Title: [170082] trunk/Source/_javascript_Core
- Revision
- 170082
- Author
- [email protected]
- Date
- 2014-06-17 16:05:48 -0700 (Tue, 17 Jun 2014)
Log Message
DFGGraph::m_doubleConstantMap will not map 0 values correctly.
<https://webkit.org/b/133994>
Reviewed by Geoffrey Garen.
DFGGraph::m_doubleConstantsMap should not use a double as a key to its HashMap,
because it means two unfortunate things:
- It will probably break for zero.
- It will think that -0 is the same as +0 under some circumstances, size
-0==+0 even though they are distinct values (for example 1/-0 != 1/+0).
The fix is to use std::unordered_map which does not require special empty
and deleted values, and to use the raw bits instead of the double value as
the key.
* dfg/DFGGraph.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::addressOfDoubleConstant):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (170081 => 170082)
--- trunk/Source/_javascript_Core/ChangeLog 2014-06-17 22:35:21 UTC (rev 170081)
+++ trunk/Source/_javascript_Core/ChangeLog 2014-06-17 23:05:48 UTC (rev 170082)
@@ -1,3 +1,24 @@
+2014-06-17 Mark Lam <[email protected]>
+
+ DFGGraph::m_doubleConstantMap will not map 0 values correctly.
+ <https://webkit.org/b/133994>
+
+ Reviewed by Geoffrey Garen.
+
+ DFGGraph::m_doubleConstantsMap should not use a double as a key to its HashMap,
+ because it means two unfortunate things:
+ - It will probably break for zero.
+ - It will think that -0 is the same as +0 under some circumstances, size
+ -0==+0 even though they are distinct values (for example 1/-0 != 1/+0).
+
+ The fix is to use std::unordered_map which does not require special empty
+ and deleted values, and to use the raw bits instead of the double value as
+ the key.
+
+ * dfg/DFGGraph.h:
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::addressOfDoubleConstant):
+
2014-06-17 Oliver Hunt <[email protected]>
Fix error messages for incorrect hex literals
Modified: trunk/Source/_javascript_Core/dfg/DFGGraph.h (170081 => 170082)
--- trunk/Source/_javascript_Core/dfg/DFGGraph.h 2014-06-17 22:35:21 UTC (rev 170081)
+++ trunk/Source/_javascript_Core/dfg/DFGGraph.h 2014-06-17 23:05:48 UTC (rev 170082)
@@ -41,6 +41,7 @@
#include "DFGScannable.h"
#include "JSStack.h"
#include "MethodOfGettingAValueProfile.h"
+#include <unordered_map>
#include <wtf/BitVector.h>
#include <wtf/HashMap.h>
#include <wtf/Vector.h>
@@ -854,7 +855,7 @@
std::unique_ptr<SlowArgument[]> m_slowArguments;
#if USE(JSVALUE32_64)
- HashMap<double, double*> m_doubleConstantsMap;
+ std::unordered_map<int64_t, double*> m_doubleConstantsMap;
std::unique_ptr<Bag<double>> m_doubleConstants;
#endif
Modified: trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp (170081 => 170082)
--- trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp 2014-06-17 22:35:21 UTC (rev 170081)
+++ trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp 2014-06-17 23:05:48 UTC (rev 170082)
@@ -443,8 +443,8 @@
JSValue jsvalue = node->valueOfJSConstant(codeBlock());
ASSERT(jsvalue.isDouble());
- double value = jsvalue.asDouble();
- auto it = m_graph.m_doubleConstantsMap.find(value);
+ int64_t valueBits = jsvalue.asMachineInt();
+ auto it = m_graph.m_doubleConstantsMap.find(valueBits);
if (it != m_graph.m_doubleConstantsMap.end())
return it->value;
@@ -452,8 +452,8 @@
m_graph.m_doubleConstants = std::make_unique<Bag<double>>();
double* addressInConstantPool = m_graph.m_doubleConstants->add();
- *addressInConstantPool = value;
- m_graph.m_doubleConstantsMap.add(value, addressInConstantPool);
+ *addressInConstantPool = jsvalue.asDouble();
+ m_graph.m_doubleConstantsMap[valueBits] = addressInConstantPool;
return addressInConstantPool;
}
#endif
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
