150824 – Re-investiage using PhantomLocal as the liveness preservation mechanism for variables live in a "catch" block in the DFG

NEW150824

Re-investiage using PhantomLocal as the liveness preservation mechanism for variables live in a "catch" block in the DFG

https://bugs.webkit.org/show_bug.cgi?id=150824

Summary Re-investiage using PhantomLocal as the liveness preservation mechanism for v...

Saam Barati

Reported 2015-11-02 16:48:13 PST

Look at this bug for why we had to revert to Flush: https://bugs.webkit.org/show_bug.cgi?id=150760

Attachments
Add attachment proposed patch, testcase, etc.

Saam Barati

Comment 1 2016-10-20 12:55:03 PDT

Ok, so I was looking at other code, but realized maybe why there was a bug in the first place w/ GetById. DFGSpeculativeJIT64.cpp calls SpeculateCellOperand::use() on the base before compiling the IC. This might effect OSR exit data if the GetById is the last use of the base. I suspect this is why PhantomLocal was broken in that program. This also means that we should probably look at other use() calls to make sure they're sound w.r.t exceptions.

Saam Barati

Comment 2 2017-08-21 11:53:23 PDT

It looks like there is a strength reduction rule that may rewrite Flush to PhantomLocal, and it has no concept of exception handling. So there is a chance there is some program that breaks because of the use() call and a Flush being rewritten as PhantomLocal.

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Saam Barati

Reported

2015-11-02 16:48 PST

Modified

2017-08-21 11:53 PDT History

CC List

11 users Show

URL

Keywords

Depends on

Blocks