Closed Bug 1130039 Opened 6 years ago Closed 6 years ago

Align16: Align bailed inline frames.

Categories

(Core :: JavaScript Engine: JIT, defect)

Product:
Core
Component:
JavaScript Engine: JIT
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla38
Tracking Flags:
Tracking Status
firefox38 --- fixed

People

(Reporter: nbp, Assigned: nbp)

References

Details

Attachments

(1 file)

Bailout: Add padding to reconstructed BaselineStub and Rectifier frames.
9.33 KB, patch
jandem
: review+
Details | Diff | Splinter Review 
When we bailout out of IonMonkey we reconstruct the Baseline frame of the top-level script, and produce BaselineStub frames, as well as Rectifier frame for each inner function which is inlined by IonMonkey.

These bailed frames might then OSR, and thus jump from Baseline to Ion. Thus we have to align the JitFrame produced by the bailouts such that once we enter Ion, the frame is properly aligned.
Comment on attachment 8560549 [details] [diff] [review]
Bailout: Add padding to reconstructed BaselineStub and Rectifier frames.

Review of attachment 8560549 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/jit/BaselineBailouts.cpp
@@ +243,5 @@
> +        MOZ_ASSERT(framePushed_ % sizeof(Value) == 0);
> +        MOZ_ASSERT(after % sizeof(Value) == 0);
> +        size_t offset = after % alignment;
> +        if (offset)
> +            offset = alignment - offset;

Nit: I think these 3 lines can be:

size_t offset = ComputeByteAlignment(after, alignment);

@@ +1251,5 @@
>          else
>              actualArgc = IsSetPropPC(pc);
>  
> +        // Align the stack based on the number of arguments.
> +        int32_t afterFrameSize = (actualArgc + 1) * sizeof(Value) + JitFrameLayout::Size();

Nit: uint32_t or size_t, also twice below.

@@ +1416,5 @@
>      void *rectReturnAddr = cx->runtime()->jitRuntime()->getArgumentsRectifierReturnAddr();
>      MOZ_ASSERT(rectReturnAddr);
>      if (!builder.writePtr(rectReturnAddr, "ReturnAddr"))
>          return false;
> +    MOZ_ASSERT(builder.framePushed() % JitStackAlignment == 0);

Nice.
Attachment #8560549 - Flags: review?(jdemooij) → review+
https://hg.mozilla.org/mozilla-central/rev/8dfe4f1d46f3
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox38: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
You need to log in before you can comment on or make changes to this bug.