Ignore:
Timestamp:
Sep 3, 2014, 11:50:23 AM (11 years ago)
Author:
[email protected]
Message:

FTL In implementation sets callReturnLocation incorrectly leading to crashes beneath repatchCall()
https://bugs.webkit.org/show_bug.cgi?id=136488

Reviewed by Mark Hahnenberg.

  • ftl/FTLCompile.cpp:

(JSC::FTL::generateCheckInICFastPath): The call is in the slow path.

  • tests/stress/ftl-in-overflow.js: Added. This used to crash with 100% with FTL enabled.

(foo):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp

    r172867 r173213  
    214214        fastPath.link(jump, slowPathBeginLoc);
    215215
    216         CodeLocationCall callReturnLocation = fastPath.locationOf(call);
     216        CodeLocationCall callReturnLocation = slowPath.locationOf(call);
    217217
    218218        stubInfo.patch.deltaCallToDone = MacroAssembler::differenceBetweenCodePtr(
Note: See TracChangeset for help on using the changeset viewer.