Changeset 81040 in webkit

Timestamp:

Mar 14, 2011 11:16:36 AM (13 years ago)

Author:

oliver@apple.com

Message:

2011-03-11 Oliver Hunt <​oliver@apple.com>

Reviewed by Gavin Barraclough.

Ensure all values are correctly tagged in the registerfile
​https://bugs.webkit.org/show_bug.cgi?id=56214

This patch makes sure that all JSCell pointers written to
the registerfile are correctly tagged as JSCells, and replaces
raw int usage with the immediate representation.

For performance, register pressure, and general saneness reasons
I've added abstractions for reading and writing the tag
and payload of integer registers directly for the JSVALUE64
encoding.

• interpreter/Register.h: (JSC::Register::withInt): (JSC::Register::withCallee): (JSC::Register::operator=): (JSC::Register::i): (JSC::Register::activation): (JSC::Register::function): (JSC::Register::propertyNameIterator): (JSC::Register::scopeChain):
• jit/JIT.h:
• jit/JITCall.cpp: (JSC::JIT::compileOpCallInitializeCallFrame): (JSC::JIT::compileOpCallVarargs): (JSC::JIT::compileOpCall):
• jit/JITCall32_64.cpp: (JSC::JIT::compileOpCallInitializeCallFrame): (JSC::JIT::compileOpCallVarargs): (JSC::JIT::compileOpCall): (JSC::JIT::compileOpCallSlowCase):
• jit/JITInlineMethods.h: (JSC::JIT::emitPutToCallFrameHeader): (JSC::JIT::emitPutCellToCallFrameHeader): (JSC::JIT::emitPutIntToCallFrameHeader):
• jit/JITOpcodes.cpp: (JSC::JIT::privateCompileCTINativeCall): (JSC::JIT::emit_op_get_pnames): (JSC::JIT::emit_op_next_pname): (JSC::JIT::emit_op_load_varargs): (JSC::JIT::emitSlow_op_load_varargs):
• jit/JITOpcodes32_64.cpp: (JSC::JIT::privateCompileCTINativeCall): (JSC::JIT::emit_op_get_pnames): (JSC::JIT::emit_op_next_pname):
• jit/JSInterfaceJIT.h: (JSC::JSInterfaceJIT::intPayloadFor): (JSC::JSInterfaceJIT::intTagFor):
• jit/SpecializedThunkJIT.h: (JSC::SpecializedThunkJIT::returnJSValue): (JSC::SpecializedThunkJIT::returnDouble): (JSC::SpecializedThunkJIT::returnInt32): (JSC::SpecializedThunkJIT::returnJSCell):

2011-03-11 Oliver Hunt <​oliver@apple.com>

Reviewed by Gavin Barraclough.

Ensure all values are correctly tagged in the registerfile
​https://bugs.webkit.org/show_bug.cgi?id=56214

Make sure everything builds still.

• bridge/c/c_class.cpp:
• bridge/c/c_runtime.cpp:
• bridge/jni/JavaMethod.cpp:
• plugins/PluginViewNone.cpp:

Location:

trunk/Source

Files:

• JavaScriptCore/ChangeLog (modified) (1 diff)
• JavaScriptCore/bytecode/StructureStubInfo.cpp (modified) (1 diff)
• JavaScriptCore/interpreter/Register.h (modified) (5 diffs)
• JavaScriptCore/jit/JIT.h (modified) (1 diff)
• JavaScriptCore/jit/JITCall.cpp (modified) (3 diffs)
• JavaScriptCore/jit/JITCall32_64.cpp (modified) (5 diffs)
• JavaScriptCore/jit/JITInlineMethods.h (modified) (1 diff)
• JavaScriptCore/jit/JITOpcodes.cpp (modified) (8 diffs)
• JavaScriptCore/jit/JITOpcodes32_64.cpp (modified) (9 diffs)
• JavaScriptCore/jit/JSInterfaceJIT.h (modified) (5 diffs)
• JavaScriptCore/jit/SpecializedThunkJIT.h (modified) (4 diffs)
• JavaScriptCore/runtime/ArgList.cpp (modified) (1 diff)
• JavaScriptCore/runtime/DateConversion.cpp (modified) (1 diff)
• JavaScriptCore/runtime/GCActivityCallbackCF.cpp (modified) (1 diff)
• JavaScriptCore/runtime/Identifier.cpp (modified) (1 diff)
• JavaScriptCore/runtime/JSActivation.h (modified) (1 diff)
• JavaScriptCore/runtime/JSLock.cpp (modified) (1 diff)
• JavaScriptCore/runtime/JSNumberCell.cpp (modified) (1 diff)
• JavaScriptCore/runtime/JSObject.h (modified) (1 diff)
• JavaScriptCore/runtime/JSPropertyNameIterator.h (modified) (1 diff)
• JavaScriptCore/runtime/JSValue.h (modified) (3 diffs)
• JavaScriptCore/runtime/JSZombie.cpp (modified) (1 diff)
• JavaScriptCore/runtime/MarkedBlock.cpp (modified) (1 diff)
• JavaScriptCore/runtime/MarkedSpace.cpp (modified) (1 diff)
• JavaScriptCore/runtime/PropertyNameArray.cpp (modified) (1 diff)
• JavaScriptCore/runtime/ScopeChain.h (modified) (1 diff)
• JavaScriptCore/wtf/DateMath.cpp (modified) (1 diff)
• WebCore/ChangeLog (modified) (1 diff)
• WebCore/bridge/c/c_class.cpp (modified) (1 diff)
• WebCore/bridge/c/c_runtime.cpp (modified) (1 diff)
• WebCore/bridge/jni/JavaMethod.cpp (modified) (1 diff)
• WebCore/plugins/PluginViewNone.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2011-03-11  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Ensure all values are correctly tagged in the registerfile
+        https://bugs.webkit.org/show_bug.cgi?id=56214
+
+        This patch makes sure that all JSCell pointers written to
+        the registerfile are correctly tagged as JSCells, and replaces
+        raw int usage with the immediate representation.
+
+        For performance, register pressure, and general saneness reasons
+        I've added abstractions for reading and writing the tag
+        and payload of integer registers directly for the JSVALUE64
+        encoding.
+
+        * interpreter/Register.h:
+        (JSC::Register::withInt):
+        (JSC::Register::withCallee):
+        (JSC::Register::operator=):
+        (JSC::Register::i):
+        (JSC::Register::activation):
+        (JSC::Register::function):
+        (JSC::Register::propertyNameIterator):
+        (JSC::Register::scopeChain):
+        * jit/JIT.h:
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCallInitializeCallFrame):
+        (JSC::JIT::compileOpCallVarargs):
+        (JSC::JIT::compileOpCall):
+        * jit/JITCall32_64.cpp:
+        (JSC::JIT::compileOpCallInitializeCallFrame):
+        (JSC::JIT::compileOpCallVarargs):
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::compileOpCallSlowCase):
+        * jit/JITInlineMethods.h:
+        (JSC::JIT::emitPutToCallFrameHeader):
+        (JSC::JIT::emitPutCellToCallFrameHeader):
+        (JSC::JIT::emitPutIntToCallFrameHeader):
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::privateCompileCTINativeCall):
+        (JSC::JIT::emit_op_get_pnames):
+        (JSC::JIT::emit_op_next_pname):
+        (JSC::JIT::emit_op_load_varargs):
+        (JSC::JIT::emitSlow_op_load_varargs):
+        * jit/JITOpcodes32_64.cpp:
+        (JSC::JIT::privateCompileCTINativeCall):
+        (JSC::JIT::emit_op_get_pnames):
+        (JSC::JIT::emit_op_next_pname):
+        * jit/JSInterfaceJIT.h:
+        (JSC::JSInterfaceJIT::intPayloadFor):
+        (JSC::JSInterfaceJIT::intTagFor):
+        * jit/SpecializedThunkJIT.h:
+        (JSC::SpecializedThunkJIT::returnJSValue):
+        (JSC::SpecializedThunkJIT::returnDouble):
+        (JSC::SpecializedThunkJIT::returnInt32):
+        (JSC::SpecializedThunkJIT::returnJSCell):
+
 2011-03-13  Geoffrey Garen  <ggaren@apple.com>
 

trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.cpp

@@ -27 +27 @@
 #include "StructureStubInfo.h"
 
+#include "JSObject.h"
 #include "ScopeChain.h"
 

trunk/Source/JavaScriptCore/interpreter/Register.h

@@ -57 +57 @@
         EncodedJSValue encodedJSValue() const;
         
-        Register& operator=(JSActivation*);
         Register& operator=(CallFrame*);
         Register& operator=(CodeBlock*);
-        Register& operator=(JSPropertyNameIterator*);
         Register& operator=(ScopeChainNode*);
         Register& operator=(Instruction*);
@@ -75 +73 @@
         static Register withInt(int32_t i)
         {
-            Register r;
-            r.u.i = i;
+            Register r = jsNumber(i);
             return r;
         }
 
-        static Register withCallee(JSObject* callee)
-        {
-            Register r;
-            r.u.function = callee;
-            return r;
-        }
+        static inline Register withCallee(JSObject* callee);
 
     private:
         union {
-            int32_t i;
             EncodedJSValue value;
-
-            JSActivation* activation;
             CallFrame* callFrame;
             CodeBlock* codeBlock;
-            JSObject* function;
-            JSPropertyNameIterator* propertyNameIterator;
-            ScopeChainNode* scopeChain;
             Instruction* vPC;
         } u;
@@ -138 +124 @@
     // Interpreter functions
 
-    ALWAYS_INLINE Register& Register::operator=(JSActivation* activation)
-    {
-        u.activation = activation;
-        return *this;
-    }
-
     ALWAYS_INLINE Register& Register::operator=(CallFrame* callFrame)
     {
@@ -162 +142 @@
     }
 
-    ALWAYS_INLINE Register& Register::operator=(ScopeChainNode* scopeChain)
+    ALWAYS_INLINE int32_t Register::i() const
     {
-        u.scopeChain = scopeChain;
-        return *this;
+        return jsValue().asInt32();
     }
 
-    ALWAYS_INLINE Register& Register::operator=(JSPropertyNameIterator* propertyNameIterator)
-    {
-        u.propertyNameIterator = propertyNameIterator;
-        return *this;
-    }
-
-    ALWAYS_INLINE int32_t Register::i() const
-    {
-        return u.i;
-    }
-    
-    ALWAYS_INLINE JSActivation* Register::activation() const
-    {
-        return u.activation;
-    }
-    
     ALWAYS_INLINE CallFrame* Register::callFrame() const
     {
@@ -193 +156 @@
         return u.codeBlock;
     }
-    
-    ALWAYS_INLINE JSObject* Register::function() const
-    {
-        return u.function;
-    }
-    
-    ALWAYS_INLINE JSPropertyNameIterator* Register::propertyNameIterator() const
-    {
-        return u.propertyNameIterator;
-    }
-    
-    ALWAYS_INLINE ScopeChainNode* Register::scopeChain() const
-    {
-        return u.scopeChain;
-    }
-    
+
     ALWAYS_INLINE Instruction* Register::vPC() const
     {

trunk/Source/JavaScriptCore/jit/JIT.h

@@ -854 +854 @@
 
         void emitPutToCallFrameHeader(RegisterID from, RegisterFile::CallFrameHeaderEntry entry);
+        void emitPutCellToCallFrameHeader(RegisterID from, RegisterFile::CallFrameHeaderEntry);
+        void emitPutIntToCallFrameHeader(RegisterID from, RegisterFile::CallFrameHeaderEntry);
         void emitPutImmediateToCallFrameHeader(void* value, RegisterFile::CallFrameHeaderEntry entry);
         void emitGetFromCallFrameHeaderPtr(RegisterFile::CallFrameHeaderEntry entry, RegisterID to, RegisterID from = callFrameRegister);

trunk/Source/JavaScriptCore/jit/JITCall.cpp

@@ -49 +49 @@
 void JIT::compileOpCallInitializeCallFrame()
 {
-    store32(regT1, Address(callFrameRegister, RegisterFile::ArgumentCount * static_cast<int>(sizeof(Register))));
-    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_scopeChain)), regT3); // newScopeChain
-    storePtr(regT0, Address(callFrameRegister, RegisterFile::Callee * static_cast<int>(sizeof(Register))));
-    storePtr(regT3, Address(callFrameRegister, RegisterFile::ScopeChain * static_cast<int>(sizeof(Register))));
+    // regT0 holds callee, regT1 holds argCount
+    loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_scopeChain)), regT3); // scopeChain
+    emitPutIntToCallFrameHeader(regT1, RegisterFile::ArgumentCount);
+    emitPutCellToCallFrameHeader(regT0, RegisterFile::Callee);
+    emitPutCellToCallFrameHeader(regT3, RegisterFile::ScopeChain);
 }
 
@@ -68 +69 @@
 
     emitGetVirtualRegister(argCountRegister, regT1);
+    emitFastArithImmToInt(regT1);
     emitGetVirtualRegister(callee, regT0);
     addPtr(Imm32(registerOffset), regT1, regT2);
@@ -200 +202 @@
 
     loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_scopeChain)), regT1); // newScopeChain
-
-    store32(Imm32(argCount), Address(callFrameRegister, (registerOffset + RegisterFile::ArgumentCount) * static_cast<int>(sizeof(Register))));
+    
+    store32(Imm32(Int32Tag), intTagFor(registerOffset + RegisterFile::ArgumentCount));
+    store32(Imm32(argCount), intPayloadFor(registerOffset + RegisterFile::ArgumentCount));
     storePtr(callFrameRegister, Address(callFrameRegister, (registerOffset + RegisterFile::CallerFrame) * static_cast<int>(sizeof(Register))));
     storePtr(regT0, Address(callFrameRegister, (registerOffset + RegisterFile::Callee) * static_cast<int>(sizeof(Register))));

trunk/Source/JavaScriptCore/jit/JITCall32_64.cpp

@@ -50 +50 @@
 {
     // regT0 holds callee, regT1 holds argCount
-    store32(regT1, Address(callFrameRegister, RegisterFile::ArgumentCount * static_cast<int>(sizeof(Register))));
     loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_scopeChain)), regT3); // scopeChain
-    storePtr(regT0, Address(callFrameRegister, RegisterFile::Callee * static_cast<int>(sizeof(Register)))); // callee
-    storePtr(regT3, Address(callFrameRegister, RegisterFile::ScopeChain * static_cast<int>(sizeof(Register)))); // scopeChain
+    emitPutIntToCallFrameHeader(regT1, RegisterFile::ArgumentCount);
+    emitPutCellToCallFrameHeader(regT0, RegisterFile::Callee);
+    emitPutCellToCallFrameHeader(regT3, RegisterFile::ScopeChain);
 }
 
@@ -78 +78 @@
     mul32(Imm32(sizeof(Register)), regT3, regT3);
     addPtr(callFrameRegister, regT3);
-    storePtr(callFrameRegister, Address(regT3, RegisterFile::CallerFrame * static_cast<int>(sizeof(Register))));
+    store32(Imm32(JSValue::CellTag), tagFor(RegisterFile::CallerFrame, regT3));
+    storePtr(callFrameRegister, payloadFor(RegisterFile::CallerFrame, regT3));
     move(regT3, callFrameRegister);
 
@@ -209 +210 @@
 
     // Speculatively roll the callframe, assuming argCount will match the arity.
-    storePtr(callFrameRegister, Address(callFrameRegister, (RegisterFile::CallerFrame + registerOffset) * static_cast<int>(sizeof(Register))));
+    store32(Imm32(JSValue::CellTag), tagFor(RegisterFile::CallerFrame + registerOffset, callFrameRegister));
+    storePtr(callFrameRegister, payloadFor(RegisterFile::CallerFrame + registerOffset, callFrameRegister));
     addPtr(Imm32(registerOffset * static_cast<int>(sizeof(Register))), callFrameRegister);
     move(Imm32(argCount), regT1);
@@ -281 +283 @@
     loadPtr(Address(regT0, OBJECT_OFFSETOF(JSFunction, m_scopeChain)), regT2);
 
-    store32(Imm32(argCount), Address(callFrameRegister, (registerOffset + RegisterFile::ArgumentCount) * static_cast<int>(sizeof(Register))));
-    storePtr(callFrameRegister, Address(callFrameRegister, (registerOffset + RegisterFile::CallerFrame) * static_cast<int>(sizeof(Register))));
+    store32(Imm32(JSValue::Int32Tag), tagFor(registerOffset + RegisterFile::ArgumentCount));
+    store32(Imm32(argCount), payloadFor(registerOffset + RegisterFile::ArgumentCount));
+    storePtr(callFrameRegister, payloadFor(RegisterFile::CallerFrame + registerOffset, callFrameRegister));
     emitStore(registerOffset + RegisterFile::Callee, regT1, regT0);
-    storePtr(regT2, Address(callFrameRegister, (registerOffset + RegisterFile::ScopeChain) * static_cast<int>(sizeof(Register))));
+    store32(Imm32(JSValue::CellTag), tagFor(registerOffset + RegisterFile::ScopeChain));
+    store32(regT2, payloadFor(registerOffset + RegisterFile::ScopeChain));
     addPtr(Imm32(registerOffset * sizeof(Register)), callFrameRegister);
 
@@ -310 +314 @@
 
     // Speculatively roll the callframe, assuming argCount will match the arity.
-    storePtr(callFrameRegister, Address(callFrameRegister, (RegisterFile::CallerFrame + registerOffset) * static_cast<int>(sizeof(Register))));
+    store32(Imm32(JSValue::CellTag), tagFor(RegisterFile::CallerFrame + registerOffset, callFrameRegister));
+    storePtr(callFrameRegister, payloadFor(RegisterFile::CallerFrame + registerOffset, callFrameRegister));
     addPtr(Imm32(registerOffset * static_cast<int>(sizeof(Register))), callFrameRegister);
     move(Imm32(argCount), regT1);

trunk/Source/JavaScriptCore/jit/JITInlineMethods.h

@@ -53 +53 @@
 ALWAYS_INLINE void JIT::emitPutToCallFrameHeader(RegisterID from, RegisterFile::CallFrameHeaderEntry entry)
 {
-    storePtr(from, Address(callFrameRegister, entry * sizeof(Register)));
+    storePtr(from, payloadFor(entry, callFrameRegister));
+}
+
+ALWAYS_INLINE void JIT::emitPutCellToCallFrameHeader(RegisterID from, RegisterFile::CallFrameHeaderEntry entry)
+{
+#if USE(JSVALUE32_64)
+    store32(Imm32(JSValue::CellTag), tagFor(entry, callFrameRegister));
+#endif
+    storePtr(from, payloadFor(entry, callFrameRegister));
+}
+
+ALWAYS_INLINE void JIT::emitPutIntToCallFrameHeader(RegisterID from, RegisterFile::CallFrameHeaderEntry entry)
+{
+    store32(Imm32(Int32Tag), intTagFor(entry, callFrameRegister));
+    store32(from, intPayloadFor(entry, callFrameRegister));
 }
 

trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp

@@ -200 +200 @@
     emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, regT0);
     emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT1, regT0);
-    emitPutToCallFrameHeader(regT1, RegisterFile::ScopeChain);
+    emitPutCellToCallFrameHeader(regT1, RegisterFile::ScopeChain);
 
     peek(regT1);
@@ -223 +223 @@
     emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, regT2);
     emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT1, regT2);
-    emitPutToCallFrameHeader(regT1, RegisterFile::ScopeChain);
+    emitPutCellToCallFrameHeader(regT1, RegisterFile::ScopeChain);
 
     preserveReturnAddressAfterCall(regT3); // Callee preserved
@@ -244 +244 @@
     emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, regT0);
     emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT1, regT0);
-    emitPutToCallFrameHeader(regT1, RegisterFile::ScopeChain);
+    emitPutCellToCallFrameHeader(regT1, RegisterFile::ScopeChain);
 
     preserveReturnAddressAfterCall(regT3); // Callee preserved
@@ -903 +903 @@
     getPnamesStubCall.call(dst);
     load32(Address(regT0, OBJECT_OFFSETOF(JSPropertyNameIterator, m_jsStringsSize)), regT3);
-    store32(Imm32(0), addressFor(i));
-    store32(regT3, addressFor(size));
+    storePtr(tagTypeNumberRegister, payloadFor(i));
+    store32(Imm32(Int32Tag), intTagFor(size));
+    store32(regT3, intPayloadFor(size));
     Jump end = jump();
 
@@ -932 +933 @@
 
     Label begin(this);
-    load32(addressFor(i), regT0);
-    Jump end = branch32(Equal, regT0, addressFor(size));
+    load32(intPayloadFor(i), regT0);
+    Jump end = branch32(Equal, regT0, intPayloadFor(size));
 
     // Grab key @ i
@@ -945 +946 @@
     // Increment i
     add32(Imm32(1), regT0);
-    store32(regT0, addressFor(i));
+    store32(regT0, intPayloadFor(i));
 
     // Verify that i is valid:
@@ -1690 +1691 @@
     // Load arg count into regT0
     emitGetFromCallFrameHeader32(RegisterFile::ArgumentCount, regT0);
-    storePtr(regT0, addressFor(argCountDst));
+    store32(Imm32(Int32Tag), intTagFor(argCountDst));
+    store32(regT0, intPayloadFor(argCountDst));
     Jump endBranch = branch32(Equal, regT0, Imm32(1));
 
@@ -1728 +1730 @@
     stubCall.addArgument(Imm32(argsOffset));
     stubCall.call();
-    // Stores a naked int32 in the register file.
-    store32(returnValueRegister, Address(callFrameRegister, argCountDst * sizeof(Register)));
+    
+    store32(Imm32(Int32Tag), intTagFor(argCountDst));
+    store32(returnValueRegister, intPayloadFor(argCountDst));
 }
 

trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp

@@ -206 +206 @@
     emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, regT0);
     emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT1, regT0);
-    emitPutToCallFrameHeader(regT1, RegisterFile::ScopeChain);
+    emitPutCellToCallFrameHeader(regT1, RegisterFile::ScopeChain);
 
     peek(regT1);
@@ -230 +230 @@
     emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, regT2);
     emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT1, regT2);
-    emitPutToCallFrameHeader(regT1, RegisterFile::ScopeChain);
+    emitPutCellToCallFrameHeader(regT1, RegisterFile::ScopeChain);
 
     preserveReturnAddressAfterCall(regT3); // Callee preserved
@@ -252 +252 @@
     emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, regT0);
     emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT1, regT0);
-    emitPutToCallFrameHeader(regT1, RegisterFile::ScopeChain);
+    emitPutCellToCallFrameHeader(regT1, RegisterFile::ScopeChain);
 
     preserveReturnAddressAfterCall(regT3); // Callee preserved
@@ -322 +322 @@
     emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, regT0);
     emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT1, regT0);
-    emitPutToCallFrameHeader(regT1, RegisterFile::ScopeChain);
+    emitPutCellToCallFrameHeader(regT1, RegisterFile::ScopeChain);
 
     peek(regT1);
@@ -345 +345 @@
     emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, regT2);
     emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT1, regT2);
-    emitPutToCallFrameHeader(regT1, RegisterFile::ScopeChain);
+    emitPutCellToCallFrameHeader(regT1, RegisterFile::ScopeChain);
 
     preserveReturnAddressAfterCall(regT3); // Callee preserved
@@ -368 +368 @@
     emitGetFromCallFrameHeaderPtr(RegisterFile::CallerFrame, regT0);
     emitGetFromCallFrameHeaderPtr(RegisterFile::ScopeChain, regT1, regT0);
-    emitPutToCallFrameHeader(regT1, RegisterFile::ScopeChain);
+    emitPutCellToCallFrameHeader(regT1, RegisterFile::ScopeChain);
 
     preserveReturnAddressAfterCall(regT3); // Callee preserved
@@ -1277 +1277 @@
     getPnamesStubCall.call(dst);
     load32(Address(regT0, OBJECT_OFFSETOF(JSPropertyNameIterator, m_jsStringsSize)), regT3);
-    store32(Imm32(0), addressFor(i));
-    store32(regT3, addressFor(size));
+    store32(Imm32(Int32Tag), intTagFor(i));
+    store32(Imm32(0), intPayloadFor(i));
+    store32(Imm32(Int32Tag), intTagFor(size));
+    store32(regT3, payloadFor(size));
     Jump end = jump();
 
@@ -1304 +1306 @@
 
     Label begin(this);
-    load32(addressFor(i), regT0);
-    Jump end = branch32(Equal, regT0, addressFor(size));
+    load32(intPayloadFor(i), regT0);
+    Jump end = branch32(Equal, regT0, intPayloadFor(size));
 
     // Grab key @ i
-    loadPtr(addressFor(it), regT1);
+    loadPtr(payloadFor(it), regT1);
     loadPtr(Address(regT1, OBJECT_OFFSETOF(JSPropertyNameIterator, m_jsStrings)), regT2);
     load32(BaseIndex(regT2, regT0, TimesEight), regT2);
@@ -1316 +1318 @@
     // Increment i
     add32(Imm32(1), regT0);
-    store32(regT0, addressFor(i));
+    store32(regT0, intPayloadFor(i));
 
     // Verify that i is valid:
-    loadPtr(addressFor(base), regT0);
+    loadPtr(payloadFor(base), regT0);
 
     // Test base's structure

trunk/Source/JavaScriptCore/jit/JSInterfaceJIT.h

@@ -30 +30 @@
 #include "JITStubs.h"
 #include "JSImmediate.h"
+#include "JSValue.h"
 #include "MacroAssembler.h"
 #include "RegisterFile.h"
@@ -158 +159 @@
 #endif
 
+#if USE(JSVALUE32_64)
+        // Can't just propogate JSValue::Int32Tag as visual studio doesn't like it
+        static const unsigned Int32Tag = 0xfffffffd;
+        COMPILE_ASSERT(Int32Tag == JSValue::Int32Tag, Int32Tag_out_of_sync);
+#else
+        static const unsigned Int32Tag = JSImmediate::TagTypeNumber >> 32;
+#endif
         inline Jump emitLoadJSCell(unsigned virtualRegisterIndex, RegisterID payload);
         inline Jump emitLoadInt32(unsigned virtualRegisterIndex, RegisterID dst);
@@ -174 +182 @@
 
         inline Address payloadFor(unsigned index, RegisterID base = callFrameRegister);
+        inline Address intPayloadFor(unsigned index, RegisterID base = callFrameRegister);
+        inline Address intTagFor(unsigned index, RegisterID base = callFrameRegister);
         inline Address addressFor(unsigned index, RegisterID base = callFrameRegister);
     };
@@ -213 +223 @@
         ASSERT(static_cast<int>(virtualRegisterIndex) < FirstConstantRegisterIndex);
         return Address(base, (virtualRegisterIndex * sizeof(Register)) + OBJECT_OFFSETOF(JSValue, u.asBits.payload));
+    }
+
+    inline JSInterfaceJIT::Address JSInterfaceJIT::intPayloadFor(unsigned virtualRegisterIndex, RegisterID base)
+    {
+        return payloadFor(virtualRegisterIndex, base);
+    }
+
+    inline JSInterfaceJIT::Address JSInterfaceJIT::intTagFor(unsigned virtualRegisterIndex, RegisterID base)
+    {
+        return tagFor(virtualRegisterIndex, base);
     }
 
@@ -280 +300 @@
         return addressFor(virtualRegisterIndex, base);
     }
+
+    inline JSInterfaceJIT::Address JSInterfaceJIT::intPayloadFor(unsigned virtualRegisterIndex, RegisterID base)
+    {
+        ASSERT(static_cast<int>(virtualRegisterIndex) < FirstConstantRegisterIndex);
+        return Address(base, (virtualRegisterIndex * sizeof(Register)) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload));
+    }
+    inline JSInterfaceJIT::Address JSInterfaceJIT::intTagFor(unsigned virtualRegisterIndex, RegisterID base)
+    {
+        ASSERT(static_cast<int>(virtualRegisterIndex) < FirstConstantRegisterIndex);
+        return Address(base, (virtualRegisterIndex * sizeof(Register)) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag));
+    }
 #endif
 

trunk/Source/JavaScriptCore/jit/SpecializedThunkJIT.h

@@ -88 +88 @@
             if (src != regT0)
                 move(src, regT0);
-            loadPtr(Address(callFrameRegister, RegisterFile::CallerFrame * (int)sizeof(Register)), callFrameRegister);
+            loadPtr(payloadFor(RegisterFile::CallerFrame, callFrameRegister), callFrameRegister);
             ret();
         }
@@ -102 +102 @@
             loadPtr(Address(stackPointerRegister, OBJECT_OFFSETOF(JSValue, u.asBits.payload) - sizeof(double)), regT0);
 #endif
-            loadPtr(Address(callFrameRegister, RegisterFile::CallerFrame * (int)sizeof(Register)), callFrameRegister);
+            loadPtr(payloadFor(RegisterFile::CallerFrame, callFrameRegister), callFrameRegister);
             ret();
         }
@@ -111 +111 @@
                 move(src, regT0);
             tagReturnAsInt32();
-            loadPtr(Address(callFrameRegister, RegisterFile::CallerFrame * (int)sizeof(Register)), callFrameRegister);
+            loadPtr(payloadFor(RegisterFile::CallerFrame, callFrameRegister), callFrameRegister);
             ret();
         }
@@ -120 +120 @@
                 move(src, regT0);
             tagReturnAsJSCell();
-            loadPtr(Address(callFrameRegister, RegisterFile::CallerFrame * (int)sizeof(Register)), callFrameRegister);
+            loadPtr(payloadFor(RegisterFile::CallerFrame, callFrameRegister), callFrameRegister);
             ret();
         }

trunk/Source/JavaScriptCore/runtime/ArgList.cpp

@@ -24 +24 @@
 #include "JSValue.h"
 #include "JSCell.h"
+#include "JSObject.h"
 #include "ScopeChain.h"
 

trunk/Source/JavaScriptCore/runtime/DateConversion.cpp

@@ -45 +45 @@
 
 #include "CallFrame.h"
+#include "JSObject.h"
 #include "ScopeChain.h"
 #include "UString.h"

trunk/Source/JavaScriptCore/runtime/GCActivityCallbackCF.cpp

@@ -34 +34 @@
 #include "JSGlobalData.h"
 #include "JSLock.h"
+#include "JSObject.h"
 #include "ScopeChain.h"
 #include <wtf/RetainPtr.h>

trunk/Source/JavaScriptCore/runtime/Identifier.cpp

@@ -23 +23 @@
 
 #include "CallFrame.h"
+#include "JSObject.h"
 #include "NumericStrings.h"
 #include "ScopeChain.h"

trunk/Source/JavaScriptCore/runtime/JSActivation.h

@@ -92 +92 @@
         return static_cast<JSActivation*>(asObject(value));
     }
+    
+    ALWAYS_INLINE JSActivation* Register::activation() const
+    {
+        return asActivation(jsValue());
+    }
 
 } // namespace JSC

trunk/Source/JavaScriptCore/runtime/JSLock.cpp

@@ -24 +24 @@
 #include "Heap.h"
 #include "CallFrame.h"
+#include "JSObject.h"
 #include "ScopeChain.h"
 

trunk/Source/JavaScriptCore/runtime/JSNumberCell.cpp

@@ -23 +23 @@
 #include "config.h"
 #include "JSNumberCell.h"
+#include "JSObject.h"
 #include "ScopeChain.h"
 

trunk/Source/JavaScriptCore/runtime/JSObject.h

@@ -841 +841 @@
 }
 
+ALWAYS_INLINE JSObject* Register::function() const
+{
+    if (!jsValue())
+        return 0;
+    return asObject(jsValue());
+}
+
+ALWAYS_INLINE Register Register::withCallee(JSObject* callee)
+{
+    Register r;
+    r = JSValue(callee);
+    return r;
+}
+
 } // namespace JSC
 

trunk/Source/JavaScriptCore/runtime/JSPropertyNameIterator.h

@@ -107 +107 @@
     }
 
+    ALWAYS_INLINE JSPropertyNameIterator* Register::propertyNameIterator() const
+    {
+        return static_cast<JSPropertyNameIterator*>(jsValue().asCell());
+    }
+
 } // namespace JSC
 

trunk/Source/JavaScriptCore/runtime/JSValue.h

@@ -53 +53 @@
     enum PreferredPrimitiveType { NoPreference, PreferNumber, PreferString };
 
+
 #if USE(JSVALUE32_64)
     typedef int64_t EncodedJSValue;
@@ -58 +59 @@
     typedef void* EncodedJSValue;
 #endif
+    
+    union EncodedValueDescriptor {
+        EncodedJSValue asEncodedJSValue;
+#if USE(JSVALUE32_64)
+        double asDouble;
+#elif USE(JSVALUE64)
+        JSCell* ptr;
+#endif
+        
+#if CPU(BIG_ENDIAN)
+        struct {
+            int32_t tag;
+            int32_t payload;
+        } asBits;
+#else
+        struct {
+            int32_t payload;
+            int32_t tag;
+        } asBits;
+#endif
+    };
 
     double nonInlineNaN();
@@ -240 +262 @@
         
         enum { LowestTag =  DeletedValueTag };
-        
+
         uint32_t tag() const;
         int32_t payload() const;
 
-        union {
-            EncodedJSValue asEncodedJSValue;
-            double asDouble;
-#if CPU(BIG_ENDIAN)
-            struct {
-                int32_t tag;
-                int32_t payload;
-            } asBits;
-#else
-            struct {
-                int32_t payload;
-                int32_t tag;
-            } asBits;
-#endif
-        } u;
-#else // USE(JSVALUE32_64)
+        EncodedValueDescriptor u;
+#elif USE(JSVALUE64)
         JSCell* m_ptr;
-#endif // USE(JSVALUE32_64)
+#endif
     };
 

trunk/Source/JavaScriptCore/runtime/JSZombie.cpp

@@ -27 +27 @@
 #include "JSZombie.h"
 #include "ClassInfo.h"
+#include "JSObject.h"
 #include "ScopeChain.h"
 

trunk/Source/JavaScriptCore/runtime/MarkedBlock.cpp

@@ -28 +28 @@
 
 #include "JSCell.h"
+#include "JSObject.h"
 #include "JSZombie.h"
 #include "ScopeChain.h"

trunk/Source/JavaScriptCore/runtime/MarkedSpace.cpp

@@ -25 +25 @@
 #include "JSGlobalData.h"
 #include "JSLock.h"
+#include "JSObject.h"
 #include "ScopeChain.h"
 

trunk/Source/JavaScriptCore/runtime/PropertyNameArray.cpp

@@ -22 +22 @@
 #include "PropertyNameArray.h"
 
+#include "JSObject.h"
 #include "ScopeChain.h"
 #include "Structure.h"

trunk/Source/JavaScriptCore/runtime/ScopeChain.h

@@ -129 +129 @@
         return scopeChain()->globalThis.get();
     }
+    
+    ALWAYS_INLINE ScopeChainNode* Register::scopeChain() const
+    {
+        return static_cast<ScopeChainNode*>(jsValue().asCell());
+    }
+    
+    ALWAYS_INLINE Register& Register::operator=(ScopeChainNode* scopeChain)
+    {
+        *this = JSValue(scopeChain);
+        return *this;
+    }
 
 } // namespace JSC

trunk/Source/JavaScriptCore/wtf/DateMath.cpp

@@ -76 +76 @@
 #include "ASCIICType.h"
 #include "CurrentTime.h"
+#if USE(JSC)
+#include "JSObject.h"
+#endif
 #include "MathExtras.h"
 #if USE(JSC)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2011-03-11  Oliver Hunt  <oliver@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Ensure all values are correctly tagged in the registerfile
+        https://bugs.webkit.org/show_bug.cgi?id=56214
+
+        Make sure everything builds still.
+
+        * bridge/c/c_class.cpp:
+        * bridge/c/c_runtime.cpp:
+        * bridge/jni/JavaMethod.cpp:
+        * plugins/PluginViewNone.cpp:
+
 2011-03-14  Luiz Agostini  <luiz.agostini@openbossa.org>
 

trunk/Source/WebCore/bridge/c/c_class.cpp

@@ -36 +36 @@
 #include <runtime/Identifier.h>
 #include <runtime/JSLock.h>
+#include <runtime/JSObject.h>
 #include <wtf/text/StringHash.h>
 

trunk/Source/WebCore/bridge/c/c_runtime.cpp

@@ -35 +35 @@
 #include <runtime/ScopeChain.h>
 #include <runtime/JSLock.h>
+#include <runtime/JSObject.h>
 
 namespace JSC {

trunk/Source/WebCore/bridge/jni/JavaMethod.cpp

@@ -32 +32 @@
 #include "JavaString.h"
 
+#if USE(JSC)
+#include <runtime/JSObject.h>
+#include <runtime/ScopeChain.h>
+#endif
 #include <wtf/text/StringBuilder.h>
 

trunk/Source/WebCore/plugins/PluginViewNone.cpp

@@ -29 +29 @@
 #if USE(JSC)
 #include "BridgeJSC.h"
+#include <runtime/JSObject.h>
 #include <runtime/ScopeChain.h>
 #endif