Bug 150824 - Re-investiage using PhantomLocal as the liveness preservation mechanism for variables live in a "catch" block in the DFG
Summary: Re-investiage using PhantomLocal as the liveness preservation mechanism for v...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Saam Barati
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-11-02 16:48 PST by Saam Barati
Modified: 2017-08-21 11:53 PDT (History)
11 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Saam Barati 2015-11-02 16:48:13 PST 
Look at this bug for why we had to revert to Flush:
https://bugs.webkit.org/show_bug.cgi?id=150760
Comment 1 Saam Barati 2016-10-20 12:55:03 PDT 
Ok, so I was looking at other code, but realized maybe why there was a bug in the first place w/ GetById.

DFGSpeculativeJIT64.cpp calls SpeculateCellOperand::use() on the base before compiling the IC. This might effect OSR exit data if the GetById is the last use of the base. I suspect this is why PhantomLocal was broken in that program.

This also means that we should probably look at other use() calls to make sure they're sound w.r.t exceptions.
Comment 2 Saam Barati 2017-08-21 11:53:23 PDT 
It looks like there is a strength reduction rule that may rewrite Flush to PhantomLocal, and it has no concept of exception handling. So there is a chance there is some program that breaks because of the use() call and a Flush being rewritten as PhantomLocal.