Changeset 229815 in webkit

Timestamp:

Mar 21, 2018 11:23:30 AM (6 years ago)

Author:

mark.lam@apple.com

Message:

Use CodeBlock::instructions()[] and CodeBlock::bytecodeOffset() instead of doing own pointer math.
​https://bugs.webkit.org/show_bug.cgi?id=183857
<rdar://problem/38712184>

Reviewed by JF Bastien.

We should avoid doing pointer math with CodeBlock::instructions().begin().
Instead, we should use the operator[] that comes with CodeBlock::instructions()
for computing an Instruction*, and use CodeBlock::bytecodeOffset() for computing
the bytecode offset of a given Instruction*. These methods will do assertions
which helps catch bugs sooner, plus they are more descriptive of the operation
we're trying to do.

• bytecode/BytecodeKills.h:

(JSC::BytecodeKills::operandIsKilled const):
(JSC::BytecodeKills::forEachOperandKilledAt const):

• bytecode/CallLinkStatus.cpp:

(JSC::CallLinkStatus::computeFromLLInt):

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::arithProfileForBytecodeOffset):
(JSC::CodeBlock::bytecodeOffsetFromCallSiteIndex):

• bytecode/GetByIdStatus.cpp:

(JSC::GetByIdStatus::computeFromLLInt):

• bytecode/PutByIdStatus.cpp:

(JSC::PutByIdStatus::computeFromLLInt):

• dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):

• dfg/DFGOSRExit.cpp:

(JSC::DFG::reifyInlinedCallFrames):

• dfg/DFGOSRExitCompilerCommon.cpp:

(JSC::DFG::reifyInlinedCallFrames):

• interpreter/CallFrame.cpp:

(JSC::CallFrame::callSiteBitsAsBytecodeOffset const):
(JSC::CallFrame::currentVPC const):
(JSC::CallFrame::setCurrentVPC):

• jit/JITCall.cpp:

(JSC::JIT::compileOpCall):

• jit/JITInlines.h:

(JSC::JIT::updateTopCallFrame):
(JSC::JIT::copiedInstruction):

• jit/JITOpcodes.cpp:

(JSC::JIT::privateCompileHasIndexedProperty):

• jit/JITOpcodes32_64.cpp:

(JSC::JIT::privateCompileHasIndexedProperty):

• jit/JITPropertyAccess.cpp:

(JSC::JIT::privateCompileGetByVal):
(JSC::JIT::privateCompileGetByValWithCachedId):
(JSC::JIT::privateCompilePutByVal):
(JSC::JIT::privateCompilePutByValWithCachedId):

• jit/SlowPathCall.h:

(JSC::JITSlowPathCall::call):

• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::llint_trace_operand):
(JSC::LLInt::llint_trace_value):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::setupGetByIdPrototypeCache): Deleted.
(JSC::LLInt::getByVal): Deleted.
(JSC::LLInt::handleHostCall): Deleted.
(JSC::LLInt::setUpCall): Deleted.
(JSC::LLInt::genericCall): Deleted.
(JSC::LLInt::varargsSetup): Deleted.
(JSC::LLInt::llint_throw_stack_overflow_error): Deleted.
(JSC::LLInt::llint_stack_check_at_vm_entry): Deleted.
(JSC::LLInt::llint_write_barrier_slow): Deleted.
(JSC::LLInt::llint_crash): Deleted.

• runtime/SamplingProfiler.cpp:

(JSC::tryGetBytecodeIndex):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• bytecode/BytecodeKills.h (modified) (2 diffs)
• bytecode/CallLinkStatus.cpp (modified) (1 diff)
• bytecode/CodeBlock.cpp (modified) (3 diffs)
• bytecode/GetByIdStatus.cpp (modified) (1 diff)
• bytecode/PutByIdStatus.cpp (modified) (1 diff)
• dfg/DFGByteCodeParser.cpp (modified) (1 diff)
• dfg/DFGOSRExit.cpp (modified) (2 diffs)
• dfg/DFGOSRExitCompilerCommon.cpp (modified) (2 diffs)
• interpreter/CallFrame.cpp (modified) (2 diffs)
• jit/JITCall.cpp (modified) (1 diff)
• jit/JITInlines.h (modified) (2 diffs)
• jit/JITOpcodes.cpp (modified) (1 diff)
• jit/JITOpcodes32_64.cpp (modified) (1 diff)
• jit/JITPropertyAccess.cpp (modified) (4 diffs)
• jit/SlowPathCall.h (modified) (2 diffs)
• llint/LLIntSlowPaths.cpp (modified) (8 diffs)
• runtime/SamplingProfiler.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2018-03-21  Mark Lam  <mark.lam@apple.com>
+
+        Use CodeBlock::instructions()[] and CodeBlock::bytecodeOffset() instead of doing own pointer math.
+        https://bugs.webkit.org/show_bug.cgi?id=183857
+        <rdar://problem/38712184>
+
+        Reviewed by JF Bastien.
+
+        We should avoid doing pointer math with CodeBlock::instructions().begin().
+        Instead, we should use the operator[] that comes with CodeBlock::instructions()
+        for computing an Instruction*, and use CodeBlock::bytecodeOffset() for computing
+        the bytecode offset of a given Instruction*.  These methods will do assertions
+        which helps catch bugs sooner, plus they are more descriptive of the operation
+        we're trying to do.
+
+        * bytecode/BytecodeKills.h:
+        (JSC::BytecodeKills::operandIsKilled const):
+        (JSC::BytecodeKills::forEachOperandKilledAt const):
+        * bytecode/CallLinkStatus.cpp:
+        (JSC::CallLinkStatus::computeFromLLInt):
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dumpBytecode):
+        (JSC::CodeBlock::arithProfileForBytecodeOffset):
+        (JSC::CodeBlock::bytecodeOffsetFromCallSiteIndex):
+        * bytecode/GetByIdStatus.cpp:
+        (JSC::GetByIdStatus::computeFromLLInt):
+        * bytecode/PutByIdStatus.cpp:
+        (JSC::PutByIdStatus::computeFromLLInt):
+        * dfg/DFGByteCodeParser.cpp:
+        (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
+        * dfg/DFGOSRExit.cpp:
+        (JSC::DFG::reifyInlinedCallFrames):
+        * dfg/DFGOSRExitCompilerCommon.cpp:
+        (JSC::DFG::reifyInlinedCallFrames):
+        * interpreter/CallFrame.cpp:
+        (JSC::CallFrame::callSiteBitsAsBytecodeOffset const):
+        (JSC::CallFrame::currentVPC const):
+        (JSC::CallFrame::setCurrentVPC):
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCall):
+        * jit/JITInlines.h:
+        (JSC::JIT::updateTopCallFrame):
+        (JSC::JIT::copiedInstruction):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::privateCompileHasIndexedProperty):
+        * jit/JITOpcodes32_64.cpp:
+        (JSC::JIT::privateCompileHasIndexedProperty):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompileGetByVal):
+        (JSC::JIT::privateCompileGetByValWithCachedId):
+        (JSC::JIT::privateCompilePutByVal):
+        (JSC::JIT::privateCompilePutByValWithCachedId):
+        * jit/SlowPathCall.h:
+        (JSC::JITSlowPathCall::call):
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::llint_trace_operand):
+        (JSC::LLInt::llint_trace_value):
+        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+        (JSC::LLInt::setupGetByIdPrototypeCache): Deleted.
+        (JSC::LLInt::getByVal): Deleted.
+        (JSC::LLInt::handleHostCall): Deleted.
+        (JSC::LLInt::setUpCall): Deleted.
+        (JSC::LLInt::genericCall): Deleted.
+        (JSC::LLInt::varargsSetup): Deleted.
+        (JSC::LLInt::llint_throw_stack_overflow_error): Deleted.
+        (JSC::LLInt::llint_stack_check_at_vm_entry): Deleted.
+        (JSC::LLInt::llint_write_barrier_slow): Deleted.
+        (JSC::LLInt::llint_crash): Deleted.
+        * runtime/SamplingProfiler.cpp:
+        (JSC::tryGetBytecodeIndex):
+
 2018-03-21  Keith Miller  <keith_miller@apple.com>
 

trunk/Source/JavaScriptCore/bytecode/BytecodeKills.h

@@ -53 +53 @@
     bool operandIsKilled(Instruction* instruction, int operand) const
     {
-        return operandIsKilled(instruction - m_codeBlock->instructions().begin(), operand);
+        return operandIsKilled(m_codeBlock->bytecodeOffset(instruction), operand);
     }
     
@@ -69 +69 @@
     void forEachOperandKilledAt(Instruction* pc, const Functor& functor) const
     {
-        forEachOperandKilledAt(pc - m_codeBlock->instructions().begin(), functor);
+        forEachOperandKilledAt(m_codeBlock->bytecodeOffset(pc), functor);
     }
     

trunk/Source/JavaScriptCore/bytecode/CallLinkStatus.cpp

@@ -67 +67 @@
 #endif
 
-    Instruction* instruction = profiledBlock->instructions().begin() + bytecodeIndex;
+    Instruction* instruction = &profiledBlock->instructions()[bytecodeIndex];
     OpcodeID op = Interpreter::getOpcodeID(instruction[0].u.opcode);
     if (op != op_call && op != op_construct && op != op_tail_call)

trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp

@@ -254 +254 @@
     const StubInfoMap& stubInfos, const CallLinkInfoMap& callLinkInfos)
 {
-    const Instruction* it = instructions().begin() + bytecodeOffset;
+    const Instruction* it = &instructions()[bytecodeOffset];
     dumpBytecode(out, instructions().begin(), it, stubInfos, callLinkInfos);
 }
@@ -2875 +2875 @@
 ArithProfile* CodeBlock::arithProfileForBytecodeOffset(int bytecodeOffset)
 {
-    return arithProfileForPC(instructions().begin() + bytecodeOffset);
+    return arithProfileForPC(&instructions()[bytecodeOffset]);
 }
 
@@ -3022 +3022 @@
 #else
         Instruction* instruction = bitwise_cast<Instruction*>(callSiteIndex.bits());
-        bytecodeOffset = instruction - instructions().begin();
+        bytecodeOffset = this->bytecodeOffset(instruction);
 #endif
     } else if (jitType == JITCode::DFGJIT || jitType == JITCode::FTLJIT) {

trunk/Source/JavaScriptCore/bytecode/GetByIdStatus.cpp

@@ -83 +83 @@
     VM& vm = *profiledBlock->vm();
     
-    Instruction* instruction = profiledBlock->instructions().begin() + bytecodeIndex;
+    Instruction* instruction = &profiledBlock->instructions()[bytecodeIndex];
 
     Opcode opcode = instruction[0].u.opcode;

trunk/Source/JavaScriptCore/bytecode/PutByIdStatus.cpp

@@ -73 +73 @@
     VM& vm = *profiledBlock->vm();
     
-    Instruction* instruction = profiledBlock->instructions().begin() + bytecodeIndex;
+    Instruction* instruction = &profiledBlock->instructions()[bytecodeIndex];
 
     StructureID structureID = instruction[4].u.structureID;

trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

@@ -830 +830 @@
         // inlined tail call frames, we use SpecFullTop
         // to avoid a spurious OSR exit.
-        Instruction* instruction = m_inlineStackTop->m_profiledBlock->instructions().begin() + bytecodeIndex;
+        Instruction* instruction = &m_inlineStackTop->m_profiledBlock->instructions()[bytecodeIndex];
         OpcodeID opcodeID = Interpreter::getOpcodeID(instruction->u.opcode);
 

trunk/Source/JavaScriptCore/dfg/DFGOSRExit.cpp

@@ -808 +808 @@
             frame.setOperand(inlineCallFrame->stackOffset + CallFrameSlot::callee, JSValue(inlineCallFrame->calleeConstant()));
 #else // USE(JSVALUE64) // so this is the 32-bit part
-        Instruction* instruction = baselineCodeBlock->instructions().begin() + codeOrigin->bytecodeIndex;
+        Instruction* instruction = &baselineCodeBlock->instructions()[codeOrigin->bytecodeIndex];
         uint32_t locationBits = CallSiteIndex(instruction).bits();
         frame.setOperand<uint32_t>(inlineCallFrame->stackOffset + CallFrameSlot::argumentCount, TagOffset, locationBits);
@@ -822 +822 @@
         uint32_t locationBits = CallSiteIndex(codeOrigin->bytecodeIndex).bits();
 #else
-        Instruction* instruction = outermostBaselineCodeBlock->instructions().begin() + codeOrigin->bytecodeIndex;
+        Instruction* instruction = &outermostBaselineCodeBlock->instructions()[codeOrigin->bytecodeIndex];
         uint32_t locationBits = CallSiteIndex(instruction).bits();
 #endif

trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp

@@ -232 +232 @@
 #else // USE(JSVALUE64) // so this is the 32-bit part
         jit.storePtr(callerFrameGPR, AssemblyHelpers::addressForByteOffset(inlineCallFrame->callerFrameOffset()));
-        Instruction* instruction = baselineCodeBlock->instructions().begin() + codeOrigin->bytecodeIndex;
+        Instruction* instruction = &baselineCodeBlock->instructions()[codeOrigin->bytecodeIndex];
         uint32_t locationBits = CallSiteIndex(instruction).bits();
         jit.store32(AssemblyHelpers::TrustedImm32(locationBits), AssemblyHelpers::tagFor((VirtualRegister)(inlineCallFrame->stackOffset + CallFrameSlot::argumentCount)));
@@ -246 +246 @@
         uint32_t locationBits = CallSiteIndex(codeOrigin->bytecodeIndex).bits();
 #else
-        Instruction* instruction = jit.baselineCodeBlock()->instructions().begin() + codeOrigin->bytecodeIndex;
+        Instruction* instruction = &jit.baselineCodeBlock()->instructions()[codeOrigin->bytecodeIndex];
         uint32_t locationBits = CallSiteIndex(instruction).bits();
 #endif

trunk/Source/JavaScriptCore/interpreter/CallFrame.cpp

@@ -122 +122 @@
     ASSERT(codeBlock());
     ASSERT(callSiteBitsAreBytecodeOffset());
-    return currentVPC() - codeBlock()->instructions().begin();     
+    return codeBlock()->bytecodeOffset(currentVPC());     
 }
 
@@ -129 +129 @@
 {
     ASSERT(callSiteBitsAreBytecodeOffset());
-    return codeBlock()->instructions().begin() + callSiteBitsAsBytecodeOffset();
+    return &codeBlock()->instructions()[callSiteBitsAsBytecodeOffset()];
 }
 
 void CallFrame::setCurrentVPC(Instruction* vpc)
 {
-    CallSiteIndex callSite(vpc - codeBlock()->instructions().begin());
+    CallSiteIndex callSite(codeBlock()->bytecodeOffset(vpc));
     this[CallFrameSlot::argumentCount].tag() = static_cast<int32_t>(callSite.bits());
 }

trunk/Source/JavaScriptCore/jit/JITCall.cpp

@@ -176 +176 @@
     } // SP holds newCallFrame + sizeof(CallerFrameAndPC), with ArgumentCount initialized.
     
-    uint32_t bytecodeOffset = instruction - m_codeBlock->instructions().begin();
+    uint32_t bytecodeOffset = m_codeBlock->bytecodeOffset(instruction);
     uint32_t locationBits = CallSiteIndex(bytecodeOffset).bits();
     store32(TrustedImm32(locationBits), Address(callFrameRegister, CallFrameSlot::argumentCount * static_cast<int>(sizeof(Register)) + TagOffset));

trunk/Source/JavaScriptCore/jit/JITInlines.h

@@ -139 +139 @@
     ASSERT(static_cast<int>(m_bytecodeOffset) >= 0);
 #if USE(JSVALUE32_64)
-    Instruction* instruction = m_codeBlock->instructions().begin() + m_bytecodeOffset; 
+    Instruction* instruction = &m_codeBlock->instructions()[m_bytecodeOffset]; 
     uint32_t locationBits = CallSiteIndex(instruction).bits();
 #else
@@ -741 +741 @@
 inline Instruction* JIT::copiedInstruction(Instruction* inst)
 {
-    ASSERT(inst >= m_codeBlock->instructions().begin() && inst < m_codeBlock->instructions().end());
-    return m_instructions.begin() + (inst - m_codeBlock->instructions().begin());
+    return &m_instructions[m_codeBlock->bytecodeOffset(inst)];
 }
 

trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp

@@ -1064 +1064 @@
 void JIT::privateCompileHasIndexedProperty(ByValInfo* byValInfo, ReturnAddressPtr returnAddress, JITArrayMode arrayMode)
 {
-    Instruction* currentInstruction = m_codeBlock->instructions().begin() + byValInfo->bytecodeIndex;
+    Instruction* currentInstruction = &m_codeBlock->instructions()[byValInfo->bytecodeIndex];
     
     PatchableJump badType;

trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp

@@ -915 +915 @@
 void JIT::privateCompileHasIndexedProperty(ByValInfo* byValInfo, ReturnAddressPtr returnAddress, JITArrayMode arrayMode)
 {
-    Instruction* currentInstruction = m_codeBlock->instructions().begin() + byValInfo->bytecodeIndex;
+    Instruction* currentInstruction = &m_codeBlock->instructions()[byValInfo->bytecodeIndex];
     
     PatchableJump badType;

trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp

@@ -1223 +1223 @@
 void JIT::privateCompileGetByVal(ByValInfo* byValInfo, ReturnAddressPtr returnAddress, JITArrayMode arrayMode)
 {
-    Instruction* currentInstruction = m_codeBlock->instructions().begin() + byValInfo->bytecodeIndex;
+    Instruction* currentInstruction = &m_codeBlock->instructions()[byValInfo->bytecodeIndex];
     
     PatchableJump badType;
@@ -1275 +1275 @@
 void JIT::privateCompileGetByValWithCachedId(ByValInfo* byValInfo, ReturnAddressPtr returnAddress, const Identifier& propertyName)
 {
-    Instruction* currentInstruction = m_codeBlock->instructions().begin() + byValInfo->bytecodeIndex;
+    Instruction* currentInstruction = &m_codeBlock->instructions()[byValInfo->bytecodeIndex];
 
     Jump fastDoneCase;
@@ -1308 +1308 @@
 void JIT::privateCompilePutByVal(ByValInfo* byValInfo, ReturnAddressPtr returnAddress, JITArrayMode arrayMode)
 {
-    Instruction* currentInstruction = m_codeBlock->instructions().begin() + byValInfo->bytecodeIndex;
+    Instruction* currentInstruction = &m_codeBlock->instructions()[byValInfo->bytecodeIndex];
     
     PatchableJump badType;
@@ -1367 +1367 @@
 void JIT::privateCompilePutByValWithCachedId(ByValInfo* byValInfo, ReturnAddressPtr returnAddress, PutKind putKind, const Identifier& propertyName)
 {
-    Instruction* currentInstruction = m_codeBlock->instructions().begin() + byValInfo->bytecodeIndex;
+    Instruction* currentInstruction = &m_codeBlock->instructions()[byValInfo->bytecodeIndex];
 
     JumpList doneCases;

trunk/Source/JavaScriptCore/jit/SlowPathCall.h

@@ -47 +47 @@
 #if ENABLE(OPCODE_SAMPLING)
         if (m_jit->m_bytecodeOffset != std::numeric_limits<unsigned>::max())
-            m_jit->sampleInstruction(m_jit->m_codeBlock->instructions().begin() + m_jit->m_bytecodeOffset, true);
+            m_jit->sampleInstruction(&m_jit->m_codeBlock->instructions()[m_jit->m_bytecodeOffset], true);
 #endif
         m_jit->updateTopCallFrame();
@@ -76 +76 @@
 #if ENABLE(OPCODE_SAMPLING)
         if (m_jit->m_bytecodeOffset != std::numeric_limits<unsigned>::max())
-            m_jit->sampleInstruction(m_jit->m_codeBlock->instructions().begin() + m_jit->m_bytecodeOffset, false);
+            m_jit->sampleInstruction(&m_jit->m_codeBlock->instructions()[m_jit->m_bytecodeOffset], false);
 #endif
         

trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

@@ -197 +197 @@
             exec->codeBlock(),
             exec,
-            static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
+            static_cast<intptr_t>(exec->codeBlock()->bytecodeOffset(pc)),
             Interpreter::getOpcodeID(pc[0].u.opcode),
             fromWhere,
@@ -221 +221 @@
         exec->codeBlock(),
         exec,
-        static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
+        static_cast<intptr_t>(exec->codeBlock()->bytecodeOffset(pc)),
         Interpreter::getOpcodeID(pc[0].u.opcode),
         fromWhere,
@@ -281 +281 @@
             exec->codeBlock(),
             exec,
-            static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
+            static_cast<intptr_t>(exec->codeBlock()->bytecodeOffset(pc)),
             opcodeNames[opcodeID], pc);
     if (opcodeID == op_enter) {
@@ -300 +300 @@
             exec->codeBlock(),
             exec,
-            static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()),
+            static_cast<intptr_t>(exec->codeBlock()->bytecodeOffset(pc)),
             Interpreter::getOpcodeID(pc[0].u.opcode),
             exec->returnPC().value());
@@ -430 +430 @@
     }
     
-    unsigned loopOSREntryBytecodeOffset = pc - codeBlock->instructions().begin();
+    unsigned loopOSREntryBytecodeOffset = codeBlock->bytecodeOffset(pc);
 
     if (!shouldJIT(codeBlock)) {
@@ -440 +440 @@
         LLINT_RETURN_TWO(0, 0);
     
-    CODEBLOCK_LOG_EVENT(codeBlock, "osrEntry", ("at bc#", pc - codeBlock->instructions().begin()));
+    CODEBLOCK_LOG_EVENT(codeBlock, "osrEntry", ("at bc#", loopOSREntryBytecodeOffset));
 
     ASSERT(codeBlock->jitType() == JITCode::BaselineJIT);
@@ -446 +446 @@
     Vector<BytecodeAndMachineOffset> map;
     codeBlock->jitCodeMap()->decode(map);
-    BytecodeAndMachineOffset* mapping = binarySearch<BytecodeAndMachineOffset, unsigned>(map, map.size(), pc - codeBlock->instructions().begin(), BytecodeAndMachineOffset::getBytecodeIndex);
+    BytecodeAndMachineOffset* mapping = binarySearch<BytecodeAndMachineOffset, unsigned>(map, map.size(), loopOSREntryBytecodeOffset, BytecodeAndMachineOffset::getBytecodeIndex);
     ASSERT(mapping);
-    ASSERT(mapping->m_bytecodeIndex == static_cast<unsigned>(pc - codeBlock->instructions().begin()));
+    ASSERT(mapping->m_bytecodeIndex == loopOSREntryBytecodeOffset);
     
     void* jumpTarget = codeBlock->jitCode()->executableAddressAtOffset(mapping->m_machineCodeOffset);
@@ -715 +715 @@
         && ident == vm.propertyNames->length) {
         pc[0].u.opcode = LLInt::getOpcode(op_get_array_length);
-        ArrayProfile* arrayProfile = codeBlock->getOrAddArrayProfile(pc - codeBlock->instructions().begin());
+        ArrayProfile* arrayProfile = codeBlock->getOrAddArrayProfile(codeBlock->bytecodeOffset(pc));
         arrayProfile->observeStructure(baseValue.asCell()->structure());
         pc[4].u.arrayProfile = arrayProfile;

trunk/Source/JavaScriptCore/runtime/SamplingProfiler.cpp

@@ -436 +436 @@
 #else
     Instruction* instruction = bitwise_cast<Instruction*>(llintPC);
-    if (instruction >= codeBlock->instructions().begin() && instruction < codeBlock->instructions().begin() + codeBlock->instructionCount()) {
+    if (instruction >= codeBlock->instructions().begin() && instruction < codeBlock->instructions().end()) {
         isValid = true;
-        unsigned bytecodeIndex = instruction - codeBlock->instructions().begin();
-        return bytecodeIndex;
+        return codeBlock->bytecodeOffset(instruction);
     }
     isValid = false;