32-bit call code clobbers the function cell tag
authorossy@webkit.org <ossy@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 22 Sep 2011 11:05:41 +0000 (11:05 +0000)
committerossy@webkit.org <ossy@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 22 Sep 2011 11:05:41 +0000 (11:05 +0000)
commit8442e99ad8cff23c597866a056f7ff953b871b9c
tree333b11c7d0425173a4e71014c9655f3783feeb62
parent68fd2fd6cc1c4ff3adc2248c8924f34fc35dbd7b
32-bit call code clobbers the function cell tag
https://bugs.webkit.org/show_bug.cgi?id=68606

Patch by Filip Pizlo <fpizlo@apple.com> on 2011-09-22
Reviewed by Csaba Osztrogon√°c.

This is a minimalistic fix: it simply emits code to restore the
cell tag on the slow path, if we know that we failed due to
emitCallIfNotType.

* jit/JITCall32_64.cpp:
(JSC::JIT::compileOpCallVarargsSlowCase):
(JSC::JIT::compileOpCallSlowCase):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@95707 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/jit/JITCall32_64.cpp