KnownCellUse should also have SpecCellCheck as its type filter
authorsbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 16 Nov 2018 20:42:51 +0000 (20:42 +0000)
committersbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 16 Nov 2018 20:42:51 +0000 (20:42 +0000)
commit0d79b336e2cb3a4c6ed6e6aeafed535238e0604c
tree7847089b3148949a8b7eebd87f44ed8be9327bc1
parent7b0210d65abd1ee0fd2e1fa9be721604f3174777
KnownCellUse should also have SpecCellCheck as its type filter
https://bugs.webkit.org/show_bug.cgi?id=191729
<rdar://problem/45872852>

Reviewed by Filip Pizlo.

JSTests:

* stress/known-cell-type-check-should-allow-empty-value-to-flow-through.js: Added.
(C):

Source/JavaScriptCore:

We write transformations in the compiler like this where we emit edges with
KnownCellUse if we know we're inserting code at a point where we're dominated
by a Cell check:

a: SomeValue
b: Something(Cell:@a)
c: SomethingElse(@b)
d: CheckNotEmpty(@a)

=>

a: SomeValue
b: Something(Cell:@a)
e: RandomOtherThing(KnownCellUse:@a)
c: SomethingElse(@b)
d: CheckNotEmpty(@a)

However, doing this used to lead to subtly incorrect programs since KnownCellUse
did not allow the empty value to flow through it. We used to end up incorrectly
deleting @d in the above program. We fix this, we make KnownCellUse allow the empty
value to flow through.

* dfg/DFGUseKind.h:
(JSC::DFG::typeFilterFor):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@238297 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JSTests/ChangeLog
JSTests/stress/known-cell-type-check-should-allow-empty-value-to-flow-through.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGUseKind.h