Bug 141915

Summary:

Scopes should always be created with a previously-created symbol table rather than creating one on the fly

Product:

WebKit

Reporter:

Filip Pizlo <fpizlo>

Component:

JavaScriptCore

Assignee:

Filip Pizlo <fpizlo>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

barraclough, benjamin, commit-queue, ggaren, mark.lam, mhahnenb, mmirman, msaboff, nrotem, oliver, ossy, saam, sam

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Bug Depends on:

141921, 141953

Bug Blocks:

141174

Attachments:

Description	Flags
the patch	mark.lam: review+
patch for landing	none
fix 32-bit	none

Description Filip Pizlo 2015-02-23 10:33:03 PST

Patch forthcoming.

Comment 1 Filip Pizlo 2015-02-23 10:55:25 PST

Ossy: this will have some new callOperation() overloads in JIT.h.  Expect breakage.

Comment 2 Filip Pizlo 2015-02-23 11:27:09 PST

(In reply to comment #1)
> Ossy: this will have some new callOperation() overloads in JIT.h.  Expect
> breakage.

Actually, we might get lucky.  The new overloads seem to bottom out in existing setupArgumentsXYZ overloads.

Comment 3 Filip Pizlo 2015-02-23 11:41:51 PST

Created attachment 247131 [details]
the patch

Comment 4 WebKit Commit Bot 2015-02-23 11:42:51 PST

Attachment 247131 [details] did not pass style-queue:


ERROR: Source/JavaScriptCore/runtime/JSNameScope.h:52:  The parameter name "symbolTable" adds no information, so it should be removed.  [readability/parameter_name] [5]
Total errors found: 1 in 20 files


If any of these errors are false positives, please file a bug against check-webkit-style.

Comment 5 Mark Lam 2015-02-23 12:00:19 PST

Comment on attachment 247131 [details]
the patch

View in context: https://bugs.webkit.org/attachment.cgi?id=247131&action=review

r=me

> Source/JavaScriptCore/jit/JITOperations.cpp:71
> +    // FIXME: This won't work if this operation is called from the DFG or FTL.
> +    // This should be changed to pass in the new scope.

I see that this came from pre-existing code, but can you add a debug ASSERT to ensure that the current exec/frame is not a DFG/FTL frame so that we'll catch this if someone unwittingly uses this in the DFG/FTL without seeing this FIXME?

> Source/JavaScriptCore/runtime/JSSymbolTableObject.h:64
> +    

nit: unneeded white space.

Comment 6 Filip Pizlo 2015-02-23 12:05:09 PST

(In reply to comment #5)
> Comment on attachment 247131 [details]
> the patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=247131&action=review
> 
> r=me
> 
> > Source/JavaScriptCore/jit/JITOperations.cpp:71
> > +    // FIXME: This won't work if this operation is called from the DFG or FTL.
> > +    // This should be changed to pass in the new scope.
> 
> I see that this came from pre-existing code, but can you add a debug ASSERT
> to ensure that the current exec/frame is not a DFG/FTL frame so that we'll
> catch this if someone unwittingly uses this in the DFG/FTL without seeing
> this FIXME?

Sure.

> 
> > Source/JavaScriptCore/runtime/JSSymbolTableObject.h:64
> > +    
> 
> nit: unneeded white space.

OK.

Comment 7 Filip Pizlo 2015-02-23 12:16:05 PST

Created attachment 247134 [details]
patch for landing

Comment 8 Filip Pizlo 2015-02-23 12:53:17 PST

Created attachment 247137 [details]
fix 32-bit

Comment 9 Filip Pizlo 2015-02-23 13:54:55 PST

Landed in http://trac.webkit.org/changeset/180514

Comment 10 Csaba Osztrogonác 2015-02-23 14:03:30 PST

(In reply to comment #1)
> Ossy: this will have some new callOperation() overloads in JIT.h.  Expect
> breakage.

Thanks for the notice, fix landed in http://trac.webkit.org/changeset/180515