Changeset 161084 in webkit


Ignore:
Timestamp:
Dec 25, 2013, 11:17:13 PM (11 years ago)
Author:
mark.lam@apple.com
Message:

jsc-layout-tests.yaml/js/script-tests/function-apply-aliased.js.layout-no-cjit is failing.
https://bugs.webkit.org/show_bug.cgi?id=126174.

Not yet reviewed.

When we do a stack check in a function prologue, the activation object
in the frame hasn't been set yet. The test failures came from the stack
unwinding code trying to tear off the frame to a non-existant activation
object. Since we haven't entered the function yet and the frame is
technically not fully "pushed" yet, we can throw i.e. start the unwinding
from the caller frame instead. This fixes the issue.

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • When we have a StackOverflowError, return the caller's CallFrame in the second value in the SlowPathReturnType.
  • llint/LowLevelInterpreter.asm:
  • Check if the second value of the SlowPathReturnType from the stack check is 0. If not 0, set the cfr to the returned CallFrame* before we start handling the StackOverflowError and unwinding the stack.
Location:
branches/jsCStack/Source/JavaScriptCore
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • branches/jsCStack/Source/JavaScriptCore/ChangeLog

    r161061 r161084  
     12013-12-25  Mark Lam  <mark.lam@apple.com>
     2
     3        jsc-layout-tests.yaml/js/script-tests/function-apply-aliased.js.layout-no-cjit is failing.
     4        https://bugs.webkit.org/show_bug.cgi?id=126174.
     5
     6        Not yet reviewed.
     7
     8        When we do a stack check in a function prologue, the activation object
     9        in the frame hasn't been set yet. The test failures came from the stack
     10        unwinding code trying to tear off the frame to a non-existant activation
     11        object. Since we haven't entered the function yet and the frame is
     12        technically not fully "pushed" yet, we can throw i.e. start the unwinding
     13        from the caller frame instead. This fixes the issue.
     14
     15        * llint/LLIntSlowPaths.cpp:
     16        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
     17        - When we have a StackOverflowError, return the caller's CallFrame in
     18          the second value in the SlowPathReturnType.
     19        * llint/LowLevelInterpreter.asm:
     20        - Check if the second value of the SlowPathReturnType from the stack
     21          check is 0. If not 0, set the cfr to the returned CallFrame* before
     22          we start handling the StackOverflowError and unwinding the stack.
     23
    1242013-12-24  Michael Saboff  <msaboff@apple.com>
    225

  • branches/jsCStack/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

    r160967 r161084  
    443443#endif
    444444
     445    // This stack check is done in the prologue for a function call, and the
     446    // CallFrame is not completely set up yet. For example, if the frame needs
     447    // an activation object, the activation object will only be set up after
     448    // we start executing the function. If we need to throw a StackOverflowError
     449    // here, then we need to tell the prologue to start the stack unwinding from
     450    // the caller frame (which is fully set up) instead. To do that, we return
     451    // the caller's CallFrame in the second return value.
     452    //
     453    // If the stack check succeeds and we don't need to throw the error, then
     454    // we'll return 0 instead. The prologue will check for a non-zero value
     455    // when determining whether to set the callFrame or not.
     456
    445457    // For JIT enabled builds which uses the C stack, the stack is not growable.
    446458    // Hence, if we get here, then we know a stack overflow is imminent. So, just
     
    448460#if ENABLE(LLINT_C_LOOP)
    449461    ASSERT(!exec->vm().interpreter->stack().containsAddress(exec->topOfFrame()));
    450     if (UNLIKELY(!vm.interpreter->stack().ensureCapacityFor(exec->topOfFrame())))
     462    if (LIKELY(vm.interpreter->stack().ensureCapacityFor(exec->topOfFrame())))
     463        LLINT_RETURN_TWO(pc, 0);
    451464#endif
    452     {
    453         exec = exec->callerFrame();
    454         Interpreter::ErrorHandlingMode mode(exec);
    455         CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec));
    456         pc = returnToThrowForThrownException(exec);
    457     }
    458     LLINT_END_IMPL();
     465
     466    exec = exec->callerFrame();
     467    Interpreter::ErrorHandlingMode mode(exec);
     468    CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec));
     469    pc = returnToThrowForThrownException(exec);
     470    LLINT_RETURN_TWO(pc, exec);
    459471}
    460472

  • branches/jsCStack/Source/JavaScriptCore/llint/LowLevelInterpreter.asm

    r160936 r161084  
    434434    # Stack height check failed - need to call a slow_path.
    435435    callSlowPath(_llint_stack_check)
     436    bpeq t1, 0, .stackHeightOK
     437    move t1, cfr
    436438.stackHeightOK:
    437439end
Note: See TracChangeset for help on using the changeset viewer.