commit 82acbbfaca34161e06010a9664a73357d99e26d4
author fpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Tue Feb 28 00:37:58 2012 +0000
committer fpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Tue Feb 28 00:37:58 2012 +0000
tree 099b725f8a079e7493c25f09b2a875472b372842
parent 6aaf330fa5ac28b96af17e23109222a3086b0437

Old JIT's style of JSVALUE64 strict equality is subtly wrong
https://bugs.webkit.org/show_bug.cgi?id=79700

Reviewed by Oliver Hunt.

* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::comparePtr):
(MacroAssemblerX86_64):
* dfg/DFGOperations.cpp:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
* jit/JITOpcodes.cpp:
(JSC::JIT::compileOpStrictEq):
(JSC::JIT::emitSlow_op_stricteq):
(JSC::JIT::emitSlow_op_nstricteq):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@109040 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/dfg/DFGOperations.cpp

diff --git a/Source/JavaScriptCore/dfg/DFGOperations.cpp b/Source/JavaScriptCore/dfg/DFGOperations.cpp
index efbf972..7dac48a 100644
--- a/Source/JavaScriptCore/dfg/DFGOperations.cpp
+++ b/Source/JavaScriptCore/dfg/DFGOperations.cpp
@@ -736,8 +736,14 @@
 {
     JSGlobalData* globalData = &exec->globalData();
     NativeCallFrameTracer tracer(globalData, exec);
+
+    JSValue src1 = JSValue::decode(encodedOp1);
+    JSValue src2 = JSValue::decode(encodedOp2);
     
-    return JSValue::strictEqual(exec, JSValue::decode(encodedOp1), JSValue::decode(encodedOp2));
+    ASSERT((src1.isCell() && src2.isCell())
+           || src1.isDouble() || src2.isDouble());
+    
+    return JSValue::strictEqual(exec, src1, src2);
 }
 
 static void* handleHostCall(ExecState* execCallee, JSValue callee, CodeSpecializationKind kind)