139327 – CFA wrongly assumes that a speculation for SlowPutArrayStorageShape disallows ArrayStorageShape arrays

Bug 139327 - CFA wrongly assumes that a speculation for SlowPutArrayStorageShape disallows ArrayStorageShape arrays

Summary: CFA wrongly assumes that a speculation for SlowPutArrayStorageShape disallows...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Mark Lam

URL:
Keywords:	InRadar

Duplicates (1):	139328 (view as bug list)
Depends on:
Blocks:

Reported:	2014-12-05 17:07 PST by Mark Lam
Modified:	2014-12-08 14:13 PST (History)
CC List:	5 users (show)

See Also:

Attachments
the patch (1.93 KB, patch) 2014-12-05 17:18 PST, Mark Lam	fpizlo: review-	Details \| Formatted Diff \| Diff
patch 2 with test added. (5.32 KB, patch) 2014-12-08 13:52 PST, Mark Lam	msaboff: review+	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mark Lam 2014-12-05 17:07:55 PST

The code generator speculation checks for SlowPutArrayStorageShape explicitly allows ArrayStorageShape arrays.  The runtime slow paths that handles SlowPutArrayStorageShape is also capable of handling ArrayStorageShape arrays.  As a result, the CFA may declare some basic blocks as unreachable though the code generator expects otherwise.

Comment 1 Mark Lam 2014-12-05 17:09:20 PST

<rdar://problem/18604058>

Comment 2 Radar WebKit Bug Importer 2014-12-05 17:09:49 PST

<rdar://problem/19164372>

Comment 3 Mark Lam 2014-12-05 17:18:14 PST

Created attachment 242687 [details]
the patch

Regression tests and benchmarks are in progress.

Comment 4 Mark Lam 2014-12-05 17:31:41 PST

Will write a regression test for this soon: https://bugs.webkit.org/show_bug.cgi?id=139328

Comment 5 Filip Pizlo 2014-12-05 17:32:10 PST

Comment on attachment 242687 [details]
the patch

Test?  Otherwise LGTM.

Comment 6 Mark Lam 2014-12-08 13:52:47 PST

Created attachment 242846 [details]
patch 2 with test added.

Comment 7 Michael Saboff 2014-12-08 14:08:27 PST

Comment on attachment 242846 [details]
patch 2 with test added.

r=me

Comment 8 Mark Lam 2014-12-08 14:12:33 PST

Thanks for the review.  Landed in r176972: <http://trac.webkit.org/r176972>.

Comment 9 Mark Lam 2014-12-08 14:13:34 PST

*** Bug 139328 has been marked as a duplicate of this bug. ***