REGRESSION(226788): AppStore Crashed @ JavaScriptCore: JSC::MacroAssemblerARM64:...
authormsaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 12 Jan 2018 03:30:40 +0000 (03:30 +0000)
committermsaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 12 Jan 2018 03:30:40 +0000 (03:30 +0000)
https://bugs.webkit.org/show_bug.cgi?id=181570

Reviewed by Keith Miller.

* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::abortWithReason):
Reverting these functions to use dataTempRegister and memoryTempRegister as they are
JIT release asserts that will crash the program.

(JSC::MacroAssemblerARM64::pushToSaveImmediateWithoutTouchingRegisters):
Changed this so that it invalidates any cached dataTmpRegister contents if temp register
caching is enabled.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226840 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/assembler/MacroAssemblerARM64.h

index e13e240..7d4c2f9 100644 (file)
@@ -1,3 +1,19 @@
+2018-01-11  Michael Saboff  <msaboff@apple.com>
+
+        REGRESSION(226788): AppStore Crashed @ JavaScriptCore: JSC::MacroAssemblerARM64::pushToSaveImmediateWithoutTouchingRegisters
+        https://bugs.webkit.org/show_bug.cgi?id=181570
+
+        Reviewed by Keith Miller.
+
+        * assembler/MacroAssemblerARM64.h:
+        (JSC::MacroAssemblerARM64::abortWithReason):
+        Reverting these functions to use dataTempRegister and memoryTempRegister as they are
+        JIT release asserts that will crash the program.
+
+        (JSC::MacroAssemblerARM64::pushToSaveImmediateWithoutTouchingRegisters):
+        Changed this so that it invalidates any cached dataTmpRegister contents if temp register
+        caching is enabled.
+
 2018-01-11  Filip Pizlo  <fpizlo@apple.com>
 
         Rename MarkedAllocator to BlockDirectory and AllocatorAttributes to CellAttributes
index d4c8f30..d5a0ad6 100644 (file)
@@ -1105,13 +1105,15 @@ public:
 
     void abortWithReason(AbortReason reason)
     {
-        move(TrustedImm32(reason), getCachedDataTempRegisterIDAndInvalidate());
+        // It is safe to use dataTempRegister directly since this is a crashing JIT Assert.
+        move(TrustedImm32(reason), dataTempRegister);
         breakpoint();
     }
 
     void abortWithReason(AbortReason reason, intptr_t misc)
     {
-        move(TrustedImm64(misc), getCachedMemoryTempRegisterIDAndInvalidate());
+        // It is safe to use memoryTempRegister directly since this is a crashing JIT Assert.
+        move(TrustedImm64(misc), memoryTempRegister);
         abortWithReason(reason);
     }
 
@@ -2201,7 +2203,8 @@ public:
     
     void pushToSaveImmediateWithoutTouchingRegisters(TrustedImm32 imm)
     {
-        RegisterID reg = getCachedDataTempRegisterIDAndInvalidate();
+        // We invalidate any cached values in dataTempRegister if temp register caching is enabled.
+        RegisterID reg = m_allowScratchRegister ? getCachedDataTempRegisterIDAndInvalidate() : dataTempRegister;
         pushPair(reg, reg);
         move(imm, reg);
         store64(reg, stackPointerRegister);