Title: [204897] trunk/Source/_javascript_Core
- Revision
- 204897
- Author
- [email protected]
- Date
- 2016-08-24 09:23:41 -0700 (Wed, 24 Aug 2016)
Log Message
AssemblyHelpers::emitAllocateWithNonNullAllocator() crashes in the FTL on ARM64
https://bugs.webkit.org/show_bug.cgi?id=161138
rdar://problem/27985868
Reviewed by Saam Barati.
The FTL expects that this method can be used with scratch registers disallowed, but it
uses addPtr(Addr, Reg).
The solution is to only use addPtr(Addr, Reg) on x86.
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::emitAllocateWithNonNullAllocator):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (204896 => 204897)
--- trunk/Source/_javascript_Core/ChangeLog 2016-08-24 16:22:37 UTC (rev 204896)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-08-24 16:23:41 UTC (rev 204897)
@@ -1,3 +1,19 @@
+2016-08-24 Filip Pizlo <[email protected]>
+
+ AssemblyHelpers::emitAllocateWithNonNullAllocator() crashes in the FTL on ARM64
+ https://bugs.webkit.org/show_bug.cgi?id=161138
+ rdar://problem/27985868
+
+ Reviewed by Saam Barati.
+
+ The FTL expects that this method can be used with scratch registers disallowed, but it
+ uses addPtr(Addr, Reg).
+
+ The solution is to only use addPtr(Addr, Reg) on x86.
+
+ * jit/AssemblyHelpers.h:
+ (JSC::AssemblyHelpers::emitAllocateWithNonNullAllocator):
+
2016-08-24 Skachkov Oleksandr <[email protected]>
[ES2016] Allow assignment in for-in head in not-strict mode
Modified: trunk/Source/_javascript_Core/jit/AssemblyHelpers.h (204896 => 204897)
--- trunk/Source/_javascript_Core/jit/AssemblyHelpers.h 2016-08-24 16:22:37 UTC (rev 204896)
+++ trunk/Source/_javascript_Core/jit/AssemblyHelpers.h 2016-08-24 16:23:41 UTC (rev 204897)
@@ -1432,7 +1432,13 @@
}
negPtr(resultGPR);
store32(scratchGPR, Address(allocatorGPR, MarkedAllocator::offsetOfFreeList() + OBJECT_OFFSETOF(FreeList, remaining)));
- addPtr(Address(allocatorGPR, MarkedAllocator::offsetOfFreeList() + OBJECT_OFFSETOF(FreeList, payloadEnd)), resultGPR);
+ Address payloadEndAddr = Address(allocatorGPR, MarkedAllocator::offsetOfFreeList() + OBJECT_OFFSETOF(FreeList, payloadEnd));
+ if (isX86())
+ addPtr(payloadEndAddr, resultGPR);
+ else {
+ loadPtr(payloadEndAddr, scratchGPR);
+ addPtr(scratchGPR, resultGPR);
+ }
done = jump();
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
