<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[188318] branches/jsc-tailcall/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/188318">188318</a></dd>
<dt>Author</dt> <dd>basile_clement@apple.com</dd>
<dt>Date</dt> <dd>2015-08-11 18:59:31 -0700 (Tue, 11 Aug 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>jsc-tailcall: Arity fixup should make use of the possible extra empty slots at top of the frame
https://bugs.webkit.org/show_bug.cgi?id=147893
Reviewed by Michael Saboff.
This changes the way arity fixup is performed. Since <a href="http://trac.webkit.org/projects/webkit/changeset/187767">r187767</a>, we always
ensure that the total amount of space reserved for a call frame is
stack-aligned, which means that for a non-aligned call frame size, we
have an additional "free" slot at the top of the frame. This makes it
so that when performing arity fixup, we first use that space if
necessary before moving the frame down.
This ensures that the total stack space used by a frame is always
max(argCount, numParameters) + JSStack::CallFrameHeaderSize, rounded up
to be a multiple of 2.
* jit/CCallHelpers.h:
* jit/ThunkGenerators.cpp:
(JSC::arityFixupGenerator):
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/CommonSlowPaths.h:
(JSC::CommonSlowPaths::arityCheckFor): Returns the padding in amount of slots instead of aligned stack units</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branchesjsctailcallSourceJavaScriptCoreChangeLog">branches/jsc-tailcall/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#branchesjsctailcallSourceJavaScriptCorejitCCallHelpersh">branches/jsc-tailcall/Source/JavaScriptCore/jit/CCallHelpers.h</a></li>
<li><a href="#branchesjsctailcallSourceJavaScriptCorejitThunkGeneratorscpp">branches/jsc-tailcall/Source/JavaScriptCore/jit/ThunkGenerators.cpp</a></li>
<li><a href="#branchesjsctailcallSourceJavaScriptCorellintLowLevelInterpreterasm">branches/jsc-tailcall/Source/JavaScriptCore/llint/LowLevelInterpreter.asm</a></li>
<li><a href="#branchesjsctailcallSourceJavaScriptCorellintLowLevelInterpreter32_64asm">branches/jsc-tailcall/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm</a></li>
<li><a href="#branchesjsctailcallSourceJavaScriptCorellintLowLevelInterpreter64asm">branches/jsc-tailcall/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm</a></li>
<li><a href="#branchesjsctailcallSourceJavaScriptCoreruntimeCommonSlowPathsh">branches/jsc-tailcall/Source/JavaScriptCore/runtime/CommonSlowPaths.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchesjsctailcallSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: branches/jsc-tailcall/Source/JavaScriptCore/ChangeLog (188317 => 188318)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsc-tailcall/Source/JavaScriptCore/ChangeLog 2015-08-12 01:46:06 UTC (rev 188317)
+++ branches/jsc-tailcall/Source/JavaScriptCore/ChangeLog 2015-08-12 01:59:31 UTC (rev 188318)
</span><span class="lines">@@ -1,5 +1,32 @@
</span><span class="cx"> 2015-08-11 Basile Clement <basile_clement@apple.com>
</span><span class="cx">
</span><ins>+ jsc-tailcall: Arity fixup should make use of the possible extra empty slots at top of the frame
+ https://bugs.webkit.org/show_bug.cgi?id=147893
+
+ Reviewed by Michael Saboff.
+
+ This changes the way arity fixup is performed. Since r187767, we always
+ ensure that the total amount of space reserved for a call frame is
+ stack-aligned, which means that for a non-aligned call frame size, we
+ have an additional "free" slot at the top of the frame. This makes it
+ so that when performing arity fixup, we first use that space if
+ necessary before moving the frame down.
+
+ This ensures that the total stack space used by a frame is always
+ max(argCount, numParameters) + JSStack::CallFrameHeaderSize, rounded up
+ to be a multiple of 2.
+
+ * jit/CCallHelpers.h:
+ * jit/ThunkGenerators.cpp:
+ (JSC::arityFixupGenerator):
+ * llint/LowLevelInterpreter.asm:
+ * llint/LowLevelInterpreter32_64.asm:
+ * llint/LowLevelInterpreter64.asm:
+ * runtime/CommonSlowPaths.h:
+ (JSC::CommonSlowPaths::arityCheckFor): Returns the padding in amount of slots instead of aligned stack units
+
+2015-08-11 Basile Clement <basile_clement@apple.com>
+
</ins><span class="cx"> jsc-tailcall: Make tail call tests run in all tiers
</span><span class="cx"> https://bugs.webkit.org/show_bug.cgi?id=147895
</span><span class="cx">
</span></span></pre></div>
<a id="branchesjsctailcallSourceJavaScriptCorejitCCallHelpersh"></a>
<div class="modfile"><h4>Modified: branches/jsc-tailcall/Source/JavaScriptCore/jit/CCallHelpers.h (188317 => 188318)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsc-tailcall/Source/JavaScriptCore/jit/CCallHelpers.h 2015-08-12 01:46:06 UTC (rev 188317)
+++ branches/jsc-tailcall/Source/JavaScriptCore/jit/CCallHelpers.h 2015-08-12 01:59:31 UTC (rev 188318)
</span><span class="lines">@@ -2047,10 +2047,7 @@
</span><span class="cx"> loadPtr(Address(GPRInfo::callFrameRegister, JSStack::CodeBlock * static_cast<int>(sizeof(Register))), temp2);
</span><span class="cx"> load32(Address(temp2, CodeBlock::offsetOfNumParameters()), temp2);
</span><span class="cx"> MacroAssembler::Jump argumentCountWasNotFixedUp = branch32(BelowOrEqual, temp2, temp1);
</span><del>- sub32(temp1, temp2);
- add32(TrustedImm32(stackAlignmentRegisters() - 1), temp2);
- and32(TrustedImm32(-stackAlignmentRegisters()), temp2);
- add32(temp2, temp1);
</del><ins>+ move(temp2, temp1);
</ins><span class="cx"> argumentCountWasNotFixedUp.link(this);
</span><span class="cx">
</span><span class="cx"> add32(TrustedImm32(stackAlignmentRegisters() + JSStack::CallFrameHeaderSize - 1), temp1);
</span></span></pre></div>
<a id="branchesjsctailcallSourceJavaScriptCorejitThunkGeneratorscpp"></a>
<div class="modfile"><h4>Modified: branches/jsc-tailcall/Source/JavaScriptCore/jit/ThunkGenerators.cpp (188317 => 188318)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsc-tailcall/Source/JavaScriptCore/jit/ThunkGenerators.cpp 2015-08-12 01:46:06 UTC (rev 188317)
+++ branches/jsc-tailcall/Source/JavaScriptCore/jit/ThunkGenerators.cpp 2015-08-12 01:59:31 UTC (rev 188318)
</span><span class="lines">@@ -367,7 +367,7 @@
</span><span class="cx"> {
</span><span class="cx"> JSInterfaceJIT jit(vm);
</span><span class="cx">
</span><del>- // We enter with fixup count, in aligned stack units, in argumentGPR0 and the return thunk in argumentGPR1
</del><ins>+ // We enter with fixup count in argumentGPR0
</ins><span class="cx"> // We have the guarantee that a0, a1, a2, t3, t4 and t5 (or t0 for Windows) are all distinct :-)
</span><span class="cx"> #if USE(JSVALUE64)
</span><span class="cx"> #if OS(WINDOWS)
</span><span class="lines">@@ -378,12 +378,25 @@
</span><span class="cx"> # if CPU(X86_64)
</span><span class="cx"> jit.pop(JSInterfaceJIT::regT4);
</span><span class="cx"> # endif
</span><del>- jit.lshift32(JSInterfaceJIT::TrustedImm32(logStackAlignmentRegisters()), JSInterfaceJIT::argumentGPR0);
- jit.neg64(JSInterfaceJIT::argumentGPR0);
</del><span class="cx"> jit.move(JSInterfaceJIT::callFrameRegister, JSInterfaceJIT::regT3);
</span><span class="cx"> jit.load32(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, JSStack::ArgumentCount * sizeof(Register)), JSInterfaceJIT::argumentGPR2);
</span><span class="cx"> jit.add32(JSInterfaceJIT::TrustedImm32(JSStack::CallFrameHeaderSize), JSInterfaceJIT::argumentGPR2);
</span><span class="cx">
</span><ins>+ // Check to see if we have extra slots we can use
+ jit.move(JSInterfaceJIT::argumentGPR0, JSInterfaceJIT::argumentGPR1);
+ jit.and32(JSInterfaceJIT::TrustedImm32(stackAlignmentRegisters() - 1), JSInterfaceJIT::argumentGPR1);
+ JSInterfaceJIT::Jump noExtraSlot = jit.branchTest32(MacroAssembler::Zero, JSInterfaceJIT::argumentGPR1);
+ jit.move(JSInterfaceJIT::TrustedImm64(ValueUndefined), extraTemp);
+ JSInterfaceJIT::Label fillExtraSlots(jit.label());
+ jit.store64(extraTemp, MacroAssembler::BaseIndex(JSInterfaceJIT::callFrameRegister, JSInterfaceJIT::argumentGPR2, JSInterfaceJIT::TimesEight));
+ jit.add32(JSInterfaceJIT::TrustedImm32(1), JSInterfaceJIT::argumentGPR2);
+ jit.branchSub32(JSInterfaceJIT::NonZero, JSInterfaceJIT::TrustedImm32(1), JSInterfaceJIT::argumentGPR1).linkTo(fillExtraSlots, &jit);
+ jit.and32(JSInterfaceJIT::TrustedImm32(-stackAlignmentRegisters()), JSInterfaceJIT::argumentGPR0);
+ JSInterfaceJIT::Jump done = jit.branchTest32(MacroAssembler::Zero, JSInterfaceJIT::argumentGPR0);
+ noExtraSlot.link(&jit);
+
+ jit.neg64(JSInterfaceJIT::argumentGPR0);
+
</ins><span class="cx"> // Move current frame down argumentGPR0 number of slots
</span><span class="cx"> JSInterfaceJIT::Label copyLoop(jit.label());
</span><span class="cx"> jit.load64(JSInterfaceJIT::regT3, extraTemp);
</span><span class="lines">@@ -405,6 +418,8 @@
</span><span class="cx"> jit.addPtr(extraTemp, JSInterfaceJIT::callFrameRegister);
</span><span class="cx"> jit.addPtr(extraTemp, JSInterfaceJIT::stackPointerRegister);
</span><span class="cx">
</span><ins>+ done.link(&jit);
+
</ins><span class="cx"> # if CPU(X86_64)
</span><span class="cx"> jit.push(JSInterfaceJIT::regT4);
</span><span class="cx"> # endif
</span><span class="lines">@@ -413,18 +428,33 @@
</span><span class="cx"> # if CPU(X86)
</span><span class="cx"> jit.pop(JSInterfaceJIT::regT4);
</span><span class="cx"> # endif
</span><del>- jit.lshift32(JSInterfaceJIT::TrustedImm32(logStackAlignmentRegisters()), JSInterfaceJIT::argumentGPR0);
- jit.neg32(JSInterfaceJIT::argumentGPR0);
</del><span class="cx"> jit.move(JSInterfaceJIT::callFrameRegister, JSInterfaceJIT::regT3);
</span><span class="cx"> jit.load32(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, JSStack::ArgumentCount * sizeof(Register)), JSInterfaceJIT::argumentGPR2);
</span><span class="cx"> jit.add32(JSInterfaceJIT::TrustedImm32(JSStack::CallFrameHeaderSize), JSInterfaceJIT::argumentGPR2);
</span><span class="cx">
</span><ins>+ // Check to see if we have extra slots we can use
+ jit.move(JSInterfaceJIT::argumentGPR0, JSInterfaceJIT::argumentGPR1);
+ jit.and32(JSInterfaceJIT::TrustedImm32(stackAlignmentRegisters() - 1), JSInterfaceJIT::argumentGPR1);
+ JSInterfaceJIT::Jump noExtraSlot = jit.branchTest32(MacroAssembler::Zero, JSInterfaceJIT::argumentGPR1);
+ JSInterfaceJIT::Label fillExtraSlots(jit.label());
+ jit.move(JSInterfaceJIT::TrustedImm32(0), JSInterfaceJIT::regT5);
+ jit.store32(JSInterfaceJIT::regT5, MacroAssembler::BaseIndex(JSInterfaceJIT::callFrameRegister, JSInterfaceJIT::argumentGPR2, JSInterfaceJIT::TimesEight, PayloadOffset));
+ jit.move(JSInterfaceJIT::TrustedImm32(JSValue::UndefinedTag), JSInterfaceJIT::regT5);
+ jit.store32(JSInterfaceJIT::regT5, MacroAssembler::BaseIndex(JSInterfaceJIT::callFrameRegister, JSInterfaceJIT::argumentGPR2, JSInterfaceJIT::TimesEight, TagOffset));
+ jit.add32(JSInterfaceJIT::TrustedImm32(1), JSInterfaceJIT::argumentGPR2);
+ jit.branchSub32(JSInterfaceJIT::NonZero, JSInterfaceJIT::TrustedImm32(1), JSInterfaceJIT::argumentGPR1).linkTo(fillExtraSlots, &jit);
+ jit.and32(JSInterfaceJIT::TrustedImm32(-stackAlignmentRegisters()), JSInterfaceJIT::argumentGPR0);
+ JSInterfaceJIT::Jump done = jit.branchTest32(MacroAssembler::Zero, JSInterfaceJIT::argumentGPR0);
+ noExtraSlot.link(&jit);
+
+ jit.neg32(JSInterfaceJIT::argumentGPR0);
+
</ins><span class="cx"> // Move current frame down argumentGPR0 number of slots
</span><span class="cx"> JSInterfaceJIT::Label copyLoop(jit.label());
</span><del>- jit.load32(JSInterfaceJIT::regT3, JSInterfaceJIT::regT5);
- jit.store32(JSInterfaceJIT::regT5, MacroAssembler::BaseIndex(JSInterfaceJIT::regT3, JSInterfaceJIT::argumentGPR0, JSInterfaceJIT::TimesEight));
- jit.load32(MacroAssembler::Address(JSInterfaceJIT::regT3, 4), JSInterfaceJIT::regT5);
- jit.store32(JSInterfaceJIT::regT5, MacroAssembler::BaseIndex(JSInterfaceJIT::regT3, JSInterfaceJIT::argumentGPR0, JSInterfaceJIT::TimesEight, 4));
</del><ins>+ jit.load32(MacroAssembler::Address(JSInterfaceJIT::regT3, PayloadOffset), JSInterfaceJIT::regT5);
+ jit.store32(JSInterfaceJIT::regT5, MacroAssembler::BaseIndex(JSInterfaceJIT::regT3, JSInterfaceJIT::argumentGPR0, JSInterfaceJIT::TimesEight, PayloadOffset));
+ jit.load32(MacroAssembler::Address(JSInterfaceJIT::regT3, TagOffset), JSInterfaceJIT::regT5);
+ jit.store32(JSInterfaceJIT::regT5, MacroAssembler::BaseIndex(JSInterfaceJIT::regT3, JSInterfaceJIT::argumentGPR0, JSInterfaceJIT::TimesEight, TagOffset));
</ins><span class="cx"> jit.addPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::regT3);
</span><span class="cx"> jit.branchSub32(MacroAssembler::NonZero, JSInterfaceJIT::TrustedImm32(1), JSInterfaceJIT::argumentGPR2).linkTo(copyLoop, &jit);
</span><span class="cx">
</span><span class="lines">@@ -432,9 +462,9 @@
</span><span class="cx"> jit.move(JSInterfaceJIT::argumentGPR0, JSInterfaceJIT::argumentGPR2);
</span><span class="cx"> JSInterfaceJIT::Label fillUndefinedLoop(jit.label());
</span><span class="cx"> jit.move(JSInterfaceJIT::TrustedImm32(0), JSInterfaceJIT::regT5);
</span><del>- jit.store32(JSInterfaceJIT::regT5, MacroAssembler::BaseIndex(JSInterfaceJIT::regT3, JSInterfaceJIT::argumentGPR0, JSInterfaceJIT::TimesEight));
</del><ins>+ jit.store32(JSInterfaceJIT::regT5, MacroAssembler::BaseIndex(JSInterfaceJIT::regT3, JSInterfaceJIT::argumentGPR0, JSInterfaceJIT::TimesEight, PayloadOffset));
</ins><span class="cx"> jit.move(JSInterfaceJIT::TrustedImm32(JSValue::UndefinedTag), JSInterfaceJIT::regT5);
</span><del>- jit.store32(JSInterfaceJIT::regT5, MacroAssembler::BaseIndex(JSInterfaceJIT::regT3, JSInterfaceJIT::argumentGPR0, JSInterfaceJIT::TimesEight, 4));
</del><ins>+ jit.store32(JSInterfaceJIT::regT5, MacroAssembler::BaseIndex(JSInterfaceJIT::regT3, JSInterfaceJIT::argumentGPR0, JSInterfaceJIT::TimesEight, TagOffset));
</ins><span class="cx">
</span><span class="cx"> jit.addPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::regT3);
</span><span class="cx"> jit.branchAdd32(MacroAssembler::NonZero, JSInterfaceJIT::TrustedImm32(1), JSInterfaceJIT::argumentGPR2).linkTo(fillUndefinedLoop, &jit);
</span><span class="lines">@@ -445,6 +475,8 @@
</span><span class="cx"> jit.addPtr(JSInterfaceJIT::regT5, JSInterfaceJIT::callFrameRegister);
</span><span class="cx"> jit.addPtr(JSInterfaceJIT::regT5, JSInterfaceJIT::stackPointerRegister);
</span><span class="cx">
</span><ins>+ done.link(&jit);
+
</ins><span class="cx"> # if CPU(X86)
</span><span class="cx"> jit.push(JSInterfaceJIT::regT4);
</span><span class="cx"> # endif
</span></span></pre></div>
<a id="branchesjsctailcallSourceJavaScriptCorellintLowLevelInterpreterasm"></a>
<div class="modfile"><h4>Modified: branches/jsc-tailcall/Source/JavaScriptCore/llint/LowLevelInterpreter.asm (188317 => 188318)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsc-tailcall/Source/JavaScriptCore/llint/LowLevelInterpreter.asm 2015-08-12 01:46:06 UTC (rev 188317)
+++ branches/jsc-tailcall/Source/JavaScriptCore/llint/LowLevelInterpreter.asm 2015-08-12 01:59:31 UTC (rev 188318)
</span><span class="lines">@@ -168,6 +168,7 @@
</span><span class="cx"> const DirectArguments_storage = (sizeof DirectArguments + SlotSize - 1) & ~(SlotSize - 1)
</span><span class="cx">
</span><span class="cx"> const StackAlignment = 16
</span><ins>+const StackAlignmentSlots = 2
</ins><span class="cx"> const StackAlignmentMask = StackAlignment - 1
</span><span class="cx">
</span><span class="cx"> const CallerFrameAndPCSize = 2 * PtrSize
</span><span class="lines">@@ -732,20 +733,15 @@
</span><span class="cx"> macro popFrame(temp1, temp2)
</span><span class="cx"> const argCount = temp1
</span><span class="cx"> const numParameters = temp2
</span><del>- const missingArgCount = temp2
</del><span class="cx">
</span><span class="cx"> loadi PayloadOffset + ArgumentCount[cfr], argCount
</span><del>- mulp SlotSize, argCount
</del><span class="cx"> loadp CodeBlock[cfr], numParameters
</span><span class="cx"> loadi CodeBlock::m_numParameters[numParameters], numParameters
</span><del>- mulp SlotSize, numParameters
</del><span class="cx"> bilteq numParameters, argCount, .noArityFixup
</span><ins>+ move numParameters, argCount
</ins><span class="cx">
</span><del>- subi numParameters, argCount, missingArgCount
- addp StackAlignmentMask, missingArgCount
- andp ~StackAlignmentMask, missingArgCount
- addi missingArgCount, argCount
</del><span class="cx"> .noArityFixup:
</span><ins>+ mulp SlotSize, argCount
</ins><span class="cx"> alignFrameSize(argCount)
</span><span class="cx"> addp argCount, cfr
</span><span class="cx"> end
</span></span></pre></div>
<a id="branchesjsctailcallSourceJavaScriptCorellintLowLevelInterpreter32_64asm"></a>
<div class="modfile"><h4>Modified: branches/jsc-tailcall/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm (188317 => 188318)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsc-tailcall/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm 2015-08-12 01:46:06 UTC (rev 188317)
+++ branches/jsc-tailcall/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm 2015-08-12 01:59:31 UTC (rev 188318)
</span><span class="lines">@@ -585,13 +585,27 @@
</span><span class="cx"> .proceedInline:
</span><span class="cx"> loadi CommonSlowPaths::ArityCheckData::paddedStackSpace[r1], t1
</span><span class="cx"> btiz t1, .continue
</span><ins>+ loadi PayloadOffset + ArgumentCount[cfr], t2
+ addi CallFrameHeaderSlots, t2
</ins><span class="cx">
</span><del>- // Move frame up "t1 * 2" slots
- lshiftp 1, t1
</del><ins>+ // Check if there are some unaligned slots we can use
+ move t1, t3
+ andi StackAlignmentSlots - 1, t3
+ btiz t3, .noExtraSlot
+.fillExtraSlots:
+ move 0, t0
+ storei t0, PayloadOffset[cfr, t2, 8]
+ move UndefinedTag, t0
+ storei t0, TagOffset[cfr, t2, 8]
+ addi 1, t2
+ bsubinz 1, t3, .fillExtraSlots
+ andi ~(StackAlignmentSlots - 1), t1
+ btiz t1, .continue
+
+.noExtraSlot:
+ // Move frame up t1 slots
</ins><span class="cx"> negi t1
</span><span class="cx"> move cfr, t3
</span><del>- loadi PayloadOffset + ArgumentCount[cfr], t2
- addi CallFrameHeaderSlots, t2
</del><span class="cx"> .copyLoop:
</span><span class="cx"> loadi PayloadOffset[t3], t0
</span><span class="cx"> storei t0, PayloadOffset[t3, t1, 8]
</span></span></pre></div>
<a id="branchesjsctailcallSourceJavaScriptCorellintLowLevelInterpreter64asm"></a>
<div class="modfile"><h4>Modified: branches/jsc-tailcall/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm (188317 => 188318)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsc-tailcall/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm 2015-08-12 01:46:06 UTC (rev 188317)
+++ branches/jsc-tailcall/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm 2015-08-12 01:59:31 UTC (rev 188318)
</span><span class="lines">@@ -496,14 +496,27 @@
</span><span class="cx"> .noError:
</span><span class="cx"> loadi CommonSlowPaths::ArityCheckData::paddedStackSpace[r1], t1
</span><span class="cx"> btiz t1, .continue
</span><ins>+ loadi PayloadOffset + ArgumentCount[cfr], t2
+ addi CallFrameHeaderSlots, t2
</ins><span class="cx">
</span><del>- // Move frame up "t1 * 2" slots
- lshiftp 1, t1
</del><ins>+ // Check if there are some unaligned slots we can use
+ move t1, t3
+ andi StackAlignmentSlots - 1, t3
+ btiz t3, .noExtraSlot
+ move ValueUndefined, t0
+.fillExtraSlots:
+ storeq t0, [cfr, t2, 8]
+ addi 1, t2
+ bsubinz 1, t3, .fillExtraSlots
+ andi ~(StackAlignmentSlots - 1), t1
+ btiz t1, .continue
+
+.noExtraSlot:
+ // Move frame up t1 slots
</ins><span class="cx"> negq t1
</span><span class="cx"> move cfr, t3
</span><span class="cx"> subp CalleeSaveSpaceAsVirtualRegisters * 8, t3
</span><del>- loadi PayloadOffset + ArgumentCount[cfr], t2
- addi CallFrameHeaderSlots + CalleeSaveSpaceAsVirtualRegisters, t2
</del><ins>+ addi CalleeSaveSpaceAsVirtualRegisters, t2
</ins><span class="cx"> .copyLoop:
</span><span class="cx"> loadq [t3], t0
</span><span class="cx"> storeq t0, [t3, t1, 8]
</span></span></pre></div>
<a id="branchesjsctailcallSourceJavaScriptCoreruntimeCommonSlowPathsh"></a>
<div class="modfile"><h4>Modified: branches/jsc-tailcall/Source/JavaScriptCore/runtime/CommonSlowPaths.h (188317 => 188318)</h4>
<pre class="diff"><span>
<span class="info">--- branches/jsc-tailcall/Source/JavaScriptCore/runtime/CommonSlowPaths.h 2015-08-12 01:46:06 UTC (rev 188317)
+++ branches/jsc-tailcall/Source/JavaScriptCore/runtime/CommonSlowPaths.h 2015-08-12 01:59:31 UTC (rev 188318)
</span><span class="lines">@@ -59,12 +59,14 @@
</span><span class="cx"> int argumentCountIncludingThis = exec->argumentCountIncludingThis();
</span><span class="cx">
</span><span class="cx"> ASSERT(argumentCountIncludingThis < newCodeBlock->numParameters());
</span><del>- int missingArgumentCount = newCodeBlock->numParameters() - argumentCountIncludingThis;
- int paddedStackSpace = WTF::roundUpToMultipleOf(stackAlignmentRegisters(), missingArgumentCount);
</del><ins>+ int frameSize = argumentCountIncludingThis + JSStack::CallFrameHeaderSize;
+ int alignedFrameSizeForParameters = WTF::roundUpToMultipleOf(stackAlignmentRegisters(),
+ newCodeBlock->numParameters() + JSStack::CallFrameHeaderSize);
+ int paddedStackSpace = alignedFrameSizeForParameters - frameSize;
</ins><span class="cx">
</span><del>- if (!stack->ensureCapacityFor(exec->registers() - paddedStackSpace))
</del><ins>+ if (!stack->ensureCapacityFor(exec->registers() - paddedStackSpace % stackAlignmentRegisters()))
</ins><span class="cx"> return -1;
</span><del>- return paddedStackSpace / stackAlignmentRegisters();
</del><ins>+ return paddedStackSpace;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> inline bool opIn(ExecState* exec, JSValue propName, JSValue baseVal)
</span></span></pre>
</div>
</div>
</body>
</html>