[webkit-changes] [153339] trunk/Source/JavaScriptCore

Thu, 25 Jul 2013 12:36:26 -0700

Title: [153339] trunk/Source/_javascript_Core
Revision
153339
Author
[email protected]
Date
2013-07-25 12:36:44 -0700 (Thu, 25 Jul 2013)

Log Message

32 bit portion of load validation logic
https://bugs.webkit.org/show_bug.cgi?id=118878
Reviewed by NOBODY (Build fix).
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):


Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (153338 => 153339)


--- trunk/Source/_javascript_Core/ChangeLog	2013-07-25 19:05:37 UTC (rev 153338)
+++ trunk/Source/_javascript_Core/ChangeLog	2013-07-25 19:36:44 UTC (rev 153339)
@@ -1,5 +1,15 @@
 2013-07-25  Oliver Hunt  <[email protected]>
 
+        32 bit portion of load validation logic
+        https://bugs.webkit.org/show_bug.cgi?id=118878
+
+        Reviewed by NOBODY (Build fix).
+
+        * dfg/DFGSpeculativeJIT32_64.cpp:
+        (JSC::DFG::SpeculativeJIT::compile):
+
+2013-07-25  Oliver Hunt  <[email protected]>
+
         More 32bit build fixes
 
         - Apparnetly some compilers don't track the fastcall directive everywhere we expect

Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (153338 => 153339)


--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp	2013-07-25 19:05:37 UTC (rev 153338)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp	2013-07-25 19:36:44 UTC (rev 153339)
@@ -4091,8 +4091,8 @@
         
         StorageAccessData& storageAccessData = m_jit.graph().m_storageAccessData[node->storageAccessDataIndex()];
         
-        m_jit.load32(JITCompiler::Address(storageGPR, storageAccessData.offset * sizeof(EncodedJSValue) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)), resultPayloadGPR);
-        m_jit.load32(JITCompiler::Address(storageGPR, storageAccessData.offset * sizeof(EncodedJSValue) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)), resultTagGPR);
+        m_jit.load32(JITCompiler::Address(storageGPR, offsetRelativeToBase(storageAccessData.offset) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)), resultPayloadGPR);
+        m_jit.load32(JITCompiler::Address(storageGPR, offsetRelativeToBase(storageAccessData.offset) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)), resultTagGPR);
         
         jsValueResult(resultTagGPR, resultPayloadGPR, node);
         break;
@@ -4115,8 +4115,8 @@
 
         StorageAccessData& storageAccessData = m_jit.graph().m_storageAccessData[node->storageAccessDataIndex()];
         
-        m_jit.storePtr(valueTagGPR, JITCompiler::Address(storageGPR, storageAccessData.offset * sizeof(EncodedJSValue) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)));
-        m_jit.storePtr(valuePayloadGPR, JITCompiler::Address(storageGPR, storageAccessData.offset * sizeof(EncodedJSValue) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)));
+        m_jit.storePtr(valueTagGPR, JITCompiler::Address(storageGPR, offsetRelativeToBase(storageAccessData.offset) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)));
+        m_jit.storePtr(valuePayloadGPR, JITCompiler::Address(storageGPR, offsetRelativeToBase(storageAccessData.offset) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)));
         
         noResult(node);
         break;

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to