Context Navigation

← Previous Change
Next Change →

assembler

Timestamp:

Aug 20, 2013, 6:38:14 AM (12 years ago)

Author:

[email protected]

Message:

<https://webkit.org/b/120062> Missing ensureSpace call in sh4 baseline JIT.

Patch by Julien Brianceau <[email protected]> on 2013-08-20
Reviewed by Allan Sandfeld Jensen.

branchPtrWithPatch() of baseline JIT must ensure that space is available for its
instructions and two constants now DFG is enabled for sh4 architecture.
These missing ensureSpace calls lead to random crashes.

assembler/MacroAssemblerSH4.h:

(JSC::MacroAssemblerSH4::branchPtrWithPatch):

File:

: 1 edited

trunk/Source/JavaScriptCore/assembler/MacroAssemblerSH4.h (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/Source/JavaScriptCore/assembler/MacroAssemblerSH4.h

-              r154052
+              r154324
         RegisterID dataTempRegister = claimScratch();
+        m_assembler.ensureSpace(m_assembler.maxInstructionSize + 10, 2 * sizeof(uint32_t));
         dataLabel = moveWithPatch(initialRightValue, dataTempRegister);
         m_assembler.cmplRegReg(dataTempRegister, left, SH4Condition(cond));
 …
         m_assembler.movlMemReg(scr, scr);
         RegisterID scr1 = claimScratch();
+        m_assembler.ensureSpace(m_assembler.maxInstructionSize + 10, 2 * sizeof(uint32_t));
         dataLabel = moveWithPatch(initialRightValue, scr1);
         m_assembler.cmplRegReg(scr1, scr, SH4Condition(cond));

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 154324 in webkit for trunk/Source/JavaScriptCore/assembler

Legend:

trunk/Source/JavaScriptCore/assembler/MacroAssemblerSH4.h

Download in other formats: