82312 – DFG OSR exit should not generate an exit for variables of inlinees if the inlinees are not in scope

Bug 82312 - DFG OSR exit should not generate an exit for variables of inlinees if the inlinees are not in scope

Summary: DFG OSR exit should not generate an exit for variables of inlinees if the inl...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Normal
Assignee:	Filip Pizlo

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-03-27 02:13 PDT by Filip Pizlo
Modified:	2012-03-27 14:55 PDT (History)
CC List:	5 users (show)

See Also:

Attachments
the patch (3.58 KB, patch) 2012-03-27 02:18 PDT, Filip Pizlo	oliver: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Filip Pizlo 2012-03-27 02:13:08 PDT

Currently DFG OSR exit computes a value recovery, and generates recovery code, for every variable within the DFG code block's Graph::m_localVars, which ends up being the high watermark of the stack for all inlinees.  This means that for example in this code:


function foo(a, b) {
    return a + b;
}

function bar(a, b, c) {
    var x = foo(a, b);
    return x + c.f;
}

If we OSR exit at c.f, then the exit will include code to restore local variables within foo(), which is clearly redundant since foo() is out of scope at that point.

Patch forthcoming.

Comment 1 Filip Pizlo 2012-03-27 02:18:16 PDT

Created attachment 134007 [details]
the patch

Comment 2 Eric Seidel (no email) 2012-03-27 12:36:40 PDT

Attachment 134007 [details] was posted by a committer and has review+, assigning to Filip Pizlo for commit.

Comment 3 Filip Pizlo 2012-03-27 14:55:01 PDT

Landed in http://trac.webkit.org/changeset/112320