WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
Bug 84638
DFG must keep alive values that it will perform speculations on
https://bugs.webkit.org/show_bug.cgi?id=84638
Summary
DFG must keep alive values that it will perform speculations on
Filip Pizlo
Reported
2012-04-23 14:49:43 PDT
Consider the following code: x = o.f; y = x + 1; Where there are no further uses of x or y. If x was an object, then x + 1 would result in a call to x.valueOf(), which could have side effects. Currently if the DFG speculates that x is a number, then it will dead-code-eliminate x + 1 along with the check that x is a number - so a future execution of this code where o.f results in an object with a valueOf() method will result in the valueOf() method not being called, which is wrong. <
rdar://problem/11258183
>
Attachments
the patch
(2.14 KB, patch)
2012-04-23 14:52 PDT
,
Filip Pizlo
oliver
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Filip Pizlo
Comment 1
2012-04-23 14:52:06 PDT
Created
attachment 138430
[details]
the patch
Geoffrey Garen
Comment 2
2012-04-23 15:32:06 PDT
Regression test?
Filip Pizlo
Comment 3
2012-04-23 15:32:34 PDT
(In reply to
comment #2
)
> Regression test?
Already got one with Oliver's rs.
Filip Pizlo
Comment 4
2012-04-23 15:44:06 PDT
Landed in
http://trac.webkit.org/changeset/114956
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug