Title: [226840] trunk/Source/_javascript_Core
- Revision
- 226840
- Author
- msab...@apple.com
- Date
- 2018-01-11 19:30:40 -0800 (Thu, 11 Jan 2018)
Log Message
REGRESSION(226788): AppStore Crashed @ _javascript_Core: JSC::MacroAssemblerARM64::pushToSaveImmediateWithoutTouchingRegisters
https://bugs.webkit.org/show_bug.cgi?id=181570
Reviewed by Keith Miller.
* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::abortWithReason):
Reverting these functions to use dataTempRegister and memoryTempRegister as they are
JIT release asserts that will crash the program.
(JSC::MacroAssemblerARM64::pushToSaveImmediateWithoutTouchingRegisters):
Changed this so that it invalidates any cached dataTmpRegister contents if temp register
caching is enabled.
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (226839 => 226840)
--- trunk/Source/_javascript_Core/ChangeLog 2018-01-12 03:16:52 UTC (rev 226839)
+++ trunk/Source/_javascript_Core/ChangeLog 2018-01-12 03:30:40 UTC (rev 226840)
@@ -1,3 +1,19 @@
+2018-01-11 Michael Saboff <msab...@apple.com>
+
+ REGRESSION(226788): AppStore Crashed @ _javascript_Core: JSC::MacroAssemblerARM64::pushToSaveImmediateWithoutTouchingRegisters
+ https://bugs.webkit.org/show_bug.cgi?id=181570
+
+ Reviewed by Keith Miller.
+
+ * assembler/MacroAssemblerARM64.h:
+ (JSC::MacroAssemblerARM64::abortWithReason):
+ Reverting these functions to use dataTempRegister and memoryTempRegister as they are
+ JIT release asserts that will crash the program.
+
+ (JSC::MacroAssemblerARM64::pushToSaveImmediateWithoutTouchingRegisters):
+ Changed this so that it invalidates any cached dataTmpRegister contents if temp register
+ caching is enabled.
+
2018-01-11 Filip Pizlo <fpi...@apple.com>
Rename MarkedAllocator to BlockDirectory and AllocatorAttributes to CellAttributes
Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64.h (226839 => 226840)
--- trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64.h 2018-01-12 03:16:52 UTC (rev 226839)
+++ trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64.h 2018-01-12 03:30:40 UTC (rev 226840)
@@ -1105,13 +1105,15 @@
void abortWithReason(AbortReason reason)
{
- move(TrustedImm32(reason), getCachedDataTempRegisterIDAndInvalidate());
+ // It is safe to use dataTempRegister directly since this is a crashing JIT Assert.
+ move(TrustedImm32(reason), dataTempRegister);
breakpoint();
}
void abortWithReason(AbortReason reason, intptr_t misc)
{
- move(TrustedImm64(misc), getCachedMemoryTempRegisterIDAndInvalidate());
+ // It is safe to use memoryTempRegister directly since this is a crashing JIT Assert.
+ move(TrustedImm64(misc), memoryTempRegister);
abortWithReason(reason);
}
@@ -2201,7 +2203,8 @@
void pushToSaveImmediateWithoutTouchingRegisters(TrustedImm32 imm)
{
- RegisterID reg = getCachedDataTempRegisterIDAndInvalidate();
+ // We invalidate any cached values in dataTempRegister if temp register caching is enabled.
+ RegisterID reg = m_allowScratchRegister ? getCachedDataTempRegisterIDAndInvalidate() : dataTempRegister;
pushPair(reg, reg);
move(imm, reg);
store64(reg, stackPointerRegister);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
