Title: [160060] tags/Safari-538.7.1/Source/_javascript_Core
- Revision
- 160060
- Author
- [email protected]
- Date
- 2013-12-03 16:51:13 -0800 (Tue, 03 Dec 2013)
Log Message
Merge of 159593.
Modified Paths
Diff
Modified: tags/Safari-538.7.1/Source/_javascript_Core/ChangeLog (160059 => 160060)
--- tags/Safari-538.7.1/Source/_javascript_Core/ChangeLog 2013-12-04 00:36:00 UTC (rev 160059)
+++ tags/Safari-538.7.1/Source/_javascript_Core/ChangeLog 2013-12-04 00:51:13 UTC (rev 160060)
@@ -1,3 +1,22 @@
+2013-12-03 Matthew Hanson <[email protected]>
+
+ Merge of 159593.
+
+ 2013-11-20 Michael Saboff <[email protected]>
+
+ [Win] _javascript_ JIT crash (with DFG enabled).
+ https://bugs.webkit.org/show_bug.cgi?id=124675
+
+ Reviewed by Geoffrey Garen.
+
+ Similar to the change in r159427, changed linkClosureCall to use regT0/regT1 (payload/tag) for the callee.
+ linkForThunkGenerator already expected the callee in regT0/regT1, but changed the comment to reflect that.
+
+ * jit/Repatch.cpp:
+ (JSC::linkClosureCall):
+ * jit/ThunkGenerators.cpp:
+ (JSC::linkForThunkGenerator):
+
2013-11-19 Matthew Hanson <[email protected]>
Merge of 159515.
Modified: tags/Safari-538.7.1/Source/_javascript_Core/jit/Repatch.cpp (160059 => 160060)
--- tags/Safari-538.7.1/Source/_javascript_Core/jit/Repatch.cpp 2013-12-04 00:36:00 UTC (rev 160059)
+++ tags/Safari-538.7.1/Source/_javascript_Core/jit/Repatch.cpp 2013-12-04 00:51:13 UTC (rev 160060)
@@ -1379,9 +1379,9 @@
AssemblyHelpers::Jump done = stubJit.jump();
slowPath.link(&stubJit);
- stubJit.move(calleeGPR, GPRInfo::nonArgGPR0);
+ stubJit.move(calleeGPR, GPRInfo::regT0);
#if USE(JSVALUE32_64)
- stubJit.move(CCallHelpers::TrustedImm32(JSValue::CellTag), GPRInfo::nonArgGPR1);
+ stubJit.move(CCallHelpers::TrustedImm32(JSValue::CellTag), GPRInfo::regT1);
#endif
stubJit.move(CCallHelpers::TrustedImmPtr(callLinkInfo.callReturnLocation.executableAddress()), GPRInfo::nonArgGPR2);
stubJit.restoreReturnAddressBeforeReturn(GPRInfo::nonArgGPR2);
Modified: tags/Safari-538.7.1/Source/_javascript_Core/jit/ThunkGenerators.cpp (160059 => 160060)
--- tags/Safari-538.7.1/Source/_javascript_Core/jit/ThunkGenerators.cpp 2013-12-04 00:36:00 UTC (rev 160059)
+++ tags/Safari-538.7.1/Source/_javascript_Core/jit/ThunkGenerators.cpp 2013-12-04 00:51:13 UTC (rev 160060)
@@ -109,7 +109,7 @@
// The return address is on the stack or in the link register. We will hence
// save the return address to the call frame while we make a C++ function call
// to perform linking and lazy compilation if necessary. We expect the callee
- // to be in nonArgGPR0/nonArgGPR1 (payload/tag), the CallFrame to have already
+ // to be in regT0/regT1 (payload/tag), the CallFrame to have already
// been adjusted, and all other registers to be available for use.
CCallHelpers jit(vm);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
