[webkit-changes] [199837] trunk/Source/JavaScriptCore

Thu, 21 Apr 2016 15:12:04 -0700

Title: [199837] trunk/Source/_javascript_Core
Revision
199837
Author
fpi...@apple.com
Date
2016-04-21 15:11:38 -0700 (Thu, 21 Apr 2016)

Log Message

PolymorphicAccess adds sizeof(CallerFrameAndPC) rather than subtracting it when calculating stack height
https://bugs.webkit.org/show_bug.cgi?id=156872

Reviewed by Geoffrey Garen.
        
The code that added sizeof(CallerFrameAndPC) emerged from a bad copy-paste in r189586. That was
the revision that created the PolymorphicAccess class. It moved code for generating a
getter/setter call from Repatch.cpp to PolymorphicAccess.cpp. You can see the code doing a
subtraction here:
        
    http://trac.webkit.org/changeset/189586/trunk/Source/_javascript_Core/jit/Repatch.cpp
        
This makes the world right again.

* bytecode/PolymorphicAccess.cpp:
(JSC::AccessCase::generateImpl):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (199836 => 199837)


--- trunk/Source/_javascript_Core/ChangeLog	2016-04-21 21:16:54 UTC (rev 199836)
+++ trunk/Source/_javascript_Core/ChangeLog	2016-04-21 22:11:38 UTC (rev 199837)
@@ -1,3 +1,22 @@
+2016-04-21  Filip Pizlo  <fpi...@apple.com>
+
+        PolymorphicAccess adds sizeof(CallerFrameAndPC) rather than subtracting it when calculating stack height
+        https://bugs.webkit.org/show_bug.cgi?id=156872
+
+        Reviewed by Geoffrey Garen.
+        
+        The code that added sizeof(CallerFrameAndPC) emerged from a bad copy-paste in r189586. That was
+        the revision that created the PolymorphicAccess class. It moved code for generating a
+        getter/setter call from Repatch.cpp to PolymorphicAccess.cpp. You can see the code doing a
+        subtraction here:
+        
+            http://trac.webkit.org/changeset/189586/trunk/Source/_javascript_Core/jit/Repatch.cpp
+        
+        This makes the world right again.
+
+        * bytecode/PolymorphicAccess.cpp:
+        (JSC::AccessCase::generateImpl):
+
 2016-04-21  Geoffrey Garen  <gga...@apple.com>
 
         Build warning: CODE_SIGN_ENTITLEMENTS specified without specifying CODE_SIGN_IDENTITY

Modified: trunk/Source/_javascript_Core/bytecode/PolymorphicAccess.cpp (199836 => 199837)


--- trunk/Source/_javascript_Core/bytecode/PolymorphicAccess.cpp	2016-04-21 21:16:54 UTC (rev 199836)
+++ trunk/Source/_javascript_Core/bytecode/PolymorphicAccess.cpp	2016-04-21 22:11:38 UTC (rev 199837)
@@ -992,7 +992,7 @@
             unsigned numberOfRegsForCall = JSStack::CallFrameHeaderSize + numberOfParameters;
 
             unsigned numberOfBytesForCall =
-                numberOfRegsForCall * sizeof(Register) + sizeof(CallerFrameAndPC);
+                numberOfRegsForCall * sizeof(Register) - sizeof(CallerFrameAndPC);
 
             unsigned alignedNumberOfBytesForCall =
                 WTF::roundUpToMultipleOf(stackAlignmentBytes(), numberOfBytesForCall);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to