Changeset 245084 in webkit
- Timestamp:
- May 8, 2019 5:49:35 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 5 edited
-
JSTests/ChangeLog (modified) (1 diff)
-
JSTests/stress/polymorphic-access-exception-handler-should-not-clobber-used-register.js (added)
-
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
-
Source/JavaScriptCore/b3/air/AirCode.cpp (modified) (1 diff)
-
Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp (modified) (1 diff)
-
Source/JavaScriptCore/runtime/Options.h (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r245082 r245084 1 2019-05-08 Saam barati <sbarati@apple.com> 2 3 AccessGenerationState::emitExplicitExceptionHandler can clobber an in use register 4 https://bugs.webkit.org/show_bug.cgi?id=197715 5 <rdar://problem/50399252> 6 7 Reviewed by Filip Pizlo. 8 9 * stress/polymorphic-access-exception-handler-should-not-clobber-used-register.js: Added. 10 (foo): 11 (bar): 12 1 13 2019-05-08 Ryan Haddad <ryanhaddad@apple.com> 2 14 -
trunk/Source/JavaScriptCore/ChangeLog
r245082 r245084 1 2019-05-08 Saam barati <sbarati@apple.com> 2 3 AccessGenerationState::emitExplicitExceptionHandler can clobber an in use register 4 https://bugs.webkit.org/show_bug.cgi?id=197715 5 <rdar://problem/50399252> 6 7 Reviewed by Filip Pizlo. 8 9 AccessGenerationState::emitExplicitExceptionHandler was always clobbering 10 x86's r9 without considering if that register was needed to be preserved 11 by the IC. This leads to bad things when the DFG/FTL need that register when 12 OSR exitting after an exception from a GetById call. 13 14 * b3/air/AirCode.cpp: 15 (JSC::B3::Air::Code::Code): 16 * bytecode/PolymorphicAccess.cpp: 17 (JSC::AccessGenerationState::emitExplicitExceptionHandler): 18 * runtime/Options.h: 19 1 20 2019-05-08 Ryan Haddad <ryanhaddad@apple.com> 2 21 -
trunk/Source/JavaScriptCore/b3/air/AirCode.cpp
r241579 r245084 80 80 }); 81 81 if (Options::airRandomizeRegs()) { 82 shuffleVector(volatileRegs, [&] (unsigned limit) { return m_weakRandom.getUint32(limit); }); 83 shuffleVector(calleeSaveRegs, [&] (unsigned limit) { return m_weakRandom.getUint32(limit); }); 82 WeakRandom random(Options::airRandomizeRegsSeed() ? Options::airRandomizeRegsSeed() : m_weakRandom.getUint32()); 83 shuffleVector(volatileRegs, [&] (unsigned limit) { return random.getUint32(limit); }); 84 shuffleVector(calleeSaveRegs, [&] (unsigned limit) { return random.getUint32(limit); }); 84 85 } 85 86 Vector<Reg> result; -
trunk/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp
r243467 r245084 180 180 { 181 181 restoreScratch(); 182 jit->copyCalleeSavesToEntryFrameCalleeSavesBuffer(m_vm.topEntryFrame); 182 jit->pushToSave(GPRInfo::regT0); 183 jit->loadPtr(&m_vm.topEntryFrame, GPRInfo::regT0); 184 jit->copyCalleeSavesToEntryFrameCalleeSavesBuffer(GPRInfo::regT0); 185 jit->popToRestore(GPRInfo::regT0); 186 183 187 if (needsToRestoreRegistersIfException()) { 184 188 // To the JIT that produces the original exception handling -
trunk/Source/JavaScriptCore/runtime/Options.h
r245064 r245084 446 446 v(bool, airForceIRCAllocator, false, Normal, nullptr) \ 447 447 v(bool, airRandomizeRegs, false, Normal, nullptr) \ 448 v(unsigned, airRandomizeRegsSeed, 0, Normal, nullptr) \ 448 449 v(bool, coalesceSpillSlots, true, Normal, nullptr) \ 449 450 v(bool, logAirRegisterPressure, false, Normal, nullptr) \
Note: See TracChangeset
for help on using the changeset viewer.
