RESOLVED FIXED Bug 139327
CFA wrongly assumes that a speculation for SlowPutArrayStorageShape disallows ArrayStorageShape arrays 
https://bugs.webkit.org/show_bug.cgi?id=139327
Summary CFA wrongly assumes that a speculation for SlowPutArrayStorageShape disallows...
Mark Lam
Reported 2014-12-05 17:07:55 PST
The code generator speculation checks for SlowPutArrayStorageShape explicitly allows ArrayStorageShape arrays. The runtime slow paths that handles SlowPutArrayStorageShape is also capable of handling ArrayStorageShape arrays. As a result, the CFA may declare some basic blocks as unreachable though the code generator expects otherwise.
Attachments
the patch (1.93 KB, patch)
2014-12-05 17:18 PST, Mark Lam 		fpizlo: review-
DetailsFormatted DiffDiff
patch 2 with test added. (5.32 KB, patch)
2014-12-08 13:52 PST, Mark Lam 		msaboff: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2014-12-05 17:09:20 PST
<rdar://problem/18604058>
Radar WebKit Bug Importer
Comment 2 2014-12-05 17:09:49 PST
<rdar://problem/19164372>
Mark Lam
Comment 3 2014-12-05 17:18:14 PST
Created attachment 242687 [details] the patch Regression tests and benchmarks are in progress.
Mark Lam
Comment 4 2014-12-05 17:31:41 PST
Will write a regression test for this soon: https://bugs.webkit.org/show_bug.cgi?id=139328
Filip Pizlo
Comment 5 2014-12-05 17:32:10 PST
Comment on attachment 242687 [details] the patch Test? Otherwise LGTM.
Mark Lam
Comment 6 2014-12-08 13:52:47 PST
Created attachment 242846 [details] patch 2 with test added.
Michael Saboff
Comment 7 2014-12-08 14:08:27 PST
Comment on attachment 242846 [details] patch 2 with test added. r=me
Mark Lam
Comment 8 2014-12-08 14:12:33 PST
Thanks for the review. Landed in r176972: <http://trac.webkit.org/r176972>.
Mark Lam
Comment 9 2014-12-08 14:13:34 PST
*** Bug 139328 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.