Title: [114570] trunk/Source/_javascript_Core
- Revision
- 114570
- Author
- [email protected]
- Date
- 2012-04-18 15:31:54 -0700 (Wed, 18 Apr 2012)
Log Message
JSVALUE32_64 should be able to perform division on ARM without crashing, and variables
forced double should not be scrambled when performing OSR entry
https://bugs.webkit.org/show_bug.cgi?id=84272
Reviewed by Geoff Garen.
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (114569 => 114570)
--- trunk/Source/_javascript_Core/ChangeLog 2012-04-18 22:29:02 UTC (rev 114569)
+++ trunk/Source/_javascript_Core/ChangeLog 2012-04-18 22:31:54 UTC (rev 114570)
@@ -1,3 +1,16 @@
+2012-04-18 Filip Pizlo <[email protected]>
+
+ JSVALUE32_64 should be able to perform division on ARM without crashing, and variables
+ forced double should not be scrambled when performing OSR entry
+ https://bugs.webkit.org/show_bug.cgi?id=84272
+
+ Reviewed by Geoff Garen.
+
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ * dfg/DFGOSREntry.cpp:
+ (JSC::DFG::prepareOSREntry):
+
2012-04-18 Don Olmstead <[email protected]>
_javascript_Core.gypi not current
Modified: trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp (114569 => 114570)
--- trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp 2012-04-18 22:29:02 UTC (rev 114569)
+++ trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp 2012-04-18 22:31:54 UTC (rev 114570)
@@ -250,7 +250,6 @@
case ArithMin:
case ArithMax:
case ArithMul:
- case ArithDiv:
case ArithMod: {
if (Node::shouldSpeculateInteger(m_graph[node.child1()], m_graph[node.child2()])
&& node.canSpeculateInteger())
@@ -260,6 +259,16 @@
break;
}
+ case ArithDiv: {
+ if (isX86()
+ && Node::shouldSpeculateInteger(m_graph[node.child1()], m_graph[node.child2()])
+ && node.canSpeculateInteger())
+ break;
+ fixDoubleEdge(0);
+ fixDoubleEdge(1);
+ break;
+ }
+
case ArithAbs: {
if (m_graph[node.child1()].shouldSpeculateInteger()
&& node.canSpeculateInteger())
Modified: trunk/Source/_javascript_Core/dfg/DFGOSREntry.cpp (114569 => 114570)
--- trunk/Source/_javascript_Core/dfg/DFGOSREntry.cpp 2012-04-18 22:29:02 UTC (rev 114569)
+++ trunk/Source/_javascript_Core/dfg/DFGOSREntry.cpp 2012-04-18 22:31:54 UTC (rev 114570)
@@ -141,13 +141,11 @@
dataLog(" OSR should succeed.\n");
#endif
-#if USE(JSVALUE64)
// 3) Perform data format conversions.
for (size_t local = 0; local < entry->m_expectedValues.numberOfLocals(); ++local) {
if (entry->m_localsForcedDouble.get(local))
*bitwise_cast<double*>(exec->registers() + local) = exec->registers()[local].jsValue().asNumber();
}
-#endif
// 4) Fix the call frame.
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
