<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[168942] branches/safari-538.34-branch/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/168942">168942</a></dd>
<dt>Author</dt> <dd>matthew_hanson@apple.com</dd>
<dt>Date</dt> <dd>2014-05-16 00:39:54 -0700 (Fri, 16 May 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/168776">r168776</a>.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branchessafari53834branchSourceJavaScriptCoreChangeLog">branches/safari-538.34-branch/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCoreJavaScriptCorevcxprojJavaScriptCorevcxproj">branches/safari-538.34-branch/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj">branches/safari-538.34-branch/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCoreassemblerAbstractMacroAssemblerh">branches/safari-538.34-branch/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCoreassemblerMacroAssemblerARM64h">branches/safari-538.34-branch/Source/JavaScriptCore/assembler/MacroAssemblerARM64.h</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCoreassemblerMacroAssemblerARMv7h">branches/safari-538.34-branch/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCoreassemblerMacroAssemblerX86h">branches/safari-538.34-branch/Source/JavaScriptCore/assembler/MacroAssemblerX86.h</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCoreassemblerMacroAssemblerX86_64h">branches/safari-538.34-branch/Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCoredfgDFGSlowPathGeneratorh">branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCoredfgDFGSpeculativeJITcpp">branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCoredfgDFGSpeculativeJITh">branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp">branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp">branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCoredfgDFGThunkscpp">branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGThunks.cpp</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCorejitAssemblyHelperscpp">branches/safari-538.34-branch/Source/JavaScriptCore/jit/AssemblyHelpers.cpp</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCorejitAssemblyHelpersh">branches/safari-538.34-branch/Source/JavaScriptCore/jit/AssemblyHelpers.h</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCorejitJITh">branches/safari-538.34-branch/Source/JavaScriptCore/jit/JIT.h</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCorejitJITArithmeticcpp">branches/safari-538.34-branch/Source/JavaScriptCore/jit/JITArithmetic.cpp</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCorejitJITOpcodescpp">branches/safari-538.34-branch/Source/JavaScriptCore/jit/JITOpcodes.cpp</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCorejitJITOpcodes32_64cpp">branches/safari-538.34-branch/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCorejitJITPropertyAccesscpp">branches/safari-538.34-branch/Source/JavaScriptCore/jit/JITPropertyAccess.cpp</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCorejitJITPropertyAccess32_64cpp">branches/safari-538.34-branch/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCorejitRegisterPreservationWrapperGeneratorcpp">branches/safari-538.34-branch/Source/JavaScriptCore/jit/RegisterPreservationWrapperGenerator.cpp</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCorejitRepatchcpp">branches/safari-538.34-branch/Source/JavaScriptCore/jit/Repatch.cpp</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCorejitThunkGeneratorscpp">branches/safari-538.34-branch/Source/JavaScriptCore/jit/ThunkGenerators.cpp</a></li>
<li><a href="#branchessafari53834branchSourceJavaScriptCoreyarrYarrJITcpp">branches/safari-538.34-branch/Source/JavaScriptCore/yarr/YarrJIT.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#branchessafari53834branchSourceJavaScriptCoreassemblerAbortReasonh">branches/safari-538.34-branch/Source/JavaScriptCore/assembler/AbortReason.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchessafari53834branchSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/ChangeLog (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/ChangeLog 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/ChangeLog 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -1,3 +1,85 @@
</span><ins>+2014-05-16 Matthew Hanson <matthew_hanson@apple.com>
+
+ Merge r168776.
+
+ 2014-05-13 Filip Pizlo <fpizlo@apple.com>
+
+ JIT breakpoints should be more informative
+ https://bugs.webkit.org/show_bug.cgi?id=132882
+
+ Reviewed by Oliver Hunt.
+
+ Introduce the notion of an AbortReason, which is a nice enumeration of coded assertion
+ failure names. This means that all you need to figure out why the JIT SIGTRAP'd is to look
+ at that platform's abort reason register (r11 on X86-64 for example).
+
+ * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * assembler/AbortReason.h: Added.
+ * assembler/AbstractMacroAssembler.h:
+ * assembler/MacroAssemblerARM64.h:
+ (JSC::MacroAssemblerARM64::abortWithReason):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::abortWithReason):
+ * assembler/MacroAssemblerX86.h:
+ (JSC::MacroAssemblerX86::abortWithReason):
+ * assembler/MacroAssemblerX86_64.h:
+ (JSC::MacroAssemblerX86_64::abortWithReason):
+ * dfg/DFGSlowPathGenerator.h:
+ (JSC::DFG::SlowPathGenerator::generate):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::bail):
+ (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
+ (JSC::DFG::SpeculativeJIT::compileMakeRope):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGThunks.cpp:
+ (JSC::DFG::osrEntryThunkGenerator):
+ * jit/AssemblyHelpers.cpp:
+ (JSC::AssemblyHelpers::jitAssertIsInt32):
+ (JSC::AssemblyHelpers::jitAssertIsJSInt32):
+ (JSC::AssemblyHelpers::jitAssertIsJSNumber):
+ (JSC::AssemblyHelpers::jitAssertIsJSDouble):
+ (JSC::AssemblyHelpers::jitAssertIsCell):
+ (JSC::AssemblyHelpers::jitAssertTagsInPlace):
+ (JSC::AssemblyHelpers::jitAssertHasValidCallFrame):
+ (JSC::AssemblyHelpers::jitAssertIsNull):
+ (JSC::AssemblyHelpers::jitAssertArgumentCountSane):
+ (JSC::AssemblyHelpers::emitStoreStructureWithTypeInfo):
+ * jit/AssemblyHelpers.h:
+ (JSC::AssemblyHelpers::checkStackPointerAlignment):
+ (JSC::AssemblyHelpers::emitStoreStructureWithTypeInfo): Deleted.
+ * jit/JIT.h:
+ * jit/JITArithmetic.cpp:
+ (JSC::JIT::emitSlow_op_div):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emitSlow_op_loop_hint):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::privateCompileCTINativeCall):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_get_by_val):
+ (JSC::JIT::compileGetDirectOffset):
+ (JSC::JIT::addStructureTransitionCheck): Deleted.
+ (JSC::JIT::testPrototype): Deleted.
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_get_by_val):
+ (JSC::JIT::compileGetDirectOffset):
+ * jit/RegisterPreservationWrapperGenerator.cpp:
+ (JSC::generateRegisterRestoration):
+ * jit/Repatch.cpp:
+ (JSC::addStructureTransitionCheck):
+ (JSC::linkClosureCall):
+ * jit/ThunkGenerators.cpp:
+ (JSC::emitPointerValidation):
+ (JSC::nativeForGenerator):
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::generate):
+
</ins><span class="cx"> 2014-05-14 Dean Jackson <dino@apple.com>
</span><span class="cx">
</span><span class="cx"> Disable some features on the safari-538.34 branch.
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCoreJavaScriptCorevcxprojJavaScriptCorevcxproj"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -818,6 +818,7 @@
</span><span class="cx"> <ClInclude Include="..\API\JSWrapperMap.h" />
</span><span class="cx"> <ClInclude Include="..\API\OpaqueJSString.h" />
</span><span class="cx"> <ClInclude Include="..\API\WebKitAvailability.h" />
</span><ins>+ <ClInclude Include="..\assembler\AbortReason.h" />
</ins><span class="cx"> <ClInclude Include="..\assembler\AbstractMacroAssembler.h" />
</span><span class="cx"> <ClInclude Include="..\assembler\AssemblerBuffer.h" />
</span><span class="cx"> <ClInclude Include="..\assembler\CodeLocation.h" />
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -107,6 +107,7 @@
</span><span class="cx"> 0F1E3A461534CBAF000F9456 /* DFGArgumentPosition.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F1E3A431534CBAD000F9456 /* DFGArgumentPosition.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F1E3A471534CBB9000F9456 /* DFGDoubleFormatState.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F1E3A441534CBAD000F9456 /* DFGDoubleFormatState.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F1E3A67153A21E2000F9456 /* DFGSilentRegisterSavePlan.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F1E3A65153A21DF000F9456 /* DFGSilentRegisterSavePlan.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><ins>+ 0F1FE51C1922A3BC006987C5 /* AbortReason.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F1FE51B1922A3BC006987C5 /* AbortReason.h */; settings = {ATTRIBUTES = (Private, ); }; };
</ins><span class="cx"> 0F21C27D14BE727A00ADC64B /* CodeSpecializationKind.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F21C27914BE727300ADC64B /* CodeSpecializationKind.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F21C27F14BEAA8200ADC64B /* BytecodeConventions.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F21C27E14BEAA8000ADC64B /* BytecodeConventions.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F235BD317178E1C00690C7F /* FTLExitArgument.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F235BBD17178E1C00690C7F /* FTLExitArgument.cpp */; };
</span><span class="lines">@@ -1914,6 +1915,7 @@
</span><span class="cx"> 0F1E3A441534CBAD000F9456 /* DFGDoubleFormatState.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGDoubleFormatState.h; path = dfg/DFGDoubleFormatState.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F1E3A501537C2CB000F9456 /* DFGSlowPathGenerator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGSlowPathGenerator.h; path = dfg/DFGSlowPathGenerator.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F1E3A65153A21DF000F9456 /* DFGSilentRegisterSavePlan.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGSilentRegisterSavePlan.h; path = dfg/DFGSilentRegisterSavePlan.h; sourceTree = "<group>"; };
</span><ins>+ 0F1FE51B1922A3BC006987C5 /* AbortReason.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AbortReason.h; sourceTree = "<group>"; };
</ins><span class="cx"> 0F21C27914BE727300ADC64B /* CodeSpecializationKind.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CodeSpecializationKind.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F21C27E14BEAA8000ADC64B /* BytecodeConventions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BytecodeConventions.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F235BBD17178E1C00690C7F /* FTLExitArgument.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLExitArgument.cpp; path = ftl/FTLExitArgument.cpp; sourceTree = "<group>"; };
</span><span class="lines">@@ -4896,6 +4898,7 @@
</span><span class="cx"> 9688CB120ED12B4E001D649F /* assembler */ = {
</span><span class="cx"> isa = PBXGroup;
</span><span class="cx"> children = (
</span><ins>+ 0F1FE51B1922A3BC006987C5 /* AbortReason.h */,
</ins><span class="cx"> 860161DF0F3A83C100F84710 /* AbstractMacroAssembler.h */,
</span><span class="cx"> 8640923B156EED3B00566CB2 /* ARM64Assembler.h */,
</span><span class="cx"> 86D3B2BF10156BDE002865E7 /* ARMAssembler.cpp */,
</span><span class="lines">@@ -5825,6 +5828,7 @@
</span><span class="cx"> C21122E215DD9AB300790E3A /* GCThreadSharedData.h in Headers */,
</span><span class="cx"> A532439418569709002ED692 /* generate-combined-inspector-json.py in Headers */,
</span><span class="cx"> 0F2B66E017B6B5AB00A7AE3F /* GenericTypedArrayView.h in Headers */,
</span><ins>+ 0F1FE51C1922A3BC006987C5 /* AbortReason.h in Headers */,
</ins><span class="cx"> 0F2B66E117B6B5AB00A7AE3F /* GenericTypedArrayViewInlines.h in Headers */,
</span><span class="cx"> 0F9332A014CA7DCD0085F3C6 /* GetByIdStatus.h in Headers */,
</span><span class="cx"> 0F0332C418B01763005F979A /* GetByIdVariant.h in Headers */,
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCoreassemblerAbortReasonhfromrev168776trunkSourceJavaScriptCoreassemblerAbortReasonh"></a>
<div class="copfile"><h4>Copied: branches/safari-538.34-branch/Source/JavaScriptCore/assembler/AbortReason.h (from rev 168776, trunk/Source/JavaScriptCore/assembler/AbortReason.h) (0 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/assembler/AbortReason.h (rev 0)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/assembler/AbortReason.h 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -0,0 +1,75 @@
</span><ins>+/*
+ * Copyright (C) 2014 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef AbortReason_h
+#define AbortReason_h
+
+namespace JSC {
+
+// It's important to not change the values of existing abort reasons unless we really
+// have to. For this reason there is a BASIC-style numbering that should allow us to
+// sneak new reasons in without changing the numbering of existing reasons - at least
+// for a while.
+enum AbortReason {
+ AHCallFrameMisaligned = 10,
+ AHIndexingTypeIsValid = 20,
+ AHInsaneArgumentCount = 30,
+ AHIsNotCell = 40,
+ AHIsNotInt32 = 50,
+ AHIsNotJSDouble = 60,
+ AHIsNotJSInt32 = 70,
+ AHIsNotJSNumber = 80,
+ AHIsNotNull = 90,
+ AHStackPointerMisaligned = 100,
+ AHStructureIDIsValid = 110,
+ AHTagMaskNotInPlace = 120,
+ AHTagTypeNumberNotInPlace = 130,
+ AHTypeInfoInlineTypeFlagsAreValid = 140,
+ AHTypeInfoIsValid = 150,
+ DFGBailed = 160,
+ DFGBasicStorageAllocatorZeroSize = 170,
+ DFGIsNotCell = 180,
+ DFGIneffectiveWatchpoint = 190,
+ DFGNegativeStringLength = 200,
+ DFGSlowPathGeneratorFellThrough = 210,
+ DFGUnreachableBasicBlock = 220,
+ DFGUnreasonableOSREntryJumpDestination = 230,
+ JITDivOperandsAreNotNumbers = 240,
+ JITGetByValResultIsNotEmpty = 250,
+ JITNotSupported = 260,
+ JITOffsetIsNotOutOfLine = 270,
+ JITUnreasonableLoopHintJumpTarget = 280,
+ RPWUnreasonableJumpTarget = 290,
+ RepatchIneffectiveWatchpoint = 300,
+ RepatchInsaneArgumentCount = 310,
+ TGInvalidPointer = 320,
+ TGNotSupported = 330,
+ YARRNoInputConsumed = 340,
+};
+
+} // namespace JSC
+
+#endif // AbortReason_h
+
</ins></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCoreassemblerAbstractMacroAssemblerh"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2008, 2012 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2008, 2012, 2014 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -26,6 +26,7 @@
</span><span class="cx"> #ifndef AbstractMacroAssembler_h
</span><span class="cx"> #define AbstractMacroAssembler_h
</span><span class="cx">
</span><ins>+#include "AbortReason.h"
</ins><span class="cx"> #include "AssemblerBuffer.h"
</span><span class="cx"> #include "CodeLocation.h"
</span><span class="cx"> #include "MacroAssemblerCodeRef.h"
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCoreassemblerMacroAssemblerARM64h"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/assembler/MacroAssemblerARM64.h (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/assembler/MacroAssemblerARM64.h 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/assembler/MacroAssemblerARM64.h 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2014 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -806,6 +806,12 @@
</span><span class="cx"> return label;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ void abortWithReason(AbortReason reason)
+ {
+ move(TrustedImm32(reason), dataTempRegister);
+ breakpoint();
+ }
+
</ins><span class="cx"> ConvertibleLoadLabel convertibleLoadPtr(Address address, RegisterID dest)
</span><span class="cx"> {
</span><span class="cx"> ConvertibleLoadLabel result(this);
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCoreassemblerMacroAssemblerARMv7h"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2009, 2010 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2009, 2010, 2014 Apple Inc. All rights reserved.
</ins><span class="cx"> * Copyright (C) 2010 University of Szeged
</span><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="lines">@@ -632,6 +632,12 @@
</span><span class="cx"> m_assembler.ldr(dest, addressTempRegister, ARMThumbImmediate::makeUInt16(0));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ void abortWithReason(AbortReason reason)
+ {
+ move(TrustedImm32(reason), dataTempRegister);
+ breakpoint();
+ }
+
</ins><span class="cx"> ConvertibleLoadLabel convertibleLoadPtr(Address address, RegisterID dest)
</span><span class="cx"> {
</span><span class="cx"> ConvertibleLoadLabel result(this);
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCoreassemblerMacroAssemblerX86h"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/assembler/MacroAssemblerX86.h (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/assembler/MacroAssemblerX86.h 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/assembler/MacroAssemblerX86.h 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2008 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2008, 2014 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -111,6 +111,12 @@
</span><span class="cx"> m_assembler.movzbl_mr(address, dest);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ void abortWithReason(AbortReason reason)
+ {
+ move(TrustedImm32(reason), X86Registers::eax);
+ breakpoint();
+ }
+
</ins><span class="cx"> ConvertibleLoadLabel convertibleLoadPtr(Address address, RegisterID dest)
</span><span class="cx"> {
</span><span class="cx"> ConvertibleLoadLabel result = ConvertibleLoadLabel(this);
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCoreassemblerMacroAssemblerX86_64h"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2008, 2012 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2008, 2012, 2014 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -629,6 +629,12 @@
</span><span class="cx"> return Jump(m_assembler.jCC(x86Condition(cond)));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ void abortWithReason(AbortReason reason)
+ {
+ move(TrustedImm32(reason), X86Registers::r11);
+ breakpoint();
+ }
+
</ins><span class="cx"> ConvertibleLoadLabel convertibleLoadPtr(Address address, RegisterID dest)
</span><span class="cx"> {
</span><span class="cx"> ConvertibleLoadLabel result = ConvertibleLoadLabel(this);
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCoredfgDFGSlowPathGeneratorh"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -50,7 +50,7 @@
</span><span class="cx"> jit->m_currentNode = m_currentNode;
</span><span class="cx"> generateInternal(jit);
</span><span class="cx"> if (!ASSERT_DISABLED)
</span><del>- jit->m_jit.breakpoint(); // make sure that the generator jumps back to somewhere
</del><ins>+ jit->m_jit.abortWithReason(DFGSlowPathGeneratorFellThrough);
</ins><span class="cx"> }
</span><span class="cx"> MacroAssembler::Label label() const { return m_label; }
</span><span class="cx"> virtual MacroAssembler::Call call() const
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCoredfgDFGSpeculativeJITcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -1341,7 +1341,7 @@
</span><span class="cx"> void SpeculativeJIT::bail()
</span><span class="cx"> {
</span><span class="cx"> m_compileOkay = true;
</span><del>- m_jit.breakpoint();
</del><ins>+ m_jit.abortWithReason(DFGBailed);
</ins><span class="cx"> clearGenerationInfo();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1360,7 +1360,7 @@
</span><span class="cx"> // Don't generate code for basic blocks that are unreachable according to CFA.
</span><span class="cx"> // But to be sure that nobody has generated a jump to this block, drop in a
</span><span class="cx"> // breakpoint here.
</span><del>- m_jit.breakpoint();
</del><ins>+ m_jit.abortWithReason(DFGUnreachableBasicBlock);
</ins><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -2821,7 +2821,7 @@
</span><span class="cx"> if (!ASSERT_DISABLED) {
</span><span class="cx"> JITCompiler::Jump ok = m_jit.branch32(
</span><span class="cx"> JITCompiler::GreaterThanOrEqual, allocatorGPR, TrustedImm32(0));
</span><del>- m_jit.breakpoint();
</del><ins>+ m_jit.abortWithReason(DFGNegativeStringLength);
</ins><span class="cx"> ok.link(&m_jit);
</span><span class="cx"> }
</span><span class="cx"> for (unsigned i = 1; i < numOpGPRs; ++i) {
</span><span class="lines">@@ -2837,7 +2837,7 @@
</span><span class="cx"> if (!ASSERT_DISABLED) {
</span><span class="cx"> JITCompiler::Jump ok = m_jit.branch32(
</span><span class="cx"> JITCompiler::GreaterThanOrEqual, allocatorGPR, TrustedImm32(0));
</span><del>- m_jit.breakpoint();
</del><ins>+ m_jit.abortWithReason(DFGNegativeStringLength);
</ins><span class="cx"> ok.link(&m_jit);
</span><span class="cx"> }
</span><span class="cx"> m_jit.store32(allocatorGPR, JITCompiler::Address(resultGPR, JSString::offsetOfLength()));
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCoredfgDFGSpeculativeJITh"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -2143,7 +2143,7 @@
</span><span class="cx"> #ifndef NDEBUG
</span><span class="cx"> m_jit.move(size, resultGPR);
</span><span class="cx"> MacroAssembler::Jump nonZeroSize = m_jit.branchTest32(MacroAssembler::NonZero, resultGPR);
</span><del>- m_jit.breakpoint();
</del><ins>+ m_jit.abortWithReason(DFGBasicStorageAllocatorZeroSize);
</ins><span class="cx"> nonZeroSize.link(&m_jit);
</span><span class="cx"> #endif
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -3709,7 +3709,7 @@
</span><span class="cx"> #if !ASSERT_DISABLED
</span><span class="cx"> SpeculateCellOperand op1(this, node->child1());
</span><span class="cx"> JITCompiler::Jump isOK = m_jit.branchPtr(JITCompiler::Equal, JITCompiler::Address(op1.gpr(), JSCell::structureIDOffset()), TrustedImmPtr(node->structure()));
</span><del>- m_jit.breakpoint();
</del><ins>+ m_jit.abortWithReason(DFGIneffectiveWatchpoint);
</ins><span class="cx"> isOK.link(&m_jit);
</span><span class="cx"> #else
</span><span class="cx"> speculateCell(node->child1());
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -1036,7 +1036,7 @@
</span><span class="cx"> m_gprs.lock(gpr);
</span><span class="cx"> if (!ASSERT_DISABLED) {
</span><span class="cx"> MacroAssembler::Jump checkCell = branchIsCell(JSValueRegs(gpr));
</span><del>- m_jit.breakpoint();
</del><ins>+ m_jit.abortWithReason(DFGIsNotCell);
</ins><span class="cx"> checkCell.link(&m_jit);
</span><span class="cx"> }
</span><span class="cx"> return gpr;
</span><span class="lines">@@ -3782,7 +3782,7 @@
</span><span class="cx"> JITCompiler::Equal,
</span><span class="cx"> JITCompiler::Address(op1.gpr(), JSCell::structureIDOffset()),
</span><span class="cx"> node->structure());
</span><del>- m_jit.breakpoint();
</del><ins>+ m_jit.abortWithReason(DFGIneffectiveWatchpoint);
</ins><span class="cx"> isOK.link(&m_jit);
</span><span class="cx"> #else
</span><span class="cx"> speculateCell(node->child1());
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCoredfgDFGThunkscpp"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGThunks.cpp (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGThunks.cpp 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/dfg/DFGThunks.cpp 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -127,7 +127,7 @@
</span><span class="cx">
</span><span class="cx"> jit.loadPtr(MacroAssembler::Address(GPRInfo::regT0, offsetOfTargetPC), GPRInfo::regT1);
</span><span class="cx"> MacroAssembler::Jump ok = jit.branchPtr(MacroAssembler::Above, GPRInfo::regT1, MacroAssembler::TrustedImmPtr(bitwise_cast<void*>(static_cast<intptr_t>(1000))));
</span><del>- jit.breakpoint();
</del><ins>+ jit.abortWithReason(DFGUnreasonableOSREntryJumpDestination);
</ins><span class="cx"> ok.link(&jit);
</span><span class="cx"> jit.jump(GPRInfo::regT1);
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCorejitAssemblyHelperscpp"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/jit/AssemblyHelpers.cpp (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/jit/AssemblyHelpers.cpp 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/jit/AssemblyHelpers.cpp 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -84,7 +84,7 @@
</span><span class="cx"> {
</span><span class="cx"> #if CPU(X86_64)
</span><span class="cx"> Jump checkInt32 = branch64(BelowOrEqual, gpr, TrustedImm64(static_cast<uintptr_t>(0xFFFFFFFFu)));
</span><del>- breakpoint();
</del><ins>+ abortWithReason(AHIsNotInt32);
</ins><span class="cx"> checkInt32.link(this);
</span><span class="cx"> #else
</span><span class="cx"> UNUSED_PARAM(gpr);
</span><span class="lines">@@ -94,14 +94,14 @@
</span><span class="cx"> void AssemblyHelpers::jitAssertIsJSInt32(GPRReg gpr)
</span><span class="cx"> {
</span><span class="cx"> Jump checkJSInt32 = branch64(AboveOrEqual, gpr, GPRInfo::tagTypeNumberRegister);
</span><del>- breakpoint();
</del><ins>+ abortWithReason(AHIsNotJSInt32);
</ins><span class="cx"> checkJSInt32.link(this);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void AssemblyHelpers::jitAssertIsJSNumber(GPRReg gpr)
</span><span class="cx"> {
</span><span class="cx"> Jump checkJSNumber = branchTest64(MacroAssembler::NonZero, gpr, GPRInfo::tagTypeNumberRegister);
</span><del>- breakpoint();
</del><ins>+ abortWithReason(AHIsNotJSNumber);
</ins><span class="cx"> checkJSNumber.link(this);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -110,25 +110,26 @@
</span><span class="cx"> Jump checkJSInt32 = branch64(AboveOrEqual, gpr, GPRInfo::tagTypeNumberRegister);
</span><span class="cx"> Jump checkJSNumber = branchTest64(MacroAssembler::NonZero, gpr, GPRInfo::tagTypeNumberRegister);
</span><span class="cx"> checkJSInt32.link(this);
</span><del>- breakpoint();
</del><ins>+ abortWithReason(AHIsNotJSDouble);
</ins><span class="cx"> checkJSNumber.link(this);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void AssemblyHelpers::jitAssertIsCell(GPRReg gpr)
</span><span class="cx"> {
</span><span class="cx"> Jump checkCell = branchTest64(MacroAssembler::Zero, gpr, GPRInfo::tagMaskRegister);
</span><del>- breakpoint();
</del><ins>+ abortWithReason(AHIsNotCell);
</ins><span class="cx"> checkCell.link(this);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void AssemblyHelpers::jitAssertTagsInPlace()
</span><span class="cx"> {
</span><span class="cx"> Jump ok = branch64(Equal, GPRInfo::tagTypeNumberRegister, TrustedImm64(TagTypeNumber));
</span><ins>+ abortWithReason(AHTagTypeNumberNotInPlace);
</ins><span class="cx"> breakpoint();
</span><span class="cx"> ok.link(this);
</span><span class="cx">
</span><span class="cx"> ok = branch64(Equal, GPRInfo::tagMaskRegister, TrustedImm64(TagMask));
</span><del>- breakpoint();
</del><ins>+ abortWithReason(AHTagMaskNotInPlace);
</ins><span class="cx"> ok.link(this);
</span><span class="cx"> }
</span><span class="cx"> #elif USE(JSVALUE32_64)
</span><span class="lines">@@ -140,7 +141,7 @@
</span><span class="cx"> void AssemblyHelpers::jitAssertIsJSInt32(GPRReg gpr)
</span><span class="cx"> {
</span><span class="cx"> Jump checkJSInt32 = branch32(Equal, gpr, TrustedImm32(JSValue::Int32Tag));
</span><del>- breakpoint();
</del><ins>+ abortWithReason(AHIsNotJSInt32);
</ins><span class="cx"> checkJSInt32.link(this);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -148,7 +149,7 @@
</span><span class="cx"> {
</span><span class="cx"> Jump checkJSInt32 = branch32(Equal, gpr, TrustedImm32(JSValue::Int32Tag));
</span><span class="cx"> Jump checkJSDouble = branch32(Below, gpr, TrustedImm32(JSValue::LowestTag));
</span><del>- breakpoint();
</del><ins>+ abortWithReason(AHIsNotJSNumber);
</ins><span class="cx"> checkJSInt32.link(this);
</span><span class="cx"> checkJSDouble.link(this);
</span><span class="cx"> }
</span><span class="lines">@@ -156,14 +157,14 @@
</span><span class="cx"> void AssemblyHelpers::jitAssertIsJSDouble(GPRReg gpr)
</span><span class="cx"> {
</span><span class="cx"> Jump checkJSDouble = branch32(Below, gpr, TrustedImm32(JSValue::LowestTag));
</span><del>- breakpoint();
</del><ins>+ abortWithReason(AHIsNotJSDouble);
</ins><span class="cx"> checkJSDouble.link(this);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void AssemblyHelpers::jitAssertIsCell(GPRReg gpr)
</span><span class="cx"> {
</span><span class="cx"> Jump checkCell = branch32(Equal, gpr, TrustedImm32(JSValue::CellTag));
</span><del>- breakpoint();
</del><ins>+ abortWithReason(AHIsNotCell);
</ins><span class="cx"> checkCell.link(this);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -175,25 +176,54 @@
</span><span class="cx"> void AssemblyHelpers::jitAssertHasValidCallFrame()
</span><span class="cx"> {
</span><span class="cx"> Jump checkCFR = branchTestPtr(Zero, GPRInfo::callFrameRegister, TrustedImm32(7));
</span><del>- breakpoint();
</del><ins>+ abortWithReason(AHCallFrameMisaligned);
</ins><span class="cx"> checkCFR.link(this);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void AssemblyHelpers::jitAssertIsNull(GPRReg gpr)
</span><span class="cx"> {
</span><span class="cx"> Jump checkNull = branchTestPtr(Zero, gpr);
</span><del>- breakpoint();
</del><ins>+ abortWithReason(AHIsNotNull);
</ins><span class="cx"> checkNull.link(this);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void AssemblyHelpers::jitAssertArgumentCountSane()
</span><span class="cx"> {
</span><span class="cx"> Jump ok = branch32(Below, payloadFor(JSStack::ArgumentCount), TrustedImm32(10000000));
</span><del>- breakpoint();
</del><ins>+ abortWithReason(AHInsaneArgumentCount);
</ins><span class="cx"> ok.link(this);
</span><span class="cx"> }
</span><span class="cx"> #endif // !ASSERT_DISABLED
</span><span class="cx">
</span><ins>+void AssemblyHelpers::emitStoreStructureWithTypeInfo(AssemblyHelpers& jit, TrustedImmPtr structure, RegisterID dest)
+{
+ const Structure* structurePtr = static_cast<const Structure*>(structure.m_value);
+#if USE(JSVALUE64)
+ jit.store64(TrustedImm64(structurePtr->idBlob()), MacroAssembler::Address(dest, JSCell::structureIDOffset()));
+ if (!ASSERT_DISABLED) {
+ Jump correctStructure = jit.branch32(Equal, MacroAssembler::Address(dest, JSCell::structureIDOffset()), TrustedImm32(structurePtr->id()));
+ jit.abortWithReason(AHStructureIDIsValid);
+ correctStructure.link(&jit);
+
+ Jump correctIndexingType = jit.branch8(Equal, MacroAssembler::Address(dest, JSCell::indexingTypeOffset()), TrustedImm32(structurePtr->indexingType()));
+ jit.abortWithReason(AHIndexingTypeIsValid);
+ correctIndexingType.link(&jit);
+
+ Jump correctType = jit.branch8(Equal, MacroAssembler::Address(dest, JSCell::typeInfoTypeOffset()), TrustedImm32(structurePtr->typeInfo().type()));
+ jit.abortWithReason(AHTypeInfoIsValid);
+ correctType.link(&jit);
+
+ Jump correctFlags = jit.branch8(Equal, MacroAssembler::Address(dest, JSCell::typeInfoFlagsOffset()), TrustedImm32(structurePtr->typeInfo().inlineTypeFlags()));
+ jit.abortWithReason(AHTypeInfoInlineTypeFlagsAreValid);
+ correctFlags.link(&jit);
+ }
+#else
+ // Do a 32-bit wide store to initialize the cell's fields.
+ jit.store32(TrustedImm32(structurePtr->objectInitializationBlob()), MacroAssembler::Address(dest, JSCell::indexingTypeOffset()));
+ jit.storePtr(structure, MacroAssembler::Address(dest, JSCell::structureIDOffset()));
+#endif
+}
+
</ins><span class="cx"> } // namespace JSC
</span><span class="cx">
</span><span class="cx"> #endif // ENABLE(JIT)
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCorejitAssemblyHelpersh"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/jit/AssemblyHelpers.h (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/jit/AssemblyHelpers.h 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/jit/AssemblyHelpers.h 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -62,7 +62,7 @@
</span><span class="cx"> // This check is both unneeded and harder to write correctly for ARM64
</span><span class="cx"> #if !defined(NDEBUG) && !CPU(ARM64)
</span><span class="cx"> Jump stackPointerAligned = branchTestPtr(Zero, stackPointerRegister, TrustedImm32(0xf));
</span><del>- breakpoint();
</del><ins>+ abortWithReason(AHStackPointerMisaligned);
</ins><span class="cx"> stackPointerAligned.link(this);
</span><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="lines">@@ -629,35 +629,8 @@
</span><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx">
</span><del>- static void emitStoreStructureWithTypeInfo(AssemblyHelpers& jit, TrustedImmPtr structure, RegisterID dest)
- {
- const Structure* structurePtr = static_cast<const Structure*>(structure.m_value);
-#if USE(JSVALUE64)
- jit.store64(TrustedImm64(structurePtr->idBlob()), MacroAssembler::Address(dest, JSCell::structureIDOffset()));
-#ifndef NDEBUG
- Jump correctStructure = jit.branch32(Equal, MacroAssembler::Address(dest, JSCell::structureIDOffset()), TrustedImm32(structurePtr->id()));
- jit.breakpoint();
- correctStructure.link(&jit);
</del><ins>+ static void emitStoreStructureWithTypeInfo(AssemblyHelpers& jit, TrustedImmPtr structure, RegisterID dest);
</ins><span class="cx">
</span><del>- Jump correctIndexingType = jit.branch8(Equal, MacroAssembler::Address(dest, JSCell::indexingTypeOffset()), TrustedImm32(structurePtr->indexingType()));
- jit.breakpoint();
- correctIndexingType.link(&jit);
-
- Jump correctType = jit.branch8(Equal, MacroAssembler::Address(dest, JSCell::typeInfoTypeOffset()), TrustedImm32(structurePtr->typeInfo().type()));
- jit.breakpoint();
- correctType.link(&jit);
-
- Jump correctFlags = jit.branch8(Equal, MacroAssembler::Address(dest, JSCell::typeInfoFlagsOffset()), TrustedImm32(structurePtr->typeInfo().inlineTypeFlags()));
- jit.breakpoint();
- correctFlags.link(&jit);
-#endif
-#else
- // Do a 32-bit wide store to initialize the cell's fields.
- jit.store32(TrustedImm32(structurePtr->objectInitializationBlob()), MacroAssembler::Address(dest, JSCell::indexingTypeOffset()));
- jit.storePtr(structure, MacroAssembler::Address(dest, JSCell::structureIDOffset()));
-#endif
- }
-
</del><span class="cx"> Jump checkMarkByte(GPRReg cell)
</span><span class="cx"> {
</span><span class="cx"> return branchTest8(MacroAssembler::NonZero, MacroAssembler::Address(cell, JSCell::gcDataOffset()));
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCorejitJITh"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/jit/JIT.h (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/jit/JIT.h 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/jit/JIT.h 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -306,10 +306,6 @@
</span><span class="cx"> void emitLoadInt32ToDouble(int index, FPRegisterID value);
</span><span class="cx"> Jump emitJumpIfCellNotObject(RegisterID cellReg);
</span><span class="cx">
</span><del>- Jump addStructureTransitionCheck(JSCell*, Structure*, StructureStubInfo*, RegisterID scratch);
- void addStructureTransitionCheck(JSCell*, Structure*, StructureStubInfo*, JumpList& failureCases, RegisterID scratch);
- void testPrototype(JSValue, JumpList& failureCases, StructureStubInfo*);
-
</del><span class="cx"> enum WriteBarrierMode { UnconditionalWriteBarrier, ShouldFilterBase, ShouldFilterValue, ShouldFilterBaseAndValue };
</span><span class="cx"> // value register in write barrier is used before any scratch registers
</span><span class="cx"> // so may safely be the same as either of the scratch registers.
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCorejitJITArithmeticcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/jit/JITArithmetic.cpp (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/jit/JITArithmetic.cpp 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/jit/JITArithmetic.cpp 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -955,9 +955,8 @@
</span><span class="cx"> int op2 = currentInstruction[3].u.operand;
</span><span class="cx"> OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
</span><span class="cx"> if (types.first().definitelyIsNumber() && types.second().definitelyIsNumber()) {
</span><del>-#ifndef NDEBUG
- breakpoint();
-#endif
</del><ins>+ if (!ASSERT_DISABLED)
+ abortWithReason(JITDivOperandsAreNotNumbers);
</ins><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx"> if (!isOperandConstantImmediateDouble(op1) && !isOperandConstantImmediateInt(op1)) {
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCorejitJITOpcodescpp"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/jit/JITOpcodes.cpp (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/jit/JITOpcodes.cpp 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/jit/JITOpcodes.cpp 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -1106,7 +1106,7 @@
</span><span class="cx"> Jump noOptimizedEntry = branchTestPtr(Zero, returnValueGPR);
</span><span class="cx"> if (!ASSERT_DISABLED) {
</span><span class="cx"> Jump ok = branchPtr(MacroAssembler::Above, regT0, TrustedImmPtr(bitwise_cast<void*>(static_cast<intptr_t>(1000))));
</span><del>- breakpoint();
</del><ins>+ abortWithReason(JITUnreasonableLoopHintJumpTarget);
</ins><span class="cx"> ok.link(this);
</span><span class="cx"> }
</span><span class="cx"> jump(returnValueGPR);
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCorejitJITOpcodes32_64cpp"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -101,7 +101,7 @@
</span><span class="cx"> restoreReturnAddressBeforeReturn(regT3);
</span><span class="cx"> #else
</span><span class="cx"> #error "JIT not supported on this platform."
</span><del>- breakpoint();
</del><ins>+ abortWithReason(JITNotSupported);
</ins><span class="cx"> #endif // CPU(X86)
</span><span class="cx">
</span><span class="cx"> // Check for an exception
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCorejitJITPropertyAccesscpp"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/jit/JITPropertyAccess.cpp (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/jit/JITPropertyAccess.cpp 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/jit/JITPropertyAccess.cpp 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -139,11 +139,11 @@
</span><span class="cx">
</span><span class="cx"> Label done = label();
</span><span class="cx">
</span><del>-#if !ASSERT_DISABLED
- Jump resultOK = branchTest64(NonZero, regT0);
- breakpoint();
- resultOK.link(this);
-#endif
</del><ins>+ if (!ASSERT_DISABLED) {
+ Jump resultOK = branchTest64(NonZero, regT0);
+ abortWithReason(JITGetByValResultIsNotEmpty);
+ resultOK.link(this);
+ }
</ins><span class="cx">
</span><span class="cx"> emitValueProfilingSite();
</span><span class="cx"> emitPutVirtualRegister(dst);
</span><span class="lines">@@ -252,11 +252,11 @@
</span><span class="cx"> addPtr(TrustedImm32(JSObject::offsetOfInlineStorage() - (firstOutOfLineOffset - 2) * sizeof(EncodedJSValue)), base, scratch);
</span><span class="cx"> done.link(this);
</span><span class="cx"> } else {
</span><del>-#if !ASSERT_DISABLED
- Jump isOutOfLine = branch32(GreaterThanOrEqual, offset, TrustedImm32(firstOutOfLineOffset));
- breakpoint();
- isOutOfLine.link(this);
-#endif
</del><ins>+ if (!ASSERT_DISABLED) {
+ Jump isOutOfLine = branch32(GreaterThanOrEqual, offset, TrustedImm32(firstOutOfLineOffset));
+ abortWithReason(JITOffsetIsNotOutOfLine);
+ isOutOfLine.link(this);
+ }
</ins><span class="cx"> loadPtr(Address(base, JSObject::butterflyOffset()), scratch);
</span><span class="cx"> neg32(offset);
</span><span class="cx"> }
</span><span class="lines">@@ -976,42 +976,6 @@
</span><span class="cx"> #endif // ENABLE(GGC)
</span><span class="cx"> }
</span><span class="cx">
</span><del>-JIT::Jump JIT::addStructureTransitionCheck(JSCell* object, Structure* structure, StructureStubInfo* stubInfo, RegisterID scratch)
-{
- if (object->structure() == structure && structure->transitionWatchpointSetIsStillValid()) {
- structure->addTransitionWatchpoint(stubInfo->addWatchpoint(m_codeBlock));
-#if !ASSERT_DISABLED
- move(TrustedImmPtr(object), scratch);
- Jump ok = branchStructure(Equal, Address(scratch, JSCell::structureIDOffset()), structure);
- breakpoint();
- ok.link(this);
-#endif
- Jump result; // Returning an unset jump this way because otherwise VC++ would complain.
- return result;
- }
-
- move(TrustedImmPtr(object), scratch);
- return branchStructure(NotEqual, Address(scratch, JSCell::structureIDOffset()), structure);
-}
-
-void JIT::addStructureTransitionCheck(JSCell* object, Structure* structure, StructureStubInfo* stubInfo, JumpList& failureCases, RegisterID scratch)
-{
- Jump failureCase = addStructureTransitionCheck(object, structure, stubInfo, scratch);
- if (!failureCase.isSet())
- return;
-
- failureCases.append(failureCase);
-}
-
-void JIT::testPrototype(JSValue prototype, JumpList& failureCases, StructureStubInfo* stubInfo)
-{
- if (prototype.isNull())
- return;
-
- ASSERT(prototype.isCell());
- addStructureTransitionCheck(prototype.asCell(), prototype.asCell()->structure(), stubInfo, failureCases, regT3);
-}
-
</del><span class="cx"> void JIT::privateCompileGetByVal(ByValInfo* byValInfo, ReturnAddressPtr returnAddress, JITArrayMode arrayMode)
</span><span class="cx"> {
</span><span class="cx"> Instruction* currentInstruction = m_codeBlock->instructions().begin() + byValInfo->bytecodeIndex;
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCorejitJITPropertyAccess32_64cpp"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -161,11 +161,11 @@
</span><span class="cx">
</span><span class="cx"> Label done = label();
</span><span class="cx">
</span><del>-#if !ASSERT_DISABLED
- Jump resultOK = branch32(NotEqual, regT1, TrustedImm32(JSValue::EmptyValueTag));
- breakpoint();
- resultOK.link(this);
-#endif
</del><ins>+ if (!ASSERT_DISABLED) {
+ Jump resultOK = branch32(NotEqual, regT1, TrustedImm32(JSValue::EmptyValueTag));
+ abortWithReason(JITGetByValResultIsNotEmpty);
+ resultOK.link(this);
+ }
</ins><span class="cx">
</span><span class="cx"> emitValueProfilingSite();
</span><span class="cx"> emitStore(dst, regT1, regT0);
</span><span class="lines">@@ -601,11 +601,11 @@
</span><span class="cx"> addPtr(TrustedImmPtr(JSObject::offsetOfInlineStorage() - (firstOutOfLineOffset - 2) * sizeof(EncodedJSValue)), base);
</span><span class="cx"> done.link(this);
</span><span class="cx"> } else {
</span><del>-#if !ASSERT_DISABLED
- Jump isOutOfLine = branch32(GreaterThanOrEqual, offset, TrustedImm32(firstOutOfLineOffset));
- breakpoint();
- isOutOfLine.link(this);
-#endif
</del><ins>+ if (!ASSERT_DISABLED) {
+ Jump isOutOfLine = branch32(GreaterThanOrEqual, offset, TrustedImm32(firstOutOfLineOffset));
+ abortWithReason(JITOffsetIsNotOutOfLine);
+ isOutOfLine.link(this);
+ }
</ins><span class="cx"> loadPtr(Address(base, JSObject::butterflyOffset()), base);
</span><span class="cx"> neg32(offset);
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCorejitRegisterPreservationWrapperGeneratorcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/jit/RegisterPreservationWrapperGenerator.cpp (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/jit/RegisterPreservationWrapperGenerator.cpp 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/jit/RegisterPreservationWrapperGenerator.cpp 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -211,7 +211,7 @@
</span><span class="cx"> if (!ASSERT_DISABLED) {
</span><span class="cx"> AssemblyHelpers::Jump ok = jit.branchPtr(
</span><span class="cx"> AssemblyHelpers::Above, GPRInfo::regT1, AssemblyHelpers::TrustedImmPtr(static_cast<size_t>(0x1000)));
</span><del>- jit.breakpoint();
</del><ins>+ jit.abortWithReason(RPWUnreasonableJumpTarget);
</ins><span class="cx"> ok.link(&jit);
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCorejitRepatchcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/jit/Repatch.cpp (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/jit/Repatch.cpp 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/jit/Repatch.cpp 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -132,17 +132,18 @@
</span><span class="cx"> {
</span><span class="cx"> if (object->structure() == structure && structure->transitionWatchpointSetIsStillValid()) {
</span><span class="cx"> structure->addTransitionWatchpoint(stubInfo.addWatchpoint(codeBlock));
</span><del>-#if !ASSERT_DISABLED
- // If we execute this code, the object must have the structure we expect. Assert
- // this in debug modes.
- jit.move(MacroAssembler::TrustedImmPtr(object), scratchGPR);
- MacroAssembler::Jump ok = branchStructure(jit,
- MacroAssembler::Equal,
- MacroAssembler::Address(scratchGPR, JSCell::structureIDOffset()),
- structure);
- jit.breakpoint();
- ok.link(&jit);
-#endif
</del><ins>+ if (!ASSERT_DISABLED) {
+ // If we execute this code, the object must have the structure we expect. Assert
+ // this in debug modes.
+ jit.move(MacroAssembler::TrustedImmPtr(object), scratchGPR);
+ MacroAssembler::Jump ok = branchStructure(
+ jit,
+ MacroAssembler::Equal,
+ MacroAssembler::Address(scratchGPR, JSCell::structureIDOffset()),
+ structure);
+ jit.abortWithReason(RepatchIneffectiveWatchpoint);
+ ok.link(&jit);
+ }
</ins><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1560,7 +1561,7 @@
</span><span class="cx"> if (!ASSERT_DISABLED) {
</span><span class="cx"> CCallHelpers::Jump okArgumentCount = stubJit.branch32(
</span><span class="cx"> CCallHelpers::Below, CCallHelpers::Address(CCallHelpers::stackPointerRegister, static_cast<ptrdiff_t>(sizeof(Register) * JSStack::ArgumentCount) + offsetToFrame + PayloadOffset), CCallHelpers::TrustedImm32(10000000));
</span><del>- stubJit.breakpoint();
</del><ins>+ stubJit.abortWithReason(RepatchInsaneArgumentCount);
</ins><span class="cx"> okArgumentCount.link(&stubJit);
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCorejitThunkGeneratorscpp"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/jit/ThunkGenerators.cpp (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/jit/ThunkGenerators.cpp 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/jit/ThunkGenerators.cpp 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -45,17 +45,14 @@
</span><span class="cx">
</span><span class="cx"> inline void emitPointerValidation(CCallHelpers& jit, GPRReg pointerGPR)
</span><span class="cx"> {
</span><del>-#if !ASSERT_DISABLED
</del><ins>+ if (ASSERT_DISABLED)
+ return;
</ins><span class="cx"> CCallHelpers::Jump isNonZero = jit.branchTestPtr(CCallHelpers::NonZero, pointerGPR);
</span><del>- jit.breakpoint();
</del><ins>+ jit.abortWithReason(TGInvalidPointer);
</ins><span class="cx"> isNonZero.link(&jit);
</span><span class="cx"> jit.pushToSave(pointerGPR);
</span><span class="cx"> jit.load8(pointerGPR, pointerGPR);
</span><span class="cx"> jit.popToRestore(pointerGPR);
</span><del>-#else
- UNUSED_PARAM(jit);
- UNUSED_PARAM(pointerGPR);
-#endif
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // We will jump here if the JIT code tries to make a call, but the
</span><span class="lines">@@ -373,7 +370,7 @@
</span><span class="cx"> #else
</span><span class="cx"> #error "JIT not supported on this platform."
</span><span class="cx"> UNUSED_PARAM(executableOffsetToFunction);
</span><del>- breakpoint();
</del><ins>+ abortWithReason(TGNotSupported);
</ins><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> // Check for an exception
</span></span></pre></div>
<a id="branchessafari53834branchSourceJavaScriptCoreyarrYarrJITcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-538.34-branch/Source/JavaScriptCore/yarr/YarrJIT.cpp (168941 => 168942)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-538.34-branch/Source/JavaScriptCore/yarr/YarrJIT.cpp 2014-05-16 07:37:49 UTC (rev 168941)
+++ branches/safari-538.34-branch/Source/JavaScriptCore/yarr/YarrJIT.cpp 2014-05-16 07:39:54 UTC (rev 168942)
</span><span class="lines">@@ -1639,16 +1639,14 @@
</span><span class="cx"> const RegisterID indexTemporary = regT0;
</span><span class="cx"> ASSERT(term->quantityCount == 1);
</span><span class="cx">
</span><del>-#ifndef NDEBUG
</del><span class="cx"> // Runtime ASSERT to make sure that the nested alternative handled the
</span><span class="cx"> // "no input consumed" check.
</span><del>- if (term->quantityType != QuantifierFixedCount && !term->parentheses.disjunction->m_minimumSize) {
</del><ins>+ if (!ASSERT_DISABLED && term->quantityType != QuantifierFixedCount && !term->parentheses.disjunction->m_minimumSize) {
</ins><span class="cx"> Jump pastBreakpoint;
</span><span class="cx"> pastBreakpoint = branch32(NotEqual, index, Address(stackPointerRegister, term->frameLocation * sizeof(void*)));
</span><del>- breakpoint();
</del><ins>+ abortWithReason(YARRNoInputConsumed);
</ins><span class="cx"> pastBreakpoint.link(this);
</span><span class="cx"> }
</span><del>-#endif
</del><span class="cx">
</span><span class="cx"> // If the parenthese are capturing, store the ending index value to the
</span><span class="cx"> // captures array, offsetting as necessary.
</span><span class="lines">@@ -1695,17 +1693,17 @@
</span><span class="cx"> }
</span><span class="cx"> case OpParenthesesSubpatternTerminalEnd: {
</span><span class="cx"> YarrOp& beginOp = m_ops[op.m_previousOp];
</span><del>-#ifndef NDEBUG
- PatternTerm* term = op.m_term;
</del><ins>+ if (!ASSERT_DISABLED) {
+ PatternTerm* term = op.m_term;
+
+ // Runtime ASSERT to make sure that the nested alternative handled the
+ // "no input consumed" check.
+ Jump pastBreakpoint;
+ pastBreakpoint = branch32(NotEqual, index, Address(stackPointerRegister, term->frameLocation * sizeof(void*)));
+ abortWithReason(YARRNoInputConsumed);
+ pastBreakpoint.link(this);
+ }
</ins><span class="cx">
</span><del>- // Runtime ASSERT to make sure that the nested alternative handled the
- // "no input consumed" check.
- Jump pastBreakpoint;
- pastBreakpoint = branch32(NotEqual, index, Address(stackPointerRegister, term->frameLocation * sizeof(void*)));
- breakpoint();
- pastBreakpoint.link(this);
-#endif
-
</del><span class="cx"> // We know that the match is non-zero, we can accept it and
</span><span class="cx"> // loop back up to the head of the subpattern.
</span><span class="cx"> jump(beginOp.m_reentry);
</span></span></pre>
</div>
</div>
</body>
</html>