WebKit Bugzilla
Attachment 340905 Details for
Bug 185845
: Fix InById for 32-bit architectures
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-185845-20180522001132.patch (text/plain), 4.37 KB, created by
Dominik Inführ
on 2018-05-21 15:11:33 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Dominik Inführ
Created:
2018-05-21 15:11:33 PDT
Size:
4.37 KB
patch
obsolete
>Subversion Revision: 232008 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 399fa28df17e881089edecf0312efc81418d65f8..4c87005bdd94d1b6a64b02dbf44b84e18b762147 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,25 @@ >+2018-05-21 Dominik Infuehr <dinfuehr@igalia.com> >+ >+ Fix InById for 32-bit architectures >+ https://bugs.webkit.org/show_bug.cgi?id=185845 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Add boxBoolean that works like boxBooleanPayload but also sets >+ the tag GPR on 32-bit architectures. >+ >+ Invoke callOperation instead of callOperationWithProfile just as on 64-bit. Also >+ increment the right instance variable: m_inByIdIndex. >+ >+ * bytecode/AccessCase.cpp: >+ (JSC::AccessCase::generateImpl): >+ * bytecode/InlineAccess.cpp: >+ (JSC::InlineAccess::generateSelfInAccess): >+ * jit/AssemblyHelpers.h: >+ (JSC::AssemblyHelpers::boxBoolean): >+ * jit/JITPropertyAccess32_64.cpp: >+ (JSC::JIT::emitSlow_op_in_by_id): >+ > 2018-05-20 Filip Pizlo <fpizlo@apple.com> > > Revert the B3 compiler pipeline's treatment of taildup >diff --git a/Source/JavaScriptCore/bytecode/AccessCase.cpp b/Source/JavaScriptCore/bytecode/AccessCase.cpp >index 3e772bc9069ca8838504680c8c03f926cd581c35..c2fbe337216f4b8fd96f2e7945cf57a1ba92a12f 100644 >--- a/Source/JavaScriptCore/bytecode/AccessCase.cpp >+++ b/Source/JavaScriptCore/bytecode/AccessCase.cpp >@@ -680,7 +680,7 @@ void AccessCase::generateImpl(AccessGenerationState& state) > switch (m_type) { > case InHit: > case InMiss: >- jit.boxBooleanPayload(m_type == InHit, valueRegs.payloadGPR()); >+ jit.boxBoolean(m_type == InHit, valueRegs); > state.succeed(); > return; > >diff --git a/Source/JavaScriptCore/bytecode/InlineAccess.cpp b/Source/JavaScriptCore/bytecode/InlineAccess.cpp >index f351f82bee0a4d794da90c5b86bc6dba59c3713c..660e52c149ed50d478fc24b58cdc0791c8f6cd43 100644 >--- a/Source/JavaScriptCore/bytecode/InlineAccess.cpp >+++ b/Source/JavaScriptCore/bytecode/InlineAccess.cpp >@@ -287,7 +287,7 @@ bool InlineAccess::generateSelfInAccess(StructureStubInfo& stubInfo, Structure* > MacroAssembler::NotEqual, > MacroAssembler::Address(base, JSCell::structureIDOffset()), > MacroAssembler::TrustedImm32(bitwise_cast<uint32_t>(structure->id()))); >- jit.boxBooleanPayload(true, value.payloadGPR()); >+ jit.boxBoolean(true, value); > > bool linkedCodeInline = linkCodeInline("in access", jit, stubInfo, [&] (LinkBuffer& linkBuffer) { > linkBuffer.link(branchToSlowPath, stubInfo.slowPathStartLocation()); >diff --git a/Source/JavaScriptCore/jit/AssemblyHelpers.h b/Source/JavaScriptCore/jit/AssemblyHelpers.h >index 56251991ac91154d69c77f14baf6e9fc3bb7d091..aa6712f599954fd34be854bcfb53738a7cb3e42e 100644 >--- a/Source/JavaScriptCore/jit/AssemblyHelpers.h >+++ b/Source/JavaScriptCore/jit/AssemblyHelpers.h >@@ -1336,6 +1336,14 @@ public: > #endif > } > >+ void boxBoolean(bool value, JSValueRegs boxedRegs) >+ { >+ boxBooleanPayload(value, boxedRegs.payloadGPR()); >+#if USE(JSVALUE32_64) >+ move(TrustedImm32(JSValue::BooleanTag), boxedRegs.tagGPR()); >+#endif >+ } >+ > void boxInt32(GPRReg intGPR, JSValueRegs boxedRegs, TagRegistersMode mode = HaveTagRegisters) > { > #if USE(JSVALUE64) >diff --git a/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp b/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp >index 6041bc4e2d76c3c55e307042e95e14f80cb7b205..a70a1551b23c04e985ee0dfc0d93837e9e011b86 100644 >--- a/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp >+++ b/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp >@@ -797,11 +797,11 @@ void JIT::emitSlow_op_in_by_id(Instruction* currentInstruction, Vector<SlowCaseE > int resultVReg = currentInstruction[1].u.operand; > const Identifier* ident = &(m_codeBlock->identifier(currentInstruction[3].u.operand)); > >- JITInByIdGenerator& gen = m_inByIds[m_getByIdIndex++]; >+ JITInByIdGenerator& gen = m_inByIds[m_inByIdIndex++]; > > Label coldPathBegin = label(); > >- Call call = callOperationWithProfile(operationInByIdOptimize, resultVReg, gen.stubInfo(), JSValueRegs(regT1, regT0), ident->impl()); >+ Call call = callOperation(operationInByIdOptimize, resultVReg, gen.stubInfo(), JSValueRegs(regT1, regT0), ident->impl()); > > gen.reportSlowPathCall(coldPathBegin, call); > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=340905">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 185845
: 340905