[Webkit-unassigned] [Bug 124409] [Win] JavaScript crashes on 64-bit with JIT enabled.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 15 11:01:36 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=124409
--- Comment #3 from peavo at outlook.com 2013-11-15 11:00:14 PST ---
(In reply to comment #2)
> (From update of attachment 217049 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=217049&action=review
>
> Thanks for the work. Looking pretty good. It needs a couple of changes.
> In addition to what is noted inline, the value that we sub/add to sp in callToJavaScript / returnFromJavaScript need to be adjusted for the additional pushes of rbi/rdi and for the space needed to make calls out. The value should be large enough for the space needed to call AND result in a 32 byte aligned SP. I think that means the new value should be 38h. In addition to changing 28h -> 38h, update the comment to include that the calling convention requires space for 4 Dwords.
Thanks for the feedback :)
I updated the value to 38h, and removed the other two calls, but then I get a crash in:
void JIT_OPERATION operationPutByIdNonStrictOptimize(ExecState* exec, StructureStubInfo* stubInfo, EncodedJSValue encodedValue, EncodedJSValue encodedBase, StringImpl* uid)
I assume the 5. parameter here goes on the stack.
According to http://msdn.microsoft.com/en-us/library/ms235286.aspx, the stack should be aligned to 16 bytes, but I'm not sure what's correct?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list