Merge WebKit at r71558: Initial merge by git.

Change-Id: Ib345578fa29df7e4bc72b4f00e4a6fddcb754c4c
author: Teng-Hui Zhu <ztenghui@google.com> 2010-11-10 15:31:59 -0800
committer: Teng-Hui Zhu <ztenghui@google.com> 2010-11-17 13:35:59 -0800
commit: 28040489d744e0c5d475a88663056c9040ed5320 (patch)
tree: c463676791e4a63e452a95f0a12b2a8519730693 /JavaScriptCore/jit
parent: eff9be92c41913c92fb1d3b7983c071f3e718678 (diff)
download: external_webkit-28040489d744e0c5d475a88663056c9040ed5320.zip
external_webkit-28040489d744e0c5d475a88663056c9040ed5320.tar.gz
external_webkit-28040489d744e0c5d475a88663056c9040ed5320.tar.bz2
4 files changed, 8 insertions, 5 deletions
diff --git a/JavaScriptCore/jit/JIT.cpp b/JavaScriptCore/jit/JIT.cpp
index 0eabdf5..e5be43b 100644
--- a/JavaScriptCore/jit/JIT.cpp
+++ b/JavaScriptCore/jit/JIT.cpp
@@ -477,8 +477,7 @@ JITCode JIT::privateCompile(CodePtr* functionEntryArityCheck)
         emitPutImmediateToCallFrameHeader(m_codeBlock, RegisterFile::CodeBlock);
 
         addPtr(Imm32(m_codeBlock->m_numCalleeRegisters * sizeof(Register)), callFrameRegister, regT1);
-        registerFileCheck = branchPtr(Below, AbsoluteAddress(&m_globalData->interpreter->registerFile().
-        m_end), regT1);
+        registerFileCheck = branchPtr(Below, AbsoluteAddress(&m_globalData->interpreter->registerFile().m_end), regT1);
     }
 
     Label functionBody = label();
diff --git a/JavaScriptCore/jit/JITOpcodes.cpp b/JavaScriptCore/jit/JITOpcodes.cpp
index 1528b76..74170c1 100644
--- a/JavaScriptCore/jit/JITOpcodes.cpp
+++ b/JavaScriptCore/jit/JITOpcodes.cpp
@@ -1266,7 +1266,7 @@ void JIT::emit_op_convert_this_strict(Instruction* currentInstruction)
     notNull.link(this);
     Jump isImmediate = emitJumpIfNotJSCell(regT0);
     loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT1);
-    Jump notAnObject = branch8(NotEqual, Address(regT3, OBJECT_OFFSETOF(Structure, m_typeInfo.m_type)), Imm32(ObjectType));
+    Jump notAnObject = branch8(NotEqual, Address(regT1, OBJECT_OFFSETOF(Structure, m_typeInfo.m_type)), Imm32(ObjectType));
     addSlowCase(branchTest8(NonZero, Address(regT1, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(NeedsThisConversion)));
     isImmediate.link(this);
     notAnObject.link(this);
@@ -1666,6 +1666,9 @@ void JIT::emit_op_load_varargs(Instruction* currentInstruction)
 {
     int argCountDst = currentInstruction[1].u.operand;
     int argsOffset = currentInstruction[2].u.operand;
+    int registerOffset = currentInstruction[3].u.operand;
+    ASSERT(argsOffset <= registerOffset);
+    
     int expectedParams = m_codeBlock->m_numParameters - 1;
     // Don't do inline copying if we aren't guaranteed to have a single stream
     // of arguments
@@ -1695,6 +1698,7 @@ void JIT::emit_op_load_varargs(Instruction* currentInstruction)
     
     // Bounds check the registerfile
     addPtr(regT2, regT3);
+    addPtr(Imm32((registerOffset - argsOffset) * sizeof(Register)), regT3);
     addSlowCase(branchPtr(Below, AbsoluteAddress(&m_globalData->interpreter->registerFile().m_end), regT3));
 
     sub32(Imm32(1), regT0);
diff --git a/JavaScriptCore/jit/JITOpcodes32_64.cpp b/JavaScriptCore/jit/JITOpcodes32_64.cpp
index 0a3d69d..8e0226d 100644
--- a/JavaScriptCore/jit/JITOpcodes32_64.cpp
+++ b/JavaScriptCore/jit/JITOpcodes32_64.cpp
@@ -1574,7 +1574,7 @@ void JIT::emit_op_convert_this_strict(Instruction* currentInstruction)
     notNull.link(this);
     Jump isImmediate = branch32(NotEqual, regT1, Imm32(JSValue::CellTag));
     loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
-    Jump notAnObject = branch8(NotEqual, Address(regT3, OBJECT_OFFSETOF(Structure, m_typeInfo.m_type)), Imm32(ObjectType));
+    Jump notAnObject = branch8(NotEqual, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo.m_type)), Imm32(ObjectType));
     addSlowCase(branchTest8(NonZero, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo.m_flags)), Imm32(NeedsThisConversion)));
     isImmediate.link(this);
     notAnObject.link(this);
diff --git a/JavaScriptCore/jit/JITStubs.cpp b/JavaScriptCore/jit/JITStubs.cpp
index c69a828..896b93d 100644
--- a/JavaScriptCore/jit/JITStubs.cpp
+++ b/JavaScriptCore/jit/JITStubs.cpp
@@ -1304,7 +1304,7 @@ DEFINE_STUB_FUNCTION(EncodedJSValue, op_convert_this_strict)
     
     JSValue v1 = stackFrame.args[0].jsValue();
     CallFrame* callFrame = stackFrame.callFrame;
-
+    ASSERT(v1.asCell()->structure()->typeInfo().needsThisConversion());
     JSValue result = v1.toStrictThisObject(callFrame);
     CHECK_FOR_EXCEPTION_AT_END();
     return JSValue::encode(result);
author	Teng-Hui Zhu <ztenghui@google.com>	2010-11-10 15:31:59 -0800
committer	Teng-Hui Zhu <ztenghui@google.com>	2010-11-17 13:35:59 -0800
commit	28040489d744e0c5d475a88663056c9040ed5320 (patch)
tree	c463676791e4a63e452a95f0a12b2a8519730693 /JavaScriptCore/jit
parent	eff9be92c41913c92fb1d3b7983c071f3e718678 (diff)
download	external_webkit-28040489d744e0c5d475a88663056c9040ed5320.zip external_webkit-28040489d744e0c5d475a88663056c9040ed5320.tar.gz external_webkit-28040489d744e0c5d475a88663056c9040ed5320.tar.bz2