Summary: | JSVALUE32_64 DFG JIT - Bug fixes for Branch and LogicalNot | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Yuqiang Xian <yuqiang.xian> | ||||
Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | barraclough, fpizlo, webkit.review.bot | ||||
Priority: | P2 | ||||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Attachments: |
|
Description
Yuqiang Xian
2011-10-08 07:50:13 PDT
Created attachment 110271 [details]
the patch
Comment on attachment 110271 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=110271&action=review > Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:560 > speculationCheck(m_jit.branch32(MacroAssembler::NotEqual, valueTagGPR, TrustedImm32(JSValue::UndefinedTag))); It's sad that we need two branches here. :-( But I think that we can optimize this later; more important is that your version is safer and more likely to be correct. Comment on attachment 110271 [details] the patch Clearing flags on attachment: 110271 Committed r97013: <http://trac.webkit.org/changeset/97013> All reviewed patches have been landed. Closing bug. |