Changeset 252975 in webkit
- Timestamp:
- Dec 1, 2019 6:57:43 PM (4 years ago)
- Location:
- trunk
- Files:
-
- 6 edited
-
JSTests/ChangeLog (modified) (1 diff)
-
JSTests/stress/has-instance-exception-check.js (modified) (1 diff)
-
JSTests/stress/regress-176485.js (modified) (1 diff)
-
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
-
Source/JavaScriptCore/jit/ThunkGenerators.cpp (modified) (2 diffs)
-
Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r252964 r252975 1 2019-12-01 Caio Lima <ticaiolima@gmail.com> 2 3 [JSC][MIPS] CallFrame is being clobbered on InternalFunction execution 4 https://bugs.webkit.org/show_bug.cgi?id=203739 5 6 Reviewed by Saam Barati. 7 8 * stress/has-instance-exception-check.js: 9 * stress/regress-176485.js: 10 1 11 2019-11-30 Ross Kirsling <ross.kirsling@sony.com> 2 12 -
trunk/JSTests/stress/has-instance-exception-check.js
r251923 r252975 1 //@ skip if $architecture == "mips"2 3 1 function assert(b) { 4 2 if (!b) -
trunk/JSTests/stress/regress-176485.js
r251923 r252975 1 //@ skip if $architecture == "mips"2 3 1 var exception; 4 2 try { -
trunk/Source/JavaScriptCore/ChangeLog
r252974 r252975 1 2019-12-01 Caio Lima <ticaiolima@gmail.com> 2 3 [JSC][MIPS] CallFrame is being clobbered on InternalFunction execution 4 https://bugs.webkit.org/show_bug.cgi?id=203739 5 6 Reviewed by Saam Barati. 7 8 MIPS calling conventions requires that we have stack space reserved 9 for 4 (16-bytes) arguments ($a0-$a3). The caller doesn't use 10 this space, but callee can still use it in case where they need to save 11 arguments or even reuse to another allocation. Since we were not 12 allocationg it during `makeHostFunctionCall`, the caller frame slot 13 was being clobberred by `callGenericTypedArrayView` execution, 14 resulting in a corrupted call frame stack. This patch is adjusting 15 this convention into ThunkGenerator and on `makeHostFunctionCall`. 16 17 * jit/ThunkGenerators.cpp: 18 (JSC::nativeForGenerator): 19 * llint/LowLevelInterpreter32_64.asm: 20 1 21 2019-12-01 Caio Lima <ticaiolima@gmail.com> 2 22 -
trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp
r251518 r252975 327 327 // Allocate space on stack for the 4 parameter registers. 328 328 jit.subPtr(JSInterfaceJIT::TrustedImm32(4 * sizeof(int64_t)), JSInterfaceJIT::stackPointerRegister); 329 #elif CPU(MIPS) 330 // Allocate stack space for (unused) 16 bytes (8-byte aligned) for 4 arguments. 331 jit.subPtr(CCallHelpers::TrustedImm32(16), CCallHelpers::stackPointerRegister); 329 332 #endif 330 333 jit.move(CCallHelpers::TrustedImmPtr(&vm), JSInterfaceJIT::argumentGPR0); … … 333 336 #if OS(WINDOWS) 334 337 jit.addPtr(JSInterfaceJIT::TrustedImm32(4 * sizeof(int64_t)), JSInterfaceJIT::stackPointerRegister); 338 #elif CPU(MIPS) 339 jit.addPtr(CCallHelpers::TrustedImm32(16), CCallHelpers::stackPointerRegister); 335 340 #endif 336 341 -
trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
r252789 r252975 353 353 call temp1 354 354 addp 8, sp 355 elsif MIPS 356 move sp, a1 357 # We need to allocate stack space for 16 bytes (8-byte aligned) 358 # for 4 arguments, since callee can use this space. 359 subp 16, sp 360 loadp ProtoCallFrame::globalObject[protoCallFrame], a0 361 call temp1 362 addp 16, sp 355 363 else 356 364 loadp ProtoCallFrame::globalObject[protoCallFrame], a0
Note: See TracChangeset
for help on using the changeset viewer.
