[Webkit-unassigned] [Bug 14868] Import variable lookup optimizations from KJS
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 1 16:09:08 PDT 2007
http://bugs.webkit.org/show_bug.cgi?id=14868
------- Comment #16 from ggaren at apple.com 2007-10-01 16:09 PDT -------
Here are a few problems I've noticed with the patch so far:
1. The ASSERT mentioned above happens because some code calls getDirect on an
ActivationImp, looking for a local variable. Since local variables are not
stored in the PropertyMap, this call is not valid. It's easy enough to fix the
ASSERT by changing it to use hasProperty. However, we need to audit all calls
to getDirect and its ilk, since they are no longer valid in all cases.
2. As seen in JavaScriptCore/tests/mozilla/js1_5/Regress/regress-159334.js, a
sufficiently long script causes stack overflow due to too much recursion in
SemanticChecker::check because SemanticChecker::check uses recursion to follow
arbitrary `next' pointers in a linked list. The same problem probably applies
to other NodeVisitors. (The same problem does not apply to normal execution
because normal execution follows `next' pointers in linked lists iteratively.)
3. The HashTraits for Identifier will cause crashes if used in other contexts
since they do not ref/deref the UString::Rep*. They seem OK in this context,
but I can't prove that.
Despite these problems, I see some parts of this patch that can land
immediately. I'm going to try to break those off and land them.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list