Title: [163241] trunk/Source/_javascript_Core
- Revision
- 163241
- Author
- msab...@apple.com
- Date
- 2014-02-01 07:30:41 -0800 (Sat, 01 Feb 2014)
Log Message
REGRESSION (r163027?): CrashTracer: [USER] com.apple.WebKit.WebContent.Development at com.apple._javascript_Core: JSC::ArrayProfile::computeUpdatedPrediction + 4
https://bugs.webkit.org/show_bug.cgi?id=128037
Reviewed by Mark Lam.
op_call_varargs ops now needs an ArrayProfile since DFG inlines these since
change set r162739.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitCallVarargs):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (163240 => 163241)
--- trunk/Source/_javascript_Core/ChangeLog 2014-02-01 15:15:56 UTC (rev 163240)
+++ trunk/Source/_javascript_Core/ChangeLog 2014-02-01 15:30:41 UTC (rev 163241)
@@ -1,3 +1,18 @@
+2014-02-01 Michael Saboff <msab...@apple.com>
+
+ REGRESSION (r163027?): CrashTracer: [USER] com.apple.WebKit.WebContent.Development at com.apple._javascript_Core: JSC::ArrayProfile::computeUpdatedPrediction + 4
+ https://bugs.webkit.org/show_bug.cgi?id=128037
+
+ Reviewed by Mark Lam.
+
+ op_call_varargs ops now needs an ArrayProfile since DFG inlines these since
+ change set r162739.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::CodeBlock):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitCallVarargs):
+
2014-01-31 Mark Lam <mark....@apple.com>
Gardening: fix build breakage.
Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp (163240 => 163241)
--- trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2014-02-01 15:15:56 UTC (rev 163240)
+++ trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2014-02-01 15:30:41 UTC (rev 163241)
@@ -1689,6 +1689,7 @@
instructions[i + j].u.operand = pc[j].u.operand;
}
switch (pc[0].u.opcode) {
+ case op_call_varargs:
case op_get_by_val:
case op_get_argument_by_val: {
int arrayProfileIndex = pc[opLength - 2].u.operand;
@@ -1697,8 +1698,7 @@
instructions[i + opLength - 2] = &m_arrayProfiles[arrayProfileIndex];
FALLTHROUGH;
}
- case op_get_by_id:
- case op_call_varargs: {
+ case op_get_by_id: {
ValueProfile* profile = "" - 1].u.operand];
ASSERT(profile->m_bytecodeOffset == -1);
profile->m_bytecodeOffset = i;
Modified: trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp (163240 => 163241)
--- trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2014-02-01 15:15:56 UTC (rev 163240)
+++ trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2014-02-01 15:30:41 UTC (rev 163241)
@@ -1777,6 +1777,7 @@
emitExpressionInfo(divot, divotStart, divotEnd);
// Emit call.
+ UnlinkedArrayProfile arrayProfile = newArrayProfile();
UnlinkedValueProfile profile = ""
ASSERT(dst != ignoredResult());
instructions().append(dst->index());
@@ -1784,7 +1785,7 @@
instructions().append(thisRegister->index());
instructions().append(arguments->index());
instructions().append(firstFreeRegister->index());
- instructions().append(0); // Pad to make it as big as an op_call.
+ instructions().append(arrayProfile);
instructions().append(profile);
if (m_shouldEmitProfileHooks) {
emitOpcode(op_profile_did_call);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
