WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
145062
DFGLICMPhase shouldn't create NodeOrigins with forExit but without semantic
https://bugs.webkit.org/show_bug.cgi?id=145062
Summary
DFGLICMPhase shouldn't create NodeOrigins with forExit but without semantic
Basile Clement
Reported
2015-05-15 11:28:27 PDT
This can be hit by running e.g. sunspider/access-nsieve with DYLD_FRAMEWORK_PATH=WebKitBuild/Debug WebKitBuild/Debug/jsc --forceEagerCompilation=true --useFTLJIT=true --dumpGraphAtEachPhase=true In this case, a Phi node is converted into a JSConstant by the DFGConstantFoldingPhase, and doesn't have a NodeOrigin. Then it gets LICM'd, which unconditionally sets the NodeOrigin's forExit, and now we have a NodeOrigin with a set forExit and unset semantic, which we assert against in various places.
Attachments
Patch
(3.74 KB, patch)
2015-05-15 12:14 PDT
,
Basile Clement
fpizlo
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Basile Clement
Comment 1
2015-05-15 12:14:05 PDT
Created
attachment 253213
[details]
Patch
Basile Clement
Comment 2
2015-05-15 12:31:42 PDT
Committed
r184405
: <
http://trac.webkit.org/changeset/184405
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug