Bug 126106

Summary:

Arity check stack restoration should preserve the ArgumentCount in case there is a register restoration thunk below it

Product:

WebKit

Reporter:

Filip Pizlo <fpizlo>

Component:

JavaScriptCore

Assignee:

Filip Pizlo <fpizlo>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

barraclough, ggaren, mark.lam, mhahnenberg, msaboff, nrotem, oliver, sam

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Bug Depends on:

Bug Blocks:

113621

Attachments:

Description	Flags
the patch	ggaren: review+

Filip Pizlo

Reported 2013-12-20 18:44:09 PST

Return thunks rely on the argument count to recover where the stack should have been. In the case of the arity check fail thunk, it should "pay it forward" and allow whatever it returns into to also use the argument count.

Attachments
the patch (3.33 KB, patch) 2013-12-20 18:44 PST, Filip Pizlo	ggaren: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Filip Pizlo

Comment 1 2013-12-20 18:44:48 PST

Created attachment 219826 [details] the patch

Filip Pizlo

Comment 2 2013-12-20 20:54:36 PST

Landed in http://trac.webkit.org/changeset/160956

Geoffrey Garen

Comment 3 2014-01-14 14:44:45 PST

Comment on attachment 219826 [details] the patch r=me

Note You need to log in before you can comment on or make changes to this bug.