91576 – DFG 32-bit PutById transition stub passes the payload/tag arguments to a DFG operation in the wrong order

RESOLVED FIXED Bug 91576

DFG 32-bit PutById transition stub passes the payload/tag arguments to a DFG operation in the wrong order

https://bugs.webkit.org/show_bug.cgi?id=91576

Summary DFG 32-bit PutById transition stub passes the payload/tag arguments to a DFG ...

Filip Pizlo

Reported 2012-07-17 21:36:14 PDT

We have a confusing convention where our callOperation() methods in DFG::SpeculativeJIT take the tag GPR first and the payload GPR second, but then reverse them. The transition stub generation code uses a lower level API where the reversal would already have been performed, but I had modeled the code around the calls to callOperation(). Hence I had gotten it backwards.

Attachments
the patch (1.65 KB, patch) 2012-07-17 21:41 PDT, Filip Pizlo	fpizlo: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Filip Pizlo

Comment 1 2012-07-17 21:41:48 PDT

Created attachment 152916 [details] the patch

Filip Pizlo

Comment 2 2012-07-17 21:43:34 PDT

Reviewed by Gavin in person.

Filip Pizlo

Comment 3 2012-07-17 21:44:32 PDT

Landed in http://trac.webkit.org/changeset/122919

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2012-07-17 21:36 PDT

Modified

2012-07-17 21:44 PDT History

CC List

0 users

URL

Keywords

Depends on

Blocks