Bug 43910

Summary: The scratch register should be saved in YARR with ARM JIT
Product: WebKit Reporter: Gabor Loki <loki>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Critical CC: barraclough, benjamin, commit-queue, eric, hausmann, jturcotte
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Other   
OS: All   
Attachments:
Description Flags
The scratch register should be saved in YARR with ARM JIT hausmann: review+, loki: commit-queue-

Description Gabor Loki 2010-08-12 05:46:54 PDT 
It looks like the scratch register (S0 == r8) is not saved before entering YARR JIT on ARM.
Comment 1 Gabor Loki 2010-08-12 05:50:40 PDT 
Created attachment 64215 [details]
The scratch register should be saved in YARR with ARM JIT
Comment 2 Jocelyn Turcotte 2010-08-12 06:12:09 PDT 
A bit of context for future reference:
This was causing a crash of QtWebKit on the N900 in release at the following stack trace:


Program received signal SIGSEGV, Segmentation fault.
JSC::RegExp::match (this=0x448ce300, s=..., startOffset=0, ovector=0x44935e58) at ../../webkit/JavaScriptCore/wtf/RefPtr.h:60
60	        T* get() const { return m_ptr; }
(gdb) bt
#0  JSC::RegExp::match (this=0x448ce300, s=..., startOffset=0, ovector=0x44935e58) at ../../webkit/JavaScriptCore/wtf/RefPtr.h:60
#1  0x412eaa70 in JSC::RegExpObject::match (this=0x44e02900, exec=0x460080c4) at ../../webkit/JavaScriptCore/runtime/RegExpConstructor.h:114
#2  0x412eae94 in JSC::RegExpObject::exec (this=0x28, exec=0x34) at ../../webkit/JavaScriptCore/runtime/RegExpObject.cpp:124
#3  0x412eb818 in regExpProtoFuncExec (exec=0x460080c4) at ../../webkit/JavaScriptCore/runtime/RegExpPrototype.cpp:75
#4  0x43fec34c in ?? ()
#5  0x43fec34c in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
Comment 3 Simon Hausmann 2010-08-12 06:26:14 PDT 
Comment on attachment 64215 [details]
The scratch register should be saved in YARR with ARM JIT

r=me
Comment 4 Gabor Loki 2010-08-12 06:34:04 PDT 
Comment on attachment 64215 [details]
The scratch register should be saved in YARR with ARM JIT

I am going to land it manually.
Comment 5 Gabor Loki 2010-08-12 06:39:23 PDT 
Committed revision 65242.
Comment 6 Eric Seidel (no email) 2010-08-12 06:43:02 PDT 
You can use webkit-patch mark-bug-fixed to get all the fancy bug updating when you chose to land without webkit-patch land or the cq.
Comment 7 Simon Hausmann 2010-08-12 07:09:01 PDT 
Revision r65242 cherry-picked into qtwebkit-2.1 with commit 29b5a48d43c1cca1b875c407f31fd6e1928fc0a6
Comment 8 Benjamin Poulain 2010-08-12 13:08:23 PDT 
Thanks Jocelyn and Loki! I will be able to work with trunk on ARM again :)