Bug 126106

Summary:

Arity check stack restoration should preserve the ArgumentCount in case there is a register restoration thunk below it

Product:

WebKit

Reporter:

Filip Pizlo <fpizlo>

Component:

JavaScriptCore

Assignee:

Filip Pizlo <fpizlo>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

barraclough, ggaren, mark.lam, mhahnenberg, msaboff, nrotem, oliver, sam

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Bug Depends on:

Bug Blocks:

113621

Attachments:

Description	Flags
the patch	ggaren: review+

Description Filip Pizlo 2013-12-20 18:44:09 PST

Return thunks rely on the argument count to recover where the stack should have been.  In the case of the arity check fail thunk, it should "pay it forward" and allow whatever it returns into to also use the argument count.

Comment 1 Filip Pizlo 2013-12-20 18:44:48 PST

Created attachment 219826 [details]
the patch

Comment 2 Filip Pizlo 2013-12-20 20:54:36 PST

Landed in http://trac.webkit.org/changeset/160956

Comment 3 Geoffrey Garen 2014-01-14 14:44:45 PST

Comment on attachment 219826 [details]
the patch

r=me