Title: [145417] trunk/Source
- Revision
- 145417
- Author
- [email protected]
- Date
- 2013-03-11 15:36:28 -0700 (Mon, 11 Mar 2013)
Log Message
Crash beneath operationCreateInlinedArguments running fast/js/dfg-create-inlined-arguments-in-closure-inline.html (32-bit only)
https://bugs.webkit.org/show_bug.cgi?id=112067
Reviewed by Geoffrey Garen.
We weren't setting the tag in SetCallee. Therefore set it to CellTag.
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (145416 => 145417)
--- trunk/Source/_javascript_Core/ChangeLog 2013-03-11 22:32:29 UTC (rev 145416)
+++ trunk/Source/_javascript_Core/ChangeLog 2013-03-11 22:36:28 UTC (rev 145417)
@@ -1,3 +1,15 @@
+2013-03-11 Michael Saboff <[email protected]>
+
+ Crash beneath operationCreateInlinedArguments running fast/js/dfg-create-inlined-arguments-in-closure-inline.html (32-bit only)
+ https://bugs.webkit.org/show_bug.cgi?id=112067
+
+ Reviewed by Geoffrey Garen.
+
+ We weren't setting the tag in SetCallee. Therefore set it to CellTag.
+
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
2013-03-11 Oliver Hunt <[email protected]>
Make SegmentedVector Noncopyable
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (145416 => 145417)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2013-03-11 22:32:29 UTC (rev 145416)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2013-03-11 22:36:28 UTC (rev 145417)
@@ -3745,6 +3745,7 @@
case SetCallee: {
SpeculateCellOperand callee(this, node->child1());
m_jit.storePtr(callee.gpr(), JITCompiler::payloadFor(static_cast<VirtualRegister>(node->codeOrigin.stackOffset() + static_cast<int>(JSStack::Callee))));
+ m_jit.store32(MacroAssembler::TrustedImm32(JSValue::CellTag), JITCompiler::tagFor(static_cast<VirtualRegister>(node->codeOrigin.stackOffset() + static_cast<int>(JSStack::Callee))));
noResult(node);
break;
}
Modified: trunk/Source/WTF/wtf/DataLog.cpp (145416 => 145417)
--- trunk/Source/WTF/wtf/DataLog.cpp 2013-03-11 22:32:29 UTC (rev 145416)
+++ trunk/Source/WTF/wtf/DataLog.cpp 2013-03-11 22:36:28 UTC (rev 145417)
@@ -40,7 +40,7 @@
#endif
#endif
-#define DATA_LOG_TO_FILE 0
+#define DATA_LOG_TO_FILE 1
// Uncomment to force logging to the given file regardless of what the environment variable says. Note that
// we will append ".<pid>.txt" where <pid> is the PID.
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
