[Webkit-unassigned] [Bug 184582] Add SetCallee as DFG-Operation

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Apr 13 08:21:25 PDT 2018


https://bugs.webkit.org/show_bug.cgi?id=184582

Saam Barati <sbarati at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #337883|review?                     |review-
              Flags|                            |

--- Comment #6 from Saam Barati <sbarati at apple.com> ---
Comment on attachment 337883
  --> https://bugs.webkit.org/attachment.cgi?id=337883
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=337883&action=review

> Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:2455
> +    case SetCallee:

Do we not model Callee is a variable?

> Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:1399
> +            addToGraph(SetCallee, OpInfo(bitwise_cast<intptr_t>(function)));

This doesn’t look completely right. You need to always do this if you’re looping back to the machine call frame (regardless of the variant being a constant value). Also, you need to do this anytime you loop back to an inline frame that has its callee in a stack slot.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180413/a3969d46/attachment.html>


More information about the webkit-unassigned mailing list