Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (174089 => 174090)
--- trunk/Source/_javascript_Core/ChangeLog 2014-09-29 22:23:20 UTC (rev 174089)
+++ trunk/Source/_javascript_Core/ChangeLog 2014-09-29 22:25:51 UTC (rev 174090)
@@ -1,3 +1,45 @@
+2014-09-29 Filip Pizlo <[email protected]>
+
+ Don't use GPRResult unless you're flushing registers and making a runtime function call
+ https://bugs.webkit.org/show_bug.cgi?id=137234
+
+ Rubber stamped by Andreas Kling.
+
+ Rename GPRResult to GPRFlushedCallResult, in an attempt to dissuade people from using it for results in the
+ general case.
+
+ Replace GPRResult with GPRTemporary in those places where it was causing bugs: particularly in GetDirectPname it
+ would cause us to spill the register that has the base, and the code was assuming (rightly) that the base and the
+ result were in different registers. That's a valid assumption when using GPRTemporary but not with GPRResult.
+ Also this code wasn't getting any benefit from using GPRResult because it wasn't doing flushRegisters().
+
+ I don't know how to test this. A test would require setting up a particularly awkward register allocation state.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileIn):
+ (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
+ (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression):
+ (JSC::DFG::SpeculativeJIT::compileRegExpExec):
+ (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
+ (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
+ (JSC::DFG::SpeculativeJIT::compileToStringOnCell):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::GPRFlushedCallResult::GPRFlushedCallResult):
+ (JSC::DFG::GPRFlushedCallResult2::GPRFlushedCallResult2):
+ (JSC::DFG::GPRResult::GPRResult): Deleted.
+ (JSC::DFG::GPRResult2::GPRResult2): Deleted.
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
+ (JSC::DFG::SpeculativeJIT::emitCall):
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::speculateDoubleRepMachineInt):
+
2014-09-29 Diego Pino Garcia <[email protected]>
Missing changes from r174049
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (174089 => 174090)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2014-09-29 22:23:20 UTC (rev 174089)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2014-09-29 22:25:51 UTC (rev 174090)
@@ -899,7 +899,7 @@
JSValueOperand key(this, node->child1());
JSValueRegs regs = key.jsValueRegs();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
base.use();
@@ -4154,7 +4154,7 @@
void SpeculativeJIT::compileNewFunctionNoCheck(Node* node)
{
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
flushRegisters();
callOperation(
@@ -4164,7 +4164,7 @@
void SpeculativeJIT::compileNewFunctionExpression(Node* node)
{
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
flushRegisters();
callOperation(
@@ -4199,7 +4199,7 @@
GPRReg argumentGPR = argument.gpr();
flushRegisters();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
callOperation(operationRegExpTest, result.gpr(), baseGPR, argumentGPR);
branchTest32(invert ? JITCompiler::Zero : JITCompiler::NonZero, result.gpr(), taken);
@@ -4222,7 +4222,7 @@
flushRegisters();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
callOperation(operationReallocateButterflyToHavePropertyStorageWithInitialCapacity, result.gpr(), baseGPR);
storageResult(result.gpr(), node);
@@ -4265,7 +4265,7 @@
flushRegisters();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
callOperation(operationReallocateButterflyToGrowPropertyStorage, result.gpr(), baseGPR, newSize / sizeof(JSValue));
storageResult(result.gpr(), node);
@@ -4354,7 +4354,7 @@
}
case CellUse: {
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
// We flush registers instead of silent spill/fill because in this mode we
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h (174089 => 174090)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2014-09-29 22:23:20 UTC (rev 174089)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2014-09-29 22:25:51 UTC (rev 174090)
@@ -2690,18 +2690,18 @@
//
// These classes lock the result of a call to a C++ helper function.
-class GPRResult : public GPRTemporary {
+class GPRFlushedCallResult : public GPRTemporary {
public:
- GPRResult(SpeculativeJIT* jit)
+ GPRFlushedCallResult(SpeculativeJIT* jit)
: GPRTemporary(jit, GPRInfo::returnValueGPR)
{
}
};
#if USE(JSVALUE32_64)
-class GPRResult2 : public GPRTemporary {
+class GPRFlushedCallResult2 : public GPRTemporary {
public:
- GPRResult2(SpeculativeJIT* jit)
+ GPRFlushedCallResult2(SpeculativeJIT* jit)
: GPRTemporary(jit, GPRInfo::returnValueGPR2)
{
}
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (174089 => 174090)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2014-09-29 22:23:20 UTC (rev 174089)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2014-09-29 22:25:51 UTC (rev 174090)
@@ -396,7 +396,7 @@
JITCompiler::JumpList slowPath;
if (isKnownNotInteger(node->child1().node()) || isKnownNotInteger(node->child2().node())) {
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
arg1.use();
@@ -487,7 +487,7 @@
JITCompiler::JumpList slowPath;
if (isKnownNotInteger(node->child1().node()) || isKnownNotInteger(node->child2().node())) {
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultPayloadGPR = result.gpr();
arg1.use();
@@ -677,8 +677,8 @@
flushRegisters();
- GPRResult resultPayload(this);
- GPRResult2 resultTag(this);
+ GPRFlushedCallResult resultPayload(this);
+ GPRFlushedCallResult2 resultTag(this);
GPRReg resultPayloadGPR = resultPayload.gpr();
GPRReg resultTagGPR = resultTag.gpr();
@@ -1943,8 +1943,8 @@
flushRegisters();
- GPRResult2 resultTag(this);
- GPRResult resultPayload(this);
+ GPRFlushedCallResult2 resultTag(this);
+ GPRFlushedCallResult resultPayload(this);
if (isKnownNotNumber(node->child1().node()) || isKnownNotNumber(node->child2().node()))
callOperation(operationValueAddNotNumber, resultTag.gpr(), resultPayload.gpr(), op1TagGPR, op1PayloadGPR, op2TagGPR, op2PayloadGPR);
else
@@ -2217,8 +2217,8 @@
GPRReg propertyPayloadGPR = property.payloadGPR();
flushRegisters();
- GPRResult2 resultTag(this);
- GPRResult resultPayload(this);
+ GPRFlushedCallResult2 resultTag(this);
+ GPRFlushedCallResult resultPayload(this);
callOperation(operationGetByValCell, resultTag.gpr(), resultPayload.gpr(), baseGPR, propertyTagGPR, propertyPayloadGPR);
jsValueResult(resultTag.gpr(), resultPayload.gpr(), node);
@@ -2616,7 +2616,7 @@
GPRReg argumentGPR = argument.gpr();
flushRegisters();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
callOperation(operationRegExpTest, result.gpr(), baseGPR, argumentGPR);
// Must use jsValueResult because otherwise we screw up register
@@ -2631,8 +2631,8 @@
GPRReg argumentGPR = argument.gpr();
flushRegisters();
- GPRResult2 resultTag(this);
- GPRResult resultPayload(this);
+ GPRFlushedCallResult2 resultTag(this);
+ GPRFlushedCallResult resultPayload(this);
callOperation(operationRegExpExec, resultTag.gpr(), resultPayload.gpr(), baseGPR, argumentGPR);
jsValueResult(resultTag.gpr(), resultPayload.gpr(), node);
@@ -2646,7 +2646,7 @@
GPRReg argumentGPR = argument.gpr();
flushRegisters();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
callOperation(operationRegExpTest, result.gpr(), baseGPR, argumentGPR);
// If we add a DataFormatBool, we should use it here.
@@ -3035,7 +3035,7 @@
GPRReg op1PayloadGPR = op1.payloadGPR();
GPRReg op1TagGPR = op1.tagGPR();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
flushRegisters();
@@ -3144,7 +3144,7 @@
if (!node->numChildren()) {
flushRegisters();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
callOperation(
operationNewEmptyArray, result.gpr(), globalObject->arrayStructureForIndexingTypeDuringAllocation(node->indexingType()));
cellResult(result.gpr(), node);
@@ -3219,7 +3219,7 @@
m_jit.storePtr(TrustedImmPtr(scratchSize), scratch.gpr());
}
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
callOperation(
operationNewArray, result.gpr(), globalObject->arrayStructureForIndexingTypeDuringAllocation(node->indexingType()),
@@ -3294,7 +3294,7 @@
SpeculateStrictInt32Operand size(this, node->child1());
GPRReg sizeGPR = size.gpr();
flushRegisters();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
GPRReg structureGPR = selectScratchGPR(sizeGPR);
MacroAssembler::Jump bigLength = m_jit.branch32(MacroAssembler::AboveOrEqual, sizeGPR, TrustedImm32(MIN_SPARSE_ARRAY_INDEX));
@@ -3347,7 +3347,7 @@
}
flushRegisters();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
callOperation(operationNewArrayBuffer, result.gpr(), globalObject->arrayStructureForIndexingTypeDuringAllocation(node->indexingType()), node->startConstant(), node->numConstants());
@@ -3367,7 +3367,7 @@
flushRegisters();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
JSGlobalObject* globalObject = m_jit.graph().globalObjectFor(node->origin.semantic);
@@ -3388,8 +3388,8 @@
case NewRegexp: {
flushRegisters();
- GPRResult resultPayload(this);
- GPRResult2 resultTag(this);
+ GPRFlushedCallResult resultPayload(this);
+ GPRFlushedCallResult2 resultTag(this);
callOperation(operationNewRegexp, resultTag.gpr(), resultPayload.gpr(), m_jit.codeBlock()->regexp(node->regexpIndex()));
@@ -3631,8 +3631,8 @@
GPRReg baseGPR = base.gpr();
- GPRResult resultPayload(this);
- GPRResult2 resultTag(this);
+ GPRFlushedCallResult resultPayload(this);
+ GPRFlushedCallResult2 resultTag(this);
GPRReg resultPayloadGPR = resultPayload.gpr();
GPRReg resultTagGPR = resultTag.gpr();
@@ -3651,8 +3651,8 @@
GPRReg baseTagGPR = base.tagGPR();
GPRReg basePayloadGPR = base.payloadGPR();
- GPRResult resultPayload(this);
- GPRResult2 resultTag(this);
+ GPRFlushedCallResult resultPayload(this);
+ GPRFlushedCallResult2 resultTag(this);
GPRReg resultPayloadGPR = resultPayload.gpr();
GPRReg resultTagGPR = resultTag.gpr();
@@ -4075,7 +4075,7 @@
JSValueOperand value(this, node->child1());
GPRReg valueTagGPR = value.tagGPR();
GPRReg valuePayloadGPR = value.payloadGPR();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
flushRegisters();
callOperation(operationIsObject, resultGPR, valueTagGPR, valuePayloadGPR);
@@ -4087,7 +4087,7 @@
JSValueOperand value(this, node->child1());
GPRReg valueTagGPR = value.tagGPR();
GPRReg valuePayloadGPR = value.payloadGPR();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
flushRegisters();
callOperation(operationIsFunction, resultGPR, valueTagGPR, valuePayloadGPR);
@@ -4100,7 +4100,7 @@
GPRReg payloadGPR = value.payloadGPR();
GPRTemporary temp(this);
GPRReg tempGPR = temp.gpr();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
JITCompiler::JumpList doneJumps;
@@ -4597,7 +4597,7 @@
case GetEnumerableLength: {
SpeculateCellOperand base(this, node->child1());
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
flushRegisters();
@@ -4608,8 +4608,8 @@
case HasGenericProperty: {
JSValueOperand base(this, node->child1());
SpeculateCellOperand property(this, node->child2());
- GPRResult resultPayload(this);
- GPRResult2 resultTag(this);
+ GPRFlushedCallResult resultPayload(this);
+ GPRFlushedCallResult2 resultTag(this);
GPRReg basePayloadGPR = base.payloadGPR();
GPRReg baseTagGPR = base.tagGPR();
GPRReg resultPayloadGPR = resultPayload.gpr();
@@ -4625,8 +4625,8 @@
SpeculateCellOperand property(this, node->child2());
SpeculateCellOperand enumerator(this, node->child3());
GPRTemporary scratch(this);
- GPRResult resultPayload(this);
- GPRResult2 resultTag(this);
+ GPRTemporary resultPayload(this);
+ GPRTemporary resultTag(this);
GPRReg baseTagGPR = base.tagGPR();
GPRReg basePayloadGPR = base.payloadGPR();
@@ -4652,8 +4652,8 @@
case HasIndexedProperty: {
SpeculateCellOperand base(this, node->child1());
SpeculateInt32Operand index(this, node->child2());
- GPRResult resultPayload(this);
- GPRResult2 resultTag(this);
+ GPRTemporary resultPayload(this);
+ GPRTemporary resultTag(this);
GPRReg baseGPR = base.gpr();
GPRReg indexGPR = index.gpr();
@@ -4723,22 +4723,31 @@
SpeculateCellOperand base(this, baseEdge);
SpeculateCellOperand property(this, propertyEdge);
- GPRResult resultPayload(this);
- GPRResult2 resultTag(this);
+ GPRReg baseGPR = base.gpr();
+ GPRReg propertyGPR = property.gpr();
+
+#if CPU(X86)
+ GPRFlushedCallResult resultPayload(this);
+ GPRFlushedCallResult2 resultTag(this);
GPRTemporary scratch(this);
- GPRReg baseGPR = base.gpr();
- GPRReg propertyGPR = property.gpr();
GPRReg resultTagGPR = resultTag.gpr();
GPRReg resultPayloadGPR = resultPayload.gpr();
GPRReg scratchGPR = scratch.gpr();
-#if CPU(X86)
// Not enough registers on X86 for this code, so always use the slow path.
flushRegisters();
m_jit.move(MacroAssembler::TrustedImm32(JSValue::CellTag), scratchGPR);
callOperation(operationGetByValCell, resultTagGPR, resultPayloadGPR, baseGPR, scratchGPR, propertyGPR);
#else
+ GPRTemporary resultPayload(this);
+ GPRTemporary resultTag(this);
+ GPRTemporary scratch(this);
+
+ GPRReg resultTagGPR = resultTag.gpr();
+ GPRReg resultPayloadGPR = resultPayload.gpr();
+ GPRReg scratchGPR = scratch.gpr();
+
Edge& indexEdge = m_jit.graph().varArgChild(node, 2);
Edge& enumeratorEdge = m_jit.graph().varArgChild(node, 3);
@@ -4789,7 +4798,7 @@
case GetStructurePropertyEnumerator: {
SpeculateCellOperand base(this, node->child1());
SpeculateInt32Operand length(this, node->child2());
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
flushRegisters();
@@ -4801,7 +4810,7 @@
SpeculateCellOperand base(this, node->child1());
SpeculateInt32Operand length(this, node->child2());
SpeculateCellOperand enumerator(this, node->child3());
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
flushRegisters();
@@ -4813,8 +4822,8 @@
SpeculateCellOperand enumerator(this, node->child1());
SpeculateInt32Operand index(this, node->child2());
GPRTemporary scratch(this);
- GPRResult resultPayload(this);
- GPRResult2 resultTag(this);
+ GPRTemporary resultPayload(this);
+ GPRTemporary resultTag(this);
GPRReg enumeratorGPR = enumerator.gpr();
GPRReg indexGPR = index.gpr();
@@ -4841,7 +4850,7 @@
}
case ToIndexString: {
SpeculateInt32Operand index(this, node->child1());
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
flushRegisters();
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (174089 => 174090)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2014-09-29 22:23:20 UTC (rev 174089)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2014-09-29 22:25:51 UTC (rev 174090)
@@ -354,7 +354,7 @@
JITCompiler::JumpList slowPath;
if (isKnownNotInteger(node->child1().node()) || isKnownNotInteger(node->child2().node())) {
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
arg1.use();
@@ -437,7 +437,7 @@
JITCompiler::JumpList slowPath;
if (isKnownNotInteger(node->child1().node()) || isKnownNotInteger(node->child2().node())) {
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
arg1.use();
@@ -661,7 +661,7 @@
flushRegisters();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
JITCompiler::DataLabelPtr targetToCheck;
@@ -2043,7 +2043,7 @@
}
case MachineIntUse: {
- GPRResult result(this);
+ GPRTemporary result(this);
GPRReg resultGPR = result.gpr();
convertMachineInt(node->child1(), resultGPR);
@@ -2056,7 +2056,7 @@
SpeculateDoubleOperand value(this, node->child1());
FPRReg valueFPR = value.fpr();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
flushRegisters();
@@ -2088,7 +2088,7 @@
flushRegisters();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
if (isKnownNotNumber(node->child1().node()) || isKnownNotNumber(node->child2().node()))
callOperation(operationValueAddNotNumber, result.gpr(), op1GPR, op2GPR);
else
@@ -2352,7 +2352,7 @@
GPRReg propertyGPR = property.gpr();
flushRegisters();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
callOperation(operationGetByVal, result.gpr(), baseGPR, propertyGPR);
jsValueResult(result.gpr(), node);
@@ -2810,7 +2810,7 @@
GPRReg argumentGPR = argument.gpr();
flushRegisters();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
callOperation(operationRegExpTest, result.gpr(), baseGPR, argumentGPR);
// Must use jsValueResult because otherwise we screw up register
@@ -2825,7 +2825,7 @@
GPRReg argumentGPR = argument.gpr();
flushRegisters();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
callOperation(operationRegExpExec, result.gpr(), baseGPR, argumentGPR);
jsValueResult(result.gpr(), node);
@@ -2839,7 +2839,7 @@
GPRReg argumentGPR = argument.gpr();
flushRegisters();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
callOperation(operationRegExpTest, result.gpr(), baseGPR, argumentGPR);
// If we add a DataFormatBool, we should use it here.
@@ -3157,7 +3157,7 @@
JSValueOperand op1(this, node->child1());
GPRReg op1GPR = op1.gpr();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
flushRegisters();
@@ -3265,7 +3265,7 @@
if (!node->numChildren()) {
flushRegisters();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
callOperation(operationNewEmptyArray, result.gpr(), globalObject->arrayStructureForIndexingTypeDuringAllocation(node->indexingType()));
cellResult(result.gpr(), node);
break;
@@ -3344,7 +3344,7 @@
m_jit.storePtr(TrustedImmPtr(scratchSize), scratch.gpr());
}
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
callOperation(
operationNewArray, result.gpr(), globalObject->arrayStructureForIndexingTypeDuringAllocation(node->indexingType()),
@@ -3417,7 +3417,7 @@
SpeculateStrictInt32Operand size(this, node->child1());
GPRReg sizeGPR = size.gpr();
flushRegisters();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
GPRReg structureGPR = selectScratchGPR(sizeGPR);
MacroAssembler::Jump bigLength = m_jit.branch32(MacroAssembler::AboveOrEqual, sizeGPR, TrustedImm32(MIN_SPARSE_ARRAY_INDEX));
@@ -3467,7 +3467,7 @@
}
flushRegisters();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
callOperation(operationNewArrayBuffer, result.gpr(), globalObject->arrayStructureForIndexingTypeDuringAllocation(node->indexingType()), node->startConstant(), node->numConstants());
@@ -3486,7 +3486,7 @@
flushRegisters();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
JSGlobalObject* globalObject = m_jit.graph().globalObjectFor(node->origin.semantic);
@@ -3507,7 +3507,7 @@
case NewRegexp: {
flushRegisters();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
callOperation(operationNewRegexp, result.gpr(), m_jit.codeBlock()->regexp(node->regexpIndex()));
@@ -3730,7 +3730,7 @@
SpeculateCellOperand base(this, node->child1());
GPRReg baseGPR = base.gpr();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
@@ -3748,7 +3748,7 @@
JSValueOperand base(this, node->child1());
GPRReg baseGPR = base.gpr();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
base.use();
@@ -4142,7 +4142,7 @@
case IsObject: {
JSValueOperand value(this, node->child1());
GPRReg valueGPR = value.gpr();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
flushRegisters();
callOperation(operationIsObject, resultGPR, valueGPR);
@@ -4154,7 +4154,7 @@
case IsFunction: {
JSValueOperand value(this, node->child1());
GPRReg valueGPR = value.gpr();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
flushRegisters();
callOperation(operationIsFunction, resultGPR, valueGPR);
@@ -4166,7 +4166,7 @@
case TypeOf: {
JSValueOperand value(this, node->child1(), ManualOperandSpeculation);
GPRReg valueGPR = value.gpr();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
JITCompiler::JumpList doneJumps;
@@ -4668,7 +4668,7 @@
case GetEnumerableLength: {
SpeculateCellOperand base(this, node->child1());
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
flushRegisters();
@@ -4679,7 +4679,7 @@
case HasGenericProperty: {
JSValueOperand base(this, node->child1());
SpeculateCellOperand property(this, node->child2());
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
flushRegisters();
@@ -4692,7 +4692,7 @@
SpeculateCellOperand property(this, node->child2());
SpeculateCellOperand enumerator(this, node->child3());
GPRTemporary scratch(this);
- GPRResult result(this);
+ GPRTemporary result(this);
GPRReg baseGPR = base.gpr();
GPRReg propertyGPR = property.gpr();
@@ -4716,7 +4716,7 @@
case HasIndexedProperty: {
SpeculateCellOperand base(this, node->child1());
SpeculateStrictInt32Operand index(this, node->child2());
- GPRResult result(this);
+ GPRTemporary result(this);
GPRReg baseGPR = base.gpr();
GPRReg indexGPR = index.gpr();
@@ -4802,7 +4802,7 @@
SpeculateCellOperand property(this, propertyEdge);
SpeculateStrictInt32Operand index(this, indexEdge);
SpeculateCellOperand enumerator(this, enumeratorEdge);
- GPRResult result(this);
+ GPRTemporary result(this);
GPRTemporary scratch1(this);
GPRTemporary scratch2(this);
@@ -4848,7 +4848,7 @@
case GetStructurePropertyEnumerator: {
SpeculateCellOperand base(this, node->child1());
SpeculateInt32Operand length(this, node->child2());
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
flushRegisters();
@@ -4860,7 +4860,7 @@
SpeculateCellOperand base(this, node->child1());
SpeculateInt32Operand length(this, node->child2());
SpeculateCellOperand enumerator(this, node->child3());
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
flushRegisters();
@@ -4872,7 +4872,7 @@
SpeculateCellOperand enumerator(this, node->child1());
SpeculateStrictInt32Operand index(this, node->child2());
GPRTemporary scratch1(this);
- GPRResult result(this);
+ GPRTemporary result(this);
GPRReg enumeratorGPR = enumerator.gpr();
GPRReg indexGPR = index.gpr();
@@ -4896,7 +4896,7 @@
}
case ToIndexString: {
SpeculateInt32Operand index(this, node->child1());
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
flushRegisters();
@@ -5112,7 +5112,7 @@
SpeculateDoubleOperand value(this, edge);
FPRReg valueFPR = value.fpr();
- GPRResult result(this);
+ GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
flushRegisters();
