From f69ddfaa6d06e0c209365835ad7590e9c18f5103 Mon Sep 17 00:00:00 2001 From: Filip Pizlo Date: Wed, 24 Sep 2014 18:43:29 +0200 Subject: Incorrect behavior on emscripten-compiled cube2hash https://bugs.webkit.org/show_bug.cgi?id=120033 Source/JavaScriptCore: Reviewed by Mark Hahnenberg. If PutClosureVar is may-aliased to another PutClosureVar or GetClosureVar then we should bail attempts to CSE. * dfg/DFGCSEPhase.cpp: (JSC::DFG::CSEPhase::scopedVarLoadElimination): (JSC::DFG::CSEPhase::scopedVarStoreElimination): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154344 268f45cc-cd09-0410-ab3c-d52691b4dbfc Task-number: QTBUG-41500 Change-Id: Ia6bd7b09b20a99d5f4b5a14bf58737bc4b8c6a2b Reviewed-by: Jocelyn Turcotte --- Source/JavaScriptCore/dfg/DFGCSEPhase.cpp | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'Source/JavaScriptCore/dfg/DFGCSEPhase.cpp') diff --git a/Source/JavaScriptCore/dfg/DFGCSEPhase.cpp b/Source/JavaScriptCore/dfg/DFGCSEPhase.cpp index 47af696a0..0eb29fcaf 100644 --- a/Source/JavaScriptCore/dfg/DFGCSEPhase.cpp +++ b/Source/JavaScriptCore/dfg/DFGCSEPhase.cpp @@ -254,9 +254,11 @@ private: break; } case PutScopedVar: { - if (node->child2() == registers && node->varNumber() == varNumber) + if (node->varNumber() != varNumber) + break; + if (node->child2() == registers) return node->child3().node(); - break; + return 0; } case SetLocal: { VariableAccessData* variableAccessData = node->variableAccessData(); @@ -327,9 +329,11 @@ private: Node* node = m_currentBlock->at(i); switch (node->op()) { case PutScopedVar: { - if (node->child1() == scope && node->child2() == registers && node->varNumber() == varNumber) + if (node->varNumber() != varNumber) + break; + if (node->child1() == scope && node->child2() == registers) return node; - break; + return 0; } case GetScopedVar: { -- cgit v1.2.1