111783 – DFG should not get corrupted IR in the case of code that is dead, unreachable, and contains a chain of nodes that use each other in an untyped way

RESOLVED FIXED 111783

DFG should not get corrupted IR in the case of code that is dead, unreachable, and contains a chain of nodes that use each other in an untyped way

https://bugs.webkit.org/show_bug.cgi?id=111783

Summary DFG should not get corrupted IR in the case of code that is dead, unreachable...

Filip Pizlo

Reported 2013-03-07 15:31:47 PST

Attachments
the patch (30.92 KB, patch) 2013-03-07 15:35 PST, Filip Pizlo	mhahnenberg: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Filip Pizlo

Comment 1 2013-03-07 15:35:20 PST

Mark Hahnenberg

Comment 2 2013-03-07 15:41:59 PST

Comment on attachment 192097 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=192097&action=review r=me > Source/JavaScriptCore/dfg/DFGDCEPhase.cpp:162 > + if (edge.needsCheck() && edge.useKind() != UntypedUse) Make this clearer like we discussed.

Filip Pizlo

Comment 3 2013-03-07 15:47:38 PST

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component JavaScriptCore

Assignee

Filip Pizlo

Reported

2013-03-07 15:31 PST

Modified

2013-03-07 15:47 PST History

CC List

7 users Show

URL

Keywords InRadar

Depends on

Blocks