Changeset 96344 in webkit

Timestamp:

Sep 29, 2011 12:07:41 PM (13 years ago)

Author:

commit-queue@webkit.org

Message:

Bug fixes for CreateThis, NewObject and GetByOffset in JSVALUE32_64 DFG JIT
​https://bugs.webkit.org/show_bug.cgi?id=69075

Patch by Yuqiang Xian <​yuqiang.xian@intel.com> on 2011-09-29
Reviewed by Gavin Barraclough.

• dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• dfg/DFGSpeculativeJIT32_64.cpp (modified) (3 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2011-09-29  Yuqiang Xian  <yuqiang.xian@intel.com>
+
+        Bug fixes for CreateThis, NewObject and GetByOffset in JSVALUE32_64 DFG JIT
+        https://bugs.webkit.org/show_bug.cgi?id=69075
+
+        Reviewed by Gavin Barraclough.
+
+        * dfg/DFGSpeculativeJIT32_64.cpp:
+        (JSC::DFG::SpeculativeJIT::compile):
+
 2011-09-29  Yuqiang Xian  <yuqiang.xian@intel.com>
 

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp

@@ -1675 +1675 @@
         
         silentSpillAllRegisters(resultGPR);
-        m_jit.move(protoGPR, GPRInfo::argumentGPR1);
-        m_jit.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
+        m_jit.push(TrustedImm32(JSValue::CellTag));
+        m_jit.push(protoGPR);
+        m_jit.push(GPRInfo::callFrameRegister);
         appendCallWithExceptionCheck(operationCreateThis);
         m_jit.move(GPRInfo::returnValueGPR, resultGPR);
@@ -1703 +1704 @@
         
         silentSpillAllRegisters(resultGPR);
-        m_jit.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
+        m_jit.push(GPRInfo::callFrameRegister);
         appendCallWithExceptionCheck(operationNewObject);
         m_jit.move(GPRInfo::returnValueGPR, resultGPR);
@@ -1835 +1836 @@
         GPRReg resultPayloadGPR = resultPayload.gpr();
         
-        storage.use();
         StorageAccessData& storageAccessData = m_jit.graph().m_storageAccessData[node.storageAccessDataIndex()];