[Webkit-unassigned] [Bug 130638] [Win64] ASM LLINT is not enabled.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jun 24 09:37:47 PDT 2014 

https://bugs.webkit.org/show_bug.cgi?id=130638





--- Comment #57 from peavo at outlook.com  2014-06-24 09:38:05 PST ---
(In reply to comment #55)
> (From update of attachment 233634 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=233634&action=review
> 

Thanks again for reviewing :)

> However, we don't actually know how many arguments are being passed for this call.  Fortunately, we can just be conservative and reserve the worst case amount of space needed.  That said, we still need to conservatively copy the 5th and 6th arguments over as if they exists.  Please add that code.
> 
> > Source/JavaScriptCore/jit/CCallHelpers.h:786
> > -#if CPU(MIPS) || (OS(WINDOWS) && CPU(X86_64))
> > +#if CPU(MIPS)
> >  #define POKE_ARGUMENT_OFFSET 4
> > +#elif CPU(X86_64) && OS(WINDOWS)
> > +#define POKE_ARGUMENT_OFFSET -4
> >  #else
> 
> This is wrong.  Please undo.
> 

Thanks, updated patch accordingly.

I'm probably missing something, but isn't this roughly the same as setting POKE_ARGUMENT_OFFSET == - 4?
See attempt at drawing below :)


 Slot
     ----------------------
     |  ret addr           |     Put by call instruction.
     |---------------------|
 8   |  param 1            |
     |---------------------|          
 7   |  param 2            | 
     |---------------------|     Shadow space (slot 5-8)
 6   |  param 3            |
     |---------------------|
 5   |  param 4            |
     |---------------------|
 4   |  param 5            |     Arg 5 will be poke'd here when POKE_ARGUMENT_OFFSET == - 4
     |---------------------|
 3   |  param 6            |     Arg 6 will be poke'd here when POKE_ARGUMENT_OFFSET == - 4
     |---------------------|
 2   |  prev frame*        |
     |---------------------|
 1   |  ret addr (empty)   |
     |---------------------|
     |                     |  <---- sp points here
     |  param 1            |
     |---------------------|
     |  param 2            |
     |---------------------|
     |  param 3            |
     |---------------------|
     |  param 4            |
     |---------------------|
     |  param 5            |     Arg 5 will be poke'd here when POKE_ARGUMENT_OFFSET == 4 and copied to slot 4
     |---------------------|
     |  param 6            |     Arg 6 will be poke'd here when POKE_ARGUMENT_OFFSET == 4 and copied to slot 3
     |---------------------|  
     |    Current JS frame |  


> 
> cCall2() is used to call slow path functions that may recurse and call JS functions again.  Doesn't that mean you also need to write the CallerFrame pointer to the stack here?
> 
> As for cCall2Void() below, a cursory scan of its callers tells me that we don't currently use it to call something that can recurse into JS.  But we don't know if we may in the future.  Do you think it needs to store the CallerFrame pointer there too?

I don't think this is needed since the frame pointer will be passed to the function as the first parameter, e.g. cCall2(slowPath, cfr, PC).
In makeHostFunctionCall, on the other hand, we pass a pointer to the frame pointer (on the stack) as the first parameter:

move sp, arg1
storep cfr, [sp]
...
call ...

Please correct me if I'm wrong.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list