Context Navigation

← Previous Change
Next Change →

B3Validate.cpp

Timestamp:

Feb 26, 2018, 12:42:39 PM (7 years ago)

Author:

Message:

validateStackAccess should not validate if the offset is within the stack bounds
https://bugs.webkit.org/show_bug.cgi?id=183067
<rdar://problem/37749988>

Reviewed by Mark Lam.

JSTests:

stress/dont-validate-stack-offset-in-b3-because-it-might-be-guarded-by-control-flow.js: Added.

(assert):
(test.a):
(test.b):
(test):

Source/JavaScriptCore:

The validation rule was saying that any load from the stack must be
within the stack bounds of the frame. However, it's natural for a user
of B3 to emit code that may be outside of B3's stack bounds, but guard
such a load with a branch. The FTL does exactly this with GetMyArgumentByVal.
B3 is wrong to assert that this is a static property about all stack loads.

b3/B3Validate.cpp:

File:

: 1 edited

trunk/Source/JavaScriptCore/b3/B3Validate.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/Source/JavaScriptCore/b3/B3Validate.cpp

-              r227617
+              r229036
             return;
-        StackSlot* stack = slotBase->slot();
         VALIDATE(memory->offset() >= 0, ("At ", *value));
-        VALIDATE(memory->offset() + memory->accessByteSize() <= stack->byteSize(), ("At ", *value));
+    }

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 229036 in webkit for trunk/Source/JavaScriptCore/b3/B3Validate.cpp

Legend:

trunk/Source/JavaScriptCore/b3/B3Validate.cpp

Download in other formats: