Bug 189757 - AI rule for MultiPutByOffset executes its effects in the wrong order
Summary: AI rule for MultiPutByOffset executes its effects in the wrong order
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Saam Barati
URL:
Keywords: InRadar
: 188694 (view as bug list)
Depends on:
Blocks:
 
Reported: 2018-09-19 11:24 PDT by Saam Barati
Modified: 2018-10-03 16:28 PDT (History)
13 users (show)

See Also:

Attachments
patch (3.92 KB, patch)
2018-09-19 12:02 PDT, Saam Barati 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Saam Barati 2018-09-19 11:24:12 PDT 
Look at this code:
```
        observeTransitions(clobberLimit, transitions);
        if (forNode(node->child1()).changeStructure(m_graph, newSet) == Contradiction)
            m_state.setIsValid(false);
        setForNode(node->child2(), resultingValue);
        if (!!originalValue && !resultingValue)
            m_state.setIsValid(false);
```

However, we first need to execute the last three lines before the first three lines. This is because that's how the execution of the node happens at runtime. This can lead to bad results when resultingValue is the same as the base, e.g:
```
o.f = o;
```
Comment 1 Saam Barati 2018-09-19 11:25:04 PDT 
<rdar://problem/43535257>
Comment 2 Saam Barati 2018-09-19 12:02:10 PDT 
Created attachment 350139 [details]
patch
Comment 3 Michael Saboff 2018-09-19 12:06:29 PDT 
Comment on attachment 350139 [details]
patch

r=me
Comment 4 WebKit Commit Bot 2018-09-19 14:00:15 PDT 
Comment on attachment 350139 [details]
patch

Clearing flags on attachment: 350139

Committed r236223: <https://trac.webkit.org/changeset/236223>
Comment 5 WebKit Commit Bot 2018-09-19 14:00:16 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 6 Mark Lam 2018-10-03 16:28:21 PDT 
*** Bug 188694 has been marked as a duplicate of this bug. ***