[webkit-changes] [92996] branches/safari-534.51-branch/Source/JavaScriptCore

Fri, 12 Aug 2011 14:10:30 -0700

Title: [92996] branches/safari-534.51-branch/Source/_javascript_Core

Diff

Modified: branches/safari-534.51-branch/Source/_javascript_Core/ChangeLog (92995 => 92996)


--- branches/safari-534.51-branch/Source/_javascript_Core/ChangeLog	2011-08-12 21:08:10 UTC (rev 92995)
+++ branches/safari-534.51-branch/Source/_javascript_Core/ChangeLog	2011-08-12 21:10:22 UTC (rev 92996)
@@ -1,5 +1,29 @@
 2011-08-11  Lucas Forschler  <[email protected]>
 
+    Merged 92986
+
+    2011-08-12  Filip Pizlo  <[email protected]>
+
+            REGRESSION (r91610?): Bing Maps fail to initialize (InvalidOperation:
+            Matrix3D.invert)
+            https://bugs.webkit.org/show_bug.cgi?id=66038
+
+            Reviewed by Gavin Barraclough.
+
+            Simplest and lowest-impact fix for the case where the spilled format
+            of a DFG node differs from the register format: if the format is
+            converted then indicate that the spilled value is no longer valid
+            ("kill the spill").
+
+            * dfg/DFGGenerationInfo.h:
+            (JSC::DFG::GenerationInfo::killSpilled):
+            * dfg/DFGJITCodeGenerator.cpp:
+            (JSC::DFG::JITCodeGenerator::fillDouble):
+            * dfg/DFGSpeculativeJIT.cpp:
+            (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+
+2011-08-11  Lucas Forschler  <[email protected]>
+
     Merged 92911
 
     2011-08-11  Filip Pizlo  <[email protected]>

Modified: branches/safari-534.51-branch/Source/_javascript_Core/dfg/DFGGenerationInfo.h (92995 => 92996)


--- branches/safari-534.51-branch/Source/_javascript_Core/dfg/DFGGenerationInfo.h	2011-08-12 21:08:10 UTC (rev 92995)
+++ branches/safari-534.51-branch/Source/_javascript_Core/dfg/DFGGenerationInfo.h	2011-08-12 21:10:22 UTC (rev 92996)
@@ -212,6 +212,12 @@
         ASSERT(m_canFill && m_registerFormat != DataFormatNone);
         m_registerFormat = DataFormatNone;
     }
+    
+    void killSpilled()
+    {
+        m_spillFormat = DataFormatNone;
+        m_canFill = false;
+    }
 
     // Record that this value is filled into machine registers,
     // tracking which registers, and what format the value has.

Modified: branches/safari-534.51-branch/Source/_javascript_Core/dfg/DFGJITCodeGenerator.cpp (92995 => 92996)


--- branches/safari-534.51-branch/Source/_javascript_Core/dfg/DFGJITCodeGenerator.cpp	2011-08-12 21:08:10 UTC (rev 92995)
+++ branches/safari-534.51-branch/Source/_javascript_Core/dfg/DFGJITCodeGenerator.cpp	2011-08-12 21:10:22 UTC (rev 92996)
@@ -182,6 +182,7 @@
         m_gprs.unlock(tempGpr);
         m_fprs.retain(fpr, virtualRegister, SpillOrderDouble);
         info.fillDouble(fpr);
+        info.killSpilled();
         return fpr;
     }

Modified: branches/safari-534.51-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (92995 => 92996)


--- branches/safari-534.51-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp	2011-08-12 21:08:10 UTC (rev 92995)
+++ branches/safari-534.51-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp	2011-08-12 21:10:22 UTC (rev 92996)
@@ -255,6 +255,7 @@
         m_gprs.unlock(tempGpr);
         m_fprs.retain(fpr, virtualRegister, SpillOrderDouble);
         info.fillDouble(fpr);
+        info.killSpilled();
         return fpr;
     }
 

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to