Closed
Bug 1342353
Opened 7 years ago
Closed 7 years ago
Wasm baseline: Regression: stackArgAreaSize() must compute the complete size
Categories
(Core :: JavaScript Engine: JIT, defect)
Tracking
()
RESOLVED
FIXED
mozilla54
Tracking | Status | |
---|---|---|
firefox54 | --- | fixed |
People
(Reporter: lth, Assigned: lth)
References
Details
Attachments
(1 file)
5.76 KB,
patch
|
bbouvier
:
review+
|
Details | Diff | Splinter Review |
Bug 1341650 introduced an adjustment to the baseline compiler to account for the stack occupancy of the hidden register argument (tls) to grow_memory and current_memory. However this accounting was in the wrong place and could lead to unaligned frames; these could lead to crashes, and I've seen such crashes on MacOSX 32-bit builds where sse instructions assuming alignment cause bus errors. The fix is pretty simple, we just have to make sure that stackArgAreaSize() gets to see the whole signature and that all accounting happens in that function. Thus we revert a couple of lines from the earlier bug here and generalize that function a little.
Assignee | ||
Comment 1•7 years ago
|
||
Attachment #8840793 -
Flags: review?(bbouvier)
Comment 2•7 years ago
|
||
Comment on attachment 8840793 [details] [diff] [review] bug1342353-stack-frame-size.patch Review of attachment 8840793 [details] [diff] [review]: ----------------------------------------------------------------- Thanks.
Attachment #8840793 -
Flags: review?(bbouvier) → review+
Assignee | ||
Comment 3•7 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/d798f41291ba515aef8849c3b8d16112e3c222ef Bug 1342353 - Wasm baseline, properly compute aligned frame size. r=bbouvier
Comment 4•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/d798f41291ba
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox54:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla54
You need to log in
before you can comment on or make changes to this bug.
Description
•