Title: [226869] branches/safari-605-branch/Source/_javascript_Core
Revision
226869
Author
jmarc...@apple.com
Date
2018-01-11 22:30:57 -0800 (Thu, 11 Jan 2018)

Log Message

Cherry-pick r226788. rdar://problem/36450828

Modified Paths

Diff

Modified: branches/safari-605-branch/Source/_javascript_Core/ChangeLog (226868 => 226869)


--- branches/safari-605-branch/Source/_javascript_Core/ChangeLog	2018-01-12 06:30:55 UTC (rev 226868)
+++ branches/safari-605-branch/Source/_javascript_Core/ChangeLog	2018-01-12 06:30:57 UTC (rev 226869)
@@ -1,5 +1,22 @@
 2018-01-11  Jason Marcell  <jmarc...@apple.com>
 
+        Cherry-pick r226788. rdar://problem/36450828
+
+    2018-01-11  Michael Saboff  <msab...@apple.com>
+
+            Ensure there are no unsafe uses of MacroAssemblerARM64::dataTempRegister
+            https://bugs.webkit.org/show_bug.cgi?id=181512
+
+            Reviewed by Saam Barati.
+
+            * assembler/MacroAssemblerARM64.h:
+            (JSC::MacroAssemblerARM64::abortWithReason):
+            (JSC::MacroAssemblerARM64::pushToSaveImmediateWithoutTouchingRegisters):
+            All current uses of dataTempRegister in these functions are safe, but it makes sense to
+            fix them in case they might be used elsewhere.
+
+2018-01-11  Jason Marcell  <jmarc...@apple.com>
+
         Cherry-pick r226778. rdar://problem/36450800
 
     2018-01-11  Michael Saboff  <msab...@apple.com>

Modified: branches/safari-605-branch/Source/_javascript_Core/assembler/MacroAssemblerARM64.h (226868 => 226869)


--- branches/safari-605-branch/Source/_javascript_Core/assembler/MacroAssemblerARM64.h	2018-01-12 06:30:55 UTC (rev 226868)
+++ branches/safari-605-branch/Source/_javascript_Core/assembler/MacroAssemblerARM64.h	2018-01-12 06:30:57 UTC (rev 226869)
@@ -1105,13 +1105,13 @@
 
     void abortWithReason(AbortReason reason)
     {
-        move(TrustedImm32(reason), dataTempRegister);
+        move(TrustedImm32(reason), getCachedDataTempRegisterIDAndInvalidate());
         breakpoint();
     }
 
     void abortWithReason(AbortReason reason, intptr_t misc)
     {
-        move(TrustedImm64(misc), memoryTempRegister);
+        move(TrustedImm64(misc), getCachedMemoryTempRegisterIDAndInvalidate());
         abortWithReason(reason);
     }
 
@@ -2201,7 +2201,7 @@
     
     void pushToSaveImmediateWithoutTouchingRegisters(TrustedImm32 imm)
     {
-        RegisterID reg = dataTempRegister;
+        RegisterID reg = getCachedDataTempRegisterIDAndInvalidate();
         pushPair(reg, reg);
         move(imm, reg);
         store64(reg, stackPointerRegister);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to