Bug 160925

Summary: Remove invalid assertion in the DFG backend's GetById emitter.
Product: WebKit Reporter: Mark Lam <mark.lam>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, fpizlo, ggaren, keith_miller, msaboff, saam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
proposed patch. fpizlo: review+

Mark Lam
Reported 2016-08-16 17:31:27 PDT
The DFG bytecode parser will force an OSR exit if it sees an op_get_by_id or op_get_by_val with a SpecNone prediction. Hence, it is safe to emit code for the GetById node even if its prediction is SpecNone. The GetById node may still be seen by the DFG backend, but it is valid for it to have a SpecNone prediction.
Attachments
proposed patch. (3.54 KB, patch)
2016-08-17 13:52 PDT, Mark Lam
fpizlo: review+
Mark Lam
Comment 1 2016-08-16 17:33:15 PDT
Mark Lam
Comment 2 2016-08-16 17:43:43 PDT
(In reply to comment #0) > The DFG bytecode parser will force an OSR exit if it sees an op_get_by_id or > op_get_by_val with a SpecNone prediction. Hence, it is safe to emit code > for the GetById node even if its prediction is SpecNone. The GetById node > may still be seen by the DFG backend, but it is valid for it to have a > SpecNone prediction. This may not be true. In my test locally, I'm seeing the assertion without a ForceOSRExit node preceding the GetById node. I'll investigate further.
Mark Lam
Comment 3 2016-08-17 12:45:06 PDT
My initial read of the code was wrong and misleading. The GetById assertion that the node's prediction not be SpecNone in the DFG backend is just plain wrong. It assumes that we can never have a GetById node without a type prediction, but that is not true. The following test case proves otherwise: function foo() { "use strict"; return --arguments["callee"]; } Will remove the assertion. Nothing else needs to change as the DFG is working correctly without the assertion.
Mark Lam
Comment 4 2016-08-17 13:52:13 PDT
Created attachment 286325 [details] proposed patch.
Mark Lam
Comment 5 2016-08-17 14:03:00 PDT
Thanks for the review. Landed in r204570: <http://trac.webkit.org/r204570>.
Note You need to log in before you can comment on or make changes to this bug.