RESOLVED FIXED Bug 82013
CALLFRAME_OFFSET and EXCEPTION_OFFSET are same in ctiTrampoline on ARM Thumb2 
https://bugs.webkit.org/show_bug.cgi?id=82013
Summary CALLFRAME_OFFSET and EXCEPTION_OFFSET are same in ctiTrampoline on ARM Thumb2
SangGyu Lee
Reported 2012-03-22 21:57:49 PDT
CALLFRAME_OFFSET and EXCEPTION_OFFSET have same value in ctiTrampoline on ARM Thumb2 like followings: In JITStubs.cpp #elif (COMPILER(GCC) || COMPILER(RVCT)) && CPU(ARM_THUMB2) #define THUNK_RETURN_ADDRESS_OFFSET 0x38 #define PRESERVED_RETURN_ADDRESS_OFFSET 0x3C ... #define REGISTER_FILE_OFFSET 0x60 #define CALLFRAME_OFFSET 0x64 #define EXCEPTION_OFFSET 0x64 #define ENABLE_PROFILER_REFERENCE_OFFSET 0x68 I wonder it is intentional or not. I think they should have different offset and back up register value in separate stack location. ( like on MIPS or other platforms ) #define CALLFRAME_OFFSET 0x64 #define EXCEPTION_OFFSET 0x68 #define ENABLE_PROFILER_REFERENCE_OFFSET 0x6C Currently, since CALLFRAME and EXCEPTION have same offset, in ARM_THUMB2 ctiTrampoline code, "str r2, [sp, #" STRINGIZE_VALUE_OF(CALLFRAME_OFFSET) "]" "\n" seems to be dead code. The value in stack location is replaced by r3, with the immediately following statement "str r3, [sp, #" STRINGIZE_VALUE_OF(EXCEPTION_OFFSET) "]" "\n"
Attachments
Fix (4.32 KB, patch)
2012-09-07 17:56 PDT, Gavin Barraclough 		ggaren: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Gavin Barraclough
Comment 1 2012-03-25 22:18:34 PDT
Uggh, so, the ctiTrampoline is now no longer passed an exception out pointer. Rather than re-jig the arguments in all asm (which we really should do at some point), we left an unused argument in for now. So the 'exception' argument no longer really exists, and is completely unused - other that the fact some entry/exit thunks still preserve it around JIT code. This code should really be deleted (along with all reference to EXCEPTION_OFFSET). The unused exception value is trampling over the call frame, why does this not crash? Well, when we wrote the THUMB2 entry thunk we dumbly spilled all arguments to the stack, since that's where they were on x86 - and the CTI callbacks access these values. But since the call frame may move (it is the JS stack pointer, and updated by JIT code), we cannot rely on the value upon entry to to JIT code, and instead must save a fresh copy each time a call out to C code is made. As such, I think the store of the call frame is also probably completely redundant, and should likely also be removed. I'd need to look closer to determine if this is true. So, my guess is, no actually bug here, just some stupid, wasteful, and potentially confusing & bug prone code. :-/
Gavin Barraclough
Comment 2 2012-09-07 17:56:20 PDT
Created attachment 162923 [details] Fix
Gavin Barraclough
Comment 3 2012-09-07 17:59:15 PDT
Fixed in r127944
Geoffrey Garen
Comment 4 2012-09-09 14:08:18 PDT
Comment on attachment 162923 [details] Fix r=me
Note You need to log in before you can comment on or make changes to this bug.