Bug 1828724 - Add frame pointer to StringConcatStub. r=jandem

marco-c · marco-c · commit 7b3eefe6ed45 · 2023-05-01T00:38:27.000Z
Differential Revision: https://phabricator.services.mozilla.com/D176080 UltraBlame original commit: 5dfdf003c06aae6875343177d6b0e0930f3d0a11
diff --git a/js/src/jit/CodeGenerator.cpp b/js/src/jit/CodeGenerator.cpp
@@ -10895,8 +10895,6 @@ static void ConcatInlineString(MacroAssembler& masm, Register lhs, Register rhs,
 
   
   copyChars(rhs);
-
-  masm.ret();
 }
 
 void CodeGenerator::visitSubstr(LSubstr* lir) {
@@ -11068,6 +11066,9 @@ JitCode* JitRealm::generateStringConcatStub(JSContext* cx) {
 #ifdef JS_USE_LINK_REGISTER
   masm.pushReturnAddress();
 #endif
+  masm.Push(FramePointer);
+  masm.moveStackPtrTo(FramePointer);
+
   
   Label leftEmpty;
   masm.loadStringLength(lhs, temp1);
@@ -11122,29 +11123,37 @@ JitCode* JitRealm::generateStringConcatStub(JSContext* cx) {
 
   
   masm.storeRopeChildren(lhs, rhs, output);
+  masm.pop(FramePointer);
   masm.ret();
 
   masm.bind(&leftEmpty);
   masm.mov(rhs, output);
+  masm.pop(FramePointer);
   masm.ret();
 
   masm.bind(&rightEmpty);
   masm.mov(lhs, output);
+  masm.pop(FramePointer);
   masm.ret();
 
   masm.bind(&isInlineTwoByte);
   ConcatInlineString(masm, lhs, rhs, output, temp1, temp2, temp3,
                      initialStringHeap, &failure, CharEncoding::TwoByte);
+  masm.pop(FramePointer);
+  masm.ret();
 
   masm.bind(&isInlineLatin1);
   ConcatInlineString(masm, lhs, rhs, output, temp1, temp2, temp3,
                      initialStringHeap, &failure, CharEncoding::Latin1);
+  masm.pop(FramePointer);
+  masm.ret();
 
   masm.pop(temp2);
   masm.pop(temp1);
 
   masm.bind(&failure);
   masm.movePtr(ImmPtr(nullptr), output);
+  masm.pop(FramePointer);
   masm.ret();
 
   Linker linker(masm);
