[webkit-dev] ARM JIT for WinCE

Patrick Roland Gansterer paroga at paroga.com
Thu Jan 7 15:03:55 PST 2010 

Hi,

I did some further investigation today.

I did a quick hack in the privateCompileCTIMachineTrampolines to get the same 
maybe correct register values like without OPTIMIZE_NATIVE_CALL.

     move(callFrameRegister, regT0);

+    move(ARMRegisters::r2, ARMRegisters::r3);
+    move(ARMRegisters::r1, ARMRegisters::r2);
+    move(ARMRegisters::r0, ARMRegisters::r1);
-    move(stackPointerRegister, ARMRegisters::r3);
+    move(stackPointerRegister, ARMRegisters::r0);
-    call(Address(regT1, OBJECT_OFFSETOF(JSFunction, m_data)));
+    call(Address(regT2, OBJECT_OFFSETOF(JSFunction, m_data)));
 
     addPtr(Imm32(sizeof(ArgList)), stackPointerRegister);

Now it produces the following code:

003E01B0  muls        r0, r3, r0 
003E01B4  subs        r1, r1, r0 
003E01B8  str         r1, [sp] 
003E01BC  ldr         r2, [r1, #-4] 
003E01C0  ldr         r1, [r4, #-8] 
003E01C4  mov         r0, r4 
003E01C8  mov         r3, r2 
003E01CC  mov         r2, r1 
003E01D0  mov         r1, r0 
003E01D4  mov         r0, sp 
003E01D8  mov         lr, pc 
003E01DC  ldr         pc, [r2, #0x1C] 
003E01E0  adds        sp, sp, #8 
003E01E4  ldr         r3, [pc, #0x80] 
003E01E8  ldr         r2, [r3] 
003E01EC  bics        r3, r2, #0 
003E01F0  bne         003E0204 

The arguments seam to be sane now in the call to 
dateProtoFuncGetTimezoneOffset, but it crashes afterwards.
When i step through it with the debugger i get the following register after 
the function finished and it jumps to 0x000139d8 instead of 0x003e01e0:
(lr = 0x003e01e0 when i enter the function!)

R0 = 0x182af984 R1 = 0x003f8054 R2 = 0x00601500 R3 = 0x00600000
R4 = 0x003f8054 R5 = 0x00000200 R6 = 0x182af984 R7 = 0x003f8054
R8 = 0x00000000 R9 = 0x182afbfc R10 = 0x00000000 R11 = 0x002b0370
R12 = 0x182af8f0 Sp = 0x182af95c Lr = 0x003e01e0 
Pc = 0x000139d8 Psr = 0x2000001f 

I then tried to return jsNaN(exec) always. So R4 won't be used and 
prolog/epilog changed:

00071600  mov         r12, sp 
00071604  stmdb       sp!, {r0 - r3} 
00071608  stmdb       sp!, {r4, r12, lr} 
0007160C  sub         sp, sp, #0x1C 
--------
00071700  ldr         r0, [sp, #8] 
00071704  add         sp, sp, #0x1C 
00071708  ldmia       sp, {r4, sp, pc} 

changed to

000734EC  mov         r12, sp 
000734F0  stmdb       sp!, {r0 - r3} 
000734F4  stmdb       sp!, {r12, lr} 
000734F8  sub         sp, sp, #0x1C 
--------
000735A4  ldr         r0, [sp, #8] 
000735A8  add         sp, sp, #0x1C 
000735AC  ldmia       sp, {sp, pc} 

I now get following registers and it jumps to the correct address 
(0x003e01e0), but it crashes then in functionPrint.

R0 = 0x182af984 R1 = 0x182af8f8 R2 = 0x00000000 R3 = 0x182af984
R4 = 0x003f8080 R5 = 0x00000200 R6 = 0x00600000 R7 = 0x003e07c8
R8 = 0x00000000 R9 = 0x182afbfc R10 = 0x00000000 R11 = 0x002b0370
R12 = 0x03fc2c50 Sp = 0x182af984 Lr = 0x0001bc18 
Pc = 0x003e01e0 Psr = 0x6000001f

I tried jsc.exe with the following javascript file:
print(getTimeZoneDiff());
function getTimeZoneDiff() { 
    return (new Date(2000, 1, 1)).getTimezoneOffset();
}

This doesn't make many sense to me in the moment.

- Patrick

More information about the webkit-dev mailing list