Unbreak double-typed arrays on ARMv7

https://bugs.webkit.org/show_bug.cgi?id=79177

Reviewed by Gavin Barraclough.

The existing code had completely broken address arithmetic.

* JSCTypedArrayStubs.h:
(JSC):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::storeDouble):
(JSC::MacroAssemblerARMv7::storeFloat):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108432 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
index 9766fb6..8b98061 100644 (file)
--- a/Source/JavaScriptCore/ChangeLog
+++ b/Source/JavaScriptCore/ChangeLog
@@ -1,3 +1,18 @@
+2012-02-21  Oliver Hunt  <oliver@apple.com>
+
+        Unbreak double-typed arrays on ARMv7
+        https://bugs.webkit.org/show_bug.cgi?id=79177
+
+        Reviewed by Gavin Barraclough.
+
+        The existing code had completely broken address arithmetic.
+
+        * JSCTypedArrayStubs.h:
+        (JSC):
+        * assembler/MacroAssemblerARMv7.h:
+        (JSC::MacroAssemblerARMv7::storeDouble):
+        (JSC::MacroAssemblerARMv7::storeFloat):
+
 2012-02-21  Gavin Barraclough  <barraclough@apple.com>
 
         Should be able to reconfigure a non-configurable property as read-only

diff --git a/Source/JavaScriptCore/JSCTypedArrayStubs.h b/Source/JavaScriptCore/JSCTypedArrayStubs.h
index 0030684..cda55fc 100644 (file)
--- a/Source/JavaScriptCore/JSCTypedArrayStubs.h
+++ b/Source/JavaScriptCore/JSCTypedArrayStubs.h
@@ -65,8 +65,8 @@ public: \
     static void getOwnPropertyNames(JSC::JSObject*, JSC::ExecState*, JSC::PropertyNameArray&, JSC::EnumerationMode mode = JSC::ExcludeDontEnumProperties);\
     static JSC::JSValue getConstructor(JSC::ExecState*, JSC::JSGlobalObject*);\
 \
-    static const JSC::TypedArrayType TypedArrayStorageType = JSC::TypedArrayNone;\
-    intptr_t m_storageLength;\
+    static const JSC::TypedArrayType TypedArrayStorageType = JSC::TypedArray##name;\
+    uint32_t m_storageLength;\
     type* m_storage;\
     RefPtr<name##Array> m_impl;\
 protected:\

diff --git a/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h b/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h
index 6cf2d08..d883abf 100644 (file)
--- a/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h
+++ b/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h
@@ -796,14 +796,16 @@ public:
     void storeDouble(FPRegisterID src, BaseIndex address)
     {
         move(address.index, addressTempRegister);
-        mul32(TrustedImm32(address.scale), addressTempRegister, addressTempRegister);
+        mul32(TrustedImm32(1 << address.scale), addressTempRegister, addressTempRegister);
+        add32(address.base, addressTempRegister);
         storeDouble(src, Address(addressTempRegister, address.offset));
     }
     
     void storeFloat(FPRegisterID src, BaseIndex address)
     {
         move(address.index, addressTempRegister);
-        mul32(TrustedImm32(address.scale), addressTempRegister, addressTempRegister);
+        mul32(TrustedImm32(1 << address.scale), addressTempRegister, addressTempRegister);
+        add32(address.base, addressTempRegister);
         storeDouble(src, Address(addressTempRegister, address.offset));
     }