Context Navigation

← Previous Changeset
Next Changeset →

Changeset 215596 in webkit

Timestamp:

Apr 20, 2017 5:30:44 PM (7 years ago)

Author:

mark.lam@apple.com

Message:

virtualThunkFor() needs to materialize its of tagMaskRegister for tail calls.
https://bugs.webkit.org/show_bug.cgi?id=171079
<rdar://problem/31684756>

Reviewed by Saam Barati.

JSTests:

stress/regress-171079.js: Added.

Source/JavaScriptCore:

This is needed because tail calls would restore callee saved registers (and
therefore, potentially clobber the tag registers) before jumping to the thunk.

jit/ThunkGenerators.cpp:

(JSC::virtualThunkFor):

Location:

trunk

Files:

: 1 added
: 3 edited

JSTests/ChangeLog (modified) (1 diff)
JSTests/stress/regress-171079.js (added)
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
Source/JavaScriptCore/jit/ThunkGenerators.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/JSTests/ChangeLog

-                      r215565
+                      r215596
+-04-20  Mark Lam  <mark.lam@apple.com>
+        virtualThunkFor() needs to materialize its of tagMaskRegister for tail calls.
+        https://bugs.webkit.org/show_bug.cgi?id=171079
+        <rdar://problem/31684756>
+        Reviewed by Saam Barati.
+        * stress/regress-171079.js: Added.
 -04-15  Filip Pizlo  <fpizlo@apple.com>

trunk/Source/JavaScriptCore/ChangeLog

-                      r215595
+                      r215596
+-04-20  Mark Lam  <mark.lam@apple.com>
+        virtualThunkFor() needs to materialize its of tagMaskRegister for tail calls.
+        https://bugs.webkit.org/show_bug.cgi?id=171079
+        <rdar://problem/31684756>
+        Reviewed by Saam Barati.
+        This is needed because tail calls would restore callee saved registers (and
+        therefore, potentially clobber the tag registers) before jumping to the thunk.
+        * jit/ThunkGenerators.cpp:
+        (JSC::virtualThunkFor):
 -04-20  Mark Lam  <mark.lam@apple.com>

trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp

-                      r214645
+                      r215596
 #if USE(JSVALUE64)
+    GPRReg tagMaskRegister = GPRInfo::tagMaskRegister;
+    if (callLinkInfo.isTailCall()) {
+        // Tail calls could have clobbered the GPRInfo::tagMaskRegister because they
+        // restore callee saved registers before getthing here. So, let's materialize
+        // the TagMask in a temp register and use the temp instead.
+        tagMaskRegister = GPRInfo::regT4;
+        jit.move(CCallHelpers::TrustedImm64(TagMask), tagMaskRegister);
+    }
     slowCase.append(
+        jit.branchTest64(
+            CCallHelpers::NonZero, GPRInfo::regT0, GPRInfo::tagMaskRegister));
+        jit.branchTest64(CCallHelpers::NonZero, GPRInfo::regT0, tagMaskRegister));
 #else
     slowCase.append(

Note: See TracChangeset for help on using the changeset viewer.