Context Navigation

← Previous Change
Next Change →

ARMv7Assembler.h

Timestamp:

Jul 2, 2010, 11:45:47 PM (15 years ago)

Author:

[email protected]

Message:

Bug 41565 - Repatching in ARMv7Assembler::repatchLoadPtrToLEA is broken

Reviewed by Oliver Hunt.

This method tried to repatch a LDR (T2) into an ADD (T3) - but it only
repatches the first instruction word. The layout of the fields in the
second word is different, and also needs repatching.

assembler/ARMv7Assembler.h:

(JSC::ARMv7Assembler::repatchLoadPtrToLEA):

File:

: 1 edited

trunk/JavaScriptCore/assembler/ARMv7Assembler.h (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/JavaScriptCore/assembler/ARMv7Assembler.h

-              r62419
+              r62437
+    {
         ASSERT(!(reinterpret_cast<intptr_t>(where) & 1));
         uint16_t* loadOp = reinterpret_cast<uint16_t*>(where) + 4;
+        ASSERT((*loadOp & 0xfff0) == OP_LDR_reg_T2);
+        *loadOp = OP_ADD_reg_T3 | (*loadOp & 0xf);
+        ExecutableAllocator::cacheFlush(loadOp, sizeof(uint16_t));
+        ASSERT((loadOp[0] & 0xfff0) == OP_LDR_reg_T2);
+        ASSERT((loadOp[1] & 0x0ff0) == 0);
+        int rn = loadOp[0] & 0xf;
+        int rt = loadOp[1] >> 12;
+        int rm = loadOp[1] & 0xf;
+        loadOp[0] = OP_ADD_reg_T3 | rn;
+        loadOp[1] = rt << 8 | rm;
+        ExecutableAllocator::cacheFlush(loadOp, sizeof(uint32_t));
+    }

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 62437 in webkit for trunk/JavaScriptCore/assembler/ARMv7Assembler.h

Legend:

trunk/JavaScriptCore/assembler/ARMv7Assembler.h

Download in other formats: