Commit 2a5c18f3 authored by Alberto Garcia's avatar Alberto Garcia
Browse files

Imported Upstream version 2.6.2+dfsg1

parent eed6c0a0
......@@ -347,6 +347,12 @@ spell checking, using <a class="link" href="WebKitWebContext.html#webkit-web-con
<a class="link" href="WebKitWebContext.html#webkit-web-context-set-spell-checking-enabled" title="webkit_web_context_set_spell_checking_enabled ()"><code class="function">webkit_web_context_set_spell_checking_enabled()</code></a>.</p>
<p>You can use <a class="link" href="WebKitWebContext.html#webkit-web-context-register-uri-scheme" title="webkit_web_context_register_uri_scheme ()"><code class="function">webkit_web_context_register_uri_scheme()</code></a> to register
custom URI schemes, and manage several other settings.</p>
<p>TLS certificate validation failure is now treated as a transport
error by default. To handle TLS failures differently, you can
connect to <a class="link" href="WebKitWebView.html#WebKitWebView-load-failed-with-tls-errors" title="The “load-failed-with-tls-errors” signal"><span class="type">“load-failed-with-tls-errors”</span></a>.
Alternatively, you can use <a class="link" href="WebKitWebContext.html#webkit-web-context-set-tls-errors-policy" title="webkit_web_context_set_tls_errors_policy ()"><code class="function">webkit_web_context_set_tls_errors_policy()</code></a>
to set the policy <a class="link" href="WebKitWebContext.html#WEBKIT-TLS-ERRORS-POLICY-IGNORE:CAPS"><code class="literal">WEBKIT_TLS_ERRORS_POLICY_IGNORE</code></a>; however, this is
not appropriate for Internet applications.</p>
</div>
<div class="refsect1">
<a name="WebKitWebContext.functions_details"></a><h2>Functions</h2>
......
......@@ -2838,16 +2838,22 @@ the download operation. </p>
webkit_web_view_get_tls_info (<em class="parameter"><code><a class="link" href="WebKitWebView.html" title="WebKitWebView"><span class="type">WebKitWebView</span></a> *web_view</code></em>,
<em class="parameter"><code><a href="../gio/GTlsCertificate.html"><span class="type">GTlsCertificate</span></a> **certificate</code></em>,
<em class="parameter"><code><a href="../gio/gio-TLS-Overview.html#GTlsCertificateFlags"><span class="type">GTlsCertificateFlags</span></a> *errors</code></em>);</pre>
<p>Retrieves the <a href="../gio/GTlsCertificate.html"><span class="type">GTlsCertificate</span></a> associated with the <em class="parameter"><code>web_view</code></em>
connection,
<p>Retrieves the <a href="../gio/GTlsCertificate.html"><span class="type">GTlsCertificate</span></a> associated with the main resource of <em class="parameter"><code>web_view</code></em>
,
and the <a href="../gio/gio-TLS-Overview.html#GTlsCertificateFlags"><span class="type">GTlsCertificateFlags</span></a> showing what problems, if any, have been found
with that certificate.
If the connection is not HTTPS, this function returns <a href="../glib/glib-Standard-Macros.html#FALSE:CAPS"><code class="literal">FALSE</code></a>.
This function should be called after a response has been received from the
server, so you can connect to <a class="link" href="WebKitWebView.html#WebKitWebView-load-changed" title="The “load-changed” signal"><span class="type">“load-changed”</span></a> and call this function
when it's emitted with <a class="link" href="WebKitWebView.html#WEBKIT-LOAD-COMMITTED:CAPS"><code class="literal">WEBKIT_LOAD_COMMITTED</code></a> event.</p>
<div class="refsect3">
<a name="id-1.2.3.12.53.5"></a><h4>Parameters</h4>
<p>Note that this function provides no information about the security of the web
page if the current <a class="link" href="WebKitWebContext.html#WebKitTLSErrorsPolicy" title="enum WebKitTLSErrorsPolicy"><span class="type">WebKitTLSErrorsPolicy</span></a> is <a class="link" href="WebKitWebContext.html#WEBKIT-TLS-ERRORS-POLICY-IGNORE:CAPS"><code class="literal">WEBKIT_TLS_ERRORS_POLICY_IGNORE</code></a>,
as subresources of the page may be controlled by an attacker. This function
may safely be used to determine the security status of the current page only
if the current <a class="link" href="WebKitWebContext.html#WebKitTLSErrorsPolicy" title="enum WebKitTLSErrorsPolicy"><span class="type">WebKitTLSErrorsPolicy</span></a> is <a class="link" href="WebKitWebContext.html#WEBKIT-TLS-ERRORS-POLICY-FAIL:CAPS"><code class="literal">WEBKIT_TLS_ERRORS_POLICY_FAIL</code></a>, in
which case subresources that fail certificate verification will be blocked.</p>
<div class="refsect3">
<a name="id-1.2.3.12.53.6"></a><h4>Parameters</h4>
<div class="informaltable"><table width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
......@@ -2875,7 +2881,7 @@ when it's emitted with <a class="link" href="WebKitWebView.html#WEBKIT-LOAD-COMM
</table></div>
</div>
<div class="refsect3">
<a name="id-1.2.3.12.53.6"></a><h4>Returns</h4>
<a name="id-1.2.3.12.53.7"></a><h4>Returns</h4>
<p> <a href="../glib/glib-Standard-Macros.html#TRUE:CAPS"><code class="literal">TRUE</code></a> if the <em class="parameter"><code>web_view</code></em>
connection uses HTTPS and a response has been received
from the server, or <a href="../glib/glib-Standard-Macros.html#FALSE:CAPS"><code class="literal">FALSE</code></a> otherwise.</p>
......
......@@ -14,7 +14,7 @@
<div class="titlepage">
<div>
<div><table class="navigation" id="top" width="100%" cellpadding="2" cellspacing="0"><tr><th valign="middle"><p class="title">WebKit2GTK+ Reference Manual</p></th></tr></table></div>
<div><p class="releaseinfo">for WebKit2GTK+ 2.6.1</p></div>
<div><p class="releaseinfo">for WebKit2GTK+ 2.6.2</p></div>
</div>
<hr>
</div>
......
......@@ -147,7 +147,7 @@ against at application run time.</p>
<hr>
<div class="refsect2">
<a name="WEBKIT-MICRO-VERSION:CAPS"></a><h3>WEBKIT_MICRO_VERSION</h3>
<pre class="programlisting">#define WEBKIT_MICRO_VERSION (1)
<pre class="programlisting">#define WEBKIT_MICRO_VERSION (2)
</pre>
<p>Like <a class="link" href="webkit2gtk-WebKitVersion.html#webkit-get-micro-version" title="webkit_get_micro_version ()"><code class="function">webkit_get_micro_version()</code></a>, but from the headers used at
application compile time, rather than from the library linked
......
......@@ -14,7 +14,7 @@
<div class="titlepage">
<div>
<div><table class="navigation" id="top" width="100%" cellpadding="2" cellspacing="0"><tr><th valign="middle"><p class="title">WebKitDOMGTK+ Reference Manual</p></th></tr></table></div>
<div><p class="releaseinfo">for WebKitDOMGTK+ 2.6.1</p></div>
<div><p class="releaseinfo">for WebKitDOMGTK+ 2.6.2</p></div>
</div>
<hr>
</div>
......
=================
WebKitGTK+ 2.6.2
=================
What's new in WebKitGTK+ 2.6.2?
- SSLv3 is now disabled to protect us against POODLE vulnerability.
- TLS errors are no longer ignored by default.
- Fix the remote web inspector.
- Fix rendering of buttons, selections and lists with recent GTK+
versions.
- Improve performance of timers scheduled after a delay in
microseconds.
- Fix WebKitSettings:enable-smooth-scrolling to actually enable
smooth scrolling.
- Fix the build with drag and drop support disabled.
=================
WebKitGTK+ 2.6.1
=================
......
......@@ -3,8 +3,7 @@ configure_file(JavaScriptCore.gir.in ${CMAKE_BINARY_DIR}/JavaScriptCore-${WEBKIT
add_custom_command(
OUTPUT ${CMAKE_BINARY_DIR}/JavaScriptCore-${WEBKITGTK_API_VERSION}.typelib
DEPENDS JavaScriptCore
${CMAKE_BINARY_DIR}/JavaScriptCore-${WEBKITGTK_API_VERSION}.gir
DEPENDS ${CMAKE_BINARY_DIR}/JavaScriptCore-${WEBKITGTK_API_VERSION}.gir
COMMAND ${INTROSPECTION_COMPILER} ${CMAKE_BINARY_DIR}/JavaScriptCore-${WEBKITGTK_API_VERSION}.gir -o ${CMAKE_BINARY_DIR}/JavaScriptCore-${WEBKITGTK_API_VERSION}.typelib
)
......
......@@ -98,6 +98,11 @@ inline bool isCellSpeculation(SpeculatedType value)
return !!(value & SpecCell) && !(value & ~SpecCell);
}
inline bool isNotCellSpeculation(SpeculatedType value)
{
return !(value & SpecCell) && value;
}
inline bool isObjectSpeculation(SpeculatedType value)
{
return !!(value & SpecObject) && !(value & ~SpecObject);
......
......@@ -1862,7 +1862,7 @@ RegisterID* BytecodeGenerator::emitReturn(RegisterID* src)
if (m_codeBlock->usesArguments() && m_codeBlock->numParameters() != 1 && !isStrictMode()) {
emitOpcode(op_tear_off_arguments);
instructions().append(m_codeBlock->argumentsRegister().offset());
instructions().append(unmodifiedArgumentsRegister(m_codeBlock->argumentsRegister()).offset());
instructions().append(m_lexicalEnvironmentRegister ? m_lexicalEnvironmentRegister->index() : emitLoad(0, JSValue())->index());
}
......
......@@ -3409,7 +3409,7 @@ bool ByteCodeParser::parseBlock(unsigned limit)
case op_tear_off_arguments: {
m_graph.m_hasArguments = true;
addToGraph(TearOffArguments, get(unmodifiedArgumentsRegister(VirtualRegister(currentInstruction[1].u.operand))), get(VirtualRegister(currentInstruction[2].u.operand)));
addToGraph(TearOffArguments, get(VirtualRegister(currentInstruction[1].u.operand)), get(VirtualRegister(currentInstruction[2].u.operand)));
NEXT_OPCODE(op_tear_off_arguments);
}
......
......@@ -86,6 +86,33 @@ private:
m_insertionSet.execute(block);
}
inline unsigned indexOfNode(Node* node, unsigned indexToSearchFrom)
{
unsigned index = indexToSearchFrom;
while (index) {
if (m_block->at(index) == node)
break;
index--;
}
ASSERT(m_block->at(index) == node);
return index;
}
inline unsigned indexOfFirstNodeOfExitOrigin(CodeOrigin& originForExit, unsigned indexToSearchFrom)
{
unsigned index = indexToSearchFrom;
ASSERT(m_block->at(index)->origin.forExit == originForExit);
while (index) {
index--;
if (m_block->at(index)->origin.forExit != originForExit) {
index++;
break;
}
}
ASSERT(m_block->at(index)->origin.forExit == originForExit);
return index;
}
void fixupNode(Node* node)
{
NodeType op = node->op();
......@@ -644,7 +671,7 @@ private:
case Array::Arguments:
fixEdge<KnownCellUse>(child1);
fixEdge<Int32Use>(child2);
insertStoreBarrier(m_indexInBlock, child1);
insertStoreBarrier(m_indexInBlock, child1, child3);
break;
default:
fixEdge<KnownCellUse>(child1);
......@@ -682,7 +709,7 @@ private:
break;
case Array::Contiguous:
case Array::ArrayStorage:
insertStoreBarrier(m_indexInBlock, node->child1());
insertStoreBarrier(m_indexInBlock, node->child1(), node->child2());
break;
default:
break;
......@@ -854,7 +881,7 @@ private:
case PutClosureVar: {
fixEdge<KnownCellUse>(node->child1());
insertStoreBarrier(m_indexInBlock, node->child1());
insertStoreBarrier(m_indexInBlock, node->child1(), node->child3());
break;
}
......@@ -899,7 +926,7 @@ private:
case PutByIdFlush:
case PutByIdDirect: {
fixEdge<CellUse>(node->child1());
insertStoreBarrier(m_indexInBlock, node->child1());
insertStoreBarrier(m_indexInBlock, node->child1(), node->child2());
break;
}
......@@ -942,13 +969,13 @@ private:
if (!node->child1()->hasStorageResult())
fixEdge<KnownCellUse>(node->child1());
fixEdge<KnownCellUse>(node->child2());
insertStoreBarrier(m_indexInBlock, node->child2());
insertStoreBarrier(m_indexInBlock, node->child2(), node->child3());
break;
}
case MultiPutByOffset: {
fixEdge<CellUse>(node->child1());
insertStoreBarrier(m_indexInBlock, node->child1());
insertStoreBarrier(m_indexInBlock, node->child1(), node->child2());
break;
}
......@@ -1635,10 +1662,57 @@ private:
edge.setUseKind(useKind);
}
void insertStoreBarrier(unsigned indexInBlock, Edge child1)
void insertStoreBarrier(unsigned indexInBlock, Edge base, Edge value = Edge())
{
Node* barrierNode = m_graph.addNode(SpecNone, StoreBarrier, m_currentNode->origin, child1);
m_insertionSet.insert(indexInBlock, barrierNode);
if (!!value) {
if (value->shouldSpeculateInt32()) {
insertCheck<Int32Use>(indexInBlock, value.node());
return;
}
if (value->shouldSpeculateBoolean()) {
insertCheck<BooleanUse>(indexInBlock, value.node());
return;
}
if (value->shouldSpeculateOther()) {
insertCheck<OtherUse>(indexInBlock, value.node());
return;
}
if (value->shouldSpeculateNumber()) {
insertCheck<NumberUse>(indexInBlock, value.node());
return;
}
if (value->shouldSpeculateNotCell()) {
insertCheck<NotCellUse>(indexInBlock, value.node());
return;
}
}
m_insertionSet.insertNode(
indexInBlock, SpecNone, StoreBarrier, m_currentNode->origin, base);
}
template<UseKind useKind>
void insertCheck(unsigned indexInBlock, Node* node)
{
observeUseKindOnNode<useKind>(node);
CodeOrigin& checkedNodeOrigin = node->origin.forExit;
CodeOrigin& currentNodeOrigin = m_currentNode->origin.forExit;
if (currentNodeOrigin == checkedNodeOrigin) {
// The checked node is within the same bytecode. Hence, the earliest
// position we can insert the check is right after the checked node.
indexInBlock = indexOfNode(node, indexInBlock) + 1;
} else {
// The checked node is from a preceding bytecode. Hence, the earliest
// position we can insert the check is at the start of the current
// bytecode.
indexInBlock = indexOfFirstNodeOfExitOrigin(currentNodeOrigin, indexInBlock);
}
m_insertionSet.insertOutOfOrderNode(
indexInBlock, SpecNone, Check, m_currentNode->origin, Edge(node, useKind));
}
void fixIntConvertingEdge(Edge& edge)
......
......@@ -1195,7 +1195,7 @@ void Graph::handleAssertionFailure(
dataLog("\n");
dataLog("DFG ASSERTION FAILED: ", assertion, "\n");
dataLog(file, "(", line, ") : ", function, "\n");
CRASH();
CRASH_WITH_SECURITY_IMPLICATION();
}
} } // namespace JSC::DFG
......
......@@ -114,6 +114,32 @@ public:
return insertConstantForUse(index, NodeOrigin(origin), value, useKind);
}
Node* insertOutOfOrder(const Insertion& insertion)
{
size_t targetIndex = insertion.index();
size_t entry = m_insertions.size();
while (entry) {
entry--;
if (m_insertions[entry].index() <= targetIndex) {
entry++;
break;
}
}
m_insertions.insert(entry, insertion);
return insertion.element();
}
Node* insertOutOfOrder(size_t index, Node* element)
{
return insertOutOfOrder(Insertion(index, element));
}
template<typename... Params>
Node* insertOutOfOrderNode(size_t index, SpeculatedType type, Params... params)
{
return insertOutOfOrder(index, m_graph.addNode(type, params...));
}
void execute(BasicBlock* block)
{
executeInsertions(*block, m_insertions);
......
......@@ -1611,6 +1611,11 @@ struct Node {
return isCellSpeculation(prediction());
}
bool shouldSpeculateNotCell()
{
return isNotCellSpeculation(prediction());
}
static bool shouldSpeculateBoolean(Node* op1, Node* op2)
{
return op1->shouldSpeculateBoolean() && op2->shouldSpeculateBoolean();
......
......@@ -899,7 +899,7 @@ void SpeculativeJIT::compileIn(Node* node)
JSValueOperand key(this, node->child1());
JSValueRegs regs = key.jsValueRegs();
GPRResult result(this);
GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
base.use();
......@@ -4155,7 +4155,7 @@ void SpeculativeJIT::compileGetArrayLength(Node* node)
void SpeculativeJIT::compileNewFunctionNoCheck(Node* node)
{
GPRResult result(this);
GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
flushRegisters();
callOperation(
......@@ -4165,7 +4165,7 @@ void SpeculativeJIT::compileNewFunctionNoCheck(Node* node)
void SpeculativeJIT::compileNewFunctionExpression(Node* node)
{
GPRResult result(this);
GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
flushRegisters();
callOperation(
......@@ -4200,7 +4200,7 @@ bool SpeculativeJIT::compileRegExpExec(Node* node)
GPRReg argumentGPR = argument.gpr();
flushRegisters();
GPRResult result(this);
GPRFlushedCallResult result(this);
callOperation(operationRegExpTest, result.gpr(), baseGPR, argumentGPR);
branchTest32(invert ? JITCompiler::Zero : JITCompiler::NonZero, result.gpr(), taken);
......@@ -4223,7 +4223,7 @@ void SpeculativeJIT::compileAllocatePropertyStorage(Node* node)
flushRegisters();
GPRResult result(this);
GPRFlushedCallResult result(this);
callOperation(operationReallocateButterflyToHavePropertyStorageWithInitialCapacity, result.gpr(), baseGPR);
storageResult(result.gpr(), node);
......@@ -4266,7 +4266,7 @@ void SpeculativeJIT::compileReallocatePropertyStorage(Node* node)
flushRegisters();
GPRResult result(this);
GPRFlushedCallResult result(this);
callOperation(operationReallocateButterflyToGrowPropertyStorage, result.gpr(), baseGPR, newSize / sizeof(JSValue));
storageResult(result.gpr(), node);
......@@ -4355,7 +4355,7 @@ void SpeculativeJIT::compileToStringOnCell(Node* node)
}
case CellUse: {
GPRResult result(this);
GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
// We flush registers instead of silent spill/fill because in this mode we
......
......@@ -2690,18 +2690,18 @@ private:
//
// These classes lock the result of a call to a C++ helper function.
class GPRResult : public GPRTemporary {
class GPRFlushedCallResult : public GPRTemporary {
public:
GPRResult(SpeculativeJIT* jit)
GPRFlushedCallResult(SpeculativeJIT* jit)
: GPRTemporary(jit, GPRInfo::returnValueGPR)
{
}
};
#if USE(JSVALUE32_64)
class GPRResult2 : public GPRTemporary {
class GPRFlushedCallResult2 : public GPRTemporary {
public:
GPRResult2(SpeculativeJIT* jit)
GPRFlushedCallResult2(SpeculativeJIT* jit)
: GPRTemporary(jit, GPRInfo::returnValueGPR2)
{
}
......
......@@ -396,7 +396,7 @@ void SpeculativeJIT::nonSpeculativePeepholeBranch(Node* node, Node* branchNode,
JITCompiler::JumpList slowPath;
if (isKnownNotInteger(node->child1().node()) || isKnownNotInteger(node->child2().node())) {
GPRResult result(this);
GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
arg1.use();
......@@ -487,7 +487,7 @@ void SpeculativeJIT::nonSpeculativeNonPeepholeCompare(Node* node, MacroAssembler
JITCompiler::JumpList slowPath;
if (isKnownNotInteger(node->child1().node()) || isKnownNotInteger(node->child2().node())) {
GPRResult result(this);
GPRFlushedCallResult result(this);
GPRReg resultPayloadGPR = result.gpr();
arg1.use();
......@@ -677,8 +677,8 @@ void SpeculativeJIT::emitCall(Node* node)
flushRegisters();
GPRResult resultPayload(this);
GPRResult2 resultTag(this);
GPRFlushedCallResult resultPayload(this);
GPRFlushedCallResult2 resultTag(this);
GPRReg resultPayloadGPR = resultPayload.gpr();
GPRReg resultTagGPR = resultTag.gpr();
......@@ -1943,8 +1943,8 @@ void SpeculativeJIT::compile(Node* node)
flushRegisters();
GPRResult2 resultTag(this);
GPRResult resultPayload(this);
GPRFlushedCallResult2 resultTag(this);
GPRFlushedCallResult resultPayload(this);
if (isKnownNotNumber(node->child1().node()) || isKnownNotNumber(node->child2().node()))
callOperation(operationValueAddNotNumber, resultTag.gpr(), resultPayload.gpr(), op1TagGPR, op1PayloadGPR, op2TagGPR, op2PayloadGPR);
else
......@@ -2217,8 +2217,8 @@ void SpeculativeJIT::compile(Node* node)
GPRReg propertyPayloadGPR = property.payloadGPR();
flushRegisters();
GPRResult2 resultTag(this);
GPRResult resultPayload(this);
GPRFlushedCallResult2 resultTag(this);
GPRFlushedCallResult resultPayload(this);
callOperation(operationGetByValCell, resultTag.gpr(), resultPayload.gpr(), baseGPR, propertyTagGPR, propertyPayloadGPR);
jsValueResult(resultTag.gpr(), resultPayload.gpr(), node);
......@@ -2616,7 +2616,7 @@ void SpeculativeJIT::compile(Node* node)
GPRReg argumentGPR = argument.gpr();
flushRegisters();
GPRResult result(this);
GPRFlushedCallResult result(this);
callOperation(operationRegExpTest, result.gpr(), baseGPR, argumentGPR);
// Must use jsValueResult because otherwise we screw up register
......@@ -2631,8 +2631,8 @@ void SpeculativeJIT::compile(Node* node)
GPRReg argumentGPR = argument.gpr();
flushRegisters();
GPRResult2 resultTag(this);
GPRResult resultPayload(this);
GPRFlushedCallResult2 resultTag(this);
GPRFlushedCallResult resultPayload(this);
callOperation(operationRegExpExec, resultTag.gpr(), resultPayload.gpr(), baseGPR, argumentGPR);
jsValueResult(resultTag.gpr(), resultPayload.gpr(), node);
......@@ -2646,7 +2646,7 @@ void SpeculativeJIT::compile(Node* node)
GPRReg argumentGPR = argument.gpr();
flushRegisters();
GPRResult result(this);
GPRFlushedCallResult result(this);
callOperation(operationRegExpTest, result.gpr(), baseGPR, argumentGPR);
// If we add a DataFormatBool, we should use it here.
......@@ -3035,7 +3035,7 @@ void SpeculativeJIT::compile(Node* node)
GPRReg op1PayloadGPR = op1.payloadGPR();
GPRReg op1TagGPR = op1.tagGPR();
GPRResult result(this);
GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
flushRegisters();
......@@ -3144,7 +3144,7 @@ void SpeculativeJIT::compile(Node* node)
if (!node->numChildren()) {
flushRegisters();
GPRResult result(this);
GPRFlushedCallResult result(this);
callOperation(
operationNewEmptyArray, result.gpr(), globalObject->arrayStructureForIndexingTypeDuringAllocation(node->indexingType()));
cellResult(result.gpr(), node);
......@@ -3219,7 +3219,7 @@ void SpeculativeJIT::compile(Node* node)
m_jit.storePtr(TrustedImmPtr(scratchSize), scratch.gpr());
}
GPRResult result(this);
GPRFlushedCallResult result(this);
callOperation(
operationNewArray, result.gpr(), globalObject->arrayStructureForIndexingTypeDuringAllocation(node->indexingType()),
......@@ -3294,7 +3294,7 @@ void SpeculativeJIT::compile(Node* node)
SpeculateStrictInt32Operand size(this, node->child1());
GPRReg sizeGPR = size.gpr();
flushRegisters();
GPRResult result(this);
GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
GPRReg structureGPR = selectScratchGPR(sizeGPR);
MacroAssembler::Jump bigLength = m_jit.branch32(MacroAssembler::AboveOrEqual, sizeGPR, TrustedImm32(MIN_SPARSE_ARRAY_INDEX));
......@@ -3347,7 +3347,7 @@ void SpeculativeJIT::compile(Node* node)
}
flushRegisters();
GPRResult result(this);
GPRFlushedCallResult result(this);
callOperation(operationNewArrayBuffer, result.gpr(), globalObject->arrayStructureForIndexingTypeDuringAllocation(node->indexingType()), node->startConstant(), node->numConstants());
......@@ -3367,7 +3367,7 @@ void SpeculativeJIT::compile(Node* node)
flushRegisters();
GPRResult result(this);
GPRFlushedCallResult result(this);
GPRReg resultGPR = result.gpr();
JSGlobalObject* globalObject = m_jit.graph().globalObjectFor(node->origin.semantic);
......@@ -3388,8 +3388,8 @@ void SpeculativeJIT::compile(Node* node)
case NewRegexp: {
flushRegisters();
GPRResult resultPayload(this);
GPRResult2 resultTag(this);
GPRFlushedCallResult resultPayload(this);
GPRFlushedCallResult2 resultTag(this);
callOperation(operationNewRegexp, resultTag.gpr(), resultPayload.gpr(), m_jit.codeBlock()->regexp(node->regexpIndex()));
......@@ -3631,8 +3631,8 @@ void SpeculativeJIT::compile(Node* node)
GPRReg baseGPR = base.gpr();
GPRResult resultPayload(this);
GPRResult2 resultTag(this);
GPRFlushedCallResult resultPayload(this);
GPRFlushedCallResult2 resultTag(this);
GPRReg resultPayloadGPR = resultPayload.gpr();
GPRReg resultTagGPR = resultTag.gpr();
......@@ -3651,8 +3651,8 @@ void SpeculativeJIT::compile(Node* node)
GPRReg baseTagGPR = base.tagGPR();
GPRReg basePayloadGPR = base.payloadGPR();
GPRResult resultPayload(this);
GPRResult2 resultTag(this);
GPRFlushedCallResult resultPayload(this);
GPRFlushedCallResult2 resultTag(this);
GPRReg resultPayloadGPR = resultPayload.gpr();
GPRReg resultTagGPR = resultTag.gpr();
......@@ -4075,7 +4075,7 @@ void SpeculativeJIT::compile(Node* node)
JSValueOperand value(this, node->child1());
GPRReg valueTagGPR = value.tagGPR();