Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (232882 => 232883)
--- trunk/Source/_javascript_Core/ChangeLog 2018-06-15 17:35:50 UTC (rev 232882)
+++ trunk/Source/_javascript_Core/ChangeLog 2018-06-15 18:31:54 UTC (rev 232883)
@@ -1,3 +1,18 @@
+2018-06-15 Michael Catanzaro <mcatanz...@igalia.com>
+
+ Unreviewed, rolling out r232816.
+
+ Suggested by Caitlin:
+ "this patch clearly does get some things wrong, and it's not
+ easy to find what those things are"
+
+ Reverted changeset:
+
+ "[LLInt] use loadp consistently for
+ get_from_scope/put_to_scope"
+ https://bugs.webkit.org/show_bug.cgi?id=132333
+ https://trac.webkit.org/changeset/232816
+
2018-06-14 Michael Saboff <msab...@apple.com>
REGRESSION(232741): Crash running ARES-6
Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp (232882 => 232883)
--- trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2018-06-15 17:35:50 UTC (rev 232882)
+++ trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2018-06-15 18:31:54 UTC (rev 232883)
@@ -694,7 +694,7 @@
instructions[i + 5].u.watchpointSet = op.watchpointSet;
else if (op.structure)
instructions[i + 5].u.structure.set(vm, this, op.structure);
- instructions[i + 6].u.operandPointer = op.operand;
+ instructions[i + 6].u.pointer = reinterpret_cast<void*>(op.operand);
break;
}
@@ -731,7 +731,7 @@
op.watchpointSet->invalidate(vm, PutToScopeFireDetail(this, ident));
} else if (op.structure)
instructions[i + 5].u.structure.set(vm, this, op.structure);
- instructions[i + 6].u.operandPointer = op.operand;
+ instructions[i + 6].u.pointer = reinterpret_cast<void*>(op.operand);
break;
}
Modified: trunk/Source/_javascript_Core/bytecode/Instruction.h (232882 => 232883)
--- trunk/Source/_javascript_Core/bytecode/Instruction.h 2018-06-15 17:35:50 UTC (rev 232882)
+++ trunk/Source/_javascript_Core/bytecode/Instruction.h 2018-06-15 18:31:54 UTC (rev 232883)
@@ -123,7 +123,6 @@
Opcode opcode;
int operand;
unsigned unsignedValue;
- intptr_t operandPointer;
WriteBarrierBase<Structure> structure;
StructureID structureID;
WriteBarrierBase<SymbolTable> symbolTable;
Modified: trunk/Source/_javascript_Core/jit/JITOperations.cpp (232882 => 232883)
--- trunk/Source/_javascript_Core/jit/JITOperations.cpp 2018-06-15 17:35:50 UTC (rev 232882)
+++ trunk/Source/_javascript_Core/jit/JITOperations.cpp 2018-06-15 18:31:54 UTC (rev 232883)
@@ -2381,7 +2381,7 @@
if (getPutInfo.resolveType() == LocalClosureVar) {
JSLexicalEnvironment* environment = jsCast<JSLexicalEnvironment*>(scope);
- environment->variableAt(ScopeOffset(pc[6].u.operandPointer)).set(vm, environment, value);
+ environment->variableAt(ScopeOffset(pc[6].u.operand)).set(vm, environment, value);
if (WatchpointSet* set = pc[5].u.watchpointSet)
set->touch(vm, "Executed op_put_scope<LocalClosureVar>");
return;
Modified: trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp (232882 => 232883)
--- trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2018-06-15 17:35:50 UTC (rev 232882)
+++ trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2018-06-15 18:31:54 UTC (rev 232883)
@@ -1729,7 +1729,7 @@
GetPutInfo getPutInfo = GetPutInfo(pc[4].u.operand);
if (getPutInfo.resolveType() == LocalClosureVar) {
JSLexicalEnvironment* environment = jsCast<JSLexicalEnvironment*>(scope);
- environment->variableAt(ScopeOffset(pc[6].u.operandPointer)).set(vm, environment, value);
+ environment->variableAt(ScopeOffset(pc[6].u.operand)).set(vm, environment, value);
// Have to do this *after* the write, because if this puts the set into IsWatched, then we need
// to have already changed the value of the variable. Otherwise we might watch and constant-fold
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm (232882 => 232883)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm 2018-06-15 17:35:50 UTC (rev 232882)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm 2018-06-15 18:31:54 UTC (rev 232883)
@@ -2339,7 +2339,7 @@
end
macro getProperty()
- loadpFromInstruction(6, t3)
+ loadisFromInstruction(6, t3)
loadPropertyAtVariableOffset(t3, t0, t1, t2)
valueProfile(t1, t2, 28, t0)
loadisFromInstruction(1, t0)
@@ -2359,7 +2359,7 @@
end
macro getClosureVar()
- loadpFromInstruction(6, t3)
+ loadisFromInstruction(6, t3)
loadp JSLexicalEnvironment_variables + TagOffset[t0, t3, 8], t1
loadp JSLexicalEnvironment_variables + PayloadOffset[t0, t3, 8], t2
valueProfile(t1, t2, 28, t0)
@@ -2434,7 +2434,7 @@
macro putProperty()
loadisFromInstruction(3, t1)
loadConstantOrVariable(t1, t2, t3)
- loadpFromInstruction(6, t1)
+ loadisFromInstruction(6, t1)
storePropertyAtVariableOffset(t1, t0, t2, t3)
end
@@ -2451,7 +2451,7 @@
macro putClosureVar()
loadisFromInstruction(3, t1)
loadConstantOrVariable(t1, t2, t3)
- loadpFromInstruction(6, t1)
+ loadisFromInstruction(6, t1)
storei t2, JSLexicalEnvironment_variables + TagOffset[t0, t1, 8]
storei t3, JSLexicalEnvironment_variables + PayloadOffset[t0, t1, 8]
end
@@ -2463,7 +2463,7 @@
btpz t5, .noVariableWatchpointSet
notifyWrite(t5, .pDynamic)
.noVariableWatchpointSet:
- loadpFromInstruction(6, t1)
+ loadisFromInstruction(6, t1)
storei t2, JSLexicalEnvironment_variables + TagOffset[t0, t1, 8]
storei t3, JSLexicalEnvironment_variables + PayloadOffset[t0, t1, 8]
end
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm (232882 => 232883)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2018-06-15 17:35:50 UTC (rev 232882)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2018-06-15 18:31:54 UTC (rev 232883)
@@ -1500,7 +1500,7 @@
bineq t1, JSCell::m_structureID[t3], .opPutByIdSlow
.opPutByIdDoneCheckingTypes:
- loadpFromInstruction(6, t1)
+ loadisFromInstruction(6, t1)
btiz t1, .opPutByIdNotTransition
@@ -1530,7 +1530,7 @@
.opPutByIdTransitionChainDone:
# Reload the new structure, since we clobbered it above.
- loadpFromInstruction(6, t1)
+ loadisFromInstruction(6, t1)
.opPutByIdTransitionDirect:
storei t1, JSCell::m_structureID[t0]
@@ -2355,7 +2355,7 @@
end
macro getProperty()
- loadpFromInstruction(6, t1)
+ loadisFromInstruction(6, t1)
loadPropertyAtVariableOffset(t1, t0, t2)
valueProfile(t2, 7, t0)
loadisFromInstruction(1, t0)
@@ -2372,7 +2372,7 @@
end
macro getClosureVar()
- loadpFromInstruction(6, t1)
+ loadisFromInstruction(6, t1)
loadq JSLexicalEnvironment_variables[t0, t1, 8], t0
valueProfile(t0, 7, t1)
loadisFromInstruction(1, t1)
@@ -2445,7 +2445,7 @@
macro putProperty()
loadisFromInstruction(3, t1)
loadConstantOrVariable(t1, t2)
- loadpFromInstruction(6, t1)
+ loadisFromInstruction(6, t1)
storePropertyAtVariableOffset(t1, t0, t2)
end
@@ -2461,7 +2461,7 @@
macro putClosureVar()
loadisFromInstruction(3, t1)
loadConstantOrVariable(t1, t2)
- loadpFromInstruction(6, t1)
+ loadisFromInstruction(6, t1)
storeq t2, JSLexicalEnvironment_variables[t0, t1, 8]
end
@@ -2472,7 +2472,7 @@
btpz t3, .noVariableWatchpointSet
notifyWrite(t3, .pDynamic)
.noVariableWatchpointSet:
- loadpFromInstruction(6, t1)
+ loadisFromInstruction(6, t1)
storeq t2, JSLexicalEnvironment_variables[t0, t1, 8]
end
Modified: trunk/Source/_javascript_Core/runtime/CommonSlowPaths.h (232882 => 232883)
--- trunk/Source/_javascript_Core/runtime/CommonSlowPaths.h 2018-06-15 17:35:50 UTC (rev 232882)
+++ trunk/Source/_javascript_Core/runtime/CommonSlowPaths.h 2018-06-15 18:31:54 UTC (rev 232883)
@@ -138,7 +138,7 @@
ASSERT(!entry.isNull());
ConcurrentJSLocker locker(codeBlock->m_lock);
pc[5].u.watchpointSet = entry.watchpointSet();
- pc[6].u.pointer = globalLexicalEnvironment->variableAt(entry.scopeOffset()).slot();
+ pc[6].u.pointer = static_cast<void*>(globalLexicalEnvironment->variableAt(entry.scopeOffset()).slot());
}
}
@@ -162,7 +162,7 @@
ConcurrentJSLocker locker(codeBlock->m_lock);
pc[5].u.structure.set(vm, codeBlock, scope->structure(vm));
- pc[6].u.operandPointer = slot.cachedOffset();
+ pc[6].u.operand = slot.cachedOffset();
}
}
@@ -186,7 +186,7 @@
ConcurrentJSLocker locker(exec->codeBlock()->m_lock);
pc[4].u.operand = GetPutInfo(getPutInfo.resolveMode(), newResolveType, getPutInfo.initializationMode()).operand();
pc[5].u.watchpointSet = entry.watchpointSet();
- pc[6].u.pointer = globalLexicalEnvironment->variableAt(entry.scopeOffset()).slot();
+ pc[6].u.pointer = static_cast<void*>(globalLexicalEnvironment->variableAt(entry.scopeOffset()).slot());
}
}
@@ -200,7 +200,7 @@
{
ConcurrentJSLocker locker(codeBlock->m_lock);
pc[5].u.structure.set(vm, codeBlock, structure);
- pc[6].u.operandPointer = slot.cachedOffset();
+ pc[6].u.operand = slot.cachedOffset();
}
structure->startWatchingPropertyForReplacements(vm, slot.cachedOffset());
}
