+2017-12-15 Yusuke Suzuki <utatane.tea@gmail.com>
+
+ Unreviewed, 32bit JSEmpty is not nullptr + CellTag
+ https://bugs.webkit.org/show_bug.cgi?id=180804
+
+ Add 32bit path for WeakMapGet.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileWeakMapGet):
+
2017-12-14 Saam Barati <sbarati@apple.com>
The CleanUp after LICM is erroneously removing a Check
m_jit.add32(TrustedImm32(1), indexGPR);
m_jit.jump().linkTo(loop, &m_jit);
+#if USE(JSVALUE32_64)
notPresentInTable.link(&m_jit);
- found.link(&m_jit);
+ m_jit.moveValue(JSValue(), resultRegs);
+ auto notPresentInTableDone = m_jit.jump();
- // Empty bucket has JSEmpty value. Empty key is JSEmpty. If empty bucket is found, we can use the same path used for the case of finding a bucket.
- if (node->child1().useKind() == WeakSetObjectUse) {
-#if USE(JSVALUE32_64)
+ found.link(&m_jit);
+ if (node->child1().useKind() == WeakSetObjectUse)
m_jit.move(TrustedImm32(JSValue::CellTag), resultRegs.tagGPR());
-#endif
- } else
+ else
m_jit.loadValue(MacroAssembler::Address(bucketGPR, WeakMapBucket<WeakMapBucketDataKeyValue>::offsetOfValue()), resultRegs);
+ notPresentInTableDone.link(&m_jit);
+#else
+ notPresentInTable.link(&m_jit);
+ found.link(&m_jit);
+
+ // In 64bit environment, Empty bucket has JSEmpty value. Empty key is JSEmpty.
+ // If empty bucket is found, we can use the same path used for the case of finding a bucket.
+ if (node->child1().useKind() == WeakMapObjectUse)
+ m_jit.loadValue(MacroAssembler::Address(bucketGPR, WeakMapBucket<WeakMapBucketDataKeyValue>::offsetOfValue()), resultRegs);
+#endif
+
jsValueResult(resultRegs, node);
}
git://git.webkit.org / WebKit-https.git / commitdiff