V4 JIT: fix stack use below stack pointer

When storing a double value returned from a function call on platforms
where the value wouldn't fit in a register, we used to store it on the
stack and then load it into a FP register. This stack use was done
without first lowering the stack pointer.

For x86 and ARM, the value is loaded directly into the FP register, and
for other non-64-bit platforms it correctly allocates the stack slot.

Change-Id: Idbc260038958a036ac2a7383d845199626decc8e
Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>

1 files changed, 10 insertions, 2 deletions

diff --git a/src/qml/jit/qv4assembler_p.h b/src/qml/jit/qv4assembler_p.h
index 9d2d6c5ca0..32f709c5d2 100644
--- a/src/qml/jit/qv4assembler_p.h
+++ b/src/qml/jit/qv4assembler_p.h
@@ -551,9 +551,11 @@ public:
 
     void storeUInt32ReturnValue(RegisterID dest)
     {
-        Pointer tmp(StackPointerRegister, -int(sizeof(QV4::Value)));
+        subPtr(TrustedImm32(sizeof(QV4::Value)), StackPointerRegister);
+        Pointer tmp(StackPointerRegister, 0);
         storeReturnValue(tmp);
         toUInt32Register(tmp, dest);
+        addPtr(TrustedImm32(sizeof(QV4::Value)), StackPointerRegister);
     }
 
     void storeReturnValue(FPRegisterID dest)
@@ -562,10 +564,16 @@ public:
         move(TrustedImm64(QV4::Value::NaNEncodeMask), ScratchRegister);
         xor64(ScratchRegister, ReturnValueRegister);
         move64ToDouble(ReturnValueRegister, dest);
+#elif defined(Q_PROCESSOR_ARM)
+        moveIntsToDouble(JSC::ARMRegisters::r0, JSC::ARMRegisters::r1, dest, FPGpr0);
+#elif defined(Q_PROCESSOR_X86)
+        moveIntsToDouble(JSC::X86Registers::eax, JSC::X86Registers::edx, dest, FPGpr0);
 #else
-        Pointer tmp(StackPointerRegister, -int(sizeof(QV4::Value)));
+        subPtr(TrustedImm32(sizeof(QV4::Value)), StackPointerRegister);
+        Pointer tmp(StackPointerRegister, 0);
         storeReturnValue(tmp);
         loadDouble(tmp, dest);
+        addPtr(TrustedImm32(sizeof(QV4::Value)), StackPointerRegister);
 #endif
     }