Outgoing function parameters can be clobbered

VERIFIED FIXED in flash10.1

Status

Tamarin
Baseline JIT (CodegenLIR)
P1
critical
VERIFIED FIXED
9 years ago
9 years ago

People

(Reporter: Edwin Smith, Assigned: Edwin Smith)

Tracking

unspecified
flash10.1

Details

Attachments

(3 obsolete attachments)

(Assignee)

Description

9 years ago
Created attachment 416414 [details] [diff] [review]
Extend lifetime of outgoing args to the function call even when an interior pointer is used.

In rare cases, it is possible for outgoing args to a function to be clobbered when a register spills, because the code lifetime of the allocated space for the args does not extend to the function call.

This only occurs on 32 bit machines and outgoing calls that contain at least one Number typed parameter, and is a result of optimizing the alignment of the double parameter, and passing an aligned interior pointer to the call.
(Assignee)

Updated

9 years ago
Priority: -- → P1
Target Milestone: --- → flash10.1
(Assignee)

Updated

9 years ago
Attachment #416414 - Attachment is patch: true
Attachment #416414 - Attachment mime type: application/octet-stream → text/plain
Attachment #416414 - Flags: review?(rreitmai)
(Assignee)

Comment 1

9 years ago
Created attachment 416426 [details] [diff] [review]
(v2) Extend lifetime of outgoing args to the function call even when an interior pointer is used.

Rebased patch, fixed the same problem in OP_newobject, found by inspection.
Assignee: nobody → edwsmith
Attachment #416414 - Attachment is obsolete: true
Attachment #416426 - Flags: review?(rreitmai)
Attachment #416414 - Flags: review?(rreitmai)

Comment 2

9 years ago
Comment on attachment 416426 [details] [diff] [review]
(v2) Extend lifetime of outgoing args to the function call even when an interior pointer is used.

r+ing, but we should follow up with another bug, since other LIR_callx's could encounter something similar.
Attachment #416426 - Flags: review?(rreitmai) → review+
(Assignee)

Comment 3

9 years ago
I'm not going to submit the patch, working on a more complete fix now.
(Assignee)

Comment 4

9 years ago
Created attachment 416570 [details] [diff] [review]
(v3)  Extend lifetime of outgoing args to the function call even when an interior pointer is used.

This adds a LIR_live that fixes the lifetime for every LIR_alloc, regardless of whether the pointer itself or an interior pointer is passed out to a function.
Attachment #416426 - Attachment is obsolete: true
Attachment #416570 - Flags: review?(rreitmai)

Comment 5

9 years ago
Comment on attachment 416570 [details] [diff] [review]
(v3)  Extend lifetime of outgoing args to the function call even when an interior pointer is used.

Although I doubt it will move the needle much curious how this affects performance.
Attachment #416570 - Flags: review?(rreitmai) → review+
(Assignee)

Comment 6

9 years ago
Negligible effects, from my testing.  If anything i'd expect it to affect compile time slightly (slightly more LIR instructions to process) and run-time not at all.
(Assignee)

Comment 7

9 years ago
Comment on attachment 416570 [details] [diff] [review]
(v3)  Extend lifetime of outgoing args to the function call even when an interior pointer is used.

pushed
Attachment #416570 - Attachment is obsolete: true
(Assignee)

Updated

9 years ago
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
(Assignee)

Updated

9 years ago
Duplicate of this bug: 532551

Comment 9

9 years ago
Engineering work item.  Marking as verified.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.