Modified: trunk/Source/_javascript_Core/ChangeLog (194207 => 194208)
--- trunk/Source/_javascript_Core/ChangeLog 2015-12-17 04:26:32 UTC (rev 194207)
+++ trunk/Source/_javascript_Core/ChangeLog 2015-12-17 05:02:49 UTC (rev 194208)
@@ -1,3 +1,18 @@
+2015-12-16 Michael Saboff <[email protected]>
+
+ ARM64 MacroAssembler improperly reuses data temp register in test32() and test8() calls
+ https://bugs.webkit.org/show_bug.cgi?id=152370
+
+ Reviewed by Benjamin Poulain.
+
+ Changed the test8/32(Address, Register) flavors to use the memoryTempRegister for loading the value
+ att Address so that it doesn't collide with the subsequent use of dataTempRegister by the
+ test32(Register, Register) function.
+
+ * assembler/MacroAssemblerARM64.h:
+ (JSC::MacroAssemblerARM64::test32):
+ (JSC::MacroAssemblerARM64::test8):
+
2015-12-16 Filip Pizlo <[email protected]>
FTL B3 should support switches
Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64.h (194207 => 194208)
--- trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64.h 2015-12-17 04:26:32 UTC (rev 194207)
+++ trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64.h 2015-12-17 05:02:49 UTC (rev 194208)
@@ -2328,14 +2328,14 @@
void test32(ResultCondition cond, Address address, TrustedImm32 mask, RegisterID dest)
{
- load32(address, getCachedDataTempRegisterIDAndInvalidate());
- test32(cond, dataTempRegister, mask, dest);
+ load32(address, getCachedMemoryTempRegisterIDAndInvalidate());
+ test32(cond, memoryTempRegister, mask, dest);
}
void test8(ResultCondition cond, Address address, TrustedImm32 mask, RegisterID dest)
{
- load8(address, getCachedDataTempRegisterIDAndInvalidate());
- test32(cond, dataTempRegister, mask, dest);
+ load8(address, getCachedMemoryTempRegisterIDAndInvalidate());
+ test32(cond, memoryTempRegister, mask, dest);
}
void test64(ResultCondition cond, RegisterID op1, RegisterID op2, RegisterID dest)
