[webkit-changes] [175058] trunk/Source/JavaScriptCore

[msaboff]

Title: [175058] trunk/Source/_javascript_Core

Revision

175058

Author

msab...@apple.com

Date

2014-10-22 11:59:04 -0700 (Wed, 22 Oct 2014)

Log Message

REGRESSION(r174996): Broke C_LOOP
https://bugs.webkit.org/show_bug.cgi?id=137971

Reviewed by Mark Lam.

Removed incorrect move to cfr (CallFrameRegister) before we make the call to a native function.
After r174996, the source register for the move contained garbage causing the crash.  The move
to cfr before making the call to the native function is wrong and should have been removed
some time ago.  This brings the ARM64 / C_LOOP code path inline with the other CPU paths.
Tested on ARM64 as well as a C_LOOP build.

* llint/LowLevelInterpreter64.asm:

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (175057 => 175058)

--- trunk/Source/_javascript_Core/ChangeLog	2014-10-22 17:50:23 UTC (rev 175057)
+++ trunk/Source/_javascript_Core/ChangeLog	2014-10-22 18:59:04 UTC (rev 175058)
@@ -1,3 +1,18 @@
+2014-10-22  Michael Saboff  <msab...@apple.com>
+
+        REGRESSION(r174996): Broke C_LOOP
+        https://bugs.webkit.org/show_bug.cgi?id=137971
+
+        Reviewed by Mark Lam.
+
+        Removed incorrect move to cfr (CallFrameRegister) before we make the call to a native function.
+        After r174996, the source register for the move contained garbage causing the crash.  The move
+        to cfr before making the call to the native function is wrong and should have been removed
+        some time ago.  This brings the ARM64 / C_LOOP code path inline with the other CPU paths.
+        Tested on ARM64 as well as a C_LOOP build.
+
+        * llint/LowLevelInterpreter64.asm:
+
 2014-10-21  Mark Lam  <mark....@apple.com>
 
         Remove erroneous canUseJIT() in the intrinsics version of JITThunks::hostFunctionStub().

Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm (175057 => 175058)

--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm	2014-10-22 17:50:23 UTC (rev 175057)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm	2014-10-22 18:59:04 UTC (rev 175058)
@@ -1951,7 +1951,6 @@
         move cfr, t0
         loadp Callee[cfr], t1
         loadp JSFunction::m_executable[t1], t1
-        move t2, cfr # Restore cfr to avoid loading from stack
         if C_LOOP
             cloopCallNative executableOffsetToFunction[t1]
         else

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes