<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[160936] branches/jsCStack/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/160936">160936</a></dd>
<dt>Author</dt> <dd>fpizlo@apple.com</dd>
<dt>Date</dt> <dd>2013-12-20 15:38:06 -0800 (Fri, 20 Dec 2013)</dd>
</dl>
<h3>Log Message</h3>
<pre>Arity check slow path should ensure that when we return, we restore SP back to what the caller expects
https://bugs.webkit.org/show_bug.cgi?id=126043
Not yet reviewed.
Implements proper stack restoration after return from a function that failed arity
check.
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileFunction):
* ftl/FTLLink.cpp:
(JSC::FTL::link):
* ftl/FTLOSRExit.h:
* ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileStub):
* jit/ArityCheckFailReturnThunks.cpp: Added.
(JSC::ArityCheckFailReturnThunks::ArityCheckFailReturnThunks):
(JSC::ArityCheckFailReturnThunks::~ArityCheckFailReturnThunks):
(JSC::ArityCheckFailReturnThunks::returnPCsFor):
(JSC::ArityCheckFailReturnThunks::returnPCFor):
* jit/ArityCheckFailReturnThunks.h: Added.
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
* jit/JITCode.cpp:
(JSC::DirectJITCode::addressForCall):
* jit/RegisterPreservationWrapperGenerator.cpp:
(JSC::generateRegisterPreservationWrapper):
(JSC::generateRegisterRestoration):
(JSC::registerRestorationThunkGenerator):
* jit/RegisterPreservationWrapperGenerator.h:
* jit/ThunkGenerators.cpp:
(JSC::arityFixup):
* llint/LLIntOffsetsExtractor.cpp:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* offlineasm/x86.rb:
* runtime/CommonSlowPaths.cpp:
(JSC::setupArityCheckData):
(JSC::SLOW_PATH_DECL):
* runtime/CommonSlowPaths.h:
(JSC::CommonSlowPaths::arityCheckFor):
* runtime/StackAlignment.h:
(JSC::logStackAlignmentRegisters):
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branchesjsCStackSourceJavaScriptCoreChangeLog">branches/jsCStack/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj">branches/jsCStack/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoredfgDFGJITCompilercpp">branches/jsCStack/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoreftlFTLLinkcpp">branches/jsCStack/Source/JavaScriptCore/ftl/FTLLink.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoreftlFTLOSRExith">branches/jsCStack/Source/JavaScriptCore/ftl/FTLOSRExit.h</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoreftlFTLOSRExitCompilercpp">branches/jsCStack/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCorejitJITcpp">branches/jsCStack/Source/JavaScriptCore/jit/JIT.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCorejitJITCodecpp">branches/jsCStack/Source/JavaScriptCore/jit/JITCode.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCorejitRegisterPreservationWrapperGeneratorcpp">branches/jsCStack/Source/JavaScriptCore/jit/RegisterPreservationWrapperGenerator.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCorejitRegisterPreservationWrapperGeneratorh">branches/jsCStack/Source/JavaScriptCore/jit/RegisterPreservationWrapperGenerator.h</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCorejitThunkGeneratorscpp">branches/jsCStack/Source/JavaScriptCore/jit/ThunkGenerators.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCorellintLLIntOffsetsExtractorcpp">branches/jsCStack/Source/JavaScriptCore/llint/LLIntOffsetsExtractor.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCorellintLLIntSlowPathscpp">branches/jsCStack/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCorellintLowLevelInterpreterasm">branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter.asm</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCorellintLowLevelInterpreter32_64asm">branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCorellintLowLevelInterpreter64asm">branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoreofflineasmx86rb">branches/jsCStack/Source/JavaScriptCore/offlineasm/x86.rb</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoreruntimeCommonSlowPathscpp">branches/jsCStack/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoreruntimeCommonSlowPathsh">branches/jsCStack/Source/JavaScriptCore/runtime/CommonSlowPaths.h</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoreruntimeStackAlignmenth">branches/jsCStack/Source/JavaScriptCore/runtime/StackAlignment.h</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoreruntimeVMcpp">branches/jsCStack/Source/JavaScriptCore/runtime/VM.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoreruntimeVMh">branches/jsCStack/Source/JavaScriptCore/runtime/VM.h</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#branchesjsCStackSourceJavaScriptCorejitArityCheckFailReturnThunkscpp">branches/jsCStack/Source/JavaScriptCore/jit/ArityCheckFailReturnThunks.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCorejitArityCheckFailReturnThunksh">branches/jsCStack/Source/JavaScriptCore/jit/ArityCheckFailReturnThunks.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchesjsCStackSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/ChangeLog (160935 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/ChangeLog 2013-12-20 23:30:20 UTC (rev 160935)
+++ branches/jsCStack/Source/JavaScriptCore/ChangeLog 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -1,3 +1,56 @@
</span><ins>+2013-12-20 Filip Pizlo <fpizlo@apple.com>
+
+ Arity check slow path should ensure that when we return, we restore SP back to what the caller expects
+ https://bugs.webkit.org/show_bug.cgi?id=126043
+
+ Not yet reviewed.
+
+ Implements proper stack restoration after return from a function that failed arity
+ check.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * ftl/FTLLink.cpp:
+ (JSC::FTL::link):
+ * ftl/FTLOSRExit.h:
+ * ftl/FTLOSRExitCompiler.cpp:
+ (JSC::FTL::compileStub):
+ * jit/ArityCheckFailReturnThunks.cpp: Added.
+ (JSC::ArityCheckFailReturnThunks::ArityCheckFailReturnThunks):
+ (JSC::ArityCheckFailReturnThunks::~ArityCheckFailReturnThunks):
+ (JSC::ArityCheckFailReturnThunks::returnPCsFor):
+ (JSC::ArityCheckFailReturnThunks::returnPCFor):
+ * jit/ArityCheckFailReturnThunks.h: Added.
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JITCode.cpp:
+ (JSC::DirectJITCode::addressForCall):
+ * jit/RegisterPreservationWrapperGenerator.cpp:
+ (JSC::generateRegisterPreservationWrapper):
+ (JSC::generateRegisterRestoration):
+ (JSC::registerRestorationThunkGenerator):
+ * jit/RegisterPreservationWrapperGenerator.h:
+ * jit/ThunkGenerators.cpp:
+ (JSC::arityFixup):
+ * llint/LLIntOffsetsExtractor.cpp:
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ * llint/LowLevelInterpreter.asm:
+ * llint/LowLevelInterpreter32_64.asm:
+ * llint/LowLevelInterpreter64.asm:
+ * offlineasm/x86.rb:
+ * runtime/CommonSlowPaths.cpp:
+ (JSC::setupArityCheckData):
+ (JSC::SLOW_PATH_DECL):
+ * runtime/CommonSlowPaths.h:
+ (JSC::CommonSlowPaths::arityCheckFor):
+ * runtime/StackAlignment.h:
+ (JSC::logStackAlignmentRegisters):
+ * runtime/VM.cpp:
+ (JSC::VM::VM):
+ * runtime/VM.h:
+
</ins><span class="cx"> 2013-12-20 Mark Lam <mark.lam@apple.com>
</span><span class="cx">
</span><span class="cx"> Fix broken non-FTL build.
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (160935 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2013-12-20 23:30:20 UTC (rev 160935)
+++ branches/jsCStack/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -277,6 +277,8 @@
</span><span class="cx"> 0F6B1CC41862C47800845D97 /* FTLRegisterAtOffset.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F6B1CC01862C47800845D97 /* FTLRegisterAtOffset.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F6B1CC51862C47800845D97 /* FTLUnwindInfo.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F6B1CC11862C47800845D97 /* FTLUnwindInfo.cpp */; };
</span><span class="cx"> 0F6B1CC61862C47800845D97 /* FTLUnwindInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F6B1CC21862C47800845D97 /* FTLUnwindInfo.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><ins>+ 0F6B1CC918641DF800845D97 /* ArityCheckFailReturnThunks.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F6B1CC718641DF800845D97 /* ArityCheckFailReturnThunks.cpp */; };
+ 0F6B1CCA18641DF800845D97 /* ArityCheckFailReturnThunks.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F6B1CC818641DF800845D97 /* ArityCheckFailReturnThunks.h */; settings = {ATTRIBUTES = (Private, ); }; };
</ins><span class="cx"> 0F7025A91714B0FA00382C0E /* DFGOSRExitCompilerCommon.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F7025A71714B0F800382C0E /* DFGOSRExitCompilerCommon.cpp */; };
</span><span class="cx"> 0F7025AA1714B0FC00382C0E /* DFGOSRExitCompilerCommon.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F7025A81714B0F800382C0E /* DFGOSRExitCompilerCommon.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F714CA416EA92F000F3EBEB /* DFGBackwardsPropagationPhase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F714CA116EA92ED00F3EBEB /* DFGBackwardsPropagationPhase.cpp */; };
</span><span class="lines">@@ -1599,6 +1601,8 @@
</span><span class="cx"> 0F6B1CC01862C47800845D97 /* FTLRegisterAtOffset.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLRegisterAtOffset.h; path = ftl/FTLRegisterAtOffset.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F6B1CC11862C47800845D97 /* FTLUnwindInfo.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLUnwindInfo.cpp; path = ftl/FTLUnwindInfo.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0F6B1CC21862C47800845D97 /* FTLUnwindInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLUnwindInfo.h; path = ftl/FTLUnwindInfo.h; sourceTree = "<group>"; };
</span><ins>+ 0F6B1CC718641DF800845D97 /* ArityCheckFailReturnThunks.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ArityCheckFailReturnThunks.cpp; sourceTree = "<group>"; };
+ 0F6B1CC818641DF800845D97 /* ArityCheckFailReturnThunks.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ArityCheckFailReturnThunks.h; sourceTree = "<group>"; };
</ins><span class="cx"> 0F7025A71714B0F800382C0E /* DFGOSRExitCompilerCommon.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGOSRExitCompilerCommon.cpp; path = dfg/DFGOSRExitCompilerCommon.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0F7025A81714B0F800382C0E /* DFGOSRExitCompilerCommon.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGOSRExitCompilerCommon.h; path = dfg/DFGOSRExitCompilerCommon.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F714CA116EA92ED00F3EBEB /* DFGBackwardsPropagationPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGBackwardsPropagationPhase.cpp; path = dfg/DFGBackwardsPropagationPhase.cpp; sourceTree = "<group>"; };
</span><span class="lines">@@ -3005,6 +3009,8 @@
</span><span class="cx"> 1429D92C0ED22D7000B89619 /* jit */ = {
</span><span class="cx"> isa = PBXGroup;
</span><span class="cx"> children = (
</span><ins>+ 0F6B1CC718641DF800845D97 /* ArityCheckFailReturnThunks.cpp */,
+ 0F6B1CC818641DF800845D97 /* ArityCheckFailReturnThunks.h */,
</ins><span class="cx"> 0F24E53B17EA9F5900ABB217 /* AssemblyHelpers.cpp */,
</span><span class="cx"> 0F24E53C17EA9F5900ABB217 /* AssemblyHelpers.h */,
</span><span class="cx"> 0F24E53D17EA9F5900ABB217 /* CCallHelpers.h */,
</span><span class="lines">@@ -4979,6 +4985,7 @@
</span><span class="cx"> 9688CB160ED12B4E001D649F /* X86Assembler.h in Headers */,
</span><span class="cx"> 451539B912DC994500EF7AC4 /* Yarr.h in Headers */,
</span><span class="cx"> 0F666ECD1836B37E00D017F1 /* DFGResurrectionForValidationPhase.h in Headers */,
</span><ins>+ 0F6B1CCA18641DF800845D97 /* ArityCheckFailReturnThunks.h in Headers */,
</ins><span class="cx"> 86704B8512DBA33700A9FE7B /* YarrInterpreter.h in Headers */,
</span><span class="cx"> 86704B8712DBA33700A9FE7B /* YarrJIT.h in Headers */,
</span><span class="cx"> 86704B8812DBA33700A9FE7B /* YarrParser.h in Headers */,
</span><span class="lines">@@ -5805,6 +5812,7 @@
</span><span class="cx"> 0F8F2B9E17306C8D007DBDA5 /* SourceCode.cpp in Sources */,
</span><span class="cx"> 0F493AFA16D0CAD30084508B /* SourceProvider.cpp in Sources */,
</span><span class="cx"> E49DC16B12EF293E00184A1F /* SourceProviderCache.cpp in Sources */,
</span><ins>+ 0F6B1CC918641DF800845D97 /* ArityCheckFailReturnThunks.cpp in Sources */,
</ins><span class="cx"> 0F0CD4C415F6B6BB0032F1C0 /* SparseArrayValueMap.cpp in Sources */,
</span><span class="cx"> 0F5541B11613C1FB00CE3E25 /* SpecialPointer.cpp in Sources */,
</span><span class="cx"> 0FD82E86141F3FF100179C94 /* SpeculatedType.cpp in Sources */,
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoredfgDFGJITCompilercpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp (160935 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp 2013-12-20 23:30:20 UTC (rev 160935)
+++ branches/jsCStack/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -28,6 +28,7 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(DFG_JIT)
</span><span class="cx">
</span><ins>+#include "ArityCheckFailReturnThunks.h"
</ins><span class="cx"> #include "CodeBlock.h"
</span><span class="cx"> #include "DFGFailedFinalizer.h"
</span><span class="cx"> #include "DFGInlineCacheWrapperInlines.h"
</span><span class="lines">@@ -368,6 +369,8 @@
</span><span class="cx"> m_speculative->callOperationWithCallFrameRollbackOnException(m_codeBlock->m_isConstructor ? operationConstructArityCheck : operationCallArityCheck, GPRInfo::regT0);
</span><span class="cx"> branchTest32(Zero, GPRInfo::regT0).linkTo(fromArityCheck, this);
</span><span class="cx"> emitStoreCodeOrigin(CodeOrigin(0));
</span><ins>+ move(TrustedImmPtr(m_vm->arityCheckFailReturnThunks->returnPCsFor(*m_vm, m_codeBlock->numParameters())), GPRInfo::regT5);
+ loadPtr(BaseIndex(GPRInfo::regT5, GPRInfo::regT0, timesPtr()), GPRInfo::regT5);
</ins><span class="cx"> m_callArityFixup = call();
</span><span class="cx"> jump(fromArityCheck);
</span><span class="cx">
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoreftlFTLLinkcpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/ftl/FTLLink.cpp (160935 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/ftl/FTLLink.cpp 2013-12-20 23:30:20 UTC (rev 160935)
+++ branches/jsCStack/Source/JavaScriptCore/ftl/FTLLink.cpp 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -28,6 +28,7 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(FTL_JIT)
</span><span class="cx">
</span><ins>+#include "ArityCheckFailReturnThunks.h"
</ins><span class="cx"> #include "CCallHelpers.h"
</span><span class="cx"> #include "CallFrameInlines.h"
</span><span class="cx"> #include "CodeBlockWithJITType.h"
</span><span class="lines">@@ -46,6 +47,7 @@
</span><span class="cx"> void link(State& state)
</span><span class="cx"> {
</span><span class="cx"> CodeBlock* codeBlock = state.graph.m_codeBlock;
</span><ins>+ VM& vm = state.graph.m_vm;
</ins><span class="cx">
</span><span class="cx"> // LLVM will create its own jump tables as needed.
</span><span class="cx"> codeBlock->clearSwitchJumpTables();
</span><span class="lines">@@ -61,7 +63,7 @@
</span><span class="cx">
</span><span class="cx"> // Create the entrypoint. Note that we use this entrypoint totally differently
</span><span class="cx"> // depending on whether we're doing OSR entry or not.
</span><del>- CCallHelpers jit(&state.graph.m_vm, codeBlock);
</del><ins>+ CCallHelpers jit(&vm, codeBlock);
</ins><span class="cx">
</span><span class="cx"> OwnPtr<LinkBuffer> linkBuffer;
</span><span class="cx"> CCallHelpers::Label arityCheck;
</span><span class="lines">@@ -84,27 +86,29 @@
</span><span class="cx"> jit.store32(
</span><span class="cx"> CCallHelpers::TrustedImm32(CallFrame::Location::encodeAsBytecodeOffset(0)),
</span><span class="cx"> CCallHelpers::tagFor(JSStack::ArgumentCount));
</span><del>- jit.storePtr(GPRInfo::callFrameRegister, &state.graph.m_vm.topCallFrame);
</del><ins>+ jit.storePtr(GPRInfo::callFrameRegister, &vm.topCallFrame);
</ins><span class="cx"> CCallHelpers::Call callArityCheck = jit.call();
</span><span class="cx"> #if !ASSERT_DISABLED
</span><span class="cx"> // FIXME: need to make this call register with exception handling somehow. This is
</span><span class="cx"> // part of a bigger problem: FTL should be able to handle exceptions.
</span><span class="cx"> // https://bugs.webkit.org/show_bug.cgi?id=113622
</span><span class="cx"> // Until then, use a JIT ASSERT.
</span><del>- jit.load64(state.graph.m_vm.addressOfException(), GPRInfo::regT1);
</del><ins>+ jit.load64(vm.addressOfException(), GPRInfo::regT1);
</ins><span class="cx"> jit.jitAssertIsNull(GPRInfo::regT1);
</span><span class="cx"> #endif
</span><span class="cx"> jit.move(GPRInfo::returnValueGPR, GPRInfo::regT0);
</span><span class="cx"> jit.emitFunctionEpilogue();
</span><span class="cx"> mainPathJumps.append(jit.branchTest32(CCallHelpers::Zero, GPRInfo::regT0));
</span><span class="cx"> jit.emitFunctionPrologue();
</span><ins>+ jit.move(CCallHelpers::TrustedImmPtr(vm.arityCheckFailReturnThunks->returnPCsFor(vm, codeBlock->numParameters())), GPRInfo::regT5);
+ jit.loadPtr(CCallHelpers::BaseIndex(GPRInfo::regT5, GPRInfo::regT0, CCallHelpers::timesPtr()), GPRInfo::regT5);
</ins><span class="cx"> CCallHelpers::Call callArityFixup = jit.call();
</span><span class="cx"> jit.emitFunctionEpilogue();
</span><span class="cx"> mainPathJumps.append(jit.jump());
</span><span class="cx">
</span><del>- linkBuffer = adoptPtr(new LinkBuffer(state.graph.m_vm, &jit, codeBlock, JITCompilationMustSucceed));
</del><ins>+ linkBuffer = adoptPtr(new LinkBuffer(vm, &jit, codeBlock, JITCompilationMustSucceed));
</ins><span class="cx"> linkBuffer->link(callArityCheck, codeBlock->m_isConstructor ? operationConstructArityCheck : operationCallArityCheck);
</span><del>- linkBuffer->link(callArityFixup, FunctionPtr((state.graph.m_vm.getCTIStub(arityFixup)).code().executableAddress()));
</del><ins>+ linkBuffer->link(callArityFixup, FunctionPtr((vm.getCTIStub(arityFixup)).code().executableAddress()));
</ins><span class="cx"> linkBuffer->link(mainPathJumps, CodeLocationLabel(bitwise_cast<void*>(state.generatedFunction)));
</span><span class="cx">
</span><span class="cx"> state.jitCode->initializeAddressForCall(MacroAssemblerCodePtr(bitwise_cast<void*>(state.generatedFunction)));
</span><span class="lines">@@ -120,8 +124,7 @@
</span><span class="cx"> jit.emitFunctionEpilogue();
</span><span class="cx"> CCallHelpers::Jump mainPathJump = jit.jump();
</span><span class="cx">
</span><del>- linkBuffer = adoptPtr(new LinkBuffer(
- state.graph.m_vm, &jit, codeBlock, JITCompilationMustSucceed));
</del><ins>+ linkBuffer = adoptPtr(new LinkBuffer(vm, &jit, codeBlock, JITCompilationMustSucceed));
</ins><span class="cx"> linkBuffer->link(mainPathJump, CodeLocationLabel(bitwise_cast<void*>(state.generatedFunction)));
</span><span class="cx">
</span><span class="cx"> state.jitCode->initializeAddressForCall(linkBuffer->locationOf(start));
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoreftlFTLOSRExith"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/ftl/FTLOSRExit.h (160935 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/ftl/FTLOSRExit.h 2013-12-20 23:30:20 UTC (rev 160935)
+++ branches/jsCStack/Source/JavaScriptCore/ftl/FTLOSRExit.h 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -149,7 +149,6 @@
</span><span class="cx"> unsigned numberOfArguments, unsigned numberOfLocals);
</span><span class="cx">
</span><span class="cx"> MacroAssemblerCodeRef m_code;
</span><del>- RefPtr<JITStubRoutine> m_registerRestoration;
</del><span class="cx">
</span><span class="cx"> // The first argument to the exit call may be a value we wish to profile.
</span><span class="cx"> // If that's the case, the format will be not Invalid and we'll have a
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoreftlFTLOSRExitCompilercpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp (160935 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp 2013-12-20 23:30:20 UTC (rev 160935)
+++ branches/jsCStack/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -46,14 +46,6 @@
</span><span class="cx"> static void compileStub(
</span><span class="cx"> unsigned exitID, JITCode* jitCode, OSRExit& exit, VM* vm, CodeBlock* codeBlock)
</span><span class="cx"> {
</span><del>- // Register restoration is a GC-aware JIT stub routine since we need it to stay alive
- // if it's on the stack but all of our other things (like the FTL::OSRExit) are dead.
- exit.m_registerRestoration = createJITStubRoutine(
- generateRegisterRestoration(
- *vm, codeBlock->ownerExecutable(),
- codeBlock->codeType() == FunctionCode ? MustCheckArity : ArityCheckNotRequired),
- *vm, codeBlock->ownerExecutable(), true);
-
</del><span class="cx"> StackMaps::Record* record;
</span><span class="cx">
</span><span class="cx"> for (unsigned i = jitCode->stackmaps.records.size(); i--;) {
</span><span class="lines">@@ -219,7 +211,7 @@
</span><span class="cx"> jit.loadPtr(MacroAssembler::Address(MacroAssembler::framePointerRegister, CallFrame::returnPCOffset()), GPRInfo::regT0);
</span><span class="cx"> jit.storePtr(GPRInfo::regT0, GPRInfo::regT1);
</span><span class="cx"> jit.storePtr(
</span><del>- MacroAssembler::TrustedImmPtr(exit.m_registerRestoration->code().code().executableAddress()),
</del><ins>+ MacroAssembler::TrustedImmPtr(vm->getCTIStub(registerRestorationThunkGenerator).code().executableAddress()),
</ins><span class="cx"> MacroAssembler::Address(MacroAssembler::framePointerRegister, CallFrame::returnPCOffset()));
</span><span class="cx">
</span><span class="cx"> // Now get state out of the scratch buffer and place it back into the stack. This part does
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCorejitArityCheckFailReturnThunkscpp"></a>
<div class="addfile"><h4>Added: branches/jsCStack/Source/JavaScriptCore/jit/ArityCheckFailReturnThunks.cpp (0 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/jit/ArityCheckFailReturnThunks.cpp (rev 0)
+++ branches/jsCStack/Source/JavaScriptCore/jit/ArityCheckFailReturnThunks.cpp 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -0,0 +1,128 @@
</span><ins>+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "ArityCheckFailReturnThunks.h"
+
+#if ENABLE(JIT)
+
+#include "AssemblyHelpers.h"
+#include "LinkBuffer.h"
+#include "StackAlignment.h"
+
+namespace JSC {
+
+ArityCheckFailReturnThunks::ArityCheckFailReturnThunks()
+ : m_nextSize(0)
+{
+}
+
+ArityCheckFailReturnThunks::~ArityCheckFailReturnThunks() { }
+
+CodeLocationLabel* ArityCheckFailReturnThunks::returnPCsFor(
+ VM& vm, unsigned numExpectedArgumentsIncludingThis)
+{
+ ASSERT(numExpectedArgumentsIncludingThis >= 1);
+
+ numExpectedArgumentsIncludingThis = WTF::roundUpToMultipleOf(
+ stackAlignmentRegisters(), numExpectedArgumentsIncludingThis);
+
+ {
+ ConcurrentJITLocker locker(m_lock);
+ if (numExpectedArgumentsIncludingThis < m_nextSize)
+ return m_returnPCArrays.last().get();
+ }
+
+ ASSERT(!isCompilationThread());
+
+ numExpectedArgumentsIncludingThis = std::max(
+ numExpectedArgumentsIncludingThis,
+ m_nextSize * 2);
+
+ AssemblyHelpers jit(&vm, 0);
+
+ Vector<AssemblyHelpers::Label> labels;
+
+ for (unsigned size = m_nextSize; size <= numExpectedArgumentsIncludingThis; size += stackAlignmentRegisters()) {
+ labels.append(jit.label());
+
+ jit.nearCall();
+ jit.pop(GPRInfo::regT2);
+ jit.load32(
+ AssemblyHelpers::Address(
+ AssemblyHelpers::stackPointerRegister,
+ (JSStack::ArgumentCount - JSStack::CallerFrameAndPCSize) * sizeof(Register) +
+ PayloadOffset),
+ GPRInfo::regT1);
+ jit.add32(
+ AssemblyHelpers::TrustedImm32(
+ JSStack::CallFrameHeaderSize - JSStack::CallerFrameAndPCSize + size - 1),
+ GPRInfo::regT1);
+ jit.lshift32(AssemblyHelpers::TrustedImm32(3), GPRInfo::regT1);
+ jit.addPtr(AssemblyHelpers::stackPointerRegister, GPRInfo::regT1);
+ jit.loadPtr(GPRInfo::regT1, GPRInfo::regT1);
+
+ jit.addPtr(
+ AssemblyHelpers::TrustedImm32(size * sizeof(Register)),
+ AssemblyHelpers::stackPointerRegister);
+
+ jit.jump(GPRInfo::regT1);
+ }
+
+ LinkBuffer linkBuffer(vm, &jit, GLOBAL_THUNK_ID);
+
+ unsigned returnPCsSize = numExpectedArgumentsIncludingThis / stackAlignmentRegisters() + 1;
+ std::unique_ptr<CodeLocationLabel[]> returnPCs =
+ std::make_unique<CodeLocationLabel[]>(returnPCsSize);
+ for (unsigned size = 0; size <= numExpectedArgumentsIncludingThis; size += stackAlignmentRegisters()) {
+ unsigned index = size / stackAlignmentRegisters();
+ RELEASE_ASSERT(index < returnPCsSize);
+ if (size < m_nextSize)
+ returnPCs[index] = m_returnPCArrays.last()[index];
+ else
+ returnPCs[index] = linkBuffer.locationOf(labels[(size - m_nextSize) / stackAlignmentRegisters()]);
+ }
+
+ CodeLocationLabel* result = returnPCs.get();
+
+ {
+ ConcurrentJITLocker locker(m_lock);
+ m_returnPCArrays.append(std::move(returnPCs));
+ m_refs.append(FINALIZE_CODE(linkBuffer, ("Arity check fail return thunks for up to numArgs = %u", numExpectedArgumentsIncludingThis)));
+ m_nextSize = numExpectedArgumentsIncludingThis + stackAlignmentRegisters();
+ }
+
+ return result;
+}
+
+CodeLocationLabel ArityCheckFailReturnThunks::returnPCFor(VM& vm, unsigned slotsToAdd)
+{
+ return returnPCsFor(vm, slotsToAdd)[slotsToAdd / stackAlignmentRegisters()];
+}
+
+} // namespace JSC
+
+#endif // ENABLE(JIT)
+
</ins></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCorejitArityCheckFailReturnThunksh"></a>
<div class="addfile"><h4>Added: branches/jsCStack/Source/JavaScriptCore/jit/ArityCheckFailReturnThunks.h (0 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/jit/ArityCheckFailReturnThunks.h (rev 0)
+++ branches/jsCStack/Source/JavaScriptCore/jit/ArityCheckFailReturnThunks.h 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -0,0 +1,59 @@
</span><ins>+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef ArityCheckFailReturnThunks_h
+#define ArityCheckFailReturnThunks_h
+
+#if ENABLE(JIT)
+
+#include "CodeLocation.h"
+#include "ConcurrentJITLock.h"
+#include <wtf/HashMap.h>
+
+namespace JSC {
+
+class ArityCheckFailReturnThunks {
+public:
+ ArityCheckFailReturnThunks();
+ ~ArityCheckFailReturnThunks();
+
+ // Returns a pointer to an array of return labels indexed by missingArgs.
+ CodeLocationLabel* returnPCsFor(VM&, unsigned numExpectedArgumentsIncludingThis);
+
+ CodeLocationLabel returnPCFor(VM&, unsigned slotsToAdd);
+
+private:
+ Vector<std::unique_ptr<CodeLocationLabel[]>> m_returnPCArrays;
+ unsigned m_nextSize;
+ Vector<MacroAssemblerCodeRef> m_refs;
+ ConcurrentJITLock m_lock;
+};
+
+} // namespace JSC
+
+#endif // ENABLE(JIT)
+
+#endif // ArityCheckFailReturnThunks_h
+
</ins></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCorejitJITcpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/jit/JIT.cpp (160935 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/jit/JIT.cpp 2013-12-20 23:30:20 UTC (rev 160935)
+++ branches/jsCStack/Source/JavaScriptCore/jit/JIT.cpp 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -34,6 +34,7 @@
</span><span class="cx"> JSC::MacroAssemblerX86Common::SSE2CheckState JSC::MacroAssemblerX86Common::s_sse2CheckState = NotCheckedSSE2;
</span><span class="cx"> #endif
</span><span class="cx">
</span><ins>+#include "ArityCheckFailReturnThunks.h"
</ins><span class="cx"> #include "CodeBlock.h"
</span><span class="cx"> #include "DFGCapabilities.h"
</span><span class="cx"> #include "Interpreter.h"
</span><span class="lines">@@ -576,6 +577,8 @@
</span><span class="cx"> if (returnValueGPR != regT0)
</span><span class="cx"> move(returnValueGPR, regT0);
</span><span class="cx"> branchTest32(Zero, regT0).linkTo(beginLabel, this);
</span><ins>+ move(TrustedImmPtr(m_vm->arityCheckFailReturnThunks->returnPCsFor(*m_vm, m_codeBlock->numParameters())), regT5);
+ loadPtr(BaseIndex(regT5, regT0, timesPtr()), regT5);
</ins><span class="cx"> emitNakedCall(m_vm->getCTIStub(arityFixup).code());
</span><span class="cx">
</span><span class="cx"> #if !ASSERT_DISABLED
</span><span class="lines">@@ -664,20 +667,12 @@
</span><span class="cx"> info.calleeGPR = regT0;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-#if ENABLE(DFG_JIT) || ENABLE(LLINT)
- if (canBeOptimizedOrInlined()
-#if ENABLE(LLINT)
- || true
-#endif
- ) {
- CompactJITCodeMap::Encoder jitCodeMapEncoder;
- for (unsigned bytecodeOffset = 0; bytecodeOffset < m_labels.size(); ++bytecodeOffset) {
- if (m_labels[bytecodeOffset].isSet())
- jitCodeMapEncoder.append(bytecodeOffset, patchBuffer.offsetOf(m_labels[bytecodeOffset]));
- }
- m_codeBlock->setJITCodeMap(jitCodeMapEncoder.finish());
</del><ins>+ CompactJITCodeMap::Encoder jitCodeMapEncoder;
+ for (unsigned bytecodeOffset = 0; bytecodeOffset < m_labels.size(); ++bytecodeOffset) {
+ if (m_labels[bytecodeOffset].isSet())
+ jitCodeMapEncoder.append(bytecodeOffset, patchBuffer.offsetOf(m_labels[bytecodeOffset]));
</ins><span class="cx"> }
</span><del>-#endif
</del><ins>+ m_codeBlock->setJITCodeMap(jitCodeMapEncoder.finish());
</ins><span class="cx">
</span><span class="cx"> MacroAssemblerCodePtr withArityCheck;
</span><span class="cx"> if (m_codeBlock->codeType() == FunctionCode)
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCorejitJITCodecpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/jit/JITCode.cpp (160935 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/jit/JITCode.cpp 2013-12-20 23:30:20 UTC (rev 160935)
+++ branches/jsCStack/Source/JavaScriptCore/jit/JITCode.cpp 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -168,7 +168,7 @@
</span><span class="cx"> case MustPreserveRegisters: {
</span><span class="cx"> RegisterPreservationWrappers* wrappers = ensureWrappers();
</span><span class="cx"> if (!wrappers->withoutArityCheck)
</span><del>- wrappers->withoutArityCheck = generateRegisterPreservationWrapper(vm, executable, m_ref.code(), ArityCheckNotRequired);
</del><ins>+ wrappers->withoutArityCheck = generateRegisterPreservationWrapper(vm, executable, m_ref.code());
</ins><span class="cx"> return wrappers->withoutArityCheck.code();
</span><span class="cx"> } }
</span><span class="cx"> case MustCheckArity:
</span><span class="lines">@@ -179,7 +179,7 @@
</span><span class="cx"> case MustPreserveRegisters: {
</span><span class="cx"> RegisterPreservationWrappers* wrappers = ensureWrappers();
</span><span class="cx"> if (!wrappers->withArityCheck)
</span><del>- wrappers->withArityCheck = generateRegisterPreservationWrapper(vm, executable, m_withArityCheck, MustCheckArity);
</del><ins>+ wrappers->withArityCheck = generateRegisterPreservationWrapper(vm, executable, m_withArityCheck);
</ins><span class="cx"> return wrappers->withArityCheck.code();
</span><span class="cx"> } }
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCorejitRegisterPreservationWrapperGeneratorcpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/jit/RegisterPreservationWrapperGenerator.cpp (160935 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/jit/RegisterPreservationWrapperGenerator.cpp 2013-12-20 23:30:20 UTC (rev 160935)
+++ branches/jsCStack/Source/JavaScriptCore/jit/RegisterPreservationWrapperGenerator.cpp 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -58,7 +58,7 @@
</span><span class="cx"> return sizeof(Register) * numberOfNewStackSlots;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-MacroAssemblerCodeRef generateRegisterPreservationWrapper(VM& vm, ExecutableBase* executable, MacroAssemblerCodePtr target, ArityCheckMode arity)
</del><ins>+MacroAssemblerCodeRef generateRegisterPreservationWrapper(VM& vm, ExecutableBase* executable, MacroAssemblerCodePtr target)
</ins><span class="cx"> {
</span><span class="cx"> #if ENABLE(FTL_JIT)
</span><span class="cx"> // We shouldn't ever be generating wrappers for native functions.
</span><span class="lines">@@ -114,7 +114,7 @@
</span><span class="cx">
</span><span class="cx"> AssemblyHelpers::Call call = jit.nearCall();
</span><span class="cx">
</span><del>- generateRegisterRestoration(jit, executable, arity);
</del><ins>+ generateRegisterRestoration(jit);
</ins><span class="cx">
</span><span class="cx"> LinkBuffer linkBuffer(vm, &jit, GLOBAL_THUNK_ID);
</span><span class="cx"> linkBuffer.link(call, CodeLocationLabel(target));
</span><span class="lines">@@ -124,23 +124,17 @@
</span><span class="cx"> UNUSED_PARAM(vm);
</span><span class="cx"> UNUSED_PARAM(executable);
</span><span class="cx"> UNUSED_PARAM(target);
</span><del>- UNUSED_PARAM(arity);
</del><span class="cx"> // We don't support non-FTL builds for two reasons:
</span><span class="cx"> // - It just so happens that currently only the FTL bottoms out in this code.
</span><span class="cx"> // - The code above uses 64-bit instructions. It doesn't necessarily have to; it would be
</span><span class="cx"> // easy to change it so that it doesn't. But obviously making that change would be a
</span><span class="cx"> // prerequisite to removing this #if.
</span><del>- UNUSED_PARAM(vm);
- UNUSED_PARAM(executable);
- UNUSED_PARAM(target);
- UNUSED_PARAM(arity);
</del><span class="cx"> UNREACHABLE_FOR_PLATFORM();
</span><del>-
</del><span class="cx"> return MacroAssemblerCodeRef();
</span><span class="cx"> #endif // ENABLE(FTL_JIT)
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void generateRegisterRestoration(AssemblyHelpers& jit, ExecutableBase* executable, ArityCheckMode arity)
</del><ins>+void generateRegisterRestoration(AssemblyHelpers& jit)
</ins><span class="cx"> {
</span><span class="cx"> RegisterSet toSave = registersToPreserve();
</span><span class="cx"> ptrdiff_t offset = registerPreservationOffset();
</span><span class="lines">@@ -155,19 +149,6 @@
</span><span class="cx"> (JSStack::ArgumentCount - JSStack::CallerFrameAndPCSize) * sizeof(Register) + PayloadOffset),
</span><span class="cx"> GPRInfo::regT2);
</span><span class="cx">
</span><del>- if (arity == MustCheckArity) {
- // It's possible that the arity checker had extended the stack. In that case, we need
- // to adjust the argument count to be the max of what the frame claims and what the
- // executable desired.
- FunctionExecutable* functionExecutable = jsCast<FunctionExecutable*>(executable);
- int parameterCount = functionExecutable->parameterCount() + 1;
- AssemblyHelpers::Jump ok = jit.branch32(
- AssemblyHelpers::AboveOrEqual, GPRInfo::regT2,
- AssemblyHelpers::TrustedImm32(parameterCount));
- jit.move(AssemblyHelpers::TrustedImm32(parameterCount), GPRInfo::regT2);
- ok.link(&jit);
- }
-
</del><span class="cx"> jit.lshift32(AssemblyHelpers::TrustedImm32(3), GPRInfo::regT2);
</span><span class="cx">
</span><span class="cx"> jit.addPtr(AssemblyHelpers::TrustedImm32(offset), AssemblyHelpers::stackPointerRegister);
</span><span class="lines">@@ -209,14 +190,12 @@
</span><span class="cx"> jit.jump(GPRInfo::regT1);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-MacroAssemblerCodeRef generateRegisterRestoration(
- VM& vm, ExecutableBase* executable, ArityCheckMode arity)
</del><ins>+MacroAssemblerCodeRef registerRestorationThunkGenerator(VM* vm)
</ins><span class="cx"> {
</span><del>- ScriptExecutable* scriptExecutable = jsCast<ScriptExecutable*>(executable);
- AssemblyHelpers jit(&vm, 0);
- generateRegisterRestoration(jit, executable, arity);
- LinkBuffer linkBuffer(vm, &jit, GLOBAL_THUNK_ID);
- return FINALIZE_DFG_CODE(linkBuffer, ("Register restoration thunk for %s/%s", toCString(scriptExecutable->hashFor(CodeForCall)).data(), toCString(scriptExecutable->hashFor(CodeForConstruct)).data()));
</del><ins>+ AssemblyHelpers jit(vm, 0);
+ generateRegisterRestoration(jit);
+ LinkBuffer linkBuffer(*vm, &jit, GLOBAL_THUNK_ID);
+ return FINALIZE_CODE(linkBuffer, ("Register restoration thunk"));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCorejitRegisterPreservationWrapperGeneratorh"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/jit/RegisterPreservationWrapperGenerator.h (160935 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/jit/RegisterPreservationWrapperGenerator.h 2013-12-20 23:30:20 UTC (rev 160935)
+++ branches/jsCStack/Source/JavaScriptCore/jit/RegisterPreservationWrapperGenerator.h 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -39,11 +39,11 @@
</span><span class="cx">
</span><span class="cx"> ptrdiff_t registerPreservationOffset();
</span><span class="cx">
</span><del>-MacroAssemblerCodeRef generateRegisterPreservationWrapper(VM&, ExecutableBase*, MacroAssemblerCodePtr target, ArityCheckMode);
</del><ins>+MacroAssemblerCodeRef generateRegisterPreservationWrapper(VM&, ExecutableBase*, MacroAssemblerCodePtr target);
</ins><span class="cx">
</span><del>-void generateRegisterRestoration(AssemblyHelpers&, ExecutableBase*, ArityCheckMode);
</del><ins>+void generateRegisterRestoration(AssemblyHelpers&);
</ins><span class="cx">
</span><del>-MacroAssemblerCodeRef generateRegisterRestoration(VM&, ExecutableBase*, ArityCheckMode);
</del><ins>+MacroAssemblerCodeRef registerRestorationThunkGenerator(VM*);
</ins><span class="cx">
</span><span class="cx"> } // namespace JSC
</span><span class="cx">
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCorejitThunkGeneratorscpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/jit/ThunkGenerators.cpp (160935 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/jit/ThunkGenerators.cpp 2013-12-20 23:30:20 UTC (rev 160935)
+++ branches/jsCStack/Source/JavaScriptCore/jit/ThunkGenerators.cpp 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -440,14 +440,16 @@
</span><span class="cx"> {
</span><span class="cx"> JSInterfaceJIT jit(vm);
</span><span class="cx">
</span><del>- // We enter with fixup count in regT0
</del><ins>+ // We enter with fixup count, in aligned stack units, in regT0 and the return thunk in
+ // regT5. We use VM::currentReturnThunkPC instead of regT5 on X86-32.
</ins><span class="cx"> #if USE(JSVALUE64)
</span><span class="cx"> # if CPU(X86_64)
</span><span class="cx"> jit.pop(JSInterfaceJIT::regT4);
</span><span class="cx"> # endif
</span><ins>+ jit.lshift32(JSInterfaceJIT::TrustedImm32(logStackAlignmentRegisters()), JSInterfaceJIT::regT0);
</ins><span class="cx"> jit.neg64(JSInterfaceJIT::regT0);
</span><span class="cx"> jit.move(JSInterfaceJIT::callFrameRegister, JSInterfaceJIT::regT3);
</span><del>- jit.load32(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, JSStack::ArgumentCount * 8), JSInterfaceJIT::regT2);
</del><ins>+ jit.load32(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, JSStack::ArgumentCount * sizeof(Register)), JSInterfaceJIT::regT2);
</ins><span class="cx"> jit.add32(JSInterfaceJIT::TrustedImm32(JSStack::CallFrameHeaderSize), JSInterfaceJIT::regT2);
</span><span class="cx">
</span><span class="cx"> // Move current frame down regT0 number of slots
</span><span class="lines">@@ -457,19 +459,28 @@
</span><span class="cx"> jit.addPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::regT3);
</span><span class="cx"> jit.branchSub32(MacroAssembler::NonZero, JSInterfaceJIT::TrustedImm32(1), JSInterfaceJIT::regT2).linkTo(copyLoop, &jit);
</span><span class="cx">
</span><del>- // Fill in regT0 missing arg slots with undefined
</del><ins>+ // Fill in regT0 - 1 missing arg slots with undefined
</ins><span class="cx"> jit.move(JSInterfaceJIT::regT0, JSInterfaceJIT::regT2);
</span><span class="cx"> jit.move(JSInterfaceJIT::TrustedImm64(ValueUndefined), JSInterfaceJIT::regT1);
</span><ins>+ jit.add32(JSInterfaceJIT::TrustedImm32(1), JSInterfaceJIT::regT2);
</ins><span class="cx"> JSInterfaceJIT::Label fillUndefinedLoop(jit.label());
</span><span class="cx"> jit.store64(JSInterfaceJIT::regT1, MacroAssembler::BaseIndex(JSInterfaceJIT::regT3, JSInterfaceJIT::regT0, JSInterfaceJIT::TimesEight));
</span><span class="cx"> jit.addPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::regT3);
</span><span class="cx"> jit.branchAdd32(MacroAssembler::NonZero, JSInterfaceJIT::TrustedImm32(1), JSInterfaceJIT::regT2).linkTo(fillUndefinedLoop, &jit);
</span><del>-
</del><ins>+
</ins><span class="cx"> // Adjust call frame register and stack pointer to account for missing args
</span><del>- jit.lshift64(JSInterfaceJIT::TrustedImm32(3), JSInterfaceJIT::regT0);
- jit.addPtr(JSInterfaceJIT::regT0, JSInterfaceJIT::callFrameRegister);
- jit.addPtr(JSInterfaceJIT::regT0, JSInterfaceJIT::stackPointerRegister);
</del><ins>+ jit.move(JSInterfaceJIT::regT0, JSInterfaceJIT::regT1);
+ jit.lshift64(JSInterfaceJIT::TrustedImm32(3), JSInterfaceJIT::regT1);
+ jit.addPtr(JSInterfaceJIT::regT1, JSInterfaceJIT::callFrameRegister);
+ jit.addPtr(JSInterfaceJIT::regT1, JSInterfaceJIT::stackPointerRegister);
</ins><span class="cx">
</span><ins>+ // Save the original return PC.
+ jit.loadPtr(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, CallFrame::returnPCOffset()), GPRInfo::regT1);
+ jit.storePtr(GPRInfo::regT1, MacroAssembler::BaseIndex(JSInterfaceJIT::regT3, JSInterfaceJIT::regT0, JSInterfaceJIT::TimesEight));
+
+ // Install the new return PC.
+ jit.storePtr(GPRInfo::regT5, JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, CallFrame::returnPCOffset()));
+
</ins><span class="cx"> # if CPU(X86_64)
</span><span class="cx"> jit.push(JSInterfaceJIT::regT4);
</span><span class="cx"> # endif
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCorellintLLIntOffsetsExtractorcpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/llint/LLIntOffsetsExtractor.cpp (160935 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/llint/LLIntOffsetsExtractor.cpp 2013-12-20 23:30:20 UTC (rev 160935)
+++ branches/jsCStack/Source/JavaScriptCore/llint/LLIntOffsetsExtractor.cpp 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -27,6 +27,7 @@
</span><span class="cx">
</span><span class="cx"> #include "ArrayProfile.h"
</span><span class="cx"> #include "CodeBlock.h"
</span><ins>+#include "CommonSlowPaths.h"
</ins><span class="cx"> #include "Debugger.h"
</span><span class="cx"> #include "Executable.h"
</span><span class="cx"> #include "Heap.h"
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCorellintLLIntSlowPathscpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp (160935 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp 2013-12-20 23:30:20 UTC (rev 160935)
+++ branches/jsCStack/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -256,6 +256,10 @@
</span><span class="cx"> static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
</span><span class="cx"> opcodeNames[exec->vm().interpreter->getOpcodeID(pc[0].u.opcode)],
</span><span class="cx"> exec->scope(), pc);
</span><ins>+ if (exec->vm().interpreter->getOpcodeID(pc[0].u.opcode) == op_enter) {
+ dataLogF("Frame will eventually return to %p\n", exec->returnPC().value());
+ *bitwise_cast<volatile char*>(exec->returnPC().value());
+ }
</ins><span class="cx"> if (exec->vm().interpreter->getOpcodeID(pc[0].u.opcode) == op_ret) {
</span><span class="cx"> dataLogF("Will be returning to %p\n", exec->returnPC().value());
</span><span class="cx"> dataLogF("The new cfr will be %p\n", exec->callerFrame());
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCorellintLowLevelInterpreterasm"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter.asm (160935 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter.asm 2013-12-20 23:30:20 UTC (rev 160935)
+++ branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter.asm 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -95,7 +95,7 @@
</span><span class="cx"> # to C functions.
</span><span class="cx"> # - C calls are still given the Instruction* rather than the PC index.
</span><span class="cx"> # This requires an add before the call, and a sub after.
</span><del>- const PC = t4
</del><ins>+ const PC = t5
</ins><span class="cx"> const PB = t6
</span><span class="cx"> const tagTypeNumber = csr1
</span><span class="cx"> const tagMask = csr2
</span><span class="lines">@@ -113,7 +113,7 @@
</span><span class="cx"> end
</span><span class="cx">
</span><span class="cx"> else
</span><del>- const PC = t4
</del><ins>+ const PC = t5
</ins><span class="cx"> macro loadisFromInstruction(offset, dest)
</span><span class="cx"> loadis offset * 4[PC], dest
</span><span class="cx"> end
</span><span class="lines">@@ -481,11 +481,11 @@
</span><span class="cx"> # void sanitizeStackForVM(VM* vm)
</span><span class="cx"> _sanitizeStackForVM:
</span><span class="cx"> if X86_64
</span><del>- const vm = t5
</del><ins>+ const vm = t4
</ins><span class="cx"> const address = t1
</span><span class="cx"> const zeroValue = t0
</span><span class="cx"> elsif X86
</span><del>- const vm = t5
</del><ins>+ const vm = t4
</ins><span class="cx"> const address = t1
</span><span class="cx"> const zeroValue = t0
</span><span class="cx"> else
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCorellintLowLevelInterpreter32_64asm"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm (160935 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm 2013-12-20 23:30:20 UTC (rev 160935)
+++ branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -172,9 +172,9 @@
</span><span class="cx">
</span><span class="cx"> macro doCallToJavaScript(makeCall, doReturn)
</span><span class="cx"> if X86
</span><del>- const entry = t5
</del><ins>+ const entry = t4
</ins><span class="cx"> const vmTopCallFrame = t2
</span><del>- const protoCallFrame = t4
</del><ins>+ const protoCallFrame = t5
</ins><span class="cx">
</span><span class="cx"> const extraStackSpace = 28
</span><span class="cx"> const previousCFR = t0
</span><span class="lines">@@ -194,8 +194,8 @@
</span><span class="cx"> const previousPC = lr
</span><span class="cx"> const temp1 = t3 # Same as previousCFR
</span><span class="cx"> const temp2 = a3 # Same as topOfStack
</span><del>- const temp3 = t4
- const temp4 = t5
</del><ins>+ const temp3 = t5
+ const temp4 = t4
</ins><span class="cx"> elsif ARMv7
</span><span class="cx"> const entry = a0
</span><span class="cx"> const vmTopCallFrame = a1
</span><span class="lines">@@ -207,8 +207,8 @@
</span><span class="cx"> const previousPC = lr
</span><span class="cx"> const temp1 = t3 # Same as previousCFR
</span><span class="cx"> const temp2 = a3 # Same as topOfStack
</span><del>- const temp3 = t4
- const temp4 = t5
</del><ins>+ const temp3 = t5
+ const temp4 = t4
</ins><span class="cx"> elsif MIPS
</span><span class="cx"> const entry = a0
</span><span class="cx"> const vmTopCallFrame = a1
</span><span class="lines">@@ -219,8 +219,8 @@
</span><span class="cx"> const previousCFR = t2
</span><span class="cx"> const previousPC = lr
</span><span class="cx"> const temp1 = t3
</span><del>- const temp2 = t4
- const temp3 = t5
</del><ins>+ const temp2 = t5
+ const temp3 = t4
</ins><span class="cx"> const temp4 = t6
</span><span class="cx"> elsif SH4
</span><span class="cx"> const entry = a0
</span><span class="lines">@@ -519,10 +519,10 @@
</span><span class="cx"> # Entrypoints into the interpreter
</span><span class="cx">
</span><span class="cx"> # Expects that CodeBlock is in t1, which is what prologue() leaves behind.
</span><del>-macro functionArityCheck(doneLabel, slow_path)
</del><ins>+macro functionArityCheck(doneLabel, slowPath)
</ins><span class="cx"> loadi PayloadOffset + ArgumentCount[cfr], t0
</span><span class="cx"> biaeq t0, CodeBlock::m_numParameters[t1], doneLabel
</span><del>- cCall2(slow_path, cfr, PC) # This slow_path has a simple protocol: t0 = 0 => no error, t0 != 0 => error
</del><ins>+ cCall2(slowPath, cfr, PC) # This slowPath has a simple protocol: t0 = 0 => no error, t0 != 0 => error
</ins><span class="cx"> btiz t0, .isArityFixupNeeded
</span><span class="cx"> move t1, cfr # t1 contains caller frame
</span><span class="cx"> jmp _llint_throw_from_slow_path_trampoline
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCorellintLowLevelInterpreter64asm"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm (160935 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm 2013-12-20 23:30:20 UTC (rev 160935)
+++ branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -52,10 +52,10 @@
</span><span class="cx"> end
</span><span class="cx">
</span><span class="cx"> macro cCall2(function, arg1, arg2)
</span><del>- checkStackPointerAlignment(t5, 0xbad0c002)
</del><ins>+ checkStackPointerAlignment(t4, 0xbad0c002)
</ins><span class="cx"> if X86_64
</span><del>- move arg1, t5
- move arg2, t4
</del><ins>+ move arg1, t4
+ move arg2, t5
</ins><span class="cx"> call function
</span><span class="cx"> elsif ARM64
</span><span class="cx"> move arg1, t0
</span><span class="lines">@@ -70,10 +70,10 @@
</span><span class="cx">
</span><span class="cx"> # This barely works. arg3 and arg4 should probably be immediates.
</span><span class="cx"> macro cCall4(function, arg1, arg2, arg3, arg4)
</span><del>- checkStackPointerAlignment(t5, 0xbad0c004)
</del><ins>+ checkStackPointerAlignment(t4, 0xbad0c004)
</ins><span class="cx"> if X86_64
</span><del>- move arg1, t5
- move arg2, t4
</del><ins>+ move arg1, t4
+ move arg2, t5
</ins><span class="cx"> move arg3, t1
</span><span class="cx"> move arg4, t2
</span><span class="cx"> call function
</span><span class="lines">@@ -150,8 +150,8 @@
</span><span class="cx">
</span><span class="cx"> macro doCallToJavaScript(makeCall)
</span><span class="cx"> if X86_64
</span><del>- const entry = t5
- const vmTopCallFrame = t4
</del><ins>+ const entry = t4
+ const vmTopCallFrame = t5
</ins><span class="cx"> const protoCallFrame = t1
</span><span class="cx"> const topOfStack = t2
</span><span class="cx">
</span><span class="lines">@@ -166,10 +166,10 @@
</span><span class="cx"> const protoCallFrame = a2
</span><span class="cx"> const topOfStack = a3
</span><span class="cx">
</span><del>- const previousCFR = t4
</del><ins>+ const previousCFR = t5
</ins><span class="cx"> const previousPC = lr
</span><span class="cx"> const temp1 = t3
</span><del>- const temp2 = t5
</del><ins>+ const temp2 = t4
</ins><span class="cx"> const temp3 = t6
</span><span class="cx"> end
</span><span class="cx">
</span><span class="lines">@@ -264,7 +264,7 @@
</span><span class="cx"> macro makeHostFunctionCall(entry, temp)
</span><span class="cx"> move entry, temp
</span><span class="cx"> if X86_64
</span><del>- move sp, t5
</del><ins>+ move sp, t4
</ins><span class="cx"> elsif ARM64 or C_LOOP
</span><span class="cx"> move sp, a0
</span><span class="cx"> end
</span><span class="lines">@@ -399,19 +399,35 @@
</span><span class="cx"> # Entrypoints into the interpreter.
</span><span class="cx">
</span><span class="cx"> # Expects that CodeBlock is in t1, which is what prologue() leaves behind.
</span><del>-macro functionArityCheck(doneLabel, slow_path)
</del><ins>+macro functionArityCheck(doneLabel, slowPath)
</ins><span class="cx"> loadi PayloadOffset + ArgumentCount[cfr], t0
</span><span class="cx"> biaeq t0, CodeBlock::m_numParameters[t1], doneLabel
</span><span class="cx"> prepareStateForCCall()
</span><del>- cCall2(slow_path, cfr, PC) # This slow_path has a simple protocol: t0 = 0 => no error, t0 != 0 => error
- btiz t0, .isArityFixupNeeded
</del><ins>+ cCall2(slowPath, cfr, PC) # This slowPath has the protocol: t0 = 0 => no error, t0 != 0 => error
+ btiz t0, .noError
</ins><span class="cx"> move t1, cfr # t1 contains caller frame
</span><span class="cx"> jmp _llint_throw_from_slow_path_trampoline
</span><span class="cx">
</span><del>-.isArityFixupNeeded:
</del><ins>+.noError:
+ # t1 points to ArityCheckData.
+ loadp CommonSlowPaths::ArityCheckData::thunkToCall[t1], t2
+ btpz t2, .proceedInline
+
+ loadp CommonSlowPaths::ArityCheckData::returnPC[t1], t5
+ loadp CommonSlowPaths::ArityCheckData::paddedStackSpace[t1], t0
+ call t2
+ if ASSERT_ENABLED
+ loadp ReturnPC[cfr], t0
+ loadp [t0], t0
+ end
+ jmp .continue
+
+.proceedInline:
+ loadi CommonSlowPaths::ArityCheckData::paddedStackSpace[t1], t1
</ins><span class="cx"> btiz t1, .continue
</span><span class="cx">
</span><del>- // Move frame up "t1" slots
</del><ins>+ // Move frame up "t1 * 2" slots
+ lshiftp 1, t1
</ins><span class="cx"> negq t1
</span><span class="cx"> move cfr, t3
</span><span class="cx"> loadi PayloadOffset + ArgumentCount[cfr], t2
</span><span class="lines">@@ -1731,7 +1747,7 @@
</span><span class="cx"> storei PC, ArgumentCount + TagOffset[cfr]
</span><span class="cx"> storei t2, ArgumentCount + PayloadOffset[t3]
</span><span class="cx"> addp CallerFrameAndPCSize, t3
</span><del>- callTargetFunction(t1,t3)
</del><ins>+ callTargetFunction(t1, t3)
</ins><span class="cx">
</span><span class="cx"> .opCallSlow:
</span><span class="cx"> slowPathForCall(slowPath)
</span><span class="lines">@@ -1903,9 +1919,9 @@
</span><span class="cx"> loadp CallerFrame[cfr], t0
</span><span class="cx"> loadq ScopeChain[t0], t1
</span><span class="cx"> storeq t1, ScopeChain[cfr]
</span><del>- move cfr, t5 # t5 = rdi
- loadp Callee[cfr], t4 # t4 = rsi
- loadp JSFunction::m_executable[t4], t1
</del><ins>+ move cfr, t4 # t4 = rdi
+ loadp Callee[cfr], t5 # t5 = rsi
+ loadp JSFunction::m_executable[t5], t1
</ins><span class="cx"> checkStackPointerAlignment(t3, 0xdead0001)
</span><span class="cx"> call executableOffsetToFunction[t1]
</span><span class="cx"> loadp ScopeChain[cfr], t3
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoreofflineasmx86rb"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/offlineasm/x86.rb (160935 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/offlineasm/x86.rb 2013-12-20 23:30:20 UTC (rev 160935)
+++ branches/jsCStack/Source/JavaScriptCore/offlineasm/x86.rb 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -150,15 +150,15 @@
</span><span class="cx"> when "t4"
</span><span class="cx"> case kind
</span><span class="cx"> when :byte
</span><del>- "%sil"
</del><ins>+ "%dil"
</ins><span class="cx"> when :half
</span><del>- "%si"
</del><ins>+ "%di"
</ins><span class="cx"> when :int
</span><del>- "%esi"
</del><ins>+ "%edi"
</ins><span class="cx"> when :ptr
</span><del>- isX64 ? "%rsi" : "%esi"
</del><ins>+ isX64 ? "%rdi" : "%edi"
</ins><span class="cx"> when :quad
</span><del>- isX64 ? "%rsi" : raise
</del><ins>+ isX64 ? "%rdi" : raise
</ins><span class="cx"> else
</span><span class="cx"> raise
</span><span class="cx"> end
</span><span class="lines">@@ -206,15 +206,15 @@
</span><span class="cx"> when "t5"
</span><span class="cx"> case kind
</span><span class="cx"> when :byte
</span><del>- "%dil"
</del><ins>+ "%sil"
</ins><span class="cx"> when :half
</span><del>- "%di"
</del><ins>+ "%si"
</ins><span class="cx"> when :int
</span><del>- "%edi"
</del><ins>+ "%esi"
</ins><span class="cx"> when :ptr
</span><del>- isX64 ? "%rdi" : "%edi"
</del><ins>+ isX64 ? "%rsi" : "%esi"
</ins><span class="cx"> when :quad
</span><del>- isX64 ? "%rdi" : raise
</del><ins>+ isX64 ? "%rsi" : raise
</ins><span class="cx"> end
</span><span class="cx"> when "t6"
</span><span class="cx"> raise "Cannot use #{name} in 32-bit X86 at #{codeOriginString}" unless isX64
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoreruntimeCommonSlowPathscpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp (160935 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp 2013-12-20 23:30:20 UTC (rev 160935)
+++ branches/jsCStack/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -29,6 +29,7 @@
</span><span class="cx"> #if ENABLE(JIT) || ENABLE(LLINT)
</span><span class="cx">
</span><span class="cx"> #include "Arguments.h"
</span><ins>+#include "ArityCheckFailReturnThunks.h"
</ins><span class="cx"> #include "ArrayConstructor.h"
</span><span class="cx"> #include "CallFrame.h"
</span><span class="cx"> #include "CodeProfiling.h"
</span><span class="lines">@@ -169,28 +170,42 @@
</span><span class="cx"> CALL_END_IMPL(crExec, crCallTarget); \
</span><span class="cx"> } while (false)
</span><span class="cx">
</span><ins>+static CommonSlowPaths::ArityCheckData* setupArityCheckData(VM& vm, int slotsToAdd)
+{
+ CommonSlowPaths::ArityCheckData* result = vm.arityCheckData.get();
+ result->paddedStackSpace = slotsToAdd;
+ if (vm.canUseJIT()) {
+ result->thunkToCall = vm.getCTIStub(arityFixup).code().executableAddress();
+ result->returnPC = vm.arityCheckFailReturnThunks->returnPCFor(vm, slotsToAdd * stackAlignmentRegisters()).executableAddress();
+ } else {
+ result->thunkToCall = 0;
+ result->returnPC = 0;
+ }
+ return result;
+}
+
</ins><span class="cx"> SLOW_PATH_DECL(slow_path_call_arityCheck)
</span><span class="cx"> {
</span><span class="cx"> BEGIN();
</span><del>- int SlotsToAdd = CommonSlowPaths::arityCheckFor(exec, &vm.interpreter->stack(), CodeForCall);
- if (SlotsToAdd < 0) {
</del><ins>+ int slotsToAdd = CommonSlowPaths::arityCheckFor(exec, &vm.interpreter->stack(), CodeForCall);
+ if (slotsToAdd < 0) {
</ins><span class="cx"> exec = exec->callerFrame();
</span><span class="cx"> CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec));
</span><span class="cx"> RETURN_TWO(bitwise_cast<void*>(static_cast<uintptr_t>(1)), exec);
</span><span class="cx"> }
</span><del>- RETURN_TWO(0, reinterpret_cast<ExecState*>(SlotsToAdd));
</del><ins>+ RETURN_TWO(0, setupArityCheckData(vm, slotsToAdd));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> SLOW_PATH_DECL(slow_path_construct_arityCheck)
</span><span class="cx"> {
</span><span class="cx"> BEGIN();
</span><del>- int SlotsToAdd = CommonSlowPaths::arityCheckFor(exec, &vm.interpreter->stack(), CodeForConstruct);
- if (SlotsToAdd < 0) {
</del><ins>+ int slotsToAdd = CommonSlowPaths::arityCheckFor(exec, &vm.interpreter->stack(), CodeForConstruct);
+ if (slotsToAdd < 0) {
</ins><span class="cx"> exec = exec->callerFrame();
</span><span class="cx"> CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec));
</span><span class="cx"> RETURN_TWO(bitwise_cast<void*>(static_cast<uintptr_t>(1)), exec);
</span><span class="cx"> }
</span><del>- RETURN_TWO(0, reinterpret_cast<ExecState*>(SlotsToAdd));
</del><ins>+ RETURN_TWO(0, setupArityCheckData(vm, slotsToAdd));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> SLOW_PATH_DECL(slow_path_touch_entry)
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoreruntimeCommonSlowPathsh"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/runtime/CommonSlowPaths.h (160935 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/runtime/CommonSlowPaths.h 2013-12-20 23:30:20 UTC (rev 160935)
+++ branches/jsCStack/Source/JavaScriptCore/runtime/CommonSlowPaths.h 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -49,6 +49,12 @@
</span><span class="cx">
</span><span class="cx"> namespace CommonSlowPaths {
</span><span class="cx">
</span><ins>+struct ArityCheckData {
+ unsigned paddedStackSpace;
+ void* thunkToCall;
+ void* returnPC;
+};
+
</ins><span class="cx"> ALWAYS_INLINE int arityCheckFor(ExecState* exec, JSStack* stack, CodeSpecializationKind kind)
</span><span class="cx"> {
</span><span class="cx"> JSFunction* callee = jsCast<JSFunction*>(exec->callee());
</span><span class="lines">@@ -58,18 +64,19 @@
</span><span class="cx">
</span><span class="cx"> ASSERT(argumentCountIncludingThis < newCodeBlock->numParameters());
</span><span class="cx"> int missingArgumentCount = newCodeBlock->numParameters() - argumentCountIncludingThis;
</span><del>- int paddedMissingArgumentCount = WTF::roundUpToMultipleOf(stackAlignmentRegisters(), missingArgumentCount);
</del><ins>+ int neededStackSpace = missingArgumentCount + 1; // Allow space to save the original return PC.
+ int paddedStackSpace = WTF::roundUpToMultipleOf(stackAlignmentRegisters(), neededStackSpace);
</ins><span class="cx">
</span><span class="cx"> #if ENABLE(LLINT_CLOOP)
</span><del>- if (!stack->grow(exec->registers() - paddedMissingArgumentCount))
</del><ins>+ if (!stack->grow(exec->registers() - passedStackSpace))
</ins><span class="cx"> return -1;
</span><span class="cx"> #else
</span><span class="cx"> UNUSED_PARAM(stack);
</span><del>- if (!exec->vm().isSafeToRecurse(paddedMissingArgumentCount * sizeof(Register)))
</del><ins>+ if (!exec->vm().isSafeToRecurse(paddedStackSpace * sizeof(Register)))
</ins><span class="cx"> return -1;
</span><span class="cx"> #endif // ENABLE(LLINT_CLOOP)
</span><span class="cx">
</span><del>- return paddedMissingArgumentCount;
</del><ins>+ return paddedStackSpace / stackAlignmentRegisters();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> inline bool opIn(ExecState* exec, JSValue propName, JSValue baseVal)
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoreruntimeStackAlignmenth"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/runtime/StackAlignment.h (160935 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/runtime/StackAlignment.h 2013-12-20 23:30:20 UTC (rev 160935)
+++ branches/jsCStack/Source/JavaScriptCore/runtime/StackAlignment.h 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -27,6 +27,7 @@
</span><span class="cx"> #define StackAlignment_h
</span><span class="cx">
</span><span class="cx"> #include "JSCJSValue.h"
</span><ins>+#include <wtf/MathExtras.h>
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="lines">@@ -38,6 +39,11 @@
</span><span class="cx"> return stackAlignmentBytes() / sizeof(EncodedJSValue);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+inline unsigned logStackAlignmentRegisters()
+{
+ return WTF::fastLog2(stackAlignmentRegisters());
+}
+
</ins><span class="cx"> } // namespace JSC
</span><span class="cx">
</span><span class="cx"> #endif // StackAlignment_h
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoreruntimeVMcpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/runtime/VM.cpp (160935 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/runtime/VM.cpp 2013-12-20 23:30:20 UTC (rev 160935)
+++ branches/jsCStack/Source/JavaScriptCore/runtime/VM.cpp 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -30,11 +30,13 @@
</span><span class="cx"> #include "VM.h"
</span><span class="cx">
</span><span class="cx"> #include "ArgList.h"
</span><ins>+#include "ArityCheckFailReturnThunks.h"
</ins><span class="cx"> #include "ArrayBufferNeuteringWatchpoint.h"
</span><span class="cx"> #include "CallFrameInlines.h"
</span><span class="cx"> #include "CodeBlock.h"
</span><span class="cx"> #include "CodeCache.h"
</span><span class="cx"> #include "CommonIdentifiers.h"
</span><ins>+#include "CommonSlowPaths.h"
</ins><span class="cx"> #include "DFGLongLivedState.h"
</span><span class="cx"> #include "DFGWorklist.h"
</span><span class="cx"> #include "DebuggerActivation.h"
</span><span class="lines">@@ -266,7 +268,9 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(JIT)
</span><span class="cx"> jitStubs = adoptPtr(new JITThunks());
</span><ins>+ arityCheckFailReturnThunks = std::make_unique<ArityCheckFailReturnThunks>();
</ins><span class="cx"> #endif
</span><ins>+ arityCheckData = std::make_unique<CommonSlowPaths::ArityCheckData>();
</ins><span class="cx">
</span><span class="cx"> #if ENABLE(FTL_JIT)
</span><span class="cx"> ftlThunks = std::make_unique<FTL::Thunks>();
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoreruntimeVMh"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/runtime/VM.h (160935 => 160936)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/runtime/VM.h 2013-12-20 23:30:20 UTC (rev 160935)
+++ branches/jsCStack/Source/JavaScriptCore/runtime/VM.h 2013-12-20 23:38:06 UTC (rev 160936)
</span><span class="lines">@@ -64,6 +64,7 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><ins>+ class ArityCheckFailReturnThunks;
</ins><span class="cx"> class CodeBlock;
</span><span class="cx"> class CodeCache;
</span><span class="cx"> class CommonIdentifiers;
</span><span class="lines">@@ -104,6 +105,9 @@
</span><span class="cx"> class Thunks;
</span><span class="cx"> }
</span><span class="cx"> #endif // ENABLE(FTL_JIT)
</span><ins>+ namespace CommonSlowPaths {
+ struct ArityCheckData;
+ }
</ins><span class="cx">
</span><span class="cx"> struct HashTable;
</span><span class="cx"> struct Instruction;
</span><span class="lines">@@ -332,7 +336,13 @@
</span><span class="cx"> return jitStubs->ctiStub(this, generator);
</span><span class="cx"> }
</span><span class="cx"> NativeExecutable* getHostFunction(NativeFunction, Intrinsic);
</span><del>-#endif
</del><ins>+
+ std::unique_ptr<ArityCheckFailReturnThunks> arityCheckFailReturnThunks;
+#if CPU(X86)
+ void* currentReturnThunkPC;
+#endif // CPU(X86)
+#endif // ENABLE(JIT)
+ std::unique_ptr<CommonSlowPaths::ArityCheckData> arityCheckData;
</ins><span class="cx"> #if ENABLE(FTL_JIT)
</span><span class="cx"> std::unique_ptr<FTL::Thunks> ftlThunks;
</span><span class="cx"> #endif
</span></span></pre>
</div>
</div>
</body>
</html>