From 2e536fc35017d3f52e071da231e4fe7deddd4f88 Mon Sep 17 00:00:00 2001 From: Filip Pizlo Date: Thu, 21 Mar 2013 18:11:56 +0100 Subject: Strange results calculating a square root in a loop https://bugs.webkit.org/show_bug.cgi?id=104247 Reviewed by Oliver Hunt. Source/JavaScriptCore: Fixed the CFG simplification phase to ignore dead GetLocals in the first of the blocks under the merge. This fixes the assertion, and is also cleaner: our general rule is to not "revive" things that we've already proved to be dead. Also fixed some rotted debug code. * dfg/DFGCFGSimplificationPhase.cpp: (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal): * dfg/DFGStructureCheckHoistingPhase.cpp: (JSC::DFG::StructureCheckHoistingPhase::run): LayoutTests: * fast/js/dfg-cfg-simplify-redundant-dead-get-local-expected.txt: Added. * fast/js/dfg-cfg-simplify-redundant-dead-get-local.html: Added. * fast/js/jsc-test-list: * fast/js/script-tests/dfg-cfg-simplify-redundant-dead-get-local.js: Added. (getDist): (calcError): Change-Id: I70b28d61e3fcbbb551d9e71d458efe654149c12c git-svn-id: http://svn.webkit.org/repository/webkit/trunk@136989 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte --- Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp') diff --git a/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp b/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp index d9ae4a274..52cebf80f 100644 --- a/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp +++ b/Source/JavaScriptCore/dfg/DFGCFGSimplificationPhase.cpp @@ -305,8 +305,6 @@ private: dataLogF(" Original has local r%d.\n", originalNode->local()); #endif ASSERT(child.local() == originalNode->local()); - if (changeRef) - ASSERT(originalNode->shouldGenerate()); // Possibilities: // SetLocal -> the secondBlock is getting the value of something that is immediately // available in the first block with a known NodeIndex. @@ -326,6 +324,8 @@ private: } switch (originalNode->op()) { case SetLocal: { + if (changeRef) + ASSERT(originalNode->shouldGenerate()); #if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE) dataLogF(" It's a SetLocal.\n"); #endif @@ -336,11 +336,16 @@ private: #if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE) dataLogF(" It's a GetLocal.\n"); #endif - m_graph.changeIndex(edge, originalNodeIndex, changeRef); + if (originalNode->shouldGenerate()) + m_graph.changeIndex(edge, originalNodeIndex, changeRef); + // If we have a GetLocal that points to a child GetLocal that is dead, then + // we have no need to do anything: this original GetLocal is still valid. break; } case Phi: case SetArgument: { + if (changeRef) + ASSERT(originalNode->shouldGenerate()); #if DFG_ENABLE(DEBUG_PROPAGATION_VERBOSE) dataLogF(" It's Phi/SetArgument.\n"); #endif -- cgit v1.2.1