Ignore:
Timestamp:
Jul 4, 2021, 4:55:48 PM (4 years ago)
Author:
[email protected]
Message:

ActiveScratchBufferScope should take the buffer as argument
https://bugs.webkit.org/show_bug.cgi?id=227670
rdar://80011612

Reviewed by Mark Lam.

https://bugs.webkit.org/show_bug.cgi?id=227013 created ActiveScratchBufferScope.
It is used by operations that can cause the GC to run, to mark as roots the contents of the scratch buffer that is live during that time (if any).
The bug is that it simply asks the VM for a scratch buffer of the right size, but this will always return the last scratch buffer, and not necessarily the one that the operation is actually using.

A fairly simple fix is to pass it directly the scratch buffer, since the operation normally can get it easily enough.
In most cases the operation has access to the m_buffer field of the ScratchBuffer, but getting a pointer to the entire structure from that is fairly simple (I added ScratchBuffer::fromData() to do so).

  • dfg/DFGOSRExit.cpp:

(JSC::DFG::JSC_DEFINE_JIT_OPERATION):

  • dfg/DFGOSRExit.h:
  • dfg/DFGOperations.cpp:

(JSC::DFG::JSC_DEFINE_JIT_OPERATION):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileNewArray):

  • dfg/DFGThunks.cpp:

(JSC::DFG::osrExitGenerationThunkGenerator):

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::haveABadTime):

  • runtime/VM.h:

(JSC::ScratchBuffer::fromData):

  • runtime/VMInlines.h:

(JSC::ActiveScratchBufferScope::ActiveScratchBufferScope):
(JSC::ActiveScratchBufferScope::~ActiveScratchBufferScope):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/dfg/DFGThunks.cpp

    r279256 r279560  
    9090    storeSpooler.finalizeFPR();
    9191
    92     // Set up one argument.
    93     jit.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
     92    // This will implicitly pass GPRInfo::callFrameRegister as the first argument based on the operation type.
     93    jit.setupArguments<decltype(operationCompileOSRExit)>(bufferGPR);
    9494    jit.prepareCallOperation(vm);
    9595
Note: See TracChangeset for help on using the changeset viewer.