Title: [180737] releases/WebKitGTK/webkit-2.8/Source/_javascript_Core
- Revision
- 180737
- Author
- [email protected]
- Date
- 2015-02-27 04:00:38 -0800 (Fri, 27 Feb 2015)
Log Message
Merge r180237 - StackLayoutPhase should use CodeBlock::usesArguments rather than FunctionExecutable::usesArguments
https://bugs.webkit.org/show_bug.cgi?id=141721
rdar://problem/17198633
Reviewed by Michael Saboff.
I've seen cases where the two are out of sync. We know we can trust the CodeBlock::usesArguments because
we use it everywhere else.
No test because I could never reproduce the crash.
* dfg/DFGGraph.h:
(JSC::DFG::Graph::usesArguments):
* dfg/DFGStackLayoutPhase.cpp:
(JSC::DFG::StackLayoutPhase::run):
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.8/Source/_javascript_Core/ChangeLog (180736 => 180737)
--- releases/WebKitGTK/webkit-2.8/Source/_javascript_Core/ChangeLog 2015-02-27 11:57:41 UTC (rev 180736)
+++ releases/WebKitGTK/webkit-2.8/Source/_javascript_Core/ChangeLog 2015-02-27 12:00:38 UTC (rev 180737)
@@ -1,5 +1,23 @@
2015-02-17 Filip Pizlo <[email protected]>
+ StackLayoutPhase should use CodeBlock::usesArguments rather than FunctionExecutable::usesArguments
+ https://bugs.webkit.org/show_bug.cgi?id=141721
+ rdar://problem/17198633
+
+ Reviewed by Michael Saboff.
+
+ I've seen cases where the two are out of sync. We know we can trust the CodeBlock::usesArguments because
+ we use it everywhere else.
+
+ No test because I could never reproduce the crash.
+
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::usesArguments):
+ * dfg/DFGStackLayoutPhase.cpp:
+ (JSC::DFG::StackLayoutPhase::run):
+
+2015-02-17 Filip Pizlo <[email protected]>
+
Throwing from an FTL call IC slow path may result in tag registers being clobbered on 64-bit CPUs
https://bugs.webkit.org/show_bug.cgi?id=141717
rdar://problem/19863382
Modified: releases/WebKitGTK/webkit-2.8/Source/_javascript_Core/dfg/DFGGraph.h (180736 => 180737)
--- releases/WebKitGTK/webkit-2.8/Source/_javascript_Core/dfg/DFGGraph.h 2015-02-27 11:57:41 UTC (rev 180736)
+++ releases/WebKitGTK/webkit-2.8/Source/_javascript_Core/dfg/DFGGraph.h 2015-02-27 12:00:38 UTC (rev 180737)
@@ -406,6 +406,14 @@
return hasExitSite(node->origin.semantic, exitKind);
}
+ bool usesArguments(InlineCallFrame* inlineCallFrame)
+ {
+ if (!inlineCallFrame)
+ return m_profiledBlock->usesArguments();
+
+ return baselineCodeBlockForInlineCallFrame(inlineCallFrame)->usesArguments();
+ }
+
VirtualRegister argumentsRegisterFor(InlineCallFrame* inlineCallFrame)
{
if (!inlineCallFrame)
Modified: releases/WebKitGTK/webkit-2.8/Source/_javascript_Core/dfg/DFGStackLayoutPhase.cpp (180736 => 180737)
--- releases/WebKitGTK/webkit-2.8/Source/_javascript_Core/dfg/DFGStackLayoutPhase.cpp 2015-02-27 11:57:41 UTC (rev 180736)
+++ releases/WebKitGTK/webkit-2.8/Source/_javascript_Core/dfg/DFGStackLayoutPhase.cpp 2015-02-27 12:00:38 UTC (rev 180737)
@@ -106,7 +106,7 @@
usedLocals.set(codeBlock()->activationRegister().toLocal());
for (InlineCallFrameSet::iterator iter = m_graph.m_plan.inlineCallFrames->begin(); !!iter; ++iter) {
InlineCallFrame* inlineCallFrame = *iter;
- if (!inlineCallFrame->executable->usesArguments())
+ if (!m_graph.usesArguments(inlineCallFrame))
continue;
VirtualRegister argumentsRegister = m_graph.argumentsRegisterFor(inlineCallFrame);
@@ -175,7 +175,7 @@
InlineVariableData data = ""
InlineCallFrame* inlineCallFrame = data.inlineCallFrame;
- if (inlineCallFrame->executable->usesArguments()) {
+ if (m_graph.usesArguments(inlineCallFrame)) {
inlineCallFrame->argumentsRegister = virtualRegisterForLocal(
allocation[m_graph.argumentsRegisterFor(inlineCallFrame).toLocal()]);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
