Changeset 143553 in webkit

Timestamp:

Feb 20, 2013, 6:43:36 PM (12 years ago)

Author:

fpizlo@apple.com

Message:

DFG inlines Resolves that it doesn't know how to handle correctly
​https://bugs.webkit.org/show_bug.cgi?id=110405

Source/JavaScriptCore:

Reviewed by Geoffrey Garen.

Don't try to be clever: if there's a failing resolve, we can't inline it, period.

• dfg/DFGCapabilities.h:

(JSC::DFG::canInlineResolveOperations):
(JSC::DFG::canInlineOpcode):

LayoutTests:

Reviewed by Geoffrey Garen.

• fast/js/dfg-inline-resolve-expected.txt: Added.
• fast/js/dfg-inline-resolve.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/fast/js/dfg-inline-resolve-expected.txt (added)
• LayoutTests/fast/js/dfg-inline-resolve.html (added)
• Source/JavaScriptCore/ChangeLog (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGCapabilities.h (modified) (4 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2013-02-20  Filip Pizlo  <fpizlo@apple.com>
+
+        DFG inlines Resolves that it doesn't know how to handle correctly
+        https://bugs.webkit.org/show_bug.cgi?id=110405
+
+        Reviewed by Geoffrey Garen.
+
+        * fast/js/dfg-inline-resolve-expected.txt: Added.
+        * fast/js/dfg-inline-resolve.html: Added.
+
 2013-02-20  Christian Biesinger  <cbiesinger@chromium.org>
 

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2013-02-20  Filip Pizlo  <fpizlo@apple.com>
+
+        DFG inlines Resolves that it doesn't know how to handle correctly
+        https://bugs.webkit.org/show_bug.cgi?id=110405
+
+        Reviewed by Geoffrey Garen.
+        
+        Don't try to be clever: if there's a failing resolve, we can't inline it, period.
+
+        * dfg/DFGCapabilities.h:
+        (JSC::DFG::canInlineResolveOperations):
+        (JSC::DFG::canInlineOpcode):
+
 2013-02-20  Roger Fong  <roger_fong@apple.com>
 

trunk/Source/JavaScriptCore/dfg/DFGCapabilities.h

@@ -49 +49 @@
 
 // Opcode checking.
-inline bool canInlineResolveOperations(OpcodeID opcode, ResolveOperations* operations)
+inline bool canInlineResolveOperations(ResolveOperations* operations)
 {
     for (unsigned i = 0; i < operations->size(); i++) {
@@ -66 +66 @@
 
         case ResolveOperation::Fail:
-            switch (opcode) {
-            case op_resolve_base_to_global_dynamic:
-            case op_resolve_base_to_scope_with_top_scope_check:
-            case op_resolve_base_to_global:
-            case op_resolve_base_to_scope:
-                CRASH();
-            case op_resolve_with_base:
-            case op_resolve_with_this:
-                return false;
-            default:
-                continue;
-            }
+            // Fall-back resolves don't know how to deal with the ExecState* having a different
+            // global object (and scope) than the inlined code that is invoking that resolve.
+            return false;
 
         case ResolveOperation::SkipTopScopeNode:
@@ -236 +227 @@
     case op_resolve_scoped_var_on_top_scope:
     case op_resolve_scoped_var_with_top_scope_check:
-        return canInlineResolveOperations(opcodeID, pc[3].u.resolveOperations);
+        return canInlineResolveOperations(pc[3].u.resolveOperations);
 
     case op_resolve_base_to_global:
@@ -245 +236 @@
     case op_resolve_with_base:
     case op_resolve_with_this:
-        return canInlineResolveOperations(opcodeID, pc[4].u.resolveOperations);
+        return canInlineResolveOperations(pc[4].u.resolveOperations);
         
     // Inlining doesn't correctly remap regular expression operands.