[webkit-changes] [WebKit/WebKit] a19dda: Merge 254390 at main - [JSC] Fix crash on ARMv7 due t...
Asumu Takikawa
noreply at github.com
Mon Sep 12 15:29:08 PDT 2022
Branch: refs/heads/webkitglib/2.38
Home: https://github.com/WebKit/WebKit
Commit: a19ddac90cec19ddd549481347cfa076b4f49788
https://github.com/WebKit/WebKit/commit/a19ddac90cec19ddd549481347cfa076b4f49788
Author: Asumu Takikawa <asumu at igalia.com>
Date: 2022-09-13 (Tue, 13 Sep 2022)
Changed paths:
A JSTests/stress/bug-244952.js
M Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h
Log Message:
-----------
Merge 254390 at main - [JSC] Fix crash on ARMv7 due to DFG OSR exit code
https://bugs.webkit.org/show_bug.cgi?id=244952
Reviewed by Yusuke Suzuki.
A crash was triggered due to a call to the JIT's storeCell function in
DFGOSRExitCompilerCommon.cpp on ARMv7. The storeCell call there was
reasonable, but the MacroAssembler was emitting incorrect code in
certain cases due to a register conflict.
This patch fixes the problem by changing how `storePair32` (used by
`storeCell`) with immediate arguments generates code.
* JSTests/stress/bug-244952.js: Added.
(caml_blit_bytes):
(caml_bytes_unsafe_get):
(MlBytes):
(caml_bytes_of_jsbytes):
(caml_string_of_jsbytes):
(caml_call_gen):
(caml_jsbytes_of_string):
(caml_bytes_compare):
(caml_string_compare):
(caml_create_bytes):
(caml_bytes_of_utf16_jsstring):
(caml_string_of_jsstring):
(caml_ml_bytes_length):
(caml_ml_string_length):
(caml_js_wrap_meth_callback):
(caml_make_vect):
(caml_lex_array):
(caml_parse_engine):
(caml_call1):
(caml_call2):
(caml_call3):
(_U_):
(_aj_):
(_al_):
(_a3_):
(_ba_):
(_bc_):
(_bv_):
(_bB_):
(_eI_):
(_jt_):
(_jG_):
(_jX_):
(_j2_):
(_j3_):
(_kc_):
(_w):
(_xd_):
(_yj_):
(_yl_):
(_yA_):
(_yB_):
(_yC_):
(_yE_):
(_yG_):
(_yL_):
(_yM_):
(_Dc_):
(_Dd_):
(_Dh_):
(_Dk_):
(_Ee_):
(_Ei_):
(_Ex_):
(_EN_):
(_NV_):
(encode.caml_js_wrap_meth_callback.switch._WH_):
(encode.caml_js_wrap_meth_callback.switch._WI_):
(encode.caml_js_wrap_meth_callback.switch._WJ_):
(encode.caml_js_wrap_meth_callback.switch._WV_):
(encode.caml_js_wrap_meth_callback):
(compile):
* Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::storePair32):
Canonical link: https://commits.webkit.org/254390@main
(cherry picked from commit 31e6bf54bd0fa5cd47aa8554ddd810a6fa695936)
More information about the webkit-changes
mailing list