[webkit-changes] [WebKit/WebKit] 17fc6c: [JSC] Fix bug in B3::canonicalizePrePostIncrements...
Yusuke Suzuki
noreply at github.com
Mon Feb 6 16:54:24 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 17fc6cc8a4733414184dde71bb4b5ce757238540
https://github.com/WebKit/WebKit/commit/17fc6cc8a4733414184dde71bb4b5ce757238540
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-02-06 (Mon, 06 Feb 2023)
Changed paths:
M Source/JavaScriptCore/b3/B3CanonicalizePrePostIncrements.cpp
M Source/JavaScriptCore/b3/B3ValueKey.h
M Source/JavaScriptCore/b3/B3ValueKeyInlines.h
M Source/JavaScriptCore/runtime/OptionsList.h
Log Message:
-----------
[JSC] Fix bug in B3::canonicalizePrePostIncrements and re-enable it
https://bugs.webkit.org/show_bug.cgi?id=251810
rdar://105094173
Reviewed by Justin Michaud.
Previously, we disabled B3::canonicalizePrePostIncrements because of bugs,
but we found a bug in this phase: ValueKey added for canonicalizePrePostIncrements is completely wrong
since it is using value and indices[0], both share same memory region.
This patch (1) fixes it, (2) fixing double-hash-map-lookups, and (3) re-enabling this pass.
* Source/JavaScriptCore/b3/B3CanonicalizePrePostIncrements.cpp:
(JSC::B3::canonicalizePrePostIncrements):
* Source/JavaScriptCore/b3/B3ValueKey.h:
* Source/JavaScriptCore/b3/B3ValueKeyInlines.h:
* Source/JavaScriptCore/runtime/OptionsList.h:
Canonical link: https://commits.webkit.org/259926@main
More information about the webkit-changes
mailing list