-
commit-queue@webkit.org authored
JSVALUE32_64 DFG JIT - unboxed integers and cells in register file must be reboxed before exiting from DFG JIT https://bugs.webkit.org/show_bug.cgi?id=69205 Patch by Yuqiang Xian <yuqiang.xian@intel.com> on 2011-10-01 Reviewed by Gavin Barraclough. If there are unboxed integers and cells in register file (e.g. by SetLocal), they must be reboxed before exiting from the speculative DFG JIT execution. This patch also adds a new ValueSourceKind (CellInRegisterFile) and a new ValueRecoveryTechnique (AlreadyInRegisterFileAsCell). * dfg/DFGJITCompiler32_64.cpp: (JSC::DFG::JITCompiler::exitSpeculativeWithOSR): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::ValueSource::dump): (JSC::DFG::ValueRecovery::dump): (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor): * dfg/DFGSpeculativeJIT.h: (JSC::DFG::ValueSource::forPrediction): (JSC::DFG::ValueRecovery::alreadyInRegisterFileAsUnboxedCell): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96458 268f45cc-cd09-0410-ab3c-d52691b4dbfc
43646c30