Bug 69989

Summary:

DFG CFA does not filter structures aggressively enough.

Product:

WebKit

Reporter:

Filip Pizlo <fpizlo>

Component:

JavaScriptCore

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
the patch	none
the patch - revert some debug stuff	oliver: review+

Filip Pizlo

Reported 2011-10-12 19:13:41 PDT

If you have an abstract value like (Array, TOP) and you filter it against Final then you should get (None, []) - i.e. there does not exist a structure for any value within the abstract value's set, since the abstract value's set is empty. This was causing some annoying ASSERTs. I fixed this issue and added even more ASSERTs to catch it sooner. I tested this against a bunch of websites and it seems to work.

Attachments
the patch (4.98 KB, patch) 2011-10-12 19:15 PDT, Filip Pizlo	no flags	Details Formatted Diff Diff
the patch - revert some debug stuff (4.54 KB, patch) 2011-10-12 19:16 PDT, Filip Pizlo	oliver: review+	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Filip Pizlo

Comment 1 2011-10-12 19:15:10 PDT

Created attachment 110793 [details] the patch

Filip Pizlo

Comment 2 2011-10-12 19:16:16 PDT

Created attachment 110795 [details] the patch - revert some debug stuff

Filip Pizlo

Comment 3 2011-10-12 19:19:56 PDT

Landed in r97334.

Note You need to log in before you can comment on or make changes to this bug.