[Webkit-unassigned] [Bug 160295] [ARM] REGRESSION: generateSelfPropertyAccess shouldn't overwrite the constant pool
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 1 17:02:48 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=160295
Caio Lima <ticaiolima at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ticaiolima at gmail.com
--- Comment #4 from Caio Lima <ticaiolima at gmail.com> ---
(In reply to Saam Barati from comment #3)
> So this happens when we're regenerating the IC?
No. The problem is happening when the getById fast path is being generated in "JITByIdGenerator::generateFastCommon" and the constant poll is flushed in the middle of IC code. As the logic in "JSC::LinkBuffer::allocate" is to fill al remaining IC code with nops, constant pool is then overwritten in such case. However, it also could be overwritten by IC repatch version as well.
> We don't want to take into account the constant pool into the size of the IC.
I've found a solution that I'm not happy with, but at least enables me run code with IC enabled.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170802/b7b7f5f3/attachment.html>
More information about the webkit-unassigned
mailing list