Commit a2909633 authored by fpizlo@apple.com's avatar fpizlo@apple.com

JIT op_get_by_pname should call cti_get_by_val_generic and not cti_get_by_val

https://bugs.webkit.org/show_bug.cgi?id=99631
<rdar://problem/12483221>

Reviewed by Mark Hahnenberg.

Source/JavaScriptCore: 

cti_get_by_val assumes that the return address has patching metadata associated with it, which won't
be true for op_get_by_pname. cti_get_by_val_generic makes no such assumptions.

* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitSlow_op_get_by_pname):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emitSlow_op_get_by_pname):

LayoutTests: 

* fast/js/get-by-pname-that-looks-like-a-patchable-get-by-val-expected.txt: Added.
* fast/js/get-by-pname-that-looks-like-a-patchable-get-by-val.html: Added.
* fast/js/jsc-test-list:
* fast/js/script-tests/get-by-pname-that-looks-like-a-patchable-get-by-val.js: Added.
(foo):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@131642 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 1295cda8
2012-10-17 Filip Pizlo <fpizlo@apple.com>
JIT op_get_by_pname should call cti_get_by_val_generic and not cti_get_by_val
https://bugs.webkit.org/show_bug.cgi?id=99631
<rdar://problem/12483221>
Reviewed by Mark Hahnenberg.
* fast/js/get-by-pname-that-looks-like-a-patchable-get-by-val-expected.txt: Added.
* fast/js/get-by-pname-that-looks-like-a-patchable-get-by-val.html: Added.
* fast/js/jsc-test-list:
* fast/js/script-tests/get-by-pname-that-looks-like-a-patchable-get-by-val.js: Added.
(foo):
2012-10-17 Tony Chang <tony@chromium.org>
Unreviewed, second set of GTK+ baselines for shadow DOM changes to RenderSlider.
......
Tests that using get_by_pname in a way that appears like a get_by_val that can be patched does not cause the patching machinery to crash.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
PASS foo() is 300
PASS successfullyParsed is true
TEST COMPLETE
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html>
<head>
<script src="resources/js-test-pre.js"></script>
</head>
<body>
<script src="script-tests/get-by-pname-that-looks-like-a-patchable-get-by-val.js"></script>
<script src="resources/js-test-post.js"></script>
</body>
</html>
......@@ -204,6 +204,7 @@ fast/js/function-toString-semicolon-insertion
fast/js/getter-setter-gc
fast/js/get-by-pname
fast/js/get-by-pname-non-final-object
fast/js/get-by-pname-that-looks-like-a-patchable-get-by-val
fast/js/global-resolve-through-eval
fast/js/gmail-re-re
fast/js/has-own-property
......
description(
"Tests that using get_by_pname in a way that appears like a get_by_val that can be patched does not cause the patching machinery to crash."
);
function foo() {
var o = [1, 2, 3];
var result = 0;
for (var i = 0; i < 100; ++i) {
for (var s in o) {
s = 0;
result += o[s];
}
}
return result;
}
shouldBe("foo()", "300");
2012-10-17 Filip Pizlo <fpizlo@apple.com>
JIT op_get_by_pname should call cti_get_by_val_generic and not cti_get_by_val
https://bugs.webkit.org/show_bug.cgi?id=99631
<rdar://problem/12483221>
Reviewed by Mark Hahnenberg.
cti_get_by_val assumes that the return address has patching metadata associated with it, which won't
be true for op_get_by_pname. cti_get_by_val_generic makes no such assumptions.
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitSlow_op_get_by_pname):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emitSlow_op_get_by_pname):
2012-10-17 Mark Hahnenberg <mhahnenberg@apple.com>
Block freeing thread should sleep indefinitely when there's no work to do
......
......@@ -278,7 +278,7 @@ void JIT::emitSlow_op_get_by_pname(Instruction* currentInstruction, Vector<SlowC
linkSlowCase(iter);
linkSlowCase(iter);
JITStubCall stubCall(this, cti_op_get_by_val);
JITStubCall stubCall(this, cti_op_get_by_val_generic);
stubCall.addArgument(base, regT2);
stubCall.addArgument(property, regT2);
stubCall.call(dst);
......
......@@ -1226,7 +1226,7 @@ void JIT::emitSlow_op_get_by_pname(Instruction* currentInstruction, Vector<SlowC
linkSlowCase(iter);
linkSlowCase(iter);
JITStubCall stubCall(this, cti_op_get_by_val);
JITStubCall stubCall(this, cti_op_get_by_val_generic);
stubCall.addArgument(base);
stubCall.addArgument(property);
stubCall.call(dst);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment