Skip to site navigation (Press enter)

[webkit-changes] [205173] tags/Safari-603.1.3.0.1/Source/JavaScriptCore

bshafiei Mon, 29 Aug 2016 23:08:36 -0700

Title: [205173] tags/Safari-603.1.3.0.1/Source/_javascript_Core

Revision: 205173
Author: [email protected]
Date: 2016-08-29 23:07:44 -0700 (Mon, 29 Aug 2016)

Log Message

Merged r204897.  rdar://problem/28062188


Modified Paths

tags/Safari-603.1.3.0.1/Source/_javascript_Core/ChangeLog
tags/Safari-603.1.3.0.1/Source/_javascript_Core/jit/AssemblyHelpers.h

Diff

Modified: tags/Safari-603.1.3.0.1/Source/_javascript_Core/ChangeLog (205172 => 205173)


--- tags/Safari-603.1.3.0.1/Source/_javascript_Core/ChangeLog	2016-08-30 05:56:25 UTC (rev 205172)
+++ tags/Safari-603.1.3.0.1/Source/_javascript_Core/ChangeLog	2016-08-30 06:07:44 UTC (rev 205173)
@@ -1,3 +1,23 @@
+2016-08-29  Babak Shafiei  <[email protected]>
+
+        Merge r204897.
+
+    2016-08-24  Filip Pizlo  <[email protected]>
+
+            AssemblyHelpers::emitAllocateWithNonNullAllocator() crashes in the FTL on ARM64
+            https://bugs.webkit.org/show_bug.cgi?id=161138
+            rdar://problem/27985868
+
+            Reviewed by Saam Barati.
+
+            The FTL expects that this method can be used with scratch registers disallowed, but it
+            uses addPtr(Addr, Reg).
+
+            The solution is to only use addPtr(Addr, Reg) on x86.
+
+            * jit/AssemblyHelpers.h:
+            (JSC::AssemblyHelpers::emitAllocateWithNonNullAllocator):
+
 2016-08-23  Ryan Haddad  <[email protected]>
 
         Rebaseline builtins-generator-tests after r204854.

Modified: tags/Safari-603.1.3.0.1/Source/_javascript_Core/jit/AssemblyHelpers.h (205172 => 205173)


--- tags/Safari-603.1.3.0.1/Source/_javascript_Core/jit/AssemblyHelpers.h	2016-08-30 05:56:25 UTC (rev 205172)
+++ tags/Safari-603.1.3.0.1/Source/_javascript_Core/jit/AssemblyHelpers.h	2016-08-30 06:07:44 UTC (rev 205173)
@@ -1432,7 +1432,13 @@
         }
         negPtr(resultGPR);
         store32(scratchGPR, Address(allocatorGPR, MarkedAllocator::offsetOfFreeList() + OBJECT_OFFSETOF(FreeList, remaining)));
-        addPtr(Address(allocatorGPR, MarkedAllocator::offsetOfFreeList() + OBJECT_OFFSETOF(FreeList, payloadEnd)), resultGPR);
+        Address payloadEndAddr = Address(allocatorGPR, MarkedAllocator::offsetOfFreeList() + OBJECT_OFFSETOF(FreeList, payloadEnd));
+        if (isX86())
+            addPtr(payloadEndAddr, resultGPR);
+        else {
+            loadPtr(payloadEndAddr, scratchGPR);
+            addPtr(scratchGPR, resultGPR);
+        }
         
         done = jump();

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes