[Win] JavaScript crashes on 64-bit with JIT enabled.

https://bugs.webkit.org/show_bug.cgi?id=124409

Patch by peavo@outlook.com <peavo@outlook.com> on 2013-11-15
Reviewed by Michael Saboff.

These are issues found with JIT on 64-bit:
- The registers rsi and rdi in callToJavaScript needs to be saved and restored. This is required by the Windows 64-bit ABI.
- The getHostCallReturnValue function needs to be updated according to it's GCC counterpart.
- The poke argument offset needs to be 20h, because Windows 64-bit ABI requires stack space allocated for the 4 argument registers.

* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Re-added JITStubsMSVC64.asm to project.
* jit/CCallHelpers.h: Set poke argument offset.
(JSC::CCallHelpers::setupArguments): Compile fix, added needed method.
* jit/JITStubsMSVC64.asm: Save and restore registers rsi and rdi.
                          Update getHostCallReturnValue according to the GCC version.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159376 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 2e2648db
2013-11-15 peavo@outlook.com <peavo@outlook.com>
[Win] JavaScript crashes on 64-bit with JIT enabled.
https://bugs.webkit.org/show_bug.cgi?id=124409
Reviewed by Michael Saboff.
These are issues found with JIT on 64-bit:
- The registers rsi and rdi in callToJavaScript needs to be saved and restored. This is required by the Windows 64-bit ABI.
- The getHostCallReturnValue function needs to be updated according to it's GCC counterpart.
- The poke argument offset needs to be 20h, because Windows 64-bit ABI requires stack space allocated for the 4 argument registers.
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Re-added JITStubsMSVC64.asm to project.
* jit/CCallHelpers.h: Set poke argument offset.
(JSC::CCallHelpers::setupArguments): Compile fix, added needed method.
* jit/JITStubsMSVC64.asm: Save and restore registers rsi and rdi.
Update getHostCallReturnValue according to the GCC version.
2013-11-14 David Farler <dfarler@apple.com>
Copy ASAN flag settings to WebCore and JavaScriptCore intermediate build tools
......
......@@ -1310,15 +1310,11 @@
<ItemGroup>
<MASM Include="..\jit\JITStubsMSVC64.asm">
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release_WinCairo|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release_WinCairo|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Production|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Production|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug_WinCairo|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug_WinCairo|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DebugSuffix|Win32'">true</ExcludedFromBuild>
<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DebugSuffix|x64'">true</ExcludedFromBuild>
</MASM>
......
......@@ -730,7 +730,7 @@ public:
setupThreeStubArgsGPR<GPRInfo::argumentGPR1, GPRInfo::argumentGPR2, GPRInfo::argumentGPR3>(arg1, arg2, arg3);
}
#if CPU(MIPS)
#if CPU(MIPS) || (OS(WINDOWS) && CPU(X86_64))
#define POKE_ARGUMENT_OFFSET 4
#else
#define POKE_ARGUMENT_OFFSET 0
......@@ -1486,6 +1486,14 @@ public:
poke(arg4, POKE_ARGUMENT_OFFSET);
setupArgumentsWithExecState(arg1, arg2, arg3);
}
ALWAYS_INLINE void setupArguments(GPRReg arg1, GPRReg arg2, TrustedImmPtr arg3, TrustedImm32 arg4, GPRReg arg5)
{
poke(arg5, POKE_ARGUMENT_OFFSET);
setupTwoStubArgsGPR<GPRInfo::argumentGPR0, GPRInfo::argumentGPR1>(arg1, arg2);
move(arg3, GPRInfo::argumentGPR2);
move(arg4, GPRInfo::argumentGPR3);
}
#endif // NUMBER_OF_ARGUMENT_REGISTERS == 4
#if NUMBER_OF_ARGUMENT_REGISTERS >= 5
......
......@@ -32,7 +32,7 @@ PUBLIC getHostCallReturnValue
_TEXT SEGMENT
callToJavaScript PROC
mov r10, qword ptr[sp]
mov r10, qword ptr[rsp]
push rbp
mov rax, rbp ; Save previous frame pointer
mov rbp, rsp
......@@ -41,6 +41,8 @@ callToJavaScript PROC
push r14
push r15
push rbx
push rsi
push rdi
; JIT operations can use up to 6 args (4 in registers and 2 on the stack).
; In addition, X86_64 ABI specifies that the worse case stack alignment
......@@ -55,6 +57,8 @@ callToJavaScript PROC
mov r15, 0FFFF000000000002h
call rcx
add rsp, 28h
pop rdi
pop rsi
pop rbx
pop r15
pop r14
......@@ -66,6 +70,8 @@ callToJavaScript ENDP
returnFromJavaScript PROC
add rsp, 28h
pop rdi
pop rsi
pop rbx
pop r15
pop r14
......@@ -76,8 +82,8 @@ returnFromJavaScript PROC
returnFromJavaScript ENDP
getHostCallReturnValue PROC
sub r13, 40
mov r13, rdi
mov rbp, [rbp] ; CallFrame
mov rcx, rbp ; rcx is first argument register on Windows
jmp getHostCallReturnValueWithExecState
getHostCallReturnValue ENDP
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment