[webkit-changes] [149154] trunk/Source/JavaScriptCore

[fpizlo]

Title: [149154] trunk/Source/_javascript_Core

Revision

149154

Author

fpi...@apple.com

Date

2013-04-25 16:10:41 -0700 (Thu, 25 Apr 2013)

Log Message

PreciseJumpTargets should treat loop_hint as a jump target
https://bugs.webkit.org/show_bug.cgi?id=115209

Reviewed by Mark Hahnenberg.
        
I didn't add a test but I turned this into a release assertion. Running Octane is enough
to trigger it.

* bytecode/PreciseJumpTargets.cpp:
(JSC::computePreciseJumpTargets):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/bytecode/PreciseJumpTargets.cpp
• trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (149153 => 149154)

--- trunk/Source/_javascript_Core/ChangeLog	2013-04-25 23:06:35 UTC (rev 149153)
+++ trunk/Source/_javascript_Core/ChangeLog	2013-04-25 23:10:41 UTC (rev 149154)
@@ -1,3 +1,18 @@
+2013-04-25  Filip Pizlo  <fpi...@apple.com>
+
+        PreciseJumpTargets should treat loop_hint as a jump target
+        https://bugs.webkit.org/show_bug.cgi?id=115209
+
+        Reviewed by Mark Hahnenberg.
+        
+        I didn't add a test but I turned this into a release assertion. Running Octane is enough
+        to trigger it.
+
+        * bytecode/PreciseJumpTargets.cpp:
+        (JSC::computePreciseJumpTargets):
+        * dfg/DFGByteCodeParser.cpp:
+        (JSC::DFG::ByteCodeParser::parseBlock):
+
 2013-04-25  Roman Zhuykov  <zhr...@ispras.ru>
 
         Fix problems with processing negative zero on DFG.

Modified: trunk/Source/_javascript_Core/bytecode/PreciseJumpTargets.cpp (149153 => 149154)

--- trunk/Source/_javascript_Core/bytecode/PreciseJumpTargets.cpp	2013-04-25 23:06:35 UTC (rev 149153)
+++ trunk/Source/_javascript_Core/bytecode/PreciseJumpTargets.cpp	2013-04-25 23:10:41 UTC (rev 149154)
@@ -99,6 +99,9 @@
         case op_check_has_instance:
             out.append(bytecodeOffset + current[4].u.operand);
             break;
+        case op_loop_hint:
+            out.append(bytecodeOffset);
+            break;
         default:
             break;
         }

Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (149153 => 149154)

--- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp	2013-04-25 23:06:35 UTC (rev 149153)
+++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp	2013-04-25 23:10:41 UTC (rev 149154)
@@ -3277,7 +3277,7 @@
             // Baseline->DFG OSR jumps between loop hints. The DFG assumes that Baseline->DFG
             // OSR can only happen at basic block boundaries. Assert that these two statements
             // are compatible.
-            ASSERT_UNUSED(blockBegin, m_currentIndex == blockBegin);
+            RELEASE_ASSERT(m_currentIndex == blockBegin);
             
             // We never do OSR into an inlined code block. That could not happen, since OSR
             // looks up the code block that is the replacement for the baseline JIT code

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes