The callOperation() near line 295 in JITInlines.h needs to be updated for the Win X86_64 calling convention. When a function returns a POD that doesn't fit in one register, the caller needs to allocate space for the result and pass it as the first argument. The code and comments added with change set r157581: <http://trac.webkit.org/changeset/157581> are: // Need to make space on stack for return value, use that address as first arg (in register), // move callFrameRegister to second argument register and push the passed arg1. updateTopCallFrame(); MacroAssembler::Call call = appendCall(operation); // These may not be pops: // pop(regT0); // Restore arg1 slot // pop(regT0); // Get handler's call frame // pop(regT1); // Get handler's address return call;
That code is inside of #if USE(JSVALUE64), which I don't use. I'm not sure what the state of Apple's Win64 build is, but this change will not affect the crashes I was seeing.
This issue is addressed with the fix for https://bugs.webkit.org/show_bug.cgi?id=122982. *** This bug has been marked as a duplicate of bug 122982 ***
(In reply to comment #1) > That code is inside of #if USE(JSVALUE64), which I don't use. I'm not sure what the state of Apple's Win64 build is, but this change will not affect the crashes I was seeing. WinCairo on X86_64 doesn't use JSVALUE64? JSVALUE64 is a requirement for 64bit platforms.
> WinCairo on X86_64 doesn't use JSVALUE64? JSVALUE64 is a requirement for 64bit platforms. Once again, Geoff is right. I got JSVALUE64 (which is used) mixed up with JSVALUE32_64 (which is not used). Ignore my earlier comment.