diff options
| author | Lorry Tar Creator <lorry-tar-importer@lorry> | 2015-05-20 09:56:07 +0000 |
|---|---|---|
| committer | Lorry Tar Creator <lorry-tar-importer@lorry> | 2015-05-20 09:56:07 +0000 |
| commit | 41386e9cb918eed93b3f13648cbef387e371e451 (patch) | |
| tree | a97f9d7bd1d9d091833286085f72da9d83fd0606 /Source/JavaScriptCore/dfg/DFGJITCode.cpp | |
| parent | e15dd966d523731101f70ccf768bba12435a0208 (diff) | |
| download | WebKitGtk-tarball-41386e9cb918eed93b3f13648cbef387e371e451.tar.gz | |
webkitgtk-2.4.9webkitgtk-2.4.9
Diffstat (limited to 'Source/JavaScriptCore/dfg/DFGJITCode.cpp')
| -rw-r--r-- | Source/JavaScriptCore/dfg/DFGJITCode.cpp | 38 |
1 files changed, 17 insertions, 21 deletions
diff --git a/Source/JavaScriptCore/dfg/DFGJITCode.cpp b/Source/JavaScriptCore/dfg/DFGJITCode.cpp index db044e53e..c53653f8f 100644 --- a/Source/JavaScriptCore/dfg/DFGJITCode.cpp +++ b/Source/JavaScriptCore/dfg/DFGJITCode.cpp @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013, 2014 Apple Inc. All rights reserved. + * Copyright (C) 2013 Apple Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -29,17 +29,11 @@ #if ENABLE(DFG_JIT) #include "CodeBlock.h" -#include "JSCInlines.h" -#include "TrackedReferences.h" namespace JSC { namespace DFG { JITCode::JITCode() : DirectJITCode(DFGJIT) -#if ENABLE(FTL_JIT) - , osrEntryRetry(0) - , abandonOSREntry(false) -#endif // ENABLE(FTL_JIT) { } @@ -83,8 +77,23 @@ void JITCode::reconstruct( reconstruct(codeBlock, codeOrigin, streamIndex, recoveries); result = Operands<JSValue>(OperandsLike, recoveries); - for (size_t i = result.size(); i--;) + for (size_t i = result.size(); i--;) { + int operand = result.operandForIndex(i); + + if (operandIsArgument(operand) + && !VirtualRegister(operand).toArgument() + && codeBlock->codeType() == FunctionCode + && codeBlock->specializationKind() == CodeForConstruct) { + // Ugh. If we're in a constructor, the 'this' argument may hold garbage. It will + // also never be used. It doesn't matter what we put into the value for this, + // but it has to be an actual value that can be grokked by subsequent DFG passes, + // so we sanitize it here by turning it into Undefined. + result[i] = jsUndefined(); + continue; + } + result[i] = recoveries[i].recover(exec); + } } #if ENABLE(FTL_JIT) @@ -147,7 +156,6 @@ void JITCode::setOptimizationThresholdBasedOnCompilationResult( switch (result) { case CompilationSuccessful: optimizeNextInvocation(codeBlock); - codeBlock->baselineVersion()->m_hasBeenCompiledWithFTL = true; return; case CompilationFailed: dontOptimizeAnytimeSoon(codeBlock); @@ -171,18 +179,6 @@ void JITCode::setOptimizationThresholdBasedOnCompilationResult( } #endif // ENABLE(FTL_JIT) -void JITCode::validateReferences(const TrackedReferences& trackedReferences) -{ - common.validateReferences(trackedReferences); - - for (OSREntryData& entry : osrEntry) { - for (unsigned i = entry.m_expectedValues.size(); i--;) - entry.m_expectedValues[i].validateReferences(trackedReferences); - } - - minifiedDFG.validateReferences(trackedReferences); -} - } } // namespace JSC::DFG #endif // ENABLE(DFG_JIT) |