AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[sparkplug/ia32] Fix argc clobbering

Browse Source 
Fix the InstallBaselineCode path in the InterpreterEntryTrampoline to
restore the clobbered eax (i.e. argc) register.

Bug: v8:11420, chromium:1192459
Change-Id: I97ce5739cf22a08fbb46dbf372ab6276bb802440
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2791567
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73721}
This commit is contained in:
Leszek Swirski 2021-03-30 13:18:36 +02:00 committed by Commit Bot
parent 948e51fb12
commit 00afef3c7f
2 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/builtins/ia32/builtins-ia32.cc
View File

@ -1263,6 +1263,7 @@ void Builtins::Generate_InterpreterEntryTrampoline(MacroAssembler* masm) {
__ JumpCodeObject(ecx);
__ bind(&install_baseline_code);
__ movd(eax, xmm0); // Recover argument count.
GenerateTailCallToReturnedCode(masm, Runtime::kInstallBaselineCode);
}

53
test/mjsunit/baseline/cross-realm.js
View File

@ -17,16 +17,20 @@
var realm1 = Realm.createAllowCrossRealmAccess();
var realm2 = Realm.createAllowCrossRealmAccess();
// f1 and f2 have the same code, so share a SharedFunctionInfo (i.e. share
// bytecode and baseline code).
let f1 = Realm.eval(realm1, "(" + factory1.toString() + ")")();
let f2 = Realm.eval(realm2, "(" + factory1.toString() + ")")();
%NeverOptimizeFunction(f1);
%NeverOptimizeFunction(f2);
// Compile f1 to baseline, f2 stays uncompiled
%CompileBaseline(f1);
assertEquals(0, f1(0));
assertTrue(isBaseline(f1));
assertFalse(isBaseline(f2));
// f2 tiers up to baseline via lazy compile
assertEquals(0, f2(0));
assertTrue(isBaseline(f1));
assertTrue(isBaseline(f2));
@ -44,14 +48,18 @@
var realm1 = Realm.createAllowCrossRealmAccess();
var realm2 = Realm.createAllowCrossRealmAccess();
// f1, f2 and f3 have the same code, so share a SharedFunctionInfo (i.e. share
// bytecode and baseline code).
let f1 = Realm.eval(realm1, "(" + factory2.toString() + ")")();
let realmFactory = Realm.eval(realm2, "(" + factory2.toString() + ")");
// f2 and f3 are in the same realm, so share a feedback vector cell.
let f2 = realmFactory();
let f3 = realmFactory();
%NeverOptimizeFunction(f1);
%NeverOptimizeFunction(f2);
%NeverOptimizeFunction(f3);
// Compile f1 to baseline, f2 to interpreter, f3 stays uncompiled.
assertEquals(0, f2(0));
%CompileBaseline(f1);
assertEquals(0, f1(0));
@ -59,10 +67,55 @@
assertFalse(isBaseline(f2));
assertFalse(isBaseline(f3));
// Compile f3, tiers up to baseline via lazy compile and installs the feedback
// vector
assertEquals(0, f3(0));
assertTrue(isBaseline(f3));
assertFalse(isBaseline(f2));
// Run f2, tiers up to baseline via interpreter entry.
assertEquals(0, f2(0));
assertTrue(isBaseline(f2));
})();
// Ensure a feedback vector is created when sharing baseline code and a closure
// feedback cell array already exists.
(function() {
function factory3() {
return function(a) {
return a;
}
}
var realm1 = Realm.createAllowCrossRealmAccess();
var realm2 = Realm.createAllowCrossRealmAccess();
// f1, f2 and f3 have the same code, so share a SharedFunctionInfo (i.e. share
// bytecode and baseline code).
let f1 = Realm.eval(realm1, "(" + factory3.toString() + ")")();
let realmFactory = Realm.eval(realm2, "(" + factory3.toString() + ")");
// f2 and f3 are in the same realm, so share a feedback vector cell.
let f2 = realmFactory();
let f3 = realmFactory();
%NeverOptimizeFunction(f1);
%NeverOptimizeFunction(f2);
%NeverOptimizeFunction(f3);
// Compile f1 to baseline, f2 to interpreter, f3 stays uncompiled.
assertEquals(0, f2(0));
%CompileBaseline(f1);
assertEquals(0, f1(0));
assertTrue(isBaseline(f1));
assertFalse(isBaseline(f2));
assertFalse(isBaseline(f3));
// Run f2, tiers up to baseline via interpreter entry and installs the
// feedback vector
assertEquals(0, f2(0));
assertTrue(isBaseline(f2));
assertFalse(isBaseline(f3));
// Compile f3, tiers up to baseline via lazy compile.
assertEquals(0, f3(0));
assertTrue(isBaseline(f3));
})();