126106 – Arity check stack restoration should preserve the ArgumentCount in case there is a register restoration thunk below it

Bug 126106 - Arity check stack restoration should preserve the ArgumentCount in case there is a register restoration thunk below it

Summary: Arity check stack restoration should preserve the ArgumentCount in case there...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Normal
Assignee:	Filip Pizlo

URL:
Keywords:

Depends on:
Blocks:	113621
	Show dependency tree / graph

Reported:	2013-12-20 18:44 PST by Filip Pizlo
Modified:	2014-01-30 13:27 PST (History)
CC List:	8 users (show)

See Also:

Attachments
the patch (3.33 KB, patch) 2013-12-20 18:44 PST, Filip Pizlo	ggaren: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Filip Pizlo 2013-12-20 18:44:09 PST

Return thunks rely on the argument count to recover where the stack should have been.  In the case of the arity check fail thunk, it should "pay it forward" and allow whatever it returns into to also use the argument count.

Comment 1 Filip Pizlo 2013-12-20 18:44:48 PST

Created attachment 219826 [details]
the patch

Comment 2 Filip Pizlo 2013-12-20 20:54:36 PST

Landed in http://trac.webkit.org/changeset/160956

Comment 3 Geoffrey Garen 2014-01-14 14:44:45 PST

Comment on attachment 219826 [details]
the patch

r=me