Fix lots of crashes because of 4th argument register trampling.

https://bugs.webkit.org/show_bug.cgi?id=123421

Reviewed by Michael Saboff.

r3 register is the 4th argument register for ARM and also a scratch
register in the baseline JIT for this architecture. We can use r6
instead, as this used to be the timeoutCheckRegister and it is no
longer used since r148119.

* assembler/ARMAssembler.h: Temp register is now r6 instead of r3 for ARM.
* assembler/MacroAssemblerARMv7.h: Temp register is now r6 instead of r3 for ARMv7.
* dfg/DFGGPRInfo.h: Add r3 properly in GPRInfo for ARM.
* jit/JITStubs.cpp: Remove obsolete timeoutCheckRegister init.
* yarr/YarrJIT.cpp: Use r3 and not the new scratch register r6 and r8 register
doesn't need to be saved.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@158208 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Change-Id: I5198a158e5e69d4e3a05b353abb60f28c0ab095e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>

1 files changed, 5 insertions, 8 deletions

diff --git a/Source/JavaScriptCore/dfg/DFGGPRInfo.h b/Source/JavaScriptCore/dfg/DFGGPRInfo.h
index d889cf513..4b7aaee49 100644
--- a/Source/JavaScriptCore/dfg/DFGGPRInfo.h
+++ b/Source/JavaScriptCore/dfg/DFGGPRInfo.h
@@ -393,7 +393,7 @@ private:
 class GPRInfo {
 public:
     typedef GPRReg RegisterType;
-    static const unsigned numberOfRegisters = 8;
+    static const unsigned numberOfRegisters = 9;
 
     // Temporary registers.
     static const GPRReg regT0 = ARMRegisters::r0;
@@ -404,6 +404,7 @@ public:
     static const GPRReg regT5 = ARMRegisters::r9;
     static const GPRReg regT6 = ARMRegisters::r10;
     static const GPRReg regT7 = ARMRegisters::r11;
+    static const GPRReg regT8 = ARMRegisters::r3;
     // These registers match the baseline JIT.
     static const GPRReg cachedResultRegister = regT0;
     static const GPRReg cachedResultRegister2 = regT1;
@@ -412,11 +413,7 @@ public:
     static const GPRReg argumentGPR0 = ARMRegisters::r0; // regT0
     static const GPRReg argumentGPR1 = ARMRegisters::r1; // regT1
     static const GPRReg argumentGPR2 = ARMRegisters::r2; // regT2
-    // FIXME: r3 is currently used be the MacroAssembler as a temporary - it seems
-    // This could threoretically be a problem if this is used in code generation
-    // between the arguments being set up, and the call being made. That said,
-    // any change introducing a problem here is likely to be immediately apparent!
-    static const GPRReg argumentGPR3 = ARMRegisters::r3; // FIXME!
+    static const GPRReg argumentGPR3 = ARMRegisters::r3; // regT8
     static const GPRReg nonArgGPR0 = ARMRegisters::r4; // regT3
     static const GPRReg nonArgGPR1 = ARMRegisters::r8; // regT4
     static const GPRReg nonArgGPR2 = ARMRegisters::r9; // regT5
@@ -427,7 +424,7 @@ public:
     static GPRReg toRegister(unsigned index)
     {
         ASSERT(index < numberOfRegisters);
-        static const GPRReg registerForIndex[numberOfRegisters] = { regT0, regT1, regT2, regT3, regT4, regT5, regT6, regT7 };
+        static const GPRReg registerForIndex[numberOfRegisters] = { regT0, regT1, regT2, regT3, regT4, regT5, regT6, regT7, regT8 };
         return registerForIndex[index];
     }
 
@@ -435,7 +432,7 @@ public:
     {
         ASSERT(static_cast<unsigned>(reg) != InvalidGPRReg);
         ASSERT(static_cast<unsigned>(reg) < 16);
-        static const unsigned indexForRegister[16] = { 0, 1, 2, InvalidIndex, 3, InvalidIndex, InvalidIndex, InvalidIndex, 4, 5, 6, 7, InvalidIndex, InvalidIndex, InvalidIndex, InvalidIndex };
+        static const unsigned indexForRegister[16] = { 0, 1, 2, 8, 3, InvalidIndex, InvalidIndex, InvalidIndex, 4, 5, 6, 7, InvalidIndex, InvalidIndex, InvalidIndex, InvalidIndex };
         unsigned result = indexForRegister[reg];
         ASSERT(result != InvalidIndex);
         return result;