Commit 02e7a979 authored by oliver@apple.com's avatar oliver@apple.com

fourthTier: AbstractInterpreter should explicitly ask AbstractState to create...

fourthTier: AbstractInterpreter should explicitly ask AbstractState to create new AbstractValues for newly born nodes
https://bugs.webkit.org/show_bug.cgi?id=118880

Reviewed by Sam Weinig.

It should be possible to have an AbstractState that is backed by a HashMap. But to
do this, the AbstractInterpreter should explicitly ask for new nodes to be added to
the map, since otherwise the idiom of getting a reference to the AbstractValue
returned by forNode() would cause really subtle memory corruption bugs.

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
* dfg/DFGInPlaceAbstractState.h:
(JSC::DFG::InPlaceAbstractState::createValueForNode):
(InPlaceAbstractState):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153283 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 55d32d9a
2013-07-18 Filip Pizlo <fpizlo@apple.com>
fourthTier: AbstractInterpreter should explicitly ask AbstractState to create new AbstractValues for newly born nodes
https://bugs.webkit.org/show_bug.cgi?id=118880
Reviewed by Sam Weinig.
It should be possible to have an AbstractState that is backed by a HashMap. But to
do this, the AbstractInterpreter should explicitly ask for new nodes to be added to
the map, since otherwise the idiom of getting a reference to the AbstractValue
returned by forNode() would cause really subtle memory corruption bugs.
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
* dfg/DFGInPlaceAbstractState.h:
(JSC::DFG::InPlaceAbstractState::createValueForNode):
(InPlaceAbstractState):
2013-07-18 Filip Pizlo <fpizlo@apple.com>
fourthTier: Decouple the way that CFA stores its state from the way it does abstract interpretation
......
......@@ -124,6 +124,8 @@ bool AbstractInterpreter<AbstractStateType>::executeEffects(unsigned indexInBloc
if (!ASSERT_DISABLED)
verifyEdges(node);
m_state.createValueForNode(node);
switch (node->op()) {
case JSConstant:
case WeakJSConstant:
......@@ -1471,6 +1473,7 @@ bool AbstractInterpreter<AbstractStateType>::executeEffects(unsigned indexInBloc
break;
case Upsilon: {
m_state.createValueForNode(node->phi());
AbstractValue& value = forNode(node->child1());
forNode(node) = value;
forNode(node->phi()) = value;
......
......@@ -44,6 +44,8 @@ public:
~InPlaceAbstractState();
void createValueForNode(Node*) { }
AbstractValue& forNode(Node* node)
{
return node->value;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment