[webkit-dev] ARM JIT for WinCE

Fri Jan 8 00:21:13 PST 2010

Hi,

the dateProtoFuncGetTimezoneOffset does not use the argList argument,
while functionPrint does. Perhaps passing this argument is still not yet
WinCE compatible. ArgList contains a pointer to the arguments (JSValue
pointers), and the length of the arguments. This structure is 8 bytes on
32 bit machines (1 pointer, 1 int), and allocated on the stack, because
the function got a reference (pointer) to it.

Could you try the following JS code: print("a", 1, true)
The length should be 3.

Zoltan

> Hi,
>
> I did some further investigation today.
>
> I did a quick hack in the privateCompileCTIMachineTrampolines to get the
> same
> maybe correct register values like without OPTIMIZE_NATIVE_CALL.
>
>      move(callFrameRegister, regT0);
>
> +    move(ARMRegisters::r2, ARMRegisters::r3);
> +    move(ARMRegisters::r1, ARMRegisters::r2);
> +    move(ARMRegisters::r0, ARMRegisters::r1);
> -    move(stackPointerRegister, ARMRegisters::r3);
> +    move(stackPointerRegister, ARMRegisters::r0);
> -    call(Address(regT1, OBJECT_OFFSETOF(JSFunction, m_data)));
> +    call(Address(regT2, OBJECT_OFFSETOF(JSFunction, m_data)));
>
>      addPtr(Imm32(sizeof(ArgList)), stackPointerRegister);
>
> Now it produces the following code:
>
> 003E01B0  muls        r0, r3, r0
> 003E01B4  subs        r1, r1, r0
> 003E01B8  str         r1, [sp]
> 003E01BC  ldr         r2, [r1, #-4]
> 003E01C0  ldr         r1, [r4, #-8]
> 003E01C4  mov         r0, r4
> 003E01C8  mov         r3, r2
> 003E01CC  mov         r2, r1
> 003E01D0  mov         r1, r0
> 003E01D4  mov         r0, sp
> 003E01D8  mov         lr, pc
> 003E01DC  ldr         pc, [r2, #0x1C]
> 003E01E0  adds        sp, sp, #8
> 003E01E4  ldr         r3, [pc, #0x80]
> 003E01E8  ldr         r2, [r3]
> 003E01EC  bics        r3, r2, #0
> 003E01F0  bne         003E0204
>
> The arguments seam to be sane now in the call to
> dateProtoFuncGetTimezoneOffset, but it crashes afterwards.
> When i step through it with the debugger i get the following register
> after
> the function finished and it jumps to 0x000139d8 instead of 0x003e01e0:
> (lr = 0x003e01e0 when i enter the function!)
>
> R0 = 0x182af984 R1 = 0x003f8054 R2 = 0x00601500 R3 = 0x00600000
> R4 = 0x003f8054 R5 = 0x00000200 R6 = 0x182af984 R7 = 0x003f8054
> R8 = 0x00000000 R9 = 0x182afbfc R10 = 0x00000000 R11 = 0x002b0370
> R12 = 0x182af8f0 Sp = 0x182af95c Lr = 0x003e01e0
> Pc = 0x000139d8 Psr = 0x2000001f
>
> I then tried to return jsNaN(exec) always. So R4 won't be used and
> prolog/epilog changed:
>
> 00071600  mov         r12, sp
> 00071604  stmdb       sp!, {r0 - r3}
> 00071608  stmdb       sp!, {r4, r12, lr}
> 0007160C  sub         sp, sp, #0x1C
> --------
> 00071700  ldr         r0, [sp, #8]
> 00071704  add         sp, sp, #0x1C
> 00071708  ldmia       sp, {r4, sp, pc}
>
> changed to
>
> 000734EC  mov         r12, sp
> 000734F0  stmdb       sp!, {r0 - r3}
> 000734F4  stmdb       sp!, {r12, lr}
> 000734F8  sub         sp, sp, #0x1C
> --------
> 000735A4  ldr         r0, [sp, #8]
> 000735A8  add         sp, sp, #0x1C
> 000735AC  ldmia       sp, {sp, pc}
>
> I now get following registers and it jumps to the correct address
> (0x003e01e0), but it crashes then in functionPrint.
>
> R0 = 0x182af984 R1 = 0x182af8f8 R2 = 0x00000000 R3 = 0x182af984
> R4 = 0x003f8080 R5 = 0x00000200 R6 = 0x00600000 R7 = 0x003e07c8
> R8 = 0x00000000 R9 = 0x182afbfc R10 = 0x00000000 R11 = 0x002b0370
> R12 = 0x03fc2c50 Sp = 0x182af984 Lr = 0x0001bc18
> Pc = 0x003e01e0 Psr = 0x6000001f
>
> I tried jsc.exe with the following javascript file:
> print(getTimeZoneDiff());
> function getTimeZoneDiff() {
>     return (new Date(2000, 1, 1)).getTimezoneOffset();
> }
>
> This doesn't make many sense to me in the moment.
>
> - Patrick
>