Created attachment 56144 [details] Patch

Comment on attachment 56144 [details] Patch > diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog > index 7ac6b3cb96d0c4ac0fb61816a54298b1f9641159..5dea41a05bd293fddb0671ffcec381b4dcea6a35 100644 > --- a/JavaScriptCore/ChangeLog > +++ b/JavaScriptCore/ChangeLog > @@ -1,3 +1,16 @@ > +2010-05-15 Oliver Hunt <oliver@apple.com> > + > + Reviewed by NOBODY (OOPS!). > + > + Incorrect codegen for slowcase of < in 64-bit > + https://bugs.webkit.org/show_bug.cgi?id=39151 > + > + Call the correct stud for the slowcases of the < operator. “stud” > diff --git a/JavaScriptCore/jit/JITArithmetic.cpp b/JavaScriptCore/jit/JITArithmetic.cpp > index e5a4620d8ba24162b9db52d39421267f71d6bebc..cd39b3ad01c1ff45e15551efbbe01f0c12b633fc 100644 > --- a/JavaScriptCore/jit/JITArithmetic.cpp > +++ b/JavaScriptCore/jit/JITArithmetic.cpp > @@ -370,7 +370,7 @@ void JIT::emitSlow_op_jnless(Instruction* currentInstruction, Vector<SlowCaseEnt > linkSlowCase(iter); > linkSlowCase(iter); > linkSlowCase(iter); > - JITStubCall stubCall(this, cti_op_jlesseq); > + JITStubCall stubCall(this, cti_op_jless); > stubCall.addArgument(op1, regT0); > stubCall.addArgument(op2, regT1); > stubCall.call(); Is it really correct for emitSlow_op_jnless to call cti_op_jless? I’d have expected it to call cti_op_jnless.

(In reply to comment #2) > > Is it really correct for emitSlow_op_jnless to call cti_op_jless? I’d have expected it to call cti_op_jnless. Yes, it's correct, there is no cti_op_jnless. The following branch reverses the sense of the comparison.

Comment on attachment 56144 [details] Patch JavaScriptCore/ChangeLog:8 + Call the correct stud for the slowcases of the < operator. Typo as already noted by Mark. r=me if you fix that.

Committed r59547: <http://trac.webkit.org/changeset/59547>