Bug 146029

Summary: Inlining in the DFG trashes ByteCodeParser::m_currentInstruction for the calling function
Product: WebKit Reporter: Michael Saboff <msaboff>
Component: JavaScriptCoreAssignee: Michael Saboff <msaboff>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch benjamin: review+

Michael Saboff
Reported 2015-06-16 15:16:04 PDT
When we inline a function call in the DFG, we essential recurse in ByteCodeParser::attemptToInlineCall() when we call inlineCall(). In the process we overwrite m_currentInstruction. When we return, m_currentInstruction no longer points at the call instruction. The fix is to save and restore m_currentInstruction around the call to inlineCall(). <rdar://problem/20841734>
Attachments
Patch (4.76 KB, patch)
2015-06-16 16:22 PDT, Michael Saboff 		benjamin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Michael Saboff
Comment 1 2015-06-16 16:22:03 PDT
Created attachment 254975 [details] Patch
Benjamin Poulain
Comment 2 2015-06-16 16:43:09 PDT
Comment on attachment 254975 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=254975&action=review > Source/JavaScriptCore/ChangeLog:7 > + IMHO, you should explain the bug here. How/where m_currentInstruction is trashed, and what were the side effects.
Mark Lam
Comment 3 2015-06-16 16:44:41 PDT
Comment on attachment 254975 [details] Patch r=me too
Michael Saboff
Comment 4 2015-06-16 16:50:45 PDT
(In reply to comment #2) > Comment on attachment 254975 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=254975&action=review > > > Source/JavaScriptCore/ChangeLog:7 > > + > > IMHO, you should explain the bug here. How/where m_currentInstruction is > trashed, and what were the side effects. I'll add comments explaining how this happens.
Michael Saboff
Comment 5 2015-06-16 17:06:51 PDT
Committed r185627: <http://trac.webkit.org/changeset/185627>
Note You need to log in before you can comment on or make changes to this bug.