110942 – We should record the JITCodeMap for the JS function that could be inlined but not directly compiled with DFG

Bug 110942 - We should record the JITCodeMap for the JS function that could be inlined but not directly compiled with DFG

Summary: We should record the JITCodeMap for the JS function that could be inlined but...

Status:	RESOLVED DUPLICATE of bug 109036

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-02-26 21:50 PST by Yuqiang Xian
Modified:	2013-02-26 23:00 PST (History)
CC List:	2 users (show)

See Also:

Attachments
patch (3.90 KB, patch) 2013-02-26 21:56 PST, Yuqiang Xian	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Yuqiang Xian 2013-02-26 21:50:40 PST

In particular, if the JS function contains the op_call_varargs bytecode, it cannot be directly compiled but can be inlined (in certain cases) with DFG. In this case if we don't record the JITCodeMap for this function, we will have problems if OSR exit happens inside this function.

This problem is exposed in a build with LLInt disabled but DFG JIT enabled, when browsing and clicking around www.android.com.

Patch forthcoming.

Comment 1 Yuqiang Xian 2013-02-26 21:56:05 PST

Created attachment 190439 [details]
patch

Comment 2 Yuqiang Xian 2013-02-26 22:01:22 PST

Ah... Just noticed Filip's commit of http://trac.webkit.org/changeset/144137. It should have been fixed! So this should be invalid.

Comment 3 Yuqiang Xian 2013-02-26 23:00:28 PST


*** This bug has been marked as a duplicate of bug 109036 ***