Changeset 162460 in webkit

Timestamp:

Jan 21, 2014 12:19:59 PM (10 years ago)

Author:

mhahnenberg@apple.com

Message:

Registers used in writeBarrierOnOperand can cause clobbering on some platforms
​https://bugs.webkit.org/show_bug.cgi?id=127357

Reviewed by Filip Pizlo.

Some platforms use t0 and t1 for their first two arguments, so using those to load the
cell for the write barrier is a bad idea because it will get clobbered.

• llint/LowLevelInterpreter32_64.asm:
• llint/LowLevelInterpreter64.asm:

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• llint/LowLevelInterpreter32_64.asm (modified) (4 diffs)
• llint/LowLevelInterpreter64.asm (modified) (2 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2014-01-21  Mark Hahnenberg  <mhahnenberg@apple.com>
+
+        Registers used in writeBarrierOnOperand can cause clobbering on some platforms
+        https://bugs.webkit.org/show_bug.cgi?id=127357
+
+        Reviewed by Filip Pizlo.
+
+        Some platforms use t0 and t1 for their first two arguments, so using those to load the 
+        cell for the write barrier is a bad idea because it will get clobbered.
+
+        * llint/LowLevelInterpreter32_64.asm:
+        * llint/LowLevelInterpreter64.asm:
+
 2014-01-21  Mark Rowe  <mrowe@apple.com>
 

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

@@ -495 +495 @@
     if GGC
         loadisFromInstruction(cellOperand, t1)
-        loadConstantOrVariablePayload(t1, CellTag, t0, .writeBarrierDone)
-        checkMarkByte(t0, t1, t2, 
+        loadConstantOrVariablePayload(t1, CellTag, t2, .writeBarrierDone)
+        checkMarkByte(t2, t1, t3, 
             macro(marked)
                 btbz marked, .writeBarrierDone
@@ -502 +502 @@
                 # We make two extra slots because cCall2 will poke.
                 subp 8, sp
-                cCall2(_llint_write_barrier_slow, cfr, t0)
+                cCall2(_llint_write_barrier_slow, cfr, t2)
                 addp 8, sp
                 pop PC, cfr
@@ -527 +527 @@
         bineq t0, CellTag, .writeBarrierDone
     
-        loadp CodeBlock[cfr], t0
-        loadp CodeBlock::m_globalObject[t0], t0
-        checkMarkByte(t0, t1, t2,
+        loadp CodeBlock[cfr], t3
+        loadp CodeBlock::m_globalObject[t3], t3
+        checkMarkByte(t3, t1, t2,
             macro(marked)
                 btbz marked, .writeBarrierDone
@@ -535 +535 @@
                 # We make two extra slots because cCall2 will poke.
                 subp 8, sp
-                cCall2(_llint_write_barrier_slow, cfr, t0)
+                cCall2(_llint_write_barrier_slow, cfr, t3)
                 addp 8, sp
                 pop PC, cfr

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

@@ -335 +335 @@
     if GGC
         loadisFromInstruction(cellOperand, t1)
-        loadConstantOrVariableCell(t1, t0, .writeBarrierDone)
-        checkMarkByte(t0, t1, t2, 
+        loadConstantOrVariableCell(t1, t2, .writeBarrierDone)
+        checkMarkByte(t2, t1, t3, 
             macro(marked)
                 btbz marked, .writeBarrierDone
                 push PB, PC
-                cCall2(_llint_write_barrier_slow, cfr, t0)
+                cCall2(_llint_write_barrier_slow, cfr, t2)
                 pop PC, PB
             end
@@ -365 +365 @@
         btpz t0, .writeBarrierDone
     
-        loadp CodeBlock[cfr], t0
-        loadp CodeBlock::m_globalObject[t0], t0
-        checkMarkByte(t0, t1, t2,
+        loadp CodeBlock[cfr], t3
+        loadp CodeBlock::m_globalObject[t3], t3
+        checkMarkByte(t3, t1, t2,
             macro(marked)
                 btbz marked, .writeBarrierDone
                 push PB, PC
-                cCall2(_llint_write_barrier_slow, cfr, t0)
+                cCall2(_llint_write_barrier_slow, cfr, t3)
                 pop PC, PB
             end