32-bit JSC stress/multi-put-by-offset-multiple-transitions.js failing
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 7 Apr 2016 01:44:23 +0000 (01:44 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 7 Apr 2016 01:44:23 +0000 (01:44 +0000)
https://bugs.webkit.org/show_bug.cgi?id=156292

Reviewed by Benjamin Poulain.

Make sure that we stash the callsite index before calling operationReallocateStorageAndFinishPut.

* bytecode/PolymorphicAccess.cpp:
(JSC::AccessCase::generate):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@199132 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp

index 6810e87..183db99 100644 (file)
@@ -1,5 +1,17 @@
 2016-04-06  Filip Pizlo  <fpizlo@apple.com>
 
+        32-bit JSC stress/multi-put-by-offset-multiple-transitions.js failing
+        https://bugs.webkit.org/show_bug.cgi?id=156292
+
+        Reviewed by Benjamin Poulain.
+
+        Make sure that we stash the callsite index before calling operationReallocateStorageAndFinishPut.
+
+        * bytecode/PolymorphicAccess.cpp:
+        (JSC::AccessCase::generate):
+
+2016-04-06  Filip Pizlo  <fpizlo@apple.com>
+
         JSC test stress/arrowfunction-lexical-bind-superproperty.js failing
         https://bugs.webkit.org/show_bug.cgi?id=156309
 
index 33982e5..dea2e16 100644 (file)
@@ -1189,6 +1189,9 @@ void AccessCase::generate(AccessGenerationState& state)
             allocator.preserveUsedRegistersToScratchBufferForCall(jit, scratchBuffer, scratchGPR);
             if (needsToMakeRoomOnStackForCCall)
                 jit.makeSpaceOnStackForCCall();
+            jit.store32(
+                CCallHelpers::TrustedImm32(state.originalCallSiteIndex().bits()),
+                CCallHelpers::tagFor(static_cast<VirtualRegister>(JSStack::ArgumentCount)));
 #if USE(JSVALUE64)
             jit.setupArgumentsWithExecState(
                 baseGPR,