Bug 106365 - DFG initrinsic handling should ensure that we backwards propagate the fact that all operands may escape
Summary: DFG initrinsic handling should ensure that we backwards propagate the fact th...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Filip Pizlo
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-01-08 12:33 PST by Filip Pizlo
Modified: 2013-01-08 12:55 PST (History)
7 users (show)

See Also:


Attachments
the patch (63.24 KB, patch)
2013-01-08 12:39 PST, Filip Pizlo
mhahnenberg: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Filip Pizlo 2013-01-08 12:33:27 PST
Intrinsic handling involves making the assumption that we're calling the intrinsic that we thought we were going to call.  But that involves a speculation, which may, and almost always does, appear after the operands are computed.  Hence the computation of the operands must assume that they may escape and be used arbitrarily, in the case that we don't call the intrinsic we thought we were calling (because we exited).
Comment 1 Filip Pizlo 2013-01-08 12:39:35 PST
Created attachment 181732 [details]
the patch
Comment 2 Mark Hahnenberg 2013-01-08 12:51:47 PST
Comment on attachment 181732 [details]
the patch

r=me
Comment 3 Filip Pizlo 2013-01-08 12:55:48 PST
Landed in http://trac.webkit.org/changeset/139098