https://bugs.webkit.org/show_bug.cgi?id=69126
Patch by Yuqiang Xian <yuqiang.xian@intel.com> on 2011-09-30
Reviewed by Gavin Barraclough.
The setupResults routine has the bug of reversing the source and destination.
Also some other trivial (but stupid) bugs need to be fixed in JSVALUE32_64 DFG JIT.
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::setupTwoStubArgs):
(JSC::DFG::setupResults):
* dfg/DFGJITCodeGenerator32_64.cpp:
(JSC::DFG::JITCodeGenerator::fillJSValue):
(JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
(JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96451
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2011-09-30 Yuqiang Xian <yuqiang.xian@intel.com>
+
+ DFG operation results are not set correctly in JSVALUE32_64 DFG JIT
+ https://bugs.webkit.org/show_bug.cgi?id=69126
+
+ Reviewed by Gavin Barraclough.
+
+ The setupResults routine has the bug of reversing the source and destination.
+ Also some other trivial (but stupid) bugs need to be fixed in JSVALUE32_64 DFG JIT.
+
+ * dfg/DFGJITCodeGenerator.h:
+ (JSC::DFG::setupTwoStubArgs):
+ (JSC::DFG::setupResults):
+ * dfg/DFGJITCodeGenerator32_64.cpp:
+ (JSC::DFG::JITCodeGenerator::fillJSValue):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeValueToInt32):
+ (JSC::DFG::JITCodeGenerator::nonSpeculativeNonPeepholeCompare):
+
2011-09-30 Gavin Barraclough <barraclough@apple.com>
Remove toStrictThisObject, toThisString, toThisJSString
m_generationInfo[node.virtualRegister()].initConstant(nodeIndex, node.refCount());
}
+#if CPU(X86_64)
// These methods used to sort arguments into the correct registers.
template<GPRReg destA, GPRReg destB>
void setupTwoStubArgs(GPRReg srcA, GPRReg srcB)
} else
m_jit.swap(destA, destB);
}
-#if CPU(X86_64)
template<FPRReg destA, FPRReg destB>
void setupTwoStubArgs(FPRReg srcA, FPRReg srcB)
{
void setupResults(GPRReg tag, GPRReg payload)
{
- setupTwoStubArgs<GPRInfo::returnValueGPR, GPRInfo::returnValueGPR2>(payload, tag);
+ GPRReg srcA = GPRInfo::returnValueGPR;
+ GPRReg srcB = GPRInfo::returnValueGPR2;
+ GPRReg destA = payload;
+ GPRReg destB = tag;
+
+ if (srcB != destA) {
+ // Handle the easy cases - two simple moves.
+ m_jit.move(srcA, destA);
+ m_jit.move(srcB, destB);
+ } else if (srcA != destB) {
+ // Handle the non-swap case - just put srcB in place first.
+ m_jit.move(srcB, destB);
+ m_jit.move(srcA, destA);
+ } else
+ m_jit.swap(destA, destB);
}
// These methods add calls to C++ helper functions.
GPRReg gpr = info.gpr();
// If the register has already been locked we need to take a copy.
// If not, we'll zero extend in place, so mark on the info that this is now type DataFormatInteger, not DataFormatJSInteger.
- tagGPR = allocate();
if (m_gprs.isLocked(gpr)) {
payloadGPR = allocate();
m_jit.move(gpr, payloadGPR);
payloadGPR = gpr;
m_gprs.lock(gpr);
}
+ tagGPR = allocate();
m_jit.move(info.registerFormat() == DataFormatInteger ? JITCompiler::TrustedImm32(JSValue::Int32Tag) : JITCompiler::TrustedImm32(JSValue::CellTag), tagGPR);
m_gprs.release(gpr);
m_gprs.retain(tagGPR, virtualRegister, SpillOrderJS);
silentSpillAllRegisters(gpr);
- m_jit.moveDouble(fpr, FPRInfo::argumentFPR0);
+ m_jit.subPtr(TrustedImm32(sizeof(double)), JITCompiler::stackPointerRegister);
+ m_jit.storeDouble(fpr, JITCompiler::stackPointerRegister);
appendCallWithExceptionCheck(toInt32);
m_jit.move(GPRInfo::returnValueGPR, gpr);
+ m_jit.addPtr(TrustedImm32(sizeof(double)), JITCompiler::stackPointerRegister);
silentFillAllRegisters(gpr);
} else {
GPRTemporary resultTag(this, arg1);
GPRTemporary resultPayload(this, arg1, false);
- GPRReg resultTagGPR = resultPayload.gpr();
+ GPRReg resultTagGPR = resultTag.gpr();
GPRReg resultPayloadGPR = resultPayload.gpr();
arg1.use();
projects / profile / ivi / webkit-efl.git / commitdiff