Closed
Bug 674457
Opened 13 years ago
Closed 13 years ago
IonMonkey: Fix entering functions with no arguments on x64
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: sstangl, Unassigned)
Details
Attachments
(1 file)
5.10 KB,
patch
|
dvander
:
review+
|
Details | Diff | Splinter Review |
The current implementation of x64's generateEnterJIT() puts arguments onto the JS stack by looping (argc-1) times, which behaves amusingly if argc == 0.
Reporter | ||
Comment 1•13 years ago
|
||
Attachment #548693 -
Flags: review?(dvander)
Comment on attachment 548693 [details] [diff] [review] Fix x64 generateEnterJIT(). Review of attachment 548693 [details] [diff] [review]: ----------------------------------------------------------------- Ack. I completely forgot we'd be JITing global scripts. If you're feeling generous, x86 will surely have the same bug.
Attachment #548693 -
Flags: review?(dvander) → review+
(Andrew: non-function code (global code) has argc == 0. We've accidentally only been testing with functions, which are guaranteed argc >= 2.)
Comment 4•13 years ago
|
||
Ahh... I'm happy fix on x86 if you haven't done it yet, Sean.
Reporter | ||
Comment 5•13 years ago
|
||
x86 actually happens to work correctly if argv == NULL and we are not 'too high up' in the address space, but that looks accidental: Assembler::LessThan is used, but this is a signed comparison on addresses, so the "ALL THE ARGUMENTS" value of (argc-1) is treated as very negative, and therefore less than argv. I'll change it to be less dubious and push.
Reporter | ||
Comment 6•13 years ago
|
||
http://hg.mozilla.org/projects/ionmonkey/rev/b3bfdfb08313
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•