Bug 43910 - The scratch register should be saved in YARR with ARM JIT
Summary: The scratch register should be saved in YARR with ARM JIT
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Other All
: P2 Critical
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-08-12 05:46 PDT by Gabor Loki
Modified: 2011-04-19 05:15 PDT (History)
6 users (show)

See Also:


Attachments
The scratch register should be saved in YARR with ARM JIT (1.91 KB, patch)
2010-08-12 05:50 PDT, Gabor Loki
hausmann: review+
loki: commit-queue-
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Gabor Loki 2010-08-12 05:46:54 PDT
It looks like the scratch register (S0 == r8) is not saved before entering YARR JIT on ARM.
Comment 1 Gabor Loki 2010-08-12 05:50:40 PDT
Created attachment 64215 [details]
The scratch register should be saved in YARR with ARM JIT
Comment 2 Jocelyn Turcotte 2010-08-12 06:12:09 PDT
A bit of context for future reference:
This was causing a crash of QtWebKit on the N900 in release at the following stack trace:


Program received signal SIGSEGV, Segmentation fault.
JSC::RegExp::match (this=0x448ce300, s=..., startOffset=0, ovector=0x44935e58) at ../../webkit/JavaScriptCore/wtf/RefPtr.h:60
60	        T* get() const { return m_ptr; }
(gdb) bt
#0  JSC::RegExp::match (this=0x448ce300, s=..., startOffset=0, ovector=0x44935e58) at ../../webkit/JavaScriptCore/wtf/RefPtr.h:60
#1  0x412eaa70 in JSC::RegExpObject::match (this=0x44e02900, exec=0x460080c4) at ../../webkit/JavaScriptCore/runtime/RegExpConstructor.h:114
#2  0x412eae94 in JSC::RegExpObject::exec (this=0x28, exec=0x34) at ../../webkit/JavaScriptCore/runtime/RegExpObject.cpp:124
#3  0x412eb818 in regExpProtoFuncExec (exec=0x460080c4) at ../../webkit/JavaScriptCore/runtime/RegExpPrototype.cpp:75
#4  0x43fec34c in ?? ()
#5  0x43fec34c in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
Comment 3 Simon Hausmann 2010-08-12 06:26:14 PDT
Comment on attachment 64215 [details]
The scratch register should be saved in YARR with ARM JIT

r=me
Comment 4 Gabor Loki 2010-08-12 06:34:04 PDT
Comment on attachment 64215 [details]
The scratch register should be saved in YARR with ARM JIT

I am going to land it manually.
Comment 5 Gabor Loki 2010-08-12 06:39:23 PDT
Committed revision 65242.
Comment 6 Eric Seidel (no email) 2010-08-12 06:43:02 PDT
You can use webkit-patch mark-bug-fixed to get all the fancy bug updating when you chose to land without webkit-patch land or the cq.
Comment 7 Simon Hausmann 2010-08-12 07:09:01 PDT
Revision r65242 cherry-picked into qtwebkit-2.1 with commit 29b5a48d43c1cca1b875c407f31fd6e1928fc0a6
Comment 8 Benjamin Poulain 2010-08-12 13:08:23 PDT
Thanks Jocelyn and Loki! I will be able to work with trunk on ARM again :)