Title: [96344] trunk/Source/_javascript_Core
- Revision
- 96344
- Author
- [email protected]
- Date
- 2011-09-29 12:07:41 -0700 (Thu, 29 Sep 2011)
Log Message
Bug fixes for CreateThis, NewObject and GetByOffset in JSVALUE32_64 DFG JIT
https://bugs.webkit.org/show_bug.cgi?id=69075
Patch by Yuqiang Xian <[email protected]> on 2011-09-29
Reviewed by Gavin Barraclough.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (96343 => 96344)
--- trunk/Source/_javascript_Core/ChangeLog 2011-09-29 19:03:40 UTC (rev 96343)
+++ trunk/Source/_javascript_Core/ChangeLog 2011-09-29 19:07:41 UTC (rev 96344)
@@ -1,5 +1,15 @@
2011-09-29 Yuqiang Xian <[email protected]>
+ Bug fixes for CreateThis, NewObject and GetByOffset in JSVALUE32_64 DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=69075
+
+ Reviewed by Gavin Barraclough.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
+2011-09-29 Yuqiang Xian <[email protected]>
+
JSVALUE32_64 DFG JIT failed to be built on 32-bit Linux due to incorrect overloaded OpInfo constructor
https://bugs.webkit.org/show_bug.cgi?id=69054
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (96343 => 96344)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2011-09-29 19:03:40 UTC (rev 96343)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2011-09-29 19:07:41 UTC (rev 96344)
@@ -1674,8 +1674,9 @@
slowPath.link(&m_jit);
silentSpillAllRegisters(resultGPR);
- m_jit.move(protoGPR, GPRInfo::argumentGPR1);
- m_jit.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
+ m_jit.push(TrustedImm32(JSValue::CellTag));
+ m_jit.push(protoGPR);
+ m_jit.push(GPRInfo::callFrameRegister);
appendCallWithExceptionCheck(operationCreateThis);
m_jit.move(GPRInfo::returnValueGPR, resultGPR);
silentFillAllRegisters(resultGPR);
@@ -1702,7 +1703,7 @@
slowPath.link(&m_jit);
silentSpillAllRegisters(resultGPR);
- m_jit.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
+ m_jit.push(GPRInfo::callFrameRegister);
appendCallWithExceptionCheck(operationNewObject);
m_jit.move(GPRInfo::returnValueGPR, resultGPR);
silentFillAllRegisters(resultGPR);
@@ -1834,7 +1835,6 @@
GPRReg resultTagGPR = resultTag.gpr();
GPRReg resultPayloadGPR = resultPayload.gpr();
- storage.use();
StorageAccessData& storageAccessData = m_jit.graph().m_storageAccessData[node.storageAccessDataIndex()];
m_jit.load32(JITCompiler::Address(storageGPR, storageAccessData.offset * sizeof(EncodedJSValue) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)), resultPayloadGPR);
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
