Attachment #270994 for bug #154064

View Details Raw Unified Return to Bug 154064

| Differences between



2016-02-10  Csaba Osztrogonác  <ossy@webkit.org>

        REGRESSION(r196331): It made ~180 JSC tests crash on ARMv7 Linux
        https://bugs.webkit.org/show_bug.cgi?id=154064

        Reviewed by NOBODY (OOPS!).

        * bytecode/PolymorphicAccess.cpp:
        (JSC::AccessCase::generate): Added EABI_32BIT_DUMMY_ARG where it is necessary.
        * dfg/DFGSpeculativeJIT.h: Fixed the comment.
        * jit/CCallHelpers.h:
        (JSC::CCallHelpers::setupArgumentsWithExecState): Added.
        * wasm/WASMFunctionCompiler.h: Fixed the comment.

2016-02-09  Keith Miller  <keith_miller@apple.com>

        calling methods off super in a class constructor should check for TDZ



    generate(state);
}

// EncodedJSValue in JSVALUE32_64 is a 64-bit integer. When being compiled in ARM EABI, it must be aligned on an even-numbered register (r0, r2 or [sp]).
// To prevent the assembler from using wrong registers, let's occupy r1 or r3 with a dummy argument when necessary.
#if (COMPILER_SUPPORTS(EABI) && CPU(ARM)) || CPU(MIPS)
#define EABI_32BIT_DUMMY_ARG      CCallHelpers::TrustedImm32(0),
#else
#define EABI_32BIT_DUMMY_ARG
#endif

void AccessCase::generate(AccessGenerationState& state)
{
    if (verbose)

#else
            if (m_type == CustomValueGetter || m_type == CustomAccessorGetter) {
                jit.setupArgumentsWithExecState(
                    EABI_32BIT_DUMMY_ARG baseForCustomValue,
                    CCallHelpers::TrustedImm32(JSValue::CellTag),
                    CCallHelpers::TrustedImmPtr(ident.impl()));
            } else {
                jit.setupArgumentsWithExecState(
                    EABI_32BIT_DUMMY_ARG baseForCustomValue,
                    CCallHelpers::TrustedImm32(JSValue::CellTag),
                    valueRegs.payloadGPR(), valueRegs.tagGPR());
            }



    }
#else // USE(JSVALUE32_64)

// EncodedJSValue in JSVALUE32_64 is a 64-bit integer. When being compiled in ARM EABI, it must be aligned on an even-numbered register (r0, r2 or [sp]).
// To prevent the assembler from using wrong registers, let's occupy r1 or r3 with a dummy argument when necessary.
#if (COMPILER_SUPPORTS(EABI) && CPU(ARM)) || CPU(MIPS)
#define EABI_32BIT_DUMMY_ARG      TrustedImm32(0),
#else

Lines 1729-1734 public: a/Source/JavaScriptCore/jit/CCallHelpers.h_sec1
- a/Source/JavaScriptCore/jit/CCallHelpers.h +7 lines
1729	setupArgumentsWithExecState(arg1, arg2, arg3);	1729	setupArgumentsWithExecState(arg1, arg2, arg3);
1730	}	1730	}
1731		1731
		1732	ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImm32 arg1, GPRReg arg2, TrustedImm32 arg3, GPRReg arg4, GPRReg arg5)
		1733	{
		1734	poke(arg5, POKE_ARGUMENT_OFFSET + 1);
		1735	poke(arg4, POKE_ARGUMENT_OFFSET);
		1736	setupArgumentsWithExecState(arg1, arg2, arg3);
		1737	}
		1738
1732	ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImm32 arg1, TrustedImmPtr arg2, GPRReg arg3, GPRReg arg4)	1739	ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImm32 arg1, TrustedImmPtr arg2, GPRReg arg3, GPRReg arg4)
1733	{	1740	{
1734	poke(arg4, POKE_ARGUMENT_OFFSET);	1741	poke(arg4, POKE_ARGUMENT_OFFSET);



        appendCallSetResult(operation, dst, FloatingPointPrecision::Double);
    }
#else
// EncodedJSValue in JSVALUE32_64 is a 64-bit integer. When being compiled in ARM EABI, it must be aligned on an even-numbered register (r0, r2 or [sp]).
// To prevent the assembler from using wrong registers, let's occupy r1 or r3 with a dummy argument when necessary.
#if (COMPILER_SUPPORTS(EABI) && CPU(ARM)) || CPU(MIPS)
#define EABI_32BIT_DUMMY_ARG      TrustedImm32(0),
#else

Return to Bug 154064

Lines 461-466 void AccessCase::generateWithGuard( a/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp_sec1
- a/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp -2 / +10 lines
461	generate(state);	461	generate(state);
462	}	462	}
463		463
		464	// EncodedJSValue in JSVALUE32_64 is a 64-bit integer. When being compiled in ARM EABI, it must be aligned on an even-numbered register (r0, r2 or [sp]).
		465	// To prevent the assembler from using wrong registers, let's occupy r1 or r3 with a dummy argument when necessary.
		466	#if (COMPILER_SUPPORTS(EABI) && CPU(ARM)) \|\| CPU(MIPS)
		467	#define EABI_32BIT_DUMMY_ARG CCallHelpers::TrustedImm32(0),
		468	#else
		469	#define EABI_32BIT_DUMMY_ARG
		470	#endif
		471
464	void AccessCase::generate(AccessGenerationState& state)	472	void AccessCase::generate(AccessGenerationState& state)
465	{	473	{
466	if (verbose)	474	if (verbose)
Lines 766-777 void AccessCase::generate(AccessGenerationState& state) a/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp_sec2
766	#else	774	#else
767	if (m_type == CustomValueGetter \|\| m_type == CustomAccessorGetter) {	775	if (m_type == CustomValueGetter \|\| m_type == CustomAccessorGetter) {
768	jit.setupArgumentsWithExecState(	776	jit.setupArgumentsWithExecState(
769	baseForCustomValue,	777	EABI_32BIT_DUMMY_ARG baseForCustomValue,
770	CCallHelpers::TrustedImm32(JSValue::CellTag),	778	CCallHelpers::TrustedImm32(JSValue::CellTag),
771	CCallHelpers::TrustedImmPtr(ident.impl()));	779	CCallHelpers::TrustedImmPtr(ident.impl()));
772	} else {	780	} else {
773	jit.setupArgumentsWithExecState(	781	jit.setupArgumentsWithExecState(
774	baseForCustomValue,	782	EABI_32BIT_DUMMY_ARG baseForCustomValue,
775	CCallHelpers::TrustedImm32(JSValue::CellTag),	783	CCallHelpers::TrustedImm32(JSValue::CellTag),
776	valueRegs.payloadGPR(), valueRegs.tagGPR());	784	valueRegs.payloadGPR(), valueRegs.tagGPR());
777	}	785	}

Lines 1549-1556 public: a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h_sec1
- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h -2 / +2 lines
1549	}	1549	}
1550	#else // USE(JSVALUE32_64)	1550	#else // USE(JSVALUE32_64)
1551		1551
1552	// EncodedJSValue in JSVALUE32_64 is a 64-bit integer. When being compiled in ARM EABI, it must be aligned even-numbered register (r0, r2 or [sp]).	1552	// EncodedJSValue in JSVALUE32_64 is a 64-bit integer. When being compiled in ARM EABI, it must be aligned on an even-numbered register (r0, r2 or [sp]).
1553	// To avoid assemblies from using wrong registers, let's occupy r1 or r3 with a dummy argument when necessary.	1553	// To prevent the assembler from using wrong registers, let's occupy r1 or r3 with a dummy argument when necessary.
1554	#if (COMPILER_SUPPORTS(EABI) && CPU(ARM)) \|\| CPU(MIPS)	1554	#if (COMPILER_SUPPORTS(EABI) && CPU(ARM)) \|\| CPU(MIPS)
1555	#define EABI_32BIT_DUMMY_ARG TrustedImm32(0),	1555	#define EABI_32BIT_DUMMY_ARG TrustedImm32(0),
1556	#else	1556	#else

Lines 1287-1294 private: a/Source/JavaScriptCore/wasm/WASMFunctionCompiler.h_sec1
- a/Source/JavaScriptCore/wasm/WASMFunctionCompiler.h -2 / +2 lines
1287	appendCallSetResult(operation, dst, FloatingPointPrecision::Double);	1287	appendCallSetResult(operation, dst, FloatingPointPrecision::Double);
1288	}	1288	}
1289	#else	1289	#else
1290	// EncodedJSValue in JSVALUE32_64 is a 64-bit integer. When being compiled in ARM EABI, it must be aligned even-numbered register (r0, r2 or [sp]).	1290	// EncodedJSValue in JSVALUE32_64 is a 64-bit integer. When being compiled in ARM EABI, it must be aligned on an even-numbered register (r0, r2 or [sp]).
1291	// To avoid assemblies from using wrong registers, let's occupy r1 or r3 with a dummy argument when necessary.	1291	// To prevent the assembler from using wrong registers, let's occupy r1 or r3 with a dummy argument when necessary.
1292	#if (COMPILER_SUPPORTS(EABI) && CPU(ARM)) \|\| CPU(MIPS)	1292	#if (COMPILER_SUPPORTS(EABI) && CPU(ARM)) \|\| CPU(MIPS)
1293	#define EABI_32BIT_DUMMY_ARG TrustedImm32(0),	1293	#define EABI_32BIT_DUMMY_ARG TrustedImm32(0),
1294	#else	1294	#else

Lines 1-3 a/Source/JavaScriptCore/ChangeLog_sec1
- a/Source/JavaScriptCore/ChangeLog +14 lines
		1	2016-02-10 Csaba Osztrogonác <ossy@webkit.org>
		2
		3	REGRESSION(r196331): It made ~180 JSC tests crash on ARMv7 Linux
		4	https://bugs.webkit.org/show_bug.cgi?id=154064
		5
		6	Reviewed by NOBODY (OOPS!).
		7
		8	* bytecode/PolymorphicAccess.cpp:
		9	(JSC::AccessCase::generate): Added EABI_32BIT_DUMMY_ARG where it is necessary.
		10	* dfg/DFGSpeculativeJIT.h: Fixed the comment.
		11	* jit/CCallHelpers.h:
		12	(JSC::CCallHelpers::setupArgumentsWithExecState): Added.
		13	* wasm/WASMFunctionCompiler.h: Fixed the comment.
		14
1	2016-02-09 Keith Miller <keith_miller@apple.com>	15	2016-02-09 Keith Miller <keith_miller@apple.com>
2		16
3	calling methods off super in a class constructor should check for TDZ	17	calling methods off super in a class constructor should check for TDZ