Bug 88284

Summary: DFG CFG simplification should correct the variables at the head of the predecessor block
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
the patch ggaren: review+

Filip Pizlo
Reported 2012-06-04 20:31:35 PDT
Say that we have two blocks, B1 and B2. B1 doesn't do anything to variable X. B2 reads from variable X. Say that CFG simplification decides to merge B1 and B2. Currently, the new block, B1', will still say that the variable at head for X is Phi, which is wrong - it should be GetLocal, since that's the first thing that B1' does to X. This is asymptomatic except if we then do constant folding on X. I'm still trying to figure out a test case for this, but it's not looking so good.
Attachments
the patch (8.50 KB, patch)
2012-06-04 20:40 PDT, Filip Pizlo 		ggaren: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2012-06-04 20:34:43 PDT
OK found a reduced test case. Making a layout test.
Filip Pizlo
Comment 2 2012-06-04 20:40:01 PDT
Created attachment 145685 [details] the patch
Geoffrey Garen
Comment 3 2012-06-04 20:44:33 PDT
Comment on attachment 145685 [details] the patch r=me
Filip Pizlo
Comment 4 2012-06-04 23:41:15 PDT
Landed in http://trac.webkit.org/changeset/119464
Note You need to log in before you can comment on or make changes to this bug.