[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373
Gustavo Noronha Silva
gns at gnome.org
Thu Apr 8 02:24:27 UTC 2010
The following commit has been merged in the webkit-1.2 branch:
commit 23e1faa144a3cd28be579426d21e3640a54ab991
Author: ggaren at apple.com <ggaren at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Mar 23 17:09:31 2010 +0000
Interpreter fix for <rdar://problem/7728196> REGRESSION (r46701): -(-2147483648)
evaluates to -2147483648 on 32 bit (35842)
Reviewed by Mark Rowe.
* interpreter/Interpreter.cpp:
(JSC::Interpreter::privateExecute): Only take the fast negate path if
a bit other than bit 31 is set. If none of bits 0-30 are set, then the
value we're negating can only be 0 or -2147483648, and neither can be
negated in int space.
* jit/JITArithmetic.cpp:
(JSC::JIT::emit_op_negate):
(JSC::JIT::emitSlow_op_negate): Updated the JIT implementation to match
the interpreter, since it's slightly simpler.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@56400 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index 93ef175..c9b0ba6 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,21 @@
+2010-03-23 Geoffrey Garen <ggaren at apple.com>
+
+ Reviewed by Mark Rowe.
+
+ Interpreter fix for <rdar://problem/7728196> REGRESSION (r46701): -(-2147483648)
+ evaluates to -2147483648 on 32 bit (35842)
+
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::privateExecute): Only take the fast negate path if
+ a bit other than bit 31 is set. If none of bits 0-30 are set, then the
+ value we're negating can only be 0 or -2147483648, and neither can be
+ negated in int space.
+
+ * jit/JITArithmetic.cpp:
+ (JSC::JIT::emit_op_negate):
+ (JSC::JIT::emitSlow_op_negate): Updated the JIT implementation to match
+ the interpreter, since it's slightly simpler.
+
2010-03-22 Geoffrey Garen <ggaren at apple.com>
Reviewed by Sam Weinig.
diff --git a/JavaScriptCore/interpreter/Interpreter.cpp b/JavaScriptCore/interpreter/Interpreter.cpp
index 98e6ee0..b6e9161 100644
--- a/JavaScriptCore/interpreter/Interpreter.cpp
+++ b/JavaScriptCore/interpreter/Interpreter.cpp
@@ -1520,7 +1520,7 @@ JSValue Interpreter::privateExecute(ExecutionFlag flag, RegisterFile* registerFi
*/
int dst = vPC[1].u.operand;
JSValue src = callFrame->r(vPC[2].u.operand).jsValue();
- if (src.isInt32() && src.asInt32())
+ if (src.isInt32() && (src.asInt32() & 0x7fffffff)) // non-zero and no overflow
callFrame->r(dst) = jsNumber(callFrame, -src.asInt32());
else {
JSValue result = jsNumber(callFrame, -src.toNumber(callFrame));
diff --git a/JavaScriptCore/jit/JITArithmetic.cpp b/JavaScriptCore/jit/JITArithmetic.cpp
index 5f546e2..2e1ff40 100644
--- a/JavaScriptCore/jit/JITArithmetic.cpp
+++ b/JavaScriptCore/jit/JITArithmetic.cpp
@@ -56,8 +56,8 @@ void JIT::emit_op_negate(Instruction* currentInstruction)
emitLoad(src, regT1, regT0);
Jump srcNotInt = branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag));
- addSlowCase(branch32(Equal, regT0, Imm32(0)));
- addSlowCase(branchNeg32(Overflow, regT0));
+ addSlowCase(branchTest32(Zero, regT0, Imm32(0x7fffffff)));
+ neg32(regT0);
emitStoreInt32(dst, regT0, (dst == src));
Jump end = jump();
@@ -77,8 +77,7 @@ void JIT::emitSlow_op_negate(Instruction* currentInstruction, Vector<SlowCaseEnt
{
unsigned dst = currentInstruction[1].u.operand;
- linkSlowCase(iter); // 0 check
- linkSlowCase(iter); // overflow check
+ linkSlowCase(iter); // 0x7fffffff check
linkSlowCase(iter); // double check
JITStubCall stubCall(this, cti_op_negate);
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list