REGRESSION (r159276): rbp register overwritten in Win 64 version of callToJavascript...
authormsaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 14 Nov 2013 18:13:17 +0000 (18:13 +0000)
committermsaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 14 Nov 2013 18:13:17 +0000 (18:13 +0000)
https://bugs.webkit.org/show_bug.cgi?id=124361

Reviewed by Oliver Hunt.

Swapped operand ordering to: mov rax, rbp

* jit/JITStubsMSVC64.asm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@159290 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/jit/JITStubsMSVC64.asm

index e1bb662..3d645cb 100644 (file)
@@ -1,3 +1,14 @@
+2013-11-14  Michael Saboff  <msaboff@apple.com>
+
+        REGRESSION (r159276): rbp register overwritten in Win 64 version of callToJavascript stub
+        https://bugs.webkit.org/show_bug.cgi?id=124361
+
+        Reviewed by Oliver Hunt.
+
+        Swapped operand ordering to: mov rax, rbp
+
+        * jit/JITStubsMSVC64.asm:
+
 2013-11-14  Julien Brianceau  <jbriance@cisco.com>
 
         REGRESSION (r159276): Fix lots of crashes for sh4 architecture.
index 2537d1e..d39bd9f 100644 (file)
@@ -33,7 +33,7 @@ _TEXT   SEGMENT
 
 callToJavaScript PROC
     push rbp
-    mov rbp, rax ; Save previous frame pointer
+    mov rax, rbp ; Save previous frame pointer
     mov rbp, rsp
     push r12
     push r13