Last Comment Bug 732675 - IonMonkey: scratch register gets overwritten on ARM
: IonMonkey: scratch register gets overwritten on ARM
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: unspecified
: ARM Linux
: -- normal (vote)
: ---
Assigned To: general
:
: Jason Orendorff [:jorendorff]
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-03 00:25 PST by Marty Rosenberg [:mjrosenb]
Modified: 2012-03-16 16:23 PDT (History)
1 user (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
/home/mrosenberg/patches/scratchOverwrite-r0.patch (3.85 KB, patch)
2012-03-05 06:32 PST, Marty Rosenberg [:mjrosenb]
dvander: review+
Details | Diff | Splinter Review

Description Marty Rosenberg [:mjrosenb] 2012-03-03 00:25:15 PST
If you attempt to store an immediate into a large offset from a base register, we attempt to use the scratch register to hold both the calculated offset, as well as the immediate.  This currently results in a bogus value being written into the correct location, rather than a sane value being written into a bogus location.
Comment 1 Marty Rosenberg [:mjrosenb] 2012-03-05 06:32:35 PST
Created attachment 602875 [details] [diff] [review]
/home/mrosenberg/patches/scratchOverwrite-r0.patch

The inevitable has happened, and I'm giving in and taking a second scratch register for ARM.  the previously unused link register will become the second scratch register.  Previously, it was only used in one spot, but I'd missed a whole load of cases where two different values need to be in a scratch register at the same time
Comment 2 Marty Rosenberg [:mjrosenb] 2012-03-16 16:23:53 PDT
landed: http://hg.mozilla.org/projects/ionmonkey/rev/8979dfc0ddf2

Note You need to log in before you can comment on or make changes to this bug.