From fa1628f76785e18240c7c7aca63b99d490879461 Mon Sep 17 00:00:00 2001
From: Jiaxun Yang <jiaxun.yang@flygoat.com>
Date: Tue, 12 May 2020 12:40:05 +0800
Subject: Bug 1323136 - wasm: MIPS: Do bounds check in 32-bit

Tag: #1542
---
 js/src/jit/mips32/Assembler-mips32.cpp | 28 +++++++++-------------------
 1 file changed, 9 insertions(+), 19 deletions(-)

(limited to 'js/src/jit/mips32/Assembler-mips32.cpp')

diff --git a/js/src/jit/mips32/Assembler-mips32.cpp b/js/src/jit/mips32/Assembler-mips32.cpp
index 6283c1d5a..1b86e9d32 100644
--- a/js/src/jit/mips32/Assembler-mips32.cpp
+++ b/js/src/jit/mips32/Assembler-mips32.cpp
@@ -124,7 +124,7 @@ jit::PatchJump(CodeLocationJump& jump_, CodeLocationLabel label, ReprotectCode r
     Instruction* inst2 = inst1->next();
 
     MaybeAutoWritableJitCode awjc(inst1, 8, reprotect);
-    Assembler::UpdateLuiOriValue(inst1, inst2, (uint32_t)label.raw());
+    AssemblerMIPSShared::UpdateLuiOriValue(inst1, inst2, (uint32_t)label.raw());
 
     AutoFlushICache::flush(uintptr_t(inst1), 8);
 }
@@ -146,12 +146,12 @@ jit::PatchBackedge(CodeLocationJump& jump, CodeLocationLabel label,
     } else {
         if (target == JitRuntime::BackedgeLoopHeader) {
             Instruction* lui = &branch[1];
-            Assembler::UpdateLuiOriValue(lui, lui->next(), targetAddr);
+            AssemblerMIPSShared::UpdateLuiOriValue(lui, lui->next(), targetAddr);
             // Jump to ori. The lui will be executed in delay slot.
             branch->setBOffImm16(BOffImm16(2 * sizeof(uint32_t)));
         } else {
             Instruction* lui = &branch[4];
-            Assembler::UpdateLuiOriValue(lui, lui->next(), targetAddr);
+            AssemblerMIPSShared::UpdateLuiOriValue(lui, lui->next(), targetAddr);
             branch->setBOffImm16(BOffImm16(4 * sizeof(uint32_t)));
         }
     }
@@ -168,7 +168,7 @@ Assembler::executableCopy(uint8_t* buffer)
         Instruction* inst1 = (Instruction*) ((uint32_t)buffer + longJumps_[i]);
 
         uint32_t value = Assembler::ExtractLuiOriValue(inst1, inst1->next());
-        Assembler::UpdateLuiOriValue(inst1, inst1->next(), (uint32_t)buffer + value);
+        AssemblerMIPSShared::UpdateLuiOriValue(inst1, inst1->next(), (uint32_t)buffer + value);
     }
 
     AutoFlushICache::setRange(uintptr_t(buffer), m_buffer.size());
@@ -207,7 +207,7 @@ TraceOneDataRelocation(JSTracer* trc, Instruction* inst)
     TraceManuallyBarrieredGenericPointerEdge(trc, reinterpret_cast<gc::Cell**>(&ptr),
                                                  "ion-masm-ptr");
     if (ptr != prior) {
-        Assembler::UpdateLuiOriValue(inst, inst->next(), uint32_t(ptr));
+        AssemblerMIPSShared::UpdateLuiOriValue(inst, inst->next(), uint32_t(ptr));
         AutoFlushICache::flush(uintptr_t(inst), 8);
     }
 }
@@ -306,7 +306,7 @@ Assembler::Bind(uint8_t* rawCode, CodeOffset* label, const void* address)
     if (label->bound()) {
         intptr_t offset = label->offset();
         Instruction* inst = (Instruction*) (rawCode + offset);
-        Assembler::UpdateLuiOriValue(inst, inst->next(), (uint32_t)address);
+        AssemblerMIPSShared::UpdateLuiOriValue(inst, inst->next(), (uint32_t)address);
     }
 }
 
@@ -385,7 +385,7 @@ Assembler::bind(RepatchLabel* label)
             // For unconditional long branches generated by ma_liPatchable,
             // such as under:
             //     jumpWithpatch
-            Assembler::UpdateLuiOriValue(inst, inst->next(), dest.getOffset());
+            AssemblerMIPSShared::UpdateLuiOriValue(inst, inst->next(), dest.getOffset());
         } else if (inst[1].extractOpcode() == (uint32_t(op_lui) >> OpcodeShift) ||
                    BOffImm16::IsInRange(offset))
         {
@@ -466,16 +466,6 @@ Assembler::ExtractLuiOriValue(Instruction* inst0, Instruction* inst1)
     return value;
 }
 
-void
-Assembler::UpdateLuiOriValue(Instruction* inst0, Instruction* inst1, uint32_t value)
-{
-    MOZ_ASSERT(inst0->extractOpcode() == ((uint32_t)op_lui >> OpcodeShift));
-    MOZ_ASSERT(inst1->extractOpcode() == ((uint32_t)op_ori >> OpcodeShift));
-
-    ((InstImm*) inst0)->setImm16(Imm16::Upper(Imm32(value)));
-    ((InstImm*) inst1)->setImm16(Imm16::Lower(Imm32(value)));
-}
-
 void
 Assembler::WriteLuiOriInstructions(Instruction* inst0, Instruction* inst1,
                                    Register reg, uint32_t value)
@@ -503,7 +493,7 @@ Assembler::PatchDataWithValueCheck(CodeLocationLabel label, PatchedImmPtr newVal
     MOZ_ASSERT(value == uint32_t(expectedValue.value));
 
     // Replace with new value
-    Assembler::UpdateLuiOriValue(inst, inst->next(), uint32_t(newValue.value));
+    AssemblerMIPSShared::UpdateLuiOriValue(inst, inst->next(), uint32_t(newValue.value));
 
     AutoFlushICache::flush(uintptr_t(inst), 8);
 }
@@ -512,7 +502,7 @@ void
 Assembler::PatchInstructionImmediate(uint8_t* code, PatchedImmPtr imm)
 {
     InstImm* inst = (InstImm*)code;
-    Assembler::UpdateLuiOriValue(inst, inst->next(), (uint32_t)imm.value);
+    AssemblerMIPSShared::UpdateLuiOriValue(inst, inst->next(), (uint32_t)imm.value);
 }
 
 uint32_t
-- 
cgit v1.2.3