Changeset 159376 in webkit


Ignore:
Timestamp:
Nov 15, 2013 7:25:45 PM (10 years ago)
Author:
commit-queue@webkit.org
Message:

[Win] JavaScript crashes on 64-bit with JIT enabled.
https://bugs.webkit.org/show_bug.cgi?id=124409

Patch by peavo@outlook.com <peavo@outlook.com> on 2013-11-15
Reviewed by Michael Saboff.

These are issues found with JIT on 64-bit:

  • The registers rsi and rdi in callToJavaScript needs to be saved and restored. This is required by the Windows 64-bit ABI.
  • The getHostCallReturnValue function needs to be updated according to it's GCC counterpart.
  • The poke argument offset needs to be 20h, because Windows 64-bit ABI requires stack space allocated for the 4 argument registers.
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Re-added JITStubsMSVC64.asm to project.
  • jit/CCallHelpers.h: Set poke argument offset.

(JSC::CCallHelpers::setupArguments): Compile fix, added needed method.

  • jit/JITStubsMSVC64.asm: Save and restore registers rsi and rdi.

Update getHostCallReturnValue according to the GCC version.

Location:
trunk/Source/JavaScriptCore
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r159369 r159376  
     12013-11-15  peavo@outlook.com  <peavo@outlook.com>
     2
     3        [Win] JavaScript crashes on 64-bit with JIT enabled.
     4        https://bugs.webkit.org/show_bug.cgi?id=124409
     5
     6        Reviewed by Michael Saboff.
     7
     8        These are issues found with JIT on 64-bit:
     9        - The registers rsi and rdi in callToJavaScript needs to be saved and restored. This is required by the Windows 64-bit ABI.
     10        - The getHostCallReturnValue function needs to be updated according to it's GCC counterpart.
     11        - The poke argument offset needs to be 20h, because Windows 64-bit ABI requires stack space allocated for the 4 argument registers.
     12
     13        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Re-added JITStubsMSVC64.asm to project.
     14        * jit/CCallHelpers.h: Set poke argument offset.
     15        (JSC::CCallHelpers::setupArguments): Compile fix, added needed method.
     16        * jit/JITStubsMSVC64.asm: Save and restore registers rsi and rdi.
     17                                  Update getHostCallReturnValue according to the GCC version.
     18
    1192013-11-14  David Farler  <dfarler@apple.com>
    220

  • trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj

    r159360 r159376  
    13111311    <MASM Include="..\jit\JITStubsMSVC64.asm">
    13121312      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release_WinCairo|Win32'">true</ExcludedFromBuild>
    1313       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release_WinCairo|x64'">true</ExcludedFromBuild>
    13141313      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>
    1315       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
    13161314      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Production|Win32'">true</ExcludedFromBuild>
    13171315      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Production|x64'">true</ExcludedFromBuild>
    13181316      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug_WinCairo|Win32'">true</ExcludedFromBuild>
    1319       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug_WinCairo|x64'">true</ExcludedFromBuild>
    13201317      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
    1321       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
    13221318      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DebugSuffix|Win32'">true</ExcludedFromBuild>
    13231319      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DebugSuffix|x64'">true</ExcludedFromBuild>

  • trunk/Source/JavaScriptCore/jit/CCallHelpers.h

    r158830 r159376  
    731731    }
    732732
    733 #if CPU(MIPS)
     733#if CPU(MIPS) || (OS(WINDOWS) && CPU(X86_64))
    734734#define POKE_ARGUMENT_OFFSET 4
    735735#else
     
    14861486        poke(arg4, POKE_ARGUMENT_OFFSET);
    14871487        setupArgumentsWithExecState(arg1, arg2, arg3);
     1488    }
     1489
     1490    ALWAYS_INLINE void setupArguments(GPRReg arg1, GPRReg arg2, TrustedImmPtr arg3, TrustedImm32 arg4, GPRReg arg5)
     1491    {
     1492        poke(arg5, POKE_ARGUMENT_OFFSET);
     1493        setupTwoStubArgsGPR<GPRInfo::argumentGPR0, GPRInfo::argumentGPR1>(arg1, arg2);
     1494        move(arg3, GPRInfo::argumentGPR2);
     1495        move(arg4, GPRInfo::argumentGPR3);
    14881496    }
    14891497#endif // NUMBER_OF_ARGUMENT_REGISTERS == 4

  • trunk/Source/JavaScriptCore/jit/JITStubsMSVC64.asm

    r159346 r159376  
    3333
    3434callToJavaScript PROC
    35     mov r10, qword ptr[sp]
     35    mov r10, qword ptr[rsp]
    3636    push rbp
    3737    mov rax, rbp ; Save previous frame pointer
     
    4242    push r15
    4343    push rbx
     44    push rsi
     45    push rdi
    4446
    4547    ; JIT operations can use up to 6 args (4 in registers and 2 on the stack).
     
    5658    call rcx
    5759    add rsp, 28h
     60    pop rdi
     61    pop rsi
    5862    pop rbx
    5963    pop r15
     
    6771returnFromJavaScript PROC
    6872    add rsp, 28h
     73    pop rdi
     74    pop rsi
    6975    pop rbx
    7076    pop r15
     
    7783       
    7884getHostCallReturnValue PROC
    79     sub r13, 40
    80     mov r13, rdi
     85    mov rbp, [rbp] ; CallFrame
     86    mov rcx, rbp ; rcx is first argument register on Windows
    8187    jmp getHostCallReturnValueWithExecState
    8288getHostCallReturnValue ENDP
Note: See TracChangeset for help on using the changeset viewer.