<rdar://problem/9366557> Various crashes due to bad DFG codegen at canalplus.fr
authorggaren@apple.com <ggaren@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 4 May 2011 18:56:30 +0000 (18:56 +0000)
committerggaren@apple.com <ggaren@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 4 May 2011 18:56:30 +0000 (18:56 +0000)
Reviewed by Darin Adler.

Source/JavaScriptCore:

* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::checkArgumentTypes): Removed a stray line of
code that accidentally survived the conversion to a switch statement,
causing a lot of important code not to run most of the time.

Since this is not a trivial finger-picking mistake, I will not call it a
typo.

LayoutTests:

* fast/js/trivial-functions-expected.txt: Added.
* fast/js/trivial-functions.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@85771 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/js/trivial-functions-expected.txt [new file with mode: 0644]
LayoutTests/fast/js/trivial-functions.html [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

index 6bed241..674ac53 100644 (file)
@@ -1,3 +1,12 @@
+2011-05-03  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+
+        <rdar://problem/9366557> Various crashes due to bad DFG codegen at canalplus.fr
+
+        * fast/js/trivial-functions-expected.txt: Added.
+        * fast/js/trivial-functions.html: Added.
+
 2011-05-04  Mark Pilgrim  <pilgrim@chromium.org>
 
         Reviewed by Tony Chang.
diff --git a/LayoutTests/fast/js/trivial-functions-expected.txt b/LayoutTests/fast/js/trivial-functions-expected.txt
new file mode 100644 (file)
index 0000000..4ef2574
--- /dev/null
@@ -0,0 +1,5 @@
+Tests for compilation errors in trivial functions.
+
+PASS: f1(0, 0) should be undefined and is.
+PASS: f2(0, 0, 0) should be 0 and is.
+
diff --git a/LayoutTests/fast/js/trivial-functions.html b/LayoutTests/fast/js/trivial-functions.html
new file mode 100644 (file)
index 0000000..79275db
--- /dev/null
@@ -0,0 +1,35 @@
+<p>Tests for compilation errors in trivial functions.</p>
+<pre id="console"></pre>
+
+<p id="p"></p>
+
+<script>
+function $(id)
+{
+    return document.getElementById(id);
+}
+
+function log(s)
+{
+    $("console").appendChild(document.createTextNode(s + "\n"));
+}
+
+function shouldBe(aDescription, a, b)
+{
+    if (a == b) {
+        log("PASS: " + aDescription + " should be " + b + " and is.");
+        return;
+    }
+
+    log("FAIL: " + aDescription + " should be " + b + " but instead is " + a + ".");
+}
+
+function f1(a, b) { return a[b]; }
+function f2(a, b, c) { return a[b] = c; }
+
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+shouldBe("f1(0, 0)", f1(0, 0), undefined);
+shouldBe("f2(0, 0, 0)", f2(0, 0, 0), 0);
+</script>
index ac5055a..d533852 100644 (file)
@@ -1,3 +1,17 @@
+2011-05-03  Geoffrey Garen  <ggaren@apple.com>
+
+        Reviewed by Darin Adler.
+
+        <rdar://problem/9366557> Various crashes due to bad DFG codegen at canalplus.fr
+
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::checkArgumentTypes): Removed a stray line of
+        code that accidentally survived the conversion to a switch statement,
+        causing a lot of important code not to run most of the time.
+
+        Since this is not a trivial finger-picking mistake, I will not call it a
+        typo.
+
 2011-05-04  Adam Roben  <aroben@apple.com>
 
         Another attempted build fix
index 5f8c53c..71004fe 100644 (file)
@@ -904,7 +904,6 @@ void SpeculativeJIT::checkArgumentTypes()
     ASSERT(!m_compileIndex);
     for (int i = 0; i < m_jit.codeBlock()->m_numParameters; ++i) {
         VirtualRegister virtualRegister = (VirtualRegister)(m_jit.codeBlock()->thisRegister() + i);
-        if (m_jit.graph().getPrediction(virtualRegister) == PredictInt32)
         switch (m_jit.graph().getPrediction(virtualRegister)) {
         case PredictInt32:
             speculationCheck(m_jit.branchPtr(MacroAssembler::Below, JITCompiler::addressFor(virtualRegister), GPRInfo::tagTypeNumberRegister));