Bug 141412 - DFG::StackLayoutPhase should always set the scopeRegister to VirtualRegister() because the DFG doesn't do anything to make its value valid
Summary: DFG::StackLayoutPhase should always set the scopeRegister to VirtualRegister(...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Filip Pizlo
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-02-09 16:36 PST by Filip Pizlo
Modified: 2015-02-09 20:47 PST (History)
0 users

See Also:

Attachments
the patch (2.24 KB, patch)
2015-02-09 16:41 PST, Filip Pizlo 		no flags Details | Formatted Diff | Diff
the patch (2.64 KB, patch)
2015-02-09 19:25 PST, Filip Pizlo 		msaboff: review+
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Filip Pizlo 2015-02-09 16:36:45 PST 
StackLayoutPhase is attempting to ensure that the register that CodeBlock::scopeRegister() points to is the right one for the DFG.  But the DFG does nothing else to maintain the validity of the scopeRegister().  It's not captured as far as I can tell.  StackLayoutPhase doesn't explicitly mark it live.  So, by the time we get here the register referred to by CodeBlock::scopeRegister() is junk.  Moreover, CodeBlock::scopeRegister() is not used for DFG code blocks, and is hardly ever used outside of bytecode generation.
Comment 1 Filip Pizlo 2015-02-09 16:41:31 PST 
Created attachment 246304 [details]
the patch
Comment 2 Filip Pizlo 2015-02-09 19:25:23 PST 
Created attachment 246309 [details]
the patch

Addressing Michael's concerns
Comment 3 Michael Saboff 2015-02-09 20:33:43 PST 
Comment on attachment 246309 [details]
the patch

r=me
Comment 4 Filip Pizlo 2015-02-09 20:47:29 PST 
Landed in http://trac.webkit.org/changeset/179863