Google Git
Sign in
webkit / WebKit / db3062ac6f40ac02e635d3fb73d8f5ed437837b7
commitdb3062ac6f40ac02e635d3fb73d8f5ed437837b7[log] [tgz]
authorbasile_clement@apple.com <basile_clement@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Sep 04 00:25:19 2015 +0000
committerbasile_clement@apple.com <basile_clement@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Sep 04 00:25:19 2015 +0000
treef3b837fd0dc1b41747302397334dfdd18e248624
parent2bc0b602ef6a36ebed3829f8bde6aef37e53a4ae [diff]
JavaScript functions should restore the stack pointer after a call
https://bugs.webkit.org/show_bug.cgi?id=148659

Reviewed by Michael Saboff.

This patch makes it so that the various places where we are making a
JS-to-JS call restore the stack pointer afterwards. This allows us to
no longer rely on the stack pointer still being valid after a call, and
is a prerequisite for getting rid of the arity fixup return thunk.

* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* ftl/FTLCompile.cpp:
(JSC::FTL::mmAllocateDataSection):
* ftl/FTLInlineCacheSize.cpp:
(JSC::FTL::sizeOfCall):
* ftl/FTLJSCall.cpp:
(JSC::FTL::JSCall::emit):
* ftl/FTLJSCall.h:
* ftl/FTLStackMaps.h:
(JSC::FTL::StackMaps::stackSizeForLocals):
* jit/Repatch.cpp:
(JSC::generateByIdStub):
* tests/stress/tail-call-in-inline-cache.js: Added.
(tail):
(obj.get x):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@189325 268f45cc-cd09-0410-ab3c-d52691b4dbfc
10 files changed
tree: f3b837fd0dc1b41747302397334dfdd18e248624
  1. Examples/
  2. LayoutTests/
  3. ManualTests/
  4. PerformanceTests/
  5. Source/
  6. Tools/
  7. WebKit.xcworkspace/
  8. WebKitLibraries/
  9. Websites/
  10. .dir-locals.el
  11. .gitattributes
  12. .gitignore
  13. ChangeLog
  14. ChangeLog-2012-05-22
  15. CMakeLists.txt
  16. Makefile
  17. Makefile.shared