Skip to site navigation (Press enter)

[webkit-changes] [199481] releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

carlosgc Wed, 13 Apr 2016 07:51:57 -0700

Title: [199481] releases/WebKitGTK/webkit-2.12/Source/_javascript_Core

Revision: 199481
Author: [email protected]
Date: 2016-04-13 07:51:36 -0700 (Wed, 13 Apr 2016)

Log Message

Merge r199025 - [JSC][x86] Fix an assertion in MacroAssembler::branch8()
https://bugs.webkit.org/show_bug.cgi?id=156181


Patch by Benjamin Poulain <[email protected]> on 2016-04-04
Reviewed by Geoffrey Garen.

* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::branch8):
The test was wrong because valid negative numbers have ones
in the top bits.

I replaced the assertion to be explicit about the valid range.

Modified Paths

releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/ChangeLog
releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/assembler/MacroAssemblerX86Common.h

Diff

Modified: releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/ChangeLog (199480 => 199481)


--- releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/ChangeLog	2016-04-13 13:52:16 UTC (rev 199480)
+++ releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/ChangeLog	2016-04-13 14:51:36 UTC (rev 199481)
@@ -1,3 +1,17 @@
+2016-04-04  Benjamin Poulain  <[email protected]>
+
+        [JSC][x86] Fix an assertion in MacroAssembler::branch8()
+        https://bugs.webkit.org/show_bug.cgi?id=156181
+
+        Reviewed by Geoffrey Garen.
+
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::branch8):
+        The test was wrong because valid negative numbers have ones
+        in the top bits.
+
+        I replaced the assertion to be explicit about the valid range.
+
 2016-03-31  Yusuke Suzuki  <[email protected]>
 
         Fails to build in Linux / PowerPC due to different ucontext_t definition

Modified: releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/assembler/MacroAssemblerX86Common.h (199480 => 199481)


--- releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/assembler/MacroAssemblerX86Common.h	2016-04-13 13:52:16 UTC (rev 199480)
+++ releases/WebKitGTK/webkit-2.12/Source/_javascript_Core/assembler/MacroAssemblerX86Common.h	2016-04-13 14:51:36 UTC (rev 199481)
@@ -2072,7 +2072,7 @@
 
     Jump branch8(RelationalCondition cond, BaseIndex left, TrustedImm32 right)
     {
-        ASSERT(!(right.m_value & 0xFFFFFF00));
+        ASSERT(std::numeric_limits<int8_t>::min() <= right.m_value && right.m_value <= std::numeric_limits<int8_t>::max());
 
         m_assembler.cmpb_im(right.m_value, left.offset, left.base, left.index, left.scale);
         return Jump(m_assembler.jCC(x86Condition(cond)));

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes