Bug 124883 - Stores to local captured variables should be intercepted
Summary: Stores to local captured variables should be intercepted
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Filip Pizlo
URL:
Keywords:
Depends on:
Blocks: 124630
  Show dependency treegraph
 
Reported: 2013-11-25 21:44 PST by Filip Pizlo
Modified: 2013-12-02 11:56 PST (History)
8 users (show)

See Also:

Attachments
it begins (6.01 KB, patch)
2013-11-25 21:45 PST, Filip Pizlo 		no flags Details | Formatted Diff | Diff
getting interesting (44.72 KB, patch)
2013-11-29 20:41 PST, Filip Pizlo 		no flags Details | Formatted Diff | Diff
almost there (49.22 KB, patch)
2013-12-01 10:00 PST, Filip Pizlo 		no flags Details | Formatted Diff | Diff
the patch (66.16 KB, patch)
2013-12-01 11:23 PST, Filip Pizlo 		no flags Details | Formatted Diff | Diff
the patch (68.74 KB, patch)
2013-12-01 12:18 PST, Filip Pizlo 		no flags Details | Formatted Diff | Diff
the patch (70.02 KB, patch)
2013-12-01 13:25 PST, Filip Pizlo 		mhahnenberg: review+
Details | Formatted Diff | Diff
Show Obsolete (5) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Filip Pizlo 2013-11-25 21:44:44 PST 
Patch forthcoming
Comment 1 Filip Pizlo 2013-11-25 21:45:19 PST 
Created attachment 217863 [details]
it begins
Comment 2 Filip Pizlo 2013-11-29 20:41:08 PST 
Created attachment 218084 [details]
getting interesting
Comment 3 Filip Pizlo 2013-12-01 10:00:10 PST 
Created attachment 218113 [details]
almost there
Comment 4 Filip Pizlo 2013-12-01 11:23:53 PST 
Created attachment 218117 [details]
the patch
Comment 5 WebKit Commit Bot 2013-12-01 11:26:26 PST 
Attachment 218117 [details] did not pass style-queue:

Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'LayoutTests/ChangeLog', u'LayoutTests/js/regress/captured-assignments-expected.txt', u'LayoutTests/js/regress/captured-assignments.html', u'LayoutTests/js/regress/script-tests/captured-assignments.js', u'Source/JavaScriptCore/ChangeLog', u'Source/JavaScriptCore/GNUmakefile.list.am', u'Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj', u'Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj', u'Source/JavaScriptCore/bytecode/BytecodeLivenessAnalysis.cpp', u'Source/JavaScriptCore/bytecode/BytecodeUseDef.h', u'Source/JavaScriptCore/bytecode/CodeBlock.cpp', u'Source/JavaScriptCore/bytecode/CodeBlock.h', u'Source/JavaScriptCore/bytecode/Opcode.h', u'Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp', u'Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h', u'Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp', u'Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp', u'Source/JavaScriptCore/dfg/DFGCapabilities.cpp', u'Source/JavaScriptCore/jit/JIT.cpp', u'Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm', u'Source/JavaScriptCore/llint/LowLevelInterpreter64.asm', u'Source/JavaScriptCore/runtime/SymbolTable.h']" exit_code: 1
Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h:349:  The parameter name "body" adds no information, so it should be removed.  [readability/parameter_name] [5]
Total errors found: 1 in 22 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 6 Filip Pizlo 2013-12-01 12:18:14 PST 
Created attachment 218119 [details]
the patch
Comment 7 WebKit Commit Bot 2013-12-01 12:20:08 PST 
Attachment 218119 [details] did not pass style-queue:

Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'LayoutTests/ChangeLog', u'LayoutTests/js/regress/captured-assignments-expected.txt', u'LayoutTests/js/regress/captured-assignments.html', u'LayoutTests/js/regress/script-tests/captured-assignments.js', u'Source/JavaScriptCore/ChangeLog', u'Source/JavaScriptCore/GNUmakefile.list.am', u'Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj', u'Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj', u'Source/JavaScriptCore/bytecode/BytecodeLivenessAnalysis.cpp', u'Source/JavaScriptCore/bytecode/BytecodeUseDef.h', u'Source/JavaScriptCore/bytecode/CodeBlock.cpp', u'Source/JavaScriptCore/bytecode/CodeBlock.h', u'Source/JavaScriptCore/bytecode/Opcode.h', u'Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp', u'Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h', u'Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp', u'Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp', u'Source/JavaScriptCore/dfg/DFGCapabilities.cpp', u'Source/JavaScriptCore/jit/JIT.cpp', u'Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm', u'Source/JavaScriptCore/llint/LowLevelInterpreter64.asm', u'Source/JavaScriptCore/runtime/SymbolTable.h']" exit_code: 1
Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h:349:  The parameter name "body" adds no information, so it should be removed.  [readability/parameter_name] [5]
Total errors found: 1 in 22 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 8 Filip Pizlo 2013-12-01 13:25:33 PST 
Created attachment 218121 [details]
the patch
Comment 9 Mark Hahnenberg 2013-12-02 11:16:46 PST 
Comment on attachment 218121 [details]
the patch

View in context: https://bugs.webkit.org/attachment.cgi?id=218121&action=review

r=me

> Source/JavaScriptCore/bytecode/CodeBlock.cpp:3475
> +            && operand <= codeBlock->captureStart() && operand > codeBlock->captureEnd()) {

codeBlock->symbolTable()->isCaptured(operand)
Comment 10 Filip Pizlo 2013-12-02 11:49:31 PST 
Landed in http://trac.webkit.org/changeset/159943
Comment 11 Geoffrey Garen 2013-12-02 11:55:11 PST 
Does this mean that it's illegal for a captured register to be the destination for any instruction other than captured_mov?
Comment 12 Filip Pizlo 2013-12-02 11:56:14 PST 
(In reply to comment #11)
> Does this mean that it's illegal for a captured register to be the destination for any instruction other than captured_mov?

Yup!