Ignore:
Timestamp:
Feb 10, 2014, 9:04:28 AM (12 years ago)
Author:
[email protected]
Message:

<1/100 probability FTL failure: v8-v6/v8-deltablue.js.ftl-eager: Exception: TypeError: undefined is not an object (evaluating 'c.isInput')
https://bugs.webkit.org/show_bug.cgi?id=128278

Reviewed by Mark Hahnenberg.

Fix another FTL flake due to bytecode liveness corner cases. Hopefully it's the last
one.

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock): Make sure that inside a constructor, the 'this' result is always set. This makes it easier to unify the treatment of 'this' for OSR exit: we just say that it's always live.

  • dfg/DFGGraph.cpp:

(JSC::DFG::Graph::isLiveInBytecode): Assume that 'this' is live. We were already sort of doing this for calls because the callsite would claim it to be live. But we didn't do it for constructors. It's true that *at the callsite* 'this' won't be live, but inside the inlined constructor, it almost certainly will be.

  • dfg/DFGTierUpCheckInjectionPhase.cpp:

(JSC::DFG::TierUpCheckInjectionPhase::run): I just noticed this benign bug. We should only return 'true' if we actually injected checks.

  • ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileStub): Make it easier to just dump disassembly for FTL OSR exits.

  • runtime/Options.h: Ditto.
  • tests/stress/inlined-constructor-this-liveness.js: Added.

(Foo):
(foo):

  • tests/stress/inlined-function-this-liveness.js: Added.

(bar):
(foo):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp

    r163765 r163789  
    712712        // Arguments are always live. This would be redundant if it wasn't for our
    713713        // op_call_varargs inlining.
     714        // FIXME: 'this' might not be live, but we don't have a way of knowing.
     715        // https://bugs.webkit.org/show_bug.cgi?id=128519
    714716        if (reg.isArgument()
    715             && reg.toArgument()
    716717            && static_cast<size_t>(reg.toArgument()) < inlineCallFrame->arguments.size())
    717718            return true;
Note: See TracChangeset for help on using the changeset viewer.