[webkit-changes] [174294] trunk/Source/JavaScriptCore

Fri, 03 Oct 2014 14:46:41 -0700

Title: [174294] trunk/Source/_javascript_Core
Revision
174294
Author
[email protected]
Date
2014-10-03 14:46:14 -0700 (Fri, 03 Oct 2014)

Log Message

tearoff_arguments should always refer to the unmodified arguments register
https://bugs.webkit.org/show_bug.cgi?id=137406

Reviewed by Michael Saboff.

To simplify subsequent work, and remove unnecessary work from
actual execution this patch simply ensures that tear_off_arguments
refers to the actual unmodified arguments register.

* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitReturn):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_tear_off_arguments):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_tear_off_arguments):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (174293 => 174294)


--- trunk/Source/_javascript_Core/ChangeLog	2014-10-03 21:43:18 UTC (rev 174293)
+++ trunk/Source/_javascript_Core/ChangeLog	2014-10-03 21:46:14 UTC (rev 174294)
@@ -1,3 +1,27 @@
+2014-10-03  Oliver Hunt  <[email protected]>
+
+        tearoff_arguments should always refer to the unmodified arguments register
+        https://bugs.webkit.org/show_bug.cgi?id=137406
+
+        Reviewed by Michael Saboff.
+
+        To simplify subsequent work, and remove unnecessary work from
+        actual execution this patch simply ensures that tear_off_arguments
+        refers to the actual unmodified arguments register.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitReturn):
+        * dfg/DFGByteCodeParser.cpp:
+        (JSC::DFG::ByteCodeParser::parseBlock):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_tear_off_arguments):
+        * jit/JITOpcodes32_64.cpp:
+        (JSC::JIT::emit_op_tear_off_arguments):
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+        * llint/LowLevelInterpreter32_64.asm:
+        * llint/LowLevelInterpreter64.asm:
+
 2014-10-03  Saam Barati  <[email protected]>
 
         Web Inspector: Move the computation that results in UI strings from JSC to the Web Inspector

Modified: trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp (174293 => 174294)


--- trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp	2014-10-03 21:43:18 UTC (rev 174293)
+++ trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp	2014-10-03 21:46:14 UTC (rev 174294)
@@ -1913,7 +1913,7 @@
 {
     if (m_codeBlock->usesArguments() && m_codeBlock->numParameters() != 1 && !isStrictMode()) {
         emitOpcode(op_tear_off_arguments);
-        instructions().append(m_codeBlock->argumentsRegister().offset());
+        instructions().append(unmodifiedArgumentsRegister(m_codeBlock->argumentsRegister()).offset());
         instructions().append(m_lexicalEnvironmentRegister ? m_lexicalEnvironmentRegister->index() : emitLoad(0, JSValue())->index());
     }

Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (174293 => 174294)


--- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp	2014-10-03 21:43:18 UTC (rev 174293)
+++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp	2014-10-03 21:46:14 UTC (rev 174294)
@@ -3407,7 +3407,7 @@
 
         case op_tear_off_arguments: {
             m_graph.m_hasArguments = true;
-            addToGraph(TearOffArguments, get(unmodifiedArgumentsRegister(VirtualRegister(currentInstruction[1].u.operand))), get(VirtualRegister(currentInstruction[2].u.operand)));
+            addToGraph(TearOffArguments, get(VirtualRegister(currentInstruction[1].u.operand)), get(VirtualRegister(currentInstruction[2].u.operand)));
             NEXT_OPCODE(op_tear_off_arguments);
         }

Modified: trunk/Source/_javascript_Core/jit/JITOpcodes.cpp (174293 => 174294)


--- trunk/Source/_javascript_Core/jit/JITOpcodes.cpp	2014-10-03 21:43:18 UTC (rev 174293)
+++ trunk/Source/_javascript_Core/jit/JITOpcodes.cpp	2014-10-03 21:46:14 UTC (rev 174294)
@@ -229,8 +229,8 @@
     int arguments = currentInstruction[1].u.operand;
     int lexicalEnvironment = currentInstruction[2].u.operand;
 
-    Jump argsNotCreated = branchTest64(Zero, Address(callFrameRegister, sizeof(Register) * (unmodifiedArgumentsRegister(VirtualRegister(arguments)).offset())));
-    emitGetVirtualRegister(unmodifiedArgumentsRegister(VirtualRegister(arguments)).offset(), regT0);
+    Jump argsNotCreated = branchTest64(Zero, Address(callFrameRegister, sizeof(Register) * (VirtualRegister(arguments).offset())));
+    emitGetVirtualRegister(VirtualRegister(arguments).offset(), regT0);
     emitGetVirtualRegister(lexicalEnvironment, regT1);
     callOperation(operationTearOffArguments, regT0, regT1);
     argsNotCreated.link(this);

Modified: trunk/Source/_javascript_Core/jit/JITOpcodes32_64.cpp (174293 => 174294)


--- trunk/Source/_javascript_Core/jit/JITOpcodes32_64.cpp	2014-10-03 21:43:18 UTC (rev 174293)
+++ trunk/Source/_javascript_Core/jit/JITOpcodes32_64.cpp	2014-10-03 21:46:14 UTC (rev 174294)
@@ -345,8 +345,8 @@
     VirtualRegister arguments = VirtualRegister(currentInstruction[1].u.operand);
     int lexicalEnvironment = currentInstruction[2].u.operand;
 
-    Jump argsNotCreated = branch32(Equal, tagFor(unmodifiedArgumentsRegister(arguments).offset()), TrustedImm32(JSValue::EmptyValueTag));
-    emitLoadPayload(unmodifiedArgumentsRegister(VirtualRegister(arguments)).offset(), regT0);
+    Jump argsNotCreated = branch32(Equal, tagFor(arguments.offset()), TrustedImm32(JSValue::EmptyValueTag));
+    emitLoadPayload(arguments.offset(), regT0);
     emitLoadPayload(lexicalEnvironment, regT1);
     callOperation(operationTearOffArguments, regT0, regT1);
     argsNotCreated.link(this);

Modified: trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp (174293 => 174294)


--- trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp	2014-10-03 21:43:18 UTC (rev 174293)
+++ trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp	2014-10-03 21:46:14 UTC (rev 174294)
@@ -1249,7 +1249,7 @@
 {
     LLINT_BEGIN();
     ASSERT(exec->codeBlock()->usesArguments());
-    Arguments* arguments = jsCast<Arguments*>(exec->uncheckedR(unmodifiedArgumentsRegister(VirtualRegister(pc[1].u.operand)).offset()).jsValue());
+    Arguments* arguments = jsCast<Arguments*>(exec->uncheckedR(VirtualRegister(pc[1].u.operand).offset()).jsValue());
     if (JSValue activationValue = LLINT_OP_C(2).jsValue())
         arguments->didTearOffActivation(exec, jsCast<JSLexicalEnvironment*>(activationValue));
     else

Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm (174293 => 174294)


--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm	2014-10-03 21:43:18 UTC (rev 174293)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm	2014-10-03 21:46:14 UTC (rev 174294)
@@ -1955,7 +1955,6 @@
 _llint_op_tear_off_arguments:
     traceExecution()
     loadi 4[PC], t0
-    addi 1, t0   # Get the unmodifiedArgumentsRegister
     bieq TagOffset[cfr, t0, 8], EmptyValueTag, .opTearOffArgumentsNotCreated
     callSlowPath(_llint_slow_path_tear_off_arguments)
 .opTearOffArgumentsNotCreated:

Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm (174293 => 174294)


--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm	2014-10-03 21:43:18 UTC (rev 174293)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm	2014-10-03 21:46:14 UTC (rev 174294)
@@ -1813,7 +1813,6 @@
 _llint_op_tear_off_arguments:
     traceExecution()
     loadisFromInstruction(1, t0)
-    addq 1, t0   # Get the unmodifiedArgumentsRegister
     btqz [cfr, t0, 8], .opTearOffArgumentsNotCreated
     callSlowPath(_llint_slow_path_tear_off_arguments)
 .opTearOffArgumentsNotCreated:

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to