WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
Bug 125253
Reveal array bounds checks in DFG IR
https://bugs.webkit.org/show_bug.cgi?id=125253
Summary
Reveal array bounds checks in DFG IR
Filip Pizlo
Reported
2013-12-04 14:00:18 PST
Patch forthcoming.
Attachments
it begins
(7.57 KB, patch)
2013-12-08 15:42 PST
,
Filip Pizlo
no flags
Details
Formatted Diff
Diff
it might work
(21.45 KB, patch)
2013-12-08 17:13 PST
,
Filip Pizlo
no flags
Details
Formatted Diff
Diff
the patch
(39.27 KB, patch)
2013-12-08 19:50 PST
,
Filip Pizlo
no flags
Details
Formatted Diff
Diff
the patch
(39.44 KB, patch)
2013-12-08 19:59 PST
,
Filip Pizlo
oliver
: review+
Details
Formatted Diff
Diff
Show Obsolete
(3)
View All
Add attachment
proposed patch, testcase, etc.
Filip Pizlo
Comment 1
2013-12-08 15:42:45 PST
Created
attachment 218718
[details]
it begins
Filip Pizlo
Comment 2
2013-12-08 17:13:23 PST
Created
attachment 218720
[details]
it might work
Filip Pizlo
Comment 3
2013-12-08 19:50:37 PST
Created
attachment 218721
[details]
the patch
Filip Pizlo
Comment 4
2013-12-08 19:59:15 PST
Created
attachment 218722
[details]
the patch Rebased.
WebKit Commit Bot
Comment 5
2013-12-08 20:01:13 PST
Attachment 218722
[details]
did not pass style-queue: Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'Source/JavaScriptCore/CMakeLists.txt', u'Source/JavaScriptCore/ChangeLog', u'Source/JavaScriptCore/GNUmakefile.list.am', u'Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj', u'Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj', u'Source/JavaScriptCore/bytecode/ExitKind.cpp', u'Source/JavaScriptCore/bytecode/ExitKind.h', u'Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h', u'Source/JavaScriptCore/dfg/DFGArrayMode.cpp', u'Source/JavaScriptCore/dfg/DFGArrayMode.h', u'Source/JavaScriptCore/dfg/DFGClobberize.h', u'Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp', u'Source/JavaScriptCore/dfg/DFGFixupPhase.cpp', u'Source/JavaScriptCore/dfg/DFGNodeType.h', u'Source/JavaScriptCore/dfg/DFGPlan.cpp', u'Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp', u'Source/JavaScriptCore/dfg/DFGSSALoweringPhase.cpp', u'Source/JavaScriptCore/dfg/DFGSSALoweringPhase.h', u'Source/JavaScriptCore/dfg/DFGSafeToExecute.h', u'Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp', u'Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp', u'Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp', u'Source/JavaScriptCore/ftl/FTLCapabilities.cpp', u'Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp', u'Source/JavaScriptCore/runtime/JSObject.cpp', u'Source/JavaScriptCore/runtime/JSObject.h', u'Source/JavaScriptCore/tests/stress/float32array-out-of-bounds.js', u'Source/JavaScriptCore/tests/stress/int32-object-out-of-bounds.js', u'Source/JavaScriptCore/tests/stress/int32-out-of-bounds.js', '--commit-queue']" exit_code: 1 ERROR: Source/JavaScriptCore/dfg/DFGSSALoweringPhase.cpp:44: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] Total errors found: 1 in 27 files If any of these errors are false positives, please file a bug against check-webkit-style.
Filip Pizlo
Comment 6
2013-12-08 20:03:15 PST
(In reply to
comment #5
)
>
Attachment 218722
[details]
did not pass style-queue: > > Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'Source/JavaScriptCore/CMakeLists.txt', u'Source/JavaScriptCore/ChangeLog', u'Source/JavaScriptCore/GNUmakefile.list.am', u'Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj', u'Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj', u'Source/JavaScriptCore/bytecode/ExitKind.cpp', u'Source/JavaScriptCore/bytecode/ExitKind.h', u'Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h', u'Source/JavaScriptCore/dfg/DFGArrayMode.cpp', u'Source/JavaScriptCore/dfg/DFGArrayMode.h', u'Source/JavaScriptCore/dfg/DFGClobberize.h', u'Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp', u'Source/JavaScriptCore/dfg/DFGFixupPhase.cpp', u'Source/JavaScriptCore/dfg/DFGNodeType.h', u'Source/JavaScriptCore/dfg/DFGPlan.cpp', u'Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp', u'Source/JavaScriptCore/dfg/DFGSSALoweringPhase.cpp', u'Source/JavaScriptCore/dfg/DFGSSALoweringPhase.h', u'Source/JavaScriptCore/dfg/DFGSafeToExecute.h', u'Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp', u'Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp', u'Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp', u'Source/JavaScriptCore/ftl/FTLCapabilities.cpp', u'Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp', u'Source/JavaScriptCore/runtime/JSObject.cpp', u'Source/JavaScriptCore/runtime/JSObject.h', u'Source/JavaScriptCore/tests/stress/float32array-out-of-bounds.js', u'Source/JavaScriptCore/tests/stress/int32-object-out-of-bounds.js', u'Source/JavaScriptCore/tests/stress/int32-out-of-bounds.js', '--commit-queue']" exit_code: 1 > ERROR: Source/JavaScriptCore/dfg/DFGSSALoweringPhase.cpp:44: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4]
OMG no!
> Total errors found: 1 in 27 files > > > If any of these errors are false positives, please file a bug against check-webkit-style.
Filip Pizlo
Comment 7
2013-12-08 20:05:44 PST
(In reply to
comment #6
)
> (In reply to
comment #5
) > >
Attachment 218722
[details]
[details] did not pass style-queue: > > > > Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'Source/JavaScriptCore/CMakeLists.txt', u'Source/JavaScriptCore/ChangeLog', u'Source/JavaScriptCore/GNUmakefile.list.am', u'Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj', u'Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj', u'Source/JavaScriptCore/bytecode/ExitKind.cpp', u'Source/JavaScriptCore/bytecode/ExitKind.h', u'Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h', u'Source/JavaScriptCore/dfg/DFGArrayMode.cpp', u'Source/JavaScriptCore/dfg/DFGArrayMode.h', u'Source/JavaScriptCore/dfg/DFGClobberize.h', u'Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp', u'Source/JavaScriptCore/dfg/DFGFixupPhase.cpp', u'Source/JavaScriptCore/dfg/DFGNodeType.h', u'Source/JavaScriptCore/dfg/DFGPlan.cpp', u'Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp', u'Source/JavaScriptCore/dfg/DFGSSALoweringPhase.cpp', u'Source/JavaScriptCore/dfg/DFGSSALoweringPhase.h', u'Source/JavaScriptCore/dfg/DFGSafeToExecute.h', u'Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp', u'Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp', u'Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp', u'Source/JavaScriptCore/ftl/FTLCapabilities.cpp', u'Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp', u'Source/JavaScriptCore/runtime/JSObject.cpp', u'Source/JavaScriptCore/runtime/JSObject.h', u'Source/JavaScriptCore/tests/stress/float32array-out-of-bounds.js', u'Source/JavaScriptCore/tests/stress/int32-object-out-of-bounds.js', u'Source/JavaScriptCore/tests/stress/int32-out-of-bounds.js', '--commit-queue']" exit_code: 1 > > ERROR: Source/JavaScriptCore/dfg/DFGSSALoweringPhase.cpp:44: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] > > OMG no! > > > Total errors found: 1 in 27 files > > > > > > If any of these errors are false positives, please file a bug against check-webkit-style.
https://bugs.webkit.org/show_bug.cgi?id=125434
Filip Pizlo
Comment 8
2013-12-09 19:21:43 PST
Landed in
http://trac.webkit.org/changeset/160347
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug