68606 – 32-bit call code clobbers the function cell tag

RESOLVED FIXED 68606

32-bit call code clobbers the function cell tag

https://bugs.webkit.org/show_bug.cgi?id=68606

Summary 32-bit call code clobbers the function cell tag

Filip Pizlo

Reported 2011-09-22 03:22:15 PDT

The change to use emitJumpIfNotType results in problems, because this function is often called (in 32-bit mode) with the tag register as the scratch register. If the jump is taken, the slow path code then expects the tag register to be intact, and passes the no-longer-valid tag to a stub function. This results in failures when attempting to make InternalFunction calls.

Attachments
the patch (2.02 KB, patch) 2011-09-22 03:24 PDT, Filip Pizlo	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Filip Pizlo

Comment 1 2011-09-22 03:24:22 PDT

Created attachment 108305 [details] the patch

Csaba Osztrogonác

Comment 2 2011-09-22 04:02:36 PDT

Comment on attachment 108305 [details] the patch r+ to go ahead. I tested it on a 32-bit Qt environment and it works for me.

Csaba Osztrogonác

Comment 3 2011-09-22 04:04:45 PDT

Comment on attachment 108305 [details] the patch Clearing flags on attachment: 108305 Committed r95707: <http://trac.webkit.org/changeset/95707>

Csaba Osztrogonác

Comment 4 2011-09-22 04:04:52 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2011-09-22 03:22 PDT

Modified

2011-09-22 04:04 PDT History

CC List

3 users Show

URL

Keywords

Depends on

Blocks

68557

Dependencies

tree graph