AssemblyHelpers::emitAllocateWithNonNullAllocator() crashes in the FTL on ARM64
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 24 Aug 2016 16:23:41 +0000 (16:23 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 24 Aug 2016 16:23:41 +0000 (16:23 +0000)
https://bugs.webkit.org/show_bug.cgi?id=161138
rdar://problem/27985868

Reviewed by Saam Barati.

The FTL expects that this method can be used with scratch registers disallowed, but it
uses addPtr(Addr, Reg).

The solution is to only use addPtr(Addr, Reg) on x86.

* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::emitAllocateWithNonNullAllocator):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@204897 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/jit/AssemblyHelpers.h

index 0aba48a..1d94130 100644 (file)
@@ -1,3 +1,19 @@
+2016-08-24  Filip Pizlo  <fpizlo@apple.com>
+
+        AssemblyHelpers::emitAllocateWithNonNullAllocator() crashes in the FTL on ARM64
+        https://bugs.webkit.org/show_bug.cgi?id=161138
+        rdar://problem/27985868
+
+        Reviewed by Saam Barati.
+        
+        The FTL expects that this method can be used with scratch registers disallowed, but it
+        uses addPtr(Addr, Reg).
+
+        The solution is to only use addPtr(Addr, Reg) on x86.
+
+        * jit/AssemblyHelpers.h:
+        (JSC::AssemblyHelpers::emitAllocateWithNonNullAllocator):
+
 2016-08-24  Skachkov Oleksandr  <gskachkov@gmail.com>
 
         [ES2016] Allow assignment in for-in head in not-strict mode
index 6d99637..4590a73 100644 (file)
@@ -1432,7 +1432,13 @@ public:
         }
         negPtr(resultGPR);
         store32(scratchGPR, Address(allocatorGPR, MarkedAllocator::offsetOfFreeList() + OBJECT_OFFSETOF(FreeList, remaining)));
-        addPtr(Address(allocatorGPR, MarkedAllocator::offsetOfFreeList() + OBJECT_OFFSETOF(FreeList, payloadEnd)), resultGPR);
+        Address payloadEndAddr = Address(allocatorGPR, MarkedAllocator::offsetOfFreeList() + OBJECT_OFFSETOF(FreeList, payloadEnd));
+        if (isX86())
+            addPtr(payloadEndAddr, resultGPR);
+        else {
+            loadPtr(payloadEndAddr, scratchGPR);
+            addPtr(scratchGPR, resultGPR);
+        }
         
         done = jump();