Changeset 39488 in webkit for trunk/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

Timestamp:

Dec 28, 2008, 12:52:06 AM (16 years ago)

Author:

[email protected]

Message:

2008-12-28 Cameron Zwarich <​[email protected]>

Reviewed by Oliver Hunt.

Bug 22840: REGRESSION (r38349): Gmail doesn't load with profiling enabled
<​https://bugs.webkit.org/show_bug.cgi?id=22840>
<rdar://problem/6468077>

JavaScriptCore:

• bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitNewArray): Add an assertion that the range of registers passed to op_new_array is sequential. (JSC::BytecodeGenerator::emitCall): Correct the relocation of registers when emitting profiler hooks so that registers aren't leaked. Also, add an assertion that the 'this' register is always ref'd (because it is), remove the needless protection of the 'this' register when relocating, and add an assertion that the range of registers passed to op_call for function call arguments is sequential. (JSC::BytecodeGenerator::emitConstruct): Correct the relocation of registers when emitting profiler hooks so that registers aren't leaked. Also, add an assertion that the range of registers passed to op_construct for function call arguments is sequential.

LayoutTests:

• fast/profiler/call-register-leak-expected.txt: Added.
• fast/profiler/call-register-leak.html: Added.

File:

• trunk/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp (modified) (8 diffs)

trunk/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

@@ -1189 +1189 @@
             break;
         argv.append(newTemporary());
+        // op_new_array requires the initial values to be a sequential range of registers
+        ASSERT(argv.size() == 1 || argv[argv.size() - 1]->index() == argv[argv.size() - 2]->index() + 1);
         emitNode(argv.last().get(), n->value());
     }
@@ -1237 +1239 @@
     ASSERT(opcodeID == op_call || opcodeID == op_call_eval);
     ASSERT(func->refCount());
-
+    ASSERT(thisRegister->refCount());
+
+    RegisterID* originalFunc = func;
     if (m_shouldEmitProfileHooks) {
         // If codegen decided to recycle func as this call's destination register,
@@ -1243 +1247 @@
         // for the sake of op_profile_did_call.
         if (dst == func) {
-            RefPtr<RegisterID> protect = thisRegister;
             RefPtr<RegisterID> movedThisRegister = emitMove(newTemporary(), thisRegister);
             RefPtr<RegisterID> movedFunc = emitMove(thisRegister, func);
@@ -1257 +1260 @@
     for (ArgumentListNode* n = argumentsNode->m_listNode.get(); n; n = n->m_next.get()) {
         argv.append(newTemporary());
+        // op_call requires the arguments to be a sequential range of registers
+        ASSERT(argv[argv.size() - 1]->index() == argv[argv.size() - 2]->index() + 1);
         emitNode(argv.last().get(), n);
     }
@@ -1291 +1296 @@
         instructions().append(func->index());
 
-        if (dst == func) {
+        if (dst == originalFunc) {
             thisRegister->deref();
             func->deref();
@@ -1322 +1327 @@
     ASSERT(func->refCount());
 
+    RegisterID* originalFunc = func;
     if (m_shouldEmitProfileHooks) {
         // If codegen decided to recycle func as this call's destination register,
@@ -1339 +1345 @@
     for (ArgumentListNode* n = argumentsNode ? argumentsNode->m_listNode.get() : 0; n; n = n->m_next.get()) {
         argv.append(newTemporary());
+        // op_construct requires the arguments to be a sequential range of registers
+        ASSERT(argv[argv.size() - 1]->index() == argv[argv.size() - 2]->index() + 1);
         emitNode(argv.last().get(), n);
     }
@@ -1379 +1387 @@
         instructions().append(func->index());
         
-        if (dst == func)
+        if (dst == originalFunc)
             func->deref();
     }