[Webkit-unassigned] [Bug 68606] New: 32-bit call code clobbers the function cell tag

Thu Sep 22 03:22:15 PDT 2011

https://bugs.webkit.org/show_bug.cgi?id=68606

           Summary: 32-bit call code clobbers the function cell tag
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: fpizlo at apple.com

The change to use emitJumpIfNotType results in problems, because this function is often called (in 32-bit mode) with the tag register as the scratch register.  If the jump is taken, the slow path code then expects the tag register to be intact, and passes the no-longer-valid tag to a stub function.  This results in failures when attempting to make InternalFunction calls.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.