[JAEGER] Multiple cases failed in JaegerMonkey on Solaris x86 compiled with Sun Studio 12. r=dvander

js/src/methodjit/BaseAssembler.h

@@ -110,6 +110,11 @@ class BaseAssembler : public JSC::MacroAssembler
     Vector<CallPatch, 64, SystemAllocPolicy> callPatches;
 
   public:
+#if defined(JS_NO_FASTCALL) && defined(JS_CPU_X86)
+    // If there is no fast call, we need to add esp by 8 after the call.
+    // This callLabel is to record the Label exactly after the call.
+    Label callLabel;
+#endif
     BaseAssembler()
       : callPatches(SystemAllocPolicy())
     {
@@ -259,8 +264,9 @@ static const JSC::MacroAssembler::RegisterID JSReturnReg_Data = JSC::ARMRegister
 #endif
         Call cl = call(pfun);
 #if defined(JS_NO_FASTCALL) && defined(JS_CPU_X86)
-        pop();
+        callLabel = label();
-        pop();
+        addPtr(JSC::MacroAssembler::Imm32(8),
+               JSC::MacroAssembler::stackPointerRegister);
 #endif
         return cl;
     }

js/src/methodjit/Compiler.cpp

@@ -486,6 +486,16 @@ mjit::Compiler::generateMethod()
             masm.move(ImmPtr(PC), Registers::ArgReg1);
             stubCall(stubs::Trap);
         }
+#if defined(JS_NO_FASTCALL) && defined(JS_CPU_X86)
+        // In case of no fast call, when we change the return address,
+        // we need to make sure add esp by 8. For normal call, we need
+        // to make sure the esp is not changed.
+        else {
+            masm.subPtr(Imm32(8), Registers::StackPointer);
+            masm.callLabel = masm.label();
+            masm.addPtr(Imm32(8), Registers::StackPointer);
+        }
+#endif
         ADD_CALLSITE(false);
 
     /**********************
@@ -1836,6 +1846,9 @@ mjit::Compiler::inlineCallHelper(uint32 argc, bool callingNew)
     masm.addPtr(Imm32(sizeof(void*)), Registers::StackPointer);
 #endif
     masm.call(Registers::ReturnReg);
+#if defined(JS_NO_FASTCALL) && defined(JS_CPU_X86)
+    masm.callLabel = masm.label();
+#endif
     ADD_CALLSITE(false);
 
     /*
@@ -1887,7 +1900,11 @@ mjit::Compiler::addCallSite(uint32 id, bool stub)
 {
     InternalCallSite site;
     site.stub = stub;
+#if defined(JS_NO_FASTCALL) && defined(JS_CPU_X86)
+    site.location = stub ? stubcc.masm.callLabel : masm.callLabel;
+#else
     site.location = stub ? stubcc.masm.label() : masm.label();
+#endif
     site.pc = PC;
     site.id = id;
     callSites.append(site);

js/src/methodjit/FastOps.cpp

@@ -860,7 +860,13 @@ mjit::Compiler::booleanJumpScript(JSOp op, jsbytecode *target)
         !(fe->isType(JSVAL_TYPE_BOOLEAN) || fe->isType(JSVAL_TYPE_INT32))) {
         stubcc.masm.fixScriptStack(frame.frameDepth());
         stubcc.masm.setupVMFrame();
+#if defined(JS_NO_FASTCALL) && defined(JS_CPU_X86)
+        stubcc.masm.push(Registers::ArgReg0);
+#endif
         stubcc.masm.call(JS_FUNC_TO_DATA_PTR(void *, stubs::ValueToBoolean));
+#if defined(JS_NO_FASTCALL) && defined(JS_CPU_X86)
+        stubcc.masm.pop();
+#endif
 
         jmpCvtExecScript.setJump(stubcc.masm.branchTest32(cond, Registers::ReturnReg,
                                                           Registers::ReturnReg));

js/src/methodjit/MonoIC.cpp

@@ -284,11 +284,22 @@ ic::CallFastNative(JSContext *cx, JSScript *script, MICInfo &mic, JSFunction *fu
     /* Restore stack. */
     ncc.masm.add32(Imm32(stackAdjustment), JSC::X86Registers::esp);
 
+#if defined(JS_NO_FASTCALL) && defined(JS_CPU_X86)
+    // Usually JaegerThrowpoline got called from return address.
+    // So in JaegerThrowpoline without fastcall, esp was added by 8.
+    // If we just want to jump there, we need to sub esp by 8 first.
+    ncc.masm.sub32(Imm32(8), JSC::X86Registers::esp);
+#endif
+
     /* Check if the call is throwing, and jump to the throwpoline. */
     Jump hasException =
         ncc.masm.branchTest32(Assembler::Zero, Registers::ReturnReg, Registers::ReturnReg);
     ncc.addLink(hasException, JS_FUNC_TO_DATA_PTR(uint8 *, JaegerThrowpoline));
 
+#if defined(JS_NO_FASTCALL) && defined(JS_CPU_X86)
+    ncc.masm.add32(Imm32(8), JSC::X86Registers::esp);
+#endif
+
     /* Load *vp into the return register pair. */
     Address rval(JSFrameReg, vpOffset);
     ncc.masm.loadPayload(rval, JSReturnReg_Data);

js/src/methodjit/TrampolineCompiler.cpp

@@ -104,6 +104,11 @@ TrampolineCompiler::compileTrampoline(void **where, JSC::ExecutablePool **pool,
 bool
 TrampolineCompiler::generateForceReturn(Assembler &masm)
 {
+#if defined(JS_NO_FASTCALL) && defined(JS_CPU_X86)
+    // In case of no fast call, when we change the return address,
+    // we need to make sure add esp by 8.
+    masm.addPtr(Imm32(8), Registers::StackPointer);
+#endif
     /* if (!callobj) stubs::PutCallObject */
     Jump noCallObj = masm.branchPtr(Assembler::Equal,
                                     Address(JSFrameReg, offsetof(JSStackFrame, callobj)),

js/src/methodjit/TrampolineSUNWX86.s

@@ -65,11 +65,18 @@ JaegerTrampoline:
     pushl %esp
     call SetVMFrameRegs
     popl  %edx
+    pushl %esp
+    call PushActiveVMFrame
+    popl  %edx
     popl  %edx
 
     call  *%edx
     leal -4(%esp), %ecx
     push %ecx
+    call PopActiveVMFrame
+    popl %ecx
+    leal -4(%esp), %ecx
+    push %ecx
     call UnsetVMFrameRegs
     popl %ecx
 
@@ -104,6 +111,9 @@ JaegerThrowpoline:
     je   throwpoline_exit
     jmp  *%eax
 throwpoline_exit:
+    pushl %esp
+    call PopActiveVMFrame
+    popl %ebx
     addl $0x2c, %esp
     popl %ebx
     popl %edi
@@ -116,10 +126,13 @@ throwpoline_exit:
 .global JaegerFromTracer
 .type   JaegerFromTracer, @function
 JaegerFromTracer:
+    movl 0x24(%ebx), %edx
+    movl 0x28(%ebx), %ecx
+    movl 0x38(%ebx), %eax
     /* For Sun Studio there is no fast call. */
     /* We add the stack by 8 before. */
     addl $0x8, %esp
     /* Restore frame regs. */
     movl 0x20(%esp), %ebx
-    jmp *%eax
+    ret
 .size   JaegerFromTracer, . - JaegerFromTracer