[webkit-changes] [228758] releases/WebKitGTK/webkit-2.20/Source/JavaScriptCore

[carlosgc]

Title: [228758] releases/WebKitGTK/webkit-2.20/Source/_javascript_Core

Revision

228758

Author

carlo...@webkit.org

Date

2018-02-20 00:51:43 -0800 (Tue, 20 Feb 2018)

Log Message

Merge r228436 - [YarrJIT][ARM] We need to save r8 as it is the initial start register
https://bugs.webkit.org/show_bug.cgi?id=182157

Reviewed by Saam Barati.

Register r8 is the initial start register since r224172, so we need to
save it. We still need to save r6 as well even though it is not the
initial start register any more, since it is used by the
MacroAssembler which we use (we get crashes in some situations if we
don't save r6). This issue was discovered because
stress/regress-174044.js crashes on a raspberry pi 2 when compiled in
-O2.

* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::generateEnter):
(JSC::Yarr::YarrGenerator::generateReturn):

Modified Paths

• releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/ChangeLog
• releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/yarr/YarrJIT.cpp

Diff

Modified: releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/ChangeLog (228757 => 228758)

--- releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/ChangeLog	2018-02-20 08:51:39 UTC (rev 228757)
+++ releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/ChangeLog	2018-02-20 08:51:43 UTC (rev 228758)
@@ -1,3 +1,22 @@
+2018-02-13  Guillaume Emont  <guijem...@igalia.com>
+
+        [YarrJIT][ARM] We need to save r8 as it is the initial start register
+        https://bugs.webkit.org/show_bug.cgi?id=182157
+
+        Reviewed by Saam Barati.
+
+        Register r8 is the initial start register since r224172, so we need to
+        save it. We still need to save r6 as well even though it is not the
+        initial start register any more, since it is used by the
+        MacroAssembler which we use (we get crashes in some situations if we
+        don't save r6). This issue was discovered because
+        stress/regress-174044.js crashes on a raspberry pi 2 when compiled in
+        -O2.
+
+        * yarr/YarrJIT.cpp:
+        (JSC::Yarr::YarrGenerator::generateEnter):
+        (JSC::Yarr::YarrGenerator::generateReturn):
+
 2018-02-13  Caitlin Potter  <ca...@igalia.com>
 
         [JSC] cache TaggedTemplate arrays by callsite rather than by contents

Modified: releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/yarr/YarrJIT.cpp (228757 => 228758)

--- releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/yarr/YarrJIT.cpp	2018-02-20 08:51:39 UTC (rev 228757)
+++ releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/yarr/YarrJIT.cpp	2018-02-20 08:51:43 UTC (rev 228758)
@@ -3334,6 +3334,7 @@
         push(ARMRegisters::r4);
         push(ARMRegisters::r5);
         push(ARMRegisters::r6);
+        push(ARMRegisters::r8);
 #elif CPU(MIPS)
         // Do nothing.
 #endif
@@ -3381,6 +3382,7 @@
         if (m_decodeSurrogatePairs)
             popPair(framePointerRegister, linkRegister);
 #elif CPU(ARM)
+        pop(ARMRegisters::r8);
         pop(ARMRegisters::r6);
         pop(ARMRegisters::r5);
         pop(ARMRegisters::r4);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes