Bug 141412

Summary:

DFG::StackLayoutPhase should always set the scopeRegister to VirtualRegister() because the DFG doesn't do anything to make its value valid

Product:

WebKit

Reporter:

Filip Pizlo <fpizlo>

Component:

JavaScriptCore

Assignee:

Filip Pizlo <fpizlo>

Status:

RESOLVED FIXED

Severity:

Normal

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
the patch	none
the patch	msaboff: review+

Description Filip Pizlo 2015-02-09 16:36:45 PST

StackLayoutPhase is attempting to ensure that the register that CodeBlock::scopeRegister() points to is the right one for the DFG.  But the DFG does nothing else to maintain the validity of the scopeRegister().  It's not captured as far as I can tell.  StackLayoutPhase doesn't explicitly mark it live.  So, by the time we get here the register referred to by CodeBlock::scopeRegister() is junk.  Moreover, CodeBlock::scopeRegister() is not used for DFG code blocks, and is hardly ever used outside of bytecode generation.

Comment 1 Filip Pizlo 2015-02-09 16:41:31 PST

Created attachment 246304 [details]
the patch

Comment 2 Filip Pizlo 2015-02-09 19:25:23 PST

Created attachment 246309 [details]
the patch

Addressing Michael's concerns

Comment 3 Michael Saboff 2015-02-09 20:33:43 PST

Comment on attachment 246309 [details]
the patch

r=me

Comment 4 Filip Pizlo 2015-02-09 20:47:29 PST

Landed in http://trac.webkit.org/changeset/179863