Changeset 258143 in webkit
- Timestamp:
- Mar 9, 2020 8:32:53 AM (4 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r258078 r258143 1 2020-03-09 Caio Lima <ticaiolima@gmail.com> 2 3 Tail calls are broken on ARM_THUMB2 and MIPS 4 https://bugs.webkit.org/show_bug.cgi?id=197797 5 6 Reviewed by Yusuke Suzuki. 7 8 * stress/tail-call-with-spilled-registers.js: Added. 9 1 10 2020-03-07 Mark Lam <mark.lam@apple.com> 2 11 -
trunk/Source/JavaScriptCore/ChangeLog
r258123 r258143 1 2020-03-09 Caio Lima <ticaiolima@gmail.com> 2 3 Tail calls are broken on ARM_THUMB2 and MIPS 4 https://bugs.webkit.org/show_bug.cgi?id=197797 5 6 Reviewed by Yusuke Suzuki. 7 8 `prepareForTailCall` operation expects that header size + parameters 9 size is aligned with stack (alignment is 16-bytes for every architecture). 10 This means that headerSizeInBytes + argumentsIncludingThisInBytes needs 11 to be multiple of 16. This was not being preserved during getter IC code 12 for 32-bits. The code generated was taking in account only 13 headerSizeInRegisters (it is 4 on 32-bits) and argumentsIncludingThis 14 (that is always 1 for getters) and allocating 32-bytes when applying 15 operation `(headerSize + argumentsIncludingThis) * 8 - sizeof(CallerFrameAndPC)`. 16 This results in a stack frame with size of 40 bytes (after we push 17 `lr` and `sp`). Since `prepareForTailCall` expects frames to be 18 16-bytes aligned, it will then calculate the top of such frame 19 considering it is 48 bytes, cloberring values of previous frame and 20 causing unexpected behavior. This patch is fixing how this IC code 21 calculates the stack frame using `roundArgumentCountToAlignFrame(numberOfParameters)` 22 aligning with what we do on code without IC installed. 23 This was not a problem for getter and setter IC on 64-bits because 24 `roundArgumentCountToAlignFrame(1) == 1` and `roundArgumentCountToAlignFrame(2) == 3` 25 while it is `roundArgumentCountToAlignFrame(1) == 2` and 26 `roundArgumentCountToAlignFrame(2) == 2` for MIPS and ARMv7. 27 28 * bytecode/AccessCase.cpp: 29 (JSC::AccessCase::generateImpl): 30 1 31 2020-03-08 Brady Eidson <beidson@apple.com> 2 32 -
trunk/Source/JavaScriptCore/bytecode/AccessCase.cpp
r257856 r258143 1619 1619 CCallHelpers::Zero, loadedValueGPR); 1620 1620 1621 unsigned numberOfRegsForCall = CallFrame::headerSizeInRegisters + numberOfParameters; 1621 unsigned numberOfRegsForCall = CallFrame::headerSizeInRegisters + roundArgumentCountToAlignFrame(numberOfParameters); 1622 ASSERT(!(numberOfRegsForCall % stackAlignmentRegisters())); 1622 1623 unsigned numberOfBytesForCall = numberOfRegsForCall * sizeof(Register) - sizeof(CallerFrameAndPC); 1623 1624
Note: See TracChangeset
for help on using the changeset viewer.