100461 – Forward OSR calculation is wrong in the presence of multiple SetLocals, or a mix of SetLocals and Phantoms

RESOLVED FIXED 100461

Forward OSR calculation is wrong in the presence of multiple SetLocals, or a mix of SetLocals and Phantoms

https://bugs.webkit.org/show_bug.cgi?id=100461

Summary Forward OSR calculation is wrong in the presence of multiple SetLocals, or a ...

Filip Pizlo

Reported 2012-10-25 22:34:43 PDT

This was broken by the attempt to have the forward OSR exit calculator collect all SetLocals and create recovery overrides for them. The fix is to not do that, and instead have bytecode ops that decompose into multiple SetLocals explicitly help the forward OSR exit calculator with SetLocal hints. <rdar://problem/12551946>

Attachments
the patch (12.02 KB, patch) 2012-10-25 23:00 PDT, Filip Pizlo	no flags	Details Formatted Diff Diff
the patch (12.72 KB, patch) 2012-10-26 14:40 PDT, Filip Pizlo	oliver: review+	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Filip Pizlo

Comment 1 2012-10-25 23:00:23 PDT

Created attachment 170822 [details] the patch

Filip Pizlo

Comment 2 2012-10-25 23:01:03 PDT

Comment on attachment 170822 [details] the patch Clearing cq? because I will probably want to land this with a test. I would appreciate a review even though I haven't had a chance to try to write the test, yet. Doing so will be tricky.

Oliver Hunt

Comment 3 2012-10-26 07:52:55 PDT

Comment on attachment 170822 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=170822&action=review > Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:3118 > + // First create OSR hints only. > + set(baseDst, base); > + set(valueDst, value); > + > + // If we try to hoist structure checks into here, then we're guaranteed that they will occur > + // *after* we have already set up the values for OSR. > + > + // Then do the real SetLocals. Don't we need this for resolve_with_this as well?

Filip Pizlo

Comment 4 2012-10-26 14:34:33 PDT

(In reply to comment #3) > (From update of attachment 170822 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=170822&action=review > > > Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:3118 > > + // First create OSR hints only. > > + set(baseDst, base); > > + set(valueDst, value); > > + > > + // If we try to hoist structure checks into here, then we're guaranteed that they will occur > > + // *after* we have already set up the values for OSR. > > + > > + // Then do the real SetLocals. > > Don't we need this for resolve_with_this as well? Ooops.

Filip Pizlo

Comment 5 2012-10-26 14:40:55 PDT

Created attachment 171016 [details] the patch

Filip Pizlo

Comment 6 2012-10-26 15:19:30 PDT

Landed in http://trac.webkit.org/changeset/132701

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component JavaScriptCore

Assignee

Filip Pizlo

Reported

2012-10-25 22:34 PDT

Modified

2012-10-26 15:19 PDT History

CC List

7 users Show

URL

Keywords InRadar

Depends on

Blocks