Unreviewed, fix 32-bit after http://trac.webkit.org/changeset/152813
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 17 Jul 2013 23:43:53 +0000 (23:43 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 17 Jul 2013 23:43:53 +0000 (23:43 +0000)
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@152818 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp

index f2b2e1c..4dbf82c 100644 (file)
@@ -1,3 +1,12 @@
+2013-07-17  Filip Pizlo  <fpizlo@apple.com>
+
+        Unreviewed, fix 32-bit after http://trac.webkit.org/changeset/152813
+
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
+        * dfg/DFGSpeculativeJIT32_64.cpp:
+        (JSC::DFG::SpeculativeJIT::compile):
+
 2013-07-17  Geoffrey Garen  <ggaren@apple.com>
 
         API tests should test for JSStringCreateWithCFString with empty string
index b15f19c..eb95004 100644 (file)
@@ -4057,7 +4057,7 @@ void SpeculativeJIT::compileNewFunctionNoCheck(Node* node)
     GPRReg resultGPR = result.gpr();
     flushRegisters();
     callOperation(
-        operationNewFunction, resultGPR, m_jit.codeBlock()->functionDecl(node->functionDeclIndex()));
+        operationNewFunctionNoCheck, resultGPR, m_jit.codeBlock()->functionDecl(node->functionDeclIndex()));
     cellResult(resultGPR, node);
 }
 
index b10bf89..1d213c6 100644 (file)
@@ -4897,21 +4897,22 @@ void SpeculativeJIT::compile(Node* node)
         
     case NewFunction: {
         JSValueOperand value(this, node->child1());
-        GPRTemporary resultTag(this, op1);
-        GPRTemporary resultPayload(this, op1, false);
+        GPRTemporary resultTag(this, value);
+        GPRTemporary resultPayload(this, value, false);
         
         GPRReg valueTagGPR = value.tagGPR();
         GPRReg valuePayloadGPR = value.payloadGPR();
         GPRReg resultTagGPR = resultTag.gpr();
         GPRReg resultPayloadGPR = resultPayload.gpr();
         
-        m_jit.move(valuePayloadGPR, resultGPR);
+        m_jit.move(valuePayloadGPR, resultPayloadGPR);
+        m_jit.move(valueTagGPR, resultTagGPR);
         
         JITCompiler::Jump notCreated = m_jit.branch32(JITCompiler::Equal, valueTagGPR, TrustedImm32(JSValue::EmptyValueTag));
         
         addSlowPathGenerator(
             slowPathCall(
-                notCreated, this, operationNewFunction, resultTagGPR, resultPayloadGPR,
+                notCreated, this, operationNewFunction, JSValueRegs(resultTagGPR, resultPayloadGPR),
                 m_jit.codeBlock()->functionDecl(node->functionDeclIndex())));
         
         jsValueResult(resultTagGPR, resultPayloadGPR, node);