RESOLVED FIXED Bug 72542
DFG global variable CSE mishandles the cross-global-object inlining corner case 
https://bugs.webkit.org/show_bug.cgi?id=72542
Summary DFG global variable CSE mishandles the cross-global-object inlining corner case
Filip Pizlo
Reported 2011-11-16 13:47:57 PST
The DFG GetGlobalVar is smart enough to know which global object to read from when it is used from inlined code, if the inlinee comes from a different global object than the inline caller. But CSE is not smart enough to handle this, and may replace a GetGlobalVar from one global object with a GetGlobalVar from another global object, if the inline caller and inlinee (or two different inlinees) both did GetGlobalVar on the same identifier.
Attachments
the patch (4.24 KB, patch)
2011-11-16 13:57 PST, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
the patch (8.22 KB, patch)
2011-11-16 15:13 PST, Filip Pizlo 		ggaren: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2011-11-16 13:57:08 PST
Created attachment 115445 [details] the patch Going to investigate making a test for this in LayoutTests.
Filip Pizlo
Comment 2 2011-11-16 15:13:34 PST
Created attachment 115457 [details] the patch Added a test case, and checked that it indeed does break on ToT but not with my changes.
Geoffrey Garen
Comment 3 2011-11-16 15:16:25 PST
Comment on attachment 115457 [details] the patch r=me Please copy this to Radar.
Filip Pizlo
Comment 4 2011-11-16 15:17:30 PST
<rdar://problem/10458466>
Filip Pizlo
Comment 5 2011-11-16 15:22:45 PST
Landed in http://trac.webkit.org/changeset/100514
Note You need to log in before you can comment on or make changes to this bug.