126043 – Arity check slow path should ensure that when we return, we restore SP back to what the caller expects

Bug 126043 - Arity check slow path should ensure that when we return, we restore SP back to what the caller expects

Summary: Arity check slow path should ensure that when we return, we restore SP back t...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Normal
Assignee:	Filip Pizlo

URL:
Keywords:

Depends on:
Blocks:	113621
	Show dependency tree / graph

Reported:	2013-12-19 19:57 PST by Filip Pizlo
Modified:	2014-01-30 13:27 PST (History)
CC List:	7 users (show)

See Also:

Attachments
it begins (7.10 KB, patch) 2013-12-19 20:42 PST, Filip Pizlo	no flags	Details \| Formatted Diff \| Diff
it takes shape (11.11 KB, patch) 2013-12-19 21:26 PST, Filip Pizlo	no flags	Details \| Formatted Diff \| Diff
it runs things (32.58 KB, patch) 2013-12-20 00:55 PST, Filip Pizlo	no flags	Details \| Formatted Diff \| Diff
LLInt starting to work (44.97 KB, patch) 2013-12-20 02:02 PST, Filip Pizlo	no flags	Details \| Formatted Diff \| Diff
the patch (49.92 KB, patch) 2013-12-20 15:22 PST, Filip Pizlo	ggaren: review+	Details \| Formatted Diff \| Diff
Show Obsolete (4) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Filip Pizlo 2013-12-19 19:57:01 PST

Patch forthcoming.


Test case:

function bar(a,b,c,d,e,f,g,h,i,j,k) {
}

noInline(bar);

for (var i = 0; i < 10000000; ++i)
    bar();

Comment 1 Filip Pizlo 2013-12-19 20:42:43 PST

Created attachment 219723 [details]
it begins

Comment 2 Filip Pizlo 2013-12-19 21:26:14 PST

Created attachment 219729 [details]
it takes shape

Comment 3 Filip Pizlo 2013-12-19 21:28:02 PST

(In reply to comment #2)
> Created an attachment (id=219729) [details]
> it takes shape

What remains:

- Do the same thing in FTL & DFG that I'm doing in the baseline JIT.

- Port to 32-bit.

- Make it work in LLInt's copy loop.

Comment 4 Filip Pizlo 2013-12-20 00:55:42 PST

Created attachment 219739 [details]
it runs things

Still need to do:

- LLInt

- 32-bit

Comment 5 Filip Pizlo 2013-12-20 02:02:22 PST

Created attachment 219742 [details]
LLInt starting to work

Comment 6 Filip Pizlo 2013-12-20 15:22:38 PST

Created attachment 219803 [details]
the patch

Still need to do 32-bit.  But, I don't think I can even test 32-bit right now.  Porting it would be easy if I could test.

Comment 7 Filip Pizlo 2013-12-20 15:34:57 PST

64-bit parts landed in http://trac.webkit.org/changeset/160936

Comment 8 Geoffrey Garen 2014-01-14 14:44:15 PST

Comment on attachment 219803 [details]
the patch

r=me