Need to align sp before calling operationLoadVarargs on 32-bit platfo…

…rms. <https://webkit.org/b/129056> Reviewed by Michael Saboff. In JIT::compileLoadVarargs(), we'll call operationSizeFrameForVarargs() to compute the amount of stack space we need for the varargs, adjust the stack pointer to make room for those varargs, and then call operationLoadVarargs() to fill in the varargs. Currently, the stack pointer adjustment takes care of allocating space for the varargs, but does not align the stack pointer for the call to operationLoadVarargs(). The fix is to align the stack pointer there. Note: The stack pointer adjustment is based on the new CallFrame pointer value returned by operationSizeFrameForVarargs(). On 64-bit platforms, both the stack pointer and call frame pointer are similarly aligned (i.e. low nibbles are 0). Hence, no additional adjustment is needed. Only the 32-bit code needs the fix. Note: The LLINT also works this way i.e. aligns the stack pointer before calling llint_slow_path_call_varargs(). * jit/JITCall32_64.cpp: (JSC::JIT::compileLoadVarargs): Canonical link: https://commits.webkit.org/147106@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@164397 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · Feb 19, 2014 · ddaec3c · ddaec3c
1 parent f6568fd
commit ddaec3c
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 1 deletion.
diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
@@ -1,3 +1,30 @@
+2014-02-19  Mark Lam  <mark.lam@apple.com>
+
+        Need to align sp before calling operationLoadVarargs on 32-bit platforms.
+        <https://webkit.org/b/129056>
+
+        Reviewed by Michael Saboff.
+
+        In JIT::compileLoadVarargs(), we'll call operationSizeFrameForVarargs()
+        to compute the amount of stack space we need for the varargs, adjust the
+        stack pointer to make room for those varargs, and then call
+        operationLoadVarargs() to fill in the varargs. Currently, the stack
+        pointer adjustment takes care of allocating space for the varargs, but
+        does not align the stack pointer for the call to operationLoadVarargs().
+        The fix is to align the stack pointer there.
+
+        Note: The stack pointer adjustment is based on the new CallFrame pointer
+        value returned by operationSizeFrameForVarargs(). On 64-bit platforms,
+        both the stack pointer and call frame pointer are similarly aligned
+        (i.e. low nibbles are 0). Hence, no additional adjustment is needed.
+        Only the 32-bit code needs the fix.
+
+        Note: The LLINT also works this way i.e. aligns the stack pointer before
+        calling llint_slow_path_call_varargs().
+
+        * jit/JITCall32_64.cpp:
+        (JSC::JIT::compileLoadVarargs):
+
 2014-02-19  Sam Weinig  <sam@webkit.org>
 
         [JS] Convert Promise.prototype.catch to be a built-in

diff --git a/Source/JavaScriptCore/jit/JITCall32_64.cpp b/Source/JavaScriptCore/jit/JITCall32_64.cpp
@@ -186,7 +186,7 @@ void JIT::compileLoadVarargs(Instruction* instruction)
 
     emitLoad(arguments, regT1, regT0);
     callOperation(operationSizeFrameForVarargs, regT1, regT0, firstFreeRegister);
-    move(returnValueGPR, stackPointerRegister);
+    addPtr(TrustedImm32(-sizeof(CallerFrameAndPC)), returnValueGPR, stackPointerRegister);
     emitLoad(thisValue, regT1, regT4);
     emitLoad(arguments, regT3, regT2);
     callOperation(operationLoadVarargs, returnValueGPR, regT1, regT4, regT3, regT2);