Google Git
Sign in
webkit / WebKit / ce99ff5a011634df2125a8e87777feab968ee74c
commitce99ff5a011634df2125a8e87777feab968ee74c[log] [tgz]
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri May 22 18:48:03 2015 +0000
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri May 22 18:48:03 2015 +0000
tree84a04242fc0e68552e78b68d8de08439925781f6
parentefab75e3010d21e6584294a9ef08338c2e17b546 [diff]
Arguments elimination phase mishandles arity check failure in its reduction of LoadVarargs to GetStack/PutStacks
https://bugs.webkit.org/show_bug.cgi?id=145298

Reviewed by Geoffrey Garen.

* dfg/DFGArgumentsEliminationPhase.cpp: Fix the bug. I restructured the loop to make it more obvious that we're initializing everything that we're supposed to initialize.
* dfg/DFGNode.h: Add a comment to clarify something I was confused about while writing this code.
* dfg/DFGPutStackSinkingPhase.cpp: Hacking on PutStacks made me think deep thoughts, and I added some FIXMEs.
* tests/stress/fold-load-varargs-arity-check-fail-barely.js: Added. This test crashes or fails before this patch.
* tests/stress/fold-load-varargs-arity-check-fail.js: Added. This is even more sure to crash or fail.
* tests/stress/simplify-varargs-mandatory-minimum-smaller-than-limit.js: Added. Not sure if we had coverage for this case before.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@184781 268f45cc-cd09-0410-ab3c-d52691b4dbfc
7 files changed
tree: 84a04242fc0e68552e78b68d8de08439925781f6
  1. Examples/
  2. LayoutTests/
  3. ManualTests/
  4. PerformanceTests/
  5. Source/
  6. Tools/
  7. WebKit.xcworkspace/
  8. WebKitLibraries/
  9. Websites/
  10. .dir-locals.el
  11. .gitattributes
  12. .gitignore
  13. ChangeLog
  14. ChangeLog-2012-05-22
  15. CMakeLists.txt
  16. Makefile
  17. Makefile.shared