Inline caching for proxies clobbers baseGPR too early
authormhahnenberg@apple.com <mhahnenberg@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 14 May 2014 20:48:55 +0000 (20:48 +0000)
committermhahnenberg@apple.com <mhahnenberg@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 14 May 2014 20:48:55 +0000 (20:48 +0000)
commitbbfbf0842461ac890f0343386b9448f955c6a3a7
treeb89567e0540ee50c133499f54d5d6574d19b9e49
parenta592cabc4780181842490f7275d9cf272fa320c9
Inline caching for proxies clobbers baseGPR too early
https://bugs.webkit.org/show_bug.cgi?id=132916

Reviewed by Filip Pizlo.

We clobber baseGPR prior to the Structure checks, so if any of the checks fail then the slow path
gets the target of the proxy rather than the proxy itself. We need to delay the clobbering of baseGPR
until we know the inline cache is going to succeed.

* jit/Repatch.cpp:
(JSC::generateByIdStub):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@168861 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/jit/Repatch.cpp