[webkit-changes] [WebKit/WebKit] 5e8bdf: [JSC] Fix op_tail_call_varargs / op_tail_call_forw...
Yusuke Suzuki
noreply at github.com
Wed Jan 10 21:30:42 PST 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 5e8bdf2420682e4bf447143eea69f64787c33683
https://github.com/WebKit/WebKit/commit/5e8bdf2420682e4bf447143eea69f64787c33683
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2024-01-10 (Wed, 10 Jan 2024)
Changed paths:
M Source/JavaScriptCore/bytecode/CallLinkInfo.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
M Source/JavaScriptCore/jit/AssemblyHelpers.h
M Source/JavaScriptCore/jit/CCallHelpers.h
M Source/JavaScriptCore/jit/JITCall.cpp
M Source/JavaScriptCore/jit/ThunkGenerators.cpp
Log Message:
-----------
[JSC] Fix op_tail_call_varargs / op_tail_call_forward_arguments for new polymorphic DataIC
https://bugs.webkit.org/show_bug.cgi?id=267364
rdar://120803763
Reviewed by Michael Saboff.
We should preserve regT0 (and regT1 for 32bit environment) after tail calls fast path since
polymorphic DataIC thunk will look into it. This happens only in baseline JIT's op_tail_call_varargs / op_tail_call_forward_arguments.
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* Source/JavaScriptCore/jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::selectScratchGPR):
* Source/JavaScriptCore/jit/CCallHelpers.h:
(JSC::CCallHelpers::prepareForTailCallSlow):
* Source/JavaScriptCore/jit/JITCall.cpp:
(JSC::JIT::compileOpCall):
* Source/JavaScriptCore/jit/ThunkGenerators.cpp:
(JSC::slowPathFor):
(JSC::virtualThunkFor):
Canonical link: https://commits.webkit.org/272886@main
More information about the webkit-changes
mailing list