Commit 1b864dac authored by mhahnenberg@apple.com's avatar mhahnenberg@apple.com

JIT::updateTopCallFrame doesn't update the CallFrame's bytecodeOffset if bytecodeOffset == 0

https://bugs.webkit.org/show_bug.cgi?id=118923

Reviewed by Filip Pizlo.

This bug causes the CallFrame's bytecodeOffset to not be properly set when we
enter, e.g., cti_optimize from an op_enter.

* jit/JITInlines.h:
(JSC::JIT::updateTopCallFrame):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153097 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 172c3cb3
2013-07-24 Mark Hahnenberg <mhahnenberg@apple.com>
JIT::updateTopCallFrame doesn't update the CallFrame's bytecodeOffset if bytecodeOffset == 0
https://bugs.webkit.org/show_bug.cgi?id=118923
Reviewed by Filip Pizlo.
This bug causes the CallFrame's bytecodeOffset to not be properly set when we
enter, e.g., cti_optimize from an op_enter.
* jit/JITInlines.h:
(JSC::JIT::updateTopCallFrame):
2013-07-23 Filip Pizlo <fpizlo@apple.com>
DFG string concatenation optimizations might emit speculative nodes after emitting nodes that kill the original inputs
......
......@@ -179,13 +179,11 @@ ALWAYS_INLINE void JIT::endUninterruptedSequence(int insnSpace, int constSpace,
ALWAYS_INLINE void JIT::updateTopCallFrame()
{
ASSERT(static_cast<int>(m_bytecodeOffset) >= 0);
if (m_bytecodeOffset) {
#if USE(JSVALUE32_64)
storePtr(TrustedImmPtr(m_codeBlock->instructions().begin() + m_bytecodeOffset + 1), intTagFor(JSStack::ArgumentCount));
storePtr(TrustedImmPtr(m_codeBlock->instructions().begin() + m_bytecodeOffset + 1), intTagFor(JSStack::ArgumentCount));
#else
store32(TrustedImm32(m_bytecodeOffset + 1), intTagFor(JSStack::ArgumentCount));
store32(TrustedImm32(m_bytecodeOffset + 1), intTagFor(JSStack::ArgumentCount));
#endif
}
storePtr(callFrameRegister, &m_vm->topCallFrame);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment