Title: [153371] trunk/Source/_javascript_Core
- Revision
- 153371
- Author
- [email protected]
- Date
- 2013-07-26 07:41:55 -0700 (Fri, 26 Jul 2013)
Log Message
REGRESSION(FTL): Fix lots of crashes in sh4 baseline JIT.
https://bugs.webkit.org/show_bug.cgi?id=119148
Patch by Julien Brianceau <[email protected]> on 2013-07-26
Reviewed by Csaba Osztrogonác.
* jit/JSInterfaceJIT.h: "secondArgumentRegister" is wrong for sh4.
* llint/LowLevelInterpreter32_64.asm: "move t0, a0" is missing
in nativeCallTrampoline for sh4. Reuse MIPS implementation to avoid
code duplication.
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (153370 => 153371)
--- trunk/Source/_javascript_Core/ChangeLog 2013-07-26 10:33:24 UTC (rev 153370)
+++ trunk/Source/_javascript_Core/ChangeLog 2013-07-26 14:41:55 UTC (rev 153371)
@@ -1,5 +1,17 @@
2013-07-26 Julien Brianceau <[email protected]>
+ REGRESSION(FTL): Fix lots of crashes in sh4 baseline JIT.
+ https://bugs.webkit.org/show_bug.cgi?id=119148
+
+ Reviewed by Csaba Osztrogonác.
+
+ * jit/JSInterfaceJIT.h: "secondArgumentRegister" is wrong for sh4.
+ * llint/LowLevelInterpreter32_64.asm: "move t0, a0" is missing
+ in nativeCallTrampoline for sh4. Reuse MIPS implementation to avoid
+ code duplication.
+
+2013-07-26 Julien Brianceau <[email protected]>
+
REGRESSION(FTL): Crash in sh4 baseline JIT.
https://bugs.webkit.org/show_bug.cgi?id=119138
Modified: trunk/Source/_javascript_Core/jit/JSInterfaceJIT.h (153370 => 153371)
--- trunk/Source/_javascript_Core/jit/JSInterfaceJIT.h 2013-07-26 10:33:24 UTC (rev 153370)
+++ trunk/Source/_javascript_Core/jit/JSInterfaceJIT.h 2013-07-26 14:41:55 UTC (rev 153371)
@@ -158,8 +158,8 @@
static const RegisterID regT5 = SH4Registers::r5;
static const RegisterID regT6 = SH4Registers::r6;
static const RegisterID regT7 = SH4Registers::r7;
- static const RegisterID firstArgumentRegister =regT4;
- static const RegisterID secondArgumentRegister =regT4;
+ static const RegisterID firstArgumentRegister = regT4;
+ static const RegisterID secondArgumentRegister = regT5;
static const RegisterID returnValueRegister = SH4Registers::r0;
static const RegisterID cachedResultRegister = SH4Registers::r0;
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm (153370 => 153371)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm 2013-07-26 10:33:24 UTC (rev 153370)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm 2013-07-26 14:41:55 UTC (rev 153371)
@@ -1825,7 +1825,7 @@
call executableOffsetToFunction[t1]
restoreReturnAddressBeforeReturn(t3)
loadp JITStackFrame::vm[sp], t3
- elsif MIPS
+ elsif MIPS or SH4
loadp JITStackFrame::vm[sp], t3
storep cfr, VM::topCallFrame[t3]
move t0, t2
@@ -1839,19 +1839,6 @@
call executableOffsetToFunction[t1]
restoreReturnAddressBeforeReturn(t3)
loadp JITStackFrame::vm[sp], t3
- elsif SH4
- loadp JITStackFrame::vm[sp], t3
- storep cfr, VM::topCallFrame[t3]
- move t0, t2
- preserveReturnAddressAfterCall(t3)
- storep t3, ReturnPC[cfr]
- move cfr, t0
- loadi Callee + PayloadOffset[cfr], t1
- loadp JSFunction::m_executable[t1], t1
- move t2, cfr
- call executableOffsetToFunction[t1]
- restoreReturnAddressBeforeReturn(t3)
- loadp JITStackFrame::vm[sp], t3
elsif C_LOOP
loadp JITStackFrame::vm[sp], t3
storep cfr, VM::topCallFrame[t3]
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
