Skip to site navigation (Press enter)

[webkit-changes] [164496] trunk/Source/JavaScriptCore

commit-queue Fri, 21 Feb 2014 13:47:45 -0800

Title: [164496] trunk/Source/_javascript_Core

Revision: 164496
Author: commit-qu...@webkit.org
Date: 2014-02-21 13:52:47 -0800 (Fri, 21 Feb 2014)

Log Message

Added a GetMyArgumentsLengthSafe and added a speculation check.
https://bugs.webkit.org/show_bug.cgi?id=129051


Patch by Matthew Mirman <mmir...@apple.com> on 2014-02-21
Reviewed by Filip Pizlo.

* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentsLength):

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (164495 => 164496)


--- trunk/Source/_javascript_Core/ChangeLog	2014-02-21 21:29:51 UTC (rev 164495)
+++ trunk/Source/_javascript_Core/ChangeLog	2014-02-21 21:52:47 UTC (rev 164496)
@@ -1,3 +1,13 @@
+2014-02-21  Matthew Mirman  <mmir...@apple.com>
+
+        Added a GetMyArgumentsLengthSafe and added a speculation check.
+        https://bugs.webkit.org/show_bug.cgi?id=129051
+
+        Reviewed by Filip Pizlo.
+
+        * ftl/FTLLowerDFGToLLVM.cpp:
+        (JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentsLength):
+
 2014-02-21  pe...@outlook.com  <pe...@outlook.com>
 
         [Win][LLINT] Many JSC stress test failures.

Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp (164495 => 164496)


--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp	2014-02-21 21:29:51 UTC (rev 164495)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp	2014-02-21 21:52:47 UTC (rev 164496)
@@ -1830,8 +1830,16 @@
     
     void compileGetMyArgumentsLength() 
     {
-        TypedPointer reg = addressFor(m_node->origin.semantic.stackOffset() + JSStack::ArgumentCount);
-        setInt32(m_out.add(m_out.load32NonNegative(reg), m_out.constInt32(-1)));
+        CodeOrigin codeLocation = m_node->origin.semantic;
+        if (!isEmptySpeculation(
+            m_state.variables().operand(
+                m_graph.argumentsRegisterFor(m_node->origin.semantic)).m_type)) {
+            VirtualRegister argsReg = m_graph.machineArgumentsRegisterFor(codeLocation);
+            speculate(ArgumentsEscaped, noValue(), 0, m_out.notZero64(m_out.load64(addressFor(argsReg))));
+        }
+
+        RELEASE_ASSERT(!codeLocation.inlineCallFrame);
+        setInt32(m_out.add(m_out.load32NonNegative(payloadFor(JSStack::ArgumentCount)), m_out.constInt32(-1)));
     }
 
     void compileGetArrayLength()

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes