WebKit Bugzilla
Attachment 369981 Details for
Bug 197797
: Tail calls are broken on ARM_THUMB2 and MIPS
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
WIP - Patch
armv7_tail_calls.diff (text/plain), 3.12 KB, created by
Caio Lima
on 2019-05-15 12:10:53 PDT
(
hide
)
Description:
WIP - Patch
Filename:
MIME Type:
Creator:
Caio Lima
Created:
2019-05-15 12:10:53 PDT
Size:
3.12 KB
patch
obsolete
>diff --git a/JSTests/ChangeLog b/JSTests/ChangeLog >index 2c83cfcdff0..252889c15b9 100644 >--- a/JSTests/ChangeLog >+++ b/JSTests/ChangeLog >@@ -1,3 +1,12 @@ >+2019-05-10 Caio Lima <ticaiolima@gmail.com> >+ >+ [ARMv7] Tail calls are broken on THUMB2 >+ https://bugs.webkit.org/show_bug.cgi?id=197797 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * stress/tail-call-with-spilled-registers.js: Added. >+ > 2019-05-10 Saam barati <sbarati@apple.com> > > Call to JSToWasmICCallee::createStructure passes in wrong prototype value >diff --git a/JSTests/stress/tail-call-with-spilled-registers.js b/JSTests/stress/tail-call-with-spilled-registers.js >new file mode 100644 >index 00000000000..03fb71cabab >--- /dev/null >+++ b/JSTests/stress/tail-call-with-spilled-registers.js >@@ -0,0 +1,51 @@ >+//@ run("--useConcurrentJIT=false") >+ >+"use strict"; >+ >+function assert(a, e) { >+ if (a !== e) >+ throw new Error('Expected: ' + e + ' but got: ' + a); >+} >+noInline(assert); >+ >+function c3(v, b, c, d, e) { >+ return v + b + c + d + e; >+} >+noInline(c3); >+ >+function c1(o) { >+ let ret = o.c2; >+ if (o.a) >+ assert(o.a, 126); >+ return o; >+} >+noInline(c1); >+ >+function getter() { >+ let b = Math.random(); >+ let c = Math.random(); >+ let d = Math.random(); >+ let e = Math.random(); >+ return c3('test', b, c, d, e); >+} >+noInline(getter); >+ >+let c = []; >+ >+c[0] = {a: 126}; >+c[0].foo = 0; >+c[0].c2 = 15; >+ >+c[1] = {}; >+c[1].bar = 99; >+ >+c[2] = {}; >+Object.defineProperty(c[2], 'c2', { get: getter }); >+ >+for (let i = 0; i < 10000; i++) { >+ if (numberOfDFGCompiles(c1) > 0) >+ c1(c[2]); >+ else >+ c1(c[i % 2]); >+} >+ >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index eeb5b5c5aba..a47db7f29e4 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,14 @@ >+2019-05-14 Caio Lima <ticaiolima@gmail.com> >+ >+ [ARMv7] Tail calls are broken on THUMB2 >+ https://bugs.webkit.org/show_bug.cgi?id=197797 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * jit/CallFrameShuffler.cpp: >+ (JSC::CallFrameShuffler::prepareForTailCall): >+ * llint/LowLevelInterpreter.asm: >+ > 2019-05-12 Yusuke Suzuki <ysuzuki@apple.com> > > [JSC] Compress Watchpoint size by using enum type and Packed<> data structure >diff --git a/Source/JavaScriptCore/bytecode/AccessCase.cpp b/Source/JavaScriptCore/bytecode/AccessCase.cpp >index c10859aced3..6470202f75c 100644 >--- a/Source/JavaScriptCore/bytecode/AccessCase.cpp >+++ b/Source/JavaScriptCore/bytecode/AccessCase.cpp >@@ -891,7 +891,11 @@ void AccessCase::generateImpl(AccessGenerationState& state) > CCallHelpers::Zero, loadedValueGPR); > > unsigned numberOfRegsForCall = CallFrame::headerSizeInRegisters + numberOfParameters; >+#if USE(JSVALUE32_64) >+ unsigned numberOfBytesForCall = numberOfRegsForCall * sizeof(Register); >+#else > unsigned numberOfBytesForCall = numberOfRegsForCall * sizeof(Register) - sizeof(CallerFrameAndPC); >+#endif > > unsigned alignedNumberOfBytesForCall = > WTF::roundUpToMultipleOf(stackAlignmentBytes(), numberOfBytesForCall);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=369981">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 197797
:
369606
|
369650
|
369895
|
369981
|
370019
|
370021
|
370650
|
370651
|
370661
|
370784
|
370785
|
371567
|
371580
|
392300
|
393034