Closed Bug 684563 Opened 13 years ago Closed 13 years ago

IonMonkey: Broken return from exception on x64.

Categories

(Core :: JavaScript Engine, defect)

x86_64
Linux
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: sstangl, Unassigned)

References

Details

Attachments

(2 files, 1 obsolete file)

HandleException (or some related functionality) appears to be incorrectly aligning %rsp on 64-bit systems, with an off-by-sizeof(Value) error with respect to the register array saved by generateEnterJIT(). This manifests as a return to the middle of nowhere, resulting in a segfault.

A bunch of function tests trigger this bug, so it should probably be fixed before that lands. Investigating.
In generateEnterJIT() on x64, before %rsp is saved, the current registers are pushed along with |vp|. But generateReturnError() forgot to pop off |vp|.
Attachment #558124 - Flags: review?(dvander)
Actual patch.
Attachment #558124 - Attachment is obsolete: true
Attachment #558124 - Flags: review?(dvander)
Attachment #558125 - Flags: review?(dvander)
Attachment #558125 - Flags: review?(dvander) → review+
http://hg.mozilla.org/projects/ionmonkey/rev/8d78407cbf7e
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: