72313 – DFG's inline references to objects should be tracked

RESOLVED FIXED 72313

DFG's inline references to objects should be tracked

https://bugs.webkit.org/show_bug.cgi?id=72313

Summary DFG's inline references to objects should be tracked

Filip Pizlo

Reported 2011-11-14 14:30:54 PST

The DFG may emit code that refers to objects in the heap. This is only safe because those same objects would be referenced from inline caches maintained by the old JIT, which only works because the old JIT will never clear inline caches.

Attachments
the patch (6.96 KB, patch) 2011-11-14 14:37 PST, Filip Pizlo	fpizlo: review-	Details Formatted Diff Diff
the patch (6.47 KB, patch) 2011-11-14 16:02 PST, Filip Pizlo	barraclough: review+	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Filip Pizlo

Comment 1 2011-11-14 14:37:35 PST

Created attachment 115033 [details] the patch

Filip Pizlo

Comment 2 2011-11-14 14:44:42 PST

Comment on attachment 115033 [details] the patch r=oliver

Filip Pizlo

Comment 3 2011-11-14 16:02:04 PST

Comment on attachment 115033 [details] the patch This is broken.

Filip Pizlo

Comment 4 2011-11-14 16:02:38 PST

Created attachment 115051 [details] the patch

Filip Pizlo

Comment 5 2011-11-14 17:23:19 PST

Landed in http://trac.webkit.org/changeset/100221

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2011-11-14 14:30 PST

Modified

2011-11-14 17:23 PST History

CC List

0 users

URL

Keywords

Depends on

Blocks

72312

Dependencies

tree graph