<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[161012] branches/jsCStack/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/161012">161012</a></dd>
<dt>Author</dt> <dd>fpizlo@apple.com</dd>
<dt>Date</dt> <dd>2013-12-23 12:44:28 -0800 (Mon, 23 Dec 2013)</dd>
</dl>
<h3>Log Message</h3>
<pre>CStack Branch: Several dfg-arguments-osr-exit tests fail
https://bugs.webkit.org/show_bug.cgi?id=126170
Reviewed by Michael Saboff.
OSR exit makes calls. It makes those calls after putting things into the stack at offsets
that make sense in the baseline JIT. That means that if those calls spill things to the
stack, they'll overwrite what the OSR exit had recovered for the baseline JIT.
Need to adjust SP to a conservative value for the baseline JIT at the top of exit. Note
that the FTL OSR exit already does this.
* dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
* dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branchesjsCStackSourceJavaScriptCoreChangeLog">branches/jsCStack/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoredfgDFGOSRExitCompiler32_64cpp">branches/jsCStack/Source/JavaScriptCore/dfg/DFGOSRExitCompiler32_64.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoredfgDFGOSRExitCompiler64cpp">branches/jsCStack/Source/JavaScriptCore/dfg/DFGOSRExitCompiler64.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchesjsCStackSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/ChangeLog (161011 => 161012)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/ChangeLog 2013-12-23 20:25:45 UTC (rev 161011)
+++ branches/jsCStack/Source/JavaScriptCore/ChangeLog 2013-12-23 20:44:28 UTC (rev 161012)
</span><span class="lines">@@ -1,5 +1,24 @@
</span><span class="cx"> 2013-12-23 Filip Pizlo <fpizlo@apple.com>
</span><span class="cx">
</span><ins>+ CStack Branch: Several dfg-arguments-osr-exit tests fail
+ https://bugs.webkit.org/show_bug.cgi?id=126170
+
+ Reviewed by Michael Saboff.
+
+ OSR exit makes calls. It makes those calls after putting things into the stack at offsets
+ that make sense in the baseline JIT. That means that if those calls spill things to the
+ stack, they'll overwrite what the OSR exit had recovered for the baseline JIT.
+
+ Need to adjust SP to a conservative value for the baseline JIT at the top of exit. Note
+ that the FTL OSR exit already does this.
+
+ * dfg/DFGOSRExitCompiler32_64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+ * dfg/DFGOSRExitCompiler64.cpp:
+ (JSC::DFG::OSRExitCompiler::compileExit):
+
+2013-12-23 Filip Pizlo <fpizlo@apple.com>
+
</ins><span class="cx"> cStack branch doesn't run navier-stokes because closure calls aren't implemented yet
</span><span class="cx"> https://bugs.webkit.org/show_bug.cgi?id=126141
</span><span class="cx">
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoredfgDFGOSRExitCompiler32_64cpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/dfg/DFGOSRExitCompiler32_64.cpp (161011 => 161012)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/dfg/DFGOSRExitCompiler32_64.cpp 2013-12-23 20:25:45 UTC (rev 161011)
+++ branches/jsCStack/Source/JavaScriptCore/dfg/DFGOSRExitCompiler32_64.cpp 2013-12-23 20:44:28 UTC (rev 161012)
</span><span class="lines">@@ -45,6 +45,12 @@
</span><span class="cx"> m_jit.debugCall(debugOperationPrintSpeculationFailure, debugInfo);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ // Need to ensure that the stack pointer accounts for the worst-case stack usage at exit.
+ m_jit.addPtr(
+ CCallHelpers::TrustedImm32(
+ -m_jit.codeBlock()->jitCode()->dfgCommon()->requiredRegisterCountForExit * sizeof(Register)),
+ CCallHelpers::framePointerRegister, CCallHelpers::stackPointerRegister);
+
</ins><span class="cx"> // 2) Perform speculation recovery. This only comes into play when an operation
</span><span class="cx"> // starts mutating state before verifying the speculation it has already made.
</span><span class="cx">
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoredfgDFGOSRExitCompiler64cpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/dfg/DFGOSRExitCompiler64.cpp (161011 => 161012)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/dfg/DFGOSRExitCompiler64.cpp 2013-12-23 20:25:45 UTC (rev 161011)
+++ branches/jsCStack/Source/JavaScriptCore/dfg/DFGOSRExitCompiler64.cpp 2013-12-23 20:44:28 UTC (rev 161012)
</span><span class="lines">@@ -49,6 +49,12 @@
</span><span class="cx"> m_jit.debugCall(debugOperationPrintSpeculationFailure, debugInfo);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ // Need to ensure that the stack pointer accounts for the worst-case stack usage at exit.
+ m_jit.addPtr(
+ CCallHelpers::TrustedImm32(
+ -m_jit.codeBlock()->jitCode()->dfgCommon()->requiredRegisterCountForExit * sizeof(Register)),
+ CCallHelpers::framePointerRegister, CCallHelpers::stackPointerRegister);
+
</ins><span class="cx"> // 2) Perform speculation recovery. This only comes into play when an operation
</span><span class="cx"> // starts mutating state before verifying the speculation it has already made.
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>