haikuwebkit/LayoutTests/js/regress-150336.html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html>
<head>
<script src="../resources/js-test-pre.js"></script>
</head>
<body>
<script src="script-tests/regress-150336.js"></script>
<script src="../resources/js-test-post.js"></script>
</body>
</html>
REGRESSION (r191175): OSR Exit from an inlined tail callee trashes callee save registers https://bugs.webkit.org/show_bug.cgi?id=150336 Reviewed by Mark Lam. Source/JavaScriptCore: During OSR exit, we need to restore and transform the active stack into what the baseline JIT expects. Inlined call frames become true call frames. When we reify an inlined call frame and it is a tail call which we will be continuing from, we need to restore the tag constant callee save registers with what was saved by the outermost caller. Re-enabled tail calls and restored tests for tail calls. * dfg/DFGOSRExitCompilerCommon.cpp: (JSC::DFG::reifyInlinedCallFrames): Select whether or not we use the callee save tag register contents or what was saved by the inlining caller when populating an inlined callee's callee save registers. * jit/AssemblyHelpers.h: (JSC::AssemblyHelpers::emitSaveCalleeSavesFor): This function no longer needs a stack offset. (JSC::AssemblyHelpers::emitSaveOrCopyCalleeSavesFor): New helper. * runtime/Options.h: Turned tail calls back on. * tests/es6.yaml: * tests/stress/dfg-tail-calls.js: (nonInlinedTailCall.callee): * tests/stress/mutual-tail-call-no-stack-overflow.js: (shouldThrow): * tests/stress/tail-call-in-inline-cache.js: (tail): * tests/stress/tail-call-no-stack-overflow.js: (shouldThrow): * tests/stress/tail-call-recognize.js: (callerMustBeRun): * tests/stress/tail-call-varargs-no-stack-overflow.js: (shouldThrow): LayoutTests: Added a new regression test and restored tail call test results for js/caller-property. * js/caller-property-expected.txt: * js/regress-150336-expected.txt: Added. * js/regress-150336.html: Added. * js/script-tests/regress-150336.js: Added. (bar): (foo): (test): Canonical link: https://commits.webkit.org/168526@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@191360 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2015-10-20 22:02:37 +00:00			`<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">`
			`<html>`
			`<head>`
			`<script src="../resources/js-test-pre.js"></script>`
			`</head>`
			`<body>`
			`<script src="script-tests/regress-150336.js"></script>`
			`<script src="../resources/js-test-post.js"></script>`
			`</body>`
			`</html>`