[webkit-changes] [159346] trunk/Source/JavaScriptCore

[msaboff]

Title: [159346] trunk/Source/_javascript_Core

Revision

159346

Author

msab...@apple.com

Date

2013-11-15 11:07:01 -0800 (Fri, 15 Nov 2013)

Log Message

REGRESSION (r158586): callToJavaScript needs to save return PC to Sentinel frame
https://bugs.webkit.org/show_bug.cgi?id=124420

Reviewed by Filip Pizlo.

Save the return PC into the sentinel frame.

* jit/JITStubsMSVC64.asm:
* jit/JITStubsX86.h:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/jit/JITStubsMSVC64.asm
• trunk/Source/_javascript_Core/jit/JITStubsX86.h
• trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm
• trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (159345 => 159346)

--- trunk/Source/_javascript_Core/ChangeLog	2013-11-15 18:32:34 UTC (rev 159345)
+++ trunk/Source/_javascript_Core/ChangeLog	2013-11-15 19:07:01 UTC (rev 159346)
@@ -1,3 +1,17 @@
+2013-11-15  Michael Saboff  <msab...@apple.com>
+
+        REGRESSION (r158586): callToJavaScript needs to save return PC to Sentinel frame
+        https://bugs.webkit.org/show_bug.cgi?id=124420
+
+        Reviewed by Filip Pizlo.
+
+        Save the return PC into the sentinel frame.
+
+        * jit/JITStubsMSVC64.asm:
+        * jit/JITStubsX86.h:
+        * llint/LowLevelInterpreter32_64.asm:
+        * llint/LowLevelInterpreter64.asm:
+
 2013-11-14  Oliver Hunt  <oli...@apple.com>
 
         Make CLoop easier to build, and make it work

Modified: trunk/Source/_javascript_Core/jit/JITStubsMSVC64.asm (159345 => 159346)

--- trunk/Source/_javascript_Core/jit/JITStubsMSVC64.asm	2013-11-15 18:32:34 UTC (rev 159345)
+++ trunk/Source/_javascript_Core/jit/JITStubsMSVC64.asm	2013-11-15 19:07:01 UTC (rev 159346)
@@ -32,6 +32,7 @@
 _TEXT   SEGMENT
 
 callToJavaScript PROC
+    mov r10, qword ptr[sp]
     push rbp
     mov rax, rbp ; Save previous frame pointer
     mov rbp, rsp
@@ -49,6 +50,7 @@
     mov rbp, rdx
     mov r11, qword ptr[rbp] ; Put the previous frame pointer in the sentinel call frame above us
     mov qword ptr[r11], rax
+    mov qword ptr[r11 + 8], r10
     mov r14, 0FFFF000000000000h
     mov r15, 0FFFF000000000002h
     call rcx

Modified: trunk/Source/_javascript_Core/jit/JITStubsX86.h (159345 => 159346)

--- trunk/Source/_javascript_Core/jit/JITStubsX86.h	2013-11-15 18:32:34 UTC (rev 159345)
+++ trunk/Source/_javascript_Core/jit/JITStubsX86.h	2013-11-15 19:07:01 UTC (rev 159346)
@@ -209,6 +209,7 @@
     __declspec(naked) EncodedJSValue callToJavaScript(void* code, ExecState*)
     {
         __asm {
+            mov edx, [esp]
             push ebp;
             mov eax, ebp;
             mov ebp, esp;
@@ -219,6 +220,7 @@
             mov ebp, [esp + 0x34];
             mov ebx, [ebp];
             mov [ebx], eax;
+            mov 4[ebx], edx
             call [esp + 0x30];
             add esp, 0x1c;
             pop ebx;

Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm (159345 => 159346)

--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm	2013-11-15 18:32:34 UTC (rev 159345)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm	2013-11-15 19:07:01 UTC (rev 159346)
@@ -174,31 +174,37 @@
     if X86
         const extraStackSpace = 28
         const previousCFR = t0
+        const previousPC = t1
         const entry = t5
         const newCallFrame = t4
     elsif ARM or ARMv7_TRADITIONAL
         const extraStackSpace = 16
         const previousCFR = t3  
+        const previousPC = lr
         const entry = a0
         const newCallFrame = a1
     elsif ARMv7
         const extraStackSpace = 28
         const previousCFR = t3  
+        const previousPC = lr
         const entry = a0
         const newCallFrame = a1
     elsif MIPS
         const extraStackSpace = 20
         const previousCFR = t2  
+        const previousPC = lr
         const entry = a0
         const newCallFrame = a1
     elsif SH4
         const extraStackSpace = 20
         const previousCFR = t3  
+        const previousPC = lr
         const entry = a0
         const newCallFrame = a1
     end
 
     if X86
+        loadp [sp], previousPC
         move cfr, previousCFR
     end
     functionPrologue(extraStackSpace)
@@ -212,6 +218,7 @@
     move newCallFrame, cfr
     loadp [cfr], newCallFrame
     storep previousCFR, [newCallFrame]
+    storep previousPC, 4[newCallFrame]
     call entry
 
 _returnFromJavaScript:

Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm (159345 => 159346)

--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm	2013-11-15 18:32:34 UTC (rev 159345)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm	2013-11-15 19:07:01 UTC (rev 159346)
@@ -119,26 +119,33 @@
     if X86_64
         const extraStackSpace = 8
         const previousCFR = t0
+        const previousPC = t6
         const entry = t5
         const newCallFrame = t4
     elsif ARM64
         const extraStackSpace = 0
-        const previousCFR = t4  
+        const previousCFR = t4
+        const previousPC = lr
         const entry = a0
         const newCallFrame = a1
     elsif C_LOOP
         const extraStackSpace = 0
         const previousCFR = t4  
+        const previousPC = lr
         const entry = a0
         const newCallFrame = a1
     end
 
+    if X86_64
+        loadp [sp], previousPC
+    end
     move cfr, previousCFR
     functionPrologue(extraStackSpace)
 
     move newCallFrame, cfr
     loadp [cfr], newCallFrame
     storep previousCFR, [newCallFrame]
+    storep previousPC, 8[newCallFrame]
     move 0xffff000000000000, csr1
     addp 2, csr1, csr2
     call entry

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes