Commit 00afef3c authored by Leszek Swirski's avatar Leszek Swirski Committed by Commit Bot

[sparkplug/ia32] Fix argc clobbering

Fix the InstallBaselineCode path in the InterpreterEntryTrampoline to
restore the clobbered eax (i.e. argc) register.

Bug: v8:11420, chromium:1192459
Change-Id: I97ce5739cf22a08fbb46dbf372ab6276bb802440
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2791567
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: 's avatarVictor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73721}
parent 948e51fb
...@@ -1263,6 +1263,7 @@ void Builtins::Generate_InterpreterEntryTrampoline(MacroAssembler* masm) { ...@@ -1263,6 +1263,7 @@ void Builtins::Generate_InterpreterEntryTrampoline(MacroAssembler* masm) {
__ JumpCodeObject(ecx); __ JumpCodeObject(ecx);
__ bind(&install_baseline_code); __ bind(&install_baseline_code);
__ movd(eax, xmm0); // Recover argument count.
GenerateTailCallToReturnedCode(masm, Runtime::kInstallBaselineCode); GenerateTailCallToReturnedCode(masm, Runtime::kInstallBaselineCode);
} }
......
...@@ -17,16 +17,20 @@ ...@@ -17,16 +17,20 @@
var realm1 = Realm.createAllowCrossRealmAccess(); var realm1 = Realm.createAllowCrossRealmAccess();
var realm2 = Realm.createAllowCrossRealmAccess(); var realm2 = Realm.createAllowCrossRealmAccess();
// f1 and f2 have the same code, so share a SharedFunctionInfo (i.e. share
// bytecode and baseline code).
let f1 = Realm.eval(realm1, "(" + factory1.toString() + ")")(); let f1 = Realm.eval(realm1, "(" + factory1.toString() + ")")();
let f2 = Realm.eval(realm2, "(" + factory1.toString() + ")")(); let f2 = Realm.eval(realm2, "(" + factory1.toString() + ")")();
%NeverOptimizeFunction(f1); %NeverOptimizeFunction(f1);
%NeverOptimizeFunction(f2); %NeverOptimizeFunction(f2);
// Compile f1 to baseline, f2 stays uncompiled
%CompileBaseline(f1); %CompileBaseline(f1);
assertEquals(0, f1(0)); assertEquals(0, f1(0));
assertTrue(isBaseline(f1)); assertTrue(isBaseline(f1));
assertFalse(isBaseline(f2)); assertFalse(isBaseline(f2));
// f2 tiers up to baseline via lazy compile
assertEquals(0, f2(0)); assertEquals(0, f2(0));
assertTrue(isBaseline(f1)); assertTrue(isBaseline(f1));
assertTrue(isBaseline(f2)); assertTrue(isBaseline(f2));
...@@ -44,14 +48,18 @@ ...@@ -44,14 +48,18 @@
var realm1 = Realm.createAllowCrossRealmAccess(); var realm1 = Realm.createAllowCrossRealmAccess();
var realm2 = Realm.createAllowCrossRealmAccess(); var realm2 = Realm.createAllowCrossRealmAccess();
// f1, f2 and f3 have the same code, so share a SharedFunctionInfo (i.e. share
// bytecode and baseline code).
let f1 = Realm.eval(realm1, "(" + factory2.toString() + ")")(); let f1 = Realm.eval(realm1, "(" + factory2.toString() + ")")();
let realmFactory = Realm.eval(realm2, "(" + factory2.toString() + ")"); let realmFactory = Realm.eval(realm2, "(" + factory2.toString() + ")");
// f2 and f3 are in the same realm, so share a feedback vector cell.
let f2 = realmFactory(); let f2 = realmFactory();
let f3 = realmFactory(); let f3 = realmFactory();
%NeverOptimizeFunction(f1); %NeverOptimizeFunction(f1);
%NeverOptimizeFunction(f2); %NeverOptimizeFunction(f2);
%NeverOptimizeFunction(f3); %NeverOptimizeFunction(f3);
// Compile f1 to baseline, f2 to interpreter, f3 stays uncompiled.
assertEquals(0, f2(0)); assertEquals(0, f2(0));
%CompileBaseline(f1); %CompileBaseline(f1);
assertEquals(0, f1(0)); assertEquals(0, f1(0));
...@@ -59,10 +67,55 @@ ...@@ -59,10 +67,55 @@
assertFalse(isBaseline(f2)); assertFalse(isBaseline(f2));
assertFalse(isBaseline(f3)); assertFalse(isBaseline(f3));
// Compile f3, tiers up to baseline via lazy compile and installs the feedback
// vector
assertEquals(0, f3(0)); assertEquals(0, f3(0));
assertTrue(isBaseline(f3)); assertTrue(isBaseline(f3));
assertFalse(isBaseline(f2)); assertFalse(isBaseline(f2));
// Run f2, tiers up to baseline via interpreter entry.
assertEquals(0, f2(0)); assertEquals(0, f2(0));
assertTrue(isBaseline(f2)); assertTrue(isBaseline(f2));
})(); })();
// Ensure a feedback vector is created when sharing baseline code and a closure
// feedback cell array already exists.
(function() {
function factory3() {
return function(a) {
return a;
}
}
var realm1 = Realm.createAllowCrossRealmAccess();
var realm2 = Realm.createAllowCrossRealmAccess();
// f1, f2 and f3 have the same code, so share a SharedFunctionInfo (i.e. share
// bytecode and baseline code).
let f1 = Realm.eval(realm1, "(" + factory3.toString() + ")")();
let realmFactory = Realm.eval(realm2, "(" + factory3.toString() + ")");
// f2 and f3 are in the same realm, so share a feedback vector cell.
let f2 = realmFactory();
let f3 = realmFactory();
%NeverOptimizeFunction(f1);
%NeverOptimizeFunction(f2);
%NeverOptimizeFunction(f3);
// Compile f1 to baseline, f2 to interpreter, f3 stays uncompiled.
assertEquals(0, f2(0));
%CompileBaseline(f1);
assertEquals(0, f1(0));
assertTrue(isBaseline(f1));
assertFalse(isBaseline(f2));
assertFalse(isBaseline(f3));
// Run f2, tiers up to baseline via interpreter entry and installs the
// feedback vector
assertEquals(0, f2(0));
assertTrue(isBaseline(f2));
assertFalse(isBaseline(f3));
// Compile f3, tiers up to baseline via lazy compile.
assertEquals(0, f3(0));
assertTrue(isBaseline(f3));
})();
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment