[Webkit-unassigned] [Bug 233822] [JSC] Port EXTRA_CTI_THUNKS to all platforms
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Feb 1 10:54:14 PST 2022
https://bugs.webkit.org/show_bug.cgi?id=233822
--- Comment #21 from Saam Barati <sbarati at apple.com> ---
I think I know what your arm64e issues are. Take resolve_scope:
On the fast path, we call:
jit.tagReturnAddress()
Then, if we go to the slow path, inside slow_op_resolve_scopeGenerator, we call:
jit.emitCTIThunkPrologue()
which does:
void CCallHelpers::emitCTIThunkPrologue()
{
tagReturnAddress();
This leads us to tagging an already tagged value. So you'll want to audit all fast path to slow paths. Maybe we can just call untag? Or maybe we don't need to tag at all if all fast paths already tag? Otherwise, we could pass in a boolean to this function if it needs to tag. It probably depends on the context of the opcode. resolve_scope is just jumping to its slow paths. Maybe other opcodes call it?
Anyways, I think this should be enough info to go in and audit the code with this in mind.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220201/1c777dd1/attachment.htm>
More information about the webkit-unassigned
mailing list