[Webkit-unassigned] [Bug 184582] Add SetCallee as DFG-Operation
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Apr 13 08:21:25 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=184582
Saam Barati <sbarati at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #337883|review? |review-
Flags| |
--- Comment #6 from Saam Barati <sbarati at apple.com> ---
Comment on attachment 337883
--> https://bugs.webkit.org/attachment.cgi?id=337883
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=337883&action=review
> Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:2455
> + case SetCallee:
Do we not model Callee is a variable?
> Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:1399
> + addToGraph(SetCallee, OpInfo(bitwise_cast<intptr_t>(function)));
This doesn’t look completely right. You need to always do this if you’re looping back to the machine call frame (regardless of the variant being a constant value). Also, you need to do this anytime you loop back to an inline frame that has its callee in a stack slot.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180413/a3969d46/attachment.html>
More information about the webkit-unassigned
mailing list