From 195a0edd061e9e72e889c1c7f9ede7e9bdd00ffc Mon Sep 17 00:00:00 2001 From: "oliver@apple.com" Date: Tue, 31 Jan 2012 02:22:37 +0000 Subject: [PATCH] get_by_val_arguments is broken in the interpreter https://bugs.webkit.org/show_bug.cgi?id=77389 Reviewed by Gavin Barraclough. When get_by_val had wad a value profile added, the same slot was not added to get_by_val_arguments. This broke the interpreter as the interpreter falls back on its regular get_by_val implementation. No tests are added as the interpreter is fairly broken in its current state (multiple tests fail due to this bug). * bytecode/CodeBlock.cpp: (JSC::CodeBlock::dump): * bytecode/Opcode.h: (JSC): (): * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitGetArgumentByVal): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@106314 268f45cc-cd09-0410-ab3c-d52691b4dbfc --- Source/JavaScriptCore/ChangeLog | 22 ++++++++++++++++++++++ Source/JavaScriptCore/bytecode/CodeBlock.cpp | 1 + Source/JavaScriptCore/bytecode/Opcode.h | 2 +- .../bytecompiler/BytecodeGenerator.cpp | 3 ++- 4 files changed, 26 insertions(+), 2 deletions(-) diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog index 99fed7f..a3ecffb 100644 --- a/Source/JavaScriptCore/ChangeLog +++ b/Source/JavaScriptCore/ChangeLog @@ -1,5 +1,27 @@ 2012-01-30 Oliver Hunt + get_by_val_arguments is broken in the interpreter + https://bugs.webkit.org/show_bug.cgi?id=77389 + + Reviewed by Gavin Barraclough. + + When get_by_val had wad a value profile added, the same slot was not added to + get_by_val_arguments. This broke the interpreter as the interpreter falls + back on its regular get_by_val implementation. + + No tests are added as the interpreter is fairly broken in its + current state (multiple tests fail due to this bug). + + * bytecode/CodeBlock.cpp: + (JSC::CodeBlock::dump): + * bytecode/Opcode.h: + (JSC): + (): + * bytecompiler/BytecodeGenerator.cpp: + (JSC::BytecodeGenerator::emitGetArgumentByVal): + +2012-01-30 Oliver Hunt + Unexpected syntax error https://bugs.webkit.org/show_bug.cgi?id=77340 diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.cpp b/Source/JavaScriptCore/bytecode/CodeBlock.cpp index b62482d..f2cd6fa 100644 --- a/Source/JavaScriptCore/bytecode/CodeBlock.cpp +++ b/Source/JavaScriptCore/bytecode/CodeBlock.cpp @@ -934,6 +934,7 @@ void CodeBlock::dump(ExecState* exec, const Vector::const_iterator& int r1 = (++it)->u.operand; int r2 = (++it)->u.operand; printf("[%4d] get_argument_by_val\t %s, %s, %s\n", location, registerName(exec, r0).data(), registerName(exec, r1).data(), registerName(exec, r2).data()); + ++it; break; } case op_get_by_pname: { diff --git a/Source/JavaScriptCore/bytecode/Opcode.h b/Source/JavaScriptCore/bytecode/Opcode.h index a56dc53..57633a3 100644 --- a/Source/JavaScriptCore/bytecode/Opcode.h +++ b/Source/JavaScriptCore/bytecode/Opcode.h @@ -127,7 +127,7 @@ namespace JSC { macro(op_put_by_id_generic, 9) \ macro(op_del_by_id, 4) \ macro(op_get_by_val, 5) /* has value profiling */ \ - macro(op_get_argument_by_val, 4) \ + macro(op_get_argument_by_val, 5) /* must be the same size as op_get_by_val */ \ macro(op_get_by_pname, 7) \ macro(op_put_by_val, 4) \ macro(op_del_by_val, 4) \ diff --git a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp index 6d161e0..aaae0e3 100644 --- a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp +++ b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp @@ -1593,11 +1593,12 @@ RegisterID* BytecodeGenerator::emitDeleteById(RegisterID* dst, RegisterID* base, RegisterID* BytecodeGenerator::emitGetArgumentByVal(RegisterID* dst, RegisterID* base, RegisterID* property) { - emitOpcode(op_get_argument_by_val); + ValueProfile* profile = emitProfiledOpcode(op_get_argument_by_val); instructions().append(dst->index()); ASSERT(base->index() == m_codeBlock->argumentsRegister()); instructions().append(base->index()); instructions().append(property->index()); + instructions().append(profile); return dst; } -- 2.7.4