DFG tracking of the value in cachedResultRegister does not handle
op_mov correctly
https://bugs.webkit.org/show_bug.cgi?id=68781
Reviewed by Oliver Hunt.
This takes the simplest approach: it makes the old JIT dumber rather
than making the DFG JIT smarter. This is performance-neutral.
* jit/JIT.h:
(JSC::JIT::canBeOptimized):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_mov):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95925 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/JavaScriptCore/jit/JIT.h b/Source/JavaScriptCore/jit/JIT.h
index 97c3de3..fc8f6d3 100644
--- a/Source/JavaScriptCore/jit/JIT.h
+++ b/Source/JavaScriptCore/jit/JIT.h
@@ -1034,8 +1034,10 @@
#endif
#if ENABLE(DFG_JIT)
+ bool canBeOptimized() { return m_canBeOptimized; }
bool shouldEmitProfiling() { return m_canBeOptimized; }
#else
+ bool canBeOptimized() { return false; }
// Enables use of value profiler with tiered compilation turned off,
// in which case all code gets profiled.
bool shouldEmitProfiling() { return true; }
diff --git a/Source/JavaScriptCore/jit/JITOpcodes.cpp b/Source/JavaScriptCore/jit/JITOpcodes.cpp
index e084da0..0a400f3 100644
--- a/Source/JavaScriptCore/jit/JITOpcodes.cpp
+++ b/Source/JavaScriptCore/jit/JITOpcodes.cpp
@@ -303,19 +303,26 @@
int dst = currentInstruction[1].u.operand;
int src = currentInstruction[2].u.operand;
- if (m_codeBlock->isConstantRegisterIndex(src)) {
- storePtr(ImmPtr(JSValue::encode(getConstantOperand(src))), Address(callFrameRegister, dst * sizeof(Register)));
- if (dst == m_lastResultBytecodeRegister)
- killLastResultRegister();
- } else if ((src == m_lastResultBytecodeRegister) || (dst == m_lastResultBytecodeRegister)) {
- // If either the src or dst is the cached register go though
- // get/put registers to make sure we track this correctly.
+ if (canBeOptimized()) {
+ // Use simpler approach, since the DFG thinks that the last result register
+ // is always set to the destination on every operation.
emitGetVirtualRegister(src, regT0);
emitPutVirtualRegister(dst);
} else {
- // Perform the copy via regT1; do not disturb any mapping in regT0.
- loadPtr(Address(callFrameRegister, src * sizeof(Register)), regT1);
- storePtr(regT1, Address(callFrameRegister, dst * sizeof(Register)));
+ if (m_codeBlock->isConstantRegisterIndex(src)) {
+ storePtr(ImmPtr(JSValue::encode(getConstantOperand(src))), Address(callFrameRegister, dst * sizeof(Register)));
+ if (dst == m_lastResultBytecodeRegister)
+ killLastResultRegister();
+ } else if ((src == m_lastResultBytecodeRegister) || (dst == m_lastResultBytecodeRegister)) {
+ // If either the src or dst is the cached register go though
+ // get/put registers to make sure we track this correctly.
+ emitGetVirtualRegister(src, regT0);
+ emitPutVirtualRegister(dst);
+ } else {
+ // Perform the copy via regT1; do not disturb any mapping in regT0.
+ loadPtr(Address(callFrameRegister, src * sizeof(Register)), regT1);
+ storePtr(regT1, Address(callFrameRegister, dst * sizeof(Register)));
+ }
}
}
