Imported WebKit commit 6339232fec7f5d9984a33388aecfd2cbc7832053 (http://svn.webkit.org/repository/webkit/trunk@129343)

New snapshot with build fixes for latest qtbase
author: Simon Hausmann <simon.hausmann@digia.com> 2012-09-24 13:09:44 +0200
committer: Simon Hausmann <simon.hausmann@digia.com> 2012-09-24 13:09:44 +0200
commit: dc6262b587c71c14e30d93e57ed812e36a79a33e (patch)
tree: 03ff986e7aa38bba0c0ef374f44fda52aff93f01 /Source/JavaScriptCore/runtime/Arguments.cpp
parent: 02e1fbbefd49229b102ef107bd70ce974a2d85fb (diff)
download: qtwebkit-dc6262b587c71c14e30d93e57ed812e36a79a33e.tar.gz
1 files changed, 13 insertions, 13 deletions
diff --git a/Source/JavaScriptCore/runtime/Arguments.cpp b/Source/JavaScriptCore/runtime/Arguments.cpp
index e5e503ee1..fdf202192 100644
--- a/Source/JavaScriptCore/runtime/Arguments.cpp
+++ b/Source/JavaScriptCore/runtime/Arguments.cpp
@@ -343,6 +343,18 @@ void Arguments::tearOff(CallFrame* callFrame)
     m_registerArray = adoptArrayPtr(new WriteBarrier<Unknown>[m_numArguments]);
     m_registers = m_registerArray.get() + CallFrame::offsetFor(m_numArguments + 1);
 
+    // If we have a captured argument that logically aliases activation storage,
+    // but we optimize away the activation, the argument needs to tear off into
+    // our storage. The simplest way to do this is to revert it to Normal status.
+    if (m_slowArguments && !m_activation) {
+        for (size_t i = 0; i < m_numArguments; ++i) {
+            if (m_slowArguments[i].status != SlowArgument::Captured)
+                continue;
+            m_slowArguments[i].status = SlowArgument::Normal;
+            m_slowArguments[i].index = CallFrame::argumentOffset(i);
+        }
+    }
+
     if (!callFrame->isInlineCallFrame()) {
         for (size_t i = 0; i < m_numArguments; ++i)
             trySetArgument(callFrame->globalData(), i, callFrame->argumentAfterCapture(i));
@@ -362,20 +374,8 @@ void Arguments::didTearOffActivation(ExecState* exec, JSActivation* activation)
     if (!m_numArguments)
         return;
     
-    tearOff(exec);
-
-    SharedSymbolTable* symbolTable = activation->symbolTable();
-    const SlowArgument* slowArguments = symbolTable->slowArguments();
-    if (!slowArguments)
-        return;
-
-    ASSERT(symbolTable->captureMode() == SharedSymbolTable::AllOfTheThings);
     m_activation.set(exec->globalData(), this, activation);
-
-    allocateSlowArguments();
-    size_t count = min<unsigned>(m_numArguments, symbolTable->parameterCount());
-    for (size_t i = 0; i < count; ++i)
-        m_slowArguments[i] = slowArguments[i];
+    tearOff(exec);
 }
 
 void Arguments::tearOff(CallFrame* callFrame, InlineCallFrame* inlineCallFrame)
author	Simon Hausmann <simon.hausmann@digia.com>	2012-09-24 13:09:44 +0200
committer	Simon Hausmann <simon.hausmann@digia.com>	2012-09-24 13:09:44 +0200
commit	dc6262b587c71c14e30d93e57ed812e36a79a33e (patch)
tree	03ff986e7aa38bba0c0ef374f44fda52aff93f01 /Source/JavaScriptCore/runtime/Arguments.cpp
parent	02e1fbbefd49229b102ef107bd70ce974a2d85fb (diff)
download	qtwebkit-dc6262b587c71c14e30d93e57ed812e36a79a33e.tar.gz