Google Git
Sign in
webkit / WebKit / 689526903cc897e71519b963532317f3eee2d626^! / . / Source / JavaScriptCore / ftl / FTLOSRExitCompiler.cpp
commit689526903cc897e71519b963532317f3eee2d626[log] [tgz]
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Sun Mar 23 18:56:56 2014 +0000
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Sun Mar 23 18:56:56 2014 +0000
tree83e60805f32793d36556fadd0816b771907cc219
parentc4b2acb380a767b52eb071ecc968bffd7c2823cd [diff] [blame]
Gotta grow the locals vectors if we are about to do SetLocals beyond the bytecode's numCalleeRegisters
https://bugs.webkit.org/show_bug.cgi?id=130650
<rdar://problem/16122966>

Reviewed by Michael Saboff.
        
Previously, it was only in the case of inlining that we would do SetLocal's beyond the
previously established numLocals limit. But then we added generalized op_call_varargs
handling, which results in us emitting SetLocals that didn't previously exist in the
bytecode.
        
This factors out the inliner's ensureLocals loop and calls it from op_call_varargs.

* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::ensureLocals):
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::parse):
* ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileStub): Make this do alignment correctly.
* runtime/Options.h:
* tests/stress/call-varargs-from-inlined-code.js: Added.
* tests/stress/call-varargs-from-inlined-code-with-odd-number-of-arguments.js: Added.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@166142 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp b/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp
index 82dcace..832bd35 100644
--- a/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp
+++ b/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp

@@ -77,8 +77,9 @@
 
     saveAllRegisters(jit, registerScratch);
     
-    // Bring the stack back into a sane form.
+    // Bring the stack back into a sane form and assert that it's sane.
     jit.popToRestore(GPRInfo::regT0);
+    jit.checkStackPointerAlignment();
     
     if (vm->m_perBytecodeProfiler && codeBlock->jitCode()->dfgCommon()->compilation) {
         Profiler::Database& database = *vm->m_perBytecodeProfiler;
@@ -259,12 +260,16 @@
     arityIntact.link(&jit);
 
     // First set up SP so that our data doesn't get clobbered by signals.
+    unsigned conservativeStackDelta =
+        registerPreservationOffset() +
+        exit.m_values.numberOfLocals() * sizeof(Register) +
+        maxFrameExtentForSlowPathCall;
+    conservativeStackDelta = WTF::roundUpToMultipleOf(
+        stackAlignmentBytes(), conservativeStackDelta);
     jit.addPtr(
-        MacroAssembler::TrustedImm32(
-            WTF::roundUpToMultipleOf(
-                stackAlignmentRegisters(),
-                -registerPreservationOffset() - exit.m_values.numberOfLocals() * sizeof(Register) - maxFrameExtentForSlowPathCall)),
+        MacroAssembler::TrustedImm32(-conservativeStackDelta),
         MacroAssembler::framePointerRegister, MacroAssembler::stackPointerRegister);
+    jit.checkStackPointerAlignment();
     
     jit.subPtr(
         MacroAssembler::TrustedImm32(registerPreservationOffset()),