WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED DUPLICATE of
bug 87307
Bug 88438
Setting scratch buffer usage in osrExitGenerationThunkGenerator trashes arg0 on ARM
https://bugs.webkit.org/show_bug.cgi?id=88438
Summary
Setting scratch buffer usage in osrExitGenerationThunkGenerator trashes arg0 ...
Michael Saboff
Reported
2012-06-06 11:41:39 PDT
In osrExitGenerationThunkGenerator(), after setting up arg0, we store the active length of the scratch register. We use regT0 to set the size, but regT0 is also argumentGPR0 on ARM. .. // Set up one argument. #if CPU(X86) jit.poke(GPRInfo::callFrameRegister, 0); #else jit.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0); #endif // Tell GC mark phase how much of the scratch buffer is active during call. jit.move(MacroAssembler::TrustedImmPtr(scratchBuffer->activeLengthPtr()), GPRInfo::regT0); <== This wil trash arg0 jit.storePtr(MacroAssembler::TrustedImmPtr(scratchSize), GPRInfo::regT0); MacroAssembler::Call functionCall = jit.call(); ... The fix is to move the storing of the active scratch buffer length to before setting up arg0. A visual inspection of the other locations in the code where we set the scratch buffer active length appear safe. either because we use an allocated register or because regT0 is available.
Attachments
Add attachment
proposed patch, testcase, etc.
Michael Saboff
Comment 1
2012-06-06 12:01:22 PDT
*** This bug has been marked as a duplicate of
bug 87307
***
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug