Changeset 209725 in webkit for trunk/Source/JavaScriptCore/jit/JITCode.cpp

Timestamp:

Dec 12, 2016, 1:46:45 PM (9 years ago)

Author:

[email protected]

Message:

REGRESSION(r209653): speedometer crashes making virtual slow path tailcalls
​https://bugs.webkit.org/show_bug.cgi?id=165748

Reviewed by Filip Pizlo.

JSTests:

New regression test.

• stress/regress-165748.js: Added.

(sum1):
(sum2):
(sum3):
(sum4):
(sum5):
(sum6):
(tailCaller):
(test):

Source/JavaScriptCore:

The virtual slow path for tailcalls always passes arguments on the stack.
The fix here is to link to the stack argument entrypoint instead of a register
argument entrypoint.

While fixing this bug, I found that we weren't clearing the code origin when
shuffling the call frame for a register argument tailcall.

Also rolling back in r209653, r209654, r209663, and r209673.

• jit/CallFrameShuffler.cpp:

(JSC::CallFrameShuffler::prepareAny):

• jit/ThunkGenerators.cpp:

(JSC::virtualThunkFor):

Source/WTF:

Rolling back in r209653, r209654, r209663, and r209673.

• wtf/Platform.h:

File:

• trunk/Source/JavaScriptCore/jit/JITCode.cpp (modified) (4 diffs)

trunk/Source/JavaScriptCore/jit/JITCode.cpp

@@ -76 +76 @@
     if (!function || !protoCallFrame->needArityCheck()) {
         ASSERT(!protoCallFrame->needArityCheck());
-        entryAddress = executableAddress();
+        entryAddress = addressForCall(StackArgsArityCheckNotRequired).executableAddress();
     } else
-        entryAddress = addressForCall(MustCheckArity).executableAddress();
+        entryAddress = addressForCall(StackArgsMustCheckArity).executableAddress();
     JSValue result = JSValue::decode(vmEntryToJavaScript(entryAddress, vm, protoCallFrame));
     return scope.exception() ? jsNull() : result;
@@ -163 +163 @@
 }
 
-DirectJITCode::DirectJITCode(JITCode::CodeRef ref, JITCode::CodePtr withArityCheck, JITType jitType)
-    : JITCodeWithCodeRef(ref, jitType)
-    , m_withArityCheck(withArityCheck)
+DirectJITCode::DirectJITCode(JITEntryPointsWithRef entries, JITType jitType)
+    : JITCodeWithCodeRef(entries.codeRef(), jitType)
+    , m_entryPoints(entries)
 {
 }
@@ -173 +173 @@
 }
 
-void DirectJITCode::initializeCodeRef(JITCode::CodeRef ref, JITCode::CodePtr withArityCheck)
+void DirectJITCode::initializeEntryPoints(JITEntryPointsWithRef entries)
 {
     RELEASE_ASSERT(!m_ref);
-    m_ref = ref;
-    m_withArityCheck = withArityCheck;
-}
-
-JITCode::CodePtr DirectJITCode::addressForCall(ArityCheckMode arity)
-{
-    switch (arity) {
-    case ArityCheckNotRequired:
-        RELEASE_ASSERT(m_ref);
-        return m_ref.code();
-    case MustCheckArity:
-        RELEASE_ASSERT(m_withArityCheck);
-        return m_withArityCheck;
-    }
-    RELEASE_ASSERT_NOT_REACHED();
-    return CodePtr();
+    m_ref = entries.codeRef();
+    m_entryPoints = entries;
+}
+
+JITCode::CodePtr DirectJITCode::addressForCall(EntryPointType type)
+{
+    return m_entryPoints.entryFor(type);
 }
 
@@ -214 +205 @@
 }
 
-JITCode::CodePtr NativeJITCode::addressForCall(ArityCheckMode)
+JITCode::CodePtr NativeJITCode::addressForCall(EntryPointType)
 {
     RELEASE_ASSERT(!!m_ref);