Ignore:
Timestamp:
Apr 30, 2014, 3:22:11 PM (11 years ago)
Author:
[email protected]
Message:

Argument flush formats should not be presumed to be JSValue since 'this' is weird
https://bugs.webkit.org/show_bug.cgi?id=132404

Reviewed by Michael Saboff.

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileCurrentBlock): Don't assume that arguments are flushed as JSValue. Use the logic for locals instead.

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile): SetArgument "changes" the format because before this we wouldn't know we had arguments.

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile): Ditto.

  • dfg/DFGValueSource.cpp:

(JSC::DFG::ValueSource::dumpInContext): Make this easier to dump.

  • dfg/DFGValueSource.h:

(JSC::DFG::ValueSource::operator!): Make this easier to dump because Operands<T> uses T::operator!().

  • ftl/FTLOSREntry.cpp:

(JSC::FTL::prepareOSREntry): This had a useful assertion for everything except 'this'.

  • tests/stress/strict-to-this-int.js: Added.

(foo):
(Number.prototype.valueOf):
(test):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ftl/FTLOSREntry.cpp

    r163844 r168051  
    7171        JSValue valueOnStack = exec->r(virtualRegisterForArgument(argument).offset()).jsValue();
    7272        JSValue reconstructedValue = values.argument(argument);
    73         if (valueOnStack == reconstructedValue)
     73        if (valueOnStack == reconstructedValue || !argument)
    7474            continue;
    7575        dataLog("Mismatch between reconstructed values and the the value on the stack for argument arg", argument, " for ", *entryCodeBlock, " at bc#", bytecodeIndex, ":\n");
Note: See TracChangeset for help on using the changeset viewer.