Ignore:
Timestamp:
Dec 12, 2016, 1:46:45 PM (8 years ago)
Author:
[email protected]
Message:

REGRESSION(r209653): speedometer crashes making virtual slow path tailcalls
https://bugs.webkit.org/show_bug.cgi?id=165748

Reviewed by Filip Pizlo.

JSTests:

New regression test.

  • stress/regress-165748.js: Added.

(sum1):
(sum2):
(sum3):
(sum4):
(sum5):
(sum6):
(tailCaller):
(test):

Source/JavaScriptCore:

The virtual slow path for tailcalls always passes arguments on the stack.
The fix here is to link to the stack argument entrypoint instead of a register
argument entrypoint.

While fixing this bug, I found that we weren't clearing the code origin when
shuffling the call frame for a register argument tailcall.

Also rolling back in r209653, r209654, r209663, and r209673.

  • jit/CallFrameShuffler.cpp:

(JSC::CallFrameShuffler::prepareAny):

  • jit/ThunkGenerators.cpp:

(JSC::virtualThunkFor):

Source/WTF:

Rolling back in r209653, r209654, r209663, and r209673.

  • wtf/Platform.h:
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/dfg/DFGJITFinalizer.cpp

    r209678 r209725  
    3838namespace JSC { namespace DFG {
    3939
    40 JITFinalizer::JITFinalizer(Plan& plan, PassRefPtr<JITCode> jitCode, std::unique_ptr<LinkBuffer> linkBuffer, MacroAssemblerCodePtr withArityCheck)
     40JITFinalizer::JITFinalizer(Plan& plan, PassRefPtr<JITCode> jitCode,
     41    std::unique_ptr<LinkBuffer> linkBuffer, JITEntryPoints& entrypoints)
    4142    : Finalizer(plan)
    4243    , m_jitCode(jitCode)
    4344    , m_linkBuffer(WTFMove(linkBuffer))
    44     , m_withArityCheck(withArityCheck)
     45    , m_entrypoints(entrypoints)
    4546{
    4647}
     
    5758bool JITFinalizer::finalize()
    5859{
    59     m_jitCode->initializeCodeRef(
    60         FINALIZE_DFG_CODE(*m_linkBuffer, ("DFG JIT code for %s", toCString(CodeBlockWithJITType(m_plan.codeBlock, JITCode::DFGJIT)).data())),
    61         MacroAssemblerCodePtr());
     60    MacroAssemblerCodeRef codeRef = FINALIZE_DFG_CODE(*m_linkBuffer, ("DFG JIT code for %s", toCString(CodeBlockWithJITType(m_plan.codeBlock, JITCode::DFGJIT)).data()));
     61    m_jitCode->initializeEntryPoints(JITEntryPointsWithRef(codeRef, m_entrypoints));
    6262   
    6363    m_plan.codeBlock->setJITCode(m_jitCode);
     
    7070bool JITFinalizer::finalizeFunction()
    7171{
    72     RELEASE_ASSERT(!m_withArityCheck.isEmptyValue());
    73     m_jitCode->initializeCodeRef(
    74         FINALIZE_DFG_CODE(*m_linkBuffer, ("DFG JIT code for %s", toCString(CodeBlockWithJITType(m_plan.codeBlock, JITCode::DFGJIT)).data())),
    75         m_withArityCheck);
     72    RELEASE_ASSERT(!m_entrypoints.entryFor(StackArgsMustCheckArity).isEmptyValue());
     73    MacroAssemblerCodeRef codeRef = FINALIZE_DFG_CODE(*m_linkBuffer, ("DFG JIT code for %s", toCString(CodeBlockWithJITType(m_plan.codeBlock, JITCode::DFGJIT)).data()));
     74
     75    m_jitCode->initializeEntryPoints(JITEntryPointsWithRef(codeRef, m_entrypoints));
     76
    7677    m_plan.codeBlock->setJITCode(m_jitCode);
    7778   
Note: See TracChangeset for help on using the changeset viewer.