Title: [226869] branches/safari-605-branch/Source/_javascript_Core
- Revision
- 226869
- Author
- jmarc...@apple.com
- Date
- 2018-01-11 22:30:57 -0800 (Thu, 11 Jan 2018)
Log Message
Cherry-pick r226788. rdar://problem/36450828
Modified Paths
Diff
Modified: branches/safari-605-branch/Source/_javascript_Core/ChangeLog (226868 => 226869)
--- branches/safari-605-branch/Source/_javascript_Core/ChangeLog 2018-01-12 06:30:55 UTC (rev 226868)
+++ branches/safari-605-branch/Source/_javascript_Core/ChangeLog 2018-01-12 06:30:57 UTC (rev 226869)
@@ -1,5 +1,22 @@
2018-01-11 Jason Marcell <jmarc...@apple.com>
+ Cherry-pick r226788. rdar://problem/36450828
+
+ 2018-01-11 Michael Saboff <msab...@apple.com>
+
+ Ensure there are no unsafe uses of MacroAssemblerARM64::dataTempRegister
+ https://bugs.webkit.org/show_bug.cgi?id=181512
+
+ Reviewed by Saam Barati.
+
+ * assembler/MacroAssemblerARM64.h:
+ (JSC::MacroAssemblerARM64::abortWithReason):
+ (JSC::MacroAssemblerARM64::pushToSaveImmediateWithoutTouchingRegisters):
+ All current uses of dataTempRegister in these functions are safe, but it makes sense to
+ fix them in case they might be used elsewhere.
+
+2018-01-11 Jason Marcell <jmarc...@apple.com>
+
Cherry-pick r226778. rdar://problem/36450800
2018-01-11 Michael Saboff <msab...@apple.com>
Modified: branches/safari-605-branch/Source/_javascript_Core/assembler/MacroAssemblerARM64.h (226868 => 226869)
--- branches/safari-605-branch/Source/_javascript_Core/assembler/MacroAssemblerARM64.h 2018-01-12 06:30:55 UTC (rev 226868)
+++ branches/safari-605-branch/Source/_javascript_Core/assembler/MacroAssemblerARM64.h 2018-01-12 06:30:57 UTC (rev 226869)
@@ -1105,13 +1105,13 @@
void abortWithReason(AbortReason reason)
{
- move(TrustedImm32(reason), dataTempRegister);
+ move(TrustedImm32(reason), getCachedDataTempRegisterIDAndInvalidate());
breakpoint();
}
void abortWithReason(AbortReason reason, intptr_t misc)
{
- move(TrustedImm64(misc), memoryTempRegister);
+ move(TrustedImm64(misc), getCachedMemoryTempRegisterIDAndInvalidate());
abortWithReason(reason);
}
@@ -2201,7 +2201,7 @@
void pushToSaveImmediateWithoutTouchingRegisters(TrustedImm32 imm)
{
- RegisterID reg = dataTempRegister;
+ RegisterID reg = getCachedDataTempRegisterIDAndInvalidate();
pushPair(reg, reg);
move(imm, reg);
store64(reg, stackPointerRegister);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes