Diff
Modified: trunk/LayoutTests/ChangeLog (97098 => 97099)
--- trunk/LayoutTests/ChangeLog 2011-10-10 22:39:20 UTC (rev 97098)
+++ trunk/LayoutTests/ChangeLog 2011-10-10 22:41:01 UTC (rev 97099)
@@ -1,3 +1,16 @@
+2011-10-10 Filip Pizlo <fpi...@apple.com>
+
+ REGRESSIoN (r95399): Web process hangs when opening documents on Google Docs
+ https://bugs.webkit.org/show_bug.cgi?id=69412
+
+ Reviewed by Oliver Hunt.
+
+ * fast/js/dfg-min-max-expected.txt: Added.
+ * fast/js/dfg-min-max.html: Added.
+ * fast/js/script-tests/dfg-min-max.js: Added.
+ (doMin):
+ (doMax):
+
2011-10-10 James Simonsen <simon...@chromium.org>
[Chromium] Add baselines for new tests. Update baselines for 10.6 debug and rolled out v8 change.
Added: trunk/LayoutTests/fast/js/dfg-min-max-expected.txt (0 => 97099)
--- trunk/LayoutTests/fast/js/dfg-min-max-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/js/dfg-min-max-expected.txt 2011-10-10 22:41:01 UTC (rev 97099)
@@ -0,0 +1,27 @@
+This tests that Math.min and Math.max for doubles works correctly in the DFG JIT.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS doMin(1.5, 2.5) is 1.5
+PASS doMin(2.5, 1.5) is 1.5
+PASS doMin(1.5, 1.5) is 1.5
+PASS doMin(2.5, 2.5) is 2.5
+PASS doMin(1.5, NaN) is NaN
+PASS doMin(2.5, NaN) is NaN
+PASS doMin(NaN, 1.5) is NaN
+PASS doMin(NaN, 2.5) is NaN
+PASS doMin(NaN, NaN) is NaN
+PASS doMax(1.5, 2.5) is 2.5
+PASS doMax(2.5, 1.5) is 2.5
+PASS doMax(1.5, 1.5) is 1.5
+PASS doMax(2.5, 2.5) is 2.5
+PASS doMax(1.5, NaN) is NaN
+PASS doMax(2.5, NaN) is NaN
+PASS doMax(NaN, 1.5) is NaN
+PASS doMax(NaN, 2.5) is NaN
+PASS doMax(NaN, NaN) is NaN
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/fast/js/dfg-min-max.html (0 => 97099)
--- trunk/LayoutTests/fast/js/dfg-min-max.html (rev 0)
+++ trunk/LayoutTests/fast/js/dfg-min-max.html 2011-10-10 22:41:01 UTC (rev 97099)
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href=""
+<script src=""
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script src=""
+<script src=""
+</body>
+</html>
Added: trunk/LayoutTests/fast/js/script-tests/dfg-min-max.js (0 => 97099)
--- trunk/LayoutTests/fast/js/script-tests/dfg-min-max.js (rev 0)
+++ trunk/LayoutTests/fast/js/script-tests/dfg-min-max.js 2011-10-10 22:41:01 UTC (rev 97099)
@@ -0,0 +1,42 @@
+description(
+"This tests that Math.min and Math.max for doubles works correctly in the DFG JIT."
+);
+
+function doMin(a, b) {
+ return Math.min(a, b);
+}
+
+function doMax(a, b) {
+ return Math.max(a, b);
+}
+
+for (var i = 0; i < 1000; ++i) {
+ doMin(1.5, 2.5);
+ doMax(1.5, 2.5);
+}
+
+shouldBe("doMin(1.5, 2.5)", "1.5");
+shouldBe("doMin(2.5, 1.5)", "1.5");
+shouldBe("doMin(1.5, 1.5)", "1.5");
+shouldBe("doMin(2.5, 2.5)", "2.5");
+
+shouldBe("doMin(1.5, NaN)", "NaN");
+shouldBe("doMin(2.5, NaN)", "NaN");
+shouldBe("doMin(NaN, 1.5)", "NaN");
+shouldBe("doMin(NaN, 2.5)", "NaN");
+
+shouldBe("doMin(NaN, NaN)", "NaN");
+
+shouldBe("doMax(1.5, 2.5)", "2.5");
+shouldBe("doMax(2.5, 1.5)", "2.5");
+shouldBe("doMax(1.5, 1.5)", "1.5");
+shouldBe("doMax(2.5, 2.5)", "2.5");
+
+shouldBe("doMax(1.5, NaN)", "NaN");
+shouldBe("doMax(2.5, NaN)", "NaN");
+shouldBe("doMax(NaN, 1.5)", "NaN");
+shouldBe("doMax(NaN, 2.5)", "NaN");
+
+shouldBe("doMax(NaN, NaN)", "NaN");
+
+var successfullyParsed = true;
Modified: trunk/Source/_javascript_Core/ChangeLog (97098 => 97099)
--- trunk/Source/_javascript_Core/ChangeLog 2011-10-10 22:39:20 UTC (rev 97098)
+++ trunk/Source/_javascript_Core/ChangeLog 2011-10-10 22:41:01 UTC (rev 97099)
@@ -1,3 +1,18 @@
+2011-10-10 Filip Pizlo <fpi...@apple.com>
+
+ REGRESSIoN (r95399): Web process hangs when opening documents on Google Docs
+ https://bugs.webkit.org/show_bug.cgi?id=69412
+
+ Reviewed by Oliver Hunt.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+
2011-10-10 Mark Hahnenberg <mhahnenb...@apple.com>
Remove getCallDataVirtual methods
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (97098 => 97099)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2011-10-10 22:39:20 UTC (rev 97098)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2011-10-10 22:41:01 UTC (rev 97099)
@@ -1183,7 +1183,7 @@
MacroAssembler::Jump op1Less = m_jit.branchDouble(op == ArithMin ? MacroAssembler::DoubleLessThan : MacroAssembler::DoubleGreaterThan, op1.fpr(), op2.fpr());
// op2 is eather the lesser one or one of then is NaN
- MacroAssembler::Jump op2Less = m_jit.branchDouble(op == ArithMin ? MacroAssembler::DoubleGreaterThan : MacroAssembler::DoubleLessThan, op1.fpr(), op2.fpr());
+ MacroAssembler::Jump op2Less = m_jit.branchDouble(op == ArithMin ? MacroAssembler::DoubleGreaterThanOrEqual : MacroAssembler::DoubleLessThanOrEqual, op1.fpr(), op2.fpr());
// Unordered case. We don't know which of op1, op2 is NaN. Manufacture NaN by adding
// op1 + op2 and putting it into result.
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (97098 => 97099)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2011-10-10 22:39:20 UTC (rev 97098)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2011-10-10 22:41:01 UTC (rev 97099)
@@ -1293,7 +1293,7 @@
MacroAssembler::Jump op1Less = m_jit.branchDouble(op == ArithMin ? MacroAssembler::DoubleLessThan : MacroAssembler::DoubleGreaterThan, op1.fpr(), op2.fpr());
// op2 is eather the lesser one or one of then is NaN
- MacroAssembler::Jump op2Less = m_jit.branchDouble(op == ArithMin ? MacroAssembler::DoubleGreaterThan : MacroAssembler::DoubleLessThan, op1.fpr(), op2.fpr());
+ MacroAssembler::Jump op2Less = m_jit.branchDouble(op == ArithMin ? MacroAssembler::DoubleGreaterThanOrEqual : MacroAssembler::DoubleLessThanOrEqual, op1.fpr(), op2.fpr());
// Unordered case. We don't know which of op1, op2 is NaN. Manufacture NaN by adding
// op1 + op2 and putting it into result.
Modified: trunk/Source/_javascript_Core/jit/JIT.cpp (97098 => 97099)
--- trunk/Source/_javascript_Core/jit/JIT.cpp 2011-10-10 22:39:20 UTC (rev 97098)
+++ trunk/Source/_javascript_Core/jit/JIT.cpp 2011-10-10 22:41:01 UTC (rev 97099)
@@ -536,9 +536,8 @@
#if ENABLE(VALUE_PROFILER)
m_canBeOptimized = m_codeBlock->canCompileWithDFG();
#endif
-#if ENABLE(DFG_JIT)
- if (m_canBeOptimized)
- m_startOfCode = label();
+#if ENABLE(DFG_JIT) || ENABLE(JIT_VERBOSE)
+ m_startOfCode = label();
#endif
// Just add a little bit of randomness to the codegen
Modified: trunk/Source/_javascript_Core/jit/JIT.h (97098 => 97099)
--- trunk/Source/_javascript_Core/jit/JIT.h 2011-10-10 22:39:20 UTC (rev 97098)
+++ trunk/Source/_javascript_Core/jit/JIT.h 2011-10-10 22:41:01 UTC (rev 97099)
@@ -1087,8 +1087,10 @@
#if ENABLE(VALUE_PROFILER)
bool m_canBeOptimized;
#endif
+#if ENABLE(DFG_JIT) || ENABLE(JIT_VERBOSE)
+ Label m_startOfCode;
+#endif
#if ENABLE(DFG_JIT)
- Label m_startOfCode;
CompactJITCodeMap::Encoder m_jitCodeMapEncoder;
#endif
} JIT_CLASS_ALIGNMENT;
