Changeset 44797 in webkit for trunk/JavaScriptCore/jit


Ignore:
Timestamp:
Jun 17, 2009, 11:40:53 PM (16 years ago)
Author:
[email protected]
Message:

<rdar://problem/6974140> REGRESSION(r43849): Crash in cti_op_call_NotJSFunction when getting directions on maps.google.com

Reviewed by Gavin Barraclough

Roll out r43849 as it appears that we cannot rely on the address of
an objects property storage being constant even if the structure is
unchanged.

Location:
trunk/JavaScriptCore/jit
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/jit/JIT.h

    r44743 r44797  
    460460
    461461        void compileGetDirectOffset(RegisterID base, RegisterID result, Structure* structure, size_t cachedOffset);
    462         void compileGetDirectOffset(JSObject* base, RegisterID result, size_t cachedOffset);
     462        void compileGetDirectOffset(JSObject* base, RegisterID temp, RegisterID result, size_t cachedOffset);
    463463        void compilePutDirectOffset(RegisterID base, RegisterID value, Structure* structure, size_t cachedOffset);
    464464

  • trunk/JavaScriptCore/jit/JITPropertyAccess.cpp

    r44713 r44797  
    414414}
    415415
    416 void JIT::compileGetDirectOffset(JSObject* base, RegisterID result, size_t cachedOffset)
     416void JIT::compileGetDirectOffset(JSObject* base, RegisterID temp, RegisterID result, size_t cachedOffset)
    417417{
    418418    if (base->isUsingInlineStorage())
    419419        loadPtr(static_cast<void*>(&base->m_inlineStorage[cachedOffset]), result);
    420     else
    421         loadPtr(static_cast<void*>(&base->m_externalStorage[cachedOffset]), result);
     420    else {
     421        PropertyStorage* protoPropertyStorage = &base->m_externalStorage;
     422        loadPtr(static_cast<void*>(protoPropertyStorage), temp);
     423        loadPtr(Address(temp, cachedOffset * sizeof(JSValue)), result);
     424    }
    422425}
    423426
     
    615618
    616619    // Checks out okay! - getDirectOffset
    617     compileGetDirectOffset(protoObject, regT0, cachedOffset);
     620    compileGetDirectOffset(protoObject, regT1, regT0, cachedOffset);
    618621
    619622    Jump success = jump();
     
    690693
    691694    // Checks out okay! - getDirectOffset
    692     compileGetDirectOffset(protoObject, regT0, cachedOffset);
     695    compileGetDirectOffset(protoObject, regT1, regT0, cachedOffset);
    693696
    694697    Jump success = jump();
     
    744747    ASSERT(protoObject);
    745748
    746     compileGetDirectOffset(protoObject, regT0, cachedOffset);
     749    compileGetDirectOffset(protoObject, regT1, regT0, cachedOffset);
    747750    Jump success = jump();
    748751
     
    797800    ASSERT(protoObject);
    798801
    799     compileGetDirectOffset(protoObject, regT0, cachedOffset);
     802    compileGetDirectOffset(protoObject, regT1, regT0, cachedOffset);
    800803    Jump success = jump();
    801804
Note: See TracChangeset for help on using the changeset viewer.