Skip to site navigation (Press enter)

[webkit-changes] [159376] trunk/Source/JavaScriptCore

commit-queue Fri, 15 Nov 2013 19:24:36 -0800

Title: [159376] trunk/Source/_javascript_Core

Revision: 159376
Author: commit-qu...@webkit.org
Date: 2013-11-15 19:25:45 -0800 (Fri, 15 Nov 2013)

Log Message

[Win] _javascript_ crashes on 64-bit with JIT enabled.
https://bugs.webkit.org/show_bug.cgi?id=124409


Patch by pe...@outlook.com <pe...@outlook.com> on 2013-11-15
Reviewed by Michael Saboff.

These are issues found with JIT on 64-bit:
- The registers rsi and rdi in callToJavaScript needs to be saved and restored. This is required by the Windows 64-bit ABI.
- The getHostCallReturnValue function needs to be updated according to it's GCC counterpart.
- The poke argument offset needs to be 20h, because Windows 64-bit ABI requires stack space allocated for the 4 argument registers.

* _javascript_Core.vcxproj/_javascript_Core.vcxproj: Re-added JITStubsMSVC64.asm to project.
* jit/CCallHelpers.h: Set poke argument offset.
(JSC::CCallHelpers::setupArguments): Compile fix, added needed method.
* jit/JITStubsMSVC64.asm: Save and restore registers rsi and rdi.
                          Update getHostCallReturnValue according to the GCC version.

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/_javascript_Core.vcxproj/_javascript_Core.vcxproj
trunk/Source/_javascript_Core/jit/CCallHelpers.h
trunk/Source/_javascript_Core/jit/JITStubsMSVC64.asm

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (159375 => 159376)


--- trunk/Source/_javascript_Core/ChangeLog	2013-11-16 01:32:38 UTC (rev 159375)
+++ trunk/Source/_javascript_Core/ChangeLog	2013-11-16 03:25:45 UTC (rev 159376)
@@ -1,3 +1,21 @@
+2013-11-15  pe...@outlook.com  <pe...@outlook.com>
+
+        [Win] _javascript_ crashes on 64-bit with JIT enabled.
+        https://bugs.webkit.org/show_bug.cgi?id=124409
+
+        Reviewed by Michael Saboff.
+
+        These are issues found with JIT on 64-bit:
+        - The registers rsi and rdi in callToJavaScript needs to be saved and restored. This is required by the Windows 64-bit ABI.
+        - The getHostCallReturnValue function needs to be updated according to it's GCC counterpart.
+        - The poke argument offset needs to be 20h, because Windows 64-bit ABI requires stack space allocated for the 4 argument registers.
+
+        * _javascript_Core.vcxproj/_javascript_Core.vcxproj: Re-added JITStubsMSVC64.asm to project.
+        * jit/CCallHelpers.h: Set poke argument offset.
+        (JSC::CCallHelpers::setupArguments): Compile fix, added needed method.
+        * jit/JITStubsMSVC64.asm: Save and restore registers rsi and rdi.
+                                  Update getHostCallReturnValue according to the GCC version.
+
 2013-11-14  David Farler  <dfar...@apple.com>
 
         Copy ASAN flag settings to WebCore and _javascript_Core intermediate build tools

Modified: trunk/Source/_javascript_Core/_javascript_Core.vcxproj/_javascript_Core.vcxproj (159375 => 159376)


--- trunk/Source/_javascript_Core/_javascript_Core.vcxproj/_javascript_Core.vcxproj	2013-11-16 01:32:38 UTC (rev 159375)
+++ trunk/Source/_javascript_Core/_javascript_Core.vcxproj/_javascript_Core.vcxproj	2013-11-16 03:25:45 UTC (rev 159376)
@@ -1310,15 +1310,11 @@
   <ItemGroup>
     <MASM Include="..\jit\JITStubsMSVC64.asm">
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release_WinCairo|Win32'">true</ExcludedFromBuild>
-      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release_WinCairo|x64'">true</ExcludedFromBuild>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>
-      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Production|Win32'">true</ExcludedFromBuild>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Production|x64'">true</ExcludedFromBuild>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug_WinCairo|Win32'">true</ExcludedFromBuild>
-      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug_WinCairo|x64'">true</ExcludedFromBuild>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
-      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DebugSuffix|Win32'">true</ExcludedFromBuild>
       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DebugSuffix|x64'">true</ExcludedFromBuild>
     </MASM>

Modified: trunk/Source/_javascript_Core/jit/CCallHelpers.h (159375 => 159376)


--- trunk/Source/_javascript_Core/jit/CCallHelpers.h	2013-11-16 01:32:38 UTC (rev 159375)
+++ trunk/Source/_javascript_Core/jit/CCallHelpers.h	2013-11-16 03:25:45 UTC (rev 159376)
@@ -730,7 +730,7 @@
         setupThreeStubArgsGPR<GPRInfo::argumentGPR1, GPRInfo::argumentGPR2, GPRInfo::argumentGPR3>(arg1, arg2, arg3);
     }
 
-#if CPU(MIPS)
+#if CPU(MIPS) || (OS(WINDOWS) && CPU(X86_64))
 #define POKE_ARGUMENT_OFFSET 4
 #else
 #define POKE_ARGUMENT_OFFSET 0
@@ -1486,6 +1486,14 @@
         poke(arg4, POKE_ARGUMENT_OFFSET);
         setupArgumentsWithExecState(arg1, arg2, arg3);
     }
+
+    ALWAYS_INLINE void setupArguments(GPRReg arg1, GPRReg arg2, TrustedImmPtr arg3, TrustedImm32 arg4, GPRReg arg5)
+    {
+        poke(arg5, POKE_ARGUMENT_OFFSET);
+        setupTwoStubArgsGPR<GPRInfo::argumentGPR0, GPRInfo::argumentGPR1>(arg1, arg2);
+        move(arg3, GPRInfo::argumentGPR2);
+        move(arg4, GPRInfo::argumentGPR3);
+    }
 #endif // NUMBER_OF_ARGUMENT_REGISTERS == 4
 
 #if NUMBER_OF_ARGUMENT_REGISTERS >= 5

Modified: trunk/Source/_javascript_Core/jit/JITStubsMSVC64.asm (159375 => 159376)


--- trunk/Source/_javascript_Core/jit/JITStubsMSVC64.asm	2013-11-16 01:32:38 UTC (rev 159375)
+++ trunk/Source/_javascript_Core/jit/JITStubsMSVC64.asm	2013-11-16 03:25:45 UTC (rev 159376)
@@ -32,7 +32,7 @@
 _TEXT   SEGMENT
 
 callToJavaScript PROC
-    mov r10, qword ptr[sp]
+    mov r10, qword ptr[rsp]
     push rbp
     mov rax, rbp ; Save previous frame pointer
     mov rbp, rsp
@@ -41,6 +41,8 @@
     push r14
     push r15
     push rbx
+    push rsi
+    push rdi
 
     ; JIT operations can use up to 6 args (4 in registers and 2 on the stack).
     ; In addition, X86_64 ABI specifies that the worse case stack alignment
@@ -55,6 +57,8 @@
     mov r15, 0FFFF000000000002h
     call rcx
     add rsp, 28h
+    pop rdi
+    pop rsi
     pop rbx
     pop r15
     pop r14
@@ -66,6 +70,8 @@
 
 returnFromJavaScript PROC
     add rsp, 28h
+    pop rdi
+    pop rsi
     pop rbx
     pop r15
     pop r14
@@ -76,8 +82,8 @@
 returnFromJavaScript ENDP
 	
 getHostCallReturnValue PROC
-    sub r13, 40
-    mov r13, rdi
+    mov rbp, [rbp] ; CallFrame
+    mov rcx, rbp ; rcx is first argument register on Windows
     jmp getHostCallReturnValueWithExecState
 getHostCallReturnValue ENDP

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes