<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[162521] branches/jsCStack/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/162521">162521</a></dd>
<dt>Author</dt> <dd>msaboff@apple.com</dd>
<dt>Date</dt> <dd>2014-01-22 09:19:17 -0800 (Wed, 22 Jan 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>CStack Branch: Fix DFG for X86-32
https://bugs.webkit.org/show_bug.cgi?id=127407
Reviewed by Filip Pizlo.
Made DFG calling convention changes. Change frameRegisterCount() to
appropriately round so the stack pointer will end up being properly aligned.
Removed some stack pointer alignment checks that are before setting
the stack pointer.
Fixed maxFrameExtentForSlowPathCall to account that the most arguments we
actually use when calling a helper is 7. Added a compile assert to make
sure that maxFrameExtentForSlowPathCall has the right padding. Made the
corresponding changes in the LLInt.
Moved the stack pointer down by maxFrameExtentForSlowPathCall before calling
a helper when the stack pointer hasn't been properly set up.
Eliminated emitGetReturnPCFromCallFrameHeaderPtr() since it is no longer called.
Moved the stack pointer down in ThunkGenerators::defineUnaryDoubleOpWrapper()
to align it for storing xmm arguments and making a call to the helper.
Fixed an issue where ArityCheckFailReturnThunks was clobbering edx. Changed
it to use regT4 (edi) instead of regT1 (edx).
Made temporary space on the stack for in the LLInt when calling out to C code
when the stack ponter hasn't been properly set up for a code block.
* assembler/MaxFrameExtentForSlowPathCall.h:
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::frameRegisterCount):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compile):
* jit/ArityCheckFailReturnThunks.cpp:
(JSC::ArityCheckFailReturnThunks::returnPCsFor):
* jit/AssemblyHelpers.h:
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
* jit/JITCall32_64.cpp:
(JSC::JIT::compileOpCall):
* jit/JITInlines.h:
(JSC::JIT::emitNakedCall):
* jit/ThunkGenerators.cpp:
(JSC::nativeForGenerator):
* llint/LLIntData.cpp:
(JSC::LLInt::Data::performAssertions):
* llint/LowLevelInterpreter.asm:</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branchesjsCStackSourceJavaScriptCoreChangeLog">branches/jsCStack/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoreassemblerMaxFrameExtentForSlowPathCallh">branches/jsCStack/Source/JavaScriptCore/assembler/MaxFrameExtentForSlowPathCall.h</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoredfgDFGGraphcpp">branches/jsCStack/Source/JavaScriptCore/dfg/DFGGraph.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoredfgDFGJITCompilercpp">branches/jsCStack/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp">branches/jsCStack/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCorejitArityCheckFailReturnThunkscpp">branches/jsCStack/Source/JavaScriptCore/jit/ArityCheckFailReturnThunks.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCorejitAssemblyHelpersh">branches/jsCStack/Source/JavaScriptCore/jit/AssemblyHelpers.h</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCorejitJITcpp">branches/jsCStack/Source/JavaScriptCore/jit/JIT.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCorejitJITCall32_64cpp">branches/jsCStack/Source/JavaScriptCore/jit/JITCall32_64.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCorejitJITInlinesh">branches/jsCStack/Source/JavaScriptCore/jit/JITInlines.h</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCorejitThunkGeneratorscpp">branches/jsCStack/Source/JavaScriptCore/jit/ThunkGenerators.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCorellintLLIntDatacpp">branches/jsCStack/Source/JavaScriptCore/llint/LLIntData.cpp</a></li>
<li><a href="#branchesjsCStackSourceJavaScriptCorellintLowLevelInterpreterasm">branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter.asm</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchesjsCStackSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/ChangeLog (162520 => 162521)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/ChangeLog 2014-01-22 16:52:51 UTC (rev 162520)
+++ branches/jsCStack/Source/JavaScriptCore/ChangeLog 2014-01-22 17:19:17 UTC (rev 162521)
</span><span class="lines">@@ -1,5 +1,60 @@
</span><span class="cx"> 2014-01-22 Michael Saboff <msaboff@apple.com>
</span><span class="cx">
</span><ins>+ CStack Branch: Fix DFG for X86-32
+ https://bugs.webkit.org/show_bug.cgi?id=127407
+
+ Reviewed by Filip Pizlo.
+
+ Made DFG calling convention changes. Change frameRegisterCount() to
+ appropriately round so the stack pointer will end up being properly aligned.
+ Removed some stack pointer alignment checks that are before setting
+ the stack pointer.
+
+ Fixed maxFrameExtentForSlowPathCall to account that the most arguments we
+ actually use when calling a helper is 7. Added a compile assert to make
+ sure that maxFrameExtentForSlowPathCall has the right padding. Made the
+ corresponding changes in the LLInt.
+
+ Moved the stack pointer down by maxFrameExtentForSlowPathCall before calling
+ a helper when the stack pointer hasn't been properly set up.
+
+ Eliminated emitGetReturnPCFromCallFrameHeaderPtr() since it is no longer called.
+
+ Moved the stack pointer down in ThunkGenerators::defineUnaryDoubleOpWrapper()
+ to align it for storing xmm arguments and making a call to the helper.
+
+ Fixed an issue where ArityCheckFailReturnThunks was clobbering edx. Changed
+ it to use regT4 (edi) instead of regT1 (edx).
+
+ Made temporary space on the stack for in the LLInt when calling out to C code
+ when the stack ponter hasn't been properly set up for a code block.
+
+ * assembler/MaxFrameExtentForSlowPathCall.h:
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::frameRegisterCount):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compile):
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/ArityCheckFailReturnThunks.cpp:
+ (JSC::ArityCheckFailReturnThunks::returnPCsFor):
+ * jit/AssemblyHelpers.h:
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCall):
+ * jit/JITInlines.h:
+ (JSC::JIT::emitNakedCall):
+ * jit/ThunkGenerators.cpp:
+ (JSC::nativeForGenerator):
+ * llint/LLIntData.cpp:
+ (JSC::LLInt::Data::performAssertions):
+ * llint/LowLevelInterpreter.asm:
+
+2014-01-22 Michael Saboff <msaboff@apple.com>
+
</ins><span class="cx"> Unreviewed build fix for non FTL platforms.
</span><span class="cx">
</span><span class="cx"> * ftl/FTLValueRange.cpp: Encapsulated code within #if ENABLE(FTL_JIT) / #endif
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoreassemblerMaxFrameExtentForSlowPathCallh"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/assembler/MaxFrameExtentForSlowPathCall.h (162520 => 162521)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/assembler/MaxFrameExtentForSlowPathCall.h 2014-01-22 16:52:51 UTC (rev 162520)
+++ branches/jsCStack/Source/JavaScriptCore/assembler/MaxFrameExtentForSlowPathCall.h 2014-01-22 17:19:17 UTC (rev 162521)
</span><span class="lines">@@ -26,7 +26,9 @@
</span><span class="cx"> #ifndef MaxFrameExtentForSlowPathCall_h
</span><span class="cx"> #define MaxFrameExtentForSlowPathCall_h
</span><span class="cx">
</span><ins>+#include "JSStack.h"
</ins><span class="cx"> #include "Register.h"
</span><ins>+#include "StackAlignment.h"
</ins><span class="cx"> #include <wtf/Assertions.h>
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="lines">@@ -40,15 +42,15 @@
</span><span class="cx">
</span><span class="cx"> #elif CPU(X86_64) && OS(WINDOWS)
</span><span class="cx"> // 4 args in registers, but stack space needs to be allocated for all args.
</span><del>-static const size_t maxFrameExtentForSlowPathCall = 48;
</del><ins>+static const size_t maxFrameExtentForSlowPathCall = 64;
</ins><span class="cx">
</span><span class="cx"> #elif CPU(X86_64)
</span><span class="cx"> // All args in registers.
</span><span class="cx"> static const size_t maxFrameExtentForSlowPathCall = 0;
</span><span class="cx">
</span><span class="cx"> #elif CPU(X86)
</span><del>-// 6 args on stack (24 bytes).
-static const size_t maxFrameExtentForSlowPathCall = 24;
</del><ins>+// 7 args on stack (28 bytes).
+static const size_t maxFrameExtentForSlowPathCall = 40;
</ins><span class="cx">
</span><span class="cx"> #elif CPU(ARM64)
</span><span class="cx"> // All args in registers.
</span><span class="lines">@@ -64,7 +66,7 @@
</span><span class="cx">
</span><span class="cx"> #elif CPU(MIPS)
</span><span class="cx"> // Though args are in registers, there need to be space on the stack for all args.
</span><del>-static const size_t maxFrameExtentForSlowPathCall = 32;
</del><ins>+static const size_t maxFrameExtentForSlowPathCall = 40;
</ins><span class="cx">
</span><span class="cx"> #else
</span><span class="cx"> #error "Unsupported CPU: need value for maxFrameExtentForSlowPathCall"
</span><span class="lines">@@ -72,6 +74,8 @@
</span><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> COMPILE_ASSERT(!(maxFrameExtentForSlowPathCall % sizeof(Register)), extent_must_be_in_multiples_of_registers);
</span><ins>+// Make sure that cfr - maxFrameExtentForSlowPathCall bytes will make the stack pointer aligned
+COMPILE_ASSERT((maxFrameExtentForSlowPathCall % 16) == 16 - sizeof(CallerFrameAndPC), extent_must_align_stack_from_callframe_pointer);
</ins><span class="cx">
</span><span class="cx"> static const size_t maxFrameExtentForSlowPathCallInRegisters = maxFrameExtentForSlowPathCall / sizeof(Register);
</span><span class="cx">
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoredfgDFGGraphcpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/dfg/DFGGraph.cpp (162520 => 162521)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/dfg/DFGGraph.cpp 2014-01-22 16:52:51 UTC (rev 162520)
+++ branches/jsCStack/Source/JavaScriptCore/dfg/DFGGraph.cpp 2014-01-22 17:19:17 UTC (rev 162521)
</span><span class="lines">@@ -714,8 +714,7 @@
</span><span class="cx"> unsigned Graph::frameRegisterCount()
</span><span class="cx"> {
</span><span class="cx"> unsigned result = m_nextMachineLocal + std::max(m_parameterSlots, static_cast<unsigned>(maxFrameExtentForSlowPathCallInRegisters));
</span><del>- result = WTF::roundUpToMultipleOf(stackAlignmentRegisters(), result);
- return result;
</del><ins>+ return roundLocalRegisterCountForFramePointerOffset(result);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> unsigned Graph::stackPointerOffset()
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoredfgDFGJITCompilercpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp (162520 => 162521)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp 2014-01-22 16:52:51 UTC (rev 162520)
+++ branches/jsCStack/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp 2014-01-22 17:19:17 UTC (rev 162521)
</span><span class="lines">@@ -41,6 +41,7 @@
</span><span class="cx"> #include "DFGSpeculativeJIT.h"
</span><span class="cx"> #include "DFGThunks.h"
</span><span class="cx"> #include "JSCJSValueInlines.h"
</span><ins>+#include "MaxFrameExtentForSlowPathCall.h"
</ins><span class="cx"> #include "VM.h"
</span><span class="cx"> #include "LinkBuffer.h"
</span><span class="cx">
</span><span class="lines">@@ -283,7 +284,6 @@
</span><span class="cx"> setStartOfCode();
</span><span class="cx"> compileEntry();
</span><span class="cx"> m_speculative = adoptPtr(new SpeculativeJIT(*this));
</span><del>- checkStackPointerAlignment();
</del><span class="cx"> addPtr(TrustedImm32(m_graph.stackPointerOffset() * sizeof(Register)), GPRInfo::callFrameRegister, stackPointerRegister);
</span><span class="cx"> checkStackPointerAlignment();
</span><span class="cx"> compileBody();
</span><span class="lines">@@ -336,8 +336,6 @@
</span><span class="cx"> addPtr(TrustedImm32(virtualRegisterForLocal(m_graph.requiredRegisterCountForExecutionAndExit() - 1).offset() * sizeof(Register)), GPRInfo::callFrameRegister, GPRInfo::regT1);
</span><span class="cx"> Jump stackOverflow = branchPtr(Above, AbsoluteAddress(m_vm->addressOfJSStackLimit()), GPRInfo::regT1);
</span><span class="cx">
</span><del>- checkStackPointerAlignment();
-
</del><span class="cx"> // Move the stack pointer down to accommodate locals
</span><span class="cx"> addPtr(TrustedImm32(m_graph.stackPointerOffset() * sizeof(Register)), GPRInfo::callFrameRegister, stackPointerRegister);
</span><span class="cx"> checkStackPointerAlignment();
</span><span class="lines">@@ -357,6 +355,10 @@
</span><span class="cx"> stackOverflow.link(this);
</span><span class="cx">
</span><span class="cx"> emitStoreCodeOrigin(CodeOrigin(0));
</span><ins>+
+ if (maxFrameExtentForSlowPathCall)
+ addPtr(TrustedImm32(-maxFrameExtentForSlowPathCall), stackPointerRegister);
+
</ins><span class="cx"> m_speculative->callOperationWithCallFrameRollbackOnException(operationThrowStackOverflowError, m_codeBlock);
</span><span class="cx">
</span><span class="cx"> // The fast entry point into a function does not check the correct number of arguments
</span><span class="lines">@@ -370,7 +372,11 @@
</span><span class="cx"> load32(AssemblyHelpers::payloadFor((VirtualRegister)JSStack::ArgumentCount), GPRInfo::regT1);
</span><span class="cx"> branch32(AboveOrEqual, GPRInfo::regT1, TrustedImm32(m_codeBlock->numParameters())).linkTo(fromArityCheck, this);
</span><span class="cx"> emitStoreCodeOrigin(CodeOrigin(0));
</span><ins>+ if (maxFrameExtentForSlowPathCall)
+ addPtr(TrustedImm32(-maxFrameExtentForSlowPathCall), stackPointerRegister);
</ins><span class="cx"> m_speculative->callOperationWithCallFrameRollbackOnException(m_codeBlock->m_isConstructor ? operationConstructArityCheck : operationCallArityCheck, GPRInfo::regT0);
</span><ins>+ if (maxFrameExtentForSlowPathCall)
+ addPtr(TrustedImm32(maxFrameExtentForSlowPathCall), stackPointerRegister);
</ins><span class="cx"> branchTest32(Zero, GPRInfo::regT0).linkTo(fromArityCheck, this);
</span><span class="cx"> emitStoreCodeOrigin(CodeOrigin(0));
</span><span class="cx"> move(TrustedImmPtr(m_vm->arityCheckFailReturnThunks->returnPCsFor(*m_vm, m_codeBlock->numParameters())), GPRInfo::regT5);
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp (162520 => 162521)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2014-01-22 16:52:51 UTC (rev 162520)
+++ branches/jsCStack/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2014-01-22 17:19:17 UTC (rev 162521)
</span><span class="lines">@@ -633,7 +633,6 @@
</span><span class="cx"> int numArgs = numPassedArgs + dummyThisArgument;
</span><span class="cx">
</span><span class="cx"> m_jit.store32(MacroAssembler::TrustedImm32(numArgs), calleeFramePayloadSlot(JSStack::ArgumentCount));
</span><del>- m_jit.storePtr(GPRInfo::callFrameRegister, calleeFrameCallerFrame());
</del><span class="cx"> m_jit.store32(calleePayloadGPR, calleeFramePayloadSlot(JSStack::Callee));
</span><span class="cx"> m_jit.store32(calleeTagGPR, calleeFrameTagSlot(JSStack::Callee));
</span><span class="cx">
</span><span class="lines">@@ -660,13 +659,11 @@
</span><span class="cx">
</span><span class="cx"> m_jit.emitStoreCodeOrigin(node->codeOrigin);
</span><span class="cx">
</span><del>- m_jit.addPtr(TrustedImm32(calleeFrameOffset(numArgs)), GPRInfo::callFrameRegister);
-
</del><span class="cx"> slowPath.append(m_jit.branch32(MacroAssembler::NotEqual, calleeTagGPR, TrustedImm32(JSValue::CellTag)));
</span><span class="cx"> slowPath.append(m_jit.branchPtrWithPatch(MacroAssembler::NotEqual, calleePayloadGPR, targetToCheck));
</span><span class="cx"> m_jit.loadPtr(MacroAssembler::Address(calleePayloadGPR, OBJECT_OFFSETOF(JSFunction, m_scope)), resultPayloadGPR);
</span><del>- m_jit.storePtr(resultPayloadGPR, MacroAssembler::Address(GPRInfo::callFrameRegister, static_cast<ptrdiff_t>(sizeof(Register)) * JSStack::ScopeChain + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)));
- m_jit.store32(MacroAssembler::TrustedImm32(JSValue::CellTag), MacroAssembler::Address(GPRInfo::callFrameRegister, static_cast<ptrdiff_t>(sizeof(Register)) * JSStack::ScopeChain + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)));
</del><ins>+ m_jit.storePtr(resultPayloadGPR, calleeFramePayloadSlot(JSStack::ScopeChain));
+ m_jit.storePtr(MacroAssembler::TrustedImm32(JSValue::CellTag), calleeFrameTagSlot(JSStack::ScopeChain));
</ins><span class="cx">
</span><span class="cx"> JITCompiler::Call fastCall = m_jit.nearCall();
</span><span class="cx">
</span><span class="lines">@@ -3052,12 +3049,7 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>- // Grab the return address.
- m_jit.emitGetReturnPCFromCallFrameHeaderPtr(GPRInfo::regT2);
- // Restore our caller's "r".
- m_jit.emitGetCallerFrameFromCallFrameHeaderPtr(GPRInfo::callFrameRegister);
- // Return.
- m_jit.restoreReturnAddressBeforeReturn(GPRInfo::regT2);
</del><ins>+ m_jit.emitFunctionEpilogue();
</ins><span class="cx"> m_jit.ret();
</span><span class="cx">
</span><span class="cx"> noResult(node);
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCorejitArityCheckFailReturnThunkscpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/jit/ArityCheckFailReturnThunks.cpp (162520 => 162521)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/jit/ArityCheckFailReturnThunks.cpp 2014-01-22 16:52:51 UTC (rev 162520)
+++ branches/jsCStack/Source/JavaScriptCore/jit/ArityCheckFailReturnThunks.cpp 2014-01-22 17:19:17 UTC (rev 162521)
</span><span class="lines">@@ -73,11 +73,11 @@
</span><span class="cx"> AssemblyHelpers::stackPointerRegister,
</span><span class="cx"> (JSStack::ArgumentCount - JSStack::CallerFrameAndPCSize) * sizeof(Register) +
</span><span class="cx"> PayloadOffset),
</span><del>- GPRInfo::regT1);
</del><ins>+ GPRInfo::regT4);
</ins><span class="cx"> jit.add32(
</span><span class="cx"> AssemblyHelpers::TrustedImm32(
</span><span class="cx"> JSStack::CallFrameHeaderSize - JSStack::CallerFrameAndPCSize + size - 1),
</span><del>- GPRInfo::regT1, GPRInfo::regT2);
</del><ins>+ GPRInfo::regT4, GPRInfo::regT2);
</ins><span class="cx"> jit.lshift32(AssemblyHelpers::TrustedImm32(3), GPRInfo::regT2);
</span><span class="cx"> jit.addPtr(AssemblyHelpers::stackPointerRegister, GPRInfo::regT2);
</span><span class="cx"> jit.loadPtr(GPRInfo::regT2, GPRInfo::regT2);
</span><span class="lines">@@ -89,7 +89,7 @@
</span><span class="cx"> // Thunks like ours want to use the return PC to figure out where things
</span><span class="cx"> // were saved. So, we pay it forward.
</span><span class="cx"> jit.store32(
</span><del>- GPRInfo::regT1,
</del><ins>+ GPRInfo::regT4,
</ins><span class="cx"> AssemblyHelpers::Address(
</span><span class="cx"> AssemblyHelpers::stackPointerRegister,
</span><span class="cx"> (JSStack::ArgumentCount - JSStack::CallerFrameAndPCSize) * sizeof(Register) +
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCorejitAssemblyHelpersh"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/jit/AssemblyHelpers.h (162520 => 162521)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/jit/AssemblyHelpers.h 2014-01-22 16:52:51 UTC (rev 162520)
+++ branches/jsCStack/Source/JavaScriptCore/jit/AssemblyHelpers.h 2014-01-22 17:19:17 UTC (rev 162521)
</span><span class="lines">@@ -208,10 +208,6 @@
</span><span class="cx"> storePtr(from, Address(GPRInfo::callFrameRegister, CallFrame::callerFrameOffset()));
</span><span class="cx"> }
</span><span class="cx">
</span><del>- void emitGetReturnPCFromCallFrameHeaderPtr(RegisterID to)
- {
- loadPtr(Address(GPRInfo::callFrameRegister, CallFrame::returnPCOffset()), to);
- }
</del><span class="cx"> void emitPutReturnPCToCallFrameHeader(RegisterID from)
</span><span class="cx"> {
</span><span class="cx"> storePtr(from, Address(GPRInfo::callFrameRegister, CallFrame::returnPCOffset()));
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCorejitJITcpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/jit/JIT.cpp (162520 => 162521)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/jit/JIT.cpp 2014-01-22 16:52:51 UTC (rev 162520)
+++ branches/jsCStack/Source/JavaScriptCore/jit/JIT.cpp 2014-01-22 17:19:17 UTC (rev 162521)
</span><span class="lines">@@ -565,7 +565,11 @@
</span><span class="cx">
</span><span class="cx"> m_bytecodeOffset = 0;
</span><span class="cx">
</span><ins>+ if (maxFrameExtentForSlowPathCall)
+ addPtr(TrustedImm32(-maxFrameExtentForSlowPathCall), stackPointerRegister);
</ins><span class="cx"> callOperationWithCallFrameRollbackOnException(m_codeBlock->m_isConstructor ? operationConstructArityCheck : operationCallArityCheck);
</span><ins>+ if (maxFrameExtentForSlowPathCall)
+ addPtr(TrustedImm32(maxFrameExtentForSlowPathCall), stackPointerRegister);
</ins><span class="cx"> if (returnValueGPR != regT0)
</span><span class="cx"> move(returnValueGPR, regT0);
</span><span class="cx"> branchTest32(Zero, regT0).linkTo(beginLabel, this);
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCorejitJITCall32_64cpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/jit/JITCall32_64.cpp (162520 => 162521)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/jit/JITCall32_64.cpp 2014-01-22 16:52:51 UTC (rev 162520)
+++ branches/jsCStack/Source/JavaScriptCore/jit/JITCall32_64.cpp 2014-01-22 17:19:17 UTC (rev 162521)
</span><span class="lines">@@ -301,6 +301,7 @@
</span><span class="cx"> store32(regT2, Address(MacroAssembler::stackPointerRegister, JSStack::ScopeChain * sizeof(Register) + PayloadOffset - sizeof(CallerFrameAndPC)));
</span><span class="cx"> store32(TrustedImm32(JSValue::CellTag), Address(stackPointerRegister, JSStack::ScopeChain * sizeof(Register) + TagOffset - sizeof(CallerFrameAndPC)));
</span><span class="cx">
</span><ins>+ checkStackPointerAlignment();
</ins><span class="cx"> m_callStructureStubCompilationInfo[callLinkInfoIndex].hotPathOther = emitNakedCall();
</span><span class="cx">
</span><span class="cx"> addPtr(TrustedImm32(stackPointerOffsetFor(m_codeBlock) * sizeof(Register)), callFrameRegister, stackPointerRegister);
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCorejitJITInlinesh"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/jit/JITInlines.h (162520 => 162521)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/jit/JITInlines.h 2014-01-22 16:52:51 UTC (rev 162520)
+++ branches/jsCStack/Source/JavaScriptCore/jit/JITInlines.h 2014-01-22 17:19:17 UTC (rev 162521)
</span><span class="lines">@@ -93,7 +93,6 @@
</span><span class="cx"> ALWAYS_INLINE JIT::Call JIT::emitNakedCall(CodePtr function)
</span><span class="cx"> {
</span><span class="cx"> ASSERT(m_bytecodeOffset != (unsigned)-1); // This method should only be called during hot/cold path generation, so that m_bytecodeOffset is set.
</span><del>-
</del><span class="cx"> Call nakedCall = nearCall();
</span><span class="cx"> m_calls.append(CallRecord(nakedCall, m_bytecodeOffset, function.executableAddress()));
</span><span class="cx"> return nakedCall;
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCorejitThunkGeneratorscpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/jit/ThunkGenerators.cpp (162520 => 162521)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/jit/ThunkGenerators.cpp 2014-01-22 16:52:51 UTC (rev 162520)
+++ branches/jsCStack/Source/JavaScriptCore/jit/ThunkGenerators.cpp 2014-01-22 17:19:17 UTC (rev 162521)
</span><span class="lines">@@ -282,14 +282,14 @@
</span><span class="cx"> // Host function signature: f(ExecState*);
</span><span class="cx"> jit.move(JSInterfaceJIT::callFrameRegister, X86Registers::ecx);
</span><span class="cx">
</span><del>- jit.subPtr(JSInterfaceJIT::TrustedImm32(16 - sizeof(void*)), JSInterfaceJIT::stackPointerRegister); // Align stack after call.
</del><ins>+ jit.subPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::stackPointerRegister); // Align stack after prologue.
</ins><span class="cx">
</span><span class="cx"> // call the function
</span><span class="cx"> jit.emitGetFromCallFrameHeaderPtr(JSStack::Callee, JSInterfaceJIT::regT1);
</span><span class="cx"> jit.loadPtr(JSInterfaceJIT::Address(JSInterfaceJIT::regT1, JSFunction::offsetOfExecutable()), JSInterfaceJIT::regT1);
</span><span class="cx"> jit.call(JSInterfaceJIT::Address(JSInterfaceJIT::regT1, executableOffsetToFunction));
</span><span class="cx">
</span><del>- jit.addPtr(JSInterfaceJIT::TrustedImm32(16 - sizeof(void*)), JSInterfaceJIT::stackPointerRegister);
</del><ins>+ jit.addPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::stackPointerRegister);
</ins><span class="cx">
</span><span class="cx"> #elif CPU(X86_64)
</span><span class="cx"> // Load caller frame's scope chain into this callframe so that whatever we call can
</span><span class="lines">@@ -649,12 +649,12 @@
</span><span class="cx"> ".globl " SYMBOL_STRING(function##Thunk) "\n" \
</span><span class="cx"> HIDE_SYMBOL(function##Thunk) "\n" \
</span><span class="cx"> SYMBOL_STRING(function##Thunk) ":" "\n" \
</span><del>- "subl $8, %esp\n" \
</del><ins>+ "subl $20, %esp\n" \
</ins><span class="cx"> "movsd %xmm0, (%esp) \n" \
</span><span class="cx"> "call " GLOBAL_REFERENCE(function) "\n" \
</span><span class="cx"> "fstpl (%esp) \n" \
</span><span class="cx"> "movsd (%esp), %xmm0 \n" \
</span><del>- "addl $8, %esp\n" \
</del><ins>+ "addl $20, %esp\n" \
</ins><span class="cx"> "ret\n" \
</span><span class="cx"> );\
</span><span class="cx"> extern "C" { \
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCorellintLLIntDatacpp"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/llint/LLIntData.cpp (162520 => 162521)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/llint/LLIntData.cpp 2014-01-22 16:52:51 UTC (rev 162520)
+++ branches/jsCStack/Source/JavaScriptCore/llint/LLIntData.cpp 2014-01-22 17:19:17 UTC (rev 162521)
</span><span class="lines">@@ -130,7 +130,7 @@
</span><span class="cx"> #elif CPU(ARM) || CPU(SH4)
</span><span class="cx"> ASSERT(maxFrameExtentForSlowPathCall == 16);
</span><span class="cx"> #elif CPU(X86) || CPU(MIPS)
</span><del>- ASSERT(maxFrameExtentForSlowPathCall == 24);
</del><ins>+ ASSERT(maxFrameExtentForSlowPathCall == 40);
</ins><span class="cx"> #endif
</span><span class="cx"> ASSERT(StringType == 5);
</span><span class="cx"> ASSERT(ObjectType == 17);
</span></span></pre></div>
<a id="branchesjsCStackSourceJavaScriptCorellintLowLevelInterpreterasm"></a>
<div class="modfile"><h4>Modified: branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter.asm (162520 => 162521)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter.asm 2014-01-22 16:52:51 UTC (rev 162520)
+++ branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter.asm 2014-01-22 17:19:17 UTC (rev 162521)
</span><span class="lines">@@ -78,8 +78,10 @@
</span><span class="cx"> const maxFrameExtentForSlowPathCall = 0
</span><span class="cx"> elsif ARM or ARMv7_TRADITIONAL or ARMv7 or SH4
</span><span class="cx"> const maxFrameExtentForSlowPathCall = 16
</span><del>-elsif X86 or MIPS
-const maxFrameExtentForSlowPathCall = 24
</del><ins>+elsif X86
+const maxFrameExtentForSlowPathCall = 40
+elsif MIPS
+const maxFrameExtentForSlowPathCall = 40
</ins><span class="cx"> end
</span><span class="cx">
</span><span class="cx"> # Watchpoint states
</span><span class="lines">@@ -453,7 +455,15 @@
</span><span class="cx"> if C_LOOP
</span><span class="cx"> else
</span><span class="cx"> baddis 5, CodeBlock::m_llintExecuteCounter + ExecutionCounter::m_counter[t1], .continue
</span><del>- cCall2(osrSlowPath, cfr, PC)
</del><ins>+ if JSVALUE64
+ cCall2(osrSlowPath, cfr, PC)
+ else
+ # We are after the function prologue, but before we have set up sp from the CodeBlock.
+ # Temporarily align stack pointer for this call.
+ subp 8, sp
+ cCall2(osrSlowPath, cfr, PC)
+ addp 8, sp
+ end
</ins><span class="cx"> btpz t0, .recover
</span><span class="cx"> move cfr, sp # restore the previous sp
</span><span class="cx"> # pop the callerFrame since we will jump to a function that wants to save it
</span><span class="lines">@@ -910,7 +920,12 @@
</span><span class="cx"> callSlowPath(_llint_slow_path_size_frame_for_varargs)
</span><span class="cx"> branchIfException(_llint_throw_from_slow_path_trampoline)
</span><span class="cx"> # calleeFrame in t1
</span><del>- move t1, sp
</del><ins>+ if JSVALUE64
+ move t1, sp
+ else
+ # The calleeFrame is not stack aligned, move down by CallerFrameAndPCSize to align
+ subp t1, CallerFrameAndPCSize, sp
+ end
</ins><span class="cx"> slowPathForCall(_llint_slow_path_call_varargs)
</span><span class="cx">
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>