X-Git-Url: https://git.saurik.com/apple/javascriptcore.git/blobdiff_plain/2d39b0e377c0896910ee49ae70082ba665faf986..ed1e77d3adeb83d26fd1dfb16dd84cabdcefd250:/dfg/DFGJITCode.cpp

diff --git a/dfg/DFGJITCode.cpp b/dfg/DFGJITCode.cpp
index 0d69079..db044e5 100644
--- a/dfg/DFGJITCode.cpp
+++ b/dfg/DFGJITCode.cpp
@@ -30,6 +30,7 @@
 
 #include "CodeBlock.h"
 #include "JSCInlines.h"
+#include "TrackedReferences.h"
 
 namespace JSC { namespace DFG {
 
@@ -82,24 +83,8 @@ void JITCode::reconstruct(
     reconstruct(codeBlock, codeOrigin, streamIndex, recoveries);
     
     result = Operands<JSValue>(OperandsLike, recoveries);
-    for (size_t i = result.size(); i--;) {
-        int operand = result.operandForIndex(i);
-        
-        if (codeOrigin == CodeOrigin(0)
-            && operandIsArgument(operand)
-            && !VirtualRegister(operand).toArgument()
-            && codeBlock->codeType() == FunctionCode
-            && codeBlock->specializationKind() == CodeForConstruct) {
-            // Ugh. If we're in a constructor, the 'this' argument may hold garbage. It will
-            // also never be used. It doesn't matter what we put into the value for this,
-            // but it has to be an actual value that can be grokked by subsequent DFG passes,
-            // so we sanitize it here by turning it into Undefined.
-            result[i] = jsUndefined();
-            continue;
-        }
-        
+    for (size_t i = result.size(); i--;)
         result[i] = recoveries[i].recover(exec);
-    }
 }
 
 #if ENABLE(FTL_JIT)
@@ -186,6 +171,18 @@ void JITCode::setOptimizationThresholdBasedOnCompilationResult(
 }
 #endif // ENABLE(FTL_JIT)
 
+void JITCode::validateReferences(const TrackedReferences& trackedReferences)
+{
+    common.validateReferences(trackedReferences);
+    
+    for (OSREntryData& entry : osrEntry) {
+        for (unsigned i = entry.m_expectedValues.size(); i--;)
+            entry.m_expectedValues[i].validateReferences(trackedReferences);
+    }
+    
+    minifiedDFG.validateReferences(trackedReferences);
+}
+
 } } // namespace JSC::DFG
 
 #endif // ENABLE(DFG_JIT)