Changeset 192632 in webkit


Ignore:
Timestamp:
Nov 19, 2015, 10:00:18 AM (9 years ago)
Author:
mark.lam@apple.com
Message:

JIT snippet generator JumpLists should be returned as references.
https://bugs.webkit.org/show_bug.cgi?id=151445

Reviewed by Gavin Barraclough.

The JumpLists were being returned by value. As a result, new jumps added to
them in the client are actually added to a temporary copy and promptly discarded.
Those jumps never get linked, resulting in infinite loops in DFG generated code
that used the snippets.

  • jit/JITAddGenerator.h:

(JSC::JITAddGenerator::endJumpList):
(JSC::JITAddGenerator::slowPathJumpList):

  • jit/JITMulGenerator.h:

(JSC::JITMulGenerator::endJumpList):
(JSC::JITMulGenerator::slowPathJumpList):

  • jit/JITSubGenerator.h:

(JSC::JITSubGenerator::endJumpList):
(JSC::JITSubGenerator::slowPathJumpList):

Location:
trunk/Source/JavaScriptCore
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • TabularUnified trunk/Source/JavaScriptCore/ChangeLog

    r192626 r192632  
     12015-11-19  Mark Lam  <mark.lam@apple.com>
     2
     3        JIT snippet generator JumpLists should be returned as references.
     4        https://bugs.webkit.org/show_bug.cgi?id=151445
     5
     6        Reviewed by Gavin Barraclough.
     7
     8        The JumpLists were being returned by value.  As a result, new jumps added to
     9        them in the client are actually added to a temporary copy and promptly discarded.
     10        Those jumps never get linked, resulting in infinite loops in DFG generated code
     11        that used the snippets.
     12
     13        * jit/JITAddGenerator.h:
     14        (JSC::JITAddGenerator::endJumpList):
     15        (JSC::JITAddGenerator::slowPathJumpList):
     16        * jit/JITMulGenerator.h:
     17        (JSC::JITMulGenerator::endJumpList):
     18        (JSC::JITMulGenerator::slowPathJumpList):
     19        * jit/JITSubGenerator.h:
     20        (JSC::JITSubGenerator::endJumpList):
     21        (JSC::JITSubGenerator::slowPathJumpList):
     22
    1232015-11-19  Csaba Osztrogonác  <ossy@webkit.org>
    224

  • TabularUnified trunk/Source/JavaScriptCore/jit/JITAddGenerator.h

    r192599 r192632  
    6060
    6161    bool didEmitFastPath() const { return m_didEmitFastPath; }
    62     CCallHelpers::JumpList endJumpList() { return m_endJumpList; }
    63     CCallHelpers::JumpList slowPathJumpList() { return m_slowPathJumpList; }
     62    CCallHelpers::JumpList& endJumpList() { return m_endJumpList; }
     63    CCallHelpers::JumpList& slowPathJumpList() { return m_slowPathJumpList; }
    6464
    6565private:

  • TabularUnified trunk/Source/JavaScriptCore/jit/JITMulGenerator.h

    r192600 r192632  
    6161
    6262    bool didEmitFastPath() const { return m_didEmitFastPath; }
    63     CCallHelpers::JumpList endJumpList() { return m_endJumpList; }
    64     CCallHelpers::JumpList slowPathJumpList() { return m_slowPathJumpList; }
     63    CCallHelpers::JumpList& endJumpList() { return m_endJumpList; }
     64    CCallHelpers::JumpList& slowPathJumpList() { return m_slowPathJumpList; }
    6565
    6666private:

  • TabularUnified trunk/Source/JavaScriptCore/jit/JITSubGenerator.h

    r192599 r192632  
    5353
    5454    bool didEmitFastPath() const { return m_didEmitFastPath; }
    55     CCallHelpers::JumpList endJumpList() { return m_endJumpList; }
    56     CCallHelpers::JumpList slowPathJumpList() { return m_slowPathJumpList; }
     55    CCallHelpers::JumpList& endJumpList() { return m_endJumpList; }
     56    CCallHelpers::JumpList& slowPathJumpList() { return m_slowPathJumpList; }
    5757
    5858private:
Note: See TracChangeset for help on using the changeset viewer.