Changeset 47614 in webkit for trunk/JavaScriptCore/jit


Ignore:
Timestamp:
Aug 20, 2009, 7:57:10 PM (16 years ago)
Author:
[email protected]
Message:

Numbering of arguments to emitGetJITStubArg/emitPutJITStubArg incorrect
https://bugs.webkit.org/show_bug.cgi?id=28513

Reviewed by Oliver Hunt.

The argumentNumber argument to emitGetJITStubArg/emitPutJITStubArg should match
the argument number used within the stub functions in JITStubs.cpp, but it doesn't.

Firstly, all the numbers changed when we added a void* 'reserved' as the first slot
(rather than leaving argument 0 unused), and secondly in 32_64 builds the index to
peek/poke needs to be multiplies by 2 (since the argument to peek/poke is a number
of machine words, and on 32_64 build the argument slots to stub functions are two
words wide).

  • jit/JIT.h:
  • jit/JITCall.cpp:

(JSC::JIT::compileOpCallSetupArgs):
(JSC::JIT::compileOpConstructSetupArgs):
(JSC::JIT::compileOpCallVarargsSetupArgs):
(JSC::JIT::compileOpCall):

  • jit/JITInlineMethods.h:

(JSC::JIT::emitPutJITStubArg):
(JSC::JIT::emitPutJITStubArgConstant):
(JSC::JIT::emitGetJITStubArg):
(JSC::JIT::emitPutJITStubArgFromVirtualRegister):

  • jit/JITOpcodes.cpp:

(JSC::JIT::privateCompileCTIMachineTrampolines):

  • jit/JITPropertyAccess.cpp:

(JSC::JIT::privateCompilePutByIdTransition):

Location:
trunk/JavaScriptCore/jit
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/jit/JIT.h

    r47530 r47614  
    794794        void emitPutJITStubArg(RegisterID src, unsigned argumentNumber);
    795795#if USE(JSVALUE32_64)
     796        void emitPutJITStubArg(RegisterID tag, RegisterID payload, unsigned argumentNumber);
    796797        void emitPutJITStubArgFromVirtualRegister(unsigned src, unsigned argumentNumber, RegisterID scratch1, RegisterID scratch2);
    797798#else

  • trunk/JavaScriptCore/jit/JITCall.cpp

    r47597 r47614  
    6565    int registerOffset = instruction[4].u.operand;
    6666
    67     emitPutJITStubArg(regT0, 1);
    68     emitPutJITStubArg(regT1, 2);
    69     emitPutJITStubArgConstant(registerOffset, 3);
    70     emitPutJITStubArgConstant(argCount, 5);
     67    emitPutJITStubArg(regT1, regT0, 0);
     68    emitPutJITStubArgConstant(registerOffset, 1);
     69    emitPutJITStubArgConstant(argCount, 2);
    7170}
    7271         
     
    7877    int thisRegister = instruction[6].u.operand;
    7978
    80     emitPutJITStubArg(regT0, 1);
    81     emitPutJITStubArg(regT1, 2);
    82     emitPutJITStubArgConstant(registerOffset, 3);
    83     emitPutJITStubArgConstant(argCount, 5);
    84     emitPutJITStubArgFromVirtualRegister(proto, 7, regT2, regT3);
    85     emitPutJITStubArgConstant(thisRegister, 9);
     79    emitPutJITStubArg(regT1, regT0, 0);
     80    emitPutJITStubArgConstant(registerOffset, 1);
     81    emitPutJITStubArgConstant(argCount, 2);
     82    emitPutJITStubArgFromVirtualRegister(proto, 3, regT2, regT3);
     83    emitPutJITStubArgConstant(thisRegister, 4);
    8684}
    8785
    8886void JIT::compileOpCallVarargsSetupArgs(Instruction*)
    8987{
    90     emitPutJITStubArg(regT0, 1);
    91     emitPutJITStubArg(regT1, 2);
    92     emitPutJITStubArg(regT3, 3); // registerOffset
    93     emitPutJITStubArg(regT2, 5); // argCount
     88    emitPutJITStubArg(regT1, regT0, 0);
     89    emitPutJITStubArg(regT3, 1); // registerOffset
     90    emitPutJITStubArg(regT2, 2); // argCount
    9491}
    9592
     
    453450
    454451    // ecx holds func
    455     emitPutJITStubArg(regT0, 1);
    456     emitPutJITStubArgConstant(argCount, 3);
    457     emitPutJITStubArgConstant(registerOffset, 2);
     452    emitPutJITStubArg(regT0, 0);
     453    emitPutJITStubArgConstant(argCount, 2);
     454    emitPutJITStubArgConstant(registerOffset, 1);
    458455}
    459456         
     
    463460   
    464461    // ecx holds func
    465     emitPutJITStubArg(regT0, 1);
    466     emitPutJITStubArg(regT1, 3);
     462    emitPutJITStubArg(regT0, 0);
     463    emitPutJITStubArg(regT1, 2);
    467464    addPtr(Imm32(registerOffset), regT1, regT2);
    468     emitPutJITStubArg(regT2, 2);
     465    emitPutJITStubArg(regT2, 1);
    469466}
    470467
     
    477474
    478475    // ecx holds func
    479     emitPutJITStubArg(regT0, 1);
    480     emitPutJITStubArgConstant(registerOffset, 2);
    481     emitPutJITStubArgConstant(argCount, 3);
    482     emitPutJITStubArgFromVirtualRegister(proto, 4, regT2);
    483     emitPutJITStubArgConstant(thisRegister, 5);
     476    emitPutJITStubArg(regT0, 0);
     477    emitPutJITStubArgConstant(registerOffset, 1);
     478    emitPutJITStubArgConstant(argCount, 2);
     479    emitPutJITStubArgFromVirtualRegister(proto, 3, regT2);
     480    emitPutJITStubArgConstant(thisRegister, 4);
    484481}
    485482
     
    636633        int thisRegister = instruction[6].u.operand;
    637634
    638         emitPutJITStubArg(regT0, 1);
    639         emitPutJITStubArgFromVirtualRegister(proto, 4, regT2);
     635        emitPutJITStubArg(regT0, 0);
     636        emitPutJITStubArgFromVirtualRegister(proto, 3, regT2);
    640637        JITStubCall stubCall(this, cti_op_construct_JSConstruct);
    641638        stubCall.call(thisRegister);

  • trunk/JavaScriptCore/jit/JITInlineMethods.h

    r47530 r47614  
    3838ALWAYS_INLINE void JIT::emitPutJITStubArg(RegisterID src, unsigned argumentNumber)
    3939{
    40     poke(src, argumentNumber);
     40    unsigned argumentStackOffset = (argumentNumber * (sizeof(JSValue) / sizeof(void*))) + 1;
     41    poke(src, argumentStackOffset);
    4142}
    4243
     
    4546ALWAYS_INLINE void JIT::emitPutJITStubArgConstant(unsigned value, unsigned argumentNumber)
    4647{
    47     poke(Imm32(value), argumentNumber);
     48    unsigned argumentStackOffset = (argumentNumber * (sizeof(JSValue) / sizeof(void*))) + 1;
     49    poke(Imm32(value), argumentStackOffset);
    4850}
    4951
     
    5254ALWAYS_INLINE void JIT::emitPutJITStubArgConstant(void* value, unsigned argumentNumber)
    5355{
    54     poke(ImmPtr(value), argumentNumber);
     56    unsigned argumentStackOffset = (argumentNumber * (sizeof(JSValue) / sizeof(void*))) + 1;
     57    poke(ImmPtr(value), argumentStackOffset);
    5558}
    5659
     
    5962ALWAYS_INLINE void JIT::emitGetJITStubArg(unsigned argumentNumber, RegisterID dst)
    6063{
    61     peek(dst, argumentNumber);
     64    unsigned argumentStackOffset = (argumentNumber * (sizeof(JSValue) / sizeof(void*))) + 1;
     65    peek(dst, argumentStackOffset);
    6266}
    6367
     
    583587/* Deprecated: Please use JITStubCall instead. */
    584588
     589ALWAYS_INLINE void JIT::emitPutJITStubArg(RegisterID tag, RegisterID payload, unsigned argumentNumber)
     590{
     591    unsigned argumentStackOffset = (argumentNumber * (sizeof(JSValue) / sizeof(void*))) + 1;
     592    poke(payload, argumentStackOffset);
     593    poke(tag, argumentStackOffset + 1);
     594}
     595
     596/* Deprecated: Please use JITStubCall instead. */
     597
    585598ALWAYS_INLINE void JIT::emitPutJITStubArgFromVirtualRegister(unsigned src, unsigned argumentNumber, RegisterID scratch1, RegisterID scratch2)
    586599{
     600    unsigned argumentStackOffset = (argumentNumber * (sizeof(JSValue) / sizeof(void*))) + 1;
    587601    if (m_codeBlock->isConstantRegisterIndex(src)) {
    588602        JSValue constant = m_codeBlock->getConstant(src);
    589         poke(Imm32(constant.payload()), argumentNumber);
    590         poke(Imm32(constant.tag()), argumentNumber + 1);
     603        poke(Imm32(constant.payload()), argumentStackOffset);
     604        poke(Imm32(constant.tag()), argumentStackOffset + 1);
    591605    } else {
    592606        emitLoad(src, scratch1, scratch2);
    593         poke(scratch2, argumentNumber);
    594         poke(scratch1, argumentNumber + 1);
     607        poke(scratch2, argumentStackOffset);
     608        poke(scratch1, argumentStackOffset + 1);
    595609    }
    596610}
     
    813827ALWAYS_INLINE void JIT::emitPutJITStubArgFromVirtualRegister(unsigned src, unsigned argumentNumber, RegisterID scratch)
    814828{
     829    unsigned argumentStackOffset = (argumentNumber * (sizeof(JSValue) / sizeof(void*))) + 1;
    815830    if (m_codeBlock->isConstantRegisterIndex(src)) {
    816831        JSValue value = m_codeBlock->getConstant(src);
    817         emitPutJITStubArgConstant(JSValue::encode(value), argumentNumber);
     832        poke(ImmPtr(JSValue::encode(value)), argumentStackOffset);
    818833    } else {
    819834        loadPtr(Address(callFrameRegister, src * sizeof(Register)), scratch);
    820         emitPutJITStubArg(scratch, argumentNumber);
     835        poke(scratch, argumentStackOffset);
    821836    }
    822837

  • trunk/JavaScriptCore/jit/JITOpcodes.cpp

    r47597 r47614  
    7777    Call callJSFunction2 = call();
    7878    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
    79     emitGetJITStubArg(5, regT1); // argCount
     79    emitGetJITStubArg(2, regT1); // argCount
    8080    restoreReturnAddressBeforeReturn(regT3);
    8181    hasCodeBlock2.link(this);
     
    8484    Jump arityCheckOkay2 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), regT1);
    8585    preserveReturnAddressAfterCall(regT3);
    86     emitPutJITStubArg(regT3, 3); // return address
     86    emitPutJITStubArg(regT3, 1); // return address
    8787    restoreArgumentReference();
    8888    Call callArityCheck2 = call();
    8989    move(regT1, callFrameRegister);
    90     emitGetJITStubArg(5, regT1); // argCount
     90    emitGetJITStubArg(2, regT1); // argCount
    9191    restoreReturnAddressBeforeReturn(regT3);
    9292    arityCheckOkay2.link(this);
     
    9797
    9898    preserveReturnAddressAfterCall(regT3);
    99     emitPutJITStubArg(regT3, 3); // return address
     99    emitPutJITStubArg(regT3, 1); // return address
    100100    restoreArgumentReference();
    101101    Call callLazyLinkCall = call();
     
    115115    restoreArgumentReference();
    116116    Call callJSFunction1 = call();
    117     emitGetJITStubArg(5, regT1); // argCount
     117    emitGetJITStubArg(2, regT1); // argCount
    118118    restoreReturnAddressBeforeReturn(regT3);
    119119    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
     
    123123    Jump arityCheckOkay3 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), regT1);
    124124    preserveReturnAddressAfterCall(regT3);
    125     emitPutJITStubArg(regT3, 3); // return address
     125    emitPutJITStubArg(regT3, 1); // return address
    126126    restoreArgumentReference();
    127127    Call callArityCheck1 = call();
    128128    move(regT1, callFrameRegister);
    129     emitGetJITStubArg(5, regT1); // argCount
     129    emitGetJITStubArg(2, regT1); // argCount
    130130    restoreReturnAddressBeforeReturn(regT3);
    131131    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
     
    14841484    Call callJSFunction2 = call();
    14851485    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
    1486     emitGetJITStubArg(3, regT1); // argCount
     1486    emitGetJITStubArg(2, regT1); // argCount
    14871487    restoreReturnAddressBeforeReturn(regT3);
    14881488    hasCodeBlock2.link(this);
     
    14911491    Jump arityCheckOkay2 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), regT1);
    14921492    preserveReturnAddressAfterCall(regT3);
    1493     emitPutJITStubArg(regT3, 2); // return address
     1493    emitPutJITStubArg(regT3, 1); // return address
    14941494    restoreArgumentReference();
    14951495    Call callArityCheck2 = call();
    14961496    move(regT1, callFrameRegister);
    1497     emitGetJITStubArg(3, regT1); // argCount
     1497    emitGetJITStubArg(2, regT1); // argCount
    14981498    restoreReturnAddressBeforeReturn(regT3);
    14991499    arityCheckOkay2.link(this);
     
    15031503    compileOpCallInitializeCallFrame();
    15041504    preserveReturnAddressAfterCall(regT3);
    1505     emitPutJITStubArg(regT3, 2); // return address
     1505    emitPutJITStubArg(regT3, 1); // return address
    15061506    restoreArgumentReference();
    15071507    Call callLazyLinkCall = call();
     
    15201520    restoreArgumentReference();
    15211521    Call callJSFunction1 = call();
    1522     emitGetJITStubArg(3, regT1); // argCount
     1522    emitGetJITStubArg(2, regT1); // argCount
    15231523    restoreReturnAddressBeforeReturn(regT3);
    15241524    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
     
    15281528    Jump arityCheckOkay3 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), regT1);
    15291529    preserveReturnAddressAfterCall(regT3);
    1530     emitPutJITStubArg(regT3, 2); // return address
     1530    emitPutJITStubArg(regT3, 1); // return address
    15311531    restoreArgumentReference();
    15321532    Call callArityCheck1 = call();
    15331533    move(regT1, callFrameRegister);
    1534     emitGetJITStubArg(3, regT1); // argCount
     1534    emitGetJITStubArg(2, regT1); // argCount
    15351535    restoreReturnAddressBeforeReturn(regT3);
    15361536    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);

  • trunk/JavaScriptCore/jit/JITPropertyAccess.cpp

    r47186 r47614  
    14041404        stubCall.addArgument(Imm32(newStructure->propertyStorageCapacity()));
    14051405        stubCall.call(regT0);
    1406         emitGetJITStubArg(3, regT1);
     1406        emitGetJITStubArg(2, regT1);
    14071407
    14081408        restoreReturnAddressBeforeReturn(regT3);
Note: See TracChangeset for help on using the changeset viewer.