Bug 130650

Summary:

Gotta grow the locals vectors if we are about to do SetLocals beyond the bytecode's numCalleeRegisters

Product:

WebKit

Reporter:

Filip Pizlo <fpizlo>

Component:

JavaScriptCore

Assignee:

Filip Pizlo <fpizlo>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

barraclough, ggaren, mark.lam, mhahnenberg, msaboff, nrotem, oliver, sam

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
the patch	none

Filip Pizlo

Reported 2014-03-22 23:38:05 PDT

Patch forthcoming. <rdar://problem/16122966>

Attachments
the patch (6.09 KB, patch) 2014-03-22 23:40 PDT, Filip Pizlo	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Filip Pizlo

Comment 1 2014-03-22 23:40:36 PDT

Created attachment 227605 [details] the patch

Michael Saboff

Comment 2 2014-03-22 23:43:56 PDT

Comment on attachment 227605 [details] the patch r=me

Filip Pizlo

Comment 3 2014-03-23 00:15:13 PDT

Comment on attachment 227605 [details] the patch This causes a v8-raytrace regression in FTL. I'm investigating.

Filip Pizlo

Comment 4 2014-03-23 11:36:01 PDT

Found the issue. FTL::OSRExitCompiler was unintentionally relying on numLocals() to be aligned. Nobody else makes such an assumption. And FTL::OSRExitCompiler only relied on it because its round-up was done by rounding the stack size in bytes up to stackAlignmentRegisters() [sic]. Changing that the stackAlignmentBytes() fixes the bug. I will land with this fix.

Filip Pizlo

Comment 5 2014-03-23 11:58:11 PDT

Landed in http://trac.webkit.org/changeset/166142

Note You need to log in before you can comment on or make changes to this bug.