Bug 147759 - jsc-tailcall: REGRESSION(r188071): Crash when handling exception in Release builds
Summary: jsc-tailcall: REGRESSION(r188071): Crash when handling exception in Release b...
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Michael Saboff
URL:
Keywords:
Depends on: 148076
Blocks: 147747
  Show dependency treegraph
 
Reported: 2015-08-06 17:33 PDT by Michael Saboff
Modified: 2015-09-14 10:59 PDT (History)
1 user (show)

See Also:

Attachments
Patch (5.02 KB, patch)
2015-08-17 07:28 PDT, Michael Saboff 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Saboff 2015-08-06 17:33:18 PDT 
Looks like we are overwriting a callee save from a C++ caller.
Comment 1 Michael Saboff 2015-08-17 07:28:32 PDT 
Created attachment 259147 [details]
Patch
Comment 2 Basile Clement 2015-08-17 15:57:17 PDT 
Comment on attachment 259147 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=259147&action=review

> Source/JavaScriptCore/interpreter/Interpreter.cpp:638
> +                copyCalleeSavesToVMCalleeSavesBuffer(visitor);

Why don't we need this in the else branch?

Otherwise, LGTM.
Comment 3 Michael Saboff 2015-08-17 16:34:20 PDT 
Comment on attachment 259147 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=259147&action=review

>> Source/JavaScriptCore/interpreter/Interpreter.cpp:638
>> +                copyCalleeSavesToVMCalleeSavesBuffer(visitor);
> 
> Why don't we need this in the else branch?
> 
> Otherwise, LGTM.

This is the case that we found a handler, i.e. catch block, in the current frame.  We don't process that frame's callee saves.
Comment 4 Michael Saboff 2015-08-17 16:59:08 PDT 
Committed r188556: <http://trac.webkit.org/changeset/188556>
Comment 5 Csaba Osztrogonác 2015-09-14 10:59:38 PDT 
Comment on attachment 259147 [details]
Patch

Cleared review? from attachment 259147 [details] so that this bug does not appear in http://webkit.org/pending-review.  If you would like this patch reviewed, please attach it to a new bug (or re-open this bug before marking it for review again).