LLInt TypeArray pointer poisoning should not pick its poison dynamically.
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 23 Mar 2018 18:55:26 +0000 (18:55 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 23 Mar 2018 18:55:26 +0000 (18:55 +0000)
commit09834c05a8dcd465bdbcb66b816aa9e3c7f049de
tree4c5b5be8e8afc4784833e4edd6b27d498c983c80
parentf3e5c29c2bccbf0dd85490e90a3c38624a0940b0
LLInt TypeArray pointer poisoning should not pick its poison dynamically.
https://bugs.webkit.org/show_bug.cgi?id=183942
<rdar://problem/38798018>

Reviewed by JF Bastien.

1. Move the LLInt TypedArray unpoisoning to just before the array access after
   all the branches.
2. Renamed FirstArrayType to FirstTypedArrayType to match the symbol in C++ code.
3. Remove a useless instruction in the implementation of emitX86Lea for a global
   label.

* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter64.asm:
* offlineasm/x86.rb:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@229912 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/llint/LowLevelInterpreter.asm
Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
Source/JavaScriptCore/offlineasm/x86.rb