Showing the data overlay in OpenStreetMap doesn't work, zooming partially broken https://bugs.webkit.org/show_bug.cgi?id=71505 Source/JavaScriptCore: Reviewed by Oliver Hunt. The bytecode generator was assuming that call_varargs never reuses the base register (i.e. the function being called) for the result. This is no longer true. * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitCallVarargs): * bytecompiler/BytecodeGenerator.h: * bytecompiler/NodesCodegen.cpp: (JSC::ApplyFunctionCallDotNode::emitBytecode): LayoutTests: Reviewed by Oliver Hunt. * fast/js/function-dot-apply-replace-base-expected.txt: Added. * fast/js/function-dot-apply-replace-base.html: Added. * fast/js/script-tests/cross-global-object-inline-global-var.js: (done): * fast/js/script-tests/function-dot-apply-replace-base.js: Added. (foo): (bar): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@100879 268f45cc-cd09-0410-ab3c-d52691b4dbfc

commit: 5da687a74d33b20a3acca254b05d093b84379e1e [log] [tgz]
author: fpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Mon Nov 21 04:35:38 2011 +0000
committer: fpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Mon Nov 21 04:35:38 2011 +0000
tree: d2f5721b37283c62f91435f65f338de66fe05506
parent: 42e40b7a4d3cedf40bc2c1eee1501162a0370f94 [diff]
diff --git a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
index fc72233..c3a15a9 100644
--- a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
+++ b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

@@ -1835,12 +1835,12 @@
     return dst;
 }
 
-RegisterID* BytecodeGenerator::emitCallVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, unsigned divot, unsigned startOffset, unsigned endOffset)
+RegisterID* BytecodeGenerator::emitCallVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, RegisterID* profileHookRegister, unsigned divot, unsigned startOffset, unsigned endOffset)
 {
-    ASSERT(dst != func);
     if (m_shouldEmitProfileHooks) {
+        emitMove(profileHookRegister, func);
         emitOpcode(op_profile_will_call);
-        instructions().append(func->index());
+        instructions().append(profileHookRegister->index());
     }
     
     emitExpressionInfo(divot, startOffset, endOffset);
@@ -1857,7 +1857,7 @@
     }
     if (m_shouldEmitProfileHooks) {
         emitOpcode(op_profile_did_call);
-        instructions().append(func->index());
+        instructions().append(profileHookRegister->index());
     }
     return dst;
 }

diff --git a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
index 274fa3d..e8b69a0 100644
--- a/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
+++ b/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h

@@ -335,7 +335,7 @@
 
         RegisterID* emitCall(RegisterID* dst, RegisterID* func, CallArguments&, unsigned divot, unsigned startOffset, unsigned endOffset);
         RegisterID* emitCallEval(RegisterID* dst, RegisterID* func, CallArguments&, unsigned divot, unsigned startOffset, unsigned endOffset);
-        RegisterID* emitCallVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, unsigned divot, unsigned startOffset, unsigned endOffset);
+        RegisterID* emitCallVarargs(RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, RegisterID* profileHookRegister, unsigned divot, unsigned startOffset, unsigned endOffset);
         RegisterID* emitLoadVarargs(RegisterID* argCountDst, RegisterID* thisRegister, RegisterID* args);
 
         RegisterID* emitReturn(RegisterID* src);

diff --git a/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp b/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
index fe8efcf..0e294cb 100644
--- a/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
+++ b/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

@@ -496,6 +496,9 @@
             }
         } else {
             ASSERT(m_args->m_listNode && m_args->m_listNode->m_next);
+            RefPtr<RegisterID> profileHookRegister;
+            if (generator.shouldEmitProfileHooks())
+                profileHookRegister = generator.newTemporary();
             RefPtr<RegisterID> thisRegister = generator.emitNode(m_args->m_listNode->m_expr);
             RefPtr<RegisterID> argsRegister;
             ArgumentListNode* args = m_args->m_listNode->m_next;
@@ -509,7 +512,7 @@
             while ((args = args->m_next))
                 generator.emitNode(args->m_expr);
 
-            generator.emitCallVarargs(finalDestinationOrIgnored.get(), base.get(), thisRegister.get(), argsRegister.get(), generator.newTemporary(), divot(), startOffset(), endOffset());
+            generator.emitCallVarargs(finalDestinationOrIgnored.get(), base.get(), thisRegister.get(), argsRegister.get(), generator.newTemporary(), profileHookRegister.get(), divot(), startOffset(), endOffset());
         }
         generator.emitJump(end.get());
     }
commit	5da687a74d33b20a3acca254b05d093b84379e1e	[log] [tgz]
author	fpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>	Mon Nov 21 04:35:38 2011 +0000
committer	fpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>	Mon Nov 21 04:35:38 2011 +0000
tree	d2f5721b37283c62f91435f65f338de66fe05506
parent	42e40b7a4d3cedf40bc2c1eee1501162a0370f94 [diff]