Modified: trunk/Source/_javascript_Core/ChangeLog (162459 => 162460)
--- trunk/Source/_javascript_Core/ChangeLog 2014-01-21 20:17:15 UTC (rev 162459)
+++ trunk/Source/_javascript_Core/ChangeLog 2014-01-21 20:19:59 UTC (rev 162460)
@@ -1,3 +1,16 @@
+2014-01-21 Mark Hahnenberg <[email protected]>
+
+ Registers used in writeBarrierOnOperand can cause clobbering on some platforms
+ https://bugs.webkit.org/show_bug.cgi?id=127357
+
+ Reviewed by Filip Pizlo.
+
+ Some platforms use t0 and t1 for their first two arguments, so using those to load the
+ cell for the write barrier is a bad idea because it will get clobbered.
+
+ * llint/LowLevelInterpreter32_64.asm:
+ * llint/LowLevelInterpreter64.asm:
+
2014-01-21 Mark Rowe <[email protected]>
Mac production build fix.
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm (162459 => 162460)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm 2014-01-21 20:17:15 UTC (rev 162459)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm 2014-01-21 20:19:59 UTC (rev 162460)
@@ -494,14 +494,14 @@
macro writeBarrierOnOperand(cellOperand)
if GGC
loadisFromInstruction(cellOperand, t1)
- loadConstantOrVariablePayload(t1, CellTag, t0, .writeBarrierDone)
- checkMarkByte(t0, t1, t2,
+ loadConstantOrVariablePayload(t1, CellTag, t2, .writeBarrierDone)
+ checkMarkByte(t2, t1, t3,
macro(marked)
btbz marked, .writeBarrierDone
push cfr, PC
# We make two extra slots because cCall2 will poke.
subp 8, sp
- cCall2(_llint_write_barrier_slow, cfr, t0)
+ cCall2(_llint_write_barrier_slow, cfr, t2)
addp 8, sp
pop PC, cfr
end
@@ -526,15 +526,15 @@
loadisFromInstruction(valueOperand, t1)
bineq t0, CellTag, .writeBarrierDone
- loadp CodeBlock[cfr], t0
- loadp CodeBlock::m_globalObject[t0], t0
- checkMarkByte(t0, t1, t2,
+ loadp CodeBlock[cfr], t3
+ loadp CodeBlock::m_globalObject[t3], t3
+ checkMarkByte(t3, t1, t2,
macro(marked)
btbz marked, .writeBarrierDone
push cfr, PC
# We make two extra slots because cCall2 will poke.
subp 8, sp
- cCall2(_llint_write_barrier_slow, cfr, t0)
+ cCall2(_llint_write_barrier_slow, cfr, t3)
addp 8, sp
pop PC, cfr
end
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm (162459 => 162460)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2014-01-21 20:17:15 UTC (rev 162459)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2014-01-21 20:19:59 UTC (rev 162460)
@@ -334,12 +334,12 @@
macro writeBarrierOnOperand(cellOperand)
if GGC
loadisFromInstruction(cellOperand, t1)
- loadConstantOrVariableCell(t1, t0, .writeBarrierDone)
- checkMarkByte(t0, t1, t2,
+ loadConstantOrVariableCell(t1, t2, .writeBarrierDone)
+ checkMarkByte(t2, t1, t3,
macro(marked)
btbz marked, .writeBarrierDone
push PB, PC
- cCall2(_llint_write_barrier_slow, cfr, t0)
+ cCall2(_llint_write_barrier_slow, cfr, t2)
pop PC, PB
end
)
@@ -364,13 +364,13 @@
loadConstantOrVariable(t1, t0)
btpz t0, .writeBarrierDone
- loadp CodeBlock[cfr], t0
- loadp CodeBlock::m_globalObject[t0], t0
- checkMarkByte(t0, t1, t2,
+ loadp CodeBlock[cfr], t3
+ loadp CodeBlock::m_globalObject[t3], t3
+ checkMarkByte(t3, t1, t2,
macro(marked)
btbz marked, .writeBarrierDone
push PB, PC
- cCall2(_llint_write_barrier_slow, cfr, t0)
+ cCall2(_llint_write_barrier_slow, cfr, t3)
pop PC, PB
end
)
