Title: [154324] trunk/Source/_javascript_Core
- Revision
- 154324
- Author
- [email protected]
- Date
- 2013-08-20 06:38:14 -0700 (Tue, 20 Aug 2013)
Log Message
<https://webkit.org/b/120062> Missing ensureSpace call in sh4 baseline JIT.
Patch by Julien Brianceau <[email protected]> on 2013-08-20
Reviewed by Allan Sandfeld Jensen.
branchPtrWithPatch() of baseline JIT must ensure that space is available for its
instructions and two constants now DFG is enabled for sh4 architecture.
These missing ensureSpace calls lead to random crashes.
* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::branchPtrWithPatch):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (154323 => 154324)
--- trunk/Source/_javascript_Core/ChangeLog 2013-08-20 12:47:57 UTC (rev 154323)
+++ trunk/Source/_javascript_Core/ChangeLog 2013-08-20 13:38:14 UTC (rev 154324)
@@ -1,3 +1,16 @@
+2013-08-20 Julien Brianceau <[email protected]>
+
+ <https://webkit.org/b/120062> Missing ensureSpace call in sh4 baseline JIT.
+
+ Reviewed by Allan Sandfeld Jensen.
+
+ branchPtrWithPatch() of baseline JIT must ensure that space is available for its
+ instructions and two constants now DFG is enabled for sh4 architecture.
+ These missing ensureSpace calls lead to random crashes.
+
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::branchPtrWithPatch):
+
2013-08-19 Gavin Barraclough <[email protected]>
https://bugs.webkit.org/show_bug.cgi?id=120034
Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerSH4.h (154323 => 154324)
--- trunk/Source/_javascript_Core/assembler/MacroAssemblerSH4.h 2013-08-20 12:47:57 UTC (rev 154323)
+++ trunk/Source/_javascript_Core/assembler/MacroAssemblerSH4.h 2013-08-20 13:38:14 UTC (rev 154324)
@@ -2334,6 +2334,7 @@
{
RegisterID dataTempRegister = claimScratch();
+ m_assembler.ensureSpace(m_assembler.maxInstructionSize + 10, 2 * sizeof(uint32_t));
dataLabel = moveWithPatch(initialRightValue, dataTempRegister);
m_assembler.cmplRegReg(dataTempRegister, left, SH4Condition(cond));
releaseScratch(dataTempRegister);
@@ -2351,6 +2352,7 @@
m_assembler.addlRegReg(left.base, scr);
m_assembler.movlMemReg(scr, scr);
RegisterID scr1 = claimScratch();
+ m_assembler.ensureSpace(m_assembler.maxInstructionSize + 10, 2 * sizeof(uint32_t));
dataLabel = moveWithPatch(initialRightValue, scr1);
m_assembler.cmplRegReg(scr1, scr, SH4Condition(cond));
releaseScratch(scr);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
