128556 2014-02-10 15:31:40 -0800 32-bit LLInt writeBarrierOnGlobalObject is wrong 2014-02-11 10:04:37 -0800 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 mhahnenberg mhahnenberg benjamin cmarcelo commit-queue oldest_to_newest 979091 0 mhahnenberg 2014-02-10 15:31:40 -0800 It checks if the value is a cell is a really wrong way. 979098 1 223755 mhahnenberg 2014-02-10 15:41:47 -0800 Created attachment 223755 Patch 979102 2 223755 ggaren 2014-02-10 15:44:53 -0800 Comment on attachment 223755 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=223755&action=review r=me > Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:413 > + loadConstantOrVariableCell(t1, t0, .writeBarrierDone) > btpz t0, .writeBarrierDone Why does this code check for a null t0? Is a null cell ever allowed? 979107 3 mhahnenberg 2014-02-10 15:50:44 -0800 (In reply to comment #2) > (From update of attachment 223755 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=223755&action=review > > r=me > > > Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:413 > > + loadConstantOrVariableCell(t1, t0, .writeBarrierDone) > > btpz t0, .writeBarrierDone > > Why does this code check for a null t0? Is a null cell ever allowed? I think init_global_const potentially does this...it's been a while since I added that however. 979469 4 mhahnenberg 2014-02-11 09:34:22 -0800 (In reply to comment #3) > (In reply to comment #2) > > (From update of attachment 223755 [details] [details]) > > View in context: https://bugs.webkit.org/attachment.cgi?id=223755&action=review > > > > r=me > > > > > Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:413 > > > + loadConstantOrVariableCell(t1, t0, .writeBarrierDone) > > > btpz t0, .writeBarrierDone > > > > Why does this code check for a null t0? Is a null cell ever allowed? > > I think init_global_const potentially does this...it's been a while since I added that however. I filed bug 128608 to track getting rid of the null check. 979488 5 223755 commit-queue 2014-02-11 10:04:34 -0800 Comment on attachment 223755 Patch Clearing flags on attachment: 223755 Committed r163887: <http://trac.webkit.org/changeset/163887> 979489 6 commit-queue 2014-02-11 10:04:37 -0800 All reviewed patches have been landed. Closing bug. 223755 2014-02-10 15:41:47 -0800 2014-02-11 10:04:34 -0800 Patch bug-128556-20140210154138.patch text/plain 3282 mhahnenberg SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTYzODI3KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDEzIEBA CisyMDE0LTAyLTEwICBNYXJrIEhhaG5lbmJlcmcgIDxtaGFobmVuYmVyZ0BhcHBsZS5jb20+CisK KyAgICAgICAgMzItYml0IExMSW50IHdyaXRlQmFycmllck9uR2xvYmFsT2JqZWN0IGlzIHdyb25n CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xMjg1NTYK KworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICAqIGxsaW50 L0xvd0xldmVsSW50ZXJwcmV0ZXIzMl82NC5hc206CisgICAgICAgICogbGxpbnQvTG93TGV2ZWxJ bnRlcnByZXRlcjY0LmFzbTogQWxzbyBmaXhlZCB0aGUgdmFsdWUgY2hlY2sgb24gNjQtYml0Lgor CiAyMDE0LTAyLTEwICBNYXJrIExhbSAgPG1hcmsubGFtQGFwcGxlLmNvbT4KIAogICAgICAgICBD aGFuZ2UgSlNMb2NrOjpkcm9wQWxsTG9ja3MoKSBhbmQgZnJpZW5kcyB0byB1c2UgbG9jaygpIGFu ZCB1bmxvY2soKS4KSW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9sbGludC9Mb3dMZXZlbElu dGVycHJldGVyMzJfNjQuYXNtCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9s bGludC9Mb3dMZXZlbEludGVycHJldGVyMzJfNjQuYXNtCShyZXZpc2lvbiAxNjM4MDcpCisrKyBT b3VyY2UvSmF2YVNjcmlwdENvcmUvbGxpbnQvTG93TGV2ZWxJbnRlcnByZXRlcjMyXzY0LmFzbQko d29ya2luZyBjb3B5KQpAQCAtNTU2LDYgKzU1Niw3IEBAIGVuZAogbWFjcm8gd3JpdGVCYXJyaWVy T25HbG9iYWxPYmplY3QodmFsdWVPcGVyYW5kKQogICAgIGlmIEdHQwogICAgICAgICBsb2FkaXNG cm9tSW5zdHJ1Y3Rpb24odmFsdWVPcGVyYW5kLCB0MSkKKyAgICAgICAgbG9hZENvbnN0YW50T3JW YXJpYWJsZVRhZyh0MSwgdDApCiAgICAgICAgIGJpbmVxIHQwLCBDZWxsVGFnLCAud3JpdGVCYXJy aWVyRG9uZQogICAgIAogICAgICAgICBsb2FkcCBDb2RlQmxvY2tbY2ZyXSwgdDMKSW5kZXg6IFNv dXJjZS9KYXZhU2NyaXB0Q29yZS9sbGludC9Mb3dMZXZlbEludGVycHJldGVyNjQuYXNtCj09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT0KLS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9sbGludC9Mb3dMZXZlbEludGVycHJldGVy NjQuYXNtCShyZXZpc2lvbiAxNjM4MDcpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvbGxpbnQv TG93TGV2ZWxJbnRlcnByZXRlcjY0LmFzbQkod29ya2luZyBjb3B5KQpAQCAtNDA5LDcgKzQwOSw3 IEBAIGVuZAogbWFjcm8gd3JpdGVCYXJyaWVyT25PcGVyYW5kcyhjZWxsT3BlcmFuZCwgdmFsdWVP cGVyYW5kKQogICAgIGlmIEdHQwogICAgICAgICBsb2FkaXNGcm9tSW5zdHJ1Y3Rpb24odmFsdWVP cGVyYW5kLCB0MSkKLSAgICAgICAgbG9hZENvbnN0YW50T3JWYXJpYWJsZSh0MSwgdDApCisgICAg ICAgIGxvYWRDb25zdGFudE9yVmFyaWFibGVDZWxsKHQxLCB0MCwgLndyaXRlQmFycmllckRvbmUp CiAgICAgICAgIGJ0cHogdDAsIC53cml0ZUJhcnJpZXJEb25lCiAgICAgCiAgICAgICAgIHdyaXRl QmFycmllck9uT3BlcmFuZChjZWxsT3BlcmFuZCkKQEAgLTQyMCw3ICs0MjAsNyBAQCBlbmQKIG1h Y3JvIHdyaXRlQmFycmllck9uR2xvYmFsT2JqZWN0KHZhbHVlT3BlcmFuZCkKICAgICBpZiBHR0MK ICAgICAgICAgbG9hZGlzRnJvbUluc3RydWN0aW9uKHZhbHVlT3BlcmFuZCwgdDEpCi0gICAgICAg IGxvYWRDb25zdGFudE9yVmFyaWFibGUodDEsIHQwKQorICAgICAgICBsb2FkQ29uc3RhbnRPclZh cmlhYmxlQ2VsbCh0MSwgdDAsIC53cml0ZUJhcnJpZXJEb25lKQogICAgICAgICBidHB6IHQwLCAu d3JpdGVCYXJyaWVyRG9uZQogICAgIAogICAgICAgICBsb2FkcCBDb2RlQmxvY2tbY2ZyXSwgdDMK SW5kZXg6IFNvdXJjZS9XVEYvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XVEYvQ2hh bmdlTG9nCShyZXZpc2lvbiAxNjM4MjcpCisrKyBTb3VyY2UvV1RGL0NoYW5nZUxvZwkod29ya2lu ZyBjb3B5KQpAQCAtMSwzICsxLDEyIEBACisyMDE0LTAyLTEwICBNYXJrIEhhaG5lbmJlcmcgIDxt aGFobmVuYmVyZ0BhcHBsZS5jb20+CisKKyAgICAgICAgMzItYml0IExMSW50IHdyaXRlQmFycmll ck9uR2xvYmFsT2JqZWN0IGlzIHdyb25nCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3Jn L3Nob3dfYnVnLmNnaT9pZD0xMjg1NTYKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9P UFMhKS4KKworICAgICAgICAqIHd0Zi9QbGF0Zm9ybS5oOiBSZW1vdmVkIE9CSkVDVF9NQVJLX0xP R0dJTkcgZnJvbSBQbGF0Zm9ybS5oIHNpbmNlIGl0IGFscmVhZHkgZXhpc3RzIGluIEZlYXR1cmVE ZWZpbmVzLmgKKwogMjAxNC0wMi0xMCAgRW5yaWNhIENhc3VjY2kgIDxlbnJpY2FAYXBwbGUuY29t PgogCiAgICAgICAgIGNvcHlTaG9ydEFTQ0lJU3RyaW5nIGNyYXNoZXMgb24gaU9TIGFmdGVyIHIx NjM3OTMuCkluZGV4OiBTb3VyY2UvV1RGL3d0Zi9QbGF0Zm9ybS5oCj09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNv dXJjZS9XVEYvd3RmL1BsYXRmb3JtLmgJKHJldmlzaW9uIDE2MzgwNykKKysrIFNvdXJjZS9XVEYv d3RmL1BsYXRmb3JtLmgJKHdvcmtpbmcgY29weSkKQEAgLTkzMSw4ICs5MzEsNiBAQAogI2RlZmlu ZSBFTkFCTEVfQ09NUEFSRV9BTkRfU1dBUCAxCiAjZW5kaWYKIAotI2RlZmluZSBFTkFCTEVfT0JK RUNUX01BUktfTE9HR0lORyAwCi0KICNpZiAhZGVmaW5lZChFTkFCTEVfUEFSQUxMRUxfR0MpICYm ICFFTkFCTEUoT0JKRUNUX01BUktfTE9HR0lORykgJiYgKE9TKERBUldJTikgJiYgIVBMQVRGT1JN KEVGTCkgfHwgUExBVEZPUk0oR1RLKSkgJiYgRU5BQkxFKENPTVBBUkVfQU5EX1NXQVApCiAjZGVm aW5lIEVOQUJMRV9QQVJBTExFTF9HQyAxCiAjZW5kaWYK