<https://webkit.org/b/120062> Missing ensureSpace call in sh4 baseline JIT.
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 20 Aug 2013 13:38:14 +0000 (13:38 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 20 Aug 2013 13:38:14 +0000 (13:38 +0000)
Patch by Julien Brianceau <jbrianceau@nds.com> on 2013-08-20
Reviewed by Allan Sandfeld Jensen.

branchPtrWithPatch() of baseline JIT must ensure that space is available for its
instructions and two constants now DFG is enabled for sh4 architecture.
These missing ensureSpace calls lead to random crashes.

* assembler/MacroAssemblerSH4.h:
(JSC::MacroAssemblerSH4::branchPtrWithPatch):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154324 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/assembler/MacroAssemblerSH4.h

index d66ba3d48ce41e085c475a01533d3e656ce34789..5e4cb498e1a3f67db8bd791ebc498b1ae0fd2d98 100644 (file)
@@ -1,3 +1,16 @@
+2013-08-20  Julien Brianceau  <jbrianceau@nds.com>
+
+        <https://webkit.org/b/120062> Missing ensureSpace call in sh4 baseline JIT.
+
+        Reviewed by Allan Sandfeld Jensen.
+
+        branchPtrWithPatch() of baseline JIT must ensure that space is available for its
+        instructions and two constants now DFG is enabled for sh4 architecture.
+        These missing ensureSpace calls lead to random crashes.
+
+        * assembler/MacroAssemblerSH4.h:
+        (JSC::MacroAssemblerSH4::branchPtrWithPatch):
+
 2013-08-19  Gavin Barraclough  <barraclough@apple.com>
 
         https://bugs.webkit.org/show_bug.cgi?id=120034
index a2a9efc3fcc37eb79ba5fc1c2059ca8cfebf74d1..a44dc32181cdab1acf866947a4e9ebe02f875ed9 100644 (file)
@@ -2334,6 +2334,7 @@ public:
     {
         RegisterID dataTempRegister = claimScratch();
 
+        m_assembler.ensureSpace(m_assembler.maxInstructionSize + 10, 2 * sizeof(uint32_t));
         dataLabel = moveWithPatch(initialRightValue, dataTempRegister);
         m_assembler.cmplRegReg(dataTempRegister, left, SH4Condition(cond));
         releaseScratch(dataTempRegister);
@@ -2351,6 +2352,7 @@ public:
         m_assembler.addlRegReg(left.base, scr);
         m_assembler.movlMemReg(scr, scr);
         RegisterID scr1 = claimScratch();
+        m_assembler.ensureSpace(m_assembler.maxInstructionSize + 10, 2 * sizeof(uint32_t));
         dataLabel = moveWithPatch(initialRightValue, scr1);
         m_assembler.cmplRegReg(scr1, scr, SH4Condition(cond));
         releaseScratch(scr);