Changeset 95707 in webkit
- Timestamp:
- Sep 22, 2011 4:05:41 AM (13 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r95693 r95707 1 2011-09-22 Filip Pizlo <fpizlo@apple.com> 2 3 32-bit call code clobbers the function cell tag 4 https://bugs.webkit.org/show_bug.cgi?id=68606 5 6 Reviewed by Csaba Osztrogonác. 7 8 This is a minimalistic fix: it simply emits code to restore the 9 cell tag on the slow path, if we know that we failed due to 10 emitCallIfNotType. 11 12 * jit/JITCall32_64.cpp: 13 (JSC::JIT::compileOpCallVarargsSlowCase): 14 (JSC::JIT::compileOpCallSlowCase): 15 1 16 2011-09-21 Gavin Barraclough <barraclough@apple.com> 2 17 -
trunk/Source/JavaScriptCore/jit/JITCall32_64.cpp
r95666 r95707 94 94 95 95 linkSlowCaseIfNotJSCell(iter, callee); 96 Jump notCell = jump(); 96 97 linkSlowCase(iter); 98 move(TrustedImm32(JSValue::CellTag), regT1); // Need to restore cell tag in regT1 because it was clobbered. 99 notCell.link(this); 97 100 98 101 JITStubCall stubCall(this, cti_op_call_NotJSFunction); … … 273 276 274 277 // This handles host functions 278 callLinkFailNotJSFunction.link(this); 279 move(TrustedImm32(JSValue::CellTag), regT1); // Restore cell tag since it was clobbered. 275 280 callLinkFailNotObject.link(this); 276 callLinkFailNotJSFunction.link(this);277 281 278 282 JITStubCall stubCall(this, opcodeID == op_construct ? cti_op_construct_NotJSConstruct : cti_op_call_NotJSFunction);
Note: See TracChangeset
for help on using the changeset viewer.