Merge r228436 - [YarrJIT][ARM] We need to save r8 as it is the initia…

…l start register https://bugs.webkit.org/show_bug.cgi?id=182157 Reviewed by Saam Barati. Register r8 is the initial start register since r224172, so we need to save it. We still need to save r6 as well even though it is not the initial start register any more, since it is used by the MacroAssembler which we use (we get crashes in some situations if we don't save r6). This issue was discovered because stress/regress-174044.js crashes on a raspberry pi 2 when compiled in -O2. * yarr/YarrJIT.cpp: (JSC::Yarr::YarrGenerator::generateEnter): (JSC::Yarr::YarrGenerator::generateReturn):
WebKit · Feb 20, 2018 · 799a2f9 · 799a2f9
1 parent b6159b5
commit 799a2f9
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
@@ -1,3 +1,22 @@
+2018-02-13  Guillaume Emont  <guijemont@igalia.com>
+
+        [YarrJIT][ARM] We need to save r8 as it is the initial start register
+        https://bugs.webkit.org/show_bug.cgi?id=182157
+
+        Reviewed by Saam Barati.
+
+        Register r8 is the initial start register since r224172, so we need to
+        save it. We still need to save r6 as well even though it is not the
+        initial start register any more, since it is used by the
+        MacroAssembler which we use (we get crashes in some situations if we
+        don't save r6). This issue was discovered because
+        stress/regress-174044.js crashes on a raspberry pi 2 when compiled in
+        -O2.
+
+        * yarr/YarrJIT.cpp:
+        (JSC::Yarr::YarrGenerator::generateEnter):
+        (JSC::Yarr::YarrGenerator::generateReturn):
+
 2018-02-13  Caitlin Potter  <caitp@igalia.com>
 
         [JSC] cache TaggedTemplate arrays by callsite rather than by contents

diff --git a/Source/JavaScriptCore/yarr/YarrJIT.cpp b/Source/JavaScriptCore/yarr/YarrJIT.cpp
@@ -3334,6 +3334,7 @@ class YarrGenerator : private MacroAssembler {
         push(ARMRegisters::r4);
         push(ARMRegisters::r5);
         push(ARMRegisters::r6);
+        push(ARMRegisters::r8);
 #elif CPU(MIPS)
         // Do nothing.
 #endif
@@ -3381,6 +3382,7 @@ class YarrGenerator : private MacroAssembler {
         if (m_decodeSurrogatePairs)
             popPair(framePointerRegister, linkRegister);
 #elif CPU(ARM)
+        pop(ARMRegisters::r8);
         pop(ARMRegisters::r6);
         pop(ARMRegisters::r5);
         pop(ARMRegisters::r4);