Changeset 143800 in webkit
- Timestamp:
- Feb 22, 2013, 2:38:14 PM (12 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 2 edited
-
ChangeLog (modified) (1 diff)
-
dfg/DFGSpeculativeJIT.cpp (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r143768 r143800 1 2013-02-22 Filip Pizlo <fpizlo@apple.com> 2 3 REGRESSION(r143654): some fast/js test crashes on 32 bit build 4 https://bugs.webkit.org/show_bug.cgi?id=110590 5 6 Reviewed by Mark Hahnenberg. 7 8 In compileValueToInt32, the refactoring in r143654 undid one of the fixes from 9 r143314 due to a merge goof. 10 11 In speculateNumber, we were simply forgetting to indicate that we need a 12 ManualOperandSpeculation on a JSValueOperand. ManualOperandSpeculation should 13 be passed whenever you will be performing the type checks yourself rather than 14 using the operand class to do it for you. 15 16 * dfg/DFGSpeculativeJIT.cpp: 17 (JSC::DFG::SpeculativeJIT::compileValueToInt32): 18 (JSC::DFG::SpeculativeJIT::speculateNumber): 19 1 20 2013-02-22 Geoffrey Garen <ggaren@apple.com> 2 21 -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
r143654 r143800 2289 2289 } 2290 2290 case GeneratedOperandTypeUnknown: 2291 RELEASE_ASSERT _NOT_REACHED();2291 RELEASE_ASSERT(!m_compileOkay); 2292 2292 return; 2293 2293 } … … 3945 3945 isInteger.link(&m_jit); 3946 3946 #else 3947 JSValueOperand op1(this, edge );3947 JSValueOperand op1(this, edge, ManualOperandSpeculation); 3948 3948 JITCompiler::Jump isInteger = m_jit.branch32(MacroAssembler::Equal, operand.tagGPR(), TrustedImm32(JSValue::Int32Tag)); 3949 3949 typeCheck(
Note:
See TracChangeset
for help on using the changeset viewer.
