Closed Bug 1342353 Opened 3 years ago Closed 3 years ago

Wasm baseline: Regression: stackArgAreaSize() must compute the complete size

Categories

(Core :: JavaScript Engine: JIT, defect)

52 Branch
x86
All
defect
Not set

Tracking

()

RESOLVED FIXED
mozilla54
Tracking Status
firefox54 --- fixed

People

(Reporter: lth, Assigned: lth)

References

Details

Attachments

(1 file)

Bug 1341650 introduced an adjustment to the baseline compiler to account for the stack occupancy of the hidden register argument (tls) to grow_memory and current_memory.  However this accounting was in the wrong place and could lead to unaligned frames; these could lead to crashes, and I've seen such crashes on MacOSX 32-bit builds where sse instructions assuming alignment cause bus errors.

The fix is pretty simple, we just have to make sure that stackArgAreaSize() gets to see the whole signature and that all accounting happens in that function.  Thus we revert a couple of lines from the earlier bug here and generalize that function a little.
Attachment #8840793 - Flags: review?(bbouvier)
Comment on attachment 8840793 [details] [diff] [review]
bug1342353-stack-frame-size.patch

Review of attachment 8840793 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks.
Attachment #8840793 - Flags: review?(bbouvier) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/d798f41291ba515aef8849c3b8d16112e3c222ef
Bug 1342353 - Wasm baseline, properly compute aligned frame size. r=bbouvier
https://hg.mozilla.org/mozilla-central/rev/d798f41291ba
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla54
You need to log in before you can comment on or make changes to this bug.