Ignore:
Timestamp:
Aug 20, 2009, 7:57:10 PM (16 years ago)
Author:
[email protected]
Message:

Numbering of arguments to emitGetJITStubArg/emitPutJITStubArg incorrect
https://bugs.webkit.org/show_bug.cgi?id=28513

Reviewed by Oliver Hunt.

The argumentNumber argument to emitGetJITStubArg/emitPutJITStubArg should match
the argument number used within the stub functions in JITStubs.cpp, but it doesn't.

Firstly, all the numbers changed when we added a void* 'reserved' as the first slot
(rather than leaving argument 0 unused), and secondly in 32_64 builds the index to
peek/poke needs to be multiplies by 2 (since the argument to peek/poke is a number
of machine words, and on 32_64 build the argument slots to stub functions are two
words wide).

  • jit/JIT.h:
  • jit/JITCall.cpp:

(JSC::JIT::compileOpCallSetupArgs):
(JSC::JIT::compileOpConstructSetupArgs):
(JSC::JIT::compileOpCallVarargsSetupArgs):
(JSC::JIT::compileOpCall):

  • jit/JITInlineMethods.h:

(JSC::JIT::emitPutJITStubArg):
(JSC::JIT::emitPutJITStubArgConstant):
(JSC::JIT::emitGetJITStubArg):
(JSC::JIT::emitPutJITStubArgFromVirtualRegister):

  • jit/JITOpcodes.cpp:

(JSC::JIT::privateCompileCTIMachineTrampolines):

  • jit/JITPropertyAccess.cpp:

(JSC::JIT::privateCompilePutByIdTransition):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/jit/JITOpcodes.cpp

    r47597 r47614  
    7777    Call callJSFunction2 = call();
    7878    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
    79     emitGetJITStubArg(5, regT1); // argCount
     79    emitGetJITStubArg(2, regT1); // argCount
    8080    restoreReturnAddressBeforeReturn(regT3);
    8181    hasCodeBlock2.link(this);
     
    8484    Jump arityCheckOkay2 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), regT1);
    8585    preserveReturnAddressAfterCall(regT3);
    86     emitPutJITStubArg(regT3, 3); // return address
     86    emitPutJITStubArg(regT3, 1); // return address
    8787    restoreArgumentReference();
    8888    Call callArityCheck2 = call();
    8989    move(regT1, callFrameRegister);
    90     emitGetJITStubArg(5, regT1); // argCount
     90    emitGetJITStubArg(2, regT1); // argCount
    9191    restoreReturnAddressBeforeReturn(regT3);
    9292    arityCheckOkay2.link(this);
     
    9797
    9898    preserveReturnAddressAfterCall(regT3);
    99     emitPutJITStubArg(regT3, 3); // return address
     99    emitPutJITStubArg(regT3, 1); // return address
    100100    restoreArgumentReference();
    101101    Call callLazyLinkCall = call();
     
    115115    restoreArgumentReference();
    116116    Call callJSFunction1 = call();
    117     emitGetJITStubArg(5, regT1); // argCount
     117    emitGetJITStubArg(2, regT1); // argCount
    118118    restoreReturnAddressBeforeReturn(regT3);
    119119    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
     
    123123    Jump arityCheckOkay3 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), regT1);
    124124    preserveReturnAddressAfterCall(regT3);
    125     emitPutJITStubArg(regT3, 3); // return address
     125    emitPutJITStubArg(regT3, 1); // return address
    126126    restoreArgumentReference();
    127127    Call callArityCheck1 = call();
    128128    move(regT1, callFrameRegister);
    129     emitGetJITStubArg(5, regT1); // argCount
     129    emitGetJITStubArg(2, regT1); // argCount
    130130    restoreReturnAddressBeforeReturn(regT3);
    131131    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
     
    14841484    Call callJSFunction2 = call();
    14851485    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
    1486     emitGetJITStubArg(3, regT1); // argCount
     1486    emitGetJITStubArg(2, regT1); // argCount
    14871487    restoreReturnAddressBeforeReturn(regT3);
    14881488    hasCodeBlock2.link(this);
     
    14911491    Jump arityCheckOkay2 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), regT1);
    14921492    preserveReturnAddressAfterCall(regT3);
    1493     emitPutJITStubArg(regT3, 2); // return address
     1493    emitPutJITStubArg(regT3, 1); // return address
    14941494    restoreArgumentReference();
    14951495    Call callArityCheck2 = call();
    14961496    move(regT1, callFrameRegister);
    1497     emitGetJITStubArg(3, regT1); // argCount
     1497    emitGetJITStubArg(2, regT1); // argCount
    14981498    restoreReturnAddressBeforeReturn(regT3);
    14991499    arityCheckOkay2.link(this);
     
    15031503    compileOpCallInitializeCallFrame();
    15041504    preserveReturnAddressAfterCall(regT3);
    1505     emitPutJITStubArg(regT3, 2); // return address
     1505    emitPutJITStubArg(regT3, 1); // return address
    15061506    restoreArgumentReference();
    15071507    Call callLazyLinkCall = call();
     
    15201520    restoreArgumentReference();
    15211521    Call callJSFunction1 = call();
    1522     emitGetJITStubArg(3, regT1); // argCount
     1522    emitGetJITStubArg(2, regT1); // argCount
    15231523    restoreReturnAddressBeforeReturn(regT3);
    15241524    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
     
    15281528    Jump arityCheckOkay3 = branch32(Equal, Address(regT2, OBJECT_OFFSETOF(FunctionExecutable, m_numParameters)), regT1);
    15291529    preserveReturnAddressAfterCall(regT3);
    1530     emitPutJITStubArg(regT3, 2); // return address
     1530    emitPutJITStubArg(regT3, 1); // return address
    15311531    restoreArgumentReference();
    15321532    Call callArityCheck1 = call();
    15331533    move(regT1, callFrameRegister);
    1534     emitGetJITStubArg(3, regT1); // argCount
     1534    emitGetJITStubArg(2, regT1); // argCount
    15351535    restoreReturnAddressBeforeReturn(regT3);
    15361536    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_executable)), regT2);
Note: See TracChangeset for help on using the changeset viewer.