[Webkit-unassigned] [Bug 77070] New: All DFG helpers that may call out to arbitrary JS code must know where they were called from due to inlining and call stack walking
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 25 20:55:14 PST 2012
https://bugs.webkit.org/show_bug.cgi?id=77070
Summary: All DFG helpers that may call out to arbitrary JS code
must know where they were called from due to inlining
and call stack walking
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Keywords: InRadar
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: fpizlo at apple.com
Consider code like:
function a(stuff) { return a.arguments; }
function b(stuff) { return a(stuff); }
If b() is called frequently, a() will be inlined into b(). The access to a.arguments will turn into a GetById of sorts. But the arguments access will fail because the call to the DFG helper that is supposed to do the GetById will not set where in b() we are right now, so the stack walking code for finding the arguments will not know that a() is on the stack.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list