Skip to site navigation (Press enter)

[webkit-changes] [176151] trunk/Source/JavaScriptCore

benjamin Fri, 14 Nov 2014 18:32:24 -0800

Title: [176151] trunk/Source/_javascript_Core

Revision: 176151
Author: benja...@webkit.org
Date: 2014-11-14 18:31:28 -0800 (Fri, 14 Nov 2014)

Log Message

STRH can store values with the wrong offset
https://bugs.webkit.org/show_bug.cgi?id=138723


Patch by Benjamin Poulain <bpoul...@apple.com> on 2014-11-14
Reviewed by Michael Saboff.

This is the counterpart of r176083 for the str instruction.

I believe this code is currently unreachable because there is only one client of strh()
in the MacroAssembler and it always setup the scale explicitely.

* assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::strh):

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/assembler/ARMv7Assembler.h

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (176150 => 176151)


--- trunk/Source/_javascript_Core/ChangeLog	2014-11-15 01:58:52 UTC (rev 176150)
+++ trunk/Source/_javascript_Core/ChangeLog	2014-11-15 02:31:28 UTC (rev 176151)
@@ -1,3 +1,18 @@
+2014-11-14  Benjamin Poulain  <bpoul...@apple.com>
+
+        STRH can store values with the wrong offset
+        https://bugs.webkit.org/show_bug.cgi?id=138723
+
+        Reviewed by Michael Saboff.
+
+        This is the counterpart of r176083 for the str instruction.
+
+        I believe this code is currently unreachable because there is only one client of strh()
+        in the MacroAssembler and it always setup the scale explicitely.
+
+        * assembler/ARMv7Assembler.h:
+        (JSC::ARMv7Assembler::strh):
+
 2014-11-13  Mark Lam  <mark....@apple.com>
 
         Reduce amount of cut-and-paste needed for probe mechanism implementations.

Modified: trunk/Source/_javascript_Core/assembler/ARMv7Assembler.h (176150 => 176151)


--- trunk/Source/_javascript_Core/assembler/ARMv7Assembler.h	2014-11-15 01:58:52 UTC (rev 176150)
+++ trunk/Source/_javascript_Core/assembler/ARMv7Assembler.h	2014-11-15 02:31:28 UTC (rev 176151)
@@ -1648,8 +1648,8 @@
         ASSERT(rn != ARMRegisters::pc);
         ASSERT(imm.isUInt12());
         
-        if (!((rt | rn) & 8) && imm.isUInt7())
-            m_formatter.oneWordOp5Imm5Reg3Reg3(OP_STRH_imm_T1, imm.getUInt7() >> 2, rn, rt);
+        if (!((rt | rn) & 8) && imm.isUInt6())
+            m_formatter.oneWordOp5Imm5Reg3Reg3(OP_STRH_imm_T1, imm.getUInt6() >> 1, rn, rt);
         else
             m_formatter.twoWordOp12Reg4Reg4Imm12(OP_STRH_imm_T2, rn, rt, imm.getUInt12());
     }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes