[webkit-changes] [161439] branches/jsCStack/Source/JavaScriptCore

Tue, 07 Jan 2014 11:27:43 -0800

Title: [161439] branches/jsCStack/Source/_javascript_Core
Revision
161439
Author
msab...@apple.com
Date
2014-01-07 11:30:34 -0800 (Tue, 07 Jan 2014)

Log Message

CStack Branch: ARM64 Crash running ecma/FunctionObjects/15.3.1.1-3.js
https://bugs.webkit.org/show_bug.cgi?id=126585

Reviewed by Geoffrey Garen.

We were improperly using a shifted add/subtract for operations with the stack
pointer as the destination.  Broadened the cases where we use the extended
register version of add/subtract to include when the destination is the
stack pointer.  In the ARM64 documentation, the immediate and extended register
forms of add and subtract are the right variants to manipulate the stack pointer.

* assembler/ARM64Assembler.h:
(JSC::ARM64Assembler::add):
(JSC::ARM64Assembler::sub):

Modified Paths

Diff

Modified: branches/jsCStack/Source/_javascript_Core/ChangeLog (161438 => 161439)


--- branches/jsCStack/Source/_javascript_Core/ChangeLog	2014-01-07 19:14:59 UTC (rev 161438)
+++ branches/jsCStack/Source/_javascript_Core/ChangeLog	2014-01-07 19:30:34 UTC (rev 161439)
@@ -1,3 +1,20 @@
+2014-01-07  Michael Saboff  <msab...@apple.com>
+
+        CStack Branch: ARM64 Crash running ecma/FunctionObjects/15.3.1.1-3.js
+        https://bugs.webkit.org/show_bug.cgi?id=126585
+
+        Reviewed by Geoffrey Garen.
+
+        We were improperly using a shifted add/subtract for operations with the stack
+        pointer as the destination.  Broadened the cases where we use the extended
+        register version of add/subtract to include when the destination is the
+        stack pointer.  In the ARM64 documentation, the immediate and extended register
+        forms of add and subtract are the right variants to manipulate the stack pointer.
+
+        * assembler/ARM64Assembler.h:
+        (JSC::ARM64Assembler::add):
+        (JSC::ARM64Assembler::sub):
+
 2014-01-07  Filip Pizlo  <fpi...@apple.com>
 
         Merge trunk r161411.

Modified: branches/jsCStack/Source/_javascript_Core/assembler/ARM64Assembler.h (161438 => 161439)


--- branches/jsCStack/Source/_javascript_Core/assembler/ARM64Assembler.h	2014-01-07 19:14:59 UTC (rev 161438)
+++ branches/jsCStack/Source/_javascript_Core/assembler/ARM64Assembler.h	2014-01-07 19:30:34 UTC (rev 161439)
@@ -929,8 +929,9 @@
     ALWAYS_INLINE void add(RegisterID rd, RegisterID rn, RegisterID rm, ShiftType shift, int amount)
     {
         CHECK_DATASIZE();
-        if (isSp(rn)) {
+        if (isSp(rd) || isSp(rn)) {
             ASSERT(shift == LSL);
+            ASSERT(!isSp(rm));
             add<datasize, setFlags>(rd, rn, rm, UXTX, amount);
         } else
             insn(addSubtractShiftedRegister(DATASIZE, AddOp_ADD, setFlags, shift, rm, amount, rn, rd));
@@ -1962,8 +1963,9 @@
     ALWAYS_INLINE void sub(RegisterID rd, RegisterID rn, RegisterID rm, ShiftType shift, int amount)
     {
         CHECK_DATASIZE();
-        if (isSp(rn)) {
+        if (isSp(rd) || isSp(rn)) {
             ASSERT(shift == LSL);
+            ASSERT(!isSp(rm));
             sub<datasize, setFlags>(rd, rn, rm, UXTX, amount);
         } else
             insn(addSubtractShiftedRegister(DATASIZE, AddOp_SUB, setFlags, shift, rm, amount, rn, rd));

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to