[webkit-changes] [161531] branches/jsCStack/Source/JavaScriptCore

[msaboff]

Title: [161531] branches/jsCStack/Source/_javascript_Core

Revision

161531

Author

msab...@apple.com

Date

2014-01-08 17:55:32 -0800 (Wed, 08 Jan 2014)

Log Message

CStack: stack frame gets unaligned before call to operationVMHandleException
https://bugs.webkit.org/show_bug.cgi?id=126673

Reviewed by Mark Lam.

Moves the epilogue to after the check for an exception.  Modified the call to
operationVMHandleException() to take the caller's frame since the callee frame hasn't
been popped off yet.

* jit/ThunkGenerators.cpp:
(JSC::nativeForGenerator):

Modified Paths

• branches/jsCStack/Source/_javascript_Core/ChangeLog
• branches/jsCStack/Source/_javascript_Core/jit/ThunkGenerators.cpp

Diff

Modified: branches/jsCStack/Source/_javascript_Core/ChangeLog (161530 => 161531)

--- branches/jsCStack/Source/_javascript_Core/ChangeLog	2014-01-09 01:38:13 UTC (rev 161530)
+++ branches/jsCStack/Source/_javascript_Core/ChangeLog	2014-01-09 01:55:32 UTC (rev 161531)
@@ -1,3 +1,17 @@
+2014-01-08  Michael Saboff  <msab...@apple.com>
+
+        CStack: stack frame gets unaligned before call to operationVMHandleException
+        https://bugs.webkit.org/show_bug.cgi?id=126673
+
+        Reviewed by Mark Lam.
+
+        Moves the epilogue to after the check for an exception.  Modified the call to
+        operationVMHandleException() to take the caller's frame since the callee frame hasn't
+        been popped off yet.
+
+        * jit/ThunkGenerators.cpp:
+        (JSC::nativeForGenerator):
+
 2014-01-08  Filip Pizlo  <fpi...@apple.com>
 
         Make it possible to disable the disabling of AVX

Modified: branches/jsCStack/Source/_javascript_Core/jit/ThunkGenerators.cpp (161530 => 161531)

--- branches/jsCStack/Source/_javascript_Core/jit/ThunkGenerators.cpp	2014-01-09 01:38:13 UTC (rev 161530)
+++ branches/jsCStack/Source/_javascript_Core/jit/ThunkGenerators.cpp	2014-01-09 01:55:32 UTC (rev 161531)
@@ -364,8 +364,6 @@
     breakpoint();
 #endif
 
-    jit.emitFunctionEpilogue();
-
     // Check for an exception
 #if USE(JSVALUE64)
     jit.load64(vm->addressOfException(), JSInterfaceJIT::regT2);
@@ -377,6 +375,7 @@
         JSInterfaceJIT::TrustedImm32(JSValue::EmptyValueTag));
 #endif
 
+    jit.emitFunctionEpilogue();
     // Return.
     jit.ret();
 
@@ -387,9 +386,10 @@
 
 #if CPU(X86) && USE(JSVALUE32_64)
     jit.addPtr(JSInterfaceJIT::TrustedImm32(-12), JSInterfaceJIT::stackPointerRegister);
-    jit.push(JSInterfaceJIT::callFrameRegister);
+    jit.loadPtr(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister), JSInterfaceJIT::regT0);
+    jit.push(JSInterfaceJIT::regT0);
 #else
-    jit.move(JSInterfaceJIT::callFrameRegister, JSInterfaceJIT::argumentGPR0);
+    jit.loadPtr(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister), JSInterfaceJIT::argumentGPR0);
 #endif
     jit.move(JSInterfaceJIT::TrustedImmPtr(FunctionPtr(operationVMHandleException).value()), JSInterfaceJIT::regT3);
     jit.call(JSInterfaceJIT::regT3);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes