Bug 130650

Summary:

Gotta grow the locals vectors if we are about to do SetLocals beyond the bytecode's numCalleeRegisters

Product:

WebKit

Reporter:

Filip Pizlo <fpizlo>

Component:

JavaScriptCore

Assignee:

Filip Pizlo <fpizlo>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

barraclough, ggaren, mark.lam, mhahnenberg, msaboff, nrotem, oliver, sam

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
the patch	none

Description Filip Pizlo 2014-03-22 23:38:05 PDT

Patch forthcoming.

<rdar://problem/16122966>

Comment 1 Filip Pizlo 2014-03-22 23:40:36 PDT

Created attachment 227605 [details]
the patch

Comment 2 Michael Saboff 2014-03-22 23:43:56 PDT

Comment on attachment 227605 [details]
the patch

r=me

Comment 3 Filip Pizlo 2014-03-23 00:15:13 PDT

Comment on attachment 227605 [details]
the patch

This causes a v8-raytrace regression in FTL.  I'm investigating.

Comment 4 Filip Pizlo 2014-03-23 11:36:01 PDT

Found the issue.  FTL::OSRExitCompiler was unintentionally relying on numLocals() to be aligned.  Nobody else makes such an assumption.  And FTL::OSRExitCompiler only relied on it because its round-up was done by rounding the stack size in bytes up to stackAlignmentRegisters() [sic].  Changing that the stackAlignmentBytes() fixes the bug.  I will land with this fix.

Comment 5 Filip Pizlo 2014-03-23 11:58:11 PDT

Landed in http://trac.webkit.org/changeset/166142