|Summary:||DFG JIT 32_64 - Fix ArrayPop|
|Product:||WebKit||Reporter:||Yuqiang Xian <yuqiang.xian>|
|Severity:||Normal||CC:||barraclough, fpizlo, webkit.review.bot|
|Version:||528+ (Nightly build)|
Description Yuqiang Xian 2011-10-12 04:01:10 PDT
The storageLengthGPR is polluted by EmptyValueTag and later used to index the array, which results in abnormal behaviors in execution. This fix makes 32_64 DFG pass v8-deltablue and kraken crypto-sha256-iterative on Linux ia32.
Comment 2 Yuqiang Xian 2011-10-12 05:33:30 PDT
Created attachment 110672 [details] the patch I think I was muddled when developing the previous wrong patch... :( Also, please help land it manually if you think it should be r+, as I'm not sure if the commit queue will be happy about the style warnings. Thanks a lot.
Comment 3 WebKit Review Bot 2011-10-12 05:36:19 PDT
Comment 4 Filip Pizlo 2011-10-12 11:36:01 PDT
Ouch, I can't believe I created that bug.
Comment 5 WebKit Review Bot 2011-10-12 12:27:18 PDT
Comment on attachment 110672 [details] the patch Clearing flags on attachment: 110672 Committed r97286: <http://trac.webkit.org/changeset/97286>
Comment 6 WebKit Review Bot 2011-10-12 12:27:22 PDT
All reviewed patches have been landed. Closing bug.