Skip to site navigation (Press enter)

[webkit-changes] [153648] trunk/Source/JavaScriptCore

commit-queue Fri, 02 Aug 2013 07:59:03 -0700

Title: [153648] trunk/Source/_javascript_Core

Revision: 153648
Author: [email protected]
Date: 2013-08-02 07:59:27 -0700 (Fri, 02 Aug 2013)

Log Message

REGRESSION: ARM still crashes after change set r153612.
https://bugs.webkit.org/show_bug.cgi?id=119433


Patch by Julien Brianceau <[email protected]> on 2013-08-02
Reviewed by Michael Saboff.

Update call frame and do not restore registers from JIT stack frame in ARM and ARMv7
implementations of ctiVMThrowTrampolineSlowpath. This change is similar to r153583
for sh4 architecture.

* jit/JITStubsARM.h:
* jit/JITStubsARMv7.h:

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/jit/JITStubsARM.h
trunk/Source/_javascript_Core/jit/JITStubsARMv7.h

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (153647 => 153648)


--- trunk/Source/_javascript_Core/ChangeLog	2013-08-02 14:58:09 UTC (rev 153647)
+++ trunk/Source/_javascript_Core/ChangeLog	2013-08-02 14:59:27 UTC (rev 153648)
@@ -1,3 +1,17 @@
+2013-08-02  Julien Brianceau  <[email protected]>
+
+        REGRESSION: ARM still crashes after change set r153612.
+        https://bugs.webkit.org/show_bug.cgi?id=119433
+
+        Reviewed by Michael Saboff.
+
+        Update call frame and do not restore registers from JIT stack frame in ARM and ARMv7
+        implementations of ctiVMThrowTrampolineSlowpath. This change is similar to r153583
+        for sh4 architecture.
+
+        * jit/JITStubsARM.h:
+        * jit/JITStubsARMv7.h:
+
 2013-08-02  Michael Saboff  <[email protected]>
 
         REGRESSION(r153612): It made jsc and layout tests crash

Modified: trunk/Source/_javascript_Core/jit/JITStubsARM.h (153647 => 153648)


--- trunk/Source/_javascript_Core/jit/JITStubsARM.h	2013-08-02 14:58:09 UTC (rev 153647)
+++ trunk/Source/_javascript_Core/jit/JITStubsARM.h	2013-08-02 14:59:27 UTC (rev 153648)
@@ -204,11 +204,9 @@
 SYMBOL_STRING(ctiVMThrowTrampolineSlowpath) ":" "\n"
     "mov r0, r5" "\n"
     "bl " SYMBOL_STRING(cti_vm_throw_slowpath) "\n"
-     // When cti_vm_throw_slowpath returns, r0 has callFrame and r1 has handler address
-     "add sp, sp, #" STRINGIZE_VALUE_OF(PRESERVEDR4_OFFSET) "\n"
-     "ldmia sp!, {r4-r6, r8-r11, lr}" "\n"
-     "add sp, sp, #12" "\n"
-     "bx r1" "\n"
+    // When cti_vm_throw_slowpath returns, r0 has callFrame and r1 has handler address
+    "mov r5, r0" "\n"
+    "bx r1" "\n"
 );
 
 #if USE(MASM_PROBE)

Modified: trunk/Source/_javascript_Core/jit/JITStubsARMv7.h (153647 => 153648)


--- trunk/Source/_javascript_Core/jit/JITStubsARMv7.h	2013-08-02 14:58:09 UTC (rev 153647)
+++ trunk/Source/_javascript_Core/jit/JITStubsARMv7.h	2013-08-02 14:59:27 UTC (rev 153648)
@@ -277,17 +277,8 @@
 SYMBOL_STRING(ctiVMThrowTrampolineSlowpath) ":" "\n"
     "mov r0, r5" "\n"
     "bl " LOCAL_REFERENCE(cti_vm_throw_slowpath) "\n"
-     // When cti_vm_throw_slowpath returns, r0 has callFrame and r1 has handler address
-    "ldr r11, [sp, #" STRINGIZE_VALUE_OF(PRESERVED_R11_OFFSET) "]" "\n"
-    "ldr r10, [sp, #" STRINGIZE_VALUE_OF(PRESERVED_R10_OFFSET) "]" "\n"
-    "ldr r9, [sp, #" STRINGIZE_VALUE_OF(PRESERVED_R9_OFFSET) "]" "\n"
-    "ldr r8, [sp, #" STRINGIZE_VALUE_OF(PRESERVED_R8_OFFSET) "]" "\n"
-    "ldr r7, [sp, #" STRINGIZE_VALUE_OF(PRESERVED_R7_OFFSET) "]" "\n"
-    "ldr r6, [sp, #" STRINGIZE_VALUE_OF(PRESERVED_R6_OFFSET) "]" "\n"
-    "ldr r5, [sp, #" STRINGIZE_VALUE_OF(PRESERVED_R5_OFFSET) "]" "\n"
-    "ldr r4, [sp, #" STRINGIZE_VALUE_OF(PRESERVED_R4_OFFSET) "]" "\n"
-    "ldr lr, [sp, #" STRINGIZE_VALUE_OF(PRESERVED_RETURN_ADDRESS_OFFSET) "]" "\n"
-    "add sp, sp, #" STRINGIZE_VALUE_OF(FIRST_STACK_ARGUMENT) "\n"
+    // When cti_vm_throw_slowpath returns, r0 has callFrame and r1 has handler address
+    "mov r5, r0" "\n"
     "bx r1" "\n"
 );

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes