Changeset 104330 in webkit
- Timestamp:
- Jan 6, 2012 1:19:54 PM (12 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 3 edited
-
ChangeLog (modified) (1 diff)
-
dfg/DFGSpeculativeJIT32_64.cpp (modified) (1 diff)
-
dfg/DFGSpeculativeJIT64.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r104326 r104330 1 2012-01-06 Oliver Hunt <oliver@apple.com> 2 3 GetByteArrayLength is incorrect 4 https://bugs.webkit.org/show_bug.cgi?id=75735 5 6 Reviewed by Filip Pizlo. 7 8 Load the byte array length from the correct location. 9 This stops an existing test from hanging. 10 11 * dfg/DFGSpeculativeJIT32_64.cpp: 12 (JSC::DFG::SpeculativeJIT::compile): 13 * dfg/DFGSpeculativeJIT64.cpp: 14 (JSC::DFG::SpeculativeJIT::compile): 15 1 16 2012-01-06 Filip Pizlo <fpizlo@apple.com> 2 17 -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
r103792 r104330 3204 3204 3205 3205 m_jit.loadPtr(MacroAssembler::Address(baseGPR, JSByteArray::offsetOfStorage()), resultGPR); 3206 m_jit.load32(MacroAssembler::Address( baseGPR, ByteArray::offsetOfSize()), resultGPR);3206 m_jit.load32(MacroAssembler::Address(resultGPR, ByteArray::offsetOfSize()), resultGPR); 3207 3207 3208 3208 integerResult(resultGPR, m_compileIndex); -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
r103674 r104330 3199 3199 3200 3200 m_jit.loadPtr(MacroAssembler::Address(baseGPR, JSByteArray::offsetOfStorage()), resultGPR); 3201 m_jit.load32(MacroAssembler::Address( baseGPR, ByteArray::offsetOfSize()), resultGPR);3201 m_jit.load32(MacroAssembler::Address(resultGPR, ByteArray::offsetOfSize()), resultGPR); 3202 3202 3203 3203 integerResult(resultGPR, m_compileIndex);
Note: See TracChangeset
for help on using the changeset viewer.
