Changeset 96451 in webkit
- Timestamp:
- Sep 30, 2011 7:14:36 PM (13 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 3 edited
-
ChangeLog (modified) (1 diff)
-
dfg/DFGJITCodeGenerator.h (modified) (3 diffs)
-
dfg/DFGJITCodeGenerator32_64.cpp (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r96446 r96451 1 2011-09-30 Yuqiang Xian <yuqiang.xian@intel.com> 2 3 DFG operation results are not set correctly in JSVALUE32_64 DFG JIT 4 https://bugs.webkit.org/show_bug.cgi?id=69126 5 6 Reviewed by Gavin Barraclough. 7 8 The setupResults routine has the bug of reversing the source and destination. 9 Also some other trivial (but stupid) bugs need to be fixed in JSVALUE32_64 DFG JIT. 10 11 * dfg/DFGJITCodeGenerator.h: 12 (JSC::DFG::setupTwoStubArgs): 13 (JSC::DFG::setupResults): 14 * dfg/DFGJITCodeGenerator32_64.cpp: 15 (JSC::DFG::JITCodeGenerator::fillJSValue): 16 (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32): 17 (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare): 18 1 19 2011-09-30 Gavin Barraclough <barraclough@apple.com> 2 20 -
trunk/Source/JavaScriptCore/dfg/DFGJITCodeGenerator.h
r96443 r96451 922 922 } 923 923 924 #if CPU(X86_64) 924 925 // These methods used to sort arguments into the correct registers. 925 926 template<GPRReg destA, GPRReg destB> … … 951 952 m_jit.swap(destA, destB); 952 953 } 953 #if CPU(X86_64)954 954 template<FPRReg destA, FPRReg destB> 955 955 void setupTwoStubArgs(FPRReg srcA, FPRReg srcB) … … 1183 1183 void setupResults(GPRReg tag, GPRReg payload) 1184 1184 { 1185 setupTwoStubArgs<GPRInfo::returnValueGPR, GPRInfo::returnValueGPR2>(payload, tag); 1185 GPRReg srcA = GPRInfo::returnValueGPR; 1186 GPRReg srcB = GPRInfo::returnValueGPR2; 1187 GPRReg destA = payload; 1188 GPRReg destB = tag; 1189 1190 if (srcB != destA) { 1191 // Handle the easy cases - two simple moves. 1192 m_jit.move(srcA, destA); 1193 m_jit.move(srcB, destB); 1194 } else if (srcA != destB) { 1195 // Handle the non-swap case - just put srcB in place first. 1196 m_jit.move(srcB, destB); 1197 m_jit.move(srcA, destA); 1198 } else 1199 m_jit.swap(destA, destB); 1186 1200 } 1187 1201 -
trunk/Source/JavaScriptCore/dfg/DFGJITCodeGenerator32_64.cpp
r96415 r96451 254 254 // If the register has already been locked we need to take a copy. 255 255 // If not, we'll zero extend in place, so mark on the info that this is now type DataFormatInteger, not DataFormatJSInteger. 256 tagGPR = allocate();257 256 if (m_gprs.isLocked(gpr)) { 258 257 payloadGPR = allocate(); … … 262 261 m_gprs.lock(gpr); 263 262 } 263 tagGPR = allocate(); 264 264 m_jit.move(info.registerFormat() == DataFormatInteger ? JITCompiler::TrustedImm32(JSValue::Int32Tag) : JITCompiler::TrustedImm32(JSValue::CellTag), tagGPR); 265 265 m_gprs.release(gpr); … … 387 387 silentSpillAllRegisters(gpr); 388 388 389 m_jit.moveDouble(fpr, FPRInfo::argumentFPR0); 389 m_jit.subPtr(TrustedImm32(sizeof(double)), JITCompiler::stackPointerRegister); 390 m_jit.storeDouble(fpr, JITCompiler::stackPointerRegister); 390 391 appendCallWithExceptionCheck(toInt32); 391 392 m_jit.move(GPRInfo::returnValueGPR, gpr); 393 m_jit.addPtr(TrustedImm32(sizeof(double)), JITCompiler::stackPointerRegister); 392 394 393 395 silentFillAllRegisters(gpr); … … 1354 1356 GPRTemporary resultTag(this, arg1); 1355 1357 GPRTemporary resultPayload(this, arg1, false); 1356 GPRReg resultTagGPR = result Payload.gpr();1358 GPRReg resultTagGPR = resultTag.gpr(); 1357 1359 GPRReg resultPayloadGPR = resultPayload.gpr(); 1358 1360
Note: See TracChangeset
for help on using the changeset viewer.
