Changeset 203990 in webkit


Ignore:
Timestamp:
Aug 1, 2016 3:20:49 PM (8 years ago)
Author:
fpizlo@apple.com
Message:

Rationalize varargs stack overflow checks
https://bugs.webkit.org/show_bug.cgi?id=160425

Reviewed by Michael Saboff.

  • ftl/FTLLink.cpp:

(JSC::FTL::link): AboveOrEqual 0 is a tautology. The code meant GreaterThanOrEqual, since the error code is -1.

  • runtime/CommonSlowPaths.h:

(JSC::CommonSlowPaths::arityCheckFor): Use roundUpToMultipleOf(), which is almost certainly what we meant when we said %.

Location:
trunk
Files:
1 added
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/JSTests/Changelog

    r203972 r203990  
     12016-08-01  Filip Pizlo  <fpizlo@apple.com>
     2
     3        Rationalize varargs stack overflow checks
     4        https://bugs.webkit.org/show_bug.cgi?id=160425
     5
     6        Reviewed by Michael Saboff.
     7
     8        * stress/arity-check-ftl-throw-more-args.js: Added.
     9        (catch):
     10
    1112016-08-01  Keith Miller  <keith_miller@apple.com>
    212

  • trunk/Source/JavaScriptCore/ChangeLog

    r203979 r203990  
     12016-08-01  Filip Pizlo  <fpizlo@apple.com>
     2
     3        Rationalize varargs stack overflow checks
     4        https://bugs.webkit.org/show_bug.cgi?id=160425
     5
     6        Reviewed by Michael Saboff.
     7
     8        * ftl/FTLLink.cpp:
     9        (JSC::FTL::link): AboveOrEqual 0 is a tautology. The code meant GreaterThanOrEqual, since the error code is -1.
     10        * runtime/CommonSlowPaths.h:
     11        (JSC::CommonSlowPaths::arityCheckFor): Use roundUpToMultipleOf(), which is almost certainly what we meant when we said %.
     12
    1132016-08-01  Saam Barati  <sbarati@apple.com>
    214

  • trunk/Source/JavaScriptCore/ftl/FTLLink.cpp

    r203006 r203990  
    141141        CCallHelpers::Call callArityCheck = jit.call();
    142142
    143         auto noException = jit.branch32(CCallHelpers::AboveOrEqual, GPRInfo::returnValueGPR, CCallHelpers::TrustedImm32(0));
     143        auto noException = jit.branch32(CCallHelpers::GreaterThanOrEqual, GPRInfo::returnValueGPR, CCallHelpers::TrustedImm32(0));
    144144        jit.copyCalleeSavesToVMEntryFrameCalleeSavesBuffer();
    145145        jit.move(CCallHelpers::TrustedImmPtr(jit.vm()), GPRInfo::argumentGPR0);
     
    149149        noException.link(&jit);
    150150
    151 #if !ASSERT_DISABLED
    152         jit.load64(vm.addressOfException(), GPRInfo::regT1);
    153         jit.jitAssertIsNull(GPRInfo::regT1);
    154 #endif
     151        if (!ASSERT_DISABLED) {
     152            jit.load64(vm.addressOfException(), GPRInfo::regT1);
     153            jit.jitAssertIsNull(GPRInfo::regT1);
     154        }
    155155
    156156        jit.move(GPRInfo::returnValueGPR, GPRInfo::argumentGPR0);

  • trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.h

    r203499 r203990  
    6464        newCodeBlock->numParameters() + CallFrame::headerSizeInRegisters);
    6565    int paddedStackSpace = alignedFrameSizeForParameters - frameSize;
    66 
    67     if (UNLIKELY(!vm.ensureStackCapacityFor(exec->registers() - paddedStackSpace % stackAlignmentRegisters())))
     66   
     67    Register* newStack = exec->registers() - WTF::roundUpToMultipleOf(stackAlignmentRegisters(), paddedStackSpace);
     68
     69    if (UNLIKELY(!vm.ensureStackCapacityFor(newStack)))
    6870        return -1;
    6971    return paddedStackSpace;
Note: See TracChangeset for help on using the changeset viewer.