Title: [112966] trunk/Source/_javascript_Core
- Revision
- 112966
- Author
- [email protected]
- Date
- 2012-04-02 17:11:50 -0700 (Mon, 02 Apr 2012)
Log Message
Incorrect liveness information when inlining
https://bugs.webkit.org/show_bug.cgi?id=82985
Reviewed by Filip Pizlo.
Don't remap register numbers that have already been remapped.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleInlining):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (112965 => 112966)
--- trunk/Source/_javascript_Core/ChangeLog 2012-04-03 00:07:41 UTC (rev 112965)
+++ trunk/Source/_javascript_Core/ChangeLog 2012-04-03 00:11:50 UTC (rev 112966)
@@ -1,3 +1,15 @@
+2012-04-02 Oliver Hunt <[email protected]>
+
+ Incorrect liveness information when inlining
+ https://bugs.webkit.org/show_bug.cgi?id=82985
+
+ Reviewed by Filip Pizlo.
+
+ Don't remap register numbers that have already been remapped.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleInlining):
+
2012-04-02 Filip Pizlo <[email protected]>
Activation tear-off neglects to copy the callee and scope chain, leading to crashes if we
Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (112965 => 112966)
--- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2012-04-03 00:07:41 UTC (rev 112965)
+++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2012-04-03 00:11:50 UTC (rev 112966)
@@ -1124,7 +1124,7 @@
// Make sure that the area used by the call frame is reserved.
for (int arg = inlineCallFrameStart + RegisterFile::CallFrameHeaderSize + codeBlock->m_numVars; arg-- > inlineCallFrameStart;)
- m_preservedVars.set(m_inlineStackTop->remapOperand(arg));
+ m_preservedVars.set(arg);
// Make sure that we have enough locals.
unsigned newNumLocals = inlineCallFrameStart + RegisterFile::CallFrameHeaderSize + codeBlock->m_numCalleeRegisters;
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
