DFG should assert that argument value recoveries can only be
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 26 Mar 2012 22:58:35 +0000 (22:58 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 26 Mar 2012 22:58:35 +0000 (22:58 +0000)
AlreadyInRegisterFile or Constant
https://bugs.webkit.org/show_bug.cgi?id=82249

Reviewed by Michael Saboff.

Made the assertions that the DFG makes for argument value recoveries match
what Arguments expects.

* bytecode/ValueRecovery.h:
(JSC::ValueRecovery::isConstant):
(ValueRecovery):
(JSC::ValueRecovery::isAlreadyInRegisterFile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@112164 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/ValueRecovery.h
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

index 3456892c620f959cb333e80c6f5d5d78ac7c1285..70c906b87cc36e1a2c8f1060f96828f6bb09c002 100644 (file)
@@ -1,3 +1,21 @@
+2012-03-26  Filip Pizlo  <fpizlo@apple.com>
+
+        DFG should assert that argument value recoveries can only be
+        AlreadyInRegisterFile or Constant
+        https://bugs.webkit.org/show_bug.cgi?id=82249
+
+        Reviewed by Michael Saboff.
+        
+        Made the assertions that the DFG makes for argument value recoveries match
+        what Arguments expects.
+
+        * bytecode/ValueRecovery.h:
+        (JSC::ValueRecovery::isConstant):
+        (ValueRecovery):
+        (JSC::ValueRecovery::isAlreadyInRegisterFile):
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::compile):
+
 2012-03-26  Dan Bernstein  <mitz@apple.com>
 
         Tried to fix the Windows build.
index 4d2134e0ab25c1b554259fc2970525d9dc267312..007c6d3b7171d4b7ab0c2541f1040c6e8c90dba1 100644 (file)
@@ -192,6 +192,8 @@ public:
     
     ValueRecoveryTechnique technique() const { return m_technique; }
     
+    bool isConstant() const { return m_technique == Constant; }
+    
     bool isInRegisters() const
     {
         switch (m_technique) {
@@ -208,6 +210,20 @@ public:
         }
     }
     
+    bool isAlreadyInRegisterFile() const
+    {
+        switch (technique()) {
+        case AlreadyInRegisterFile:
+        case AlreadyInRegisterFileAsUnboxedInt32:
+        case AlreadyInRegisterFileAsUnboxedCell:
+        case AlreadyInRegisterFileAsUnboxedBoolean:
+        case AlreadyInRegisterFileAsUnboxedDouble:
+            return true;
+        default:
+            return false;
+        }
+    }
+    
     MacroAssembler::RegisterID gpr() const
     {
         ASSERT(m_technique == InGPR || m_technique == UnboxedInt32InGPR || m_technique == UnboxedBooleanInGPR || m_technique == UInt32InGPR);
index cd6fcb380502d8e60544a12b22d34ab1d98a7b60..e89fe4d25ada90fc803f3663515a2c681e00a3c6 100644 (file)
@@ -954,10 +954,12 @@ void SpeculativeJIT::compile(BasicBlock& block)
                 int argumentCountIncludingThis = inlineCallFrame->arguments.size();
                 for (int i = 0; i < argumentCountIncludingThis; ++i) {
                     ValueRecovery recovery = computeValueRecoveryFor(m_variables[inlineCallFrame->stackOffset + CallFrame::argumentOffsetIncludingThis(i)]);
-                    // The recovery cannot point to registers, since the call frame reification isn't
-                    // as smart as OSR, so it can't handle that. The exception is the this argument,
-                    // which we don't really need to be able to recover.
-                    ASSERT(!i || !recovery.isInRegisters());
+                    // The recovery should refer either to something that has already been
+                    // stored into the register file at the right place, or to a constant,
+                    // since the Arguments code isn't smart enough to handle anything else.
+                    // The exception is the this argument, which we don't really need to be
+                    // able to recover.
+                    ASSERT(!i || (recovery.isAlreadyInRegisterFile() || recovery.isConstant()));
                     inlineCallFrame->arguments[i] = recovery;
                 }
                 break;