Closed Bug 726220 Opened 8 years ago Closed 8 years ago

IonMonkey: ContainsCodeAddress has an off by 1 error

Categories

(Core :: JavaScript Engine, defect)

ARM
Linux
defect
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: mjrosenb, Unassigned)

Details

Attachments

(1 file, 1 obsolete file)

we call containsCodeAddress with a pointer that is the return address from a function.
For the most part, this works, but in some cases, when we know a call isn't going to return, no code is placed after the call, so the return address is not technically part of the function, and this makes walking up the stack *quite* sad.
Attachment #596214 - Flags: review?(sstangl)
Comment on attachment 596214 [details] [diff] [review]
/home/mrosenberg/patches/fixFunctionCheck-r0.patch

Review of attachment 596214 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/ion/IonCode.h
@@ +286,5 @@
> +        // however, when the code for exceptions is generated, there is no code
> +        // after the call.  If that was the last instruction in the function,
> +        // then the return address would be exactly at the upper bound of the
> +        // function, so it has been changed to <=
> +        return method()->raw() <= addr && addr <= method()->raw() + method()->instructionsSize();

This change causes containsCodeAddress() to lie for the purpose of appeasing exceptions. Instead of having this function lie, could we solve the problem locally in the exception generators by inserting NOPs into the code stream, with commentary?
Attachment #596214 - Flags: review?(sstangl)
Attachment #596214 - Attachment is obsolete: true
Attachment #597509 - Flags: review?(sstangl)
Attachment #597509 - Flags: review?(sstangl) → review+
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.