Summary: | Implicit type check on local variables hoisting is unsound with respect to CFG simplification | ||
---|---|---|---|
Product: | WebKit | Reporter: | Filip Pizlo <fpizlo> |
Component: | JavaScriptCore | Assignee: | Filip Pizlo <fpizlo> |
Status: | RESOLVED DUPLICATE | ||
Severity: | Normal | CC: | barraclough, ggaren, mark.lam, mhahnenberg, msaboff, oliver, sam |
Priority: | P2 | ||
Version: | 528+ (Nightly build) | ||
Hardware: | All | ||
OS: | All | ||
Bug Depends on: | 109371, 110433 | ||
Bug Blocks: |
Description
Filip Pizlo
2013-02-10 14:06:20 PST
The best way to solve this is to explicitly have the Fixup phase shove type checks into Phantom nodes with appropriate Edges that are just above the SetLocal. Then CFG simplification will be able to "just work" and not worry about this. This of course relies on https://bugs.webkit.org/show_bug.cgi?id=109371. My current approach to fixing this is to handle it as part of DCE hardening. *** This bug has been marked as a duplicate of bug 109389 *** |