From 3a3681158677f319bce88eee75d2696b8231eb1f Mon Sep 17 00:00:00 2001
From: Julien Brianceau <jbriance@cisco.com>
Date: Wed, 22 Oct 2014 18:25:24 +0200
Subject: Fix lots of crashes because of 4th argument register trampling.

https://bugs.webkit.org/show_bug.cgi?id=123421

Reviewed by Michael Saboff.

r3 register is the 4th argument register for ARM and also a scratch
register in the baseline JIT for this architecture. We can use r6
instead, as this used to be the timeoutCheckRegister and it is no
longer used since r148119.

* assembler/ARMAssembler.h: Temp register is now r6 instead of r3 for ARM.
* assembler/MacroAssemblerARMv7.h: Temp register is now r6 instead of r3 for ARMv7.
* dfg/DFGGPRInfo.h: Add r3 properly in GPRInfo for ARM.
* jit/JITStubs.cpp: Remove obsolete timeoutCheckRegister init.
* yarr/YarrJIT.cpp: Use r3 and not the new scratch register r6 and r8 register
doesn't need to be saved.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@158208 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Change-Id: I5198a158e5e69d4e3a05b353abb60f28c0ab095e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
---
 Source/JavaScriptCore/assembler/ARMAssembler.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'Source/JavaScriptCore/assembler/ARMAssembler.h')

diff --git a/Source/JavaScriptCore/assembler/ARMAssembler.h b/Source/JavaScriptCore/assembler/ARMAssembler.h
index c950e47bb..19db71dc6 100644
--- a/Source/JavaScriptCore/assembler/ARMAssembler.h
+++ b/Source/JavaScriptCore/assembler/ARMAssembler.h
@@ -41,10 +41,10 @@ namespace JSC {
             r0 = 0,
             r1,
             r2,
-            r3, S0 = r3, /* Same as thumb assembler. */
+            r3,
             r4,
             r5,
-            r6,
+            r6, S0 = r6,
             r7,
             r8,
             r9,
-- 
cgit v1.2.1