[webkit-changes] [195578] trunk/Source/JavaScriptCore

[commit-queue]

Title: [195578] trunk/Source/_javascript_Core

Revision

195578

Author

commit-qu...@webkit.org

Date

2016-01-25 20:01:33 -0800 (Mon, 25 Jan 2016)

Log Message

[JSC] We should never use x18 on iOS ARM64
https://bugs.webkit.org/show_bug.cgi?id=153461

Patch by Benjamin Poulain <bpoul...@apple.com> on 2016-01-25
Reviewed by Filip Pizlo.

The register x18 is reserved in the iOS variant of the ARM64 ABI.

The weird thing is: if you use it, its value will change completely
randomly. It looks like it is changed by the system on interrupts.

This patch adds x18 to the reserved register and add assertions
to the assembler to prevent similar problems in the future.

* assembler/ARM64Assembler.h:
(JSC::ARM64Assembler::xOrSp):
(JSC::ARM64Assembler::xOrZr):
* assembler/AbstractMacroAssembler.h:
(JSC::isIOS): Deleted.
* assembler/AssemblerCommon.h:
(JSC::isIOS):
* jit/RegisterSet.cpp:
(JSC::RegisterSet::reservedHardwareRegisters):

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/assembler/ARM64Assembler.h
• trunk/Source/_javascript_Core/assembler/AbstractMacroAssembler.h
• trunk/Source/_javascript_Core/assembler/AssemblerCommon.h
• trunk/Source/_javascript_Core/jit/RegisterSet.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (195577 => 195578)

--- trunk/Source/_javascript_Core/ChangeLog	2016-01-26 03:13:03 UTC (rev 195577)
+++ trunk/Source/_javascript_Core/ChangeLog	2016-01-26 04:01:33 UTC (rev 195578)
@@ -1,3 +1,28 @@
+2016-01-25  Benjamin Poulain  <bpoul...@apple.com>
+
+        [JSC] We should never use x18 on iOS ARM64
+        https://bugs.webkit.org/show_bug.cgi?id=153461
+
+        Reviewed by Filip Pizlo.
+
+        The register x18 is reserved in the iOS variant of the ARM64 ABI.
+
+        The weird thing is: if you use it, its value will change completely
+        randomly. It looks like it is changed by the system on interrupts.
+
+        This patch adds x18 to the reserved register and add assertions
+        to the assembler to prevent similar problems in the future.
+
+        * assembler/ARM64Assembler.h:
+        (JSC::ARM64Assembler::xOrSp):
+        (JSC::ARM64Assembler::xOrZr):
+        * assembler/AbstractMacroAssembler.h:
+        (JSC::isIOS): Deleted.
+        * assembler/AssemblerCommon.h:
+        (JSC::isIOS):
+        * jit/RegisterSet.cpp:
+        (JSC::RegisterSet::reservedHardwareRegisters):
+
 2016-01-25  Commit Queue  <commit-qu...@webkit.org>
 
         Unreviewed, rolling out r195550.

Modified: trunk/Source/_javascript_Core/assembler/ARM64Assembler.h (195577 => 195578)

--- trunk/Source/_javascript_Core/assembler/ARM64Assembler.h	2016-01-26 03:13:03 UTC (rev 195577)
+++ trunk/Source/_javascript_Core/assembler/ARM64Assembler.h	2016-01-26 04:01:33 UTC (rev 195578)
@@ -3276,8 +3276,18 @@
         return (insn & 0x7c000000) == 0x14000000;
     }
 
-    static int xOrSp(RegisterID reg) { ASSERT(!isZr(reg)); return reg; }
-    static int xOrZr(RegisterID reg) { ASSERT(!isSp(reg)); return reg & 31; }
+    static int xOrSp(RegisterID reg)
+    {
+        ASSERT(!isZr(reg));
+        ASSERT(!isIOS() || reg != ARM64Registers::x18);
+        return reg;
+    }
+    static int xOrZr(RegisterID reg)
+    {
+        ASSERT(!isSp(reg));
+        ASSERT(!isIOS() || reg != ARM64Registers::x18);
+        return reg & 31;
+    }
     static FPRegisterID xOrZrAsFPR(RegisterID reg) { return static_cast<FPRegisterID>(xOrZr(reg)); }
     static int xOrZrOrSp(bool useZr, RegisterID reg) { return useZr ? xOrZr(reg) : xOrSp(reg); }
 

Modified: trunk/Source/_javascript_Core/assembler/AbstractMacroAssembler.h (195577 => 195578)

--- trunk/Source/_javascript_Core/assembler/AbstractMacroAssembler.h	2016-01-26 03:13:03 UTC (rev 195577)
+++ trunk/Source/_javascript_Core/assembler/AbstractMacroAssembler.h	2016-01-26 04:01:33 UTC (rev 195578)
@@ -76,15 +76,6 @@
 #endif
 }
 
-inline bool isIOS()
-{
-#if PLATFORM(IOS)
-    return true;
-#else
-    return false;
-#endif
-}
-
 inline bool optimizeForARMv7IDIVSupported()
 {
     return isARMv7IDIVSupported() && Options::useArchitectureSpecificOptimizations();

Modified: trunk/Source/_javascript_Core/assembler/AssemblerCommon.h (195577 => 195578)

--- trunk/Source/_javascript_Core/assembler/AssemblerCommon.h	2016-01-26 03:13:03 UTC (rev 195577)
+++ trunk/Source/_javascript_Core/assembler/AssemblerCommon.h	2016-01-26 04:01:33 UTC (rev 195578)
@@ -28,6 +28,15 @@
 
 namespace JSC {
 
+ALWAYS_INLINE bool isIOS()
+{
+#if PLATFORM(IOS)
+    return true;
+#else
+    return false;
+#endif
+}
+
 ALWAYS_INLINE bool isInt9(int32_t value)
 {
     return value == ((value << 23) >> 23);

Modified: trunk/Source/_javascript_Core/jit/RegisterSet.cpp (195577 => 195578)

--- trunk/Source/_javascript_Core/jit/RegisterSet.cpp	2016-01-26 03:13:03 UTC (rev 195577)
+++ trunk/Source/_javascript_Core/jit/RegisterSet.cpp	2016-01-26 04:01:33 UTC (rev 195578)
@@ -45,7 +45,11 @@
 RegisterSet RegisterSet::reservedHardwareRegisters()
 {
 #if CPU(ARM64)
+#if PLATFORM(IOS)
+    return RegisterSet(ARM64Registers::x18, ARM64Registers::lr);
+#else
     return RegisterSet(ARM64Registers::lr);
+#endif // PLATFORM(IOS)
 #else
     return RegisterSet();
 #endif

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes