[webkit-changes] [88092] trunk/Source/JavaScriptCore

[barraclough]

Title: [88092] trunk/Source/_javascript_Core

Revision

88092

Author

barraclo...@apple.com

Date

2011-06-03 22:13:44 -0700 (Fri, 03 Jun 2011)

Log Message

https://bugs.webkit.org/show_bug.cgi?id=62082
DFG JIT - bug passing arguments that need swap

Reviewed by Sam Weinig.

This is really just a typo.
When setting up the arguments for a call out to a C operation, we'll
fail to swap arguments where this is necessary. For example, in the
case of 2 arg calls, where the first argument is in %rdx & the second
is in %rsi we should swap (exec will be passed in %rdi), but we don't.

This can also affect function calls passing three arguments.

* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
    - Call swap with the correct arguments.

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/dfg/DFGJITCodeGenerator.h

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (88091 => 88092)

--- trunk/Source/_javascript_Core/ChangeLog	2011-06-04 04:59:11 UTC (rev 88091)
+++ trunk/Source/_javascript_Core/ChangeLog	2011-06-04 05:13:44 UTC (rev 88092)
@@ -1,3 +1,22 @@
+2011-06-03  Gavin Barraclough  <barraclo...@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        https://bugs.webkit.org/show_bug.cgi?id=62082
+        DFG JIT - bug passing arguments that need swap
+
+        This is really just a typo.
+        When setting up the arguments for a call out to a C operation, we'll
+        fail to swap arguments where this is necessary. For example, in the
+        case of 2 arg calls, where the first argument is in %rdx & the second
+        is in %rsi we should swap (exec will be passed in %rdi), but we don't.
+
+        This can also affect function calls passing three arguments.
+
+        * dfg/DFGJITCodeGenerator.h:
+        (JSC::DFG::JITCodeGenerator::setupTwoStubArgs):
+            - Call swap with the correct arguments.
+
 2011-06-03  Oliver Hunt  <oli...@apple.com>
 
         Reviewed by Gavin Barraclough.

Modified: trunk/Source/_javascript_Core/dfg/DFGJITCodeGenerator.h (88091 => 88092)

--- trunk/Source/_javascript_Core/dfg/DFGJITCodeGenerator.h	2011-06-04 04:59:11 UTC (rev 88091)
+++ trunk/Source/_javascript_Core/dfg/DFGJITCodeGenerator.h	2011-06-04 05:13:44 UTC (rev 88092)
@@ -602,7 +602,7 @@
             m_jit.move(srcB, destB);
             m_jit.move(srcA, destA);
         } else
-            m_jit.swap(destB, destB);
+            m_jit.swap(destA, destB);
     }
     template<FPRReg destA, FPRReg destB>
     void setupTwoStubArgs(FPRReg srcA, FPRReg srcB)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes