126043 – Arity check slow path should ensure that when we return, we restore SP back to what the caller expects

RESOLVED FIXED 126043

Arity check slow path should ensure that when we return, we restore SP back to what the caller expects

https://bugs.webkit.org/show_bug.cgi?id=126043

Summary Arity check slow path should ensure that when we return, we restore SP back t...

Filip Pizlo

Reported 2013-12-19 19:57:01 PST

Patch forthcoming. Test case: function bar(a,b,c,d,e,f,g,h,i,j,k) { } noInline(bar); for (var i = 0; i < 10000000; ++i) bar();

Attachments
it begins (7.10 KB, patch) 2013-12-19 20:42 PST, Filip Pizlo	no flags	Details Formatted Diff Diff
it takes shape (11.11 KB, patch) 2013-12-19 21:26 PST, Filip Pizlo	no flags	Details Formatted Diff Diff
it runs things (32.58 KB, patch) 2013-12-20 00:55 PST, Filip Pizlo	no flags	Details Formatted Diff Diff
LLInt starting to work (44.97 KB, patch) 2013-12-20 02:02 PST, Filip Pizlo	no flags	Details Formatted Diff Diff
the patch (49.92 KB, patch) 2013-12-20 15:22 PST, Filip Pizlo	ggaren: review+	Details Formatted Diff Diff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.

Filip Pizlo

Comment 1 2013-12-19 20:42:43 PST

Created attachment 219723 [details] it begins

Filip Pizlo

Comment 2 2013-12-19 21:26:14 PST

Created attachment 219729 [details] it takes shape

Filip Pizlo

Comment 3 2013-12-19 21:28:02 PST

(In reply to comment #2) > Created an attachment (id=219729) [details] > it takes shape What remains: - Do the same thing in FTL & DFG that I'm doing in the baseline JIT. - Port to 32-bit. - Make it work in LLInt's copy loop.

Filip Pizlo

Comment 4 2013-12-20 00:55:42 PST

Created attachment 219739 [details] it runs things Still need to do: - LLInt - 32-bit

Filip Pizlo

Comment 5 2013-12-20 02:02:22 PST

Created attachment 219742 [details] LLInt starting to work

Filip Pizlo

Comment 6 2013-12-20 15:22:38 PST

Created attachment 219803 [details] the patch Still need to do 32-bit. But, I don't think I can even test 32-bit right now. Porting it would be easy if I could test.

Filip Pizlo

Comment 7 2013-12-20 15:34:57 PST

64-bit parts landed in http://trac.webkit.org/changeset/160936

Geoffrey Garen

Comment 8 2014-01-14 14:44:15 PST

Comment on attachment 219803 [details] the patch r=me

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component JavaScriptCore

Assignee

Filip Pizlo

Reported

2013-12-19 19:57 PST

Modified

2014-01-30 13:27 PST History

CC List

7 users Show

URL

Keywords

Depends on

Blocks

113621

Dependencies

tree graph