1 files changed, 15 insertions, 8 deletions

diff --git a/JavaScriptCore/jit/JSInterfaceJIT.h b/JavaScriptCore/jit/JSInterfaceJIT.h
index 12a6cfa..c85b94d 100644
--- a/JavaScriptCore/jit/JSInterfaceJIT.h
+++ b/JavaScriptCore/jit/JSInterfaceJIT.h
@@ -191,27 +191,32 @@ namespace JSC {
 
     inline JSInterfaceJIT::Jump JSInterfaceJIT::emitJumpIfNotJSCell(unsigned virtualRegisterIndex)
     {
+        ASSERT(static_cast<int>(virtualRegisterIndex) < FirstConstantRegisterIndex);
         return branch32(NotEqual, tagFor(virtualRegisterIndex), Imm32(JSValue::CellTag));
     }
     
     inline JSInterfaceJIT::Jump JSInterfaceJIT::emitLoadInt32(unsigned virtualRegisterIndex, RegisterID dst)
     {
+        ASSERT(static_cast<int>(virtualRegisterIndex) < FirstConstantRegisterIndex);
         loadPtr(payloadFor(virtualRegisterIndex), dst);
         return branch32(NotEqual, tagFor(virtualRegisterIndex), Imm32(JSValue::Int32Tag));
     }
     
-    inline JSInterfaceJIT::Address JSInterfaceJIT::tagFor(unsigned index, RegisterID base)
+    inline JSInterfaceJIT::Address JSInterfaceJIT::tagFor(unsigned virtualRegisterIndex, RegisterID base)
     {
-        return Address(base, (index * sizeof(Register)) + OBJECT_OFFSETOF(JSValue, u.asBits.tag));
+        ASSERT(static_cast<int>(virtualRegisterIndex) < FirstConstantRegisterIndex);
+        return Address(base, (virtualRegisterIndex * sizeof(Register)) + OBJECT_OFFSETOF(JSValue, u.asBits.tag));
     }
     
-    inline JSInterfaceJIT::Address JSInterfaceJIT::payloadFor(unsigned index, RegisterID base)
+    inline JSInterfaceJIT::Address JSInterfaceJIT::payloadFor(unsigned virtualRegisterIndex, RegisterID base)
     {
-        return Address(base, (index * sizeof(Register)) + OBJECT_OFFSETOF(JSValue, u.asBits.payload));
+        ASSERT(static_cast<int>(virtualRegisterIndex) < FirstConstantRegisterIndex);
+        return Address(base, (virtualRegisterIndex * sizeof(Register)) + OBJECT_OFFSETOF(JSValue, u.asBits.payload));
     }
 
     inline JSInterfaceJIT::Jump JSInterfaceJIT::emitLoadDouble(unsigned virtualRegisterIndex, FPRegisterID dst, RegisterID scratch)
     {
+        ASSERT(static_cast<int>(virtualRegisterIndex) < FirstConstantRegisterIndex);
         loadPtr(tagFor(virtualRegisterIndex), scratch);
         Jump isDouble = branch32(Below, scratch, Imm32(JSValue::LowestTag));
         Jump notInt = branch32(NotEqual, scratch, Imm32(JSValue::Int32Tag));
@@ -297,15 +302,17 @@ namespace JSC {
 #endif
 
 #if !USE(JSVALUE32_64)
-    inline JSInterfaceJIT::Address JSInterfaceJIT::payloadFor(unsigned index, RegisterID base)
+    inline JSInterfaceJIT::Address JSInterfaceJIT::payloadFor(unsigned virtualRegisterIndex, RegisterID base)
     {
-        return addressFor(index, base);
+        ASSERT(static_cast<int>(virtualRegisterIndex) < FirstConstantRegisterIndex);
+        return addressFor(virtualRegisterIndex, base);
     }
 #endif
 
-    inline JSInterfaceJIT::Address JSInterfaceJIT::addressFor(unsigned index, RegisterID base)
+    inline JSInterfaceJIT::Address JSInterfaceJIT::addressFor(unsigned virtualRegisterIndex, RegisterID base)
     {
-        return Address(base, (index * sizeof(Register)));
+        ASSERT(static_cast<int>(virtualRegisterIndex) < FirstConstantRegisterIndex);
+        return Address(base, (virtualRegisterIndex * sizeof(Register)));
     }
 
 }