DFG liveness can't skip tail caller inline frames
authorkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 14 Mar 2019 17:41:04 +0000 (17:41 +0000)
committerkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 14 Mar 2019 17:41:04 +0000 (17:41 +0000)
commit5ceeceddc895e7a7aac766565059ebaf5f711f92
tree791ad5bfe75ff55d7a0554a303aec138ae998eac
parent5e4e80f5c1ef43b888338c77c676d923b634ea6e
DFG liveness can't skip tail caller inline frames
https://bugs.webkit.org/show_bug.cgi?id=195715
JSTests:

Reviewed by Saam Barati.

* stress/dfg-scan-inlined-tail-caller-frames-liveness.js:
(i.foo):

Source/JavaScriptCore:

<rdar://problem/46221598>

Reviewed by Saam Barati.

In order to simplify OSR exit/DFG bytecode parsing our bytecode
generator always emits an op_ret after any tail call. However, the
DFG when computing the liveness of locals, would skip any tail
caller inline frames. This mean that if we ended up inserting a
Check that would OSR to the op_ret we wouldn't have kept
availability data around for it.

* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::isLiveInBytecode):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::forAllLocalsLiveInBytecode):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@242945 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JSTests/ChangeLog
JSTests/stress/dfg-scan-inlined-tail-caller-frames-liveness.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGGraph.cpp
Source/JavaScriptCore/dfg/DFGGraph.h