Bug 124481 - ARM64 CRASH: Improper offset in getHostCallReturnValue() to access callerFrame in CallFrame
Summary: ARM64 CRASH: Improper offset in getHostCallReturnValue() to access callerFram...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Michael Saboff
URL:
Keywords:
Depends on:
Blocks: 116888
  Show dependency treegraph
 
Reported: 2013-11-17 23:55 PST by Michael Saboff
Modified: 2013-11-18 10:17 PST (History)
1 user (show)

See Also:


Attachments
Patch (1.37 KB, patch)
2013-11-18 10:04 PST, Michael Saboff
mark.lam: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Saboff 2013-11-17 23:55:11 PST
In jit/JITOperations.cpp, the ARM64 version of getHostCallReturnValue() has the improper offset of -32.  It should be changed to 0.

#elif CPU(ARM64)
asm (
".text" "\n"
".align 2" "\n"
".globl " SYMBOL_STRING(getHostCallReturnValue) "\n"
HIDE_SYMBOL(getHostCallReturnValue) "\n"
SYMBOL_STRING(getHostCallReturnValue) ":" "\n"
    "ldur x25, [x25, #-32]" "\n"   <==  This should be "ldur x25, [x25, #0]"
     "mov x0, x25" "\n"
     "b " LOCAL_REFERENCE(getHostCallReturnValueWithExecState) "\n"
);
Comment 1 Andy Estes 2013-11-17 23:57:39 PST
I'm building this change now.
Comment 2 Andy Estes 2013-11-18 01:09:10 PST
Now we're just running in to this problem in MacroAssemblerARM64.h:

    void pop(RegisterID) NO_RETURN_DUE_TO_CRASH
    {
        CRASH();
    }

    void push(RegisterID) NO_RETURN_DUE_TO_CRASH
    {
        CRASH();
    }

    void push(Address) NO_RETURN_DUE_TO_CRASH
    {
        CRASH();
    }

    void push(TrustedImm32) NO_RETURN_DUE_TO_CRASH
    {
        CRASH();
    }

Did you have a fix for this too?
Comment 3 Andy Estes 2013-11-18 01:59:42 PST
After commenting out emitPointerValidation() in ThunkGenerators.cpp, I could successfully load apple.com.
Comment 4 Michael Saboff 2013-11-18 07:15:08 PST
(In reply to comment #3)
> After commenting out emitPointerValidation() in ThunkGenerators.cpp, I could successfully load apple.com.

I'll post a patch soon.
Comment 5 Michael Saboff 2013-11-18 10:04:34 PST
Created attachment 217206 [details]
Patch
Comment 6 Mark Lam 2013-11-18 10:10:11 PST
Comment on attachment 217206 [details]
Patch

r=me
Comment 7 Michael Saboff 2013-11-18 10:17:08 PST
Committed r159428: <http://trac.webkit.org/changeset/159428>