[Webkit-unassigned] [Bug 22840] Gmail doesn't load with profiling enabled

Sat Dec 27 00:14:00 PST 2008

https://bugs.webkit.org/show_bug.cgi?id=22840

------- Comment #3 from cwzwarich at uwaterloo.ca  2008-12-27 00:14 PDT -------
Oliver and I found the problem while debugging a visual difference in one of
his crazy JS raytracers with profiling enabled:

http://nerget.com/rayjs/rayjs.html

The culprit is this code in BytecodeGenerator::emitCall():

    if (m_shouldEmitProfileHooks) {
        // If codegen decided to recycle func as this call's destination
register,
        // we need to undo that optimization here so that func will still be
around
        // for the sake of op_profile_did_call.
        if (dst == func) {
            RefPtr<RegisterID> protect = thisRegister;
            RefPtr<RegisterID> movedThisRegister = emitMove(newTemporary(),
thisRegister);
            RefPtr<RegisterID> movedFunc = emitMove(thisRegister, func);

            thisRegister = movedThisRegister.release().releaseRef();
            func = movedFunc.release().releaseRef();
        }
    }

I am not quite sure why this goes wrong yet, but changing all of the callers of
emitCall so that dst is always distinct from func fixes both bugs.

It seems to me that the only sane way to fix this is to ensure that dsti is
distinct from func when profiling is enabled. One could also make the
Node::emitCode() member function emit the profiler hook.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.