Google Git
Sign in
webkit / WebKit / 5fc94e725e56d83fd2fe77e9823b11c13acace8a^! / .
commit5fc94e725e56d83fd2fe77e9823b11c13acace8a[log] [tgz]
authorticaiolima@gmail.com <ticaiolima@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Wed Oct 16 19:50:24 2019 +0000
committerticaiolima@gmail.com <ticaiolima@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Wed Oct 16 19:50:24 2019 +0000
treecca562c15b06c8c2e4bcf7b69ffc84404b92c34a
parent3e1cdb22794553b075b0012761c962d0171069a8 [diff]
Invalid instruction generated for ARM_THUMB2 in llint
https://bugs.webkit.org/show_bug.cgi?id=202844

Reviewed by Saam Barati.

Do not allow instruction execution to reach OSR return label on ARMv7.
Currently we are seeing the instruction execution hitting a .word directive in
the instruction stream and segfaulting. There are two words used to represent a
global label which was generated as part of the work on OSR Exit to LLInt work
(r250806). The double word generation only occurs in ARMv7 and therefore only here
the segfault manifests itself.

* llint/LowLevelInterpreter.asm:


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@251196 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
index b784e52..3351f4a 100644
--- a/Source/JavaScriptCore/ChangeLog
+++ b/Source/JavaScriptCore/ChangeLog

@@ -1,3 +1,19 @@
+2019-10-16  Paulo Matos  <pmatos@igalia.com> and Caio Lima  <ticaiolima@gmail.com>
+
+        Invalid instruction generated for ARM_THUMB2 in llint
+        https://bugs.webkit.org/show_bug.cgi?id=202844
+
+        Reviewed by Saam Barati.
+
+        Do not allow instruction execution to reach OSR return label on ARMv7.
+        Currently we are seeing the instruction execution hitting a .word directive in
+        the instruction stream and segfaulting. There are two words used to represent a
+        global label which was generated as part of the work on OSR Exit to LLInt work
+        (r250806). The double word generation only occurs in ARMv7 and therefore only here
+        the segfault manifests itself.
+
+        * llint/LowLevelInterpreter.asm:
+
 2019-10-16  Paulo Matos  <pmatos@linki.tools>
 
         Fix GCC warning on MIPS about dead variable metadata

diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter.asm b/Source/JavaScriptCore/llint/LowLevelInterpreter.asm
index c3d17d8..3f60817 100644
--- a/Source/JavaScriptCore/llint/LowLevelInterpreter.asm
+++ b/Source/JavaScriptCore/llint/LowLevelInterpreter.asm

@@ -958,6 +958,12 @@
         call callee, callPtrTag
     end
 
+    if ARMv7
+        # Only required in ARMv7 since only here defineOSRExitReturnLabel
+        # inserts the global label words
+        restoreStackPointerAfterCall()
+        dispatchAfterCall(size, opcodeStruct, dispatch)
+    end
     defineOSRExitReturnLabel(opcodeName, size)
     restoreStackPointerAfterCall()
     dispatchAfterCall(size, opcodeStruct, dispatch)