| Summary: | DFG ByVal nodes with ArrayModes should clobberTop until Fixup phase runs. | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Keith Miller <keith_miller> | ||||||
| Component: | New Bugs | Assignee: | Keith Miller <keith_miller> | ||||||
| Status: | RESOLVED FIXED | ||||||||
| Severity: | Normal | CC: | ews-watchlist, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer, ysuzuki | ||||||
| Priority: | P2 | Keywords: | InRadar | ||||||
| Version: | WebKit Nightly Build | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| See Also: |
https://bugs.webkit.org/show_bug.cgi?id=211576 https://bugs.webkit.org/show_bug.cgi?id=211543 |
||||||||
| Attachments: |
|
||||||||
|
Description
Keith Miller
2020-05-06 14:30:32 PDT
Created attachment 398660 [details]
Patch
Created attachment 398667 [details]
Patch
Comment on attachment 398667 [details]
Patch
r=me
Comment on attachment 398667 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=398667&action=review > Source/JavaScriptCore/dfg/DFGClobberize.h:159 > + // Since Fixup can do widen our ArrayModes based on profiling from other nodes we pessimistically assume /can do widen/can widen/ Committed r261260: <https://trac.webkit.org/changeset/261260> (In reply to Keith Miller from comment #6) > Committed r261260: <https://trac.webkit.org/changeset/261260> This appears to have broken 26 JSC tests: https://build.webkit.org/builders/Apple-Catalina-Release-JSC-Tests/builds/1894 Reverted r261260 for reason: Caused 26 JSC test failures Committed r261293: <https://trac.webkit.org/changeset/261293> I relanded this with https://trac.webkit.org/changeset/261313 |