[webkit-changes] [180184] trunk/Source/JavaScriptCore

[msaboff]

Title: [180184] trunk/Source/_javascript_Core

Revision

180184

Author

msab...@apple.com

Date

2015-02-16 16:08:17 -0800 (Mon, 16 Feb 2015)

Log Message

REGRESSION(r180060): C Loop crashes
https://bugs.webkit.org/show_bug.cgi?id=141671

Reviewed by Geoffrey Garen.

Fixed a typo that only affected the C Loop in the prologue() macro in LowLevelInterpreter.asm.
After the stackHeightOKGetCodeBlock label, codeBlockSetter(t1) should be codeBlockGetter(t1).
Fixed the processing of an out of stack exception in llint_stack_check to not get the caller's
frame.  This isn't needed, since this helper is only called to check the stack on entry.  Any
exception will be handled by a call ancestor.

* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::llint_stack_check): Changed to use the current frame for processing an exception.
* llint/LowLevelInterpreter.asm: Fixed a typo.

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp
• trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (180183 => 180184)

--- trunk/Source/_javascript_Core/ChangeLog	2015-02-17 00:02:44 UTC (rev 180183)
+++ trunk/Source/_javascript_Core/ChangeLog	2015-02-17 00:08:17 UTC (rev 180184)
@@ -1,3 +1,20 @@
+2015-02-16  Michael Saboff  <msab...@apple.com>
+
+        REGRESSION(r180060): C Loop crashes
+        https://bugs.webkit.org/show_bug.cgi?id=141671
+
+        Reviewed by Geoffrey Garen.
+
+        Fixed a typo that only affected the C Loop in the prologue() macro in LowLevelInterpreter.asm.
+        After the stackHeightOKGetCodeBlock label, codeBlockSetter(t1) should be codeBlockGetter(t1).
+        Fixed the processing of an out of stack exception in llint_stack_check to not get the caller's
+        frame.  This isn't needed, since this helper is only called to check the stack on entry.  Any
+        exception will be handled by a call ancestor.
+
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::llint_stack_check): Changed to use the current frame for processing an exception.
+        * llint/LowLevelInterpreter.asm: Fixed a typo.
+
 2015-02-16  Joseph Pecoraro  <pecor...@apple.com>
 
         Web Inspector: Scope details sidebar should label objects with constructor names

Modified: trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp (180183 => 180184)

--- trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp	2015-02-17 00:02:44 UTC (rev 180183)
+++ trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp	2015-02-17 00:08:17 UTC (rev 180184)
@@ -490,7 +490,6 @@
         LLINT_RETURN_TWO(pc, 0);
 #endif
 
-    exec = exec->callerFrame(vm.topVMEntryFrame);
     vm.topCallFrame = exec;
     ErrorHandlingScope errorScope(vm);
     CommonSlowPaths::interpreterThrowInCaller(exec, createStackOverflowError(exec));

Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm (180183 => 180184)

--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm	2015-02-17 00:02:44 UTC (rev 180183)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm	2015-02-17 00:08:17 UTC (rev 180184)
@@ -631,7 +631,7 @@
 .stackHeightOKGetCodeBlock:
     # Stack check slow path returned that the stack was ok.
     # Since they were clobbered, need to get CodeBlock and new sp
-    codeBlockSetter(t1)
+    codeBlockGetter(t1)
     getFrameRegisterSizeForCodeBlock(t1, t0)
     subp cfr, t0, t0
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes