Context Navigation

Changeset 95233 in webkit

Timestamp:

Sep 15, 2011 2:53:48 PM (13 years ago)

Author:

fpizlo@apple.com

Message:

DFG speculative JIT sometimes asserts that a value is not a number
even when it doesn't know anything about the number
https://bugs.webkit.org/show_bug.cgi?id=68189

Reviewed by Oliver Hunt.

(JSC::DFG::GenerationInfo::isUnknownJS):

(JSC::DFG::JITCodeGenerator::isKnownNotNumber):

Location:

trunk/Source/JavaScriptCore

Files:

-                      r95230
+                      r95233
+-09-15  Filip Pizlo  <fpizlo@apple.com>
+        DFG speculative JIT sometimes asserts that a value is not a number
+        even when it doesn't know anything about the number
+        https://bugs.webkit.org/show_bug.cgi?id=68189
+        Reviewed by Oliver Hunt.
+        * dfg/DFGGenerationInfo.h:
+        (JSC::DFG::GenerationInfo::isUnknownJS):
+        * dfg/DFGJITCodeGenerator.cpp:
+        (JSC::DFG::JITCodeGenerator::isKnownNotNumber):
 -09-15  Filip Pizlo  <fpizlo@apple.com>

-                      r95060
+                      r95233
         return isJSFormat(DataFormatJSBoolean);
+    }
+    bool isUnknownJS()
+    {
+        return registerFormat() == DataFormatNone || registerFormat() == DataFormatJS
+            || spillFormat() == DataFormatNone || spillFormat() == DataFormatJS;
+    }
     // Get the machine resister currently holding the value.

r95230	r95233
415	415	GenerationInfo& info = m_generationInfo[virtualRegister];
416	416
417		return (!info.isJSDouble() && !info.isJSInteger())
	417	return (!info.isJSDouble() && !info.isJSInteger() && !info.isUnknownJS())
418	418	\|\| (node.isConstant() && !isNumberConstant(nodeIndex));
419	419	}

Note: See TracChangeset for help on using the changeset viewer.