DFG abstract interpreter needs to properly model effects of some Math ops
authormsaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 22 Jan 2018 18:37:55 +0000 (18:37 +0000)
committermsaboff@apple.com <msaboff@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 22 Jan 2018 18:37:55 +0000 (18:37 +0000)
commita9d112a6f000d3f4110e67e19628f1bad757fa97
tree9dc3520eff7d14036592e26e2a0c11eef5838ffe
parent1354c9c460218257131839964a1a33c3c7451653
DFG abstract interpreter needs to properly model effects of some Math ops
https://bugs.webkit.org/show_bug.cgi?id=181886

Reviewed by Saam Barati.

JSTests:

New regression test.

* stress/arith-nodes-abstract-interpreter-untypeduse.js: Added.
(test):

Source/JavaScriptCore:

Reviewed the processing of the various ArithXXX and CompareXXX and found that
several nodes don't handle UntypedUse.  Added clobberWorld() for those cases.

* dfg/DFGAbstractInterpreter.h:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeDoubleUnaryOpEffects):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@227341 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JSTests/ChangeLog
JSTests/stress/arith-nodes-abstract-interpreter-untypeduse.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGAbstractInterpreter.h
Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h