Changeset 190370 in webkit for trunk/Source/JavaScriptCore/jit/CallFrameShuffler64.cpp

Timestamp:

Sep 30, 2015, 3:28:08 PM (10 years ago)

Author:

[email protected]

Message:

Source/JavaScriptCore:
Relanding r190289 with the following two fixes:

1. REGRESSION(r190289): It made Speedometer/Full.html performance test fail ​https://bugs.webkit.org/show_bug.cgi?id=149621

Reviewed by Saam Barati.

We need to restore callee saves for both the fast and slow paths before making a
tail call in the FTL.

• ftl/FTLJSCallBase.cpp: (JSC::FTL::JSCallBase::emit):

2. [ARM] REGRESSION(r190289): It made 374 tests crash on 32 bit ARM Linux ​https://bugs.webkit.org/show_bug.cgi?id=149619

Reviewed by Filip Pizlo.

Need to check for ARMv7_TRADITIONAL and ARMv7 in addition to ARM in "if"
statement to handle platforms with a link register.

• llint/LowLevelInterpreter.asm: (prepareForTailCall):

LayoutTests:
Relanding r190289 after fixes tracked in ​https://bugs.webkit.org/show_bug.cgi?id=149619
and ​https://bugs.webkit.org/show_bug.cgi?id=149621

Reviewed by Saam Barati.

File:

• trunk/Source/JavaScriptCore/jit/CallFrameShuffler64.cpp (modified) (3 diffs)

trunk/Source/JavaScriptCore/jit/CallFrameShuffler64.cpp

@@ -88 +88 @@
                 cachedRecovery.recovery().gpr(),
                 cachedRecovery.recovery().gpr());
-            // We have to do this the hard way.
-            m_jit.or64(MacroAssembler::TrustedImm64(TagTypeNumber),
-                cachedRecovery.recovery().gpr());
+            m_lockedRegisters.set(cachedRecovery.recovery().gpr());
+            if (tryAcquireTagTypeNumber())
+                m_jit.or64(m_tagTypeNumber, cachedRecovery.recovery().gpr());
+            else {
+                // We have to do this the hard way
+                m_jit.or64(MacroAssembler::TrustedImm64(TagTypeNumber),
+                    cachedRecovery.recovery().gpr());
+            }
+            m_lockedRegisters.clear(cachedRecovery.recovery().gpr());
             cachedRecovery.setRecovery(
                 ValueRecovery::inGPR(cachedRecovery.recovery().gpr(), DataFormatJS));
@@ -142 +148 @@
             m_jit.purifyNaN(cachedRecovery.recovery().fpr());
             m_jit.moveDoubleTo64(cachedRecovery.recovery().fpr(), resultGPR);
-            m_jit.sub64(MacroAssembler::TrustedImm64(TagTypeNumber), resultGPR);
+            m_lockedRegisters.set(resultGPR);
+            if (tryAcquireTagTypeNumber())
+                m_jit.sub64(m_tagTypeNumber, resultGPR);
+            else
+                m_jit.sub64(MacroAssembler::TrustedImm64(TagTypeNumber), resultGPR);
+            m_lockedRegisters.clear(resultGPR);
             updateRecovery(cachedRecovery, ValueRecovery::inGPR(resultGPR, DataFormatJS));
             if (verbose)
@@ -338 +349 @@
     ASSERT(m_registers[wantedReg] == &cachedRecovery);
 }
+    
+bool CallFrameShuffler::tryAcquireTagTypeNumber()
+{
+    if (m_tagTypeNumber != InvalidGPRReg)
+        return true;
+
+    m_tagTypeNumber = getFreeGPR();
+
+    if (m_tagTypeNumber == InvalidGPRReg)
+        return false;
+
+    m_lockedRegisters.set(m_tagTypeNumber);
+    m_jit.move(MacroAssembler::TrustedImm64(TagTypeNumber), m_tagTypeNumber);
+    return true;
+}
 
 } // namespace JSC