Merge WebKit at r71558: Initial merge by git.

Change-Id: Ib345578fa29df7e4bc72b4f00e4a6fddcb754c4c
author: Teng-Hui Zhu <ztenghui@google.com> 2010-11-10 15:31:59 -0800
committer: Teng-Hui Zhu <ztenghui@google.com> 2010-11-17 13:35:59 -0800
commit: 28040489d744e0c5d475a88663056c9040ed5320 (patch)
tree: c463676791e4a63e452a95f0a12b2a8519730693 /JavaScriptCore/jit/JITOpcodes.cpp
parent: eff9be92c41913c92fb1d3b7983c071f3e718678 (diff)
download: external_webkit-28040489d744e0c5d475a88663056c9040ed5320.zip
external_webkit-28040489d744e0c5d475a88663056c9040ed5320.tar.gz
external_webkit-28040489d744e0c5d475a88663056c9040ed5320.tar.bz2
1 files changed, 5 insertions, 1 deletions
diff --git a/JavaScriptCore/jit/JITOpcodes.cpp b/JavaScriptCore/jit/JITOpcodes.cpp
index 1528b76..74170c1 100644
--- a/JavaScriptCore/jit/JITOpcodes.cpp
+++ b/JavaScriptCore/jit/JITOpcodes.cpp
@@ -1266,7 +1266,7 @@ void JIT::emit_op_convert_this_strict(Instruction* currentInstruction)
     notNull.link(this);
     Jump isImmediate = emitJumpIfNotJSCell(regT0);
     loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT1);
-    Jump notAnObject = branch8(NotEqual, Address(regT3, OBJECT_OFFSETOF(Structure, m_typeInfo.m_type)), Imm32(ObjectType));
+    Jump notAnObject = branch8(NotEqual, Address(regT1, OBJECT_OFFSETOF(Structure, m_typeInfo.m_type)), Imm32(ObjectType));
     addSlowCase(branchTest8(NonZero, Address(regT1, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(NeedsThisConversion)));
     isImmediate.link(this);
     notAnObject.link(this);
@@ -1666,6 +1666,9 @@ void JIT::emit_op_load_varargs(Instruction* currentInstruction)
 {
     int argCountDst = currentInstruction[1].u.operand;
     int argsOffset = currentInstruction[2].u.operand;
+    int registerOffset = currentInstruction[3].u.operand;
+    ASSERT(argsOffset <= registerOffset);
+    
     int expectedParams = m_codeBlock->m_numParameters - 1;
     // Don't do inline copying if we aren't guaranteed to have a single stream
     // of arguments
@@ -1695,6 +1698,7 @@ void JIT::emit_op_load_varargs(Instruction* currentInstruction)
     
     // Bounds check the registerfile
     addPtr(regT2, regT3);
+    addPtr(Imm32((registerOffset - argsOffset) * sizeof(Register)), regT3);
     addSlowCase(branchPtr(Below, AbsoluteAddress(&m_globalData->interpreter->registerFile().m_end), regT3));
 
     sub32(Imm32(1), regT0);
author	Teng-Hui Zhu <ztenghui@google.com>	2010-11-10 15:31:59 -0800
committer	Teng-Hui Zhu <ztenghui@google.com>	2010-11-17 13:35:59 -0800
commit	28040489d744e0c5d475a88663056c9040ed5320 (patch)
tree	c463676791e4a63e452a95f0a12b2a8519730693 /JavaScriptCore/jit/JITOpcodes.cpp
parent	eff9be92c41913c92fb1d3b7983c071f3e718678 (diff)
download	external_webkit-28040489d744e0c5d475a88663056c9040ed5320.zip external_webkit-28040489d744e0c5d475a88663056c9040ed5320.tar.gz external_webkit-28040489d744e0c5d475a88663056c9040ed5320.tar.bz2