Hi Patrick, hm, I feel I found something. Please have a look at JavaScriptCore/jit/JITOpcodes.cpp : privateCompileCTIMachineTrampolines. The second one, when JSVALUE32_64 is disabled. If JIT_OPTIMIZE_NATIVE_CALL is enabled, a specialized code is generated to call native builtin functions (like Date.toString). This code for arm is around line 1733. Perhaps WinCE ABI wants the arguments in a different way than GCC. The faulting address according to your call stack is 0x003e01d4, which is the "call(Address(regT1, OBJECT_OFFSETOF(JSFunction, m_data)));" macro assembler instruction in line 1768. (Thank you for sending the instruction dump). Please try to fix this code according to WinCE ABI, since I am not sure JIT_OPTIMIZE_NATIVE_CALL can be disabled.
Regards Zoltan > Hi Gabor, > > Thanks for your prompt reply. > >> Make sure your assembler does not break ctiVMThrowTrampoline >> and ctiOpThrowNotCaught functions. This approach requires that the >> ctiVMThrowTrampoline fall-backs to ctiOpThrowNotCaught >> after 'bl cti_vm_throw' call. Or you can simply copy the body of >> ctiOpThrowNotCaught into ctiVMThrowTrampoline after the >> call. > I've copied it, but I think it's unnecessary (see disassembly) > >> Did you do anything with DEFINE_STUB_FUNCTION macro? > I've done it like for the RVCT compiler. (e.g. see cti_op_end in > disassembly) > > When I run "jsc.exe tests\mozilla\ecma_2\shell.js" it crashes with the > following callstack: > 0x00000000 > jsc.EXE!JSC::JSCell::inherits(JSC::ClassInfo* info = 0x00189818) Line: > 335, > Byte Offsets: 0x2c > jsc.EXE!JSC::JSValue::inherits(JSC::ClassInfo* classInfo = 0x00189818) > Line: > 345, Byte Offsets: 0x40 > jsc.EXE!JSC::dateProtoFuncGetTimezoneOffset(JSC::ExecState* exec = > 0x00601b60, > JSC::JSObject* __formal = 0x00601b40, JSC::JSValue thisValue = {...}, > JSC::ArgList& __formal = {...}) Line: 764, Byte Offsets: 0x1c > 0x003e01d4 > > Is there a better javascript file to start with? When I enter a simple > "1+2+3" > into the interactive jsc.exe it prints the correct result. > > Here are some parts of the disassembly: > > // Execute the code! > inline JSValue execute(RegisterFile* registerFile, CallFrame* > callFrame, JSGlobalData* globalData, JSValue* exception) > { > 000A7868 mov r12, sp > 000A786C stmdb sp!, {r0 - r3} > 000A7870 stmdb sp!, {r12, lr} > 000A7874 sub sp, sp, #0x20 > return > JSValue::decode(ctiTrampoline(m_ref.m_code.executableAddress(), > registerFile, > callFrame, exception, Profiler::enabledProfilerReference(), globalData)); > 000A7878 bl |JSC::Profiler::enabledProfilerReference ( 1b2e0h )| > 000A787C str r0, [sp, #0x14] > 000A7880 ldr r0, this > 000A7884 bl |WTF::RefPtr<JSC::Profile>::operator-> ( d2e3ch )| > 000A7888 str r0, [sp, #0x18] > 000A788C ldr r3, globalData > 000A7890 str r3, [sp, #4] > 000A7894 ldr r3, [sp, #0x14] > 000A7898 str r3, [sp] > 000A789C ldr r3, exception > 000A78A0 ldr r2, callFrame > 000A78A4 ldr r1, registerFile > 000A78A8 ldr r0, [sp, #0x18] > 000A78AC bl 0014A000 > 000A78B0 str r0, [sp, #0x1C] > 000A78B4 ldr r1, [sp, #0x1C] > 000A78B8 ldr r0, [sp, #0x2C] > 000A78BC bl |JSC::JSValue::decode ( 1b94ch )| > 000A78C0 ldr r3, [sp, #0x2C] > 000A78C4 str r3, [sp, #0x10] > } > 000A78C8 ldr r0, [sp, #0x10] > 000A78CC add sp, sp, #0x20 > 000A78D0 ldmia sp, {sp, pc} > > ================================================================================ > > ctiTrampoline: > 0014A000 stmdb sp!, {r1 - r3} > 0014A004 stmdb sp!, {r4 - r8, lr} > 0014A008 sub sp, sp, #0x24 > 0014A00C mov r4, r2 > 0014A010 mov r5, #2, 24 > 0014A014 mov lr, pc > 0014A018 bx r0 // r0 = 0x003e0270 > 0014A01C add sp, sp, #0x24 > 0014A020 ldmia sp!, {r4 - r8, lr} > 0014A024 add sp, sp, #0xC > 0014A028 bx lr > ctiVMThrowTrampoline: > 0014A02C mov r0, sp > 0014A030 bl 0014A6D4 > 0014A034 add sp, sp, #0x24 > 0014A038 ldmia sp!, {r4 - r8, lr} > 0014A03C add sp, sp, #0xC > 0014A040 bx lr > ctiOpThrowNotCaught: > 0014A044 add sp, sp, #0x24 > 0014A048 ldmia sp!, {r4 - r8, lr} > 0014A04C add sp, sp, #0xC > 0014A050 bx lr > cti_op_convert_this: > 0014A054 str lr, [sp, #0x20] > 0014A058 bl |JITStubThunked_op_convert_this ( ae718h )| > 0014A05C ldr lr, [sp, #0x20] > 0014A060 bx lr > cti_op_end: > 0014A064 str lr, [sp, #0x20] > 0014A068 bl |JITStubThunked_op_end ( ae878h )| > 0014A06C ldr lr, [sp, #0x20] > 0014A070 bx lr > > ================================================================================ > > 003E017C mov pc, r0 > 003E0180 mov r0, lr > 003E0184 str r0, [r4, #-0x14] > 003E0188 ldr r1, [r4, #-0x18] > 003E018C ldr r1, [r1, #-0x1C] > 003E0190 str r1, [r4, #-0x1C] > 003E0194 ldr r0, [r4, #-0xC] > 003E0198 subs sp, sp, #8 > 003E019C subs r0, r0, #1 > 003E01A0 str r0, [sp, #4] > 003E01A4 mov r1, r4 > 003E01A8 subs r1, r1, #0x20 > 003E01AC mov r3, #4 > 003E01B0 muls r0, r3, r0 > 003E01B4 subs r1, r1, r0 > 003E01B8 str r1, [sp] > 003E01BC ldr r2, [r1, #-4] > 003E01C0 ldr r1, [r4, #-8] > 003E01C4 mov r0, r4 > 003E01C8 mov r3, sp > 003E01CC mov lr, pc > 003E01D0 ldr pc, [r1, #0x1C] > 003E01D4 adds sp, sp, #8 > 003E01D8 ldr r3, [pc, #0x7C] > 003E01DC ldr r2, [r3] > 003E01E0 bics r3, r2, #0 > 003E01E4 bne 003E01F8 > 003E01E8 ldr r1, [r4, #-0x14] > 003E01EC ldr r4, [r4, #-0x18] > 003E01F0 mov lr, r1 > 003E01F4 mov pc, lr > 003E01F8 ldr r1, [r4, #-0x14] > 003E01FC ldr r2, [pc, #0x60] > 003E0200 str r1, [r2] > 003E0204 ldr r2, [pc, #0x5C] > 003E0208 ldr r4, [r4, #-0x18] > 003E020C str r4, [sp, #0x40] > 003E0210 mov lr, r2 > 003E0214 mov pc, lr > > ================================================================================ > > 003E0258 andeq r0, r0, r0 > 003E025C eoreq r0, r11, r8, ror #30 > 003E0260 streqd r0, [r0], -r8 > 003E0264 eoreq r0, r11, r12, ror #30 > 003E0268 andeqs r10, r4, r12, lsr #32 > 003E026C ldr r3, [r3, -r3] > 003E0270 mov r2, lr > 003E0274 str r2, [r4, #-0x14] > 003E0278 ldr r8, [pc, #0x400] > 003E027C str r8, [sp, #4] > 003E0280 mov r0, sp > 003E0284 str r4, [sp, #0x40] > 003E0288 mov lr, pc > 003E028C ldr pc, [pc, #0x3F0] > 003E0290 str r0, [r4, #-0x3C] > 003E0294 ldr r8, [pc, #0x3EC] > 003E0298 str r8, [sp, #4] > 003E029C mov r0, sp > 003E02A0 str r4, [sp, #0x40] > 003E02A4 mov lr, pc > 003E02A8 ldr pc, [pc, #0x3DC] > 003E02AC str r0, [r4, #-0x40] > 003E02B0 ldr r8, [pc, #0x3D8] > 003E02B4 str r8, [sp, #4] > 003E02B8 mov r0, sp > 003E02BC str r4, [sp, #0x40] > 003E02C0 mov lr, pc > 003E02C4 ldr pc, [pc, #0x3C8] > 003E02C8 str r0, [r4, #-0x44] > 003E02CC ldr r8, [pc, #0x3C4] > 003E02D0 str r8, [sp, #4] > 003E02D4 mov r0, sp > 003E02D8 str r4, [sp, #0x40] > 003E02DC mov lr, pc > 003E02E0 ldr pc, [pc, #0x3B4] > 003E02E4 str r0, [r4, #-0x48] > 003E02E8 ldr r8, [pc, #0x3B0] > 003E02EC str r8, [sp, #4] > > - Patrick > _______________________________________________ > webkit-dev mailing list > webkit-dev@lists.webkit.org > http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev > _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev