Commit 1b864dac authored by mhahnenberg@apple.com's avatar mhahnenberg@apple.com
Browse files

JIT::updateTopCallFrame doesn't update the CallFrame's bytecodeOffset if bytecodeOffset == 0

https://bugs.webkit.org/show_bug.cgi?id=118923

Reviewed by Filip Pizlo.

This bug causes the CallFrame's bytecodeOffset to not be properly set when we
enter, e.g., cti_optimize from an op_enter.

* jit/JITInlines.h:
(JSC::JIT::updateTopCallFrame):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153097 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 172c3cb3
2013-07-24 Mark Hahnenberg <mhahnenberg@apple.com>
JIT::updateTopCallFrame doesn't update the CallFrame's bytecodeOffset if bytecodeOffset == 0
https://bugs.webkit.org/show_bug.cgi?id=118923
Reviewed by Filip Pizlo.
This bug causes the CallFrame's bytecodeOffset to not be properly set when we
enter, e.g., cti_optimize from an op_enter.
* jit/JITInlines.h:
(JSC::JIT::updateTopCallFrame):
2013-07-23 Filip Pizlo <fpizlo@apple.com> 2013-07-23 Filip Pizlo <fpizlo@apple.com>
DFG string concatenation optimizations might emit speculative nodes after emitting nodes that kill the original inputs DFG string concatenation optimizations might emit speculative nodes after emitting nodes that kill the original inputs
......
...@@ -179,13 +179,11 @@ ALWAYS_INLINE void JIT::endUninterruptedSequence(int insnSpace, int constSpace, ...@@ -179,13 +179,11 @@ ALWAYS_INLINE void JIT::endUninterruptedSequence(int insnSpace, int constSpace,
ALWAYS_INLINE void JIT::updateTopCallFrame() ALWAYS_INLINE void JIT::updateTopCallFrame()
{ {
ASSERT(static_cast<int>(m_bytecodeOffset) >= 0); ASSERT(static_cast<int>(m_bytecodeOffset) >= 0);
if (m_bytecodeOffset) {
#if USE(JSVALUE32_64) #if USE(JSVALUE32_64)
storePtr(TrustedImmPtr(m_codeBlock->instructions().begin() + m_bytecodeOffset + 1), intTagFor(JSStack::ArgumentCount)); storePtr(TrustedImmPtr(m_codeBlock->instructions().begin() + m_bytecodeOffset + 1), intTagFor(JSStack::ArgumentCount));
#else #else
store32(TrustedImm32(m_bytecodeOffset + 1), intTagFor(JSStack::ArgumentCount)); store32(TrustedImm32(m_bytecodeOffset + 1), intTagFor(JSStack::ArgumentCount));
#endif #endif
}
storePtr(callFrameRegister, &m_vm->topCallFrame); storePtr(callFrameRegister, &m_vm->topCallFrame);
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment