Modified: trunk/Source/_javascript_Core/ChangeLog (146395 => 146396)
--- trunk/Source/_javascript_Core/ChangeLog 2013-03-20 22:05:08 UTC (rev 146395)
+++ trunk/Source/_javascript_Core/ChangeLog 2013-03-20 22:07:23 UTC (rev 146396)
@@ -1,3 +1,24 @@
+2013-03-20 Zoltan Herczeg <[email protected]>
+
+ ARMv7 replaceWithJump ASSERT failure after r135330.
+ https://bugs.webkit.org/show_bug.cgi?id=103146
+
+ Reviewed by Filip Pizlo.
+
+ On Linux, the 24 bit distance range of jumps sometimes does not
+ enough to cover all targets addresses. This patch supports jumps
+ outside of this range using a mov/movt/bx 10 byte long sequence.
+
+ * assembler/ARMv7Assembler.h:
+ (ARMv7Assembler):
+ (JSC::ARMv7Assembler::revertJumpTo_movT3movtcmpT2):
+ (JSC::ARMv7Assembler::nopw):
+ (JSC::ARMv7Assembler::label):
+ (JSC::ARMv7Assembler::replaceWithJump):
+ (JSC::ARMv7Assembler::maxJumpReplacementSize):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::revertJumpReplacementToBranchPtrWithPatch):
+
2013-03-20 Mark Hahnenberg <[email protected]>
Objective-C API: Fix over-releasing in allocateConstructorAndPrototypeWithSuperClassInfo:
Modified: trunk/Source/_javascript_Core/assembler/ARMv7Assembler.h (146395 => 146396)
--- trunk/Source/_javascript_Core/assembler/ARMv7Assembler.h 2013-03-20 22:05:08 UTC (rev 146395)
+++ trunk/Source/_javascript_Core/assembler/ARMv7Assembler.h 2013-03-20 22:07:23 UTC (rev 146396)
@@ -1266,6 +1266,20 @@
m_formatter.twoWordOp5i6Imm4Reg4EncodedImm(OP_MOV_imm_T3, imm.m_value.imm4, rd, imm);
}
+#if OS(LINUX)
+ static void revertJumpTo_movT3movtcmpT2(void* instructionStart, RegisterID left, RegisterID right, uintptr_t imm)
+ {
+ uint16_t* address = static_cast<uint16_t*>(instructionStart);
+ ARMThumbImmediate lo16 = ARMThumbImmediate::makeUInt16(static_cast<uint16_t>(imm));
+ ARMThumbImmediate hi16 = ARMThumbImmediate::makeUInt16(static_cast<uint16_t>(imm >> 16));
+ address[0] = twoWordOp5i6Imm4Reg4EncodedImmFirst(OP_MOV_imm_T3, lo16);
+ address[1] = twoWordOp5i6Imm4Reg4EncodedImmSecond(right, lo16);
+ address[2] = twoWordOp5i6Imm4Reg4EncodedImmFirst(OP_MOVT, hi16);
+ address[3] = twoWordOp5i6Imm4Reg4EncodedImmSecond(right, hi16);
+ address[4] = OP_CMP_reg_T2 | left;
+ cacheFlush(address, sizeof(uint16_t) * 5);
+ }
+#else
static void revertJumpTo_movT3(void* instructionStart, RegisterID rd, ARMThumbImmediate imm)
{
ASSERT(imm.isValid());
@@ -1277,6 +1291,7 @@
address[1] = twoWordOp5i6Imm4Reg4EncodedImmSecond(rd, imm);
cacheFlush(address, sizeof(uint16_t) * 2);
}
+#endif
ALWAYS_INLINE void mov(RegisterID rd, ARMThumbImmediate imm)
{
@@ -1882,7 +1897,12 @@
{
m_formatter.oneWordOp8Imm8(OP_NOP_T1, 0);
}
-
+
+ void nopw()
+ {
+ m_formatter.twoWordOp16Op16(OP_NOP_T2a, OP_NOP_T2b);
+ }
+
AssemblerLabel labelIgnoringWatchpoints()
{
return m_formatter.label();
@@ -1902,7 +1922,10 @@
{
AssemblerLabel result = m_formatter.label();
while (UNLIKELY(static_cast<int>(result.m_offset) < m_indexOfTailOfLastWatchpoint)) {
- nop();
+ if (UNLIKELY(static_cast<int>(result.m_offset) + 4 <= m_indexOfTailOfLastWatchpoint))
+ nopw();
+ else
+ nop();
result = m_formatter.label();
}
return result;
@@ -2160,15 +2183,31 @@
{
ASSERT(!(bitwise_cast<uintptr_t>(instructionStart) & 1));
ASSERT(!(bitwise_cast<uintptr_t>(to) & 1));
+
+#if OS(LINUX)
+ if (canBeJumpT4(reinterpret_cast<uint16_t*>(instructionStart), to)) {
+ uint16_t* ptr = reinterpret_cast<uint16_t*>(instructionStart) + 2;
+ linkJumpT4(ptr, to);
+ cacheFlush(ptr - 2, sizeof(uint16_t) * 2);
+ } else {
+ uint16_t* ptr = reinterpret_cast<uint16_t*>(instructionStart) + 5;
+ linkBX(ptr, to);
+ cacheFlush(ptr - 5, sizeof(uint16_t) * 5);
+ }
+#else
uint16_t* ptr = reinterpret_cast<uint16_t*>(instructionStart) + 2;
-
linkJumpT4(ptr, to);
cacheFlush(ptr - 2, sizeof(uint16_t) * 2);
+#endif
}
static ptrdiff_t maxJumpReplacementSize()
{
+#if OS(LINUX)
+ return 10;
+#else
return 4;
+#endif
}
static void replaceWithLoad(void* instructionStart)
Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerARMv7.h (146395 => 146396)
--- trunk/Source/_javascript_Core/assembler/MacroAssemblerARMv7.h 2013-03-20 22:05:08 UTC (rev 146395)
+++ trunk/Source/_javascript_Core/assembler/MacroAssemblerARMv7.h 2013-03-20 22:07:23 UTC (rev 146396)
@@ -1773,9 +1773,14 @@
return label.labelAtOffset(-twoWordOpSize * 2);
}
- static void revertJumpReplacementToBranchPtrWithPatch(CodeLocationLabel instructionStart, RegisterID, void* initialValue)
+ static void revertJumpReplacementToBranchPtrWithPatch(CodeLocationLabel instructionStart, RegisterID rd, void* initialValue)
{
+#if OS(LINUX)
+ ARMv7Assembler::revertJumpTo_movT3movtcmpT2(instructionStart.dataLocation(), rd, dataTempRegister, reinterpret_cast<uintptr_t>(initialValue));
+#else
+ UNUSED_PARAM(rd);
ARMv7Assembler::revertJumpTo_movT3(instructionStart.dataLocation(), dataTempRegister, ARMThumbImmediate::makeUInt16(reinterpret_cast<uintptr_t>(initialValue) & 0xffff));
+#endif
}
static CodeLocationLabel startOfPatchableBranchPtrWithPatchOnAddress(CodeLocationDataLabelPtr)
