Title: [281485] trunk
- Revision
- 281485
- Author
- sbar...@apple.com
- Date
- 2021-08-23 19:59:56 -0700 (Mon, 23 Aug 2021)
Log Message
Disable peephole optimizations in the byte code generator after rewriting instructions for for-in
https://bugs.webkit.org/show_bug.cgi?id=229420
<rdar://82020528>
Reviewed by Keith Miller.
JSTests:
* stress/for-in-disable-bytecode-generator-peephole-optimizations-after-rewrite.js: Added.
(foo):
Source/_javascript_Core:
The final instruction in a for-in loop might be the get by val that
we're rewriting because there was an escape. We won't ever actually
do peephole optimizations on this get_by_val today, but it breaks
some bookkeeping that the bytecode generator does. This patch makes
sure the bookkeeping is up to date.
* bytecompiler/BytecodeGenerator.cpp:
(JSC::ForInContext::finalize):
Modified Paths
Added Paths
Diff
Modified: trunk/JSTests/ChangeLog (281484 => 281485)
--- trunk/JSTests/ChangeLog 2021-08-24 01:28:17 UTC (rev 281484)
+++ trunk/JSTests/ChangeLog 2021-08-24 02:59:56 UTC (rev 281485)
@@ -1,5 +1,16 @@
2021-08-23 Saam Barati <sbar...@apple.com>
+ Disable peephole optimizations in the byte code generator after rewriting instructions for for-in
+ https://bugs.webkit.org/show_bug.cgi?id=229420
+ <rdar://82020528>
+
+ Reviewed by Keith Miller.
+
+ * stress/for-in-disable-bytecode-generator-peephole-optimizations-after-rewrite.js: Added.
+ (foo):
+
+2021-08-23 Saam Barati <sbar...@apple.com>
+
compileEnumeratorHasProperty uses flushRegisters incorrectly
https://bugs.webkit.org/show_bug.cgi?id=229412
<rdar://82020767>
Added: trunk/JSTests/stress/for-in-disable-bytecode-generator-peephole-optimizations-after-rewrite.js (0 => 281485)
--- trunk/JSTests/stress/for-in-disable-bytecode-generator-peephole-optimizations-after-rewrite.js (rev 0)
+++ trunk/JSTests/stress/for-in-disable-bytecode-generator-peephole-optimizations-after-rewrite.js 2021-08-24 02:59:56 UTC (rev 281485)
@@ -0,0 +1,9 @@
+function foo() {
+ for (let x in []) {
+ x in undefined;
+ x = 0;
+ [][x];
+ }
+}
+foo();
+
Modified: trunk/Source/_javascript_Core/ChangeLog (281484 => 281485)
--- trunk/Source/_javascript_Core/ChangeLog 2021-08-24 01:28:17 UTC (rev 281484)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-08-24 02:59:56 UTC (rev 281485)
@@ -1,5 +1,22 @@
2021-08-23 Saam Barati <sbar...@apple.com>
+ Disable peephole optimizations in the byte code generator after rewriting instructions for for-in
+ https://bugs.webkit.org/show_bug.cgi?id=229420
+ <rdar://82020528>
+
+ Reviewed by Keith Miller.
+
+ The final instruction in a for-in loop might be the get by val that
+ we're rewriting because there was an escape. We won't ever actually
+ do peephole optimizations on this get_by_val today, but it breaks
+ some bookkeeping that the bytecode generator does. This patch makes
+ sure the bookkeeping is up to date.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::ForInContext::finalize):
+
+2021-08-23 Saam Barati <sbar...@apple.com>
+
compileEnumeratorHasProperty uses flushRegisters incorrectly
https://bugs.webkit.org/show_bug.cgi?id=229412
<rdar://82020767>
Modified: trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp (281484 => 281485)
--- trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2021-08-24 01:28:17 UTC (rev 281484)
+++ trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2021-08-24 02:59:56 UTC (rev 281485)
@@ -5369,9 +5369,6 @@
if (!escaped)
return;
- OpcodeID lastOpcodeID = generator.m_lastOpcodeID;
- InstructionStream::MutableRef lastInstruction = generator.m_lastInstruction;
-
for (const auto& instTuple : m_getInsts)
rewriteOp<OpEnumeratorGetByVal, OpGetByVal>(generator, instTuple);
@@ -5390,8 +5387,6 @@
generator.m_writer.seek(branchInstIndex);
- generator.disablePeepholeOptimization();
-
OpJmp::emit(&generator, BoundLabel(static_cast<int>(newBranchTarget) - static_cast<int>(branchInstIndex)));
while (generator.m_writer.position() < end)
@@ -5398,11 +5393,9 @@
OpNop::emit<OpcodeSize::Narrow>(&generator);
}
+ generator.disablePeepholeOptimization(); // We might've just changed the last bytecode that was emitted.
+
generator.m_writer.seek(generator.m_writer.size());
- if (generator.m_lastInstruction.offset() + generator.m_lastInstruction->size() != generator.m_writer.size()) {
- generator.m_lastOpcodeID = lastOpcodeID;
- generator.m_lastInstruction = lastInstruction;
- }
}
void StaticPropertyAnalysis::record()
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes