Context Navigation

DFGSpeculativeJIT64.cpp

Timestamp:

Sep 13, 2013, 4:18:19 PM (12 years ago)

Author:

Message:

DFG AI assumes that ToThis can never return non-object if it is passed an object, and operationToThis will get the wrong value of isStrictMode() if there's inlining
https://bugs.webkit.org/show_bug.cgi?id=121330

Source/JavaScriptCore:

Reviewed by Mark Hahnenberg and Oliver Hunt.

Also print whether a function is strict mode in debug dumps.

(JSC::CodeBlock::dumpAssumingJITType):

(JSC::InlineCallFrame::dumpInContext):

(JSC::DFG::::executeEffects):

(JSC::DFG::SpeculativeJIT::compile):

(JSC::DFG::SpeculativeJIT::compile):

Tools:

Reviewed by Mark Hahnenberg and Oliver Hunt.

We should run tests even if they don't have expected files yet.

LayoutTests:

Reviewed by Mark Hahnenberg and Oliver Hunt.

(thingy.bar):
(thingy.foo):
(thingy):

File:

-              r155711
+              r155730
             TrustedImm32(FinalObjectType)));
         m_jit.move(thisValueGPR, tempGPR);
+        J_DFGOperation_EJ function;
+        if (m_jit.graph().executableFor(node->codeOrigin)->isStrictMode())
+            function = operationToThisStrict;
+        else
+            function = operationToThis;
         addSlowPathGenerator(
             slowPathCall(slowCases, this, operationToThis, tempGPR, thisValueGPR));
+            slowPathCall(slowCases, this, function, tempGPR, thisValueGPR));
         jsValueResult(tempGPR, node);

Note: See TracChangeset for help on using the changeset viewer.