Skip to site navigation (Press enter)

[webkit-changes] [153097] trunk/Source/JavaScriptCore

mhahnenberg Wed, 24 Jul 2013 12:56:38 -0700

Title: [153097] trunk/Source/_javascript_Core

Revision: 153097
Author: [email protected]
Date: 2013-07-24 12:56:57 -0700 (Wed, 24 Jul 2013)

Log Message

JIT::updateTopCallFrame doesn't update the CallFrame's bytecodeOffset if bytecodeOffset == 0
https://bugs.webkit.org/show_bug.cgi?id=118923


Reviewed by Filip Pizlo.

This bug causes the CallFrame's bytecodeOffset to not be properly set when we
enter, e.g., cti_optimize from an op_enter.

* jit/JITInlines.h:
(JSC::JIT::updateTopCallFrame):

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/jit/JITInlines.h

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (153096 => 153097)


--- trunk/Source/_javascript_Core/ChangeLog	2013-07-24 19:31:50 UTC (rev 153096)
+++ trunk/Source/_javascript_Core/ChangeLog	2013-07-24 19:56:57 UTC (rev 153097)
@@ -1,3 +1,16 @@
+2013-07-24  Mark Hahnenberg  <[email protected]>
+
+        JIT::updateTopCallFrame doesn't update the CallFrame's bytecodeOffset if bytecodeOffset == 0
+        https://bugs.webkit.org/show_bug.cgi?id=118923
+
+        Reviewed by Filip Pizlo.
+
+        This bug causes the CallFrame's bytecodeOffset to not be properly set when we 
+        enter, e.g., cti_optimize from an op_enter.
+
+        * jit/JITInlines.h:
+        (JSC::JIT::updateTopCallFrame):
+
 2013-07-23  Filip Pizlo  <[email protected]>
 
         DFG string concatenation optimizations might emit speculative nodes after emitting nodes that kill the original inputs

Modified: trunk/Source/_javascript_Core/jit/JITInlines.h (153096 => 153097)


--- trunk/Source/_javascript_Core/jit/JITInlines.h	2013-07-24 19:31:50 UTC (rev 153096)
+++ trunk/Source/_javascript_Core/jit/JITInlines.h	2013-07-24 19:56:57 UTC (rev 153097)
@@ -179,13 +179,11 @@
 ALWAYS_INLINE void JIT::updateTopCallFrame()
 {
     ASSERT(static_cast<int>(m_bytecodeOffset) >= 0);
-    if (m_bytecodeOffset) {
 #if USE(JSVALUE32_64)
-        storePtr(TrustedImmPtr(m_codeBlock->instructions().begin() + m_bytecodeOffset + 1), intTagFor(JSStack::ArgumentCount));
+    storePtr(TrustedImmPtr(m_codeBlock->instructions().begin() + m_bytecodeOffset + 1), intTagFor(JSStack::ArgumentCount));
 #else
-        store32(TrustedImm32(m_bytecodeOffset + 1), intTagFor(JSStack::ArgumentCount));
+    store32(TrustedImm32(m_bytecodeOffset + 1), intTagFor(JSStack::ArgumentCount));
 #endif
-    }
     storePtr(callFrameRegister, &m_vm->topCallFrame);
 }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes