I've gotten the MIPS port up to where it can compile and execute through about
9 functions of a testcase before it crashes.
The reason for the crash appears to be related to op_put_by_id. When this
opcode is compiled, the JIT executes:
void JIT::compilePutByIdSlowCase(int baseVReg, Identifier* ident, int,
Vector<SlowCaseEntry>::iterator& iter, unsigned propertyAccessInstructionIndex)
{
linkSlowCaseIfNotJSCell(iter, baseVReg);
linkSlowCase(iter);
emitPutJITStubArgConstant(ident, 2);
emitPutJITStubArg(regT0, 1);
emitPutJITStubArg(regT1, 3);
Call call = emitCTICall(JITStubs::cti_op_put_by_id);
// Track the location of the call; this will be used to recover patch
information.
m_propertyAccessCompilationInfo[propertyAccessInstructionIndex].callReturnLocation
= call;
}
When the code is initially generated, it generates a call to address 0x6a2294
(JIT::cti_op_put_by_id) which is correct. Later on, something modifies the
instruction to call address 0x6a26dc instead, which causes an infinite loop.
What is the purpose of dynamically modifying this call instruction?
Toshi
_______________________________________________
webkit-dev mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
