[Webkit-unassigned] [Bug 119140] REGRESSION: Crash beneath cti_vm_throw_slowpath due to invalid CallFrame pointer
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jul 31 15:42:51 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=119140
--- Comment #17 from Michael Saboff <msaboff at apple.com> 2013-07-31 15:42:35 PST ---
(In reply to comment #16)
> Julien and I discovered the problem here:
>
> ExceptionHandler __attribute__ ((fastcall)) cti_vm_throw_slowpath(CallFrame* callFrame);
>
> On some compilers, returning a struct causes the compiler to allocate the first register as the "pointer to return value".
Makes sense. I was looking at the disassembly that Julien posted and the use of %ecx was throwing me. The first arg (callFrame) was in %edx.
That means that ctiVMThrowTrampolineSlowpath will need to be modified for those compilers to allocate the struct space on the stack and put the address in %ecx, put callFrame in %edx and then on return use the values in the stack instead of %eax:edx
Did you determine any predefined macros that say the compiler is doing this?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list