It is related to Reduce consecutive overflow addition with constants.
Turned out that we needs to consider also effect use before relaxing it.
This fixed the issue that fuzzer found in e93a369f7a
.
Bug: chromium:1137586
Change-Id: I32fee5ecc7a6ce40d6f739f9c6e2440a647a2222
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2469597
Commit-Queue: Z Nguyen-Huu <duongn@microsoft.com>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70514}
17 lines
372 B
JavaScript
17 lines
372 B
JavaScript
// Copyright 2020 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
function f() {
|
|
for (var i = 0; i < 100000; i++) {
|
|
var a = arguments[0] + 2;
|
|
var b = arguments[1] + 2;
|
|
var c = a + i + 5;
|
|
var d = c + 3;
|
|
}
|
|
}
|
|
|
|
for (var j = 0; j < 3; j++) {
|
|
f(2, 3);
|
|
}
|