Changeset 183076 in webkit
- Timestamp:
- Apr 21, 2015 1:55:45 PM (9 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 1 added
- 3 edited
-
ChangeLog (modified) (1 diff)
-
dfg/DFGSpeculativeJIT32_64.cpp (modified) (1 diff)
-
dfg/DFGSpeculativeJIT64.cpp (modified) (1 diff)
-
tests/stress/varargs-then-slow-call.js (added)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r183073 r183076 1 2015-04-21 Filip Pizlo <fpizlo@apple.com> 2 3 DFG Call/ConstructForwardVarargs fails to restore the stack pointer 4 https://bugs.webkit.org/show_bug.cgi?id=144007 5 6 Reviewed by Mark Lam. 7 8 We were conditioning the stack pointer restoration on isVarargs, but we also need to do it 9 if isForwardVarargs. 10 11 * dfg/DFGSpeculativeJIT32_64.cpp: 12 (JSC::DFG::SpeculativeJIT::emitCall): 13 * dfg/DFGSpeculativeJIT64.cpp: 14 (JSC::DFG::SpeculativeJIT::emitCall): 15 * tests/stress/varargs-then-slow-call.js: Added. 16 (foo): 17 (bar): 18 (fuzz): 19 (baz): 20 1 21 2015-04-21 Basile Clement <basile_clement@apple.com> 2 22 -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
r183073 r183076 836 836 837 837 // If we were varargs, then after the calls are done, we need to reestablish our stack pointer. 838 if (isVarargs )838 if (isVarargs || isForwardVarargs) 839 839 m_jit.addPtr(TrustedImm32(m_jit.graph().stackPointerOffset() * sizeof(Register)), GPRInfo::callFrameRegister, JITCompiler::stackPointerRegister); 840 840 } -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
r183073 r183076 800 800 801 801 // If we were varargs, then after the calls are done, we need to reestablish our stack pointer. 802 if (isVarargs )802 if (isVarargs || isForwardVarargs) 803 803 m_jit.addPtr(TrustedImm32(m_jit.graph().stackPointerOffset() * sizeof(Register)), GPRInfo::callFrameRegister, JITCompiler::stackPointerRegister); 804 804 }
Note: See TracChangeset
for help on using the changeset viewer.
