RESOLVED FIXED 128556
32-bit LLInt writeBarrierOnGlobalObject is wrong 
https://bugs.webkit.org/show_bug.cgi?id=128556
Summary 32-bit LLInt writeBarrierOnGlobalObject is wrong
Mark Hahnenberg
Reported 2014-02-10 15:31:40 PST
It checks if the value is a cell is a really wrong way.
Attachments
Patch (3.21 KB, patch)
2014-02-10 15:41 PST, Mark Hahnenberg 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Hahnenberg
Comment 1 2014-02-10 15:41:47 PST
Created attachment 223755 [details] Patch
Geoffrey Garen
Comment 2 2014-02-10 15:44:53 PST
Comment on attachment 223755 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=223755&action=review r=me > Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:413 > + loadConstantOrVariableCell(t1, t0, .writeBarrierDone) > btpz t0, .writeBarrierDone Why does this code check for a null t0? Is a null cell ever allowed?
Mark Hahnenberg
Comment 3 2014-02-10 15:50:44 PST
(In reply to comment #2) > (From update of attachment 223755 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=223755&action=review > > r=me > > > Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:413 > > + loadConstantOrVariableCell(t1, t0, .writeBarrierDone) > > btpz t0, .writeBarrierDone > > Why does this code check for a null t0? Is a null cell ever allowed? I think init_global_const potentially does this...it's been a while since I added that however.
Mark Hahnenberg
Comment 4 2014-02-11 09:34:22 PST
(In reply to comment #3) > (In reply to comment #2) > > (From update of attachment 223755 [details] [details]) > > View in context: https://bugs.webkit.org/attachment.cgi?id=223755&action=review > > > > r=me > > > > > Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:413 > > > + loadConstantOrVariableCell(t1, t0, .writeBarrierDone) > > > btpz t0, .writeBarrierDone > > > > Why does this code check for a null t0? Is a null cell ever allowed? > > I think init_global_const potentially does this...it's been a while since I added that however. I filed bug 128608 to track getting rid of the null check.
WebKit Commit Bot
Comment 5 2014-02-11 10:04:34 PST
Comment on attachment 223755 [details] Patch Clearing flags on attachment: 223755 Committed r163887: <http://trac.webkit.org/changeset/163887>
WebKit Commit Bot
Comment 6 2014-02-11 10:04:37 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.