Title: [172398] trunk/Source/_javascript_Core
- Revision
- 172398
- Author
- [email protected]
- Date
- 2014-08-11 11:39:52 -0700 (Mon, 11 Aug 2014)
Log Message
JIT should use full 64-bit stores for jsBoolean and jsNull
https://bugs.webkit.org/show_bug.cgi?id=135784
Reviewed by Michael Saboff.
This guarantees that we set the high bits of the register with the correct tag.
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_has_structure_property):
(JSC::JIT::emit_op_next_enumerator_pname):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (172397 => 172398)
--- trunk/Source/_javascript_Core/ChangeLog 2014-08-11 18:23:29 UTC (rev 172397)
+++ trunk/Source/_javascript_Core/ChangeLog 2014-08-11 18:39:52 UTC (rev 172398)
@@ -1,3 +1,18 @@
+2014-08-11 Mark Hahnenberg <[email protected]>
+
+ JIT should use full 64-bit stores for jsBoolean and jsNull
+ https://bugs.webkit.org/show_bug.cgi?id=135784
+
+ Reviewed by Michael Saboff.
+
+ This guarantees that we set the high bits of the register with the correct tag.
+
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_has_structure_property):
+ (JSC::JIT::emit_op_next_enumerator_pname):
+
2014-08-11 Brent Fulgham <[email protected]>
[Win] Adjust build script for Windows production build.
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (172397 => 172398)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2014-08-11 18:23:29 UTC (rev 172397)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2014-08-11 18:39:52 UTC (rev 172398)
@@ -4888,7 +4888,7 @@
MacroAssembler::Jump inBounds = m_jit.branch32(MacroAssembler::Below,
indexGPR, MacroAssembler::Address(enumeratorGPR, JSPropertyNameEnumerator::cachedPropertyNamesLengthOffset()));
- m_jit.move(MacroAssembler::TrustedImm32(ValueNull), resultGPR);
+ m_jit.move(MacroAssembler::TrustedImm64(JSValue::encode(jsNull())), resultGPR);
MacroAssembler::Jump done = m_jit.jump();
inBounds.link(&m_jit);
Modified: trunk/Source/_javascript_Core/jit/JITOpcodes.cpp (172397 => 172398)
--- trunk/Source/_javascript_Core/jit/JITOpcodes.cpp 2014-08-11 18:23:29 UTC (rev 172397)
+++ trunk/Source/_javascript_Core/jit/JITOpcodes.cpp 2014-08-11 18:39:52 UTC (rev 172398)
@@ -1131,7 +1131,7 @@
load32(Address(regT0, JSCell::structureIDOffset()), regT0);
addSlowCase(branch32(NotEqual, regT0, Address(regT1, JSPropertyNameEnumerator::cachedStructureIDOffset())));
- move(TrustedImm32(ValueTrue), regT0);
+ move(TrustedImm64(JSValue::encode(jsBoolean(true))), regT0);
emitPutVirtualRegister(dst);
}
@@ -1320,7 +1320,7 @@
emitGetVirtualRegister(enumerator, regT1);
Jump inBounds = branch32(Below, regT0, Address(regT1, JSPropertyNameEnumerator::cachedPropertyNamesLengthOffset()));
- move(TrustedImm32(ValueNull), regT0);
+ move(TrustedImm64(JSValue::encode(jsNull())), regT0);
Jump done = jump();
inBounds.link(this);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
