110942 – We should record the JITCodeMap for the JS function that could be inlined but not directly compiled with DFG

RESOLVED DUPLICATE of bug 109036110942

We should record the JITCodeMap for the JS function that could be inlined but not directly compiled with DFG

https://bugs.webkit.org/show_bug.cgi?id=110942

Summary We should record the JITCodeMap for the JS function that could be inlined but...

Yuqiang Xian

Reported 2013-02-26 21:50:40 PST

In particular, if the JS function contains the op_call_varargs bytecode, it cannot be directly compiled but can be inlined (in certain cases) with DFG. In this case if we don't record the JITCodeMap for this function, we will have problems if OSR exit happens inside this function. This problem is exposed in a build with LLInt disabled but DFG JIT enabled, when browsing and clicking around www.android.com. Patch forthcoming.

Attachments
patch (3.90 KB, patch) 2013-02-26 21:56 PST, Yuqiang Xian	no flags	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Yuqiang Xian

Comment 1 2013-02-26 21:56:05 PST

Created attachment 190439 [details] patch

Yuqiang Xian

Comment 2 2013-02-26 22:01:22 PST

Ah... Just noticed Filip's commit of http://trac.webkit.org/changeset/144137. It should have been fixed! So this should be invalid.

Yuqiang Xian

Comment 3 2013-02-26 23:00:28 PST

*** This bug has been marked as a duplicate of bug 109036 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 109036

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2013-02-26 21:50 PST

Modified

2013-02-26 23:00 PST History

CC List

2 users Show

URL

Keywords

Depends on

Blocks