REGRESSION (r190370): CrashTracer: [USER] com.apple.WebKit.WebContent at com.apple...
authormsaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 14 Nov 2015 21:13:02 +0000 (21:13 +0000)
committermsaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 14 Nov 2015 21:13:02 +0000 (21:13 +0000)
commit63fc8668c69c34111c0c0dea5c11f545f9b24cc8
tree8db0892e124be2403f2fd5353bc8611f70e7fb37
parente77cbaf9788f8227f794dcb027154f159d4c7042
REGRESSION (r190370): CrashTracer: [USER] com.apple.WebKit.WebContent at com.apple.JavaScriptCore: JSC::JITCode::execute + 158
https://bugs.webkit.org/show_bug.cgi?id=151279

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

We need to restore callee saves even when we take the slow path in a polymorphic call stub.
Move the restoration to the top of the stub so that it is done for all paths.

* jit/Repatch.cpp:
(JSC::linkPolymorphicCall):

LayoutTests:

New regression test.

* js/regress-151279-expected.txt: Added.
* js/regress-151279.html: Added.
* js/script-tests/regress-151279.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@192457 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/js/regress-151279-expected.txt [new file with mode: 0644]
LayoutTests/js/regress-151279.html [new file with mode: 0644]
LayoutTests/js/script-tests/regress-151279.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/jit/Repatch.cpp