119504 – DFG optimizes out strict mode arguments tear off

RESOLVED FIXED 119504

DFG optimizes out strict mode arguments tear off

https://bugs.webkit.org/show_bug.cgi?id=119504

Summary DFG optimizes out strict mode arguments tear off

Oliver Hunt

Reported 2013-08-05 18:00:53 PDT

If i have a strict mode function: function f(a) { "use strict"; a = 5; return arguments[0]; } var x = 0; for (var i = 0; i < N; i++) x = x + f(1); The result should be N, but the DFG optimizes out the eager tear off of the Arguments object, leading to arguments[0] eventually being optimized to return 5, which is incorrect.

Attachments
the patch (5.76 KB, patch) 2013-08-16 16:19 PDT, Filip Pizlo	oliver: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Filip Pizlo

Comment 1 2013-08-16 16:19:26 PDT

Created attachment 208962 [details] the patch

Filip Pizlo

Comment 2 2013-08-16 22:36:06 PDT

<rdar://problem/14764160>

Filip Pizlo

Comment 3 2013-08-16 22:37:00 PDT

Landed in http://trac.webkit.org/changeset/154217

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Filip Pizlo

Reported

2013-08-05 18:00 PDT

Modified

2013-08-16 22:37 PDT History

CC List

1 user Show

URL

Keywords InRadar

Depends on

Blocks