Changeset 90215 in webkit

Timestamp:

Jul 1, 2011, 12:47:55 AM (14 years ago)

Author:

commit-queue@webkit.org

Message:

2011-07-01 Sheriff Bot <​webkit.review.bot@gmail.com>

Unreviewed, rolling out r90177 and r90179.
​http://trac.webkit.org/changeset/90177
​http://trac.webkit.org/changeset/90179
​https://bugs.webkit.org/show_bug.cgi?id=63790

It caused crashes on Qt in debug mode (Requested by Ossy on
#webkit).

• assembler/MacroAssemblerARM.h: (JSC::MacroAssemblerARM::rshift32): (JSC::MacroAssemblerARM::supportsFloatingPointSqrt): (JSC::MacroAssemblerARM::sqrtDouble):
• assembler/MacroAssemblerARMv7.h: (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt): (JSC::MacroAssemblerARMv7::sqrtDouble):
• assembler/MacroAssemblerMIPS.h: (JSC::MacroAssemblerMIPS::sqrtDouble): (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
• assembler/MacroAssemblerSH4.h: (JSC::MacroAssemblerSH4::sqrtDouble):
• assembler/MacroAssemblerX86.h:
• assembler/MacroAssemblerX86Common.h:
• assembler/MacroAssemblerX86_64.h:
• assembler/X86Assembler.h:
• create_hash_table:
• jit/JSInterfaceJIT.h: (JSC::JSInterfaceJIT::emitLoadDouble):
• jit/SpecializedThunkJIT.h: (JSC::SpecializedThunkJIT::finalize):
• jit/ThunkGenerators.cpp:
• jit/ThunkGenerators.h:

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• assembler/MacroAssemblerARM.h (modified) (3 diffs)
• assembler/MacroAssemblerARMv7.h (modified) (2 diffs)
• assembler/MacroAssemblerMIPS.h (modified) (2 diffs)
• assembler/MacroAssemblerSH4.h (modified) (2 diffs)
• assembler/MacroAssemblerX86.h (modified) (1 diff)
• assembler/MacroAssemblerX86Common.h (modified) (1 diff)
• assembler/MacroAssemblerX86_64.h (modified) (1 diff)
• assembler/X86Assembler.h (modified) (2 diffs)
• create_hash_table (modified) (1 diff)
• jit/JSInterfaceJIT.h (modified) (2 diffs)
• jit/SpecializedThunkJIT.h (modified) (2 diffs)
• jit/ThunkGenerators.cpp (modified) (1 diff)
• jit/ThunkGenerators.h (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2011-07-01  Sheriff Bot  <webkit.review.bot@gmail.com>
+
+        Unreviewed, rolling out r90177 and r90179.
+        http://trac.webkit.org/changeset/90177
+        http://trac.webkit.org/changeset/90179
+        https://bugs.webkit.org/show_bug.cgi?id=63790
+
+        It caused crashes on Qt in debug mode (Requested by Ossy on
+        #webkit).
+
+        * assembler/MacroAssemblerARM.h:
+        (JSC::MacroAssemblerARM::rshift32):
+        (JSC::MacroAssemblerARM::supportsFloatingPointSqrt):
+        (JSC::MacroAssemblerARM::sqrtDouble):
+        * assembler/MacroAssemblerARMv7.h:
+        (JSC::MacroAssemblerARMv7::supportsFloatingPointSqrt):
+        (JSC::MacroAssemblerARMv7::sqrtDouble):
+        * assembler/MacroAssemblerMIPS.h:
+        (JSC::MacroAssemblerMIPS::sqrtDouble):
+        (JSC::MacroAssemblerMIPS::supportsFloatingPointSqrt):
+        * assembler/MacroAssemblerSH4.h:
+        (JSC::MacroAssemblerSH4::sqrtDouble):
+        * assembler/MacroAssemblerX86.h:
+        * assembler/MacroAssemblerX86Common.h:
+        * assembler/MacroAssemblerX86_64.h:
+        * assembler/X86Assembler.h:
+        * create_hash_table:
+        * jit/JSInterfaceJIT.h:
+        (JSC::JSInterfaceJIT::emitLoadDouble):
+        * jit/SpecializedThunkJIT.h:
+        (JSC::SpecializedThunkJIT::finalize):
+        * jit/ThunkGenerators.cpp:
+        * jit/ThunkGenerators.h:
+
 2011-06-30  Oliver Hunt  <oliver@apple.com>
 

trunk/Source/JavaScriptCore/assembler/MacroAssemblerARM.h

@@ -180 +180 @@
         m_assembler.movs_r(dest, m_assembler.asr_r(dest, ARMRegisters::S0));
     }
-    
+
     void rshift32(TrustedImm32 imm, RegisterID dest)
     {
-        rshift32(dest, imm, dest);
-    }
-
-    void rshift32(RegisterID src, TrustedImm32 imm, RegisterID dest)
-    {
-        m_assembler.movs_r(dest, m_assembler.asr(src, imm.m_value & 0x1f));
+        m_assembler.movs_r(dest, m_assembler.asr(dest, imm.m_value & 0x1f));
     }
     
@@ -795 +790 @@
         return s_isVFPPresent;
     }
-    bool supportsDoubleBitops() const { return false; }
 
     void loadDouble(ImplicitAddress address, FPRegisterID dest)
@@ -861 +855 @@
     {
         m_assembler.vsqrt_f64_r(dest, src);
-    }
-    
-    void andnotDouble(FPRegisterID, FPRegisterID)
-    {
-        ASSERT_NOT_REACHED();
     }
 

trunk/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h

@@ -568 +568 @@
         return false;
     }
-    bool supportsDoubleBitops() const { return false; }
 
     void loadDouble(ImplicitAddress address, FPRegisterID dest)
@@ -645 +644 @@
 
     void sqrtDouble(FPRegisterID, FPRegisterID)
-    {
-        ASSERT_NOT_REACHED();
-    }
-    
-    void andnotDouble(FPRegisterID, FPRegisterID)
     {
         ASSERT_NOT_REACHED();

trunk/Source/JavaScriptCore/assembler/MacroAssemblerMIPS.h

@@ -461 +461 @@
         m_assembler.sqrtd(dst, src);
     }
-    
-    void andnotDouble(FPRegisterID, FPRegisterID)
-    {
-        ASSERT_NOT_REACHED();
-    }
 
     // Memory access operations:
@@ -822 +817 @@
 #endif
     }
-    bool supportsDoubleBitops() const { return false; }
 
     // Stack manipulation operations:

trunk/Source/JavaScriptCore/assembler/MacroAssemblerSH4.h

@@ -763 +763 @@
     bool supportsFloatingPointTruncate() const { return true; }
     bool supportsFloatingPointSqrt() const { return true; }
-    bool supportsDoubleBitops() const { return false; }
 
     void loadDouble(ImplicitAddress address, FPRegisterID dest)
@@ -1102 +1101 @@
         m_assembler.dsqrt(dest);
     }
-    
-    void andnotDouble(FPRegisterID, FPRegisterID)
-    {
-        ASSERT_NOT_REACHED();
-    }
 
     Jump branchTest8(ResultCondition cond, Address address, TrustedImm32 mask = TrustedImm32(-1))

trunk/Source/JavaScriptCore/assembler/MacroAssemblerX86.h

@@ -167 +167 @@
     bool supportsFloatingPointTruncate() const { return m_isSSE2Present; }
     bool supportsFloatingPointSqrt() const { return m_isSSE2Present; }
-    bool supportsDoubleBitops() const { return m_isSSE2Present; }
 
 private:

trunk/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h

@@ -422 +422 @@
     {
         m_assembler.sqrtsd_rr(src, dst);
-    }
-
-    void andnotDouble(FPRegisterID src, FPRegisterID dst)
-    {
-        m_assembler.andnpd_rr(src, dst);
     }
 

trunk/Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h

@@ -457 +457 @@
     bool supportsFloatingPointTruncate() const { return true; }
     bool supportsFloatingPointSqrt() const { return true; }
-    bool supportsDoubleBitops() const { return true; }
 
 private:

trunk/Source/JavaScriptCore/assembler/X86Assembler.h

@@ -171 +171 @@
         OP2_DIVSD_VsdWsd    = 0x5E,
         OP2_SQRTSD_VsdWsd   = 0x51,
-        OP2_ANDNPD_VpdWpd   = 0x55,
         OP2_XORPD_VpdWpd    = 0x57,
         OP2_MOVD_VdEd       = 0x6E,
@@ -1457 +1456 @@
         m_formatter.prefix(PRE_SSE_66);
         m_formatter.twoByteOp(OP2_XORPD_VpdWpd, (RegisterID)dst, (RegisterID)src);
-    }
-
-    void andnpd_rr(XMMRegisterID src, XMMRegisterID dst)
-    {
-        m_formatter.prefix(PRE_SSE_66);
-        m_formatter.twoByteOp(OP2_ANDNPD_VpdWpd, (RegisterID)dst, (RegisterID)src);
     }
 

trunk/Source/JavaScriptCore/create_hash_table

@@ -279 +279 @@
             $thunkGenerator = "charAtThunkGenerator";
         }
+        if ($key eq "sqrt") {
+            $thunkGenerator = "sqrtThunkGenerator";
+        }
+        if ($key eq "pow") {
+            $thunkGenerator = "powThunkGenerator";
+        }
         if ($key eq "fromCharCode") {
             $thunkGenerator = "fromCharCodeThunkGenerator";
-        }
-        if ($name eq "mathTable") {
-            if ($key eq "sqrt") {
-                $thunkGenerator = "sqrtThunkGenerator";
-            }
-            if ($key eq "pow") {
-                $thunkGenerator = "powThunkGenerator";
-            }
-            if ($key eq "abs") {
-                $thunkGenerator = "absThunkGenerator";
-            }
-            if ($key eq "floor") {
-                $thunkGenerator = "floorThunkGenerator";
-            }
-            if ($key eq "ceil") {
-                $thunkGenerator = "ceilThunkGenerator";
-            }
-            if ($key eq "round") {
-                $thunkGenerator = "roundThunkGenerator";
-            }
-            if ($key eq "exp") {
-                $thunkGenerator = "expThunkGenerator";
-            }
-            if ($key eq "log") {
-                $thunkGenerator = "logThunkGenerator";
-            }
         }
         print "   { \"$key\", $attrs[$i], (intptr_t)" . $castStr . "($firstValue), (intptr_t)$secondValue THUNK_GENERATOR($thunkGenerator) },\n";

trunk/Source/JavaScriptCore/jit/JSInterfaceJIT.h

@@ -272 +272 @@
         done.link(this);
         return notInt;
-    }
-
+    }    
 #endif
 
@@ -312 +311 @@
         return notNumber;
     }
-
+    
     ALWAYS_INLINE void JSInterfaceJIT::emitFastArithImmToInt(RegisterID)
     {

trunk/Source/JavaScriptCore/jit/SpecializedThunkJIT.h

@@ -128 +128 @@
             LinkBuffer patchBuffer(globalData, this, m_pool.get());
             patchBuffer.link(m_failures, CodeLocationLabel(fallback));
-            for (unsigned i = 0; i < m_calls.size(); i++)
-                patchBuffer.link(m_calls[i].first, m_calls[i].second);
             return patchBuffer.finalizeCode().m_code;
         }
-
-        // Assumes that the target function uses fpRegister0 as the first argument
-        // and return value. Like any sensible architecture would.
-        void callDoubleToDouble(FunctionPtr function)
-        {
-            m_calls.append(std::make_pair(call(), function));
-        }
-
+        
     private:
         int argumentToVirtualRegister(unsigned argument)
@@ -166 +157 @@
         RefPtr<ExecutablePool> m_pool;
         MacroAssembler::JumpList m_failures;
-        Vector<std::pair<Call, FunctionPtr> > m_calls;
     };
 

trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp

@@ -103 +103 @@
 }
 
-#if OS(DARWIN) || (OS(WINDOWS) && CPU(X86))
-#define SYMBOL_STRING(name) "_" #name
-#else
-#define SYMBOL_STRING(name) #name
-#endif
-    
-#if (OS(LINUX) || OS(FREEBSD)) && CPU(X86_64)
-#define SYMBOL_STRING_RELOCATION(name) #name "@plt"
-#elif OS(DARWIN) || (CPU(X86_64) && COMPILER(MINGW) && !GCC_VERSION_AT_LEAST(4, 5, 0))
-#define SYMBOL_STRING_RELOCATION(name) "_" #name
-#elif CPU(X86) && COMPILER(MINGW)
-#define SYMBOL_STRING_RELOCATION(name) "@" #name "@4"
-#else
-#define SYMBOL_STRING_RELOCATION(name) #name
-#endif
-
-#define UnaryDoubleOpWrapper(function) function##Wrapper
-enum MathThunkCallingConvention { };
-typedef MathThunkCallingConvention(*MathThunk)(MathThunkCallingConvention);
-extern "C" {
-
-double jsRound(double);
-double jsRound(double d)
-{
-    double integer = ceil(d);
-    return integer - (integer - d > 0.5);
-}
-
-}
-    
-#if CPU(X86_64) && COMPILER(GCC)
-
-#define defineUnaryDoubleOpWrapper(function) \
-    asm( \
-        ".globl " SYMBOL_STRING(function##Thunk) "\n" \
-        SYMBOL_STRING(function##Thunk) ":" "\n" \
-        "call " SYMBOL_STRING_RELOCATION(function) "\n" \
-        "ret\n" \
-    );\
-    extern "C" { \
-        MathThunkCallingConvention function##Thunk(MathThunkCallingConvention); \
-    } \
-    static MathThunk UnaryDoubleOpWrapper(function) = &function##Thunk;
-
-#elif CPU(X86) && COMPILER(GCC)
-#define defineUnaryDoubleOpWrapper(function) \
-    asm( \
-         ".globl " SYMBOL_STRING(function##Thunk) "\n" \
-         SYMBOL_STRING(function##Thunk) ":" "\n" \
-         "subl $8, %esp\n" \
-         "movsd %xmm0, (%esp) \n" \
-         "call " SYMBOL_STRING_RELOCATION(function) "\n" \
-         "fstpl (%esp) \n" \
-         "movsd (%esp), %xmm0 \n" \
-         "addl $8, %esp\n" \
-         "ret\n" \
-    );\
-    extern "C" { \
-        MathThunkCallingConvention function##Thunk(MathThunkCallingConvention); \
-    } \
-    static MathThunk UnaryDoubleOpWrapper(function) = &function##Thunk;
-
-#else
-
-#define defineUnaryDoubleOpWrapper(function) \
-    static MathThunk UnaryDoubleOpWrapper(function) = 0
-#endif
-
-defineUnaryDoubleOpWrapper(jsRound);
-defineUnaryDoubleOpWrapper(exp);
-defineUnaryDoubleOpWrapper(log);
-defineUnaryDoubleOpWrapper(floor);
-defineUnaryDoubleOpWrapper(ceil);
-
-MacroAssemblerCodePtr floorThunkGenerator(JSGlobalData* globalData, ExecutablePool* pool)
-{
-    SpecializedThunkJIT jit(1, globalData, pool);
-    MacroAssembler::Jump nonIntJump;
-    jit.loadInt32Argument(0, SpecializedThunkJIT::regT0, nonIntJump);
-    jit.returnInt32(SpecializedThunkJIT::regT0);
-    if (!UnaryDoubleOpWrapper(floor) || !jit.supportsFloatingPoint()) {
-        jit.appendFailure(nonIntJump);
-        return jit.finalize(*globalData, globalData->jitStubs->ctiNativeCall());
-    }
-    nonIntJump.link(&jit);
-    jit.loadDoubleArgument(0, SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0);
-    jit.callDoubleToDouble(UnaryDoubleOpWrapper(floor));
-    SpecializedThunkJIT::JumpList doubleResult;
-    jit.branchConvertDoubleToInt32(SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0, doubleResult, SpecializedThunkJIT::fpRegT1);
-    jit.returnInt32(SpecializedThunkJIT::regT0);
-    doubleResult.link(&jit);
-    jit.returnDouble(SpecializedThunkJIT::fpRegT0);
-    return jit.finalize(*globalData, globalData->jitStubs->ctiNativeCall());
-}
-
-MacroAssemblerCodePtr ceilThunkGenerator(JSGlobalData* globalData, ExecutablePool* pool)
-{
-    SpecializedThunkJIT jit(1, globalData, pool);
-    MacroAssembler::Jump nonIntJump;
-    jit.loadInt32Argument(0, SpecializedThunkJIT::regT0, nonIntJump);
-    jit.returnInt32(SpecializedThunkJIT::regT0);
-    if (!UnaryDoubleOpWrapper(ceil) || !jit.supportsFloatingPoint()) {
-        jit.appendFailure(nonIntJump);
-        return jit.finalize(*globalData, globalData->jitStubs->ctiNativeCall());
-    }
-    nonIntJump.link(&jit);
-    jit.loadDoubleArgument(0, SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0);
-    jit.callDoubleToDouble(UnaryDoubleOpWrapper(ceil));
-    SpecializedThunkJIT::JumpList doubleResult;
-    jit.branchConvertDoubleToInt32(SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0, doubleResult, SpecializedThunkJIT::fpRegT1);
-    jit.returnInt32(SpecializedThunkJIT::regT0);
-    doubleResult.link(&jit);
-    jit.returnDouble(SpecializedThunkJIT::fpRegT0);
-    return jit.finalize(*globalData, globalData->jitStubs->ctiNativeCall());
-}
-
-static const double negativeZeroConstant = -0.0;
 static const double oneConstant = 1.0;
 static const double negativeHalfConstant = -0.5;
-    
-MacroAssemblerCodePtr roundThunkGenerator(JSGlobalData* globalData, ExecutablePool* pool)
-{
-    SpecializedThunkJIT jit(1, globalData, pool);
-    MacroAssembler::Jump nonIntJump;
-    jit.loadInt32Argument(0, SpecializedThunkJIT::regT0, nonIntJump);
-    jit.returnInt32(SpecializedThunkJIT::regT0);
-    if (!UnaryDoubleOpWrapper(jsRound) || !jit.supportsFloatingPoint()) {
-        jit.appendFailure(nonIntJump);
-        return jit.finalize(*globalData, globalData->jitStubs->ctiNativeCall());
-    }
-    nonIntJump.link(&jit);
-    jit.loadDoubleArgument(0, SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0);
-    jit.callDoubleToDouble(UnaryDoubleOpWrapper(jsRound));
-    SpecializedThunkJIT::JumpList doubleResult;
-    jit.branchConvertDoubleToInt32(SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0, doubleResult, SpecializedThunkJIT::fpRegT1);
-    jit.returnInt32(SpecializedThunkJIT::regT0);
-    doubleResult.link(&jit);
-    jit.returnDouble(SpecializedThunkJIT::fpRegT0);
-    return jit.finalize(*globalData, globalData->jitStubs->ctiNativeCall());
-}
-
-MacroAssemblerCodePtr expThunkGenerator(JSGlobalData* globalData, ExecutablePool* pool)
-{
-    if (!UnaryDoubleOpWrapper(exp))
-        return globalData->jitStubs->ctiNativeCall();
-    SpecializedThunkJIT jit(1, globalData, pool);
-    if (!jit.supportsFloatingPoint())
-        return globalData->jitStubs->ctiNativeCall();
-    jit.loadDoubleArgument(0, SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0);
-    jit.callDoubleToDouble(UnaryDoubleOpWrapper(exp));
-    jit.returnDouble(SpecializedThunkJIT::fpRegT0);
-    return jit.finalize(*globalData, globalData->jitStubs->ctiNativeCall());
-}
-
-MacroAssemblerCodePtr logThunkGenerator(JSGlobalData* globalData, ExecutablePool* pool)
-{
-    if (!UnaryDoubleOpWrapper(log))
-        return globalData->jitStubs->ctiNativeCall();
-    SpecializedThunkJIT jit(1, globalData, pool);
-    if (!jit.supportsFloatingPoint())
-        return globalData->jitStubs->ctiNativeCall();
-    jit.loadDoubleArgument(0, SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0);
-    jit.callDoubleToDouble(UnaryDoubleOpWrapper(log));
-    jit.returnDouble(SpecializedThunkJIT::fpRegT0);
-    return jit.finalize(*globalData, globalData->jitStubs->ctiNativeCall());
-}
-
-MacroAssemblerCodePtr absThunkGenerator(JSGlobalData* globalData, ExecutablePool* pool)
-{
-    SpecializedThunkJIT jit(1, globalData, pool);
-    MacroAssembler::Jump nonIntJump;
-    jit.loadInt32Argument(0, SpecializedThunkJIT::regT0, nonIntJump);
-    jit.rshift32(SpecializedThunkJIT::regT0, MacroAssembler::TrustedImm32(31), SpecializedThunkJIT::regT1);
-    jit.add32(SpecializedThunkJIT::regT1, SpecializedThunkJIT::regT0);
-    jit.xor32(SpecializedThunkJIT::regT1, SpecializedThunkJIT::regT0);
-    jit.appendFailure(jit.branch32(MacroAssembler::Equal, SpecializedThunkJIT::regT0, MacroAssembler::TrustedImm32(1 << 31)));
-    jit.returnInt32(SpecializedThunkJIT::regT0);
-    if (!jit.supportsDoubleBitops()) {
-        jit.appendFailure(nonIntJump);
-        return jit.finalize(*globalData, globalData->jitStubs->ctiNativeCall());
-    }
-    nonIntJump.link(&jit);
-    // Shame about the double int conversion here.
-    jit.loadDouble(&negativeZeroConstant, SpecializedThunkJIT::fpRegT1);
-    jit.loadDoubleArgument(0, SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::regT0);
-    jit.andnotDouble(SpecializedThunkJIT::fpRegT0, SpecializedThunkJIT::fpRegT1);
-    jit.returnDouble(SpecializedThunkJIT::fpRegT1);
-    return jit.finalize(*globalData, globalData->jitStubs->ctiNativeCall());
-}
 
 MacroAssemblerCodePtr powThunkGenerator(JSGlobalData* globalData, ExecutablePool* pool)

trunk/Source/JavaScriptCore/jit/ThunkGenerators.h

@@ -38 +38 @@
     MacroAssemblerCodePtr charAtThunkGenerator(JSGlobalData*, ExecutablePool*);
     MacroAssemblerCodePtr fromCharCodeThunkGenerator(JSGlobalData*, ExecutablePool*);
-    MacroAssemblerCodePtr absThunkGenerator(JSGlobalData*, ExecutablePool*);
-    MacroAssemblerCodePtr ceilThunkGenerator(JSGlobalData*, ExecutablePool*);
-    MacroAssemblerCodePtr expThunkGenerator(JSGlobalData*, ExecutablePool*);
-    MacroAssemblerCodePtr floorThunkGenerator(JSGlobalData*, ExecutablePool*);
-    MacroAssemblerCodePtr logThunkGenerator(JSGlobalData*, ExecutablePool*);
-    MacroAssemblerCodePtr roundThunkGenerator(JSGlobalData*, ExecutablePool*);
     MacroAssemblerCodePtr sqrtThunkGenerator(JSGlobalData*, ExecutablePool*);
     MacroAssemblerCodePtr powThunkGenerator(JSGlobalData*, ExecutablePool*);