Changeset 165325 in webkit


Ignore:
Timestamp:
Mar 7, 2014, 10:26:16 PM (11 years ago)
Author:
mark.lam@apple.com
Message:

Fix bugs in 32-bit Structure implementation.
<https://webkit.org/b/129947>

Reviewed by Mark Hahnenberg.

Added the loading of the Structure (from the JSCell) before use that was
missing in a few places. Also added more test cases to equals-masquerader.js.

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • llint/LowLevelInterpreter32_64.asm:
  • tests/stress/equals-masquerader.js:

(equalsNull):
(notEqualsNull):
(strictEqualsNull):
(strictNotEqualsNull):
(equalsUndefined):
(notEqualsUndefined):
(strictEqualsUndefined):
(strictNotEqualsUndefined):
(isFalsey):
(test):

Location:
trunk/Source/JavaScriptCore
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r165322 r165325  
     12014-03-07  Mark Lam  <mark.lam@apple.com>
     2
     3        Fix bugs in 32-bit Structure implementation.
     4        <https://webkit.org/b/129947>
     5
     6        Reviewed by Mark Hahnenberg.
     7
     8        Added the loading of the Structure (from the JSCell) before use that was
     9        missing in a few places.  Also added more test cases to equals-masquerader.js.
     10
     11        * dfg/DFGSpeculativeJIT32_64.cpp:
     12        (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
     13        (JSC::DFG::SpeculativeJIT::compile):
     14        * dfg/DFGSpeculativeJIT64.cpp:
     15        (JSC::DFG::SpeculativeJIT::compile):
     16        * llint/LowLevelInterpreter32_64.asm:
     17        * tests/stress/equals-masquerader.js:
     18        (equalsNull):
     19        (notEqualsNull):
     20        (strictEqualsNull):
     21        (strictNotEqualsNull):
     22        (equalsUndefined):
     23        (notEqualsUndefined):
     24        (strictEqualsUndefined):
     25        (strictNotEqualsUndefined):
     26        (isFalsey):
     27        (test):
     28
    1292014-03-07  Andrew Trick  <atrick@apple.com>
    230

  • trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp

    r165208 r165325  
    260260        GPRReg remoteGlobalObjectGPR = remoteGlobalObject.gpr();
    261261        m_jit.move(JITCompiler::TrustedImmPtr(m_jit.graph().globalObjectFor(m_currentNode->origin.semantic)), localGlobalObjectGPR);
     262        m_jit.loadPtr(JITCompiler::Address(argPayloadGPR, JSCell::structureIDOffset()), resultPayloadGPR);
    262263        m_jit.loadPtr(JITCompiler::Address(resultPayloadGPR, Structure::globalObjectOffset()), remoteGlobalObjectGPR);
    263264        m_jit.compare32(invert ? JITCompiler::NotEqual : JITCompiler::Equal, localGlobalObjectGPR, remoteGlobalObjectGPR, resultPayloadGPR);
     
    41044105            GPRReg remoteGlobalObjectGPR = remoteGlobalObject.gpr();
    41054106            m_jit.move(TrustedImmPtr(m_jit.globalObjectFor(node->origin.semantic)), localGlobalObjectGPR);
     4107            m_jit.loadPtr(JITCompiler::Address(value.payloadGPR(), JSCell::structureIDOffset()), result.gpr());
    41064108            m_jit.loadPtr(JITCompiler::Address(result.gpr(), Structure::globalObjectOffset()), remoteGlobalObjectGPR);
    41074109            m_jit.compare32(JITCompiler::Equal, localGlobalObjectGPR, remoteGlobalObjectGPR, result.gpr());

  • trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp

    r165208 r165325  
    43914391        GPRTemporary localGlobalObject(this);
    43924392        GPRTemporary remoteGlobalObject(this);
     4393        GPRTemporary scratch(this);
    43934394
    43944395        JITCompiler::Jump isCell = m_jit.branchTest64(JITCompiler::Zero, value.gpr(), GPRInfo::tagMaskRegister);
     
    44144415            GPRReg remoteGlobalObjectGPR = remoteGlobalObject.gpr();
    44154416            m_jit.move(TrustedImmPtr(m_jit.globalObjectFor(node->origin.semantic)), localGlobalObjectGPR);
     4417            m_jit.emitLoadStructure(value.gpr(), result.gpr(), scratch.gpr());
    44164418            m_jit.loadPtr(JITCompiler::Address(result.gpr(), Structure::globalObjectOffset()), remoteGlobalObjectGPR);
    44174419            m_jit.comparePtr(JITCompiler::Equal, localGlobalObjectGPR, remoteGlobalObjectGPR, result.gpr());

  • trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

    r165135 r165325  
    879879    jmp .opEqNullNotImmediate
    880880.opEqNullMasqueradesAsUndefined:
     881    loadp JSCell::m_structureID[t0], t1
    881882    loadp CodeBlock[cfr], t0
    882883    loadp CodeBlock::m_globalObject[t0], t0
     
    925926    jmp .opNeqNullNotImmediate
    926927.opNeqNullMasqueradesAsUndefined:
     928    loadp JSCell::m_structureID[t0], t1
    927929    loadp CodeBlock[cfr], t0
    928930    loadp CodeBlock::m_globalObject[t0], t0

  • trunk/Source/JavaScriptCore/tests/stress/equals-masquerader.js

    r165119 r165325  
    1 function foo(o) {
     1function equalsNull(o) {
    22    return o == null;
    33}
    44
    5 noInline(foo);
     5noInline(equalsNull);
    66
    7 function test(object, outcome) {
    8     var result = foo(object);
     7function notEqualsNull(o) {
     8    return o != null;
     9}
     10
     11noInline(notEqualsNull);
     12
     13function strictEqualsNull(o) {
     14    return o === null;
     15}
     16
     17noInline(strictEqualsNull);
     18
     19function strictNotEqualsNull(o) {
     20    return o !== null;
     21}
     22
     23noInline(strictNotEqualsNull);
     24
     25function equalsUndefined(o) {
     26    return o == void 0;
     27}
     28
     29noInline(equalsUndefined);
     30
     31function notEqualsUndefined(o) {
     32    return o != void 0;
     33}
     34
     35noInline(notEqualsUndefined);
     36
     37function strictEqualsUndefined(o) {
     38    return o === void 0;
     39}
     40
     41noInline(strictEqualsUndefined);
     42
     43function strictNotEqualsUndefined(o) {
     44    return o !== void 0;
     45}
     46
     47noInline(strictNotEqualsNull);
     48
     49function isFalsey(o) {
     50    return !o;
     51}
     52
     53noInline(isFalsey);
     54
     55function test(func, iteration, object, outcome) {
     56    var result = func(object);
    957    if (result != outcome)
    10         throw new Error("Bad result: " + result);
     58        throw new Error("Bad result: " + result + " on iteration " + iteration);
    1159}
    1260
    1361for (var i = 0; i < 100000; ++i) {
    14     test(null, true);
    15     test({}, false);
    16     test(makeMasquerader(), true);
     62    test(equalsNull, i, null, true);
     63    test(equalsNull, i, undefined, true);
     64    test(equalsNull, i, void 0, true);
     65    test(equalsNull, i, {}, false);
     66    test(equalsNull, i, makeMasquerader(), true);
    1767}
     68
     69for (var i = 0; i < 100000; ++i) {
     70    test(notEqualsNull, i, null, false);
     71    test(notEqualsNull, i, undefined, false);
     72    test(notEqualsNull, i, void 0, false);
     73    test(notEqualsNull, i, {}, true);
     74    test(notEqualsNull, i, makeMasquerader(), false);
     75}
     76
     77for (var i = 0; i < 100000; ++i) {
     78    test(strictEqualsNull, i, null, true);
     79    test(strictEqualsNull, i, undefined, false);
     80    test(strictEqualsNull, i, void 0, false);
     81    test(strictEqualsNull, i, {}, false);
     82    test(strictEqualsNull, i, makeMasquerader(), false);
     83}
     84
     85for (var i = 0; i < 100000; ++i) {
     86    test(strictNotEqualsNull, i, null, false);
     87    test(strictNotEqualsNull, i, undefined, true);
     88    test(strictNotEqualsNull, i, void 0, true);
     89    test(strictNotEqualsNull, i, {}, true);
     90    test(strictNotEqualsNull, i, makeMasquerader(), true);
     91}
     92
     93for (var i = 0; i < 100000; ++i) {
     94    test(equalsUndefined, i, null, true);
     95    test(equalsUndefined, i, undefined, true);
     96    test(equalsUndefined, i, void 0, true);
     97    test(equalsUndefined, i, {}, false);
     98    test(equalsUndefined, i, makeMasquerader(), true);
     99}
     100
     101for (var i = 0; i < 100000; ++i) {
     102    test(notEqualsUndefined, i, null, false);
     103    test(notEqualsUndefined, i, undefined, false);
     104    test(notEqualsUndefined, i, void 0, false);
     105    test(notEqualsUndefined, i, {}, true);
     106    test(notEqualsUndefined, i, makeMasquerader(), false);
     107}
     108
     109for (var i = 0; i < 100000; ++i) {
     110    test(strictEqualsUndefined, i, null, false);
     111    test(strictEqualsUndefined, i, undefined, true);
     112    test(strictEqualsUndefined, i, void 0, true);
     113    test(strictEqualsUndefined, i, {}, false);
     114    test(strictEqualsUndefined, i, makeMasquerader(), false);
     115}
     116
     117for (var i = 0; i < 100000; ++i) {
     118    test(strictNotEqualsUndefined, i, null, true);
     119    test(strictNotEqualsUndefined, i, undefined, false);
     120    test(strictNotEqualsUndefined, i, void 0, false);
     121    test(strictNotEqualsUndefined, i, {}, true);
     122    test(strictNotEqualsUndefined, i, makeMasquerader(), true);
     123}
     124
     125for (var i = 0; i < 100000; ++i) {
     126    test(isFalsey, i, null, true);
     127    test(isFalsey, i, undefined, true);
     128    test(isFalsey, i, void 0, true);
     129    test(isFalsey, i, {}, false);
     130    test(isFalsey, i, makeMasquerader(), true);
     131}
Note: See TracChangeset for help on using the changeset viewer.