOffsetFor(m_codeBlock) * sizeof(Register)), callFrameRegister, stackPointerRegister);    
-    exceptionCheck(jump());
-
-    noException.link(this);
-    addSlowCase(branch64(Equal, regT0, TrustedImm64(JSValue::encode(JSValue()))));
+    storePtr(callFrameRegister, Address(regT1, CallFrame::callerFrameOffset()));
 
     addPtr(TrustedImm32(stackPointerOffsetFor(m_codeBlock) * sizeof(Register)), callFrameRegister, stackPointerRegister);
     checkStackPointerAlignment();
 
+    callOperation(operationCallEval, regT1);
+
+    addSlowCase(branch64(Equal, regT0, TrustedImm64(JSValue::encode(JSValue()))));
+
     sampleCodeBlock(m_codeBlock);
     
@@ -157 +154 @@
 {
     linkSlowCase(iter);
+    int registerOffset = -instruction[4].u.operand;
+
+    addPtr(TrustedImm32(registerOffset * sizeof(Register) + sizeof(CallerFrameAndPC)), callFrameRegister, stackPointerRegister);
 
     load64(Address(stackPointerRegister, sizeof(Register) * JSStack::Callee - sizeof(CallerFrameAndPC)), regT0);