Changeset 155711 in webkit
- Timestamp:
- Sep 13, 2013 11:03:55 AM (11 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 57 edited
-
ChangeLog (modified) (1 diff)
-
assembler/MacroAssembler.h (modified) (3 diffs)
-
assembler/MacroAssemblerX86_64.h (modified) (1 diff)
-
assembler/X86Assembler.h (modified) (1 diff)
-
bytecode/CodeBlock.cpp (modified) (1 diff)
-
bytecode/CodeBlock.h (modified) (2 diffs)
-
bytecode/CodeOrigin.h (modified) (3 diffs)
-
bytecode/Operands.h (modified) (2 diffs)
-
bytecode/VirtualRegister.h (modified) (1 diff)
-
bytecompiler/BytecodeGenerator.cpp (modified) (9 diffs)
-
bytecompiler/BytecodeGenerator.h (modified) (1 diff)
-
bytecompiler/NodesCodegen.cpp (modified) (1 diff)
-
dfg/DFGByteCodeParser.cpp (modified) (7 diffs)
-
dfg/DFGJITCompiler.cpp (modified) (1 diff)
-
dfg/DFGOSREntry.cpp (modified) (1 diff)
-
dfg/DFGOSRExitCompiler32_64.cpp (modified) (3 diffs)
-
dfg/DFGOSRExitCompiler64.cpp (modified) (1 diff)
-
dfg/DFGOperations.cpp (modified) (8 diffs)
-
dfg/DFGScoreBoard.h (modified) (2 diffs)
-
dfg/DFGSpeculativeJIT.cpp (modified) (4 diffs)
-
dfg/DFGSpeculativeJIT.h (modified) (2 diffs)
-
dfg/DFGSpeculativeJIT32_64.cpp (modified) (4 diffs)
-
dfg/DFGSpeculativeJIT64.cpp (modified) (6 diffs)
-
dfg/DFGValidate.cpp (modified) (1 diff)
-
ftl/FTLLink.cpp (modified) (1 diff)
-
heap/ConservativeRoots.cpp (modified) (1 diff)
-
interpreter/CallFrame.cpp (modified) (1 diff)
-
interpreter/CallFrame.h (modified) (4 diffs)
-
interpreter/Interpreter.cpp (modified) (9 diffs)
-
interpreter/JSStack.cpp (modified) (7 diffs)
-
interpreter/JSStack.h (modified) (7 diffs)
-
interpreter/JSStackInlines.h (modified) (4 diffs)
-
interpreter/StackVisitor.cpp (modified) (2 diffs)
-
jit/JIT.cpp (modified) (1 diff)
-
jit/JITCall.cpp (modified) (3 diffs)
-
jit/JITCall32_64.cpp (modified) (4 diffs)
-
jit/JITOpcodes.cpp (modified) (2 diffs)
-
jit/JITOpcodes32_64.cpp (modified) (1 diff)
-
jit/JITStubs.cpp (modified) (3 diffs)
-
jit/ThunkGenerators.cpp (modified) (5 diffs)
-
llint/LLIntData.cpp (modified) (1 diff)
-
llint/LLIntSlowPaths.cpp (modified) (6 diffs)
-
llint/LowLevelInterpreter.asm (modified) (4 diffs)
-
llint/LowLevelInterpreter32_64.asm (modified) (8 diffs)
-
llint/LowLevelInterpreter64.asm (modified) (8 diffs)
-
runtime/ArgList.cpp (modified) (2 diffs)
-
runtime/ArgList.h (modified) (4 diffs)
-
runtime/Arguments.cpp (modified) (2 diffs)
-
runtime/ArrayConstructor.cpp (modified) (1 diff)
-
runtime/CommonSlowPaths.cpp (modified) (1 diff)
-
runtime/JSActivation.h (modified) (3 diffs)
-
runtime/JSArray.h (modified) (1 diff)
-
runtime/JSGlobalObject.cpp (modified) (1 diff)
-
runtime/JSGlobalObject.h (modified) (2 diffs)
-
runtime/JSString.h (modified) (1 diff)
-
runtime/Operations.h (modified) (2 diffs)
-
runtime/SymbolTable.h (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r155705 r155711 1 2013-09-12 Michael Saboff <msaboff@apple.com> 2 3 fourthTier: Change JSStack to grow from high to low addresses 4 https://bugs.webkit.org/show_bug.cgi?id=118758 5 6 Reviewed by Oliver Hunt. 7 8 Changed the JSC stack to grow down. Effectively the JSC stack frame is flipped from 9 what it was. See JSStack.h for the new offsets. Changed JSStack begin() and end() 10 to be getBaseOfStack() and getLimitOfStack(). Most of the changes are address or offset 11 calculation changes. Decoupled a local register ordinal (loop variable or array index) 12 from the offset into the callFrame using localToOperand() and the inverse operandToLocal(). 13 14 * assembler/MacroAssembler.h: 15 (JSC::MacroAssembler::trustedImm32ForShift): 16 (JSC::MacroAssembler::lshiftPtr): Added to create scaled addresses with a negative index 17 * assembler/MacroAssemblerX86_64.h: 18 (JSC::MacroAssemblerX86_64::lshift64): Added to create scaled addresses with a negative index 19 * assembler/X86Assembler.h: 20 (JSC::X86Assembler::shlq_i8r): Added to create scaled addresses with a negative index 21 * bytecode/CodeBlock.cpp: 22 (JSC::CodeBlock::dumpBytecode): 23 * bytecode/CodeBlock.h: 24 (JSC::unmodifiedArgumentsRegister): 25 (JSC::CodeBlock::isCaptured): 26 * bytecode/CodeOrigin.h: 27 (JSC::CodeOrigin::stackOffset): 28 * bytecode/Operands.h: 29 (JSC::localToOperand): 30 (JSC::operandIsLocal): 31 (JSC::operandToLocal): 32 (JSC::operandIsArgument): 33 (JSC::operandToArgument): 34 (JSC::argumentToOperand): 35 * bytecode/VirtualRegister.h: Made InvalidVirtualRegister a positive value that fits in 36 31 bits since it can be placed into the 31 bit field "stackOffset" in struct InlineCallFrame. 37 * bytecompiler/BytecodeGenerator.cpp: 38 (JSC::BytecodeGenerator::addVar): 39 (JSC::BytecodeGenerator::BytecodeGenerator): 40 (JSC::BytecodeGenerator::createLazyRegisterIfNecessary): 41 (JSC::BytecodeGenerator::newRegister): 42 (JSC::BytecodeGenerator::emitNewArray): 43 * bytecompiler/BytecodeGenerator.h: 44 (JSC::CallArguments::registerOffset): 45 * bytecompiler/NodesCodegen.cpp: 46 (JSC::CallArguments::CallArguments): 47 * dfg/DFGByteCodeParser.cpp: 48 (JSC::DFG::ByteCodeParser::findArgumentPositionForLocal): 49 (JSC::DFG::ByteCodeParser::addCall): 50 (JSC::DFG::ByteCodeParser::handleCall): 51 (JSC::DFG::ByteCodeParser::handleInlining): 52 (JSC::DFG::ByteCodeParser::parseBlock): 53 (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): 54 * dfg/DFGJITCompiler.cpp: 55 (JSC::DFG::JITCompiler::compileFunction): 56 * dfg/DFGOSREntry.cpp: 57 (JSC::DFG::prepareOSREntry): 58 * dfg/DFGOSRExitCompiler32_64.cpp: 59 (JSC::DFG::OSRExitCompiler::compileExit): 60 * dfg/DFGOSRExitCompiler64.cpp: 61 (JSC::DFG::OSRExitCompiler::compileExit): 62 * dfg/DFGOperations.cpp: 63 * dfg/DFGScoreBoard.h: 64 (JSC::DFG::ScoreBoard::allocate): 65 * dfg/DFGSpeculativeJIT.cpp: 66 (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments): 67 * dfg/DFGSpeculativeJIT.h: 68 (JSC::DFG::SpeculativeJIT::callFrameSlot): 69 (JSC::DFG::SpeculativeJIT::argumentSlot): 70 (JSC::DFG::SpeculativeJIT::callFrameTagSlot): 71 (JSC::DFG::SpeculativeJIT::callFramePayloadSlot): 72 (JSC::DFG::SpeculativeJIT::argumentTagSlot): 73 (JSC::DFG::SpeculativeJIT::argumentPayloadSlot): 74 * dfg/DFGSpeculativeJIT32_64.cpp: 75 (JSC::DFG::SpeculativeJIT::emitCall): 76 (JSC::DFG::SpeculativeJIT::compile): 77 * dfg/DFGSpeculativeJIT64.cpp: 78 (JSC::DFG::SpeculativeJIT::emitCall): 79 (JSC::DFG::SpeculativeJIT::compile): 80 * dfg/DFGValidate.cpp: 81 (JSC::DFG::Validate::reportValidationContext): 82 * ftl/FTLLink.cpp: 83 (JSC::FTL::link): 84 * heap/ConservativeRoots.cpp: 85 (JSC::ConservativeRoots::genericAddSpan): 86 * interpreter/CallFrame.cpp: 87 (JSC::CallFrame::frameExtentInternal): 88 * interpreter/CallFrame.h: 89 (JSC::ExecState::init): 90 (JSC::ExecState::argumentOffset): 91 (JSC::ExecState::argumentOffsetIncludingThis): 92 (JSC::ExecState::argIndexForRegister): 93 * interpreter/Interpreter.cpp: 94 (JSC::loadVarargs): 95 (JSC::Interpreter::dumpRegisters): 96 * interpreter/JSStack.cpp: 97 (JSC::JSStack::JSStack): 98 (JSC::JSStack::~JSStack): 99 (JSC::JSStack::growSlowCase): 100 (JSC::JSStack::gatherConservativeRoots): 101 (JSC::JSStack::releaseExcessCapacity): 102 (JSC::JSStack::disableErrorStackReserve): 103 * interpreter/JSStack.h: 104 (JSC::JSStack::getBaseOfStack): 105 (JSC::JSStack::getLimitOfStack): 106 (JSC::JSStack::size): 107 (JSC::JSStack::end): 108 (JSC::JSStack::containsAddress): 109 (JSC::JSStack::lowAddress): 110 (JSC::JSStack::highAddress): 111 (JSC::JSStack::reservationEnd): 112 (JSC::JSStack::shrink): 113 (JSC::JSStack::grow): 114 * interpreter/JSStackInlines.h: 115 (JSC::JSStack::getTopOfFrame): 116 (JSC::JSStack::pushFrame): 117 (JSC::JSStack::popFrame): 118 (JSC::JSStack::installTrapsAfterFrame): 119 * interpreter/StackVisitor.cpp: 120 (JSC::inlinedFrameOffset): 121 (JSC::StackVisitor::readInlinedFrame): 122 * jit/JIT.cpp: 123 (JSC::JIT::privateCompile): 124 * jit/JITCall.cpp: 125 (JSC::JIT::compileLoadVarargs): 126 (JSC::JIT::compileOpCall): 127 * jit/JITCall32_64.cpp: 128 (JSC::JIT::compileLoadVarargs): 129 (JSC::JIT::compileOpCall): 130 * jit/JITOpcodes.cpp: 131 (JSC::JIT::emit_op_create_activation): 132 (JSC::JIT::emit_op_get_argument_by_val): 133 * jit/JITOpcodes32_64.cpp: 134 (JSC::JIT::emit_op_get_argument_by_val): 135 * jit/JITStubs.cpp: 136 (JSC::throwExceptionFromOpCall): 137 (JSC::DEFINE_STUB_FUNCTION): 138 * jit/ThunkGenerators.cpp: 139 (JSC::arityFixup): 140 * llint/LLIntData.cpp: 141 (JSC::LLInt::Data::performAssertions): 142 * llint/LLIntSlowPaths.cpp: 143 (JSC::LLInt::LLINT_SLOW_PATH_DECL): 144 (JSC::LLInt::genericCall): 145 * llint/LowLevelInterpreter.asm: 146 * llint/LowLevelInterpreter32_64.asm: 147 * llint/LowLevelInterpreter64.asm: 148 * runtime/ArgList.cpp: 149 (JSC::ArgList::getSlice): 150 (JSC::MarkedArgumentBuffer::slowAppend): 151 * runtime/ArgList.h: 152 (JSC::MarkedArgumentBuffer::MarkedArgumentBuffer): 153 (JSC::MarkedArgumentBuffer::slotFor): 154 (JSC::MarkedArgumentBuffer::mallocBase): 155 (JSC::ArgList::at): 156 * runtime/Arguments.cpp: 157 (JSC::Arguments::tearOff): 158 * runtime/ArrayConstructor.cpp: 159 (JSC::constructArrayWithSizeQuirk): 160 * runtime/CommonSlowPaths.cpp: 161 (JSC::SLOW_PATH_DECL): 162 * runtime/JSActivation.h: 163 (JSC::JSActivation::registersOffset): 164 (JSC::JSActivation::tearOff): 165 (JSC::JSActivation::isValidIndex): 166 * runtime/JSArray.h: 167 (JSC::constructArrayNegativeIndexed): New method to create an array from registers that grow down. 168 * runtime/JSGlobalObject.cpp: 169 (JSC::JSGlobalObject::globalExec): 170 * runtime/JSGlobalObject.h: 171 (JSC::constructArrayNegativeIndexed): 172 * runtime/JSString.h: 173 * runtime/Operations.h: 174 (JSC::jsStringFromRegisterArray): 175 * runtime/SymbolTable.h: 176 (JSC::SharedSymbolTable::captureCount): 177 1 178 2013-09-13 Csaba Osztrogonác <ossy@webkit.org> 2 179 -
trunk/Source/JavaScriptCore/assembler/MacroAssembler.h
r153264 r155711 209 209 #endif 210 210 211 // Immediate shifts only have 5 controllable bits 212 // so we'll consider them safe for now. 213 TrustedImm32 trustedImm32ForShift(Imm32 imm) 214 { 215 return TrustedImm32(imm.asTrustedImm32().m_value & 31); 216 } 217 211 218 // Backwards banches, these are currently all implemented using existing forwards branch mechanisms. 212 219 void branchPtr(RelationalCondition cond, RegisterID op1, TrustedImmPtr imm, Label target) … … 630 637 } 631 638 639 void lshiftPtr(Imm32 imm, RegisterID srcDest) 640 { 641 lshift64(trustedImm32ForShift(imm), srcDest); 642 } 643 632 644 void negPtr(RegisterID dest) 633 645 { … … 1412 1424 } 1413 1425 1414 // Immediate shifts only have 5 controllable bits1415 // so we'll consider them safe for now.1416 TrustedImm32 trustedImm32ForShift(Imm32 imm)1417 {1418 return TrustedImm32(imm.asTrustedImm32().m_value & 31);1419 }1420 1421 1426 void lshift32(Imm32 imm, RegisterID dest) 1422 1427 { -
trunk/Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h
r154158 r155711 226 226 } 227 227 228 void lshift64(TrustedImm32 imm, RegisterID dest) 229 { 230 m_assembler.shlq_i8r(imm.m_value, dest); 231 } 232 228 233 void neg64(RegisterID dest) 229 234 { -
trunk/Source/JavaScriptCore/assembler/X86Assembler.h
r154161 r155711 820 820 } 821 821 } 822 823 void shlq_i8r(int imm, RegisterID dst) 824 { 825 if (imm == 1) 826 m_formatter.oneByteOp64(OP_GROUP2_Ev1, GROUP2_OP_SHL, dst); 827 else { 828 m_formatter.oneByteOp64(OP_GROUP2_EvIb, GROUP2_OP_SHL, dst); 829 m_formatter.immediate8(imm); 830 } 831 } 822 832 #endif 823 833 -
trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp
r155415 r155711 508 508 out.printf( 509 509 "; %d captured var(s) (from r%d to r%d, inclusive)", 510 symbolTable()->captureCount(), symbolTable()->captureStart(), symbolTable()->captureEnd() -1);510 symbolTable()->captureCount(), symbolTable()->captureStart(), symbolTable()->captureEnd() + 1); 511 511 } 512 512 if (usesArguments()) { -
trunk/Source/JavaScriptCore/bytecode/CodeBlock.h
r155420 r155711 87 87 class RepatchBuffer; 88 88 89 inline int unmodifiedArgumentsRegister(int argumentsRegister) { return argumentsRegister -1; }89 inline int unmodifiedArgumentsRegister(int argumentsRegister) { return argumentsRegister + 1; } 90 90 91 91 static ALWAYS_INLINE int missingThisObjectMarker() { return std::numeric_limits<int>::max(); } … … 387 387 return false; 388 388 389 return operand >= symbolTable()->captureStart()390 && operand <symbolTable()->captureEnd();389 return operand <= symbolTable()->captureStart() 390 && operand > symbolTable()->captureEnd(); 391 391 } 392 392 -
trunk/Source/JavaScriptCore/bytecode/CodeOrigin.h
r155418 r155711 77 77 ScriptExecutable* codeOriginOwner() const; 78 78 79 unsignedstackOffset() const;79 int stackOffset() const; 80 80 81 81 static unsigned inlineDepthForCallFrame(InlineCallFrame*); … … 98 98 CodeOrigin caller; 99 99 BitVector capturedVars; // Indexed by the machine call frame's variable numbering. 100 signed intstackOffset : 31;100 signed stackOffset : 31; 101 101 bool isCall : 1; 102 102 … … 120 120 }; 121 121 122 inline unsignedCodeOrigin::stackOffset() const122 inline int CodeOrigin::stackOffset() const 123 123 { 124 124 if (!inlineCallFrame) -
trunk/Source/JavaScriptCore/bytecode/Operands.h
r155415 r155711 29 29 #include "CallFrame.h" 30 30 #include "JSObject.h" 31 #include "VirtualRegister.h"32 31 #include <wtf/PrintStream.h> 33 32 #include <wtf/Vector.h> … … 35 34 namespace JSC { 36 35 37 inline VirtualRegister localToOperand(int local) { return (VirtualRegister)local; }38 inline bool operandIsLocal(int operand) { return operand >= 0; }39 inline int operandToLocal(int operand) { return operand; }36 inline int localToOperand(int local) { return -local; } 37 inline bool operandIsLocal(int operand) { return operand <= 0; } 38 inline int operandToLocal(int operand) { return -operand; } 40 39 41 40 // argument 0 is 'this'. 42 inline bool operandIsArgument(int operand) { return operand <0; }43 inline int operandToArgument(int operand) { return -operand +CallFrame::thisArgumentOffset(); }44 inline int argumentToOperand(int argument) { return -argument + CallFrame::thisArgumentOffset(); }41 inline bool operandIsArgument(int operand) { return operand > 0; } 42 inline int operandToArgument(int operand) { return operand - CallFrame::thisArgumentOffset(); } 43 inline int argumentToOperand(int argument) { return argument + CallFrame::thisArgumentOffset(); } 45 44 46 45 template<typename T> struct OperandValueTraits; -
trunk/Source/JavaScriptCore/bytecode/VirtualRegister.h
r155420 r155711 34 34 // Type for a virtual register number (spill location). 35 35 // Using an enum to make this type-checked at compile time, to avert programmer errors. 36 enum VirtualRegister { InvalidVirtualRegister = 0x 7fffffff };36 enum VirtualRegister { InvalidVirtualRegister = 0x3fffffff }; 37 37 COMPILE_ASSERT(sizeof(VirtualRegister) == sizeof(int), VirtualRegister_is_32bit); 38 38 -
trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
r155657 r155711 117 117 { 118 118 ConcurrentJITLocker locker(symbolTable().m_lock); 119 int index = m_calleeRegisters.size();119 int index = localToOperand(m_calleeRegisters.size()); 120 120 SymbolTableEntry newEntry(index, isConstant ? ReadOnly : 0); 121 121 SymbolTable::Map::AddResult result = symbolTable().add(locker, ident.impl(), newEntry); … … 224 224 } 225 225 226 m_symbolTable->setCaptureStart( m_codeBlock->m_numVars);226 m_symbolTable->setCaptureStart(localToOperand(m_codeBlock->m_numVars)); 227 227 228 228 if (functionBody->usesArguments() || codeBlock->usesEval()) { // May reify arguments object. … … 311 311 } 312 312 313 m_symbolTable->setCaptureEnd( codeBlock->m_numVars);313 m_symbolTable->setCaptureEnd(localToOperand(codeBlock->m_numVars)); 314 314 315 315 m_firstLazyFunction = codeBlock->m_numVars; … … 326 326 else { 327 327 emitInitLazyRegister(reg.get()); 328 m_lazyFunctions.set( reg->index(), function);328 m_lazyFunctions.set(localToOperand(reg->index()), function); 329 329 } 330 330 } … … 338 338 339 339 if (shouldCaptureAllTheThings) 340 m_symbolTable->setCaptureEnd( codeBlock->m_numVars);340 m_symbolTable->setCaptureEnd(localToOperand(codeBlock->m_numVars)); 341 341 342 342 FunctionParameters& parameters = *functionBody->parameters(); … … 345 345 // Add "this" as a parameter 346 346 int nextParameterIndex = CallFrame::thisArgumentOffset(); 347 m_thisRegister.setIndex(nextParameterIndex --);347 m_thisRegister.setIndex(nextParameterIndex++); 348 348 m_codeBlock->addParameter(); 349 349 350 for (size_t i = 0; i < parameters.size(); ++i, --nextParameterIndex) {350 for (size_t i = 0; i < parameters.size(); ++i, ++nextParameterIndex) { 351 351 int index = nextParameterIndex; 352 352 if (capturedArguments.size() && capturedArguments[i]) { … … 506 506 RegisterID* BytecodeGenerator::createLazyRegisterIfNecessary(RegisterID* reg) 507 507 { 508 if (m_lastLazyFunction <= reg->index() || reg->index() < m_firstLazyFunction) 508 int localVariableNumber = operandToLocal(reg->index()); 509 510 if (m_lastLazyFunction <= localVariableNumber || localVariableNumber < m_firstLazyFunction) 509 511 return reg; 510 emitLazyNewFunction(reg, m_lazyFunctions.get( reg->index()));512 emitLazyNewFunction(reg, m_lazyFunctions.get(localVariableNumber)); 511 513 return reg; 512 514 } … … 514 516 RegisterID* BytecodeGenerator::newRegister() 515 517 { 516 m_calleeRegisters.append( m_calleeRegisters.size());518 m_calleeRegisters.append(localToOperand(m_calleeRegisters.size())); 517 519 m_codeBlock->m_numCalleeRegisters = max<int>(m_codeBlock->m_numCalleeRegisters, m_calleeRegisters.size()); 518 520 return &m_calleeRegisters.last(); … … 1485 1487 argv.append(newTemporary()); 1486 1488 // op_new_array requires the initial values to be a sequential range of registers 1487 ASSERT(argv.size() == 1 || argv[argv.size() - 1]->index() == argv[argv.size() - 2]->index() +1);1489 ASSERT(argv.size() == 1 || argv[argv.size() - 1]->index() == argv[argv.size() - 2]->index() - 1); 1488 1490 emitNode(argv.last().get(), n->value()); 1489 1491 } -
trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
r155415 r155711 67 67 RegisterID* thisRegister() { return m_argv[0].get(); } 68 68 RegisterID* argumentRegister(unsigned i) { return m_argv[i + 1].get(); } 69 unsigned registerOffset() { return m_argv.last()->index() + CallFrame::offsetFor(argumentCountIncludingThis()); }69 unsigned registerOffset() { return -m_argv.last()->index() + CallFrame::offsetFor(argumentCountIncludingThis()); } 70 70 unsigned argumentCountIncludingThis() { return m_argv.size(); } 71 71 RegisterID* profileHookRegister() { return m_profileHookRegister.get(); } -
trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
r153477 r155711 394 394 for (int i = argumentCountIncludingThis - 1; i >= 0; --i) { 395 395 m_argv[i] = generator.newTemporary(); 396 ASSERT(static_cast<size_t>(i) == m_argv.size() - 1 || m_argv[i]->index() == m_argv[i + 1]->index() +1);396 ASSERT(static_cast<size_t>(i) == m_argv.size() - 1 || m_argv[i]->index() == m_argv[i + 1]->index() - 1); 397 397 } 398 398 } -
trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
r155418 r155711 390 390 if (!inlineCallFrame) 391 391 break; 392 if (operand >= static_cast<int>(inlineCallFrame->stackOffset -JSStack::CallFrameHeaderSize))392 if (operand <= static_cast<int>(inlineCallFrame->stackOffset + JSStack::CallFrameHeaderSize)) 393 393 continue; 394 394 if (operand == inlineCallFrame->stackOffset + CallFrame::thisArgumentOffset()) 395 395 continue; 396 if (operand < static_cast<int>(inlineCallFrame->stackOffset - JSStack::CallFrameHeaderSize -inlineCallFrame->arguments.size()))396 if (operand > static_cast<int>(inlineCallFrame->stackOffset + JSStack::CallFrameHeaderSize + inlineCallFrame->arguments.size())) 397 397 continue; 398 398 int argument = operandToArgument(operand - inlineCallFrame->stackOffset); … … 774 774 m_parameterSlots = JSStack::CallFrameHeaderSize + argCount; 775 775 776 int registerOffset = currentInstruction[4].u.operand;776 int registerOffset = -currentInstruction[4].u.operand; 777 777 int dummyThisArgument = op == Call ? 0 : 1; 778 778 for (int i = 0 + dummyThisArgument; i < argCount; ++i) … … 1159 1159 1160 1160 int argumentCountIncludingThis = currentInstruction[3].u.operand; 1161 int registerOffset = currentInstruction[4].u.operand;1161 int registerOffset = -currentInstruction[4].u.operand; 1162 1162 1163 1163 int resultOperand = currentInstruction[1].u.operand; … … 1284 1284 // FIXME: Don't flush constants! 1285 1285 1286 int inlineCallFrameStart = m_inlineStackTop->remapOperand(registerOffset) -JSStack::CallFrameHeaderSize;1286 int inlineCallFrameStart = m_inlineStackTop->remapOperand(registerOffset) + JSStack::CallFrameHeaderSize; 1287 1287 1288 1288 // Make sure that the area used by the call frame is reserved. … … 1958 1958 int numOperands = currentInstruction[3].u.operand; 1959 1959 ArrayAllocationProfile* profile = currentInstruction[4].u.arrayAllocationProfile; 1960 for (int operandIdx = startOperand; operandIdx < startOperand + numOperands; ++operandIdx)1960 for (int operandIdx = startOperand; operandIdx > startOperand - numOperands; --operandIdx) 1961 1961 addVarArgChild(get(operandIdx)); 1962 1962 set(currentInstruction[1].u.operand, addToGraph(Node::VarArg, NewArray, OpInfo(profile->selectIndexingType()), OpInfo(0))); … … 2238 2238 OwnArrayPtr<Node*> toStringNodes = adoptArrayPtr(new Node*[numOperands]); 2239 2239 for (int i = 0; i < numOperands; i++) 2240 toStringNodes[i] = addToGraph(ToString, get(startOperand +i));2240 toStringNodes[i] = addToGraph(ToString, get(startOperand - i)); 2241 2241 2242 2242 for (int i = 0; i < numOperands; i++) … … 3370 3370 byteCodeParser->m_codeBlock->ownerExecutable(), 3371 3371 codeBlock->ownerExecutable()); 3372 inlineCallFrame.stackOffset = inlineCallFrameStart +JSStack::CallFrameHeaderSize;3372 inlineCallFrame.stackOffset = inlineCallFrameStart - JSStack::CallFrameHeaderSize; 3373 3373 if (callee) { 3374 3374 initializeLazyWriteBarrierForInlineCallFrameCallee( -
trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp
r153540 r155711 372 372 // Plant a check that sufficient space is available in the JSStack. 373 373 // FIXME: https://bugs.webkit.org/show_bug.cgi?id=56291 374 addPtr(TrustedImm32( m_codeBlock->m_numCalleeRegisters * sizeof(Register)), GPRInfo::callFrameRegister, GPRInfo::regT1);375 Jump stackCheck = branchPtr( Below, AbsoluteAddress(m_vm->interpreter->stack().addressOfEnd()), GPRInfo::regT1);374 addPtr(TrustedImm32(-m_codeBlock->m_numCalleeRegisters * sizeof(Register)), GPRInfo::callFrameRegister, GPRInfo::regT1); 375 Jump stackCheck = branchPtr(Above, AbsoluteAddress(m_vm->interpreter->stack().addressOfEnd()), GPRInfo::regT1); 376 376 // Return here after stack check. 377 377 Label fromStackCheck = label(); -
trunk/Source/JavaScriptCore/dfg/DFGOSREntry.cpp
r155415 r155711 168 168 // would have otherwise just kept running albeit less quickly. 169 169 170 if (!vm->interpreter->stack().grow(&exec->registers()[ codeBlock->m_numCalleeRegisters])) {170 if (!vm->interpreter->stack().grow(&exec->registers()[localToOperand(codeBlock->m_numCalleeRegisters)])) { 171 171 if (Options::verboseOSR()) 172 172 dataLogF(" OSR failed because stack growth failed.\n"); -
trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler32_64.cpp
r155415 r155711 546 546 case UnboxedBooleanInGPR: { 547 547 m_jit.load32(reinterpret_cast<char*>(scratchDataBuffer + poisonIndex(virtualRegister)) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload), GPRInfo::regT0); 548 m_jit.store32(GPRInfo::regT0, AssemblyHelpers::payloadFor( localToOperand(virtualRegister)));548 m_jit.store32(GPRInfo::regT0, AssemblyHelpers::payloadFor((VirtualRegister)localToOperand(virtualRegister))); 549 549 uint32_t tag = JSValue::EmptyValueTag; 550 550 if (recovery.technique() == InGPR) … … 554 554 else 555 555 tag = JSValue::BooleanTag; 556 m_jit.store32(AssemblyHelpers::TrustedImm32(tag), AssemblyHelpers::tagFor( localToOperand(virtualRegister)));556 m_jit.store32(AssemblyHelpers::TrustedImm32(tag), AssemblyHelpers::tagFor((VirtualRegister)localToOperand(virtualRegister))); 557 557 break; 558 558 } … … 563 563 m_jit.load32(reinterpret_cast<char*>(scratchDataBuffer + poisonIndex(virtualRegister)) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload), GPRInfo::regT0); 564 564 m_jit.load32(reinterpret_cast<char*>(scratchDataBuffer + poisonIndex(virtualRegister)) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag), GPRInfo::regT1); 565 m_jit.store32(GPRInfo::regT0, AssemblyHelpers::payloadFor( localToOperand(virtualRegister)));566 m_jit.store32(GPRInfo::regT1, AssemblyHelpers::tagFor( localToOperand(virtualRegister)));565 m_jit.store32(GPRInfo::regT0, AssemblyHelpers::payloadFor((VirtualRegister)localToOperand(virtualRegister))); 566 m_jit.store32(GPRInfo::regT1, AssemblyHelpers::tagFor((VirtualRegister)localToOperand(virtualRegister))); 567 567 break; 568 568 -
trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompiler64.cpp
r155415 r155711 532 532 case InFPR: 533 533 m_jit.load64(scratchDataBuffer + poisonIndex(virtualRegister), GPRInfo::regT0); 534 m_jit.store64(GPRInfo::regT0, AssemblyHelpers::addressFor( localToOperand(virtualRegister)));534 m_jit.store64(GPRInfo::regT0, AssemblyHelpers::addressFor((VirtualRegister)localToOperand(virtualRegister))); 535 535 break; 536 536 -
trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp
r155457 r155711 1415 1415 NativeCallFrameTracer tracer(vm, exec); 1416 1416 1417 return bitwise_cast<char*>(constructArray (exec, arrayStructure, static_cast<JSValue*>(buffer), size));1417 return bitwise_cast<char*>(constructArrayNegativeIndexed(exec, arrayStructure, static_cast<JSValue*>(buffer), size)); 1418 1418 } 1419 1419 … … 1441 1441 VM& vm = exec->vm(); 1442 1442 NativeCallFrameTracer tracer(&vm, exec); 1443 return bitwise_cast<char*>(constructArray (exec, arrayStructure, exec->codeBlock()->constantBuffer(start), size));1443 return bitwise_cast<char*>(constructArrayNegativeIndexed(exec, arrayStructure, exec->codeBlock()->constantBuffer(start), size)); 1444 1444 } 1445 1445 … … 2259 2259 HIDE_SYMBOL(getHostCallReturnValue) "\n" 2260 2260 SYMBOL_STRING(getHostCallReturnValue) ":" "\n" 2261 "mov -40(%r13), %r13\n"2261 "mov 40(%r13), %r13\n" 2262 2262 "mov %r13, %rdi\n" 2263 2263 "jmp " LOCAL_REFERENCE(getHostCallReturnValueWithExecState) "\n" … … 2269 2269 HIDE_SYMBOL(getHostCallReturnValue) "\n" 2270 2270 SYMBOL_STRING(getHostCallReturnValue) ":" "\n" 2271 "mov -40(%edi), %edi\n"2271 "mov 40(%edi), %edi\n" 2272 2272 "mov %edi, 4(%esp)\n" 2273 2273 "jmp " LOCAL_REFERENCE(getHostCallReturnValueWithExecState) "\n" … … 2282 2282 ".thumb_func " THUMB_FUNC_PARAM(getHostCallReturnValue) "\n" 2283 2283 SYMBOL_STRING(getHostCallReturnValue) ":" "\n" 2284 "ldr r5, [r5, # -40]" "\n"2284 "ldr r5, [r5, #40]" "\n" 2285 2285 "mov r0, r5" "\n" 2286 2286 "b " LOCAL_REFERENCE(getHostCallReturnValueWithExecState) "\n" … … 2293 2293 INLINE_ARM_FUNCTION(getHostCallReturnValue) 2294 2294 SYMBOL_STRING(getHostCallReturnValue) ":" "\n" 2295 "ldr r5, [r5, # -40]" "\n"2295 "ldr r5, [r5, #40]" "\n" 2296 2296 "mov r0, r5" "\n" 2297 2297 "b " LOCAL_REFERENCE(getHostCallReturnValueWithExecState) "\n" … … 2304 2304 SYMBOL_STRING(getHostCallReturnValue) ":" "\n" 2305 2305 LOAD_FUNCTION_TO_T9(getHostCallReturnValueWithExecState) 2306 "lw $s0, -40($s0)" "\n"2306 "lw $s0, 40($s0)" "\n" 2307 2307 "move $a0, $s0" "\n" 2308 2308 "b " LOCAL_REFERENCE(getHostCallReturnValueWithExecState) "\n" … … 2314 2314 HIDE_SYMBOL(getHostCallReturnValue) "\n" 2315 2315 SYMBOL_STRING(getHostCallReturnValue) ":" "\n" 2316 "add # -40, r14" "\n"2316 "add #40, r14" "\n" 2317 2317 "mov.l @r14, r14" "\n" 2318 2318 "mov r14, r4" "\n" -
trunk/Source/JavaScriptCore/dfg/DFGScoreBoard.h
r155415 r155711 90 90 ASSERT(!m_used[index]); 91 91 m_highWatermark = std::max(m_highWatermark, static_cast<unsigned>(index) + 1); 92 return localToOperand(index);92 return (VirtualRegister)localToOperand(index); 93 93 } 94 94 … … 97 97 m_used.append(0); 98 98 m_highWatermark = std::max(m_highWatermark, static_cast<unsigned>(next) + 1); 99 return localToOperand(next);99 return (VirtualRegister)localToOperand(next); 100 100 } 101 101 -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
r155662 r155711 4033 4033 4034 4034 m_jit.move(propertyReg, resultReg); 4035 m_jit.neg32(resultReg);4036 4035 m_jit.signExtend32ToPtr(resultReg, resultReg); 4037 4036 m_jit.loadPtr( … … 4043 4042 MacroAssembler::BaseIndex( 4044 4043 scratchReg, resultReg, MacroAssembler::TimesEight, 4045 CallFrame::thisArgumentOffset() * sizeof(Register) -sizeof(Register) +4044 CallFrame::thisArgumentOffset() * sizeof(Register) + sizeof(Register) + 4046 4045 OBJECT_OFFSETOF(JSValue, u.asBits.tag)), 4047 4046 resultTagReg); … … 4049 4048 MacroAssembler::BaseIndex( 4050 4049 scratchReg, resultReg, MacroAssembler::TimesEight, 4051 CallFrame::thisArgumentOffset() * sizeof(Register) -sizeof(Register) +4050 CallFrame::thisArgumentOffset() * sizeof(Register) + sizeof(Register) + 4052 4051 OBJECT_OFFSETOF(JSValue, u.asBits.payload)), 4053 4052 resultReg); … … 4057 4056 MacroAssembler::BaseIndex( 4058 4057 scratchReg, resultReg, MacroAssembler::TimesEight, 4059 CallFrame::thisArgumentOffset() * sizeof(Register) -sizeof(Register)),4058 CallFrame::thisArgumentOffset() * sizeof(Register) + sizeof(Register)), 4060 4059 resultReg); 4061 4060 jsValueResult(resultReg, node); -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
r155675 r155711 751 751 MacroAssembler::Address callFrameSlot(int slot) 752 752 { 753 return MacroAssembler::Address(GPRInfo::callFrameRegister, ( m_jit.codeBlock()->m_numCalleeRegisters + slot) * static_cast<int>(sizeof(Register)));753 return MacroAssembler::Address(GPRInfo::callFrameRegister, (-m_jit.codeBlock()->m_numCalleeRegisters + slot) * static_cast<int>(sizeof(Register))); 754 754 } 755 755 … … 757 757 MacroAssembler::Address argumentSlot(int argument) 758 758 { 759 return MacroAssembler::Address(GPRInfo::callFrameRegister, ( m_jit.codeBlock()->m_numCalleeRegisters + argumentToOperand(argument)) * static_cast<int>(sizeof(Register)));759 return MacroAssembler::Address(GPRInfo::callFrameRegister, (-m_jit.codeBlock()->m_numCalleeRegisters + argumentToOperand(argument)) * static_cast<int>(sizeof(Register))); 760 760 } 761 761 762 762 MacroAssembler::Address callFrameTagSlot(int slot) 763 763 { 764 return MacroAssembler::Address(GPRInfo::callFrameRegister, ( m_jit.codeBlock()->m_numCalleeRegisters + slot) * static_cast<int>(sizeof(Register)) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag));764 return MacroAssembler::Address(GPRInfo::callFrameRegister, (-m_jit.codeBlock()->m_numCalleeRegisters + slot) * static_cast<int>(sizeof(Register)) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)); 765 765 } 766 766 767 767 MacroAssembler::Address callFramePayloadSlot(int slot) 768 768 { 769 return MacroAssembler::Address(GPRInfo::callFrameRegister, ( m_jit.codeBlock()->m_numCalleeRegisters + slot) * static_cast<int>(sizeof(Register)) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload));769 return MacroAssembler::Address(GPRInfo::callFrameRegister, (-m_jit.codeBlock()->m_numCalleeRegisters + slot) * static_cast<int>(sizeof(Register)) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)); 770 770 } 771 771 772 772 MacroAssembler::Address argumentTagSlot(int argument) 773 773 { 774 return MacroAssembler::Address(GPRInfo::callFrameRegister, ( m_jit.codeBlock()->m_numCalleeRegisters + argumentToOperand(argument)) * static_cast<int>(sizeof(Register)) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag));774 return MacroAssembler::Address(GPRInfo::callFrameRegister, (-m_jit.codeBlock()->m_numCalleeRegisters + argumentToOperand(argument)) * static_cast<int>(sizeof(Register)) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)); 775 775 } 776 776 777 777 MacroAssembler::Address argumentPayloadSlot(int argument) 778 778 { 779 return MacroAssembler::Address(GPRInfo::callFrameRegister, ( m_jit.codeBlock()->m_numCalleeRegisters + argumentToOperand(argument)) * static_cast<int>(sizeof(Register)) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload));779 return MacroAssembler::Address(GPRInfo::callFrameRegister, (-m_jit.codeBlock()->m_numCalleeRegisters + argumentToOperand(argument)) * static_cast<int>(sizeof(Register)) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)); 780 780 } 781 781 -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
r155662 r155711 740 740 m_jit.beginCall(node->codeOrigin, token); 741 741 742 m_jit.addPtr(TrustedImm32( m_jit.codeBlock()->m_numCalleeRegisters * sizeof(Register)), GPRInfo::callFrameRegister);742 m_jit.addPtr(TrustedImm32(-(m_jit.codeBlock()->m_numCalleeRegisters * sizeof(Register))), GPRInfo::callFrameRegister); 743 743 744 744 slowPath.append(m_jit.branch32(MacroAssembler::NotEqual, calleeTagGPR, TrustedImm32(JSValue::CellTag))); … … 4425 4425 4426 4426 int captureEnd = symbolTable->captureEnd(); 4427 for (int i = symbolTable->captureStart(); i < captureEnd; ++i) {4427 for (int i = symbolTable->captureStart(); i > captureEnd; --i) { 4428 4428 m_jit.loadPtr( 4429 4429 JITCompiler::Address( … … 4612 4612 slowArgumentOutOfBounds.link(&m_jit); 4613 4613 4614 m_jit.neg32(resultPayloadGPR);4615 4616 4614 m_jit.load32( 4617 4615 JITCompiler::BaseIndex( … … 4688 4686 slowArgumentOutOfBounds.link(&m_jit); 4689 4687 4690 m_jit.neg32(resultPayloadGPR);4691 4692 4688 m_jit.load32( 4693 4689 JITCompiler::BaseIndex( -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
r155662 r155711 706 706 m_jit.beginCall(node->codeOrigin, token); 707 707 708 m_jit.addPtr(TrustedImm32( m_jit.codeBlock()->m_numCalleeRegisters * sizeof(Register)), GPRInfo::callFrameRegister);708 m_jit.addPtr(TrustedImm32(-(m_jit.codeBlock()->m_numCalleeRegisters * sizeof(Register))), GPRInfo::callFrameRegister); 709 709 710 710 slowPath.append(m_jit.branchPtrWithPatch(MacroAssembler::NotEqual, calleeGPR, targetToCheck, MacroAssembler::TrustedImmPtr(0))); … … 2765 2765 2766 2766 m_jit.move(propertyReg, scratch2Reg); 2767 m_jit.neg32(scratch2Reg);2768 2767 m_jit.signExtend32ToPtr(scratch2Reg, scratch2Reg); 2769 2768 m_jit.loadPtr( … … 2775 2774 MacroAssembler::BaseIndex( 2776 2775 scratchReg, scratch2Reg, MacroAssembler::TimesEight, 2777 CallFrame::thisArgumentOffset() * sizeof(Register) -sizeof(Register)));2776 CallFrame::thisArgumentOffset() * sizeof(Register) + sizeof(Register))); 2778 2777 2779 2778 noResult(node); … … 4303 4302 4304 4303 int captureEnd = symbolTable->captureEnd(); 4305 for (int i = symbolTable->captureStart(); i < captureEnd; ++i) {4304 for (int i = symbolTable->captureStart(); i > captureEnd; --i) { 4306 4305 m_jit.load64( 4307 4306 JITCompiler::Address( … … 4454 4453 slowArgumentOutOfBounds.link(&m_jit); 4455 4454 4456 m_jit.neg32(resultGPR);4457 4455 m_jit.signExtend32ToPtr(resultGPR, resultGPR); 4458 4456 … … 4519 4517 slowArgumentOutOfBounds.link(&m_jit); 4520 4518 4521 m_jit.neg32(resultGPR);4522 4519 m_jit.signExtend32ToPtr(resultGPR, resultGPR); 4523 4520 -
trunk/Source/JavaScriptCore/dfg/DFGValidate.cpp
r155415 r155711 432 432 void reportValidationContext(VirtualRegister local, BasicBlock* block) 433 433 { 434 if (!block) { 435 dataLog("r", static_cast<int>(local), " in null Block "); 436 return; 437 } 438 434 439 dataLog("r", static_cast<int>(local), " in Block ", *block); 435 440 } -
trunk/Source/JavaScriptCore/ftl/FTLLink.cpp
r155023 r155711 76 76 // FIXME: https://bugs.webkit.org/show_bug.cgi?id=56291 77 77 jit.addPtr( 78 CCallHelpers::TrustedImm32( codeBlock->m_numCalleeRegisters * sizeof(Register)),78 CCallHelpers::TrustedImm32(-codeBlock->m_numCalleeRegisters * sizeof(Register)), 79 79 GPRInfo::callFrameRegister, GPRInfo::regT1); 80 80 CCallHelpers::Jump stackCheck = jit.branchPtr( 81 CCallHelpers:: Below,81 CCallHelpers::Above, 82 82 CCallHelpers::AbsoluteAddress(state.graph.m_vm.interpreter->stack().addressOfEnd()), 83 83 GPRInfo::regT1); -
trunk/Source/JavaScriptCore/heap/ConservativeRoots.cpp
r154986 r155711 94 94 void ConservativeRoots::genericAddSpan(void* begin, void* end, MarkHook& markHook) 95 95 { 96 ASSERT(begin <= end); 96 if (begin > end) { 97 void* swapTemp = begin; 98 begin = end; 99 end = swapTemp; 100 } 101 97 102 ASSERT((static_cast<char*>(end) - static_cast<char*>(begin)) < 0x1000000); 98 103 ASSERT(isPointerAligned(begin)); -
trunk/Source/JavaScriptCore/interpreter/CallFrame.cpp
r155075 r155711 95 95 CodeBlock* codeBlock = this->codeBlock(); 96 96 ASSERT(codeBlock); 97 return registers() +codeBlock->m_numCalleeRegisters;97 return registers() - codeBlock->m_numCalleeRegisters; 98 98 } 99 99 -
trunk/Source/JavaScriptCore/interpreter/CallFrame.h
r155219 r155711 215 215 { 216 216 ASSERT(callerFrame); // Use noCaller() rather than 0 for the outer host call frame caller. 217 ASSERT(callerFrame == noCaller() || callerFrame->removeHostCallFrameFlag()->stack()-> end() >= this);217 ASSERT(callerFrame == noCaller() || callerFrame->removeHostCallFrameFlag()->stack()->containsAddress(this)); 218 218 219 219 setCodeBlock(codeBlock); … … 233 233 size_t argumentCount() const { return argumentCountIncludingThis() - 1; } 234 234 size_t argumentCountIncludingThis() const { return this[JSStack::ArgumentCount].payload(); } 235 static int argumentOffset(int argument) { return s_firstArgumentOffset - argument; }236 static int argumentOffsetIncludingThis(int argument) { return s_thisArgumentOffset - argument; }235 static int argumentOffset(int argument) { return (s_firstArgumentOffset + argument); } 236 static int argumentOffsetIncludingThis(int argument) { return (s_thisArgumentOffset + argument); } 237 237 238 238 // In the following (argument() and setArgument()), the 'argument' … … 294 294 private: 295 295 static const intptr_t HostCallFrameFlag = 1; 296 static const int s_thisArgumentOffset = -1 - JSStack::CallFrameHeaderSize;297 static const int s_firstArgumentOffset = s_thisArgumentOffset -1;296 static const int s_thisArgumentOffset = JSStack::CallFrameHeaderSize + 1; 297 static const int s_firstArgumentOffset = s_thisArgumentOffset + 1; 298 298 299 299 #ifndef NDEBUG … … 319 319 // Hence: 320 320 // argIndex = s_firstArgumentOffset - offset; 321 size_t argIndex = s_firstArgumentOffset - offset;321 size_t argIndex = offset - s_firstArgumentOffset; 322 322 return argIndex; 323 323 } -
trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp
r155622 r155711 153 153 if (!arguments) { // f.apply(x, arguments), with arguments unmodified. 154 154 unsigned argumentCountIncludingThis = callFrame->argumentCountIncludingThis(); 155 CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + firstFreeRegister + argumentCountIncludingThis +JSStack::CallFrameHeaderSize);155 CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + firstFreeRegister - argumentCountIncludingThis - JSStack::CallFrameHeaderSize); 156 156 if (argumentCountIncludingThis > Arguments::MaxArguments + 1 || !stack->grow(newCallFrame->registers())) { 157 157 callFrame->vm().throwException(callFrame, createStackOverflowError(callFrame)); … … 167 167 168 168 if (arguments.isUndefinedOrNull()) { 169 CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + firstFreeRegister + 1 +JSStack::CallFrameHeaderSize);169 CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + firstFreeRegister - 1 - JSStack::CallFrameHeaderSize); 170 170 if (!stack->grow(newCallFrame->registers())) { 171 171 callFrame->vm().throwException(callFrame, createStackOverflowError(callFrame)); … … 185 185 Arguments* argsObject = asArguments(arguments); 186 186 unsigned argCount = argsObject->length(callFrame); 187 CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + firstFreeRegister +CallFrame::offsetFor(argCount + 1));187 CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + firstFreeRegister - CallFrame::offsetFor(argCount + 1)); 188 188 if (argCount > Arguments::MaxArguments || !stack->grow(newCallFrame->registers())) { 189 189 callFrame->vm().throwException(callFrame, createStackOverflowError(callFrame)); … … 199 199 JSArray* array = asArray(arguments); 200 200 unsigned argCount = array->length(); 201 CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + firstFreeRegister +CallFrame::offsetFor(argCount + 1));201 CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + firstFreeRegister - CallFrame::offsetFor(argCount + 1)); 202 202 if (argCount > Arguments::MaxArguments || !stack->grow(newCallFrame->registers())) { 203 203 callFrame->vm().throwException(callFrame, createStackOverflowError(callFrame)); … … 212 212 JSObject* argObject = asObject(arguments); 213 213 unsigned argCount = argObject->get(callFrame, callFrame->propertyNames().length).toUInt32(callFrame); 214 CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + firstFreeRegister +CallFrame::offsetFor(argCount + 1));214 CallFrame* newCallFrame = CallFrame::create(callFrame->registers() + firstFreeRegister - CallFrame::offsetFor(argCount + 1)); 215 215 if (argCount > Arguments::MaxArguments || !stack->grow(newCallFrame->registers())) { 216 216 callFrame->vm().throwException(callFrame, createStackOverflowError(callFrame)); … … 314 314 const Register* end; 315 315 316 it = callFrame->registers() - JSStack::CallFrameHeaderSize -callFrame->argumentCountIncludingThis();317 end = callFrame->registers() -JSStack::CallFrameHeaderSize;318 while (it <end) {316 it = callFrame->registers() + JSStack::CallFrameHeaderSize + callFrame->argumentCountIncludingThis(); 317 end = callFrame->registers() + JSStack::CallFrameHeaderSize; 318 while (it > end) { 319 319 JSValue v = it->jsValue(); 320 320 int registerNumber = it - callFrame->registers(); … … 326 326 dataLogF("-----------------------------------------------------------------------------\n"); 327 327 dataLogF("[ArgumentCount] | %10p | %lu \n", it, (unsigned long) callFrame->argumentCount()); 328 ++it;328 --it; 329 329 dataLogF("[CallerFrame] | %10p | %p \n", it, callFrame->callerFrame()); 330 ++it;330 --it; 331 331 dataLogF("[Callee] | %10p | %p \n", it, callFrame->callee()); 332 ++it;332 --it; 333 333 dataLogF("[ScopeChain] | %10p | %p \n", it, callFrame->scope()); 334 ++it;334 --it; 335 335 #if ENABLE(JIT) 336 336 AbstractPC pc = callFrame->abstractReturnPC(callFrame->vm()); … … 343 343 344 344 dataLogF("[CodeBlock] | %10p | %p \n", it, callFrame->codeBlock()); 345 ++it;345 --it; 346 346 dataLogF("-----------------------------------------------------------------------------\n"); 347 347 348 348 int registerCount = 0; 349 349 350 end = it +codeBlock->m_numVars;350 end = it - codeBlock->m_numVars; 351 351 if (it != end) { 352 352 do { … … 355 355 String name = codeBlock->nameForRegister(registerNumber); 356 356 dataLogF("[r% 3d %14s] | %10p | %-16s 0x%lld \n", registerNumber, name.ascii().data(), it, toCString(v).data(), (long long)JSValue::encode(v)); 357 ++it;358 ++registerCount;357 --it; 358 --registerCount; 359 359 } while (it != end); 360 360 } -
trunk/Source/JavaScriptCore/interpreter/JSStack.cpp
r154986 r155711 51 51 52 52 m_reservation = PageReservation::reserve(roundUpAllocationSize(capacity * sizeof(Register), commitSize), OSAllocator::JSVMStackPages); 53 m_end = static_cast<Register*>(m_reservation.base());54 m_commitEnd = static_cast<Register*>(m_reservation.base());53 m_end = highAddress(); 54 m_commitEnd = highAddress(); 55 55 56 56 disableErrorStackReserve(); … … 61 61 JSStack::~JSStack() 62 62 { 63 void* base = m_reservation.base();64 m_reservation.decommit( base, reinterpret_cast<intptr_t>(m_commitEnd) - reinterpret_cast<intptr_t>(base));65 addToCommittedByteCount(-(reinterpret_cast<intptr_t>( m_commitEnd) - reinterpret_cast<intptr_t>(base)));63 void* highAddress = reinterpret_cast_ptr<void*>(static_cast<char*>(m_reservation.base()) + m_reservation.size()); 64 m_reservation.decommit(reinterpret_cast_ptr<void*>(m_commitEnd), reinterpret_cast<intptr_t>(highAddress) - reinterpret_cast<intptr_t>(m_commitEnd)); 65 addToCommittedByteCount(-(reinterpret_cast<intptr_t>(highAddress) - reinterpret_cast<intptr_t>(m_commitEnd))); 66 66 m_reservation.deallocate(); 67 67 } … … 71 71 // If we have already committed enough memory to satisfy this request, 72 72 // just update the end pointer and return. 73 if (newEnd <= m_commitEnd) {73 if (newEnd >= m_commitEnd) { 74 74 m_end = newEnd; 75 75 return true; … … 79 79 // have it is still within our budget. If not, we'll fail to grow and 80 80 // return false. 81 long delta = roundUpAllocationSize(reinterpret_cast<char*>( newEnd) - reinterpret_cast<char*>(m_commitEnd), commitSize);82 if (reinterpret_cast<char*>(m_commitEnd) + delta >reinterpret_cast<char*>(m_useableEnd))81 long delta = roundUpAllocationSize(reinterpret_cast<char*>(m_commitEnd) - reinterpret_cast<char*>(newEnd), commitSize); 82 if (reinterpret_cast<char*>(m_commitEnd) - delta <= reinterpret_cast<char*>(m_useableEnd)) 83 83 return false; 84 84 85 85 // Otherwise, the growth is still within our budget. Go ahead and commit 86 86 // it and return true. 87 m_reservation.commit( m_commitEnd, delta);87 m_reservation.commit(reinterpret_cast<char*>(m_commitEnd) - delta, delta); 88 88 addToCommittedByteCount(delta); 89 m_commitEnd = reinterpret_cast_ptr<Register*>(reinterpret_cast<char*>(m_commitEnd) +delta);89 m_commitEnd = reinterpret_cast_ptr<Register*>(reinterpret_cast<char*>(m_commitEnd) - delta); 90 90 m_end = newEnd; 91 91 return true; … … 94 94 void JSStack::gatherConservativeRoots(ConservativeRoots& conservativeRoots) 95 95 { 96 conservativeRoots.add( begin(), getTopOfStack());96 conservativeRoots.add(getBaseOfStack(), getTopOfStack()); 97 97 } 98 98 99 99 void JSStack::gatherConservativeRoots(ConservativeRoots& conservativeRoots, JITStubRoutineSet& jitStubRoutines, CodeBlockSet& codeBlocks) 100 100 { 101 conservativeRoots.add( begin(), getTopOfStack(), jitStubRoutines, codeBlocks);101 conservativeRoots.add(getBaseOfStack(), getTopOfStack(), jitStubRoutines, codeBlocks); 102 102 } 103 103 104 104 void JSStack::releaseExcessCapacity() 105 105 { 106 ptrdiff_t delta = reinterpret_cast<uintptr_t>( m_commitEnd) - reinterpret_cast<uintptr_t>(m_reservation.base());107 m_reservation.decommit(m_ reservation.base(), delta);106 ptrdiff_t delta = reinterpret_cast<uintptr_t>(highAddress()) - reinterpret_cast<uintptr_t>(m_commitEnd); 107 m_reservation.decommit(m_commitEnd, delta); 108 108 addToCommittedByteCount(-delta); 109 m_commitEnd = static_cast<Register*>(m_reservation.base());109 m_commitEnd = highAddress(); 110 110 } 111 111 … … 135 135 void JSStack::disableErrorStackReserve() 136 136 { 137 char* useableEnd = reinterpret_cast<char*>(reservationEnd()) -commitSize;137 char* useableEnd = reinterpret_cast<char*>(reservationEnd()) + commitSize; 138 138 m_useableEnd = reinterpret_cast_ptr<Register*>(useableEnd); 139 139 … … 143 143 // enabled the reserve was not previously in use. Hence, it is safe to 144 144 // shrink back to that m_useableEnd. 145 if (m_end >m_useableEnd) {146 ASSERT(m_topCallFrame->frameExtent() <= m_useableEnd);145 if (m_end < m_useableEnd) { 146 ASSERT(m_topCallFrame->frameExtent() >= m_useableEnd); 147 147 shrink(m_useableEnd); 148 148 } -
trunk/Source/JavaScriptCore/interpreter/JSStack.h
r154986 r155711 55 55 CallFrameHeaderSize = 6, 56 56 57 ArgumentCount = -6,58 CallerFrame = -5,59 Callee = -4,60 ScopeChain = -3,61 ReturnPC = -2, // This is either an Instruction* or a pointer into JIT generated code stored as an Instruction*.62 CodeBlock = -1,57 ArgumentCount = 6, 58 CallerFrame = 5, 59 Callee = 4, 60 ScopeChain = 3, 61 ReturnPC = 2, // This is either an Instruction* or a pointer into JIT generated code stored as an Instruction*. 62 CodeBlock = 1, 63 63 }; 64 64 … … 74 74 void gatherConservativeRoots(ConservativeRoots&, JITStubRoutineSet&, CodeBlockSet&); 75 75 76 Register* begin() const { return static_cast<Register*>(m_reservation.base()); } 77 Register* end() const { return m_end; } 78 size_t size() const { return end() - begin(); } 76 Register* getBaseOfStack() const 77 { 78 return highAddress() - 1; 79 } 80 81 Register* getLimitOfStack() const { return m_end; } 82 size_t size() const { return highAddress() - lowAddress(); } 79 83 80 84 bool grow(Register*); … … 91 95 Register* getStartOfFrame(CallFrame*); 92 96 Register* getTopOfStack(); 97 Register* end() const { return m_end; } 93 98 94 99 CallFrame* pushFrame(CallFrame* callerFrame, class CodeBlock*, … … 96 101 97 102 void popFrame(CallFrame*); 103 104 bool containsAddress(Register* address) { return (lowAddress() <= address && address <= highAddress()); } 98 105 99 106 void enableErrorStackReserve(); … … 110 117 111 118 private: 119 Register* lowAddress() const 120 { 121 return m_end; 122 } 123 124 Register* highAddress() const 125 { 126 return reinterpret_cast_ptr<Register*>(static_cast<char*>(m_reservation.base()) + m_reservation.size()); 127 } 128 112 129 Register* reservationEnd() const 113 130 { 114 char* base = static_cast<char*>(m_reservation.base()); 115 char* reservationEnd = base + m_reservation.size(); 131 char* reservationEnd = static_cast<char*>(m_reservation.base()); 116 132 return reinterpret_cast_ptr<Register*>(reservationEnd); 117 133 } … … 143 159 return; 144 160 m_end = newEnd; 145 if (m_end == m_reservation.base() && (m_commitEnd - begin()) >= maxExcessCapacity)161 if (m_end == getBaseOfStack() && (m_commitEnd - getBaseOfStack()) >= maxExcessCapacity) 146 162 releaseExcessCapacity(); 147 163 } … … 149 165 inline bool JSStack::grow(Register* newEnd) 150 166 { 151 if (newEnd <= m_end)167 if (newEnd >= m_end) 152 168 return true; 153 169 return growSlowCase(newEnd); -
trunk/Source/JavaScriptCore/interpreter/JSStackInlines.h
r149980 r155711 36 36 { 37 37 if (UNLIKELY(!frame)) 38 return begin();38 return getBaseOfStack(); 39 39 return frame->frameExtent(); 40 40 } … … 65 65 } 66 66 67 Register* newCallFrameSlot = oldEnd + paddedArgsCount + JSStack::CallFrameHeaderSize; 67 Register* newCallFrameSlot = oldEnd - paddedArgsCount - JSStack::CallFrameHeaderSize; 68 68 69 #if ENABLE(DEBUG_JSSTACK) 69 newCallFrameSlot += JSStack::FenceSize;70 newCallFrameSlot -= JSStack::FenceSize; 70 71 #endif 72 71 73 Register* newEnd = newCallFrameSlot; 72 74 if (!!codeBlock) 73 newEnd += codeBlock->m_numCalleeRegisters;75 newEnd -= codeBlock->m_numCalleeRegisters; 74 76 75 77 // Ensure that we have the needed stack capacity to push the new frame: … … 121 123 // are no more frames on the stack. 122 124 if (!callerFrame) 123 shrink( begin());125 shrink(getBaseOfStack()); 124 126 125 127 installTrapsAfterFrame(callerFrame); … … 213 215 const int sizeOfTrap = 64; 214 216 int32_t* startOfTrap = reinterpret_cast<int32_t*>(topOfFrame); 215 int32_t* endOfTrap = startOfTrap +sizeOfTrap;217 int32_t* endOfTrap = startOfTrap - sizeOfTrap; 216 218 int32_t* endOfCommitedMemory = reinterpret_cast<int32_t*>(m_commitEnd); 217 219 218 220 // Make sure we're not exceeding the amount of available memory to write to: 219 if (endOfTrap >endOfCommitedMemory)221 if (endOfTrap < endOfCommitedMemory) 220 222 endOfTrap = endOfCommitedMemory; 221 223 222 224 // Lay the traps: 223 225 int32_t* p = startOfTrap; 224 while (p <endOfTrap)225 *p ++= 0xabadcafe; // A bad word to trigger a crash if deref'ed.226 while (p > endOfTrap) 227 *p-- = 0xabadcafe; // A bad word to trigger a crash if deref'ed. 226 228 } 227 229 #endif // ENABLE(DEBUG_JSSTACK) -
trunk/Source/JavaScriptCore/interpreter/StackVisitor.cpp
r155613 r155711 118 118 119 119 #if ENABLE(DFG_JIT) 120 static unsignedinlinedFrameOffset(CodeOrigin* codeOrigin)120 static int inlinedFrameOffset(CodeOrigin* codeOrigin) 121 121 { 122 122 InlineCallFrame* inlineCallFrame = codeOrigin->inlineCallFrame; 123 unsignedframeOffset = inlineCallFrame ? inlineCallFrame->stackOffset : 0;123 int frameOffset = inlineCallFrame ? inlineCallFrame->stackOffset : 0; 124 124 return frameOffset; 125 125 } … … 130 130 ASSERT(!callFrame->hasHostCallFrameFlag()); 131 131 132 unsignedframeOffset = inlinedFrameOffset(codeOrigin);132 int frameOffset = inlinedFrameOffset(codeOrigin); 133 133 bool isInlined = !!frameOffset; 134 134 if (isInlined) { -
trunk/Source/JavaScriptCore/jit/JIT.cpp
r155023 r155711 617 617 #endif 618 618 619 addPtr(TrustedImm32( m_codeBlock->m_numCalleeRegisters * sizeof(Register)), callFrameRegister, regT1);620 stackCheck = branchPtr( Below, AbsoluteAddress(m_vm->interpreter->stack().addressOfEnd()), regT1);619 addPtr(TrustedImm32(-m_codeBlock->m_numCalleeRegisters * sizeof(Register)), callFrameRegister, regT1); 620 stackCheck = branchPtr(Above, AbsoluteAddress(m_vm->interpreter->stack().addressOfEnd()), regT1); 621 621 } 622 622 -
trunk/Source/JavaScriptCore/jit/JITCall.cpp
r153231 r155711 89 89 90 90 move(regT0, regT1); 91 add32(TrustedImm32(firstFreeRegister + JSStack::CallFrameHeaderSize), regT1); 92 lshift32(TrustedImm32(3), regT1); 91 neg64(regT1); 92 add64(TrustedImm32(firstFreeRegister - JSStack::CallFrameHeaderSize), regT1); 93 lshift64(TrustedImm32(3), regT1); 93 94 addPtr(callFrameRegister, regT1); 94 95 // regT1: newCallFrame 95 96 96 slowCase.append(branchPtr( Below, AbsoluteAddress(m_vm->interpreter->stack().addressOfEnd()), regT1));97 slowCase.append(branchPtr(Above, AbsoluteAddress(m_vm->interpreter->stack().addressOfEnd()), regT1)); 97 98 98 99 // Initialize ArgumentCount. … … 104 105 105 106 // Copy arguments. 106 neg32(regT0);107 107 signExtend32ToPtr(regT0, regT0); 108 end.append(branch Add64(Zero, TrustedImm32(1), regT0));109 // regT0: -argumentCount108 end.append(branchSub64(Zero, TrustedImm32(1), regT0)); 109 // regT0: argumentCount 110 110 111 111 Label copyLoop = label(); 112 112 load64(BaseIndex(callFrameRegister, regT0, TimesEight, CallFrame::thisArgumentOffset() * static_cast<int>(sizeof(Register))), regT2); 113 113 store64(regT2, BaseIndex(regT1, regT0, TimesEight, CallFrame::thisArgumentOffset() * static_cast<int>(sizeof(Register)))); 114 branch Add64(NonZero, TrustedImm32(1), regT0).linkTo(copyLoop, this);114 branchSub64(NonZero, TrustedImm32(1), regT0).linkTo(copyLoop, this); 115 115 116 116 end.append(jump()); … … 176 176 else { 177 177 int argCount = instruction[3].u.operand; 178 int registerOffset = instruction[4].u.operand;178 int registerOffset = -instruction[4].u.operand; 179 179 180 180 if (opcodeID == op_call && shouldEmitProfiling()) { -
trunk/Source/JavaScriptCore/jit/JITCall32_64.cpp
r153231 r155711 158 158 159 159 move(regT2, regT3); 160 add32(TrustedImm32(firstFreeRegister + JSStack::CallFrameHeaderSize), regT3); 160 neg32(regT3); 161 add32(TrustedImm32(firstFreeRegister - JSStack::CallFrameHeaderSize), regT3); 161 162 lshift32(TrustedImm32(3), regT3); 162 163 addPtr(callFrameRegister, regT3); 163 164 // regT3: newCallFrame 164 165 165 slowCase.append(branchPtr( Below, AbsoluteAddress(m_vm->interpreter->stack().addressOfEnd()), regT3));166 slowCase.append(branchPtr(Above, AbsoluteAddress(m_vm->interpreter->stack().addressOfEnd()), regT3)); 166 167 167 168 // Initialize ArgumentCount. … … 174 175 175 176 // Copy arguments. 176 neg32(regT2); 177 end.append(branchAdd32(Zero, TrustedImm32(1), regT2)); 178 // regT2: -argumentCount; 177 end.append(branchSub32(Zero, TrustedImm32(1), regT2)); 178 // regT2: argumentCount; 179 179 180 180 Label copyLoop = label(); … … 183 183 store32(regT0, BaseIndex(regT3, regT2, TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.payload) +(CallFrame::thisArgumentOffset() * static_cast<int>(sizeof(Register))))); 184 184 store32(regT1, BaseIndex(regT3, regT2, TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.tag) +(CallFrame::thisArgumentOffset() * static_cast<int>(sizeof(Register))))); 185 branch Add32(NonZero, TrustedImm32(1), regT2).linkTo(copyLoop, this);185 branchSub32(NonZero, TrustedImm32(1), regT2).linkTo(copyLoop, this); 186 186 187 187 end.append(jump()); … … 247 247 else { 248 248 int argCount = instruction[3].u.operand; 249 int registerOffset = instruction[4].u.operand;249 int registerOffset = -instruction[4].u.operand; 250 250 251 251 if (opcodeID == op_call && shouldEmitProfiling()) { -
trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp
r155418 r155711 845 845 846 846 Jump activationCreated = branchTest64(NonZero, Address(callFrameRegister, sizeof(Register) * dst)); 847 JITStubCall(this, cti_op_push_activation).call(currentInstruction[1].u.operand); 848 emitPutVirtualRegister(dst); 847 JITStubCall(this, cti_op_push_activation).call(dst); 849 848 activationCreated.link(this); 850 849 } … … 1116 1115 addSlowCase(branch32(AboveOrEqual, regT1, regT2)); 1117 1116 1118 neg32(regT1);1119 1117 signExtend32ToPtr(regT1, regT1); 1120 1118 load64(BaseIndex(callFrameRegister, regT1, TimesEight, CallFrame::thisArgumentOffset() * static_cast<int>(sizeof(Register))), regT0); -
trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp
r155418 r155711 1244 1244 addSlowCase(branch32(AboveOrEqual, regT2, regT3)); 1245 1245 1246 neg32(regT2);1247 1246 loadPtr(BaseIndex(callFrameRegister, regT2, TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.payload) + CallFrame::thisArgumentOffset() * static_cast<int>(sizeof(Register))), regT0); 1248 1247 loadPtr(BaseIndex(callFrameRegister, regT2, TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.tag) + CallFrame::thisArgumentOffset() * static_cast<int>(sizeof(Register))), regT1); -
trunk/Source/JavaScriptCore/jit/JITStubs.cpp
r155023 r155711 409 409 CallFrame* callFrame = newCallFrame->callerFrame()->removeHostCallFrameFlag(); 410 410 jitStackFrame.callFrame = callFrame; 411 ASSERT(callFrame); 411 412 callFrame->vm().topCallFrame = callFrame; 412 413 if (createError) … … 439 440 CallFrame* callFrame = stackFrame.callFrame; 440 441 441 if (UNLIKELY(!stackFrame.stack->grow(&callFrame->registers()[ callFrame->codeBlock()->m_numCalleeRegisters]))) {442 if (UNLIKELY(!stackFrame.stack->grow(&callFrame->registers()[-callFrame->codeBlock()->m_numCalleeRegisters]))) { 442 443 ErrorWithExecFunctor functor = ErrorWithExecFunctor(createStackOverflowError); 443 444 return throwExceptionFromOpCall<void*>(stackFrame, callFrame, STUB_RETURN_ADDRESS, &functor); … … 1478 1479 STUB_INIT_STACK_FRAME(stackFrame); 1479 1480 1480 return constructArray (stackFrame.callFrame, stackFrame.args[2].arrayAllocationProfile(), reinterpret_cast<JSValue*>(&stackFrame.callFrame->registers()[stackFrame.args[0].int32()]), stackFrame.args[1].int32());1481 return constructArrayNegativeIndexed(stackFrame.callFrame, stackFrame.args[2].arrayAllocationProfile(), reinterpret_cast<JSValue*>(&stackFrame.callFrame->registers()[stackFrame.args[0].int32()]), stackFrame.args[1].int32()); 1481 1482 } 1482 1483 -
trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp
r154797 r155711 429 429 jit.pop(JSInterfaceJIT::regT4); 430 430 # endif 431 jit.addPtr(JSInterfaceJIT::TrustedImm32(-8), JSInterfaceJIT::callFrameRegister, JSInterfaceJIT::regT3); 431 jit.neg64(JSInterfaceJIT::regT0); 432 jit.addPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::callFrameRegister, JSInterfaceJIT::regT3); 432 433 jit.load32(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, JSStack::ArgumentCount * 8), JSInterfaceJIT::regT2); 433 434 jit.add32(JSInterfaceJIT::TrustedImm32(JSStack::CallFrameHeaderSize), JSInterfaceJIT::regT2); 434 435 435 // Move current frame regT0 number of slots436 // Move current frame down regT0 number of slots 436 437 JSInterfaceJIT::Label copyLoop(jit.label()); 437 438 jit.load64(JSInterfaceJIT::regT3, JSInterfaceJIT::regT1); 438 439 jit.store64(JSInterfaceJIT::regT1, MacroAssembler::BaseIndex(JSInterfaceJIT::regT3, JSInterfaceJIT::regT0, JSInterfaceJIT::TimesEight)); 439 jit. subPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::regT3);440 jit.addPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::regT3); 440 441 jit.branchSub32(MacroAssembler::NonZero, JSInterfaceJIT::TrustedImm32(1), JSInterfaceJIT::regT2).linkTo(copyLoop, &jit); 441 442 … … 445 446 JSInterfaceJIT::Label fillUndefinedLoop(jit.label()); 446 447 jit.store64(JSInterfaceJIT::regT1, MacroAssembler::BaseIndex(JSInterfaceJIT::regT3, JSInterfaceJIT::regT0, JSInterfaceJIT::TimesEight)); 447 jit. subPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::regT3);448 jit.branch Sub32(MacroAssembler::NonZero, JSInterfaceJIT::TrustedImm32(1), JSInterfaceJIT::regT2).linkTo(fillUndefinedLoop, &jit);448 jit.addPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::regT3); 449 jit.branchAdd32(MacroAssembler::NonZero, JSInterfaceJIT::TrustedImm32(1), JSInterfaceJIT::regT2).linkTo(fillUndefinedLoop, &jit); 449 450 450 451 // Adjust call frame register to account for missing args 451 jit.lshift 32(JSInterfaceJIT::TrustedImm32(3), JSInterfaceJIT::regT0);452 jit.lshift64(JSInterfaceJIT::TrustedImm32(3), JSInterfaceJIT::regT0); 452 453 jit.addPtr(JSInterfaceJIT::regT0, JSInterfaceJIT::callFrameRegister); 453 454 … … 460 461 jit.pop(JSInterfaceJIT::regT4); 461 462 # endif 462 jit.addPtr(JSInterfaceJIT::TrustedImm32(-8), JSInterfaceJIT::callFrameRegister, JSInterfaceJIT::regT3); 463 jit.neg32(JSInterfaceJIT::regT0); 464 jit.addPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::callFrameRegister, JSInterfaceJIT::regT3); 463 465 jit.load32(JSInterfaceJIT::Address(JSInterfaceJIT::callFrameRegister, JSStack::ArgumentCount * 8), JSInterfaceJIT::regT2); 464 466 jit.add32(JSInterfaceJIT::TrustedImm32(JSStack::CallFrameHeaderSize), JSInterfaceJIT::regT2); 465 467 466 // Move current frame regT0 number of slots468 // Move current frame down regT0 number of slots 467 469 JSInterfaceJIT::Label copyLoop(jit.label()); 468 470 jit.load32(JSInterfaceJIT::regT3, JSInterfaceJIT::regT1); … … 470 472 jit.load32(MacroAssembler::Address(JSInterfaceJIT::regT3, 4), JSInterfaceJIT::regT1); 471 473 jit.store32(JSInterfaceJIT::regT1, MacroAssembler::BaseIndex(JSInterfaceJIT::regT3, JSInterfaceJIT::regT0, JSInterfaceJIT::TimesEight, 4)); 472 jit. subPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::regT3);474 jit.addPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::regT3); 473 475 jit.branchSub32(MacroAssembler::NonZero, JSInterfaceJIT::TrustedImm32(1), JSInterfaceJIT::regT2).linkTo(copyLoop, &jit); 474 476 … … 481 483 jit.store32(JSInterfaceJIT::regT1, MacroAssembler::BaseIndex(JSInterfaceJIT::regT3, JSInterfaceJIT::regT0, JSInterfaceJIT::TimesEight, 4)); 482 484 483 jit. subPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::regT3);484 jit.branch Sub32(MacroAssembler::NonZero, JSInterfaceJIT::TrustedImm32(1), JSInterfaceJIT::regT2).linkTo(fillUndefinedLoop, &jit);485 jit.addPtr(JSInterfaceJIT::TrustedImm32(8), JSInterfaceJIT::regT3); 486 jit.branchAdd32(MacroAssembler::NonZero, JSInterfaceJIT::TrustedImm32(1), JSInterfaceJIT::regT2).linkTo(fillUndefinedLoop, &jit); 485 487 486 488 // Adjust call frame register to account for missing args -
trunk/Source/JavaScriptCore/llint/LLIntData.cpp
r153221 r155711 72 72 // prepared to change LowLevelInterpreter.asm as well!! 73 73 ASSERT(JSStack::CallFrameHeaderSize * 8 == 48); 74 ASSERT(JSStack::ArgumentCount * 8 == -48);75 ASSERT(JSStack::CallerFrame * 8 == -40);76 ASSERT(JSStack::Callee * 8 == -32);77 ASSERT(JSStack::ScopeChain * 8 == -24);78 ASSERT(JSStack::ReturnPC * 8 == -16);79 ASSERT(JSStack::CodeBlock * 8 == -8);80 ASSERT(CallFrame::argumentOffsetIncludingThis(0) == -JSStack::CallFrameHeaderSize -1);74 ASSERT(JSStack::ArgumentCount * 8 == 48); 75 ASSERT(JSStack::CallerFrame * 8 == 40); 76 ASSERT(JSStack::Callee * 8 == 32); 77 ASSERT(JSStack::ScopeChain * 8 == 24); 78 ASSERT(JSStack::ReturnPC * 8 == 16); 79 ASSERT(JSStack::CodeBlock * 8 == 8); 80 ASSERT(CallFrame::argumentOffsetIncludingThis(0) == JSStack::CallFrameHeaderSize + 1); 81 81 #if CPU(BIG_ENDIAN) 82 82 ASSERT(OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag) == 0); -
trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
r154935 r155711 246 246 LLINT_SLOW_PATH_DECL(trace) 247 247 { 248 dataLogF("%p / %p: executing bc#%zu, %s, scope %p \n",248 dataLogF("%p / %p: executing bc#%zu, %s, scope %p, pc = %p\n", 249 249 exec->codeBlock(), 250 250 exec, 251 251 static_cast<intptr_t>(pc - exec->codeBlock()->instructions().begin()), 252 252 opcodeNames[exec->vm().interpreter->getOpcodeID(pc[0].u.opcode)], 253 exec->scope() );253 exec->scope(), pc); 254 254 if (exec->vm().interpreter->getOpcodeID(pc[0].u.opcode) == op_ret) { 255 255 dataLogF("Will be returning to %p\n", exec->returnPC().value()); … … 430 430 dataLogF("Current end is at %p.\n", exec->vm().interpreter->stack().end()); 431 431 #endif 432 ASSERT( &exec->registers()[exec->codeBlock()->m_numCalleeRegisters] > exec->vm().interpreter->stack().end());433 if (UNLIKELY(!vm.interpreter->stack().grow(&exec->registers()[ exec->codeBlock()->m_numCalleeRegisters]))) {432 ASSERT(!exec->vm().interpreter->stack().containsAddress(&exec->registers()[-exec->codeBlock()->m_numCalleeRegisters])); 433 if (UNLIKELY(!vm.interpreter->stack().grow(&exec->registers()[-exec->codeBlock()->m_numCalleeRegisters]))) { 434 434 ReturnAddressPtr returnPC = exec->returnPC(); 435 435 exec = exec->callerFrame(); … … 460 460 { 461 461 LLINT_BEGIN(); 462 LLINT_RETURN(constructArray (exec, pc[4].u.arrayAllocationProfile, bitwise_cast<JSValue*>(&LLINT_OP(2)), pc[3].u.operand));462 LLINT_RETURN(constructArrayNegativeIndexed(exec, pc[4].u.arrayAllocationProfile, bitwise_cast<JSValue*>(&LLINT_OP(2)), pc[3].u.operand)); 463 463 } 464 464 … … 1055 1055 JSValue calleeAsValue = LLINT_OP_C(2).jsValue(); 1056 1056 1057 ExecState* execCallee = exec +pc[4].u.operand;1057 ExecState* execCallee = exec - pc[4].u.operand; 1058 1058 1059 1059 execCallee->setArgumentCountIncludingThis(pc[3].u.operand); … … 1104 1104 JSValue calleeAsValue = LLINT_OP(2).jsValue(); 1105 1105 1106 ExecState* execCallee = exec +pc[4].u.operand;1106 ExecState* execCallee = exec - pc[4].u.operand; 1107 1107 1108 1108 execCallee->setArgumentCountIncludingThis(pc[3].u.operand); … … 1144 1144 { 1145 1145 LLINT_BEGIN(); 1146 LLINT_RETURN(jsString (exec, &LLINT_OP(2), pc[3].u.operand));1146 LLINT_RETURN(jsStringFromRegisterArray(exec, &LLINT_OP(2), pc[3].u.operand)); 1147 1147 } 1148 1148 -
trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm
r153232 r155711 34 34 const CallFrameHeaderSize = 48 35 35 const CallFrameHeaderSlots = 6 36 const ArgumentCount = -4837 const CallerFrame = -4038 const Callee = -3239 const ScopeChain = -2440 const ReturnPC = -1641 const CodeBlock = -842 43 const ThisArgumentOffset = -CallFrameHeaderSize -836 const ArgumentCount = 48 37 const CallerFrame = 40 38 const Callee = 32 39 const ScopeChain = 24 40 const ReturnPC = 16 41 const CodeBlock = 8 42 43 const ThisArgumentOffset = CallFrameHeaderSize + 8 44 44 45 45 # Some value representation constants. … … 67 67 if JSVALUE64 68 68 # - Use a pair of registers to represent the PC: one register for the 69 # base of the stack, and one register for the index.69 # base of the bytecodes, and one register for the index. 70 70 # - The PC base (or PB for short) should be stored in the csr. It will 71 71 # get clobbered on calls to other JS code, but will get saved on calls … … 351 351 loadp CodeBlock::m_argumentValueProfiles + VectorBufferOffset[t1], t3 352 352 mulp sizeof ValueProfile, t0, t2 # Aaaaahhhh! Need strength reduction! 353 negp t0354 353 lshiftp 3, t0 355 354 addp t2, t3 356 355 .argumentProfileLoop: 357 356 if JSVALUE64 358 loadq ThisArgumentOffset + 8 -profileArgSkip * 8[cfr, t0], t2357 loadq ThisArgumentOffset - 8 + profileArgSkip * 8[cfr, t0], t2 359 358 subp sizeof ValueProfile, t3 360 359 storeq t2, profileArgSkip * sizeof ValueProfile + ValueProfile::m_buckets[t3] 361 360 else 362 loadi ThisArgumentOffset + TagOffset + 8 -profileArgSkip * 8[cfr, t0], t2361 loadi ThisArgumentOffset + TagOffset - 8 + profileArgSkip * 8[cfr, t0], t2 363 362 subp sizeof ValueProfile, t3 364 363 storei t2, profileArgSkip * sizeof ValueProfile + ValueProfile::m_buckets + TagOffset[t3] 365 loadi ThisArgumentOffset + PayloadOffset + 8 -profileArgSkip * 8[cfr, t0], t2364 loadi ThisArgumentOffset + PayloadOffset - 8 + profileArgSkip * 8[cfr, t0], t2 366 365 storei t2, profileArgSkip * sizeof ValueProfile + ValueProfile::m_buckets + PayloadOffset[t3] 367 366 end 368 baddpnz 8, t0, .argumentProfileLoop367 baddpnz -8, t0, .argumentProfileLoop 369 368 .argumentProfileDone: 370 369 end … … 374 373 loadp CodeBlock::m_vm[t1], t2 375 374 loadp VM::interpreter[t2], t2 # FIXME: Can get to the JSStack from the JITStackFrame 376 lshift i3, t0377 addp t0, cfr, t0378 bp aeq Interpreter::m_stack + JSStack::m_end[t2], t0, .stackHeightOK375 lshiftp 3, t0 376 subp cfr, t0, t0 377 bpbeq Interpreter::m_stack + JSStack::m_end[t2], t0, .stackHeightOK 379 378 380 379 # Stack height check failed - need to call a slow_path. -
trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
r154797 r155711 314 314 btiz t1, .continue 315 315 316 // Move frame down "t1" slots 316 // Move frame up "t1" slots 317 negi t1 317 318 move cfr, t3 318 subp 8, t3319 addp 8, t3 319 320 loadi PayloadOffset + ArgumentCount[cfr], t2 320 321 addi CallFrameHeaderSlots, t2 … … 324 325 loadi TagOffset[t3], t0 325 326 storei t0, TagOffset[t3, t1, 8] 326 subp 8, t3327 addp 8, t3 327 328 bsubinz 1, t2, .copyLoop 328 329 … … 334 335 move UndefinedTag, t0 335 336 storei t0, TagOffset[t3, t1, 8] 336 subp 8, t3337 b subinz 1, t2, .fillLoop337 addp 8, t3 338 baddinz 1, t2, .fillLoop 338 339 339 340 lshiftp 3, t1 … … 356 357 move UndefinedTag, t0 357 358 move 0, t1 359 negi t2 358 360 .opEnterLoop: 359 subi 1, t2361 addi 1, t2 360 362 storei t0, TagOffset[cfr, t2, 8] 361 363 storei t1, PayloadOffset[cfr, t2, 8] … … 1233 1235 loadi ArgumentCount + PayloadOffset[cfr], t1 1234 1236 biaeq t2, t1, .opGetArgumentByValSlow 1235 negi t21236 1237 loadi 4[PC], t3 1237 1238 loadi ThisArgumentOffset + TagOffset[cfr, t2, 8], t0 … … 1575 1576 if VALUE_PROFILER 1576 1577 loadi 16[PC], t3 1578 negi t3 1577 1579 bineq ThisArgumentOffset + TagOffset[cfr, t3, 8], CellTag, .done 1578 1580 loadi ThisArgumentOffset + PayloadOffset[cfr, t3, 8], t0 … … 1592 1594 loadi 16[PC], t3 1593 1595 lshifti 3, t3 1596 negi t3 1594 1597 addp cfr, t3 # t3 contains the new value of cfr 1595 1598 loadp JSFunction::m_scope[t2], t0 … … 1622 1625 traceExecution() 1623 1626 loadi 4[PC], t0 1624 subi 1, t0 # Get the unmodifiedArgumentsRegister1627 addi 1, t0 # Get the unmodifiedArgumentsRegister 1625 1628 bieq TagOffset[cfr, t0, 8], EmptyValueTag, .opTearOffArgumentsNotCreated 1626 1629 callSlowPath(_llint_slow_path_tear_off_arguments) -
trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
r154797 r155711 200 200 btiz t1, .continue 201 201 202 // Move frame down "t1" slots 202 // Move frame up "t1" slots 203 negq t1 203 204 move cfr, t3 204 subp 8, t3205 addp 8, t3 205 206 loadi PayloadOffset + ArgumentCount[cfr], t2 206 207 addi CallFrameHeaderSlots, t2 … … 208 209 loadq [t3], t0 209 210 storeq t0, [t3, t1, 8] 210 subp 8, t3211 addp 8, t3 211 212 bsubinz 1, t2, .copyLoop 212 213 … … 216 217 .fillLoop: 217 218 storeq t0, [t3, t1, 8] 218 subp 8, t3219 b subinz 1, t2, .fillLoop219 addp 8, t3 220 baddinz 1, t2, .fillLoop 220 221 221 222 lshiftp 3, t1 … … 239 240 btiz t2, .opEnterDone 240 241 move ValueUndefined, t0 242 negi t2 243 sxi2q t2, t2 241 244 .opEnterLoop: 242 subi1, t2245 addq 1, t2 243 246 storeq t0, [cfr, t2, 8] 244 bt inz t2, .opEnterLoop247 btqnz t2, .opEnterLoop 245 248 .opEnterDone: 246 249 dispatch(1) … … 1080 1083 loadi ArgumentCount + PayloadOffset[cfr], t1 1081 1084 biaeq t2, t1, .opGetArgumentByValSlow 1082 negi t21083 sxi2q t2, t21084 1085 loadisFromInstruction(1, t3) 1085 1086 loadpFromInstruction(5, t1) … … 1423 1424 if VALUE_PROFILER 1424 1425 loadisFromInstruction(4, t3) 1426 negp t3 1425 1427 loadq ThisArgumentOffset[cfr, t3, 8], t0 1426 1428 btqnz t0, tagMask, .done … … 1440 1442 loadisFromInstruction(4, t3) 1441 1443 lshifti 3, t3 1444 negp t3 1442 1445 addp cfr, t3 1443 1446 loadp JSFunction::m_scope[t2], t0 … … 1468 1471 traceExecution() 1469 1472 loadisFromInstruction(1, t0) 1470 subi1, t0 # Get the unmodifiedArgumentsRegister1473 addq 1, t0 # Get the unmodifiedArgumentsRegister 1471 1474 btqz [cfr, t0, 8], .opTearOffArgumentsNotCreated 1472 1475 callSlowPath(_llint_slow_path_tear_off_arguments) -
trunk/Source/JavaScriptCore/runtime/ArgList.cpp
r140718 r155711 38 38 } 39 39 40 result.m_args = m_args -startIndex;40 result.m_args = m_args + startIndex; 41 41 result.m_argCount = m_argCount - startIndex; 42 42 } … … 55 55 { 56 56 int newCapacity = m_capacity * 4; 57 EncodedJSValue* newBuffer = &(new EncodedJSValue[newCapacity])[newCapacity - 1];57 EncodedJSValue* newBuffer = new EncodedJSValue[newCapacity]; 58 58 for (int i = 0; i < m_capacity; ++i) 59 newBuffer[ -i] = m_buffer[-i];59 newBuffer[i] = m_buffer[i]; 60 60 61 61 if (EncodedJSValue* base = mallocBase()) -
trunk/Source/JavaScriptCore/runtime/ArgList.h
r148696 r155711 47 47 : m_size(0) 48 48 , m_capacity(inlineCapacity) 49 , m_buffer( &m_inlineBuffer[m_capacity - 1])49 , m_buffer(m_inlineBuffer) 50 50 , m_markSet(0) 51 51 { … … 105 105 EncodedJSValue& slotFor(int item) const 106 106 { 107 return m_buffer[ -item];107 return m_buffer[item]; 108 108 } 109 109 … … 112 112 if (m_capacity == static_cast<int>(inlineCapacity)) 113 113 return 0; 114 return &slotFor( m_capacity - 1);114 return &slotFor(0); 115 115 } 116 116 … … 164 164 if (i >= m_argCount) 165 165 return jsUndefined(); 166 return m_args[ -i];166 return m_args[i]; 167 167 } 168 168 -
trunk/Source/JavaScriptCore/runtime/Arguments.cpp
r154422 r155711 313 313 314 314 m_registerArray = adoptArrayPtr(new WriteBarrier<Unknown>[m_numArguments]); 315 m_registers = m_registerArray.get() + CallFrame::offsetFor(m_numArguments + 1);315 m_registers = m_registerArray.get() - CallFrame::offsetFor(1) - 1; 316 316 317 317 // If we have a captured argument that logically aliases activation storage, … … 359 359 360 360 m_registerArray = adoptArrayPtr(new WriteBarrier<Unknown>[m_numArguments]); 361 m_registers = m_registerArray.get() + CallFrame::offsetFor(m_numArguments + 1);361 m_registers = m_registerArray.get() - CallFrame::offsetFor(1) - 1; 362 362 363 363 tearOffForInlineCallFrame( -
trunk/Source/JavaScriptCore/runtime/ArrayConstructor.cpp
r155143 r155711 77 77 { 78 78 if (!length.isNumber()) 79 return constructArray (exec, profile, globalObject, &length, 1);79 return constructArrayNegativeIndexed(exec, profile, globalObject, &length, 1); 80 80 81 81 uint32_t n = length.toUInt32(exec); -
trunk/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp
r154824 r155711 464 464 { 465 465 BEGIN(); 466 RETURN(jsString (exec, &OP(2), pc[3].u.operand));466 RETURN(jsStringFromRegisterArray(exec, &OP(2), pc[3].u.operand)); 467 467 } 468 468 -
trunk/Source/JavaScriptCore/runtime/JSActivation.h
r155657 r155711 136 136 inline int JSActivation::registersOffset(SharedSymbolTable* symbolTable) 137 137 { 138 return storageOffset() - (symbolTable->captureStart() * sizeof(WriteBarrier<Unknown>));138 return storageOffset() + ((symbolTable->captureCount() - symbolTable->captureStart() - 1) * sizeof(WriteBarrier<Unknown>)); 139 139 } 140 140 … … 148 148 149 149 int captureEnd = symbolTable()->captureEnd(); 150 for (int i = symbolTable()->captureStart(); i < captureEnd; ++i)150 for (int i = symbolTable()->captureStart(); i > captureEnd; --i) 151 151 dst[i].set(vm, this, src[i].get()); 152 152 … … 181 181 inline bool JSActivation::isValidIndex(int index) const 182 182 { 183 if (index <symbolTable()->captureStart())183 if (index > symbolTable()->captureStart()) 184 184 return false; 185 if (index >= symbolTable()->captureEnd())185 if (index <= symbolTable()->captureEnd()) 186 186 return false; 187 187 return true; -
trunk/Source/JavaScriptCore/runtime/JSArray.h
r154422 r155711 321 321 } 322 322 323 inline JSArray* constructArrayNegativeIndexed(ExecState* exec, Structure* arrayStructure, const JSValue* values, unsigned length) 324 { 325 VM& vm = exec->vm(); 326 JSArray* array = JSArray::tryCreateUninitialized(vm, arrayStructure, length); 327 328 // FIXME: we should probably throw an out of memory error here, but 329 // when making this change we should check that all clients of this 330 // function will correctly handle an exception being thrown from here. 331 RELEASE_ASSERT(array); 332 333 for (int i = 0; i < static_cast<int>(length); ++i) 334 array->initializeIndex(vm, i, values[-i]); 335 return array; 336 } 337 323 338 } // namespace JSC 324 339 -
trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp
r155558 r155711 654 654 ExecState* JSGlobalObject::globalExec() 655 655 { 656 return CallFrame::create(m_globalCallFrame + JSStack::CallFrameHeaderSize);656 return CallFrame::create(m_globalCallFrame); 657 657 } 658 658 -
trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h
r155558 r155711 141 141 protected: 142 142 143 Register m_globalCallFrame[JSStack::CallFrameHeaderSize]; 143 // Add one so we don't need to index with -1 to get current frame pointer. 144 // An index of -1 is an error for some compilers. 145 Register m_globalCallFrame[JSStack::CallFrameHeaderSize + 1]; 144 146 145 147 WriteBarrier<JSObject> m_globalThis; … … 605 607 } 606 608 609 inline JSArray* constructArrayNegativeIndexed(ExecState* exec, ArrayAllocationProfile* profile, JSGlobalObject* globalObject, const JSValue* values, unsigned length) 610 { 611 return ArrayAllocationProfile::updateLastAllocationFor(profile, constructArrayNegativeIndexed(exec, globalObject->arrayStructureForProfileDuringAllocation(profile), values, length)); 612 } 613 614 inline JSArray* constructArrayNegativeIndexed(ExecState* exec, ArrayAllocationProfile* profile, const JSValue* values, unsigned length) 615 { 616 return constructArrayNegativeIndexed(exec, profile, exec->lexicalGlobalObject(), values, length); 617 } 618 607 619 class DynamicGlobalObjectScope { 608 620 WTF_MAKE_NONCOPYABLE(DynamicGlobalObjectScope); -
trunk/Source/JavaScriptCore/runtime/JSString.h
r154253 r155711 313 313 314 314 private: 315 friend JSValue jsString (ExecState*, Register*, unsigned);315 friend JSValue jsStringFromRegisterArray(ExecState*, Register*, unsigned); 316 316 friend JSValue jsStringFromArguments(ExecState*, JSValue); 317 317 -
trunk/Source/JavaScriptCore/runtime/Operations.h
r154127 r155711 80 80 } 81 81 82 ALWAYS_INLINE JSValue jsString (ExecState* exec, Register* strings, unsigned count)82 ALWAYS_INLINE JSValue jsStringFromRegisterArray(ExecState* exec, Register* strings, unsigned count) 83 83 { 84 84 VM* vm = &exec->vm(); … … 88 88 89 89 for (unsigned i = 0; i < count; ++i) { 90 JSValue v = strings[ i].jsValue();90 JSValue v = strings[-static_cast<int>(i)].jsValue(); 91 91 ropeBuilder.append(v.toString(exec)); 92 92 -
trunk/Source/JavaScriptCore/runtime/SymbolTable.h
r155262 r155711 465 465 void setCaptureEnd(int captureEnd) { m_captureEnd = captureEnd; } 466 466 467 int captureCount() { return m_captureEnd - m_captureStart; }467 int captureCount() { return -(m_captureEnd - m_captureStart); } 468 468 469 469 int parameterCount() { return m_parameterCountIncludingThis - 1; }
Note: See TracChangeset
for help on using the changeset viewer.
