Skip to site navigation (Press enter)

[webkit-changes] [213299] trunk/Source/JavaScriptCore

keith_miller Thu, 02 Mar 2017 13:22:01 -0800

Title: [213299] trunk/Source/_javascript_Core

Revision: 213299
Author: [email protected]
Date: 2017-03-02 13:22:01 -0800 (Thu, 02 Mar 2017)

Log Message

Fix addressing mode for B3WasmAddress
https://bugs.webkit.org/show_bug.cgi?id=169092


Reviewed by Filip Pizlo.

Fix the potential addressing modes for B3WasmAddress. ARM does not
support a base + index*1 + offset addressing mode. I think when I
read it the first time I assumed it would always work on both ARM
and X86. While true for X86 it's not true for ARM.

* b3/B3LowerToAir.cpp:
(JSC::B3::Air::LowerToAir::effectiveAddr):

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/b3/B3LowerToAir.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (213298 => 213299)


--- trunk/Source/_javascript_Core/ChangeLog	2017-03-02 20:52:08 UTC (rev 213298)
+++ trunk/Source/_javascript_Core/ChangeLog	2017-03-02 21:22:01 UTC (rev 213299)
@@ -1,3 +1,18 @@
+2017-03-02  Keith Miller  <[email protected]>
+
+        Fix addressing mode for B3WasmAddress
+        https://bugs.webkit.org/show_bug.cgi?id=169092
+
+        Reviewed by Filip Pizlo.
+
+        Fix the potential addressing modes for B3WasmAddress. ARM does not
+        support a base + index*1 + offset addressing mode. I think when I
+        read it the first time I assumed it would always work on both ARM
+        and X86. While true for X86 it's not true for ARM.
+
+        * b3/B3LowerToAir.cpp:
+        (JSC::B3::Air::LowerToAir::effectiveAddr):
+
 2017-03-02  Mark Lam  <[email protected]>
 
         Add support for selective handling of VM traps.

Modified: trunk/Source/_javascript_Core/b3/B3LowerToAir.cpp (213298 => 213299)


--- trunk/Source/_javascript_Core/b3/B3LowerToAir.cpp	2017-03-02 20:52:08 UTC (rev 213298)
+++ trunk/Source/_javascript_Core/b3/B3LowerToAir.cpp	2017-03-02 21:22:01 UTC (rev 213299)
@@ -512,8 +512,7 @@
         case WasmAddress: {
             WasmAddressValue* wasmAddress = address->as<WasmAddressValue>();
             Value* pointer = wasmAddress->child(0);
-            ASSERT(Arg::isValidIndexForm(1, offset, width));
-            if (m_locked.contains(pointer))
+            if (!Arg::isValidIndexForm(1, offset, width) || m_locked.contains(pointer))
                 return fallback();
 
             // FIXME: We should support ARM64 LDR 32-bit addressing, which will

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes