Bug 110942

Summary: We should record the JITCodeMap for the JS function that could be inlined but not directly compiled with DFG
Product: WebKit Reporter: Yuqiang Xian <yuqiang.xian>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: barraclough, fpizlo
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch none

Yuqiang Xian
Reported 2013-02-26 21:50:40 PST
In particular, if the JS function contains the op_call_varargs bytecode, it cannot be directly compiled but can be inlined (in certain cases) with DFG. In this case if we don't record the JITCodeMap for this function, we will have problems if OSR exit happens inside this function. This problem is exposed in a build with LLInt disabled but DFG JIT enabled, when browsing and clicking around www.android.com. Patch forthcoming.
Attachments
patch (3.90 KB, patch)
2013-02-26 21:56 PST, Yuqiang Xian 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Yuqiang Xian
Comment 1 2013-02-26 21:56:05 PST
Created attachment 190439 [details] patch
Yuqiang Xian
Comment 2 2013-02-26 22:01:22 PST
Ah... Just noticed Filip's commit of http://trac.webkit.org/changeset/144137. It should have been fixed! So this should be invalid.
Yuqiang Xian
Comment 3 2013-02-26 23:00:28 PST
*** This bug has been marked as a duplicate of bug 109036 ***
Note You need to log in before you can comment on or make changes to this bug.