[Webkit-unassigned] [Bug 153464] New: [mips] fix offsets of branches that have to go over a jump
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jan 25 16:38:52 PST 2016
https://bugs.webkit.org/show_bug.cgi?id=153464
Bug ID: 153464
Summary: [mips] fix offsets of branches that have to go over a
jump
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: Other
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: guijemont at igalia.com
The jump() function creates 8 instructions, but the offsets of branches
meant to go over them only account for 6. In most cases, this is not an
issue as the last two instructions of jump() would be nops, but in the
rarer case where the jump destination is in a different 256 MB segment,
MIPSAssembler::linkWithOffset() will rewrite the code in a way in which
the last 4 instructions would be a 2 instruction load (lui/ori) into
$t9, a "j $t9" and then a nop. The wrong offset will mean that the
previous branches meant to go over the whole jump will branch to the
"j $t9" instruction, which would jump to whatever is currently in $t9
(since lui/ori would not be executed).
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160126/cdd4e627/attachment.html>
More information about the webkit-unassigned
mailing list