Modified: branches/safari-536-branch/Source/_javascript_Core/ChangeLog (119607 => 119608)
--- branches/safari-536-branch/Source/_javascript_Core/ChangeLog 2012-06-06 20:41:03 UTC (rev 119607)
+++ branches/safari-536-branch/Source/_javascript_Core/ChangeLog 2012-06-06 20:56:07 UTC (rev 119608)
@@ -1,3 +1,18 @@
+2012-06-06 Mark Rowe <[email protected]>
+
+ Merge r118992.
+
+ 2012-05-30 Filip Pizlo <[email protected]>
+
+ LLInt broken on x86-32 with JIT turned off
+ https://bugs.webkit.org/show_bug.cgi?id=87906
+
+ Reviewed by Geoffrey Garen.
+
+ Fixed the code to not clobber registers that contain important things, like the call frame.
+
+ * llint/LowLevelInterpreter32_64.asm:
+
2012-05-31 Ojan Vafai <[email protected]>
add back the ability to disable flexbox
Modified: branches/safari-536-branch/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm (119607 => 119608)
--- branches/safari-536-branch/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm 2012-06-06 20:41:03 UTC (rev 119607)
+++ branches/safari-536-branch/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm 2012-06-06 20:56:07 UTC (rev 119608)
@@ -1678,8 +1678,8 @@
storei CellTag, ScopeChain + TagOffset[cfr]
storei t1, ScopeChain + PayloadOffset[cfr]
if X86
- loadp JITStackFrame::globalData + 4[sp], t0 # Additional offset for return address
- storep cfr, JSGlobalData::topCallFrame[t0]
+ loadp JITStackFrame::globalData + 4[sp], t3 # Additional offset for return address
+ storep cfr, JSGlobalData::topCallFrame[t3]
peek 0, t1
storep t1, ReturnPC[cfr]
move cfr, t2 # t2 = ecx
@@ -1691,8 +1691,8 @@
addp 16 - 4, sp
loadp JITStackFrame::globalData + 4[sp], t3
elsif ARMv7
- loadp JITStackFrame::globalData[sp], t1
- storep cfr, JSGlobalData::topCallFrame[t1]
+ loadp JITStackFrame::globalData[sp], t3
+ storep cfr, JSGlobalData::topCallFrame[t3]
move t0, t2
preserveReturnAddressAfterCall(t3)
storep t3, ReturnPC[cfr]
