Changeset 159748 in webkit


Ignore:
Timestamp:
Nov 25, 2013 7:28:45 AM (10 years ago)
Author:
commit-queue@webkit.org
Message:

[arm][mips] Fix crash in dfg-arrayify-elimination layout jsc test.
https://bugs.webkit.org/show_bug.cgi?id=124839

Patch by Julien Brianceau <jbriance@cisco.com> on 2013-11-25
Reviewed by Michael Saboff.

In ARM EABI and MIPS, 64-bit values have to be aligned on stack too.

  • jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArgumentsWithExecState):

  • jit/JITInlines.h:

(JSC::JIT::callOperation): Add missing EABI_32BIT_DUMMY_ARG.

Location:
trunk/Source/JavaScriptCore
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/ChangeLog

    r159736 r159748  
     12013-11-25  Julien Brianceau  <jbriance@cisco.com>
     2
     3        [arm][mips] Fix crash in dfg-arrayify-elimination layout jsc test.
     4        https://bugs.webkit.org/show_bug.cgi?id=124839
     5
     6        Reviewed by Michael Saboff.
     7
     8        In ARM EABI and MIPS, 64-bit values have to be aligned on stack too.
     9
     10        * jit/CCallHelpers.h:
     11        (JSC::CCallHelpers::setupArgumentsWithExecState):
     12        * jit/JITInlines.h:
     13        (JSC::JIT::callOperation): Add missing EABI_32BIT_DUMMY_ARG.
     14
    1152013-11-23  Filip Pizlo  <fpizlo@apple.com>
    216
  • trunk/Source/JavaScriptCore/jit/CCallHelpers.h

    r159376 r159748  
    14881488    }
    14891489
     1490    ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImm32 arg1, GPRReg arg2, GPRReg arg3, TrustedImm32 arg4, TrustedImm32 arg5, GPRReg arg6, GPRReg arg7)
     1491    {
     1492        poke(arg7, POKE_ARGUMENT_OFFSET + 3);
     1493        poke(arg6, POKE_ARGUMENT_OFFSET + 2);
     1494        poke(arg5, POKE_ARGUMENT_OFFSET + 1);
     1495        poke(arg4, POKE_ARGUMENT_OFFSET);
     1496        setupArgumentsWithExecState(arg1, arg2, arg3);
     1497    }
     1498
    14901499    ALWAYS_INLINE void setupArguments(GPRReg arg1, GPRReg arg2, TrustedImmPtr arg3, TrustedImm32 arg4, GPRReg arg5)
    14911500    {
  • trunk/Source/JavaScriptCore/jit/JITInlines.h

    r159091 r159748  
    524524ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(V_JITOperation_EJZJ operation, RegisterID regOp1Tag, RegisterID regOp1Payload, int32_t op2, RegisterID regOp3Tag, RegisterID regOp3Payload)
    525525{
    526     setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG regOp1Payload, regOp1Tag, TrustedImm32(op2), regOp3Payload, regOp3Tag);
     526    setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG regOp1Payload, regOp1Tag, TrustedImm32(op2), EABI_32BIT_DUMMY_ARG regOp3Payload, regOp3Tag);
    527527    return appendCallWithExceptionCheck(operation);
    528528}
Note: See TracChangeset for help on using the changeset viewer.