[builtins] NonNumberToNumber and StringToNumber now use CallRuntime instead of TailCallRuntime

With the tail call, pointers to the JS heap could be pushed on a js-to-wasm frame. On the js-to-wasm frame, however, this pointer would not be updated by the GC. R=bmeurer@chromium.org, v8-arm-ports@googlegroups.com, v8-mips-ports@googlegroups.com BUG=617084 TEST=mjsunit/wasm/gc-frame.js:GCInJSToWasmTest() Review-Url: https://codereview.chromium.org/2079393003 Cr-Commit-Position: refs/heads/master@{#37132}

[builtins] NonNumberToNumber and StringToNumber now use CallRuntime instead of TailCallRuntime
With the tail call, pointers to the JS heap could be pushed on a js-to-wasm frame. On the js-to-wasm frame, however, this pointer would not be updated by the GC. R=bmeurer@chromium.org, v8-arm-ports@googlegroups.com, v8-mips-ports@googlegroups.com BUG=617084 TEST=mjsunit/wasm/gc-frame.js:GCInJSToWasmTest() Review-Url: https://codereview.chromium.org/2079393003 Cr-Commit-Position: refs/heads/master@{#37132}
b5c69cbf · ahaas · Commit bot · 706b3f27 · b5c69cbf · b5c69cbf
Commit b5c69cbf authored Jun 21, 2016 by ahaas Committed by Commit bot Jun 21, 2016
7 changed files
--- a/src/arm/builtins-arm.cc
+++ b/src/arm/builtins-arm.cc
@@ -2699,8 +2699,15 @@ void Builtins::Generate_StringToNumber(MacroAssembler* masm) {
  __ Ret();
  __ bind(&runtime);
-  __ Push(r0);  // Push argument.
+  {
-  __ TailCallRuntime(Runtime::kStringToNumber);
+    FrameScope frame(masm, StackFrame::INTERNAL);
+    // Push argument.
+    __ Push(r0);
+    // We cannot use a tail call here because this builtin can also be called
+    // from wasm.
+    __ CallRuntime(Runtime::kStringToNumber);
+  }
+  __ Ret();
 }
 void Builtins::Generate_ToNumber(MacroAssembler* masm) {
@@ -2734,9 +2741,15 @@ void Builtins::Generate_NonNumberToNumber(MacroAssembler* masm) {
  __ ldr(r0, FieldMemOperand(r0, Oddball::kToNumberOffset));
  __ Ret();
  __ bind(&not_oddball);
+  {
-  __ Push(r0);  // Push argument.
+    FrameScope frame(masm, StackFrame::INTERNAL);
-  __ TailCallRuntime(Runtime::kToNumber);
+    // Push argument.
+    __ Push(r0);
+    // We cannot use a tail call here because this builtin can also be called
+    // from wasm.
+    __ CallRuntime(Runtime::kToNumber);
+  }
+  __ Ret();
 }
 void Builtins::Generate_ArgumentsAdaptorTrampoline(MacroAssembler* masm) {

--- a/src/arm64/builtins-arm64.cc
+++ b/src/arm64/builtins-arm64.cc
@@ -2792,8 +2792,15 @@ void Builtins::Generate_StringToNumber(MacroAssembler* masm) {
  __ Ret();
  __ Bind(&runtime);
-  __ Push(x0);  // Push argument.
+  {
-  __ TailCallRuntime(Runtime::kStringToNumber);
+    FrameScope frame(masm, StackFrame::INTERNAL);
+    // Push argument.
+    __ Push(x0);
+    // We cannot use a tail call here because this builtin can also be called
+    // from wasm.
+    __ CallRuntime(Runtime::kStringToNumber);
+  }
+  __ Ret();
 }
 // static
@@ -2836,9 +2843,15 @@ void Builtins::Generate_NonNumberToNumber(MacroAssembler* masm) {
  __ Ldr(x0, FieldMemOperand(x0, Oddball::kToNumberOffset));
  __ Ret();
  __ Bind(&not_oddball);
+  {
-  __ Push(x0);  // Push argument.
+    FrameScope frame(masm, StackFrame::INTERNAL);
-  __ TailCallRuntime(Runtime::kToNumber);
+    // Push argument.
+    __ Push(x0);
+    // We cannot use a tail call here because this builtin can also be called
+    // from wasm.
+    __ CallRuntime(Runtime::kToNumber);
+  }
+  __ Ret();
 }
 void Builtins::Generate_ArgumentsAdaptorTrampoline(MacroAssembler* masm) {

--- a/src/ia32/builtins-ia32.cc
+++ b/src/ia32/builtins-ia32.cc
@@ -2666,10 +2666,15 @@ void Builtins::Generate_StringToNumber(MacroAssembler* masm) {
  __ Ret();
  __ bind(&runtime);
-  __ PopReturnAddressTo(ecx);     // Pop return address.
+  {
-  __ Push(eax);                   // Push argument.
+    FrameScope frame(masm, StackFrame::INTERNAL);
-  __ PushReturnAddressFrom(ecx);  // Push return address.
+    // Push argument.
-  __ TailCallRuntime(Runtime::kStringToNumber);
+    __ push(eax);
+    // We cannot use a tail call here because this builtin can also be called
+    // from wasm.
+    __ CallRuntime(Runtime::kStringToNumber);
+  }
+  __ Ret();
 }
 // static
@@ -2710,11 +2715,15 @@ void Builtins::Generate_NonNumberToNumber(MacroAssembler* masm) {
  __ mov(eax, FieldOperand(eax, Oddball::kToNumberOffset));
  __ Ret();
  __ bind(&not_oddball);
+  {
-  __ pop(ecx);   // Pop return address.
+    FrameScope frame(masm, StackFrame::INTERNAL);
-  __ push(eax);  // Push argument.
+    // Push argument.
-  __ push(ecx);  // Push return address.
+    __ push(eax);
-  __ TailCallRuntime(Runtime::kToNumber);
+    // We cannot use a tail call here because this builtin can also be called
+    // from wasm.
+    __ CallRuntime(Runtime::kToNumber);
+  }
+  __ Ret();
 }
 void Builtins::Generate_ArgumentsAdaptorTrampoline(MacroAssembler* masm) {

--- a/src/mips/builtins-mips.cc
+++ b/src/mips/builtins-mips.cc
@@ -2776,8 +2776,15 @@ void Builtins::Generate_StringToNumber(MacroAssembler* masm) {
  __ Ret();
  __ bind(&runtime);
-  __ Push(a0);  // Push argument.
+  {
-  __ TailCallRuntime(Runtime::kStringToNumber);
+    FrameScope frame(masm, StackFrame::INTERNAL);
+    // Push argument.
+    __ Push(a0);
+    // We cannot use a tail call here because this builtin can also be called
+    // from wasm.
+    __ CallRuntime(Runtime::kStringToNumber);
+  }
+  __ Ret();
 }
 // static
@@ -2821,9 +2828,15 @@ void Builtins::Generate_NonNumberToNumber(MacroAssembler* masm) {
  __ Ret(USE_DELAY_SLOT);
  __ lw(v0, FieldMemOperand(a0, Oddball::kToNumberOffset));  // In delay slot.
  __ bind(&not_oddball);
+  {
-  __ Push(a0);  // Push argument.
+    FrameScope frame(masm, StackFrame::INTERNAL);
-  __ TailCallRuntime(Runtime::kToNumber);
+    // Push argument.
+    __ Push(a0);
+    // We cannot use a tail call here because this builtin can also be called
+    // from wasm.
+    __ CallRuntime(Runtime::kToNumber);
+  }
+  __ Ret();
 }
 void Builtins::Generate_ArgumentsAdaptorTrampoline(MacroAssembler* masm) {

--- a/src/mips64/builtins-mips64.cc
+++ b/src/mips64/builtins-mips64.cc
@@ -2762,8 +2762,15 @@ void Builtins::Generate_StringToNumber(MacroAssembler* masm) {
  __ Ret();
  __ bind(&runtime);
-  __ Push(a0);  // Push argument.
+  {
-  __ TailCallRuntime(Runtime::kStringToNumber);
+    FrameScope frame(masm, StackFrame::INTERNAL);
+    // Push argument.
+    __ Push(a0);
+    // We cannot use a tail call here because this builtin can also be called
+    // from wasm.
+    __ CallRuntime(Runtime::kStringToNumber);
+  }
+  __ Ret();
 }
 // static
@@ -2807,9 +2814,15 @@ void Builtins::Generate_NonNumberToNumber(MacroAssembler* masm) {
  __ Ret(USE_DELAY_SLOT);
  __ ld(v0, FieldMemOperand(a0, Oddball::kToNumberOffset));  // In delay slot.
  __ bind(&not_oddball);
+  {
-  __ Push(a0);  // Push argument.
+    FrameScope frame(masm, StackFrame::INTERNAL);
-  __ TailCallRuntime(Runtime::kToNumber);
+    // Push argument.
+    __ Push(a0);
+    // We cannot use a tail call here because this builtin can also be called
+    // from wasm.
+    __ CallRuntime(Runtime::kToNumber);
+  }
+  __ Ret();
 }
 void Builtins::Generate_ArgumentsAdaptorTrampoline(MacroAssembler* masm) {

--- a/src/x64/builtins-x64.cc
+++ b/src/x64/builtins-x64.cc
@@ -2094,10 +2094,15 @@ void Builtins::Generate_StringToNumber(MacroAssembler* masm) {
  __ Ret();
  __ bind(&runtime);
-  __ PopReturnAddressTo(rcx);     // Pop return address.
+  {
-  __ Push(rax);                   // Push argument.
+    FrameScope frame(masm, StackFrame::INTERNAL);
-  __ PushReturnAddressFrom(rcx);  // Push return address.
+    // Push argument.
-  __ TailCallRuntime(Runtime::kStringToNumber);
+    __ Push(rax);
+    // We cannot use a tail call here because this builtin can also be called
+    // from wasm.
+    __ CallRuntime(Runtime::kStringToNumber);
+  }
+  __ Ret();
 }
 // static
@@ -2139,11 +2144,15 @@ void Builtins::Generate_NonNumberToNumber(MacroAssembler* masm) {
  __ movp(rax, FieldOperand(rax, Oddball::kToNumberOffset));
  __ Ret();
  __ bind(&not_oddball);
+  {
-  __ PopReturnAddressTo(rcx);     // Pop return address.
+    FrameScope frame(masm, StackFrame::INTERNAL);
-  __ Push(rax);                   // Push argument.
+    // Push argument.
-  __ PushReturnAddressFrom(rcx);  // Push return address.
+    __ Push(rax);
-  __ TailCallRuntime(Runtime::kToNumber);
+    // We cannot use a tail call here because this builtin can also be called
+    // from wasm.
+    __ CallRuntime(Runtime::kToNumber);
+  }
+  __ Ret();
 }
 void Builtins::Generate_ArgumentsAdaptorTrampoline(MacroAssembler* masm) {

--- a/test/mjsunit/wasm/gc-frame.js
+++ b/test/mjsunit/wasm/gc-frame.js
@@ -66,9 +66,32 @@ function print10(a, b, c, d, e, f, g, h, i) {
  }
 })();
-(function I32Test() {
+(function F64Test() {
  var main = makeFFI(print10, kAstF64);
  for (var i = 1; i < 2e+80; i *= -1137) {
    main(i - 1, i, i + 2, i + 3, i + 4, i + 5, i + 6, i + 7, i + 8);
  }
 })();
+(function GCInJSToWasmTest() {
+  var builder = new WasmModuleBuilder();
+  var sig_index = builder.addSignature([1, kAstI32, 1, kAstI32]);
+  builder.addFunction("main", sig_index)
+    .addBody([
+      kExprGetLocal, 0,         // --
+    ])                          // --
+    .exportFunc();
+  var main = builder.instantiate({}).exports.main;
+  var gc_object = {
+      valueOf: function() {
+        // Call the GC in valueOf, which is called within the JSToWasm wrapper.
+        gc();
+        return {};
+      }
+  };
+  main(gc_object);
+})();