Showing the data overlay in OpenStreetMap doesn't work, zooming partially broken

https://bugs.webkit.org/show_bug.cgi?id=71505

Source/JavaScriptCore:

Reviewed by Oliver Hunt.

The bytecode generator was assuming that call_varargs never reuses the base register
(i.e. the function being called) for the result. This is no longer true.

* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitCallVarargs):
* bytecompiler/BytecodeGenerator.h:
* bytecompiler/NodesCodegen.cpp:
(JSC::ApplyFunctionCallDotNode::emitBytecode):

LayoutTests:

Reviewed by Oliver Hunt.

* fast/js/function-dot-apply-replace-base-expected.txt: Added.
* fast/js/function-dot-apply-replace-base.html: Added.
* fast/js/script-tests/cross-global-object-inline-global-var.js:
(done):
* fast/js/script-tests/function-dot-apply-replace-base.js: Added.
(foo):
(bar):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@100879 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 85346fbbfbdbd88f8d49cb825ff84d9ca1378f6d..da57d14c5b243735ba72a19e3aecf2f41bfe5cb5 100644 (file)
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,18 @@
+2011-11-20  Filip Pizlo  <fpizlo@apple.com>
+
+        Showing the data overlay in OpenStreetMap doesn't work, zooming partially broken
+        https://bugs.webkit.org/show_bug.cgi?id=71505
+
+        Reviewed by Oliver Hunt.
+
+        * fast/js/function-dot-apply-replace-base-expected.txt: Added.
+        * fast/js/function-dot-apply-replace-base.html: Added.
+        * fast/js/script-tests/cross-global-object-inline-global-var.js:
+        (done):
+        * fast/js/script-tests/function-dot-apply-replace-base.js: Added.
+        (foo):
+        (bar):
+
 2011-11-20  Adam Barth  <abarth@webkit.org>
 
         REGRESSION(r100691): Safari error pages and Growl notifications fail to load stylesheets

diff --git a/LayoutTests/fast/js/function-dot-apply-replace-base-expected.txt b/LayoutTests/fast/js/function-dot-apply-replace-base-expected.txt
new file mode 100644 (file)
index 0000000..bcde452
--- /dev/null
+++ b/LayoutTests/fast/js/function-dot-apply-replace-base-expected.txt
@@ -0,0 +1,10 @@
+This tests that expressions of the form x = x.apply(...) don't break bytecode generation.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS bar() is 3
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

diff --git a/LayoutTests/fast/js/function-dot-apply-replace-base.html b/LayoutTests/fast/js/function-dot-apply-replace-base.html
new file mode 100644 (file)
index 0000000..b46a19b
--- /dev/null
+++ b/LayoutTests/fast/js/function-dot-apply-replace-base.html
@@ -0,0 +1,10 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="script-tests/function-dot-apply-replace-base.js"></script>
+<script src="resources/js-test-post.js"></script>
+</body>
+</html>

diff --git a/LayoutTests/fast/js/script-tests/cross-global-object-inline-global-var.js b/LayoutTests/fast/js/script-tests/cross-global-object-inline-global-var.js
index 3b8330fcd76925046660d73e41875df97ee35ee7..97930a1177ec2237c8b3239558b8f9831871583c 100644 (file)
--- a/LayoutTests/fast/js/script-tests/cross-global-object-inline-global-var.js
+++ b/LayoutTests/fast/js/script-tests/cross-global-object-inline-global-var.js
@@ -19,8 +19,7 @@ function done(value) {
         testPassed("done() called with " + expected);
     else
         testFailed("done() is " + value + " and should be " + expected + ".");
-    if (window.layoutTestController)
-        layoutTestController.notifyDone();
+    layoutTestController.notifyDone();
 }
 
 function doit() {

diff --git a/LayoutTests/fast/js/script-tests/function-dot-apply-replace-base.js b/LayoutTests/fast/js/script-tests/function-dot-apply-replace-base.js
new file mode 100644 (file)
index 0000000..a19e834
--- /dev/null
+++ b/LayoutTests/fast/js/script-tests/function-dot-apply-replace-base.js
@@ -0,0 +1,26 @@
+description(
+"This tests that expressions of the form x = x.apply(...) don't break bytecode generation."
+);
+
+function foo(a,b) {
+    return a+b;
+}
+
+function bar() {
+    var x;
+    
+    x = foo;
+    
+    var array = [];
+    array.push(1);
+    array.push(2);
+    
+    x = x.apply(void(0), array);
+    
+    return x;
+}
+
+shouldBe("bar()", "3");
+
+
+

diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
index dceb7b50e7a7e52c763d670de93b91e8e3e9ff3d..9de9ce91d05471f5102361db9158f206d473c04e 100644 (file)
--- a/Source/JavaScriptCore/ChangeLog
+++ b/Source/JavaScriptCore/ChangeLog
@@ -1,3 +1,19 @@
+2011-11-20  Filip Pizlo  <fpizlo@apple.com>
+
+        Showing the data overlay in OpenStreetMap doesn't work, zooming partially broken
+        https://bugs.webkit.org/show_bug.cgi?id=71505
+
+        Reviewed by Oliver Hunt.
+        
+        The bytecode generator was assuming that call_varargs never reuses the base register
+        (i.e. the function being called) for the result. This is no longer true.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitCallVarargs):
+        * bytecompiler/BytecodeGenerator.h:
+        * bytecompiler/NodesCodegen.cpp:
+        (JSC::ApplyFunctionCallDotNode::emitBytecode):
+
 2011-11-20  Filip Pizlo  <fpizlo@apple.com>
 
         DFG 32_64 should directly store double virtual registers on SetLocal

diff --git a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
index fc7223313d911f7ef805f3ca04d4e0fe2c2c4e97..c3a15a9d14a2d251eac3a96a8123682b4a64d0cc 100644 (file)
--- a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
+++ b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
@@ -1835,12 +1835,12 @@ RegisterID* BytecodeGenerator::emitCall(OpcodeID opcodeID, RegisterID* dst, Regi
     return dst;
 }
 
-RegisterID* BytecodeGenerator::emitCallVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, unsigned divot, unsigned startOffset, unsigned endOffset)
+RegisterID* BytecodeGenerator::emitCallVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, RegisterID* profileHookRegister, unsigned divot, unsigned startOffset, unsigned endOffset)
 {
-    ASSERT(dst != func);
     if (m_shouldEmitProfileHooks) {
+        emitMove(profileHookRegister, func);
         emitOpcode(op_profile_will_call);
-        instructions().append(func->index());
+        instructions().append(profileHookRegister->index());
     }
     
     emitExpressionInfo(divot, startOffset, endOffset);
@@ -1857,7 +1857,7 @@ RegisterID* BytecodeGenerator::emitCallVarargs(RegisterID* dst, RegisterID* func
     }
     if (m_shouldEmitProfileHooks) {
         emitOpcode(op_profile_did_call);
-        instructions().append(func->index());
+        instructions().append(profileHookRegister->index());
     }
     return dst;
 }

diff --git a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
index 274fa3d457c413dcb4e0e9a24066cbcc09ce0365..e8b69a0db7e3c18d5afee1693b56925dc1f5e9cc 100644 (file)
--- a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
+++ b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
@@ -335,7 +335,7 @@ namespace JSC {
 
         RegisterID* emitCall(RegisterID* dst, RegisterID* func, CallArguments&, unsigned divot, unsigned startOffset, unsigned endOffset);
         RegisterID* emitCallEval(RegisterID* dst, RegisterID* func, CallArguments&, unsigned divot, unsigned startOffset, unsigned endOffset);
-        RegisterID* emitCallVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, unsigned divot, unsigned startOffset, unsigned endOffset);
+        RegisterID* emitCallVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, RegisterID* profileHookRegister, unsigned divot, unsigned startOffset, unsigned endOffset);
         RegisterID* emitLoadVarargs(RegisterID* argCountDst, RegisterID* thisRegister, RegisterID* args);
 
         RegisterID* emitReturn(RegisterID* src);

diff --git a/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp b/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
index fe8efcf9b55a240d27966237d3cbb4681a78ca76..0e294cbdf5a2970f28cac8ef973365431ab1d5b4 100644 (file)
--- a/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
+++ b/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
@@ -496,6 +496,9 @@ RegisterID* ApplyFunctionCallDotNode::emitBytecode(BytecodeGenerator& generator,
             }
         } else {
             ASSERT(m_args->m_listNode && m_args->m_listNode->m_next);
+            RefPtr<RegisterID> profileHookRegister;
+            if (generator.shouldEmitProfileHooks())
+                profileHookRegister = generator.newTemporary();
             RefPtr<RegisterID> thisRegister = generator.emitNode(m_args->m_listNode->m_expr);
             RefPtr<RegisterID> argsRegister;
             ArgumentListNode* args = m_args->m_listNode->m_next;
@@ -509,7 +512,7 @@ RegisterID* ApplyFunctionCallDotNode::emitBytecode(BytecodeGenerator& generator,
             while ((args = args->m_next))
                 generator.emitNode(args->m_expr);
 
-            generator.emitCallVarargs(finalDestinationOrIgnored.get(), base.get(), thisRegister.get(), argsRegister.get(), generator.newTemporary(), divot(), startOffset(), endOffset());
+            generator.emitCallVarargs(finalDestinationOrIgnored.get(), base.get(), thisRegister.get(), argsRegister.get(), generator.newTemporary(), profileHookRegister.get(), divot(), startOffset(), endOffset());
         }
         generator.emitJump(end.get());
     }