Title: [239731] trunk
- Revision
- 239731
- Author
- [email protected]
- Date
- 2019-01-08 10:29:44 -0800 (Tue, 08 Jan 2019)
Log Message
LLInt put_by_id uses the wrong load instruction for loading flags from the metadata
https://bugs.webkit.org/show_bug.cgi?id=193221
Reviewed by Mark Lam.
JSTests:
* stress/put-by-id-flags.js: Added.
(f):
(g):
(numberOfDFGCompiles):
Source/_javascript_Core:
The flags are only 4 bytes, but were loaded with loadp. It used to work,
since the flags were followed by a 4-byte padding, but it broke after the
struct was compacted in r239626.
* llint/LowLevelInterpreter64.asm:
Modified Paths
Added Paths
Diff
Modified: trunk/JSTests/ChangeLog (239730 => 239731)
--- trunk/JSTests/ChangeLog 2019-01-08 18:20:06 UTC (rev 239730)
+++ trunk/JSTests/ChangeLog 2019-01-08 18:29:44 UTC (rev 239731)
@@ -1,3 +1,15 @@
+2019-01-08 Tadeu Zagallo <[email protected]>
+
+ LLInt put_by_id uses the wrong load instruction for loading flags from the metadata
+ https://bugs.webkit.org/show_bug.cgi?id=193221
+
+ Reviewed by Mark Lam.
+
+ * stress/put-by-id-flags.js: Added.
+ (f):
+ (g):
+ (numberOfDFGCompiles):
+
2019-01-04 Tadeu Zagallo <[email protected]>
Baseline version of get_by_id may corrupt metadata
Added: trunk/JSTests/stress/put-by-id-flags.js (0 => 239731)
--- trunk/JSTests/stress/put-by-id-flags.js (rev 0)
+++ trunk/JSTests/stress/put-by-id-flags.js 2019-01-08 18:29:44 UTC (rev 239731)
@@ -0,0 +1,23 @@
+function f(x, y) {
+ x.y = y;
+};
+
+function g(x) {
+ return x.y + 42;
+}
+noInline(f);
+noInline(g);
+
+var x = {};
+var y = {};
+f(x, 42);
+f(y, {});
+
+while (!numberOfDFGCompiles(g)) {
+ optimizeNextInvocation(g);
+ if (typeof g(x) !== 'number')
+ throw 'failed warming up';
+}
+
+if (typeof g(y) !== 'string')
+ throw 'failed after compilation';
Modified: trunk/Source/_javascript_Core/ChangeLog (239730 => 239731)
--- trunk/Source/_javascript_Core/ChangeLog 2019-01-08 18:20:06 UTC (rev 239730)
+++ trunk/Source/_javascript_Core/ChangeLog 2019-01-08 18:29:44 UTC (rev 239731)
@@ -1,3 +1,16 @@
+2019-01-08 Tadeu Zagallo <[email protected]>
+
+ LLInt put_by_id uses the wrong load instruction for loading flags from the metadata
+ https://bugs.webkit.org/show_bug.cgi?id=193221
+
+ Reviewed by Mark Lam.
+
+ The flags are only 4 bytes, but were loaded with loadp. It used to work,
+ since the flags were followed by a 4-byte padding, but it broke after the
+ struct was compacted in r239626.
+
+ * llint/LowLevelInterpreter64.asm:
+
2019-01-07 Devin Rousso <[email protected]>
Web Inspector: extend XHR breakpoints to work with fetch
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm (239730 => 239731)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2019-01-08 18:20:06 UTC (rev 239730)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2019-01-08 18:29:44 UTC (rev 239731)
@@ -1341,7 +1341,7 @@
get(value, t1)
loadConstantOrVariable(size, t1, t3)
- loadp OpPutById::Metadata::flags[t5], t1
+ loadi OpPutById::Metadata::flags[t5], t1
# At this point, we have:
# t0 -> object base
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
