macro assembler code-pointer tagging has its arguments backwards
authorsbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 13 May 2019 21:34:43 +0000 (21:34 +0000)
committersbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 13 May 2019 21:34:43 +0000 (21:34 +0000)
commitf1f703ead81bed3b404bd565a73f6f7f0aca8025
treee82b2131e98aa4c53addc08bf1cd28f5aec27899
parentc25bca1af26bc6982d6f500567055331ef9f2463
macro assembler code-pointer tagging has its arguments backwards
https://bugs.webkit.org/show_bug.cgi?id=197677

Reviewed by Michael Saboff.

We had the destination as the leftmost instead of the rightmost argument,
which goes against the convention of how we order arguments in macro assembler
methods.

* assembler/MacroAssemblerARM64E.h:
(JSC::MacroAssemblerARM64E::tagReturnAddress):
(JSC::MacroAssemblerARM64E::untagReturnAddress):
(JSC::MacroAssemblerARM64E::tagPtr):
(JSC::MacroAssemblerARM64E::untagPtr):
* dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::reifyInlinedCallFrames):
* ftl/FTLThunks.cpp:
(JSC::FTL::genericGenerationThunkGenerator):
* jit/CCallHelpers.h:
(JSC::CCallHelpers::prepareForTailCallSlow):
* jit/CallFrameShuffler.cpp:
(JSC::CallFrameShuffler::prepareForTailCall):
* jit/ThunkGenerators.cpp:
(JSC::emitPointerValidation):
(JSC::arityFixupGenerator):
* wasm/js/WebAssemblyFunction.cpp:
(JSC::WebAssemblyFunction::jsCallEntrypointSlow):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@245251 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/assembler/AbstractMacroAssembler.h
Source/JavaScriptCore/assembler/MacroAssemblerARM64E.h
Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp
Source/JavaScriptCore/ftl/FTLThunks.cpp
Source/JavaScriptCore/jit/CCallHelpers.h
Source/JavaScriptCore/jit/CallFrameShuffler.cpp
Source/JavaScriptCore/jit/ThunkGenerators.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp