130650 – Gotta grow the locals vectors if we are about to do SetLocals beyond the bytecode's numCalleeRegisters

Bug 130650 - Gotta grow the locals vectors if we are about to do SetLocals beyond the bytecode's numCalleeRegisters

Summary: Gotta grow the locals vectors if we are about to do SetLocals beyond the byte...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Normal
Assignee:	Filip Pizlo

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-03-22 23:38 PDT by Filip Pizlo
Modified:	2014-03-23 11:58 PDT (History)
CC List:	8 users (show)

See Also:

Attachments
the patch (6.09 KB, patch) 2014-03-22 23:40 PDT, Filip Pizlo	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Filip Pizlo 2014-03-22 23:38:05 PDT

Patch forthcoming.

<rdar://problem/16122966>

Comment 1 Filip Pizlo 2014-03-22 23:40:36 PDT

Created attachment 227605 [details]
the patch

Comment 2 Michael Saboff 2014-03-22 23:43:56 PDT

Comment on attachment 227605 [details]
the patch

r=me

Comment 3 Filip Pizlo 2014-03-23 00:15:13 PDT

Comment on attachment 227605 [details]
the patch

This causes a v8-raytrace regression in FTL.  I'm investigating.

Comment 4 Filip Pizlo 2014-03-23 11:36:01 PDT

Found the issue.  FTL::OSRExitCompiler was unintentionally relying on numLocals() to be aligned.  Nobody else makes such an assumption.  And FTL::OSRExitCompiler only relied on it because its round-up was done by rounding the stack size in bytes up to stackAlignmentRegisters() [sic].  Changing that the stackAlignmentBytes() fixes the bug.  I will land with this fix.

Comment 5 Filip Pizlo 2014-03-23 11:58:11 PDT

Landed in http://trac.webkit.org/changeset/166142