[Webkit-unassigned] [Bug 110942] New: We should record the JITCodeMap for the JS function that could be inlined but not directly compiled with DFG
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Feb 26 21:48:16 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=110942
Summary: We should record the JITCodeMap for the JS function
that could be inlined but not directly compiled with
DFG
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: yuqiang.xian at intel.com
CC: barraclough at apple.com, fpizlo at apple.com
In particular, if the JS function contains the op_call_varargs bytecode, it cannot be directly compiled but can be inlined (in certain cases) with DFG. In this case if we don't record the JITCodeMap for this function, we will have problems if OSR exit happens inside this function.
This problem is exposed in a build with LLInt disabled but DFG JIT enabled, when browsing and clicking around www.android.com.
Patch forthcoming.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list