Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
1848473002:
[Interpreter] Changes GenerateDoubleToObject to push and pop rsi value. (Closed)
Description[Interpreter] Changes GenerateDoubleToObject to push and pop rsi value.
In the earlier implementation of GenerateDoubleToObject the context
is loaded from the parent's frame. rsi is clobbered because it is used
to store kHoleNan constnat. It is not always safe to peek at
the parents frame. Bytecode handlers have TypedFrame and the type of
frame is stored at FP + 1. GenerateDoubleToObject expects context
to be store at that place. In the current implementation rsi is pushed
onto the stack and is popped when exiting this function.
BUG=v8:4280, chromium:597565
LOG=N
Committed: https://crrev.com/e6b6e5545386985f1d0bec875307e5df52062d71
Cr-Commit-Position: refs/heads/master@{#35163}
Patch Set 1 #Patch Set 2 : Port for ia32. #Patch Set 3 : adds an mjsunit test. #Patch Set 4 : adds comments to test. #
Messages
Total messages: 32 (13 generated)
The CQ bit was checked by mythria@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1848473002/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1848473002/1
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
mythria@chromium.org changed reviewers: + mvstanton@chromium.org, verwaest@chromium.org
Michael and Toon, I was looking at an ignition failure (https://bugs.chromium.org/p/chromium/issues/detail?id=597565). It was failing because of an incorrect context value. The wrong context value is stored into rsi in GenerateDoubleToObject. This stub loads the context from its parent frame (from rbp-0x8). In ignition we create a TypedFrame so the type of frame is stored at that location as opposed to cotnext in standard frames. In this cl I push and pop rsi so that we need not peek at parent's frame. Please take a look. I don't understand this code too well, so I am not sure this is the right fix. Please take a look. If you think it is ok, I will also port it to other architectures. Thanks, Mythri
lgtm
lgtm
The CQ bit was checked by mythria@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1848473002/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1848473002/20001
Thanks for your reviews. I ported it to ia32 as well. Arm and mips does not seem to have this problem. They don't use the context register. I will land this once the bots are green. Thanks and Regards, Mythri
Drive by comment - could you add a mjsunit test for this (the minismised clusterfuzz js file would be fine).
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
mythria@chromium.org changed reviewers: + oth@chromium.org
Thanks Ross, I added an mjsunit test. Orion, could you please review the mjsunit test I added. Thanks, Mythri
The CQ bit was checked by mythria@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1848473002/40001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1848473002/40001
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
lgtm, a brief comment or two in the tests might help a future reader.
Thanks orion. I added comments to the test.
The CQ bit was checked by mythria@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1848473002/60001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1848473002/60001
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
The CQ bit was checked by mythria@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from mvstanton@chromium.org, verwaest@chromium.org, oth@chromium.org Link to the patchset: https://codereview.chromium.org/1848473002/#ps60001 (title: "adds comments to test.")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1848473002/60001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1848473002/60001
Message was sent while issue was closed.
Committed patchset #4 (id:60001)
Message was sent while issue was closed.
Description was changed from ========== [Interpreter] Changes GenerateDoubleToObject to push and pop rsi value. In the earlier implementation of GenerateDoubleToObject the context is loaded from the parent's frame. rsi is clobbered because it is used to store kHoleNan constnat. It is not always safe to peek at the parents frame. Bytecode handlers have TypedFrame and the type of frame is stored at FP + 1. GenerateDoubleToObject expects context to be store at that place. In the current implementation rsi is pushed onto the stack and is popped when exiting this function. BUG=v8:4280,chromium:597565 LOG=N ========== to ========== [Interpreter] Changes GenerateDoubleToObject to push and pop rsi value. In the earlier implementation of GenerateDoubleToObject the context is loaded from the parent's frame. rsi is clobbered because it is used to store kHoleNan constnat. It is not always safe to peek at the parents frame. Bytecode handlers have TypedFrame and the type of frame is stored at FP + 1. GenerateDoubleToObject expects context to be store at that place. In the current implementation rsi is pushed onto the stack and is popped when exiting this function. BUG=v8:4280,chromium:597565 LOG=N Committed: https://crrev.com/e6b6e5545386985f1d0bec875307e5df52062d71 Cr-Commit-Position: refs/heads/master@{#35163} ==========
Message was sent while issue was closed.
Patchset 4 (id:??) landed as https://crrev.com/e6b6e5545386985f1d0bec875307e5df52062d71 Cr-Commit-Position: refs/heads/master@{#35163} |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
