Changeset 112320 in webkit for trunk/Source/JavaScriptCore/dfg/DFGOSRExit.cpp

Timestamp:

Mar 27, 2012, 2:54:40 PM (13 years ago)

Author:

[email protected]

Message:

DFG OSR exit should not generate an exit for variables of inlinees if the
inlinees are not in scope
​https://bugs.webkit.org/show_bug.cgi?id=82312

Reviewed by Oliver Hunt.

• bytecode/CodeBlock.h:

(JSC::baselineCodeBlockForInlineCallFrame):
(JSC):
(JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):

• dfg/DFGOSRExit.cpp:

(JSC::DFG::computeNumVariablesForCodeOrigin):
(DFG):
(JSC::DFG::OSRExit::OSRExit):

File:

• trunk/Source/JavaScriptCore/dfg/DFGOSRExit.cpp (modified) (2 diffs)

trunk/Source/JavaScriptCore/dfg/DFGOSRExit.cpp

@@ -34 +34 @@
 namespace JSC { namespace DFG {
 
+static unsigned computeNumVariablesForCodeOrigin(
+    CodeBlock* codeBlock, const CodeOrigin& codeOrigin)
+{
+    if (!codeOrigin.inlineCallFrame)
+        return codeBlock->m_numCalleeRegisters;
+    return
+        codeOrigin.inlineCallFrame->stackOffset +
+        baselineCodeBlockForInlineCallFrame(codeOrigin.inlineCallFrame)->m_numCalleeRegisters;
+}
+
 OSRExit::OSRExit(ExitKind kind, JSValueSource jsValueSource, MethodOfGettingAValueProfile valueProfile, MacroAssembler::Jump check, SpeculativeJIT* jit, unsigned recoveryIndex)
     : m_jsValueSource(jsValueSource)
@@ -44 +54 @@
     , m_count(0)
     , m_arguments(jit->m_arguments.size())
-    , m_variables(jit->m_variables.size())
+    , m_variables(computeNumVariablesForCodeOrigin(jit->m_jit.graph().m_profiledBlock, jit->m_codeOriginForOSR))
     , m_lastSetOperand(jit->m_lastSetOperand)
 {