the toInt32 operation inside DFGSpeculativeJIT.cpp can't throw so we shouldn't emit...
authorsbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 22 Sep 2015 19:33:07 +0000 (19:33 +0000)
committersbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 22 Sep 2015 19:33:07 +0000 (19:33 +0000)
commitd6e150dcdcfcefc0efe5425246eeba5f7e7cd3bc
treee794d16ed80b83ad9df81ce1e6dbd088a507aa39
parent95f0bcb2c2cb9583fd2494124d03afbb099aae6a
the toInt32 operation inside DFGSpeculativeJIT.cpp can't throw so we shouldn't emit an exceptionCheck after it.
https://bugs.webkit.org/show_bug.cgi?id=149467

Reviewed by Mark Lam.

The callOperation for toInt32 won't store a call site index in the call frame.
Therefore, if this is the first callOperation in the current compilation,
and we emit an exception check inside a try block, we will hit an assertion
saying that we must have DFGCommonData::codeOrigins.size() be > 0 inside
DFGCommonData::lastCallSite(). Therefore, it is imperative that we don't
emit exception checks for callOperations that don't throw exceptions and
don't store a call site index in the call frame.

* dfg/DFGCommonData.cpp:
(JSC::DFG::CommonData::lastCallSite):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileValueToInt32):
(JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190128 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGCommonData.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp