Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (158207 => 158208)
--- trunk/Source/_javascript_Core/ChangeLog 2013-10-29 19:20:21 UTC (rev 158207)
+++ trunk/Source/_javascript_Core/ChangeLog 2013-10-29 19:34:19 UTC (rev 158208)
@@ -1,5 +1,31 @@
2013-10-29 Julien Brianceau <[email protected]>
+ [arm] Fix lots of crashes because of 4th argument register trampling.
+ https://bugs.webkit.org/show_bug.cgi?id=123421
+
+ Reviewed by Michael Saboff.
+
+ r3 register is the 4th argument register for ARM and also a scratch
+ register in the baseline JIT for this architecture. We can use r6
+ instead, as this used to be the timeoutCheckRegister and it is no
+ longer used since r148119.
+
+ * assembler/ARMAssembler.h: Temp register is now r6 instead of r3 for ARM.
+ * assembler/MacroAssemblerARMv7.h: Temp register is now r6 instead of r3 for ARMv7.
+ * jit/GPRInfo.h: Add r3 properly in GPRInfo for ARM.
+ (JSC::GPRInfo::toRegister):
+ (JSC::GPRInfo::toIndex):
+ * jit/JITStubsARM.h:
+ (JSC::ctiTrampoline): Remove obsolete timeoutCheckRegister init.
+ * jit/JITStubsARMv7.h:
+ (JSC::ctiTrampoline): Remove obsolete timeoutCheckRegister init.
+ * jit/JSInterfaceJIT.h: Remove useless stuff.
+ * yarr/YarrJIT.cpp: Use r3 and not the new scratch register r6.
+ (JSC::Yarr::YarrGenerator::generateEnter): r8 register doesn't need to be saved.
+ (JSC::Yarr::YarrGenerator::generateReturn):
+
+2013-10-29 Julien Brianceau <[email protected]>
+
Fix CPU(ARM_TRADITIONAL) build after r157690.
https://bugs.webkit.org/show_bug.cgi?id=123247
Modified: trunk/Source/_javascript_Core/assembler/ARMAssembler.h (158207 => 158208)
--- trunk/Source/_javascript_Core/assembler/ARMAssembler.h 2013-10-29 19:20:21 UTC (rev 158207)
+++ trunk/Source/_javascript_Core/assembler/ARMAssembler.h 2013-10-29 19:34:19 UTC (rev 158208)
@@ -41,10 +41,10 @@
r0 = 0,
r1,
r2,
- r3, S0 = r3, /* Same as thumb assembler. */
+ r3,
r4,
r5, fp = r5, // frame pointer
- r6,
+ r6, S0 = r6,
r7,
r8,
r9,
Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerARMv7.h (158207 => 158208)
--- trunk/Source/_javascript_Core/assembler/MacroAssemblerARMv7.h 2013-10-29 19:20:21 UTC (rev 158207)
+++ trunk/Source/_javascript_Core/assembler/MacroAssemblerARMv7.h 2013-10-29 19:34:19 UTC (rev 158208)
@@ -35,11 +35,8 @@
namespace JSC {
class MacroAssemblerARMv7 : public AbstractMacroAssembler<ARMv7Assembler> {
- // FIXME: switch dataTempRegister & addressTempRegister, or possibly use r7?
- // - dTR is likely used more than aTR, and we'll get better instruction
- // encoding if it's in the low 8 registers.
static const RegisterID dataTempRegister = ARMRegisters::ip;
- static const RegisterID addressTempRegister = ARMRegisters::r3;
+ static const RegisterID addressTempRegister = ARMRegisters::r6;
static const ARMRegisters::FPDoubleRegisterID fpTempRegister = ARMRegisters::d7;
inline ARMRegisters::FPSingleRegisterID fpTempRegisterAsSingle() { return ARMRegisters::asSingle(fpTempRegister); }
Modified: trunk/Source/_javascript_Core/jit/GPRInfo.h (158207 => 158208)
--- trunk/Source/_javascript_Core/jit/GPRInfo.h 2013-10-29 19:20:21 UTC (rev 158207)
+++ trunk/Source/_javascript_Core/jit/GPRInfo.h 2013-10-29 19:34:19 UTC (rev 158208)
@@ -428,7 +428,7 @@
class GPRInfo {
public:
typedef GPRReg RegisterType;
- static const unsigned numberOfRegisters = 8;
+ static const unsigned numberOfRegisters = 9;
static const unsigned numberOfArgumentRegisters = NUMBER_OF_ARGUMENT_REGISTERS;
// Temporary registers.
@@ -440,6 +440,7 @@
static const GPRReg regT5 = ARMRegisters::r9;
static const GPRReg regT6 = ARMRegisters::r10;
static const GPRReg regT7 = ARMRegisters::r11;
+ static const GPRReg regT8 = ARMRegisters::r3;
// These registers match the baseline JIT.
static const GPRReg cachedResultRegister = regT0;
static const GPRReg cachedResultRegister2 = regT1;
@@ -448,11 +449,7 @@
static const GPRReg argumentGPR0 = ARMRegisters::r0; // regT0
static const GPRReg argumentGPR1 = ARMRegisters::r1; // regT1
static const GPRReg argumentGPR2 = ARMRegisters::r2; // regT2
- // FIXME: r3 is currently used be the MacroAssembler as a temporary - it seems
- // This could threoretically be a problem if this is used in code generation
- // between the arguments being set up, and the call being made. That said,
- // any change introducing a problem here is likely to be immediately apparent!
- static const GPRReg argumentGPR3 = ARMRegisters::r3; // FIXME!
+ static const GPRReg argumentGPR3 = ARMRegisters::r3; // regT8
static const GPRReg nonArgGPR0 = ARMRegisters::r4; // regT3
static const GPRReg nonArgGPR1 = ARMRegisters::r8; // regT4
static const GPRReg nonArgGPR2 = ARMRegisters::r9; // regT5
@@ -463,7 +460,7 @@
static GPRReg toRegister(unsigned index)
{
ASSERT(index < numberOfRegisters);
- static const GPRReg registerForIndex[numberOfRegisters] = { regT0, regT1, regT2, regT3, regT4, regT5, regT6, regT7 };
+ static const GPRReg registerForIndex[numberOfRegisters] = { regT0, regT1, regT2, regT3, regT4, regT5, regT6, regT7, regT8 };
return registerForIndex[index];
}
@@ -471,7 +468,7 @@
{
ASSERT(static_cast<unsigned>(reg) != InvalidGPRReg);
ASSERT(static_cast<unsigned>(reg) < 16);
- static const unsigned indexForRegister[16] = { 0, 1, 2, InvalidIndex, 3, InvalidIndex, InvalidIndex, InvalidIndex, 4, 5, 6, 7, InvalidIndex, InvalidIndex, InvalidIndex, InvalidIndex };
+ static const unsigned indexForRegister[16] = { 0, 1, 2, 8, 3, InvalidIndex, InvalidIndex, InvalidIndex, 4, 5, 6, 7, InvalidIndex, InvalidIndex, InvalidIndex, InvalidIndex };
unsigned result = indexForRegister[reg];
ASSERT(result != InvalidIndex);
return result;
Modified: trunk/Source/_javascript_Core/jit/JITStubsARM.h (158207 => 158208)
--- trunk/Source/_javascript_Core/jit/JITStubsARM.h 2013-10-29 19:20:21 UTC (rev 158207)
+++ trunk/Source/_javascript_Core/jit/JITStubsARM.h 2013-10-29 19:34:19 UTC (rev 158208)
@@ -161,7 +161,6 @@
"stmdb sp!, {r4-r6, r8-r11, lr}" "\n"
"sub sp, sp, #" STRINGIZE_VALUE_OF(PRESERVEDR4_OFFSET) "\n"
"mov r5, r2" "\n"
- "mov r6, #512" "\n"
// r0 contains the code
"blx r0" "\n"
"add sp, sp, #" STRINGIZE_VALUE_OF(PRESERVEDR4_OFFSET) "\n"
@@ -357,7 +356,6 @@
stmdb sp!, {r4-r6, r8-r11, lr}
sub sp, sp, # PRESERVEDR4_OFFSET
mov r5, r2
- mov r6, #512
mov lr, pc
bx r0
add sp, sp, # PRESERVEDR4_OFFSET
@@ -422,7 +420,6 @@
MSVC_BEGIN( stmdb sp!, {r4-r6, r8-r11, lr})
MSVC_BEGIN( sub sp, sp, #68 ; sync with PRESERVEDR4_OFFSET)
MSVC_BEGIN( mov r5, r2)
-MSVC_BEGIN( mov r6, #512)
MSVC_BEGIN( ; r0 contains the code)
MSVC_BEGIN( mov lr, pc)
MSVC_BEGIN( bx r0)
Modified: trunk/Source/_javascript_Core/jit/JITStubsARMv7.h (158207 => 158208)
--- trunk/Source/_javascript_Core/jit/JITStubsARMv7.h 2013-10-29 19:20:21 UTC (rev 158207)
+++ trunk/Source/_javascript_Core/jit/JITStubsARMv7.h 2013-10-29 19:34:19 UTC (rev 158208)
@@ -221,7 +221,6 @@
"str r11, [sp, #" STRINGIZE_VALUE_OF(PRESERVED_R11_OFFSET) "]" "\n"
"str r1, [sp, #" STRINGIZE_VALUE_OF(REGISTER_FILE_OFFSET) "]" "\n"
"mov r5, r2" "\n"
- "mov r6, #512" "\n"
"blx r0" "\n"
"ldr r11, [sp, #" STRINGIZE_VALUE_OF(PRESERVED_R11_OFFSET) "]" "\n"
"ldr r10, [sp, #" STRINGIZE_VALUE_OF(PRESERVED_R10_OFFSET) "]" "\n"
@@ -456,7 +455,6 @@
str r11, [sp, # PRESERVED_R11_OFFSET ]
str r1, [sp, # REGISTER_FILE_OFFSET ]
mov r5, r2
- mov r6, #512
blx r0
ldr r11, [sp, # PRESERVED_R11_OFFSET ]
ldr r10, [sp, # PRESERVED_R10_OFFSET ]
Modified: trunk/Source/_javascript_Core/jit/JSInterfaceJIT.h (158207 => 158208)
--- trunk/Source/_javascript_Core/jit/JSInterfaceJIT.h 2013-10-29 19:20:21 UTC (rev 158207)
+++ trunk/Source/_javascript_Core/jit/JSInterfaceJIT.h 2013-10-29 19:34:19 UTC (rev 158208)
@@ -117,9 +117,6 @@
static const RegisterID firstArgumentRegister = ARMRegisters::r0;
static const RegisterID secondArgumentRegister = ARMRegisters::r1;
-#if ENABLE(VALUE_PROFILER)
-#endif
-
static const RegisterID regT0 = ARMRegisters::r0;
static const RegisterID regT1 = ARMRegisters::r1;
static const RegisterID regT2 = ARMRegisters::r2;
Modified: trunk/Source/_javascript_Core/yarr/YarrJIT.cpp (158207 => 158208)
--- trunk/Source/_javascript_Core/yarr/YarrJIT.cpp 2013-10-29 19:20:21 UTC (rev 158207)
+++ trunk/Source/_javascript_Core/yarr/YarrJIT.cpp 2013-10-29 19:34:19 UTC (rev 158208)
@@ -46,10 +46,10 @@
static const RegisterID input = ARMRegisters::r0;
static const RegisterID index = ARMRegisters::r1;
static const RegisterID length = ARMRegisters::r2;
- static const RegisterID output = ARMRegisters::r4;
+ static const RegisterID output = ARMRegisters::r3;
- static const RegisterID regT0 = ARMRegisters::r5;
- static const RegisterID regT1 = ARMRegisters::r6;
+ static const RegisterID regT0 = ARMRegisters::r4;
+ static const RegisterID regT1 = ARMRegisters::r5;
static const RegisterID returnRegister = ARMRegisters::r0;
static const RegisterID returnRegister2 = ARMRegisters::r1;
@@ -2578,11 +2578,6 @@
push(ARMRegisters::r4);
push(ARMRegisters::r5);
push(ARMRegisters::r6);
-#if CPU(ARM_TRADITIONAL)
- push(ARMRegisters::r8); // scratch register
-#endif
- if (compileMode == IncludeSubpatterns)
- move(ARMRegisters::r3, output);
#elif CPU(SH4)
push(SH4Registers::r11);
push(SH4Registers::r13);
@@ -2608,9 +2603,6 @@
pop(X86Registers::ebx);
pop(X86Registers::ebp);
#elif CPU(ARM)
-#if CPU(ARM_TRADITIONAL)
- pop(ARMRegisters::r8); // scratch register
-#endif
pop(ARMRegisters::r6);
pop(ARMRegisters::r5);
pop(ARMRegisters::r4);
