Ignore:
Timestamp:
Dec 12, 2016, 1:46:45 PM (9 years ago)
Author:
[email protected]
Message:

REGRESSION(r209653): speedometer crashes making virtual slow path tailcalls
https://bugs.webkit.org/show_bug.cgi?id=165748

Reviewed by Filip Pizlo.

JSTests:

New regression test.

  • stress/regress-165748.js: Added.

(sum1):
(sum2):
(sum3):
(sum4):
(sum5):
(sum6):
(tailCaller):
(test):

Source/JavaScriptCore:

The virtual slow path for tailcalls always passes arguments on the stack.
The fix here is to link to the stack argument entrypoint instead of a register
argument entrypoint.

While fixing this bug, I found that we weren't clearing the code origin when
shuffling the call frame for a register argument tailcall.

Also rolling back in r209653, r209654, r209663, and r209673.

  • jit/CallFrameShuffler.cpp:

(JSC::CallFrameShuffler::prepareAny):

  • jit/ThunkGenerators.cpp:

(JSC::virtualThunkFor):

Source/WTF:

Rolling back in r209653, r209654, r209663, and r209673.

  • wtf/Platform.h:
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/dfg/DFGMinifiedNode.h

    r209678 r209725  
    11/*
    2  * Copyright (C) 2012, 2014, 2015 Apple Inc. All rights reserved.
     2 * Copyright (C) 2012, 2014-2016 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    4444    case PhantomDirectArguments:
    4545    case PhantomClonedArguments:
     46    case GetArgumentRegister:
    4647        return true;
    4748    default:
     
    7273        return bitwise_cast<InlineCallFrame*>(static_cast<uintptr_t>(m_info));
    7374    }
     75
     76    bool hasArgumentIndex() const { return hasArgumentIndex(m_op); }
     77
     78    unsigned argumentIndex() const { return static_cast<unsigned>(m_info); }
    7479   
    7580    static MinifiedID getID(MinifiedNode* node) { return node->id(); }
     
    8994        return type == PhantomDirectArguments || type == PhantomClonedArguments;
    9095    }
     96
     97    static bool hasArgumentIndex(NodeType type)
     98    {
     99        return type == GetArgumentRegister;
     100    }
    91101   
    92102    MinifiedID m_id;
Note: See TracChangeset for help on using the changeset viewer.