Changeset 37268 in webkit for trunk/JavaScriptCore


Ignore:
Timestamp:
Oct 3, 2008, 5:10:29 PM (17 years ago)
Author:
[email protected]
Message:

2008-10-03 Cameron Zwarich <[email protected]>

Reviewed by Maciej Stachowiak.

Bug 21343: REGRESSSION (r37160): ecma_3/ExecutionContexts/10.1.3-1.js and js1_4/Functions/function-001.js fail on 64-bit
<https://bugs.webkit.org/show_bug.cgi?id=21343>

A fix was landed for this issue in r37253, and the ChangeLog assumes
that it is a compiler bug, but it turns out that it is a subtle issue
with mixing signed and unsigned 32-bit values in a 64-bit environment.
In order to properly fix this bug, we should convert our signed offsets
into the register file to use ptrdiff_t.

This may not be the only instance of this issue, but I will land this
fix first and look for more later.

  • VM/Machine.cpp: (JSC::Machine::getArgumentsData):
  • VM/Machine.h:
  • kjs/Arguments.cpp: (JSC::Arguments::getOwnPropertySlot):
  • kjs/Arguments.h: (JSC::Arguments::init):
Location:
trunk/JavaScriptCore
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/ChangeLog

    r37264 r37268  
     12008-10-03  Cameron Zwarich  <[email protected]>
     2
     3        Reviewed by Maciej Stachowiak.
     4
     5        Bug 21343: REGRESSSION (r37160): ecma_3/ExecutionContexts/10.1.3-1.js and js1_4/Functions/function-001.js fail on 64-bit
     6        <https://bugs.webkit.org/show_bug.cgi?id=21343>
     7
     8        A fix was landed for this issue in r37253, and the ChangeLog assumes
     9        that it is a compiler bug, but it turns out that it is a subtle issue
     10        with mixing signed and unsigned 32-bit values in a 64-bit environment.
     11        In order to properly fix this bug, we should convert our signed offsets
     12        into the register file to use ptrdiff_t.
     13
     14        This may not be the only instance of this issue, but I will land this
     15        fix first and look for more later.
     16
     17        * VM/Machine.cpp:
     18        (JSC::Machine::getArgumentsData):
     19        * VM/Machine.h:
     20        * kjs/Arguments.cpp:
     21        (JSC::Arguments::getOwnPropertySlot):
     22        * kjs/Arguments.h:
     23        (JSC::Arguments::init):
     24
    1252008-10-03  Darin Adler  <[email protected]>
    226

  • trunk/JavaScriptCore/VM/Machine.cpp

    r37257 r37268  
    39293929}
    39303930
    3931 void Machine::getArgumentsData(Register* callFrame, JSFunction*& function, int& firstParameterIndex, Register*& argv, int& argc)
     3931void Machine::getArgumentsData(Register* callFrame, JSFunction*& function, ptrdiff_t& firstParameterIndex, Register*& argv, int& argc)
    39323932{
    39333933    function = static_cast<JSFunction*>(callFrame[RegisterFile::Callee].getJSValue());

  • trunk/JavaScriptCore/VM/Machine.h

    r37257 r37268  
    108108        static CodeBlock* codeBlock(const Register* r) { return r[RegisterFile::CodeBlock].codeBlock(); }
    109109
    110         void getArgumentsData(Register* callFrame, JSFunction*&, int& firstParameterIndex, Register*& argv, int& argc);
     110        void getArgumentsData(Register* callFrame, JSFunction*&, ptrdiff_t& firstParameterIndex, Register*& argv, int& argc);
    111111        void setTimeoutTime(unsigned timeoutTime) { m_timeoutTime = timeoutTime; }
    112112       

  • trunk/JavaScriptCore/kjs/Arguments.cpp

    r37253 r37268  
    112112    if (i < d->numArguments && (!d->deletedArguments || !d->deletedArguments[i])) {
    113113        if (i < d->numParameters) {
    114 #if COMPILER(GCC) && PLATFORM(X86_64)
    115             // The subscript variable is a workaround for a 64-bit code
    116             // generation bug in GCC.
    117             int subscript = d->firstParameterIndex + i;
    118             slot.setRegisterSlot(&d->registers[subscript]);
    119 #else
    120114            slot.setRegisterSlot(&d->registers[d->firstParameterIndex + i]);
    121 #endif
    122115        } else
    123116            slot.setValue(d->extraArguments[i - d->numParameters].jsValue(exec));
     
    134127    if (isArrayIndex && i < d->numArguments && (!d->deletedArguments || !d->deletedArguments[i])) {
    135128        if (i < d->numParameters) {
    136 #if COMPILER(GCC) && PLATFORM(X86_64)
    137             // The subscript variable is a workaround for a 64-bit code
    138             // generation bug in GCC.
    139             int subscript = d->firstParameterIndex + i;
    140             slot.setRegisterSlot(&d->registers[subscript]);
    141 #else
    142129            slot.setRegisterSlot(&d->registers[d->firstParameterIndex + i]);
    143 #endif
    144130        } else
    145131            slot.setValue(d->extraArguments[i - d->numParameters].jsValue(exec));

  • trunk/JavaScriptCore/kjs/Arguments.h

    r37184 r37268  
    3636
    3737        unsigned numParameters;
    38         int firstParameterIndex;
     38        ptrdiff_t firstParameterIndex;
    3939        unsigned numArguments;
    4040
     
    8585    {
    8686        JSFunction* callee;
    87         int firstParameterIndex;
     87        ptrdiff_t firstParameterIndex;
    8888        Register* argv;
    8989        int numArguments;
Note: See TracChangeset for help on using the changeset viewer.