Log Message
https://bugs.webkit.org/show_bug.cgi?id=74005 fix unaligned access memory in generatePatternCharacterOnce function for SH4 platforms.
Patch by Thouraya ANDOLSI <thouraya.ando...@st.com> on 2011-12-08 Reviewed by Gavin Barraclough. * assembler/MacroAssemblerARM.h: (JSC::MacroAssemblerARM::load16Unaligned): * assembler/MacroAssemblerARMv7.h: (JSC::MacroAssemblerARMv7::load16Unaligned): * assembler/MacroAssemblerMIPS.h: (JSC::MacroAssemblerMIPS::load16Unaligned): * assembler/MacroAssemblerSH4.h: (JSC::MacroAssemblerSH4::lshift32): (JSC::MacroAssemblerSH4::load8): (JSC::MacroAssemblerSH4::load16): (JSC::MacroAssemblerSH4::load16Unaligned): (JSC::MacroAssemblerSH4::branch8): * assembler/MacroAssemblerX86Common.h: (JSC::MacroAssemblerX86Common::load16Unaligned): * jit/JIT.h: * yarr/YarrJIT.cpp: (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
Modified Paths
- trunk/Source/_javascript_Core/ChangeLog
- trunk/Source/_javascript_Core/assembler/MacroAssemblerARM.h
- trunk/Source/_javascript_Core/assembler/MacroAssemblerARMv7.h
- trunk/Source/_javascript_Core/assembler/MacroAssemblerMIPS.h
- trunk/Source/_javascript_Core/assembler/MacroAssemblerSH4.h
- trunk/Source/_javascript_Core/assembler/MacroAssemblerX86Common.h
- trunk/Source/_javascript_Core/yarr/YarrJIT.cpp
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (102388 => 102389)
--- trunk/Source/_javascript_Core/ChangeLog 2011-12-08 23:06:15 UTC (rev 102388)
+++ trunk/Source/_javascript_Core/ChangeLog 2011-12-08 23:16:54 UTC (rev 102389)
@@ -1,3 +1,29 @@
+2011-12-08 Thouraya ANDOLSI <thouraya.ando...@st.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=74005
+ fix unaligned access memory in generatePatternCharacterOnce function
+ for SH4 platforms.
+
+ Reviewed by Gavin Barraclough.
+
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::load16Unaligned):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::load16Unaligned):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::load16Unaligned):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::lshift32):
+ (JSC::MacroAssemblerSH4::load8):
+ (JSC::MacroAssemblerSH4::load16):
+ (JSC::MacroAssemblerSH4::load16Unaligned):
+ (JSC::MacroAssemblerSH4::branch8):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::load16Unaligned):
+ * jit/JIT.h:
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
+
2011-12-08 Michael Saboff <msab...@apple.com>
Add 8 bit paths for StringTypeAdapter classes
Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerARM.h (102388 => 102389)
--- trunk/Source/_javascript_Core/assembler/MacroAssemblerARM.h 2011-12-08 23:06:15 UTC (rev 102388)
+++ trunk/Source/_javascript_Core/assembler/MacroAssemblerARM.h 2011-12-08 23:16:54 UTC (rev 102389)
@@ -282,6 +282,11 @@
}
#endif
+ void load16Unaligned(BaseIndex address, RegisterID dest)
+ {
+ load16(address, dest);
+ }
+
DataLabel32 load32WithAddressOffsetPatch(Address address, RegisterID dest)
{
DataLabel32 dataLabel(this);
Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerARMv7.h (102388 => 102389)
--- trunk/Source/_javascript_Core/assembler/MacroAssemblerARMv7.h 2011-12-08 23:06:15 UTC (rev 102388)
+++ trunk/Source/_javascript_Core/assembler/MacroAssemblerARMv7.h 2011-12-08 23:16:54 UTC (rev 102389)
@@ -575,6 +575,11 @@
load32(setupArmAddress(address), dest);
}
+ void load16Unaligned(BaseIndex address, RegisterID dest)
+ {
+ load16(setupArmAddress(address), dest);
+ }
+
void load32(const void* address, RegisterID dest)
{
move(TrustedImmPtr(address), addressTempRegister);
Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerMIPS.h (102388 => 102389)
--- trunk/Source/_javascript_Core/assembler/MacroAssemblerMIPS.h 2011-12-08 23:06:15 UTC (rev 102388)
+++ trunk/Source/_javascript_Core/assembler/MacroAssemblerMIPS.h 2011-12-08 23:16:54 UTC (rev 102389)
@@ -576,6 +576,11 @@
}
}
+ void load16Unaligned(BaseIndex address, RegisterID dest)
+ {
+ load16(address, dest);
+ }
+
void load32WithUnalignedHalfWords(BaseIndex address, RegisterID dest)
{
if (address.offset >= -32768 && address.offset <= 32764
Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerSH4.h (102388 => 102389)
--- trunk/Source/_javascript_Core/assembler/MacroAssemblerSH4.h 2011-12-08 23:06:15 UTC (rev 102388)
+++ trunk/Source/_javascript_Core/assembler/MacroAssemblerSH4.h 2011-12-08 23:16:54 UTC (rev 102389)
@@ -158,6 +158,14 @@
void lshift32(RegisterID shiftamount, RegisterID dest)
{
+ if (shiftamount == SH4Registers::r0)
+ m_assembler.andlImm8r(0x1f, shiftamount);
+ else {
+ RegisterID scr = claimScratch();
+ m_assembler.loadConstant(0x1f, scr);
+ m_assembler.andlRegReg(scr, shiftamount);
+ releaseScratch(scr);
+ }
m_assembler.shllRegReg(dest, shiftamount);
}
@@ -171,13 +179,16 @@
void lshift32(TrustedImm32 imm, RegisterID dest)
{
+ if (!imm.m_value)
+ return;
+
if ((imm.m_value == 1) || (imm.m_value == 2) || (imm.m_value == 8) || (imm.m_value == 16)) {
m_assembler.shllImm8r(imm.m_value, dest);
return;
}
RegisterID scr = claimScratch();
- m_assembler.loadConstant(imm.m_value, scr);
+ m_assembler.loadConstant((imm.m_value & 0x1f) , scr);
m_assembler.shllRegReg(dest, scr);
releaseScratch(scr);
}
@@ -235,9 +246,14 @@
void rshift32(RegisterID shiftamount, RegisterID dest)
{
- compare32(32, shiftamount, Equal);
- m_assembler.ensureSpace(m_assembler.maxInstructionSize + 4);
- m_assembler.branch(BT_OPCODE, 1);
+ if (shiftamount == SH4Registers::r0)
+ m_assembler.andlImm8r(0x1f, shiftamount);
+ else {
+ RegisterID scr = claimScratch();
+ m_assembler.loadConstant(0x1f, scr);
+ m_assembler.andlRegReg(scr, shiftamount);
+ releaseScratch(scr);
+ }
m_assembler.neg(shiftamount, shiftamount);
m_assembler.shaRegReg(dest, shiftamount);
}
@@ -582,11 +598,13 @@
{
if (!offset) {
m_assembler.movbMemReg(base, dest);
+ m_assembler.extub(dest, dest);
return;
}
if ((offset > 0) && (offset < 64) && (dest == SH4Registers::r0)) {
m_assembler.movbMemReg(offset, base, dest);
+ m_assembler.extub(dest, dest);
return;
}
@@ -594,6 +612,7 @@
m_assembler.loadConstant((offset), dest);
m_assembler.addlRegReg(base, dest);
m_assembler.movbMemReg(dest, dest);
+ m_assembler.extub(dest, dest);
return;
}
@@ -601,6 +620,7 @@
m_assembler.loadConstant((offset), scr);
m_assembler.addlRegReg(base, scr);
m_assembler.movbMemReg(scr, dest);
+ m_assembler.extub(dest, dest);
releaseScratch(scr);
}
@@ -619,11 +639,13 @@
{
if (!address.offset) {
m_assembler.movwMemReg(address.base, dest);
+ extuw(dest, dest);
return;
}
if ((address.offset > 0) && (address.offset < 64) && (dest == SH4Registers::r0)) {
m_assembler.movwMemReg(address.offset, address.base, dest);
+ extuw(dest, dest);
return;
}
@@ -631,6 +653,7 @@
m_assembler.loadConstant((address.offset), dest);
m_assembler.addlRegReg(address.base, dest);
m_assembler.movwMemReg(dest, dest);
+ extuw(dest, dest);
return;
}
@@ -638,18 +661,45 @@
m_assembler.loadConstant((address.offset), scr);
m_assembler.addlRegReg(address.base, scr);
m_assembler.movwMemReg(scr, dest);
+ extuw(dest, dest);
releaseScratch(scr);
}
+ void load16Unaligned(BaseIndex address, RegisterID dest)
+ {
+
+ RegisterID scr = claimScratch();
+ RegisterID scr1 = claimScratch();
+
+ move(address.index, scr);
+ lshift32(TrustedImm32(address.scale), scr);
+
+ if (address.offset)
+ add32(TrustedImm32(address.offset), scr);
+
+ add32(address.base, scr);
+ load8(scr, scr1);
+ add32(TrustedImm32(1), scr);
+ load8(scr, dest);
+ move(TrustedImm32(8), scr);
+ m_assembler.shllRegReg(dest, scr);
+ or32(scr1, dest);
+
+ releaseScratch(scr);
+ releaseScratch(scr1);
+ }
+
void load16(RegisterID src, RegisterID dest)
{
m_assembler.movwMemReg(src, dest);
+ extuw(dest, dest);
}
void load16(RegisterID r0, RegisterID src, RegisterID dest)
{
ASSERT(r0 == SH4Registers::r0);
m_assembler.movwR0mr(src, dest);
+ extuw(dest, dest);
}
void load16(BaseIndex address, RegisterID dest)
@@ -661,14 +711,13 @@
if (address.offset)
add32(TrustedImm32(address.offset), scr);
- if (scr == SH4Registers::r0)
- m_assembler.movwR0mr(address.base, scr);
+ if (address.base == SH4Registers::r0)
+ load16(address.base, scr, dest);
else {
add32(address.base, scr);
- load16(scr, scr);
+ load16(scr, dest);
}
- extuw(scr, dest);
releaseScratch(scr);
}
@@ -1229,7 +1278,8 @@
void move(RegisterID src, RegisterID dest)
{
- m_assembler.movlRegReg(src, dest);
+ if (src != dest)
+ m_assembler.movlRegReg(src, dest);
}
void move(TrustedImmPtr imm, RegisterID dest)
@@ -1386,7 +1436,6 @@
add32(TrustedImm32(left.offset), scr);
add32(left.base, scr);
load8(scr, scr);
- m_assembler.extub(scr, scr);
RegisterID scr1 = claimScratch();
m_assembler.loadConstant(right.m_value, scr1);
releaseScratch(scr);
@@ -1639,9 +1688,14 @@
void urshift32(RegisterID shiftamount, RegisterID dest)
{
- compare32(32, shiftamount, Equal);
- m_assembler.ensureSpace(m_assembler.maxInstructionSize + 4);
- m_assembler.branch(BT_OPCODE, 1);
+ if (shiftamount == SH4Registers::r0)
+ m_assembler.andlImm8r(0x1f, shiftamount);
+ else {
+ RegisterID scr = claimScratch();
+ m_assembler.loadConstant(0x1f, scr);
+ m_assembler.andlRegReg(scr, shiftamount);
+ releaseScratch(scr);
+ }
m_assembler.neg(shiftamount, shiftamount);
m_assembler.shllRegReg(dest, shiftamount);
}
@@ -1649,7 +1703,7 @@
void urshift32(TrustedImm32 imm, RegisterID dest)
{
RegisterID scr = claimScratch();
- m_assembler.loadConstant(-(imm.m_value), scr);
+ m_assembler.loadConstant(-(imm.m_value & 0x1f), scr);
m_assembler.shaRegReg(dest, scr);
releaseScratch(scr);
}
Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerX86Common.h (102388 => 102389)
--- trunk/Source/_javascript_Core/assembler/MacroAssemblerX86Common.h 2011-12-08 23:06:15 UTC (rev 102388)
+++ trunk/Source/_javascript_Core/assembler/MacroAssemblerX86Common.h 2011-12-08 23:16:54 UTC (rev 102389)
@@ -446,6 +446,11 @@
load32(address, dest);
}
+ void load16Unaligned(BaseIndex address, RegisterID dest)
+ {
+ load16(address, dest);
+ }
+
DataLabel32 load32WithAddressOffsetPatch(Address address, RegisterID dest)
{
m_assembler.movl_mr_disp32(address.offset, address.base, dest);
Modified: trunk/Source/_javascript_Core/yarr/YarrJIT.cpp (102388 => 102389)
--- trunk/Source/_javascript_Core/yarr/YarrJIT.cpp 2011-12-08 23:06:15 UTC (rev 102388)
+++ trunk/Source/_javascript_Core/yarr/YarrJIT.cpp 2011-12-08 23:16:54 UTC (rev 102389)
@@ -699,7 +699,7 @@
if (m_charSize == Char8) {
BaseIndex address(input, index, TimesOne, (term->inputPosition - m_checked) * sizeof(char));
- load16(address, character);
+ load16Unaligned(address, character);
} else {
BaseIndex address(input, index, TimesTwo, (term->inputPosition - m_checked) * sizeof(UChar));
load32WithUnalignedHalfWords(address, character);
_______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
