[Webkit-unassigned] [Bug 82013] CALLFRAME_OFFSET and EXCEPTION_OFFSET are same in ctiTrampoline on ARM Thumb2

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=82013





--- Comment #1 from Gavin Barraclough <barraclough at apple.com>  2012-03-25 22:18:34 PST ---
Uggh, so, the ctiTrampoline is now no longer passed an exception out pointer.  Rather than re-jig the arguments in all asm (which we really should do at some point), we left an unused argument in for now.  So the 'exception' argument no longer really exists, and is completely unused - other that the fact some entry/exit thunks still preserve it around JIT code.  This code should really be deleted (along with all reference to EXCEPTION_OFFSET).

The unused exception value is trampling over the call frame, why does this not crash?

Well, when we wrote the THUMB2 entry thunk we dumbly spilled all arguments to the stack, since that's where they were on x86 - and the CTI callbacks access these values.  But since the call frame may move (it is the JS stack pointer, and updated by JIT code), we cannot rely on the value upon entry to to JIT code, and instead must save a fresh copy each time a call out to C code is made.  As such, I think the store of the call frame is also probably completely redundant, and should likely also be removed.  I'd need to look closer to determine if this is true.

So, my guess is, no actually bug here, just some stupid, wasteful, and potentially confusing & bug prone code. :-/

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.