Diff
Modified: trunk/LayoutTests/ChangeLog (100878 => 100879)
--- trunk/LayoutTests/ChangeLog 2011-11-21 03:32:02 UTC (rev 100878)
+++ trunk/LayoutTests/ChangeLog 2011-11-21 04:35:38 UTC (rev 100879)
@@ -1,3 +1,18 @@
+2011-11-20 Filip Pizlo <[email protected]>
+
+ Showing the data overlay in OpenStreetMap doesn't work, zooming partially broken
+ https://bugs.webkit.org/show_bug.cgi?id=71505
+
+ Reviewed by Oliver Hunt.
+
+ * fast/js/function-dot-apply-replace-base-expected.txt: Added.
+ * fast/js/function-dot-apply-replace-base.html: Added.
+ * fast/js/script-tests/cross-global-object-inline-global-var.js:
+ (done):
+ * fast/js/script-tests/function-dot-apply-replace-base.js: Added.
+ (foo):
+ (bar):
+
2011-11-20 Adam Barth <[email protected]>
REGRESSION(r100691): Safari error pages and Growl notifications fail to load stylesheets
Added: trunk/LayoutTests/fast/js/function-dot-apply-replace-base-expected.txt (0 => 100879)
--- trunk/LayoutTests/fast/js/function-dot-apply-replace-base-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/js/function-dot-apply-replace-base-expected.txt 2011-11-21 04:35:38 UTC (rev 100879)
@@ -0,0 +1,10 @@
+This tests that expressions of the form x = x.apply(...) don't break bytecode generation.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS bar() is 3
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/fast/js/function-dot-apply-replace-base.html (0 => 100879)
--- trunk/LayoutTests/fast/js/function-dot-apply-replace-base.html (rev 0)
+++ trunk/LayoutTests/fast/js/function-dot-apply-replace-base.html 2011-11-21 04:35:38 UTC (rev 100879)
@@ -0,0 +1,10 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script src=""
+<script src=""
+</body>
+</html>
Modified: trunk/LayoutTests/fast/js/script-tests/cross-global-object-inline-global-var.js (100878 => 100879)
--- trunk/LayoutTests/fast/js/script-tests/cross-global-object-inline-global-var.js 2011-11-21 03:32:02 UTC (rev 100878)
+++ trunk/LayoutTests/fast/js/script-tests/cross-global-object-inline-global-var.js 2011-11-21 04:35:38 UTC (rev 100879)
@@ -19,8 +19,7 @@
testPassed("done() called with " + expected);
else
testFailed("done() is " + value + " and should be " + expected + ".");
- if (window.layoutTestController)
- layoutTestController.notifyDone();
+ layoutTestController.notifyDone();
}
function doit() {
Added: trunk/LayoutTests/fast/js/script-tests/function-dot-apply-replace-base.js (0 => 100879)
--- trunk/LayoutTests/fast/js/script-tests/function-dot-apply-replace-base.js (rev 0)
+++ trunk/LayoutTests/fast/js/script-tests/function-dot-apply-replace-base.js 2011-11-21 04:35:38 UTC (rev 100879)
@@ -0,0 +1,26 @@
+description(
+"This tests that expressions of the form x = x.apply(...) don't break bytecode generation."
+);
+
+function foo(a,b) {
+ return a+b;
+}
+
+function bar() {
+ var x;
+
+ x = foo;
+
+ var array = [];
+ array.push(1);
+ array.push(2);
+
+ x = x.apply(void(0), array);
+
+ return x;
+}
+
+shouldBe("bar()", "3");
+
+
+
Modified: trunk/Source/_javascript_Core/ChangeLog (100878 => 100879)
--- trunk/Source/_javascript_Core/ChangeLog 2011-11-21 03:32:02 UTC (rev 100878)
+++ trunk/Source/_javascript_Core/ChangeLog 2011-11-21 04:35:38 UTC (rev 100879)
@@ -1,5 +1,21 @@
2011-11-20 Filip Pizlo <[email protected]>
+ Showing the data overlay in OpenStreetMap doesn't work, zooming partially broken
+ https://bugs.webkit.org/show_bug.cgi?id=71505
+
+ Reviewed by Oliver Hunt.
+
+ The bytecode generator was assuming that call_varargs never reuses the base register
+ (i.e. the function being called) for the result. This is no longer true.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitCallVarargs):
+ * bytecompiler/BytecodeGenerator.h:
+ * bytecompiler/NodesCodegen.cpp:
+ (JSC::ApplyFunctionCallDotNode::emitBytecode):
+
+2011-11-20 Filip Pizlo <[email protected]>
+
DFG 32_64 should directly store double virtual registers on SetLocal
https://bugs.webkit.org/show_bug.cgi?id=72845
Modified: trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp (100878 => 100879)
--- trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2011-11-21 03:32:02 UTC (rev 100878)
+++ trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2011-11-21 04:35:38 UTC (rev 100879)
@@ -1835,12 +1835,12 @@
return dst;
}
-RegisterID* BytecodeGenerator::emitCallVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, unsigned divot, unsigned startOffset, unsigned endOffset)
+RegisterID* BytecodeGenerator::emitCallVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, RegisterID* profileHookRegister, unsigned divot, unsigned startOffset, unsigned endOffset)
{
- ASSERT(dst != func);
if (m_shouldEmitProfileHooks) {
+ emitMove(profileHookRegister, func);
emitOpcode(op_profile_will_call);
- instructions().append(func->index());
+ instructions().append(profileHookRegister->index());
}
emitExpressionInfo(divot, startOffset, endOffset);
@@ -1857,7 +1857,7 @@
}
if (m_shouldEmitProfileHooks) {
emitOpcode(op_profile_did_call);
- instructions().append(func->index());
+ instructions().append(profileHookRegister->index());
}
return dst;
}
Modified: trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.h (100878 => 100879)
--- trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.h 2011-11-21 03:32:02 UTC (rev 100878)
+++ trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.h 2011-11-21 04:35:38 UTC (rev 100879)
@@ -335,7 +335,7 @@
RegisterID* emitCall(RegisterID* dst, RegisterID* func, CallArguments&, unsigned divot, unsigned startOffset, unsigned endOffset);
RegisterID* emitCallEval(RegisterID* dst, RegisterID* func, CallArguments&, unsigned divot, unsigned startOffset, unsigned endOffset);
- RegisterID* emitCallVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, unsigned divot, unsigned startOffset, unsigned endOffset);
+ RegisterID* emitCallVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, RegisterID* profileHookRegister, unsigned divot, unsigned startOffset, unsigned endOffset);
RegisterID* emitLoadVarargs(RegisterID* argCountDst, RegisterID* thisRegister, RegisterID* args);
RegisterID* emitReturn(RegisterID* src);
Modified: trunk/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp (100878 => 100879)
--- trunk/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp 2011-11-21 03:32:02 UTC (rev 100878)
+++ trunk/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp 2011-11-21 04:35:38 UTC (rev 100879)
@@ -496,6 +496,9 @@
}
} else {
ASSERT(m_args->m_listNode && m_args->m_listNode->m_next);
+ RefPtr<RegisterID> profileHookRegister;
+ if (generator.shouldEmitProfileHooks())
+ profileHookRegister = generator.newTemporary();
RefPtr<RegisterID> thisRegister = generator.emitNode(m_args->m_listNode->m_expr);
RefPtr<RegisterID> argsRegister;
ArgumentListNode* args = m_args->m_listNode->m_next;
@@ -509,7 +512,7 @@
while ((args = args->m_next))
generator.emitNode(args->m_expr);
- generator.emitCallVarargs(finalDestinationOrIgnored.get(), base.get(), thisRegister.get(), argsRegister.get(), generator.newTemporary(), divot(), startOffset(), endOffset());
+ generator.emitCallVarargs(finalDestinationOrIgnored.get(), base.get(), thisRegister.get(), argsRegister.get(), generator.newTemporary(), profileHookRegister.get(), divot(), startOffset(), endOffset());
}
generator.emitJump(end.get());
}
