88284 – DFG CFG simplification should correct the variables at the head of the predecessor block

Bug 88284 - DFG CFG simplification should correct the variables at the head of the predecessor block

Summary: DFG CFG simplification should correct the variables at the head of the predec...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-06-04 20:31 PDT by Filip Pizlo
Modified:	2012-06-04 23:41 PDT (History)
CC List:	0 users

See Also:

Attachments
the patch (8.50 KB, patch) 2012-06-04 20:40 PDT, Filip Pizlo	ggaren: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Filip Pizlo 2012-06-04 20:31:35 PDT

Say that we have two blocks, B1 and B2.  B1 doesn't do anything to variable X.  B2 reads from variable X.  Say that CFG simplification decides to merge B1 and B2.  Currently, the new block, B1', will still say that the variable at head for X is Phi, which is wrong - it should be GetLocal, since that's the first thing that B1' does to X.

This is asymptomatic except if we then do constant folding on X.

I'm still trying to figure out a test case for this, but it's not looking so good.

Comment 1 Filip Pizlo 2012-06-04 20:34:43 PDT

OK found a reduced test case.  Making a layout test.

Comment 2 Filip Pizlo 2012-06-04 20:40:01 PDT

Created attachment 145685 [details]
the patch

Comment 3 Geoffrey Garen 2012-06-04 20:44:33 PDT

Comment on attachment 145685 [details]
the patch

r=me

Comment 4 Filip Pizlo 2012-06-04 23:41:15 PDT

Landed in http://trac.webkit.org/changeset/119464