[Webkit-unassigned] [Bug 72542] New: DFG global variable CSE mishandles the cross-global-object inlining corner case
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Nov 16 13:47:57 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=72542
Summary: DFG global variable CSE mishandles the
cross-global-object inlining corner case
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: fpizlo at apple.com
The DFG GetGlobalVar is smart enough to know which global object to read from when it is used from inlined code, if the inlinee comes from a different global object than the inline caller. But CSE is not smart enough to handle this, and may replace a GetGlobalVar from one global object with a GetGlobalVar from another global object, if the inline caller and inlinee (or two different inlinees) both did GetGlobalVar on the same identifier.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list