Bug 141717

Summary: Throwing from an FTL call IC slow path may result in tag registers being clobbered on 64-bit CPUs
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: JavaScriptCoreAssignee: Filip Pizlo <fpizlo>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
the patch ggaren: review+

Description Filip Pizlo 2015-02-17 12:04:10 PST 
Patch forthcoming.
Comment 1 Filip Pizlo 2015-02-17 12:06:04 PST 
Created attachment 246758 [details]
the patch
Comment 2 Geoffrey Garen 2015-02-17 12:08:28 PST 
Comment on attachment 246758 [details]
the patch

View in context: https://bugs.webkit.org/attachment.cgi?id=246758&action=review

r=me

> Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:1849
> +    # Gotta restore the tag registers. We could be throwing from FTL, which may
> +    # clobber them.

I like this comment better than the JIT one -- can you copy it there?
Comment 3 Filip Pizlo 2015-02-17 12:10:31 PST 
Landed in http://trac.webkit.org/changeset/180234