[webkit-dev] stack alignment bug
x yz
lastguy at yahoo.com
Wed Jun 3 14:57:34 PDT 2009
Zoltan,
I filed a bug here: https://bugs.webkit.org/show_bug.cgi?id=26164
Stack is originally aligned then jit code destroys it; and, some data structure or point to double is not aligned and I'm still trying to find where they are.
I'm not sure how the fake stack would be, would you mind explains a bit more?
Did you face same problem?
Thanks also for your articles that gives new ideas.
rgds
joe
--- On Wed, 6/3/09, Zoltan Herczeg <zherczeg at inf.u-szeged.hu> wrote:
> From: Zoltan Herczeg <zherczeg at inf.u-szeged.hu>
> Subject: Re: [webkit-dev] stack alignment bug
> To: "x yz" <lastguy at yahoo.com>
> Cc: webkit-dev at lists.webkit.org
> Date: Wednesday, June 3, 2009, 7:35 PM
> Hi,
>
> true, some architectures have strict policies for stack
> handling. Perhaps
> the worst one is PowerPC with its organized stack frame
> (back chains,
> pre-defined register save areas, etc). I think a fake stack
> pointer for
> JIT can solve the x86 compatibility problem.
>
> 1) allocate enough aligned stack space for the worst case
> when you enter
> to JIT
> 2) the fake stack pointer should use this pre-allocated
> stack frame.
>
> Zoltan
>
> > I don't know how to file bug so I posted here.
> > In privateCompileCTIMachineTrampolines() there are
> multiple align() to
> > align code on 16byte margin, yet, the stack can be put
> on 32bit margin
> > that causes crush.
> > Suppose original stack is aligned to 8/16bytes, the
> above function
> > frequently pop/push regT3 that makes stack
> mis-aligned. Then int to double
> > conversion uses stack that will fail.
> > rgds
> > joe
>
>
>
More information about the webkit-dev
mailing list