Bug 88284

Summary:

DFG CFG simplification should correct the variables at the head of the predecessor block

Product:

WebKit

Reporter:

Filip Pizlo <fpizlo>

Component:

JavaScriptCore

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
the patch	ggaren: review+

Description Filip Pizlo 2012-06-04 20:31:35 PDT

Say that we have two blocks, B1 and B2.  B1 doesn't do anything to variable X.  B2 reads from variable X.  Say that CFG simplification decides to merge B1 and B2.  Currently, the new block, B1', will still say that the variable at head for X is Phi, which is wrong - it should be GetLocal, since that's the first thing that B1' does to X.

This is asymptomatic except if we then do constant folding on X.

I'm still trying to figure out a test case for this, but it's not looking so good.

Comment 1 Filip Pizlo 2012-06-04 20:34:43 PDT

OK found a reduced test case.  Making a layout test.

Comment 2 Filip Pizlo 2012-06-04 20:40:01 PDT

Created attachment 145685 [details]
the patch

Comment 3 Geoffrey Garen 2012-06-04 20:44:33 PDT

Comment on attachment 145685 [details]
the patch

r=me

Comment 4 Filip Pizlo 2012-06-04 23:41:15 PDT

Landed in http://trac.webkit.org/changeset/119464