Closed Bug 853701 Opened 11 years ago Closed 11 years ago

ARM multi-register FP push exposes the stack to corruption

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
ARM
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: dougc, Unassigned)

References

Details

Attachments

(1 file)

Propsed patch.
4.70 KB, patch
mjrosenb
: review+
Details | Diff | Splinter Review 
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0
Build ID: 20130311191316

Steps to reproduce:

Examine the generated ARM Ion machine code.


Actual results:

     sub            sp, sp, #128	;  sp -= 128
     vstmia	       sp!, {d0-d15}   ; sp += 128
;  The data is exposed to corruption on the stack if interrupted here.
     sub            sp, sp, #128	; sp -= 128



Expected results:

     vpush	{d0-d15}
Attached patch Propsed patch.Splinter Review 

        Attachment #727998 -
        Flags: review?(luke)

    
  
OS: Linux → All
Hardware: x86_64 → ARM

    
  
Blocks: 840285
Status: UNCONFIRMED → NEW
Ever confirmed: true

    
    

    
  
Comment on attachment 727998 [details] [diff] [review]
Propsed patch.

Marty is a looot more familiar with this than I am :)

        Attachment #727998 -
        Flags: review?(luke) → review?(mrosenberg)

    
    

    
  
Nick cameron already has a patch in the pipeline to deal with this.  namely bug 849489.

    
    

    
  
(In reply to Marty Rosenberg [:mjrosenb] from comment #3)
> Nick cameron already has a patch in the pipeline to deal with this.  namely
> bug 849489.

Ok, thanks.  My patch set also includes improvements for pushing
and popping multiple GP registers, and could these be rolled into
the same patch?

    
    

    
  
(In reply to Douglas Crosher from comment #4)
> (In reply to Marty Rosenberg [:mjrosenb] from comment #3)
> > Nick cameron already has a patch in the pipeline to deal with this.  namely
> > bug 849489.
> 
> Ok, thanks.  My patch set also includes improvements for pushing
> and popping multiple GP registers, and could these be rolled into
> the same patch?

See Bug 853710, I think we have pretty much the same code, which is reassuring.

    
    

    
  
Resolved by bug 849489 and bug 853710, thank you.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID

        Attachment #727998 -
        Flags: review?(mrosenberg) → review+

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: