Bug 141412

Summary:

DFG::StackLayoutPhase should always set the scopeRegister to VirtualRegister() because the DFG doesn't do anything to make its value valid

Product:

WebKit

Reporter:

Filip Pizlo <fpizlo>

Component:

JavaScriptCore

Assignee:

Filip Pizlo <fpizlo>

Status:

RESOLVED FIXED

Severity:

Normal

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
the patch	none
the patch	msaboff: review+

Filip Pizlo

Reported 2015-02-09 16:36:45 PST

StackLayoutPhase is attempting to ensure that the register that CodeBlock::scopeRegister() points to is the right one for the DFG. But the DFG does nothing else to maintain the validity of the scopeRegister(). It's not captured as far as I can tell. StackLayoutPhase doesn't explicitly mark it live. So, by the time we get here the register referred to by CodeBlock::scopeRegister() is junk. Moreover, CodeBlock::scopeRegister() is not used for DFG code blocks, and is hardly ever used outside of bytecode generation.

Attachments
the patch (2.24 KB, patch) 2015-02-09 16:41 PST, Filip Pizlo	no flags	Details Formatted Diff Diff
the patch (2.64 KB, patch) 2015-02-09 19:25 PST, Filip Pizlo	msaboff: review+	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Filip Pizlo

Comment 1 2015-02-09 16:41:31 PST

Created attachment 246304 [details] the patch

Filip Pizlo

Comment 2 2015-02-09 19:25:23 PST

Created attachment 246309 [details] the patch Addressing Michael's concerns

Michael Saboff

Comment 3 2015-02-09 20:33:43 PST

Comment on attachment 246309 [details] the patch r=me

Filip Pizlo

Comment 4 2015-02-09 20:47:29 PST

Landed in http://trac.webkit.org/changeset/179863

Note You need to log in before you can comment on or make changes to this bug.