git://git.webkit.org / WebKit-https.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7671a1d) | patch
DFG Call/ConstructForwardVarargs fails to restore the stack pointer
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 21 Apr 2015 20:55:45 +0000 (20:55 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 21 Apr 2015 20:55:45 +0000 (20:55 +0000)
commit5750ebfe380e2b8525b45680c2595ddb58894c37
treeb06baaa7c264147264a4a3f53f2b29fb78173cf9tree | snapshot
parent7671a1d4be5dbace50a7af2431b5d49d55793b1acommit | diff
DFG Call/ConstructForwardVarargs fails to restore the stack pointer
https://bugs.webkit.org/show_bug.cgi?id=144007

Reviewed by Mark Lam.

We were conditioning the stack pointer restoration on isVarargs, but we also need to do it
if isForwardVarargs.

* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* tests/stress/varargs-then-slow-call.js: Added.
(foo):
(bar):
(fuzz):
(baz):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@183076 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog diff | blob | history
Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp diff | blob | history
Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp diff | blob | history
Source/JavaScriptCore/tests/stress/varargs-then-slow-call.js [new file with mode: 0644] blob
Mirror of the WebKit open source project from svn.webkit.org.