Imported WebKit commit 795dcd25a9649fccaf1c9b685f6e2ffedaf7e620 (http://svn.webkit.org/repository/webkit/trunk@131718)

New snapshot that includes the return of -fkeep-memory at link time to reduce memory pressure as well as modularized documentation
author: Simon Hausmann <simon.hausmann@digia.com> 2012-10-18 10:55:06 +0200
committer: Simon Hausmann <simon.hausmann@digia.com> 2012-10-18 10:55:06 +0200
commit: ee4c86d1990a9e26277a6948e7027ad8d525ebfa (patch)
tree: 1e2d3408cd097606571f40ab63353c27bcb7dd5c /Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
parent: d882bec96d0d30aeeda2141bfadfca7f038ee862 (diff)
download: qtwebkit-ee4c86d1990a9e26277a6948e7027ad8d525ebfa.tar.gz
1 files changed, 11 insertions, 7 deletions
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
index 0928dfa58..daca71da7 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
@@ -3191,24 +3191,30 @@ void SpeculativeJIT::compile(Node& node)
         SpeculateCellOperand base(this, node.child1());
         StorageOperand storage(this, node.child2());
         GPRTemporary value(this);
+        GPRTemporary storageLength(this);
         
         GPRReg baseGPR = base.gpr();
         GPRReg storageGPR = storage.gpr();
         GPRReg valueGPR = value.gpr();
+        GPRReg storageLengthGPR = storageLength.gpr();
         
         switch (node.arrayMode()) {
         case Array::ArrayWithContiguous:
         case Array::ArrayWithContiguousOutOfBounds: {
             m_jit.load32(
-                MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()), valueGPR);
+                MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()), storageLengthGPR);
             MacroAssembler::Jump undefinedCase =
-                m_jit.branchTest32(MacroAssembler::Zero, valueGPR);
-            m_jit.sub32(TrustedImm32(1), valueGPR);
+                m_jit.branchTest32(MacroAssembler::Zero, storageLengthGPR);
+            m_jit.sub32(TrustedImm32(1), storageLengthGPR);
             m_jit.store32(
-                valueGPR, MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()));
+                storageLengthGPR, MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()));
             m_jit.loadPtr(
-                MacroAssembler::BaseIndex(storageGPR, valueGPR, MacroAssembler::ScalePtr),
+                MacroAssembler::BaseIndex(storageGPR, storageLengthGPR, MacroAssembler::ScalePtr),
                 valueGPR);
+            // FIXME: This would not have to be here if changing the publicLength also zeroed the values between the old
+            // length and the new length.
+            m_jit.storePtr(
+                MacroAssembler::TrustedImmPtr(0), MacroAssembler::BaseIndex(storageGPR, storageLengthGPR, MacroAssembler::ScalePtr));
             MacroAssembler::Jump slowCase = m_jit.branchTestPtr(MacroAssembler::Zero, valueGPR);
 
             addSlowPathGenerator(
@@ -3225,8 +3231,6 @@ void SpeculativeJIT::compile(Node& node)
             
         case Array::ArrayWithArrayStorage:
         case Array::ArrayWithArrayStorageOutOfBounds: {
-            GPRTemporary storageLength(this);
-            GPRReg storageLengthGPR = storageLength.gpr();
             m_jit.load32(MacroAssembler::Address(storageGPR, ArrayStorage::lengthOffset()), storageLengthGPR);
         
             JITCompiler::Jump undefinedCase =
author	Simon Hausmann <simon.hausmann@digia.com>	2012-10-18 10:55:06 +0200
committer	Simon Hausmann <simon.hausmann@digia.com>	2012-10-18 10:55:06 +0200
commit	ee4c86d1990a9e26277a6948e7027ad8d525ebfa (patch)
tree	1e2d3408cd097606571f40ab63353c27bcb7dd5c /Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
parent	d882bec96d0d30aeeda2141bfadfca7f038ee862 (diff)
download	qtwebkit-ee4c86d1990a9e26277a6948e7027ad8d525ebfa.tar.gz