Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (165204 => 165205)
--- trunk/Source/_javascript_Core/ChangeLog 2014-03-06 20:15:51 UTC (rev 165204)
+++ trunk/Source/_javascript_Core/ChangeLog 2014-03-06 20:16:38 UTC (rev 165205)
@@ -1,3 +1,31 @@
+2014-03-06 Filip Pizlo <[email protected]>
+
+ FTL arity fixup should work on ARM64
+ https://bugs.webkit.org/show_bug.cgi?id=129810
+
+ Reviewed by Michael Saboff.
+
+ - Using regT5 to pass the thunk return address to arityFixup is shady since that's a
+ callee-save.
+
+ - The FTL path was assuming X86 conventions for where SP points at the top of the prologue.
+
+ This makes some more tests pass.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compileFunction):
+ * ftl/FTLLink.cpp:
+ (JSC::FTL::link):
+ * jit/AssemblyHelpers.h:
+ (JSC::AssemblyHelpers::prologueStackPointerDelta):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/ThunkGenerators.cpp:
+ (JSC::arityFixup):
+ * llint/LowLevelInterpreter64.asm:
+ * offlineasm/arm64.rb:
+ * offlineasm/x86.rb: In addition to the t7 change, make t6 agree with GPRInfo.h.
+
2014-03-06 Mark Hahnenberg <[email protected]>
Fix write barriers in Repatch.cpp for !ENABLE(DFG_JIT) platforms after r165128
Modified: trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp (165204 => 165205)
--- trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp 2014-03-06 20:15:51 UTC (rev 165204)
+++ trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp 2014-03-06 20:16:38 UTC (rev 165205)
@@ -381,8 +381,14 @@
addPtr(TrustedImm32(maxFrameExtentForSlowPathCall), stackPointerRegister);
branchTest32(Zero, GPRInfo::regT0).linkTo(fromArityCheck, this);
emitStoreCodeOrigin(CodeOrigin(0));
- move(TrustedImmPtr(m_vm->arityCheckFailReturnThunks->returnPCsFor(*m_vm, m_codeBlock->numParameters())), GPRInfo::regT5);
- loadPtr(BaseIndex(GPRInfo::regT5, GPRInfo::regT0, timesPtr()), GPRInfo::regT5);
+ GPRReg thunkReg;
+#if USE(JSVALUE64)
+ thunkReg = GPRInfo::regT7;
+#else
+ thunkReg = GPRInfo::regT5;
+#endif
+ move(TrustedImmPtr(m_vm->arityCheckFailReturnThunks->returnPCsFor(*m_vm, m_codeBlock->numParameters())), thunkReg);
+ loadPtr(BaseIndex(thunkReg, GPRInfo::regT0, timesPtr()), thunkReg);
m_callArityFixup = call();
jump(fromArityCheck);
Modified: trunk/Source/_javascript_Core/ftl/FTLLink.cpp (165204 => 165205)
--- trunk/Source/_javascript_Core/ftl/FTLLink.cpp 2014-03-06 20:15:51 UTC (rev 165204)
+++ trunk/Source/_javascript_Core/ftl/FTLLink.cpp 2014-03-06 20:16:38 UTC (rev 165205)
@@ -71,7 +71,7 @@
CCallHelpers::Label arityCheck;
CCallHelpers::Address frame = CCallHelpers::Address(
- CCallHelpers::stackPointerRegister, -static_cast<int32_t>(sizeof(void*)));
+ CCallHelpers::stackPointerRegister, -static_cast<int32_t>(AssemblyHelpers::prologueStackPointerDelta()));
if (Profiler::Compilation* compilation = graph.compilation()) {
compilation->addDescription(
@@ -170,8 +170,8 @@
jit.emitFunctionEpilogue();
mainPathJumps.append(jit.branchTest32(CCallHelpers::Zero, GPRInfo::regT0));
jit.emitFunctionPrologue();
- jit.move(CCallHelpers::TrustedImmPtr(vm.arityCheckFailReturnThunks->returnPCsFor(vm, codeBlock->numParameters())), GPRInfo::regT5);
- jit.loadPtr(CCallHelpers::BaseIndex(GPRInfo::regT5, GPRInfo::regT0, CCallHelpers::timesPtr()), GPRInfo::regT5);
+ jit.move(CCallHelpers::TrustedImmPtr(vm.arityCheckFailReturnThunks->returnPCsFor(vm, codeBlock->numParameters())), GPRInfo::regT7);
+ jit.loadPtr(CCallHelpers::BaseIndex(GPRInfo::regT7, GPRInfo::regT0, CCallHelpers::timesPtr()), GPRInfo::regT7);
CCallHelpers::Call callArityFixup = jit.call();
jit.emitFunctionEpilogue();
mainPathJumps.append(jit.jump());
Modified: trunk/Source/_javascript_Core/jit/AssemblyHelpers.h (165204 => 165205)
--- trunk/Source/_javascript_Core/jit/AssemblyHelpers.h 2014-03-06 20:15:51 UTC (rev 165204)
+++ trunk/Source/_javascript_Core/jit/AssemblyHelpers.h 2014-03-06 20:16:38 UTC (rev 165205)
@@ -68,7 +68,7 @@
}
#if CPU(X86_64) || CPU(X86)
- size_t prologueStackPointerDelta()
+ static size_t prologueStackPointerDelta()
{
// Prologue only saves the framePointerRegister
return sizeof(void*);
@@ -103,7 +103,7 @@
#endif // CPU(X86_64) || CPU(X86)
#if CPU(ARM) || CPU(ARM64)
- size_t prologueStackPointerDelta()
+ static size_t prologueStackPointerDelta()
{
// Prologue saves the framePointerRegister and linkRegister
return 2 * sizeof(void*);
@@ -138,7 +138,7 @@
#endif
#if CPU(MIPS)
- size_t prologueStackPointerDelta()
+ static size_t prologueStackPointerDelta()
{
// Prologue saves the framePointerRegister and returnAddressRegister
return 2 * sizeof(void*);
@@ -161,7 +161,7 @@
#endif
#if CPU(SH4)
- size_t prologueStackPointerDelta()
+ static size_t prologueStackPointerDelta()
{
// Prologue saves the framePointerRegister and link register
return 2 * sizeof(void*);
Modified: trunk/Source/_javascript_Core/jit/JIT.cpp (165204 => 165205)
--- trunk/Source/_javascript_Core/jit/JIT.cpp 2014-03-06 20:15:51 UTC (rev 165204)
+++ trunk/Source/_javascript_Core/jit/JIT.cpp 2014-03-06 20:16:38 UTC (rev 165205)
@@ -558,8 +558,14 @@
if (returnValueGPR != regT0)
move(returnValueGPR, regT0);
branchTest32(Zero, regT0).linkTo(beginLabel, this);
- move(TrustedImmPtr(m_vm->arityCheckFailReturnThunks->returnPCsFor(*m_vm, m_codeBlock->numParameters())), regT5);
- loadPtr(BaseIndex(regT5, regT0, timesPtr()), regT5);
+ GPRReg thunkReg;
+#if USE(JSVALUE64)
+ thunkReg = GPRInfo::regT7;
+#else
+ thunkReg = GPRInfo::regT5;
+#endif
+ move(TrustedImmPtr(m_vm->arityCheckFailReturnThunks->returnPCsFor(*m_vm, m_codeBlock->numParameters())), thunkReg);
+ loadPtr(BaseIndex(thunkReg, regT0, timesPtr()), thunkReg);
emitNakedCall(m_vm->getCTIStub(arityFixup).code());
#if !ASSERT_DISABLED
Modified: trunk/Source/_javascript_Core/jit/ThunkGenerators.cpp (165204 => 165205)
--- trunk/Source/_javascript_Core/jit/ThunkGenerators.cpp 2014-03-06 20:15:51 UTC (rev 165204)
+++ trunk/Source/_javascript_Core/jit/ThunkGenerators.cpp 2014-03-06 20:16:38 UTC (rev 165205)
@@ -429,7 +429,7 @@
JSInterfaceJIT jit(vm);
// We enter with fixup count, in aligned stack units, in regT0 and the return thunk in
- // regT5.
+ // regT5 on 32-bit and regT7 on 64-bit.
#if USE(JSVALUE64)
# if CPU(X86_64)
jit.pop(JSInterfaceJIT::regT4);
@@ -467,7 +467,7 @@
jit.storePtr(GPRInfo::regT1, MacroAssembler::BaseIndex(JSInterfaceJIT::regT6, JSInterfaceJIT::regT0, JSInterfaceJIT::TimesEight));
// Install the new return PC.
- jit.storePtr(GPRInfo::regT5, JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, CallFrame::returnPCOffset()));
+ jit.storePtr(GPRInfo::regT7, JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, CallFrame::returnPCOffset()));
# if CPU(X86_64)
jit.push(JSInterfaceJIT::regT4);
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm (165204 => 165205)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2014-03-06 20:15:51 UTC (rev 165204)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2014-03-06 20:16:38 UTC (rev 165205)
@@ -483,7 +483,7 @@
loadp CommonSlowPaths::ArityCheckData::thunkToCall[t1], t2
btpz t2, .proceedInline
- loadp CommonSlowPaths::ArityCheckData::returnPC[t1], t5
+ loadp CommonSlowPaths::ArityCheckData::returnPC[t1], t7
loadp CommonSlowPaths::ArityCheckData::paddedStackSpace[t1], t0
call t2
if ASSERT_ENABLED
Modified: trunk/Source/_javascript_Core/offlineasm/arm64.rb (165204 => 165205)
--- trunk/Source/_javascript_Core/offlineasm/arm64.rb 2014-03-06 20:15:51 UTC (rev 165204)
+++ trunk/Source/_javascript_Core/offlineasm/arm64.rb 2014-03-06 20:16:38 UTC (rev 165205)
@@ -1,4 +1,4 @@
-# Copyright (C) 2011, 2012 Apple Inc. All rights reserved.
+# Copyright (C) 2011, 2012, 2014 Apple Inc. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
@@ -118,6 +118,8 @@
arm64GPRName('x24', kind)
when 't6'
arm64GPRName('x6', kind)
+ when 't7'
+ arm64GPRName('x7', kind)
when 'cfr'
arm64GPRName('x29', kind)
when 'csr1'
Modified: trunk/Source/_javascript_Core/offlineasm/x86.rb (165204 => 165205)
--- trunk/Source/_javascript_Core/offlineasm/x86.rb 2014-03-06 20:15:51 UTC (rev 165204)
+++ trunk/Source/_javascript_Core/offlineasm/x86.rb 2014-03-06 20:16:38 UTC (rev 165205)
@@ -1,4 +1,4 @@
-# Copyright (C) 2012 Apple Inc. All rights reserved.
+# Copyright (C) 2012, 2014 Apple Inc. All rights reserved.
# Copyright (C) 2013 Digia Plc. and/or its subsidiary(-ies)
#
# Redistribution and use in source and binary forms, with or without
@@ -284,14 +284,26 @@
raise "Cannot use #{name} in 32-bit X86 at #{codeOriginString}" unless isX64
case kind
when :half
- "%r10w"
+ "%r8w"
when :int
- "%r10d"
+ "%r8d"
when :ptr
- "%r10"
+ "%r8"
when :quad
- "%r10"
+ "%r8"
end
+ when "t7"
+ raise "Cannot use #{name} in 32-bit X86 at #{codeOriginString}" unless isX64
+ case kind
+ when :half
+ "%r9w"
+ when :int
+ "%r9d"
+ when :ptr
+ "%r9"
+ when :quad
+ "%r9"
+ end
when "csr1"
raise "Cannot use #{name} in 32-bit X86 at #{codeOriginString}" unless isX64
case kind
