Bug 147561 - jsc-tailcall: Kraken/stanford-crypto-ccm crashes
Summary: jsc-tailcall: Kraken/stanford-crypto-ccm crashes
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Basile Clement
Depends on:
Reported: 2015-08-03 09:43 PDT by Basile Clement
Modified: 2015-08-03 14:40 PDT (History)
1 user (show)

See Also:

Patch (8.61 KB, patch)
2015-08-03 11:09 PDT, Basile Clement
no flags Details | Formatted Diff | Diff
Patch (7.17 KB, patch)
2015-08-03 13:54 PDT, Basile Clement
msaboff: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Basile Clement 2015-08-03 09:43:00 PDT
That was an interesting one. When performing a tail call, we are stack-aligning the *top* of the caller frame instead of stack-aligning the *bottom* of that frame. This means that when we do a tail call with a different parity from the parity of the tail caller, we are overwriting part of the tail caller's caller locals. Patch forthcoming.
Comment 1 Basile Clement 2015-08-03 11:09:32 PDT
Created attachment 258082 [details]
Comment 2 Basile Clement 2015-08-03 11:30:33 PDT
Let's actually implement a full fix.
Comment 3 Basile Clement 2015-08-03 13:54:51 PDT
Created attachment 258108 [details]
Comment 4 Michael Saboff 2015-08-03 14:36:30 PDT
Comment on attachment 258108 [details]

Do add the call varargs test as we discussed.
Comment 5 Basile Clement 2015-08-03 14:40:06 PDT
Commited in r187767 <http://trac.webkit.org/changeset/187767>.