[Webkit-unassigned] [Bug 68735] New: DFG implementation of PutScopedVar corrupts register allocation
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 23 14:54:09 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=68735
Summary: DFG implementation of PutScopedVar corrupts register
allocation
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: fpizlo at apple.com
The PutScopedVar case in DFGSpeculativeJIT.cpp does not call noResult(), causing its child (the scope chain) to remain referenced. It then does not get removed from the register bank, and its virtual register does not get cleared. This has two effects: bizarre assertion failures and possibly regressed performance in the absence of assertion failures, due to increased register pressure.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list