Title: [239803] branches/safari-607-branch
- Revision
- 239803
- Author
- [email protected]
- Date
- 2019-01-09 17:38:20 -0800 (Wed, 09 Jan 2019)
Log Message
Cherry-pick r239731. rdar://problem/47158715
LLInt put_by_id uses the wrong load instruction for loading flags from the metadata
https://bugs.webkit.org/show_bug.cgi?id=193221
Reviewed by Mark Lam.
JSTests:
* stress/put-by-id-flags.js: Added.
(f):
(g):
(numberOfDFGCompiles):
Source/_javascript_Core:
The flags are only 4 bytes, but were loaded with loadp. It used to work,
since the flags were followed by a 4-byte padding, but it broke after the
struct was compacted in r239626.
* llint/LowLevelInterpreter64.asm:
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239731 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Added Paths
Diff
Modified: branches/safari-607-branch/JSTests/ChangeLog (239802 => 239803)
--- branches/safari-607-branch/JSTests/ChangeLog 2019-01-10 01:38:17 UTC (rev 239802)
+++ branches/safari-607-branch/JSTests/ChangeLog 2019-01-10 01:38:20 UTC (rev 239803)
@@ -1,3 +1,42 @@
+2019-01-09 Kocsen Chung <[email protected]>
+
+ Cherry-pick r239731. rdar://problem/47158715
+
+ LLInt put_by_id uses the wrong load instruction for loading flags from the metadata
+ https://bugs.webkit.org/show_bug.cgi?id=193221
+
+ Reviewed by Mark Lam.
+
+ JSTests:
+
+ * stress/put-by-id-flags.js: Added.
+ (f):
+ (g):
+ (numberOfDFGCompiles):
+
+ Source/_javascript_Core:
+
+ The flags are only 4 bytes, but were loaded with loadp. It used to work,
+ since the flags were followed by a 4-byte padding, but it broke after the
+ struct was compacted in r239626.
+
+ * llint/LowLevelInterpreter64.asm:
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239731 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-01-08 Tadeu Zagallo <[email protected]>
+
+ LLInt put_by_id uses the wrong load instruction for loading flags from the metadata
+ https://bugs.webkit.org/show_bug.cgi?id=193221
+
+ Reviewed by Mark Lam.
+
+ * stress/put-by-id-flags.js: Added.
+ (f):
+ (g):
+ (numberOfDFGCompiles):
+
2019-01-04 Tadeu Zagallo <[email protected]>
Baseline version of get_by_id may corrupt metadata
Added: branches/safari-607-branch/JSTests/stress/put-by-id-flags.js (0 => 239803)
--- branches/safari-607-branch/JSTests/stress/put-by-id-flags.js (rev 0)
+++ branches/safari-607-branch/JSTests/stress/put-by-id-flags.js 2019-01-10 01:38:20 UTC (rev 239803)
@@ -0,0 +1,23 @@
+function f(x, y) {
+ x.y = y;
+};
+
+function g(x) {
+ return x.y + 42;
+}
+noInline(f);
+noInline(g);
+
+var x = {};
+var y = {};
+f(x, 42);
+f(y, {});
+
+while (!numberOfDFGCompiles(g)) {
+ optimizeNextInvocation(g);
+ if (typeof g(x) !== 'number')
+ throw 'failed warming up';
+}
+
+if (typeof g(y) !== 'string')
+ throw 'failed after compilation';
Modified: branches/safari-607-branch/Source/_javascript_Core/ChangeLog (239802 => 239803)
--- branches/safari-607-branch/Source/_javascript_Core/ChangeLog 2019-01-10 01:38:17 UTC (rev 239802)
+++ branches/safari-607-branch/Source/_javascript_Core/ChangeLog 2019-01-10 01:38:20 UTC (rev 239803)
@@ -1,3 +1,43 @@
+2019-01-09 Kocsen Chung <[email protected]>
+
+ Cherry-pick r239731. rdar://problem/47158715
+
+ LLInt put_by_id uses the wrong load instruction for loading flags from the metadata
+ https://bugs.webkit.org/show_bug.cgi?id=193221
+
+ Reviewed by Mark Lam.
+
+ JSTests:
+
+ * stress/put-by-id-flags.js: Added.
+ (f):
+ (g):
+ (numberOfDFGCompiles):
+
+ Source/_javascript_Core:
+
+ The flags are only 4 bytes, but were loaded with loadp. It used to work,
+ since the flags were followed by a 4-byte padding, but it broke after the
+ struct was compacted in r239626.
+
+ * llint/LowLevelInterpreter64.asm:
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239731 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-01-08 Tadeu Zagallo <[email protected]>
+
+ LLInt put_by_id uses the wrong load instruction for loading flags from the metadata
+ https://bugs.webkit.org/show_bug.cgi?id=193221
+
+ Reviewed by Mark Lam.
+
+ The flags are only 4 bytes, but were loaded with loadp. It used to work,
+ since the flags were followed by a 4-byte padding, but it broke after the
+ struct was compacted in r239626.
+
+ * llint/LowLevelInterpreter64.asm:
+
2019-01-09 Alan Coon <[email protected]>
Apply patch. rdar://problem/47158817
Modified: branches/safari-607-branch/Source/_javascript_Core/llint/LowLevelInterpreter64.asm (239802 => 239803)
--- branches/safari-607-branch/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2019-01-10 01:38:17 UTC (rev 239802)
+++ branches/safari-607-branch/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2019-01-10 01:38:20 UTC (rev 239803)
@@ -1341,7 +1341,7 @@
get(value, t1)
loadConstantOrVariable(size, t1, t3)
- loadp OpPutById::Metadata::flags[t5], t1
+ loadi OpPutById::Metadata::flags[t5], t1
# At this point, we have:
# t0 -> object base
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
