Skip to site navigation (Press enter)

[webkit-changes] [156906] trunk/Source/JavaScriptCore

msaboff Fri, 04 Oct 2013 12:35:43 -0700

Title: [156906] trunk/Source/_javascript_Core

Revision: 156906
Author: [email protected]
Date: 2013-10-04 12:36:12 -0700 (Fri, 04 Oct 2013)

Log Message

FTL::OSRExit::convertToForward() shouldn't misuse Operands<>::operator[]
https://bugs.webkit.org/show_bug.cgi?id=122336


Reviewed by Geoffrey Garen.

Changed code in change set r156900 to use the operand() accessor instead of operator[].

* ftl/FTLOSRExit.cpp:
(JSC::FTL::OSRExit::convertToForward):

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/ftl/FTLOSRExit.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (156905 => 156906)


--- trunk/Source/_javascript_Core/ChangeLog	2013-10-04 19:31:01 UTC (rev 156905)
+++ trunk/Source/_javascript_Core/ChangeLog	2013-10-04 19:36:12 UTC (rev 156906)
@@ -1,5 +1,17 @@
 2013-10-04  Michael Saboff  <[email protected]>
 
+        FTL::OSRExit::convertToForward() shouldn't misuse Operands<>::operator[]
+        https://bugs.webkit.org/show_bug.cgi?id=122336
+
+        Reviewed by Geoffrey Garen.
+
+        Changed code in change set r156900 to use the operand() accessor instead of operator[].
+
+        * ftl/FTLOSRExit.cpp:
+        (JSC::FTL::OSRExit::convertToForward):
+
+2013-10-04  Michael Saboff  <[email protected]>
+
         FTL: Crash in OSRExit::convertToForward() using VirtualRegister.offset() as array index
         https://bugs.webkit.org/show_bug.cgi?id=122332

Modified: trunk/Source/_javascript_Core/ftl/FTLOSRExit.cpp (156905 => 156906)


--- trunk/Source/_javascript_Core/ftl/FTLOSRExit.cpp	2013-10-04 19:31:01 UTC (rev 156905)
+++ trunk/Source/_javascript_Core/ftl/FTLOSRExit.cpp	2013-10-04 19:36:12 UTC (rev 156906)
@@ -84,17 +84,17 @@
     // Is the value for this operand being passed as an argument to the exit, or is
     // it something else? If it's an argument already, then replace that argument;
     // otherwise add another argument.
-    if (m_values[overriddenOperand.toLocal()].isArgument()) {
-        ExitArgument exitArgument = m_values[overriddenOperand.toLocal()].exitArgument();
+    if (m_values.operand(overriddenOperand).isArgument()) {
+        ExitArgument exitArgument = m_values.operand(overriddenOperand).exitArgument();
         arguments[exitArgument.argument()] = value.value();
-        m_values[overriddenOperand.toLocal()] = ExitValue::exitArgument(
+        m_values.operand(overriddenOperand) = ExitValue::exitArgument(
             exitArgument.withFormat(value.format()));
         return;
     }
     
     unsigned argument = arguments.size();
     arguments.append(value.value());
-    m_values[m_lastSetOperand.toLocal()] = ExitValue::exitArgument(
+    m_values.operand(m_lastSetOperand) = ExitValue::exitArgument(
         ExitArgument(value.format(), argument));
 }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes