Ignore:
Timestamp:
Jan 12, 2021, 4:09:16 PM (5 years ago)
Author:
[email protected]
Message:

[JSC] Bypass OperationPtrTagging for JITCage verification for CallDOMGetter
https://bugs.webkit.org/show_bug.cgi?id=220564

Reviewed by Saam Barati.

JSTests:

  • stress/domjit-getter2.js: Added.

(shouldBe):
(access):

Source/JavaScriptCore:

CustomAccessorPtrTag functions are not registered ones for JITCage since we are using C++ trampoline to invoke them.
However, we do not want to use this trampoline in x64 due to performance issue. So we would like to call these
functions directly from JIT while they are not registered (And this is OK in JITCage since they are called from trampoline).
In this patch we bypass OperationPtrTagging by using WTF::tagNativeCodePtrImpl directly for non JITCage case.

  • dfg/DFGJITCompiler.h:

(JSC::DFG::JITCompiler::appendOperationCall):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileCallDOMGetter):

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::appendOperationCall):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCallDOMGetter):
(JSC::FTL::DFG::LowerDFGToB3::vmCall):

  • ftl/FTLOutput.h:

(JSC::FTL::Output::operation):

  • tools/JSDollarVM.cpp:
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ftl/FTLOutput.h

    r268247 r271422  
    403403    template<typename FunctionType>
    404404    LValue operation(FunctionType function) { return constIntPtr(tagCFunctionPtr<void*, OperationPtrTag>(function)); }
     405    LValue operation(FunctionPtr<OperationPtrTag> function) { return constIntPtr(function.executableAddress()); }
    405406
    406407    void jump(LBasicBlock);
Note: See TracChangeset for help on using the changeset viewer.