Changeset 179863 in webkit for trunk/Source/JavaScriptCore/dfg/DFGStackLayoutPhase.cpp

Timestamp:

Feb 9, 2015, 8:46:53 PM (10 years ago)

Author:

[email protected]

Message:

DFG::StackLayoutPhase should always set the scopeRegister to VirtualRegister() because the DFG doesn't do anything to make its value valid
​https://bugs.webkit.org/show_bug.cgi?id=141412

Reviewed by Michael Saboff.

StackLayoutPhase was attempting to ensure that the register that
CodeBlock::scopeRegister() points to is the right one for the DFG. But the DFG did nothing
else to maintain the validity of the scopeRegister(). It wasn't captured as far as I can
tell. StackLayoutPhase didn't explicitly mark it live. PreciseLocalClobberize didn't mark
it as being live. So, by the time we got here the register referred to by
CodeBlock::scopeRegister() would have been junk. Moreover, CodeBlock::scopeRegister() was
not used for DFG code blocks, and was hardly ever used outside of bytecode generation.

So, this patch just removes the code to manipulate this field and replaces it with an
unconditional setScopeRegister(VirtualRegister()). Setting it to the invalid register
ensures that any attempst to read the scopeRegister in a DFG or FTL frame immediately
punts.

• dfg/DFGStackLayoutPhase.cpp:

(JSC::DFG::StackLayoutPhase::run):

File:

• trunk/Source/JavaScriptCore/dfg/DFGStackLayoutPhase.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/dfg/DFGStackLayoutPhase.cpp

@@ -169 +169 @@
         }
         
-        if (codeBlock()->scopeRegister().isValid()) {
-            unsigned scopeRegisterAllocation = allocation[codeBlock()->scopeRegister().toLocal()];
-            codeBlock()->setScopeRegister(scopeRegisterAllocation == UINT_MAX ? VirtualRegister() : virtualRegisterForLocal(scopeRegisterAllocation));
-        }
+        // This register is never valid for DFG code blocks.
+        codeBlock()->setScopeRegister(VirtualRegister());
 
         for (unsigned i = m_graph.m_inlineVariableData.size(); i--;) {