Bug 1112161 - Assert that Ion's fun.apply calls are correctly aligned. r=bbouvier

2024-11-05 08:35:26 +00:00 · 2015-02-12 14:53:05 +01:00 · 2015-02-12 14:53:05 +01:00 · 996fee1ccb
commit 996fee1ccb
parent 21ff146f90
2 changed files with 41 additions and 6 deletions
--- a/js/src/jit-test/tests/ion/stack-alignment.js
+++ b/js/src/jit-test/tests/ion/stack-alignment.js
@ -53,19 +53,40 @@ for (var l = 0; l < 4; l++) {
    ionFrameSize_args[l][a] = gen_ionFrameSize(30 + l, a, "ionFrameSize_callee_verify");;
 }

+// Check ion frames during function calls are always correctly aligned.
+function ionFrame_funApply_0() {
+  assertJitStackInvariants.apply(this, arguments);
+}
+function ionFrame_funApply_1() {
+  ionFrame_funApply_0.apply(this, arguments);
+}
+
+
 for (i = 0; i < 40; i++) {
  entryFrame_1();
  entryFrame_1(0);
  entryFrame_1(0, 1);
+
  rectifierFrame_1(i);
  rectifierFrame_2(i);
  rectifierFrame_3(i);
  rectifierFrame_4(i);
+
  ionFrameSize_0(i);
  ionFrameSize_1(i);
  ionFrameSize_2(i);
  ionFrameSize_3(i);
+
  for (var l = 0; l < 4; l++)
    for (var a = 0; a < 4; a++)
      ionFrameSize_args[l][a](i);
+
+  ionFrame_funApply_0();
+  ionFrame_funApply_0(1);
+  ionFrame_funApply_0(1, 2);
+  ionFrame_funApply_0(1, 2, 3);
+  ionFrame_funApply_1();
+  ionFrame_funApply_1(1);
+  ionFrame_funApply_1(1, 2);
+  ionFrame_funApply_1(1, 2, 3);
 }
--- a/js/src/jit/JitFrames.cpp
+++ b/js/src/jit/JitFrames.cpp
@ -3087,14 +3087,16 @@ AssertJitStackInvariants(JSContext *cx)
 {
    for (JitActivationIterator activations(cx->runtime()); !activations.done(); ++activations) {
        JitFrameIterator frames(activations);
+        size_t prevFrameSize = 0;
+        size_t frameSize = 0;
        for (; !frames.done(); ++frames) {
+            size_t calleeFp = reinterpret_cast<size_t>(frames.fp());
+            size_t callerFp = reinterpret_cast<size_t>(frames.prevFp());
+            MOZ_ASSERT(callerFp >= calleeFp);
+            prevFrameSize = frameSize;
+            frameSize = callerFp - calleeFp;

            if (frames.prevType() == JitFrame_Rectifier) {
-                size_t calleeFp = reinterpret_cast<size_t>(frames.fp());
-                size_t callerFp = reinterpret_cast<size_t>(frames.prevFp());
-                MOZ_ASSERT(callerFp >= calleeFp);
-                size_t frameSize = callerFp - calleeFp;
-
                MOZ_RELEASE_ASSERT(frameSize % JitStackAlignment == 0,
                  "The rectifier frame should keep the alignment");

@ -3110,6 +3112,12 @@ AssertJitStackInvariants(JSContext *cx)
                  "The frame size is optimal");
            }

+            if (frames.type() == JitFrame_Exit) {
+                // For the moment, we do not keep the JitStackAlignment
+                // alignment for exit frames.
+                frameSize -= ExitFrameLayout::Size();
+            }
+
            if (frames.isIonJS()) {
                // Ideally, we should not have such requirement, but keep the
                // alignment-delta as part of the Safepoint such that we can pad
@ -3118,8 +3126,14 @@ AssertJitStackInvariants(JSContext *cx)
                // everything can properly be aligned before adding complexity.
                MOZ_RELEASE_ASSERT(frames.ionScript()->frameSize() % JitStackAlignment == 0,
                  "Ensure that if the Ion frame is aligned, then the spill base is also aligned");
-            }

+                InlineFrameIterator lastInlinedFrame(cx, &frames);
+                jsbytecode *pc = lastInlinedFrame.pc();
+                if (JSOp(*pc) == JSOP_FUNAPPLY) {
+                    MOZ_RELEASE_ASSERT(prevFrameSize % JitStackAlignment == 0,
+                      "The ion frame should keep the alignment");
+                }
+            }
        }

        MOZ_RELEASE_ASSERT(frames.type() == JitFrame_Entry,