Changeset 102389 in webkit

Timestamp:

Dec 8, 2011 3:16:54 PM (12 years ago)

Author:

commit-queue@webkit.org

Message:

​https://bugs.webkit.org/show_bug.cgi?id=74005
fix unaligned access memory in generatePatternCharacterOnce function
for SH4 platforms.

Patch by Thouraya ANDOLSI <​thouraya.andolsi@st.com> on 2011-12-08
Reviewed by Gavin Barraclough.

• assembler/MacroAssemblerARM.h:

(JSC::MacroAssemblerARM::load16Unaligned):

• assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::load16Unaligned):

• assembler/MacroAssemblerMIPS.h:

(JSC::MacroAssemblerMIPS::load16Unaligned):

• assembler/MacroAssemblerSH4.h:

(JSC::MacroAssemblerSH4::lshift32):
(JSC::MacroAssemblerSH4::load8):
(JSC::MacroAssemblerSH4::load16):
(JSC::MacroAssemblerSH4::load16Unaligned):
(JSC::MacroAssemblerSH4::branch8):

• assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::load16Unaligned):

• jit/JIT.h:
• yarr/YarrJIT.cpp:

(JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• assembler/MacroAssemblerARM.h (modified) (1 diff)
• assembler/MacroAssemblerARMv7.h (modified) (1 diff)
• assembler/MacroAssemblerMIPS.h (modified) (1 diff)
• assembler/MacroAssemblerSH4.h (modified) (19 diffs)
• assembler/MacroAssemblerX86Common.h (modified) (1 diff)
• yarr/YarrJIT.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2011-12-08  Thouraya ANDOLSI  <thouraya.andolsi@st.com>
+
+        https://bugs.webkit.org/show_bug.cgi?id=74005
+        fix unaligned access memory in generatePatternCharacterOnce function
+        for SH4 platforms.
+
+        Reviewed by Gavin Barraclough.
+
+        * assembler/MacroAssemblerARM.h:
+        (JSC::MacroAssemblerARM::load16Unaligned):
+        * assembler/MacroAssemblerARMv7.h:
+        (JSC::MacroAssemblerARMv7::load16Unaligned):
+        * assembler/MacroAssemblerMIPS.h:
+        (JSC::MacroAssemblerMIPS::load16Unaligned):
+        * assembler/MacroAssemblerSH4.h:
+        (JSC::MacroAssemblerSH4::lshift32):
+        (JSC::MacroAssemblerSH4::load8):
+        (JSC::MacroAssemblerSH4::load16):
+        (JSC::MacroAssemblerSH4::load16Unaligned):
+        (JSC::MacroAssemblerSH4::branch8):
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::load16Unaligned):
+        * jit/JIT.h:
+        * yarr/YarrJIT.cpp:
+        (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
+
 2011-12-08  Michael Saboff  <msaboff@apple.com>
 

trunk/Source/JavaScriptCore/assembler/MacroAssemblerARM.h

@@ -282 +282 @@
     }
 #endif
+
+    void load16Unaligned(BaseIndex address, RegisterID dest)
+    {
+        load16(address, dest);
+    }
 
     DataLabel32 load32WithAddressOffsetPatch(Address address, RegisterID dest)

trunk/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h

@@ -576 +576 @@
     }
 
+    void load16Unaligned(BaseIndex address, RegisterID dest)
+    {
+        load16(setupArmAddress(address), dest);
+    }
+
     void load32(const void* address, RegisterID dest)
     {

trunk/Source/JavaScriptCore/assembler/MacroAssemblerMIPS.h

@@ -575 +575 @@
             m_assembler.lw(dest, addrTempRegister, address.offset);
         }
+    }
+
+    void load16Unaligned(BaseIndex address, RegisterID dest)
+    {
+        load16(address, dest);
     }
 

trunk/Source/JavaScriptCore/assembler/MacroAssemblerSH4.h

@@ -159 +159 @@
     void lshift32(RegisterID shiftamount, RegisterID dest)
     {
+        if (shiftamount == SH4Registers::r0)
+            m_assembler.andlImm8r(0x1f, shiftamount);
+        else {
+            RegisterID scr = claimScratch();
+            m_assembler.loadConstant(0x1f, scr);
+            m_assembler.andlRegReg(scr, shiftamount);
+            releaseScratch(scr);
+        }
         m_assembler.shllRegReg(dest, shiftamount);
     }
@@ -172 +180 @@
     void lshift32(TrustedImm32 imm, RegisterID dest)
     {
+        if (!imm.m_value)
+            return;
+
         if ((imm.m_value == 1) || (imm.m_value == 2) || (imm.m_value == 8) || (imm.m_value == 16)) {
             m_assembler.shllImm8r(imm.m_value, dest);
@@ -178 +189 @@
 
         RegisterID scr = claimScratch();
-        m_assembler.loadConstant(imm.m_value, scr);
+        m_assembler.loadConstant((imm.m_value & 0x1f) , scr);
         m_assembler.shllRegReg(dest, scr);
         releaseScratch(scr);
@@ -236 +247 @@
     void rshift32(RegisterID shiftamount, RegisterID dest)
     {
-        compare32(32, shiftamount, Equal);
-        m_assembler.ensureSpace(m_assembler.maxInstructionSize + 4);
-        m_assembler.branch(BT_OPCODE, 1);
+        if (shiftamount == SH4Registers::r0)
+            m_assembler.andlImm8r(0x1f, shiftamount);
+        else {
+            RegisterID scr = claimScratch();
+            m_assembler.loadConstant(0x1f, scr);
+            m_assembler.andlRegReg(scr, shiftamount);
+            releaseScratch(scr);
+        }
         m_assembler.neg(shiftamount, shiftamount);
         m_assembler.shaRegReg(dest, shiftamount);
@@ -583 +599 @@
         if (!offset) {
             m_assembler.movbMemReg(base, dest);
+            m_assembler.extub(dest, dest);
             return;
         }
@@ -588 +605 @@
         if ((offset > 0) && (offset < 64) && (dest == SH4Registers::r0)) {
             m_assembler.movbMemReg(offset, base, dest);
+            m_assembler.extub(dest, dest);
             return;
         }
@@ -595 +613 @@
             m_assembler.addlRegReg(base, dest);
             m_assembler.movbMemReg(dest, dest);
+            m_assembler.extub(dest, dest);
             return;
         }
@@ -602 +621 @@
         m_assembler.addlRegReg(base, scr);
         m_assembler.movbMemReg(scr, dest);
+        m_assembler.extub(dest, dest);
         releaseScratch(scr);
     }
@@ -620 +640 @@
         if (!address.offset) {
             m_assembler.movwMemReg(address.base, dest);
+            extuw(dest, dest);
             return;
         }
@@ -625 +646 @@
         if ((address.offset > 0) && (address.offset < 64) && (dest == SH4Registers::r0)) {
             m_assembler.movwMemReg(address.offset, address.base, dest);
+            extuw(dest, dest);
             return;
         }
@@ -632 +654 @@
             m_assembler.addlRegReg(address.base, dest);
             m_assembler.movwMemReg(dest, dest);
+            extuw(dest, dest);
             return;
         }
@@ -639 +662 @@
         m_assembler.addlRegReg(address.base, scr);
         m_assembler.movwMemReg(scr, dest);
-        releaseScratch(scr);
+        extuw(dest, dest);
+        releaseScratch(scr);
+    }
+
+    void load16Unaligned(BaseIndex address, RegisterID dest)
+    {
+
+        RegisterID scr = claimScratch();
+        RegisterID scr1 = claimScratch();
+
+        move(address.index, scr);
+        lshift32(TrustedImm32(address.scale), scr);
+
+        if (address.offset)
+            add32(TrustedImm32(address.offset), scr);
+
+        add32(address.base, scr);
+        load8(scr, scr1);
+        add32(TrustedImm32(1), scr);
+        load8(scr, dest);
+        move(TrustedImm32(8), scr);
+        m_assembler.shllRegReg(dest, scr);
+        or32(scr1, dest);
+
+        releaseScratch(scr);
+        releaseScratch(scr1);
     }
 
@@ -645 +693 @@
     {
         m_assembler.movwMemReg(src, dest);
+        extuw(dest, dest);
     }
 
@@ -651 +700 @@
         ASSERT(r0 == SH4Registers::r0);
         m_assembler.movwR0mr(src, dest);
+        extuw(dest, dest);
     }
 
@@ -662 +712 @@
         if (address.offset)
             add32(TrustedImm32(address.offset), scr);
-        if (scr == SH4Registers::r0)
-            m_assembler.movwR0mr(address.base, scr);
+        if (address.base == SH4Registers::r0)
+            load16(address.base, scr, dest);
         else {
             add32(address.base, scr);
-            load16(scr, scr);
-        }
-
-        extuw(scr, dest);
+            load16(scr, dest);
+        }
+
         releaseScratch(scr);
     }
@@ -1230 +1279 @@
     void move(RegisterID src, RegisterID dest)
     {
-        m_assembler.movlRegReg(src, dest);
+        if (src != dest)
+            m_assembler.movlRegReg(src, dest);
     }
 
@@ -1387 +1437 @@
         add32(left.base, scr);
         load8(scr, scr);
-        m_assembler.extub(scr, scr);
         RegisterID scr1 = claimScratch();
         m_assembler.loadConstant(right.m_value, scr1);
@@ -1640 +1689 @@
     void urshift32(RegisterID shiftamount, RegisterID dest)
     {
-        compare32(32, shiftamount, Equal);
-        m_assembler.ensureSpace(m_assembler.maxInstructionSize + 4);
-        m_assembler.branch(BT_OPCODE, 1);
+        if (shiftamount == SH4Registers::r0)
+            m_assembler.andlImm8r(0x1f, shiftamount);
+        else {
+            RegisterID scr = claimScratch();
+            m_assembler.loadConstant(0x1f, scr);
+            m_assembler.andlRegReg(scr, shiftamount);
+            releaseScratch(scr);
+        }
         m_assembler.neg(shiftamount, shiftamount);
         m_assembler.shllRegReg(dest, shiftamount);
@@ -1650 +1704 @@
     {
         RegisterID scr = claimScratch();
-        m_assembler.loadConstant(-(imm.m_value), scr);
+        m_assembler.loadConstant(-(imm.m_value & 0x1f), scr);
         m_assembler.shaRegReg(dest, scr);
         releaseScratch(scr);

trunk/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h

@@ -445 +445 @@
     {
         load32(address, dest);
+    }
+
+    void load16Unaligned(BaseIndex address, RegisterID dest)
+    {
+        load16(address, dest);
     }
 

trunk/Source/JavaScriptCore/yarr/YarrJIT.cpp

@@ -700 +700 @@
                 if (m_charSize == Char8) {
                     BaseIndex address(input, index, TimesOne, (term->inputPosition - m_checked) * sizeof(char));
-                    load16(address, character);
+                    load16Unaligned(address, character);
                 } else {
                     BaseIndex address(input, index, TimesTwo, (term->inputPosition - m_checked) * sizeof(UChar));