Bug 126043

Summary: Arity check slow path should ensure that when we return, we restore SP back to what the caller expects
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: JavaScriptCoreAssignee: Filip Pizlo <fpizlo>
Status: RESOLVED FIXED    
Severity: Normal CC: barraclough, ggaren, mark.lam, mhahnenberg, msaboff, oliver, sam
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Bug Depends on:    
Bug Blocks: 113621    
Attachments:
Description Flags
it begins
none
it takes shape
none
it runs things
none
LLInt starting to work
none
the patch ggaren: review+

Description Filip Pizlo 2013-12-19 19:57:01 PST 
Patch forthcoming.


Test case:

function bar(a,b,c,d,e,f,g,h,i,j,k) {
}

noInline(bar);

for (var i = 0; i < 10000000; ++i)
    bar();
Comment 1 Filip Pizlo 2013-12-19 20:42:43 PST 
Created attachment 219723 [details]
it begins
Comment 2 Filip Pizlo 2013-12-19 21:26:14 PST 
Created attachment 219729 [details]
it takes shape
Comment 3 Filip Pizlo 2013-12-19 21:28:02 PST 
(In reply to comment #2)
> Created an attachment (id=219729) [details]
> it takes shape

What remains:

- Do the same thing in FTL & DFG that I'm doing in the baseline JIT.

- Port to 32-bit.

- Make it work in LLInt's copy loop.
Comment 4 Filip Pizlo 2013-12-20 00:55:42 PST 
Created attachment 219739 [details]
it runs things

Still need to do:

- LLInt

- 32-bit
Comment 5 Filip Pizlo 2013-12-20 02:02:22 PST 
Created attachment 219742 [details]
LLInt starting to work
Comment 6 Filip Pizlo 2013-12-20 15:22:38 PST 
Created attachment 219803 [details]
the patch

Still need to do 32-bit.  But, I don't think I can even test 32-bit right now.  Porting it would be easy if I could test.
Comment 7 Filip Pizlo 2013-12-20 15:34:57 PST 
64-bit parts landed in http://trac.webkit.org/changeset/160936
Comment 8 Geoffrey Garen 2014-01-14 14:44:15 PST 
Comment on attachment 219803 [details]
the patch

r=me