[Webkit-unassigned] [Bug 198770] New: [JSC] virtual tail call thunk should restore callee saves before jump

Tue Jun 11 16:03:13 PDT 2019

https://bugs.webkit.org/show_bug.cgi?id=198770

            Bug ID: 198770
           Summary: [JSC] virtual tail call thunk should restore callee
                    saves before jump
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ysuzuki at apple.com

When linkPolymorphicCall gives up compiling polymorphic call, we fall back to virtual call. But `linkVirtualCall` does not restore the callee saves before calling the tail call, while polymorphic call does it.
If the caller CodeBlock clobbers the callee saves (e.g. FTL), we forget restoring it, and caller's caller will see garbage in callee saves.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190611/196d82bb/attachment-0001.html>