32-bit call code clobbers the function cell tag
authorossy@webkit.org <ossy@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 22 Sep 2011 11:05:41 +0000 (11:05 +0000)
committerossy@webkit.org <ossy@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 22 Sep 2011 11:05:41 +0000 (11:05 +0000)
commit0e62835c7efeabd8ffebc246c00beef9f4c0526d
tree333b11c7d0425173a4e71014c9655f3783feeb62
parent4b168f2807d8255b413932d093f39d0ee4b0a5bb
32-bit call code clobbers the function cell tag
https://bugs.webkit.org/show_bug.cgi?id=68606

Patch by Filip Pizlo <fpizlo@apple.com> on 2011-09-22
Reviewed by Csaba Osztrogonác.

This is a minimalistic fix: it simply emits code to restore the
cell tag on the slow path, if we know that we failed due to
emitCallIfNotType.

* jit/JITCall32_64.cpp:
(JSC::JIT::compileOpCallVarargsSlowCase):
(JSC::JIT::compileOpCallSlowCase):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95707 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/jit/JITCall32_64.cpp