From 8c4daa81f8005b474a66db1bf6eba42fc9fb649b Mon Sep 17 00:00:00 2001
From: Zoltan Herczeg <zherczeg@webkit.org>
Date: Thu, 21 Mar 2013 15:12:19 +0100
Subject: Invalid code is generated for storing constants with baseindex
 addressing modes on ARM traditional.

https://bugs.webkit.org/show_bug.cgi?id=109050

Reviewed by Oliver Hunt.

The S! scratch register is reused, but it should contain the constant value.

* assembler/ARMAssembler.cpp:
(JSC::ARMAssembler::baseIndexTransfer32):
(JSC::ARMAssembler::baseIndexTransfer16):

Change-Id: Ib2487e008104e79b4e38e3031bd60bc25ed7f8a2
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@142146 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed-by: Andras Becsi <andras.becsi@digia.com>
---
 Source/JavaScriptCore/assembler/ARMAssembler.cpp | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

(limited to 'Source/JavaScriptCore/assembler/ARMAssembler.cpp')

diff --git a/Source/JavaScriptCore/assembler/ARMAssembler.cpp b/Source/JavaScriptCore/assembler/ARMAssembler.cpp
index 9655557a5..6912d1ea3 100644
--- a/Source/JavaScriptCore/assembler/ARMAssembler.cpp
+++ b/Source/JavaScriptCore/assembler/ARMAssembler.cpp
@@ -297,8 +297,15 @@ void ARMAssembler::baseIndexTransfer32(DataTransferTypeA transferType, RegisterI
         return;
     }
 
-    add(ARMRegisters::S1, base, op2);
-    dataTransfer32(transferType, srcDst, ARMRegisters::S1, offset);
+    if (offset <= 0xfffff && offset >= -0xfffff) {
+        add(ARMRegisters::S0, base, op2);
+        dataTransfer32(transferType, srcDst, ARMRegisters::S0, offset);
+        return;
+    }
+
+    moveImm(offset, ARMRegisters::S0);
+    add(ARMRegisters::S0, ARMRegisters::S0, op2);
+    dtrUpRegister(transferType, srcDst, base, ARMRegisters::S0);
 }
 
 void ARMAssembler::dataTransfer16(DataTransferTypeB transferType, RegisterID srcDst, RegisterID base, int32_t offset)
@@ -333,8 +340,17 @@ void ARMAssembler::baseIndexTransfer16(DataTransferTypeB transferType, RegisterI
         return;
     }
 
-    add(ARMRegisters::S1, base, lsl(index, scale));
-    dataTransfer16(transferType, srcDst, ARMRegisters::S1, offset);
+    ARMWord op2 = lsl(index, scale);
+
+    if (offset <= 0xffff && offset >= -0xffff) {
+        add(ARMRegisters::S0, base, op2);
+        dataTransfer16(transferType, srcDst, ARMRegisters::S0, offset);
+        return;
+    }
+
+    moveImm(offset, ARMRegisters::S0);
+    add(ARMRegisters::S0, ARMRegisters::S0, op2);
+    halfDtrUpRegister(transferType, srcDst, base, ARMRegisters::S0);
 }
 
 void ARMAssembler::dataTransferFloat(DataTransferTypeFloat transferType, FPRegisterID srcDst, RegisterID base, int32_t offset)
-- 
cgit v1.2.1