From 08d4a74d56ca431877819fc4566e27eafe150342 Mon Sep 17 00:00:00 2001 From: Simon Hausmann Date: Tue, 24 Jul 2012 17:03:20 +0200 Subject: Imported WebKit commit 0fbd41c4e13f5a190faf160bf993eee614e6e18e (http://svn.webkit.org/repository/webkit/trunk@123477) New snapshot that adapts to latest Qt API changes --- Source/JavaScriptCore/jit/JITPropertyAccess.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'Source/JavaScriptCore/jit/JITPropertyAccess.cpp') diff --git a/Source/JavaScriptCore/jit/JITPropertyAccess.cpp b/Source/JavaScriptCore/jit/JITPropertyAccess.cpp index 466cff7db..86078fbc3 100644 --- a/Source/JavaScriptCore/jit/JITPropertyAccess.cpp +++ b/Source/JavaScriptCore/jit/JITPropertyAccess.cpp @@ -159,9 +159,10 @@ void JIT::compileGetDirectOffset(RegisterID base, RegisterID result, RegisterID if (finalObjectMode == MayBeFinal) { Jump isInline = branch32(LessThan, offset, TrustedImm32(inlineStorageCapacity)); loadPtr(Address(base, JSObject::offsetOfOutOfLineStorage()), scratch); + neg32(offset); Jump done = jump(); isInline.link(this); - addPtr(TrustedImm32(JSObject::offsetOfInlineStorage() + inlineStorageCapacity * sizeof(EncodedJSValue)), base, scratch); + addPtr(TrustedImm32(JSObject::offsetOfInlineStorage() - (inlineStorageCapacity - 2) * sizeof(EncodedJSValue)), base, scratch); done.link(this); } else { #if !ASSERT_DISABLED @@ -170,8 +171,10 @@ void JIT::compileGetDirectOffset(RegisterID base, RegisterID result, RegisterID isOutOfLine.link(this); #endif loadPtr(Address(base, JSObject::offsetOfOutOfLineStorage()), scratch); + neg32(offset); } - loadPtr(BaseIndex(scratch, offset, ScalePtr, -inlineStorageCapacity * static_cast(sizeof(JSValue))), result); + signExtend32ToPtr(offset, offset); + loadPtr(BaseIndex(scratch, offset, ScalePtr, (inlineStorageCapacity - 2) * static_cast(sizeof(JSValue))), result); } void JIT::emit_op_get_by_pname(Instruction* currentInstruction) -- cgit v1.2.1