Title: [180083] trunk/Source/_javascript_Core
- Revision
- 180083
- Author
- msab...@apple.com
- Date
- 2015-02-13 14:46:50 -0800 (Fri, 13 Feb 2015)
Log Message
REGRESSION(r180060) New js/regress-141098 test crashes when LLInt is disabled.
https://bugs.webkit.org/show_bug.cgi?id=141577
Reviewed by Benjamin Poulain.
Changed the prologue of the baseline JIT to check for stack space for all
types of code blocks. Previously, it was only checking Function. Now
it checks Program and Eval as well.
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (180082 => 180083)
--- trunk/Source/_javascript_Core/ChangeLog 2015-02-13 22:40:34 UTC (rev 180082)
+++ trunk/Source/_javascript_Core/ChangeLog 2015-02-13 22:46:50 UTC (rev 180083)
@@ -1,3 +1,17 @@
+2015-02-13 Michael Saboff <msab...@apple.com>
+
+ REGRESSION(r180060) New js/regress-141098 test crashes when LLInt is disabled.
+ https://bugs.webkit.org/show_bug.cgi?id=141577
+
+ Reviewed by Benjamin Poulain.
+
+ Changed the prologue of the baseline JIT to check for stack space for all
+ types of code blocks. Previously, it was only checking Function. Now
+ it checks Program and Eval as well.
+
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+
2015-02-13 Benjamin Poulain <bpoul...@apple.com>
Generate incq instead of addq when the immediate value is one
Modified: trunk/Source/_javascript_Core/jit/JIT.cpp (180082 => 180083)
--- trunk/Source/_javascript_Core/jit/JIT.cpp 2015-02-13 22:40:34 UTC (rev 180082)
+++ trunk/Source/_javascript_Core/jit/JIT.cpp 2015-02-13 22:46:50 UTC (rev 180083)
@@ -523,7 +523,6 @@
sampleInstruction(m_codeBlock->instructions().begin());
#endif
- Jump stackOverflow;
if (m_codeBlock->codeType() == FunctionCode) {
ASSERT(m_bytecodeOffset == (unsigned)-1);
if (shouldEmitProfiling()) {
@@ -542,12 +541,12 @@
emitValueProfilingSite(m_codeBlock->valueProfileForArgument(argument));
}
}
-
- addPtr(TrustedImm32(stackPointerOffsetFor(m_codeBlock) * sizeof(Register)), callFrameRegister, regT1);
- stackOverflow = branchPtr(Above, AbsoluteAddress(m_vm->addressOfStackLimit()), regT1);
}
- addPtr(TrustedImm32(stackPointerOffsetFor(m_codeBlock) * sizeof(Register)), callFrameRegister, stackPointerRegister);
+ addPtr(TrustedImm32(stackPointerOffsetFor(m_codeBlock) * sizeof(Register)), callFrameRegister, regT1);
+ Jump stackOverflow = branchPtr(Above, AbsoluteAddress(m_vm->addressOfStackLimit()), regT1);
+
+ move(regT1, stackPointerRegister);
checkStackPointerAlignment();
privateCompileMainPass();
@@ -557,14 +556,14 @@
if (m_disassembler)
m_disassembler->setEndOfSlowPath(label());
+ stackOverflow.link(this);
+ m_bytecodeOffset = 0;
+ if (maxFrameExtentForSlowPathCall)
+ addPtr(TrustedImm32(-maxFrameExtentForSlowPathCall), stackPointerRegister);
+ callOperationWithCallFrameRollbackOnException(operationThrowStackOverflowError, m_codeBlock);
+
Label arityCheck;
if (m_codeBlock->codeType() == FunctionCode) {
- stackOverflow.link(this);
- m_bytecodeOffset = 0;
- if (maxFrameExtentForSlowPathCall)
- addPtr(TrustedImm32(-maxFrameExtentForSlowPathCall), stackPointerRegister);
- callOperationWithCallFrameRollbackOnException(operationThrowStackOverflowError, m_codeBlock);
-
arityCheck = label();
store8(TrustedImm32(0), &m_codeBlock->m_shouldAlwaysBeInlined);
emitFunctionPrologue();
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
