Skip to site navigation (Press enter)

[webkit-changes] [161217] branches/jsCStack/Source/JavaScriptCore

fpizlo Thu, 02 Jan 2014 12:10:07 -0800

Title: [161217] branches/jsCStack/Source/_javascript_Core

Revision: 161217
Author: [email protected]
Date: 2014-01-02 12:11:55 -0800 (Thu, 02 Jan 2014)

Log Message

Some crashes in C stack on Mountain Lion, for example on crypto-aes, due to misaligned stack
https://bugs.webkit.org/show_bug.cgi?id=126394


Not yet reviewed.

The specialized math thunks currently ensure that inside the thunk, the stack is aligned. But when they
call the wrapper, the wrapper previously didn't align the stack. This patch fixes that.

I think that we can drop the wrappers on X86-64 and maybe on other platforms as well. I'll leave that to
a future patch.

* jit/ThunkGenerators.cpp:

Modified Paths

branches/jsCStack/Source/_javascript_Core/ChangeLog
branches/jsCStack/Source/_javascript_Core/jit/ThunkGenerators.cpp

Diff

Modified: branches/jsCStack/Source/_javascript_Core/ChangeLog (161216 => 161217)


--- branches/jsCStack/Source/_javascript_Core/ChangeLog	2014-01-02 20:06:32 UTC (rev 161216)
+++ branches/jsCStack/Source/_javascript_Core/ChangeLog	2014-01-02 20:11:55 UTC (rev 161217)
@@ -1,5 +1,20 @@
 2014-01-02  Filip Pizlo  <[email protected]>
 
+        Some crashes in C stack on Mountain Lion, for example on crypto-aes, due to misaligned stack
+        https://bugs.webkit.org/show_bug.cgi?id=126394
+
+        Not yet reviewed.
+
+        The specialized math thunks currently ensure that inside the thunk, the stack is aligned. But when they
+        call the wrapper, the wrapper previously didn't align the stack. This patch fixes that.
+
+        I think that we can drop the wrappers on X86-64 and maybe on other platforms as well. I'll leave that to
+        a future patch.
+
+        * jit/ThunkGenerators.cpp:
+
+2014-01-02  Filip Pizlo  <[email protected]>
+
         Refactor LLInt C stack frame munging helpers so that 32-bit code paths can use them
         https://bugs.webkit.org/show_bug.cgi?id=126387

Modified: branches/jsCStack/Source/_javascript_Core/jit/ThunkGenerators.cpp (161216 => 161217)


--- branches/jsCStack/Source/_javascript_Core/jit/ThunkGenerators.cpp	2014-01-02 20:06:32 UTC (rev 161216)
+++ branches/jsCStack/Source/_javascript_Core/jit/ThunkGenerators.cpp	2014-01-02 20:11:55 UTC (rev 161217)
@@ -625,7 +625,9 @@
         ".globl " SYMBOL_STRING(function##Thunk) "\n" \
         HIDE_SYMBOL(function##Thunk) "\n" \
         SYMBOL_STRING(function##Thunk) ":" "\n" \
+        "pushq %rax\n" \
         "call " GLOBAL_REFERENCE(function) "\n" \
+        "popq %rcx\n" \
         "ret\n" \
     );\
     extern "C" { \

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes