Modified: trunk/Source/_javascript_Core/ChangeLog (236583 => 236584)
--- trunk/Source/_javascript_Core/ChangeLog 2018-09-28 04:22:50 UTC (rev 236583)
+++ trunk/Source/_javascript_Core/ChangeLog 2018-09-28 04:27:10 UTC (rev 236584)
@@ -1,3 +1,20 @@
+2018-09-27 Saam barati <sbar...@apple.com>
+
+ Don't use int offsets in StructureStubInfo
+ https://bugs.webkit.org/show_bug.cgi?id=190064
+ <rdar://problem/44784719>
+
+ Reviewed by Mark Lam.
+
+ * bytecode/InlineAccess.cpp:
+ (JSC::linkCodeInline):
+ * bytecode/StructureStubInfo.h:
+ (JSC::StructureStubInfo::slowPathCallLocation):
+ (JSC::StructureStubInfo::doneLocation):
+ (JSC::StructureStubInfo::slowPathStartLocation):
+ * jit/JITInlineCacheGenerator.cpp:
+ (JSC::JITInlineCacheGenerator::finalize):
+
2018-09-27 Mark Lam <mark....@apple.com>
DFG::OSREntry::m_machineCodeOffset should be a CodeLocation.
Modified: trunk/Source/_javascript_Core/bytecode/InlineAccess.cpp (236583 => 236584)
--- trunk/Source/_javascript_Core/bytecode/InlineAccess.cpp 2018-09-28 04:22:50 UTC (rev 236583)
+++ trunk/Source/_javascript_Core/bytecode/InlineAccess.cpp 2018-09-28 04:27:10 UTC (rev 236584)
@@ -142,9 +142,9 @@
template <typename Function>
ALWAYS_INLINE static bool linkCodeInline(const char* name, CCallHelpers& jit, StructureStubInfo& stubInfo, const Function& function)
{
- if (jit.m_assembler.buffer().codeSize() <= stubInfo.patch.inlineSize) {
+ if (jit.m_assembler.buffer().codeSize() <= stubInfo.patch.inlineSize()) {
bool needsBranchCompaction = false;
- LinkBuffer linkBuffer(jit, stubInfo.patch.start, stubInfo.patch.inlineSize, JITCompilationMustSucceed, needsBranchCompaction);
+ LinkBuffer linkBuffer(jit, stubInfo.patch.start, stubInfo.patch.inlineSize(), JITCompilationMustSucceed, needsBranchCompaction);
ASSERT(linkBuffer.isValid());
function(linkBuffer);
FINALIZE_CODE(linkBuffer, NoPtrTag, "InlineAccessType: '%s'", name);
@@ -159,7 +159,7 @@
const bool failIfCantInline = false;
if (failIfCantInline) {
dataLog("Failure for: ", name, "\n");
- dataLog("real size: ", jit.m_assembler.buffer().codeSize(), " inline size:", stubInfo.patch.inlineSize, "\n");
+ dataLog("real size: ", jit.m_assembler.buffer().codeSize(), " inline size:", stubInfo.patch.inlineSize(), "\n");
CRASH();
}
Modified: trunk/Source/_javascript_Core/bytecode/StructureStubInfo.h (236583 => 236584)
--- trunk/Source/_javascript_Core/bytecode/StructureStubInfo.h 2018-09-28 04:22:50 UTC (rev 236583)
+++ trunk/Source/_javascript_Core/bytecode/StructureStubInfo.h 2018-09-28 04:27:10 UTC (rev 236584)
@@ -186,11 +186,19 @@
struct {
CodeLocationLabel<JITStubRoutinePtrTag> start; // This is either the start of the inline IC for *byId caches. or the location of patchable jump for 'instanceof' caches.
+ CodeLocationLabel<JSInternalPtrTag> doneLocation;
+ CodeLocationCall<JSInternalPtrTag> slowPathCallLocation;
+ CodeLocationLabel<JITStubRoutinePtrTag> slowPathStartLocation;
+
RegisterSet usedRegisters;
- uint32_t inlineSize;
- int32_t deltaFromStartToSlowPathCallLocation;
- int32_t deltaFromStartToSlowPathStart;
+ uint32_t inlineSize() const
+ {
+ int32_t inlineSize = MacroAssembler::differenceBetweenCodePtr(start, doneLocation);
+ ASSERT(inlineSize >= 0);
+ return inlineSize;
+ }
+
GPRReg baseGPR;
GPRReg valueGPR;
GPRReg thisGPR;
@@ -206,9 +214,10 @@
return patch.baseGPR;
}
- CodeLocationCall<JSInternalPtrTag> slowPathCallLocation() { return patch.start.callAtOffset<JSInternalPtrTag>(patch.deltaFromStartToSlowPathCallLocation); }
- CodeLocationLabel<JSInternalPtrTag> doneLocation() { return patch.start.labelAtOffset<JSInternalPtrTag>(patch.inlineSize); }
- CodeLocationLabel<JITStubRoutinePtrTag> slowPathStartLocation() { return patch.start.labelAtOffset(patch.deltaFromStartToSlowPathStart); }
+ CodeLocationCall<JSInternalPtrTag> slowPathCallLocation() { return patch.slowPathCallLocation; }
+ CodeLocationLabel<JSInternalPtrTag> doneLocation() { return patch.doneLocation; }
+ CodeLocationLabel<JITStubRoutinePtrTag> slowPathStartLocation() { return patch.slowPathStartLocation; }
+
CodeLocationJump<JSInternalPtrTag> patchableJump()
{
ASSERT(accessType == AccessType::InstanceOf);
Modified: trunk/Source/_javascript_Core/jit/JITInlineCacheGenerator.cpp (236583 => 236584)
--- trunk/Source/_javascript_Core/jit/JITInlineCacheGenerator.cpp 2018-09-28 04:22:50 UTC (rev 236583)
+++ trunk/Source/_javascript_Core/jit/JITInlineCacheGenerator.cpp 2018-09-28 04:27:10 UTC (rev 236584)
@@ -59,14 +59,10 @@
{
m_stubInfo->patch.start = start;
- int32_t inlineSize = MacroAssembler::differenceBetweenCodePtr(
- start, fastPath.locationOf<NoPtrTag>(m_done));
- m_stubInfo->patch.inlineSize = inlineSize;
+ m_stubInfo->patch.doneLocation = fastPath.locationOf<JSInternalPtrTag>(m_done);
- m_stubInfo->patch.deltaFromStartToSlowPathCallLocation = MacroAssembler::differenceBetweenCodePtr(
- start, slowPath.locationOf<NoPtrTag>(m_slowPathCall));
- m_stubInfo->patch.deltaFromStartToSlowPathStart = MacroAssembler::differenceBetweenCodePtr(
- start, slowPath.locationOf<NoPtrTag>(m_slowPathBegin));
+ m_stubInfo->patch.slowPathCallLocation = slowPath.locationOf<JSInternalPtrTag>(m_slowPathCall);
+ m_stubInfo->patch.slowPathStartLocation = slowPath.locationOf<JITStubRoutinePtrTag>(m_slowPathBegin);
}
JITByIdGenerator::JITByIdGenerator(
