Changeset 158208 in webkit
- Timestamp:
- Oct 29, 2013 12:34:19 PM (10 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r158205 r158208 1 2013-10-29 Julien Brianceau <jbriance@cisco.com> 2 3 [arm] Fix lots of crashes because of 4th argument register trampling. 4 https://bugs.webkit.org/show_bug.cgi?id=123421 5 6 Reviewed by Michael Saboff. 7 8 r3 register is the 4th argument register for ARM and also a scratch 9 register in the baseline JIT for this architecture. We can use r6 10 instead, as this used to be the timeoutCheckRegister and it is no 11 longer used since r148119. 12 13 * assembler/ARMAssembler.h: Temp register is now r6 instead of r3 for ARM. 14 * assembler/MacroAssemblerARMv7.h: Temp register is now r6 instead of r3 for ARMv7. 15 * jit/GPRInfo.h: Add r3 properly in GPRInfo for ARM. 16 (JSC::GPRInfo::toRegister): 17 (JSC::GPRInfo::toIndex): 18 * jit/JITStubsARM.h: 19 (JSC::ctiTrampoline): Remove obsolete timeoutCheckRegister init. 20 * jit/JITStubsARMv7.h: 21 (JSC::ctiTrampoline): Remove obsolete timeoutCheckRegister init. 22 * jit/JSInterfaceJIT.h: Remove useless stuff. 23 * yarr/YarrJIT.cpp: Use r3 and not the new scratch register r6. 24 (JSC::Yarr::YarrGenerator::generateEnter): r8 register doesn't need to be saved. 25 (JSC::Yarr::YarrGenerator::generateReturn): 26 1 27 2013-10-29 Julien Brianceau <jbriance@cisco.com> 2 28 -
trunk/Source/JavaScriptCore/assembler/ARMAssembler.h
r158205 r158208 42 42 r1, 43 43 r2, 44 r3, S0 = r3, /* Same as thumb assembler. */44 r3, 45 45 r4, 46 46 r5, fp = r5, // frame pointer 47 r6, 47 r6, S0 = r6, 48 48 r7, 49 49 r8, -
trunk/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h
r157618 r158208 36 36 37 37 class MacroAssemblerARMv7 : public AbstractMacroAssembler<ARMv7Assembler> { 38 // FIXME: switch dataTempRegister & addressTempRegister, or possibly use r7?39 // - dTR is likely used more than aTR, and we'll get better instruction40 // encoding if it's in the low 8 registers.41 38 static const RegisterID dataTempRegister = ARMRegisters::ip; 42 static const RegisterID addressTempRegister = ARMRegisters::r 3;39 static const RegisterID addressTempRegister = ARMRegisters::r6; 43 40 44 41 static const ARMRegisters::FPDoubleRegisterID fpTempRegister = ARMRegisters::d7; -
trunk/Source/JavaScriptCore/jit/GPRInfo.h
r157872 r158208 429 429 public: 430 430 typedef GPRReg RegisterType; 431 static const unsigned numberOfRegisters = 8;431 static const unsigned numberOfRegisters = 9; 432 432 static const unsigned numberOfArgumentRegisters = NUMBER_OF_ARGUMENT_REGISTERS; 433 433 … … 441 441 static const GPRReg regT6 = ARMRegisters::r10; 442 442 static const GPRReg regT7 = ARMRegisters::r11; 443 static const GPRReg regT8 = ARMRegisters::r3; 443 444 // These registers match the baseline JIT. 444 445 static const GPRReg cachedResultRegister = regT0; … … 449 450 static const GPRReg argumentGPR1 = ARMRegisters::r1; // regT1 450 451 static const GPRReg argumentGPR2 = ARMRegisters::r2; // regT2 451 // FIXME: r3 is currently used be the MacroAssembler as a temporary - it seems 452 // This could threoretically be a problem if this is used in code generation 453 // between the arguments being set up, and the call being made. That said, 454 // any change introducing a problem here is likely to be immediately apparent! 455 static const GPRReg argumentGPR3 = ARMRegisters::r3; // FIXME! 452 static const GPRReg argumentGPR3 = ARMRegisters::r3; // regT8 456 453 static const GPRReg nonArgGPR0 = ARMRegisters::r4; // regT3 457 454 static const GPRReg nonArgGPR1 = ARMRegisters::r8; // regT4 … … 464 461 { 465 462 ASSERT(index < numberOfRegisters); 466 static const GPRReg registerForIndex[numberOfRegisters] = { regT0, regT1, regT2, regT3, regT4, regT5, regT6, regT7 };463 static const GPRReg registerForIndex[numberOfRegisters] = { regT0, regT1, regT2, regT3, regT4, regT5, regT6, regT7, regT8 }; 467 464 return registerForIndex[index]; 468 465 } … … 472 469 ASSERT(static_cast<unsigned>(reg) != InvalidGPRReg); 473 470 ASSERT(static_cast<unsigned>(reg) < 16); 474 static const unsigned indexForRegister[16] = { 0, 1, 2, InvalidIndex, 3, InvalidIndex, InvalidIndex, InvalidIndex, 4, 5, 6, 7, InvalidIndex, InvalidIndex, InvalidIndex, InvalidIndex };471 static const unsigned indexForRegister[16] = { 0, 1, 2, 8, 3, InvalidIndex, InvalidIndex, InvalidIndex, 4, 5, 6, 7, InvalidIndex, InvalidIndex, InvalidIndex, InvalidIndex }; 475 472 unsigned result = indexForRegister[reg]; 476 473 ASSERT(result != InvalidIndex); -
trunk/Source/JavaScriptCore/jit/JITStubsARM.h
r157795 r158208 162 162 "sub sp, sp, #" STRINGIZE_VALUE_OF(PRESERVEDR4_OFFSET) "\n" 163 163 "mov r5, r2" "\n" 164 "mov r6, #512" "\n"165 164 // r0 contains the code 166 165 "blx r0" "\n" … … 358 357 sub sp, sp, # PRESERVEDR4_OFFSET 359 358 mov r5, r2 360 mov r6, #512361 359 mov lr, pc 362 360 bx r0 … … 423 421 MSVC_BEGIN( sub sp, sp, #68 ; sync with PRESERVEDR4_OFFSET) 424 422 MSVC_BEGIN( mov r5, r2) 425 MSVC_BEGIN( mov r6, #512)426 423 MSVC_BEGIN( ; r0 contains the code) 427 424 MSVC_BEGIN( mov lr, pc) -
trunk/Source/JavaScriptCore/jit/JITStubsARMv7.h
r157795 r158208 222 222 "str r1, [sp, #" STRINGIZE_VALUE_OF(REGISTER_FILE_OFFSET) "]" "\n" 223 223 "mov r5, r2" "\n" 224 "mov r6, #512" "\n"225 224 "blx r0" "\n" 226 225 "ldr r11, [sp, #" STRINGIZE_VALUE_OF(PRESERVED_R11_OFFSET) "]" "\n" … … 457 456 str r1, [sp, # REGISTER_FILE_OFFSET ] 458 457 mov r5, r2 459 mov r6, #512460 458 blx r0 461 459 ldr r11, [sp, # PRESERVED_R11_OFFSET ] -
trunk/Source/JavaScriptCore/jit/JSInterfaceJIT.h
r157604 r158208 118 118 static const RegisterID secondArgumentRegister = ARMRegisters::r1; 119 119 120 #if ENABLE(VALUE_PROFILER)121 #endif122 123 120 static const RegisterID regT0 = ARMRegisters::r0; 124 121 static const RegisterID regT1 = ARMRegisters::r1; -
trunk/Source/JavaScriptCore/yarr/YarrJIT.cpp
r157653 r158208 47 47 static const RegisterID index = ARMRegisters::r1; 48 48 static const RegisterID length = ARMRegisters::r2; 49 static const RegisterID output = ARMRegisters::r 4;50 51 static const RegisterID regT0 = ARMRegisters::r 5;52 static const RegisterID regT1 = ARMRegisters::r 6;49 static const RegisterID output = ARMRegisters::r3; 50 51 static const RegisterID regT0 = ARMRegisters::r4; 52 static const RegisterID regT1 = ARMRegisters::r5; 53 53 54 54 static const RegisterID returnRegister = ARMRegisters::r0; … … 2579 2579 push(ARMRegisters::r5); 2580 2580 push(ARMRegisters::r6); 2581 #if CPU(ARM_TRADITIONAL)2582 push(ARMRegisters::r8); // scratch register2583 #endif2584 if (compileMode == IncludeSubpatterns)2585 move(ARMRegisters::r3, output);2586 2581 #elif CPU(SH4) 2587 2582 push(SH4Registers::r11); … … 2609 2604 pop(X86Registers::ebp); 2610 2605 #elif CPU(ARM) 2611 #if CPU(ARM_TRADITIONAL)2612 pop(ARMRegisters::r8); // scratch register2613 #endif2614 2606 pop(ARMRegisters::r6); 2615 2607 pop(ARMRegisters::r5);
Note: See TracChangeset
for help on using the changeset viewer.