[Webkit-unassigned] [Bug 127777] [EFL][GTK][Windows] Fix the regression caused by the jsCStack branch merge

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jan 29 16:31:33 PST 2014


https://bugs.webkit.org/show_bug.cgi?id=127777





--- Comment #15 from Michael Saboff <msaboff at apple.com>  2014-01-29 16:28:57 PST ---
(In reply to comment #14)
> Some further clarification on comment #13:
> 
> JSC::eval() and JSC::Interpreter::execute() rely on a non-null JSScope object being accessible through the relevant CallFrame. Currently the callerScopeChain variable in JSC::eval()[1] is assigned a null value, and the changes described in comment #13 (adding the extra fprintf call) somehow fix this.
> 
> 
> [1] http://trac.webkit.org/browser/trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp#L110

I believe the issue may be that the optimized version is not pushing rbp at the top of the function.  The top of the stack after the push of rbp is the exec pointer passed in as the first argument.  Without the push of rbp, the chain of caller frames is not complete.  In the case of operationCallEval() we pass in both the caller and callee, but the callee's "CallerFrame" doesn't get set up without the push rbp.

Are you compiling with the gcc option -fomit-frame-pointer?  If so, you may want to eliminate that option and see what that does.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list