68735 2011-09-23 14:54:08 -0700 DFG implementation of PutScopedVar corrupts register allocation 2011-09-23 15:12:20 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 1 fpizlo webkit-unassigned barraclough fpizlo oliver oldest_to_newest 472523 0 fpizlo 2011-09-23 14:54:08 -0700 The PutScopedVar case in DFGSpeculativeJIT.cpp does not call noResult(), causing its child (the scope chain) to remain referenced. It then does not get removed from the register bank, and its virtual register does not get cleared. This has two effects: bizarre assertion failures and possibly regressed performance in the absence of assertion failures, due to increased register pressure. 472524 1 108543 fpizlo 2011-09-23 14:55:43 -0700 Created attachment 108543 the patch 472526 2 108543 oliver 2011-09-23 14:56:50 -0700 Comment on attachment 108543 the patch oooh, i didn't realise that was necessary/existed -- best to check my other changes for similar screw ups :-( 472529 3 fpizlo 2011-09-23 14:57:56 -0700 (In reply to comment #2) > (From update of attachment 108543 [details]) > oooh, i didn't realise that was necessary/existed -- best to check my other changes for similar screw ups :-( GetScopeChain and GetScopeVar are right, because they call the relevant xyzResult methods. It's the ones that don't return anything that are annoying. 472537 4 oliver 2011-09-23 15:12:20 -0700 Committed r95868: <http://trac.webkit.org/changeset/95868> 108543 2011-09-23 14:55:43 -0700 2011-09-23 14:56:49 -0700 the patch fixputscopedvar_patch_1.diff text/plain 1297 fpizlo SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gOTU4NjMpCisrKyBTb3VyY2Uv SmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTMgQEAK KzIwMTEtMDktMjMgIEZpbGlwIFBpemxvICA8ZnBpemxvQGFwcGxlLmNvbT4KKworICAgICAgICBE RkcgaW1wbGVtZW50YXRpb24gb2YgUHV0U2NvcGVkVmFyIGNvcnJ1cHRzIHJlZ2lzdGVyIGFsbG9j YXRpb24KKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTY4 NzM1CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgKiBk ZmcvREZHU3BlY3VsYXRpdmVKSVQuY3BwOgorICAgICAgICAoSlNDOjpERkc6OlNwZWN1bGF0aXZl SklUOjpjb21waWxlKToKKwogMjAxMS0wOS0yMyAgT2xpdmVyIEh1bnQgIDxvbGl2ZXJAYXBwbGUu Y29tPgogCiAgICAgICAgIFB1dFNjb3BlZFZhciBub2RlcyBzaG91bGQgcmVwb3J0IHRoYXQgaXQg aGFzIGEgdmFyIG51bWJlcgpJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL2RmZy9ERkdTcGVj dWxhdGl2ZUpJVC5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL2RmZy9E RkdTcGVjdWxhdGl2ZUpJVC5jcHAJKHJldmlzaW9uIDk1ODU1KQorKysgU291cmNlL0phdmFTY3Jp cHRDb3JlL2RmZy9ERkdTcGVjdWxhdGl2ZUpJVC5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTE3OTYs NiArMTc5Niw3IEBAIHZvaWQgU3BlY3VsYXRpdmVKSVQ6OmNvbXBpbGUoTm9kZSYgbm9kZSkKICAg ICAgICAgSlNWYWx1ZU9wZXJhbmQgdmFsdWUodGhpcywgbm9kZS5jaGlsZDIoKSk7CiAgICAgICAg IG1faml0LnN0b3JlUHRyKHZhbHVlLmdwcigpLCBKSVRDb21waWxlcjo6QWRkcmVzcyhzY3JhdGNo R1BSLCBub2RlLnZhck51bWJlcigpICogc2l6ZW9mKFJlZ2lzdGVyKSkpOwogICAgICAgICB3cml0 ZUJhcnJpZXIobV9qaXQsIHNjb3BlQ2hhaW4uZ3ByKCksIHNjcmF0Y2hHUFIsIFdyaXRlQmFycmll ckZvclZhcmlhYmxlQWNjZXNzKTsKKyAgICAgICAgbm9SZXN1bHQobV9jb21waWxlSW5kZXgpOwog ICAgICAgICBicmVhazsKICAgICB9CiAgICAgY2FzZSBHZXRCeUlkOiB7Cg==