Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (195318 => 195319)
--- trunk/Source/_javascript_Core/ChangeLog 2016-01-19 23:03:50 UTC (rev 195318)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-01-19 23:15:53 UTC (rev 195319)
@@ -1,3 +1,22 @@
+2016-01-19 Benjamin Poulain <[email protected]>
+
+ [JSC] fixSpillSlotZDef() crashes on ARM64
+ https://bugs.webkit.org/show_bug.cgi?id=153246
+
+ Reviewed by Geoffrey Garen.
+
+ Moving an immediate to memory is not a valid instruction on ARM64.
+ This patch adds a small workaround for this specific case: an instruction
+ to zero a chunk of memory.
+
+ * assembler/MacroAssemblerARM64.h:
+ (JSC::MacroAssemblerARM64::storeZero32):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::storeZero32):
+ * b3/air/AirFixSpillSlotZDef.h:
+ (JSC::B3::Air::fixSpillSlotZDef):
+ * b3/air/AirOpcode.opcodes:
+
2016-01-19 Enrica Casucci <[email protected]>
Add support for DataDetectors in WK (iOS).
Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64.h (195318 => 195319)
--- trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64.h 2016-01-19 23:03:50 UTC (rev 195318)
+++ trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64.h 2016-01-19 23:15:53 UTC (rev 195319)
@@ -1231,6 +1231,16 @@
store32(dataTempRegister, address);
}
+ void storeZero32(ImplicitAddress address)
+ {
+ store32(ARM64Registers::zr, address);
+ }
+
+ void storeZero32(BaseIndex address)
+ {
+ store32(ARM64Registers::zr, address);
+ }
+
DataLabel32 store32WithAddressOffsetPatch(RegisterID src, Address address)
{
DataLabel32 label(this);
Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerX86Common.h (195318 => 195319)
--- trunk/Source/_javascript_Core/assembler/MacroAssemblerX86Common.h 2016-01-19 23:03:50 UTC (rev 195318)
+++ trunk/Source/_javascript_Core/assembler/MacroAssemblerX86Common.h 2016-01-19 23:15:53 UTC (rev 195319)
@@ -731,6 +731,16 @@
m_assembler.movl_i32m(imm.m_value, address.offset, address.base, address.index, address.scale);
}
+ void storeZero32(ImplicitAddress address)
+ {
+ store32(TrustedImm32(0), address);
+ }
+
+ void storeZero32(BaseIndex address)
+ {
+ store32(TrustedImm32(0), address);
+ }
+
void store8(TrustedImm32 imm, Address address)
{
m_assembler.movb_i8m(static_cast<int8_t>(imm.m_value), address.offset, address.base);
Modified: trunk/Source/_javascript_Core/b3/air/AirAllocateStack.cpp (195318 => 195319)
--- trunk/Source/_javascript_Core/b3/air/AirAllocateStack.cpp 2016-01-19 23:03:50 UTC (rev 195318)
+++ trunk/Source/_javascript_Core/b3/air/AirAllocateStack.cpp 2016-01-19 23:15:53 UTC (rev 195319)
@@ -296,12 +296,9 @@
RELEASE_ASSERT(slot->byteSize() == 8);
RELEASE_ASSERT(width == Arg::Width32);
- // We rely on the fact that there must be some way to move zero to a
- // memory location without first burning a register. On ARM, we would do
- // this using zr.
- RELEASE_ASSERT(isValidForm(Move32, Arg::Imm, Arg::Addr));
+ RELEASE_ASSERT(isValidForm(StoreZero32, Arg::Stack));
insertionSet.insert(
- instIndex + 1, Move32, inst.origin, Arg::imm(0),
+ instIndex + 1, StoreZero32, inst.origin,
stackAddr(arg.offset() + 4 + slot->offsetFromFP()));
}
arg = stackAddr(arg.offset() + slot->offsetFromFP());
Modified: trunk/Source/_javascript_Core/b3/air/AirOpcode.opcodes (195318 => 195319)
--- trunk/Source/_javascript_Core/b3/air/AirOpcode.opcodes 2016-01-19 23:03:50 UTC (rev 195318)
+++ trunk/Source/_javascript_Core/b3/air/AirOpcode.opcodes 2016-01-19 23:15:53 UTC (rev 195319)
@@ -434,6 +434,10 @@
x86: Imm, Addr as store32
x86: Imm, Index as store32
+StoreZero32 U:G:32
+ Addr
+ Index
+
SignExtend32ToPtr U:G:32, D:G:Ptr
Tmp, Tmp
