[webkit-changes] [281485] trunk

Mon, 23 Aug 2021 20:00:48 -0700

Title: [281485] trunk
Revision
281485
Author
sbar...@apple.com
Date
2021-08-23 19:59:56 -0700 (Mon, 23 Aug 2021)

Log Message

Disable peephole optimizations in the byte code generator after rewriting instructions for for-in
https://bugs.webkit.org/show_bug.cgi?id=229420
<rdar://82020528>

Reviewed by Keith Miller.

JSTests:

* stress/for-in-disable-bytecode-generator-peephole-optimizations-after-rewrite.js: Added.
(foo):

Source/_javascript_Core:

The final instruction in a for-in loop might be the get by val that
we're rewriting because there was an escape. We won't ever actually
do peephole optimizations on this get_by_val today, but it breaks
some bookkeeping that the bytecode generator does. This patch makes
sure the bookkeeping is up to date.

* bytecompiler/BytecodeGenerator.cpp:
(JSC::ForInContext::finalize):

Modified Paths

Added Paths

Diff

Modified: trunk/JSTests/ChangeLog (281484 => 281485)


--- trunk/JSTests/ChangeLog	2021-08-24 01:28:17 UTC (rev 281484)
+++ trunk/JSTests/ChangeLog	2021-08-24 02:59:56 UTC (rev 281485)
@@ -1,5 +1,16 @@
 2021-08-23  Saam Barati  <sbar...@apple.com>
 
+        Disable peephole optimizations in the byte code generator after rewriting instructions for for-in
+        https://bugs.webkit.org/show_bug.cgi?id=229420
+        <rdar://82020528>
+
+        Reviewed by Keith Miller.
+
+        * stress/for-in-disable-bytecode-generator-peephole-optimizations-after-rewrite.js: Added.
+        (foo):
+
+2021-08-23  Saam Barati  <sbar...@apple.com>
+
         compileEnumeratorHasProperty uses flushRegisters incorrectly
         https://bugs.webkit.org/show_bug.cgi?id=229412
         <rdar://82020767>

Added: trunk/JSTests/stress/for-in-disable-bytecode-generator-peephole-optimizations-after-rewrite.js (0 => 281485)


--- trunk/JSTests/stress/for-in-disable-bytecode-generator-peephole-optimizations-after-rewrite.js	                        (rev 0)
+++ trunk/JSTests/stress/for-in-disable-bytecode-generator-peephole-optimizations-after-rewrite.js	2021-08-24 02:59:56 UTC (rev 281485)
@@ -0,0 +1,9 @@
+function foo() {
+    for (let x in []) {
+        x in undefined;
+        x = 0;
+        [][x];
+    }
+}
+foo();
+

Modified: trunk/Source/_javascript_Core/ChangeLog (281484 => 281485)


--- trunk/Source/_javascript_Core/ChangeLog	2021-08-24 01:28:17 UTC (rev 281484)
+++ trunk/Source/_javascript_Core/ChangeLog	2021-08-24 02:59:56 UTC (rev 281485)
@@ -1,5 +1,22 @@
 2021-08-23  Saam Barati  <sbar...@apple.com>
 
+        Disable peephole optimizations in the byte code generator after rewriting instructions for for-in
+        https://bugs.webkit.org/show_bug.cgi?id=229420
+        <rdar://82020528>
+
+        Reviewed by Keith Miller.
+
+        The final instruction in a for-in loop might be the get by val that
+        we're rewriting because there was an escape. We won't ever actually
+        do peephole optimizations on this get_by_val today, but it breaks
+        some bookkeeping that the bytecode generator does. This patch makes
+        sure the bookkeeping is up to date.
+
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::ForInContext::finalize):
+
+2021-08-23  Saam Barati  <sbar...@apple.com>
+
         compileEnumeratorHasProperty uses flushRegisters incorrectly
         https://bugs.webkit.org/show_bug.cgi?id=229412
         <rdar://82020767>

Modified: trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp (281484 => 281485)


--- trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp	2021-08-24 01:28:17 UTC (rev 281484)
+++ trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp	2021-08-24 02:59:56 UTC (rev 281485)
@@ -5369,9 +5369,6 @@
     if (!escaped)
         return;
 
-    OpcodeID lastOpcodeID = generator.m_lastOpcodeID;
-    InstructionStream::MutableRef lastInstruction = generator.m_lastInstruction;
-
     for (const auto& instTuple : m_getInsts)
         rewriteOp<OpEnumeratorGetByVal, OpGetByVal>(generator, instTuple);
 
@@ -5390,8 +5387,6 @@
 
         generator.m_writer.seek(branchInstIndex);
 
-        generator.disablePeepholeOptimization();
-
         OpJmp::emit(&generator, BoundLabel(static_cast<int>(newBranchTarget) - static_cast<int>(branchInstIndex)));
 
         while (generator.m_writer.position() < end)
@@ -5398,11 +5393,9 @@
             OpNop::emit<OpcodeSize::Narrow>(&generator);
     }
 
+    generator.disablePeepholeOptimization(); // We might've just changed the last bytecode that was emitted.
+
     generator.m_writer.seek(generator.m_writer.size());
-    if (generator.m_lastInstruction.offset() + generator.m_lastInstruction->size() != generator.m_writer.size()) {
-        generator.m_lastOpcodeID = lastOpcodeID;
-        generator.m_lastInstruction = lastInstruction;
-    }
 }
 
 void StaticPropertyAnalysis::record()

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to