B3::lowerMacros forgets to before->updatePredecessorsAfter() when lowering ChillMod...
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 27 Sep 2016 23:54:28 +0000 (23:54 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 27 Sep 2016 23:54:28 +0000 (23:54 +0000)
https://bugs.webkit.org/show_bug.cgi?id=162644

Reviewed by Keith Miller.

JSTests:

* stress/chill-mod-chill-mod.js: Added.
(foo):

Source/JavaScriptCore:

If you forget to update the predecessors of your successors, then bad things will happen if you
do something that requires accurate predecessors for correctness. lowerMacros() uses
BlockInsertionSet, which relies on accurate predecessors.

* b3/B3LowerMacros.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@206472 268f45cc-cd09-0410-ab3c-d52691b4dbfc

JSTests/ChangeLog
JSTests/stress/chill-mod-chill-mod.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/b3/B3LowerMacros.cpp

index 5832d2c..740da8b 100644 (file)
@@ -1,3 +1,13 @@
+2016-09-27  Filip Pizlo  <fpizlo@apple.com>
+
+        B3::lowerMacros forgets to before->updatePredecessorsAfter() when lowering ChillMod on ARM64
+        https://bugs.webkit.org/show_bug.cgi?id=162644
+
+        Reviewed by Keith Miller.
+
+        * stress/chill-mod-chill-mod.js: Added.
+        (foo):
+
 2016-09-26  Csaba Osztrogon√°c  <oszi@inf.u-szeged.hu>
 
         Skip stress/string-joining-long-strings-should-not-crash.js on memory limited devices
diff --git a/JSTests/stress/chill-mod-chill-mod.js b/JSTests/stress/chill-mod-chill-mod.js
new file mode 100644 (file)
index 0000000..e5e770f
--- /dev/null
@@ -0,0 +1,10 @@
+function foo(a, b)
+{
+    return (~~(a % b)) + (~~(b % a));
+}
+
+noInline(foo);
+
+for (var i = 0; i < 10000; ++i)
+    foo(1, 2);
+
index d0dcf05..99e6b45 100644 (file)
@@ -1,3 +1,16 @@
+2016-09-27  Filip Pizlo  <fpizlo@apple.com>
+
+        B3::lowerMacros forgets to before->updatePredecessorsAfter() when lowering ChillMod on ARM64
+        https://bugs.webkit.org/show_bug.cgi?id=162644
+
+        Reviewed by Keith Miller.
+
+        If you forget to update the predecessors of your successors, then bad things will happen if you
+        do something that requires accurate predecessors for correctness. lowerMacros() uses
+        BlockInsertionSet, which relies on accurate predecessors.
+
+        * b3/B3LowerMacros.cpp:
+
 2016-09-27  JF Bastien  <jfbastien@apple.com>
 
         Speed up Heap::isMarkedConcurrently
index 561b954..fa6de93 100644 (file)
@@ -147,6 +147,7 @@ private:
                     normalResult->setPhi(phi);
                     zeroResult->setPhi(phi);
                     m_value->replaceWithIdentity(phi);
+                    before->updatePredecessorsAfter();
                     m_changed = true;
                 } else
                     makeDivisionChill(Mod);