Bug 106365

Summary: DFG initrinsic handling should ensure that we backwards propagate the fact that all operands may escape
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: JavaScriptCoreAssignee: Filip Pizlo <fpizlo>
Status: RESOLVED FIXED    
Severity: Normal CC: barraclough, ggaren, mark.lam, mhahnenberg, msaboff, oliver, sam
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
the patch mhahnenberg: review+

Filip Pizlo
Reported 2013-01-08 12:33:27 PST
Intrinsic handling involves making the assumption that we're calling the intrinsic that we thought we were going to call. But that involves a speculation, which may, and almost always does, appear after the operands are computed. Hence the computation of the operands must assume that they may escape and be used arbitrarily, in the case that we don't call the intrinsic we thought we were calling (because we exited).
Attachments
the patch (63.24 KB, patch)
2013-01-08 12:39 PST, Filip Pizlo
mhahnenberg: review+
Filip Pizlo
Comment 1 2013-01-08 12:39:35 PST
Created attachment 181732 [details] the patch
Mark Hahnenberg
Comment 2 2013-01-08 12:51:47 PST
Comment on attachment 181732 [details] the patch r=me
Filip Pizlo
Comment 3 2013-01-08 12:55:48 PST
Note You need to log in before you can comment on or make changes to this bug.