Summary: | FTL doesn't do proper spilling for exception handling when GetById/Snippets go to slow path | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Saam Barati <saam> | ||||
Component: | JavaScriptCore | Assignee: | Saam Barati <saam> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | benjamin, fpizlo, ggaren, gskachkov, keith_miller, mark.lam, msaboff, oliver, sukolsak, ysuzuki | ||||
Priority: | P2 | ||||||
Version: | WebKit Nightly Build | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Attachments: |
|
Description
Saam Barati
2016-01-16 11:04:15 PST
Created attachment 269176 [details]
patch
Comment on attachment 269176 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=269176&action=review > Source/JavaScriptCore/ftl/FTLCompile.cpp:666 > + // on it in the OSR exit. This is because the callOperation(.) machinery doesn't > + // ever spill the result value. It actually takes care to never spill the result > + // because it overwrites it with the result of the call. But, with exceptions and > + // OSR exits, we may need the result value during OSR exit, so we take care to spill > + // it now. changed this locally to: // We take care to always spill the result whenever we need to do value recovery // on it in the OSR exit. This is because the callOperation(.) machinery doesn't // ever spill the result value. It actually takes care to never spill the result // because it overwrites it with the result of the call. But, with exceptions and // OSR exits, we may need the result value prior to the call during OSR exit. // We take care to mark it for spillage now. Comment on attachment 269176 [details]
patch
r=me
landed in: http://trac.webkit.org/changeset/195238 |