[Webkit-unassigned] [Bug 190656] useProbeOSRExit causes failures for Win64 DFG JIT
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 29 16:40:35 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=190656
--- Comment #8 from Ross Kirsling <ross.kirsling at sony.com> ---
A bit of progress:
The issue doesn't seem to be with the return value of DFG::VariableEventStream::reconstruct, as this is the same regardless of probe and regardless of platform.
the issue seems to be that this return value isn't appropriate as a stack pointer offset -- after all, it is simply thrown away in the non-probe path.
It appears that if we mimic this line from the non-probe path:
https://github.com/WebKit/webkit/blob/master/Source/JavaScriptCore/dfg/DFGOSRExit.cpp#L1379
That is, if we replace numVariables with `codeBlock->jitCode()->dfgCommon()->requiredRegisterCountForExit` on this line:
https://github.com/WebKit/webkit/blob/master/Source/JavaScriptCore/dfg/DFGOSRExit.cpp#L402
Then all of the relevant test cases pass (even on Mac!).
The catch is that we still need to remove the lowWatermark assert mentioned in my last comment:
https://github.com/WebKit/webkit/blob/master/Source/JavaScriptCore/assembler/ProbeStack.h#L156
Not sure at the moment what correction needs to occur here.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181029/6f31c6be/attachment.html>
More information about the webkit-unassigned
mailing list