| commit | 7c9f005b50d33be7bc2c1ccfe2f6c1cd85e6e4d9 | |
| author | Rick Lavoie <rlavoie@fb.com> | |
| Thu, 9 Apr 2020 21:11:30 +0000 (9 14:11 -0700) | ||
| committer | Facebook GitHub Bot <facebook-github-bot@users.noreply.github.com> | |
| Thu, 9 Apr 2020 21:14:15 +0000 (9 14:14 -0700) | ||
| tree | cadd13a63f6c190c6943f415d64b809f7fcbd077 | treesnapshot (tar.gz zip) |
| parent | 750c04598fdbf63f695f1eabd9a1c7ce7a2abafd | commitdiff |
Fix frame-state processing of CallBuiltin for non-inlined NativeImpls
Summary:
Frame-state has logic to deal with CallBuiltin writing to out
parameters. However this is broken for a CallBuiltin arising from a
non-inlined NativeImpl. It modifies the stack slots that should
correspond to the out parameters, but if the NativeImpl hasn't been
inlined, those slots are in the caller, and not tracked by
frame-state. We end up modifying some unrelated stack slots. The
reason why this hasn't been a problem until now is that the bogus
stack slots always corresponded to where the locals were, and thus
weren't used otherwise. There was always enough space occupied by
these locals to cover all the stack slots.
However, now that locals might be compressed, there might not be
enough space, and frame-state will attempt to modify beyond the end of
the stack, triggering asserts. Fix this by only recording the relevant
metadata in the case where the out parameter slots actually exist in
the unit. Frame-state will only make the relevant changes in the
appropriate situation.
Reviewed By: jano
Differential Revision: D20938688
fbshipit-source-id: 8bfbf84b9cc468335009f0d4ed20a81df90715ad
Summary:
Frame-state has logic to deal with CallBuiltin writing to out
parameters. However this is broken for a CallBuiltin arising from a
non-inlined NativeImpl. It modifies the stack slots that should
correspond to the out parameters, but if the NativeImpl hasn't been
inlined, those slots are in the caller, and not tracked by
frame-state. We end up modifying some unrelated stack slots. The
reason why this hasn't been a problem until now is that the bogus
stack slots always corresponded to where the locals were, and thus
weren't used otherwise. There was always enough space occupied by
these locals to cover all the stack slots.
However, now that locals might be compressed, there might not be
enough space, and frame-state will attempt to modify beyond the end of
the stack, triggering asserts. Fix this by only recording the relevant
metadata in the case where the out parameter slots actually exist in
the unit. Frame-state will only make the relevant changes in the
appropriate situation.
Reviewed By: jano
Differential Revision: D20938688
fbshipit-source-id: 8bfbf84b9cc468335009f0d4ed20a81df90715ad
| hphp/runtime/vm/jit/extra-data.h | diffblobblamehistory | |
| hphp/runtime/vm/jit/frame-state.cpp | diffblobblamehistory | |
| hphp/runtime/vm/jit/irgen-builtin.cpp | diffblobblamehistory |