[Webkit-unassigned] [Bug 128115] [Win] LLINT is not working.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Feb 12 13:22:48 PST 2014 

https://bugs.webkit.org/show_bug.cgi?id=128115





--- Comment #38 from Michael Saboff <msaboff at apple.com>  2014-02-12 13:20:02 PST ---
(In reply to comment #37)
> (In reply to comment #35)
> > (From update of attachment 223887 [details] [details])
> >
> > Regarding the stack alignment issue, I may be able to make some suggestions if you can post some debugging info on the issue you're seeing e.g. what is the value of the frame pointer and stack pointer when the assertion fails.
> > 
> 
> In a WinCairo release build, the first assert I get, is in callToJavaScript:
> 
> callToJavaScript PROC PUBLIC
>   push ebp
>   push esi
>   push edi
>   push ebx
>   sub esp, 12
>   mov ebx, dword ptr [36 + esp]
>   mov edi, dword ptr [32 + esp]
>   mov edx, esp
>   and edx, 15
>   test edx, edx
>   jz _offlineasm_doCallToJavaScript__checkStackPointerAlignment__stackPointerOkay
>   mov edx, 3134249985
>   int 3 --> Breaks here
> 
> When on the "int 3" instruction, esp == 001CE8C8, and ebp == 001CE900

It could be that the compiler doesn't enforce as strict alignment on the stack as we want in JavaScript.  We want a 16 but aligned stack, primarily due to the use of xmm registers for FP operations.  I believe that Windows 32 bit is 8 byte aligned at best.  The combination of the implicit push from the "call" instruction, followed by 4 pushes and then the sub 12 will leave the stack pointer with the same alignment as the caller had at the time of the call.

We had a similar issue with ARMv7 and handled it by aligning the stack in LowLevelInterpreter.asm:callToJavaScriptPrologue  (see the elsif ARM or ARMv7 or ARMv7_TRADITIONAL case).  We effectively pushed the pre aligned stack pointer on the stack post alignment.  We then restore everything back in LowLevelInterpreter.asm:callToJavaScriptEpilogue.  You may have to do the same thing for Windows.

You can verify the need for this by checking the stack pointer value before the first instruction of callToJavaScript (or callToNativeFunction).  The least significant nibble should be 'C'.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list