Skip to site navigation (Press enter)

[webkit-changes] [289481] branches/safari-613.1.16.1-branch

repstein Wed, 09 Feb 2022 10:17:28 -0800

Title: [289481] branches/safari-613.1.16.1-branch

Revision: 289481
Author: repst...@apple.com
Date: 2022-02-09 10:16:32 -0800 (Wed, 09 Feb 2022)

Log Message

Cherry-pick r289450. rdar://problem/88483574


    [JSC] YarrJIT inlining should be disabled when we have DotStarEnclosure
    https://bugs.webkit.org/show_bug.cgi?id=236332
    rdar://88483574

    Reviewed by Michael Saboff.

    JSTests:

    * stress/yarr-inlining-dot-star-enclosure.js: Added.
    (test):

    Source/_javascript_Core:

    YarrJITRegisters::initialStart can be used when m_pattern.m_saveInitialStartValue is true while
    it is not defined in YarrJIT inlining. As a result, we emit broken code using InvalidGPRReg.
    This patch makes canInline false when m_pattern.m_saveInitialStartValue is true.

    * yarr/YarrJIT.cpp:
    * yarr/YarrJITRegisters.h:

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289450 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

branches/safari-613.1.16.1-branch/JSTests/ChangeLog
branches/safari-613.1.16.1-branch/Source/_javascript_Core/ChangeLog
branches/safari-613.1.16.1-branch/Source/_javascript_Core/yarr/YarrJIT.cpp
branches/safari-613.1.16.1-branch/Source/_javascript_Core/yarr/YarrJITRegisters.h

Added Paths

branches/safari-613.1.16.1-branch/JSTests/stress/yarr-inlining-dot-star-enclosure.js

Diff

Modified: branches/safari-613.1.16.1-branch/JSTests/ChangeLog (289480 => 289481)


--- branches/safari-613.1.16.1-branch/JSTests/ChangeLog	2022-02-09 18:12:49 UTC (rev 289480)
+++ branches/safari-613.1.16.1-branch/JSTests/ChangeLog	2022-02-09 18:16:32 UTC (rev 289481)
@@ -1,3 +1,40 @@
+2022-02-09  Russell Epstein  <repst...@apple.com>
+
+        Cherry-pick r289450. rdar://problem/88483574
+
+    [JSC] YarrJIT inlining should be disabled when we have DotStarEnclosure
+    https://bugs.webkit.org/show_bug.cgi?id=236332
+    rdar://88483574
+    
+    Reviewed by Michael Saboff.
+    
+    JSTests:
+    
+    * stress/yarr-inlining-dot-star-enclosure.js: Added.
+    (test):
+    
+    Source/_javascript_Core:
+    
+    YarrJITRegisters::initialStart can be used when m_pattern.m_saveInitialStartValue is true while
+    it is not defined in YarrJIT inlining. As a result, we emit broken code using InvalidGPRReg.
+    This patch makes canInline false when m_pattern.m_saveInitialStartValue is true.
+    
+    * yarr/YarrJIT.cpp:
+    * yarr/YarrJITRegisters.h:
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289450 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2022-02-08  Yusuke Suzuki  <ysuz...@apple.com>
+
+            [JSC] YarrJIT inlining should be disabled when we have DotStarEnclosure
+            https://bugs.webkit.org/show_bug.cgi?id=236332
+            rdar://88483574
+
+            Reviewed by Michael Saboff.
+
+            * stress/yarr-inlining-dot-star-enclosure.js: Added.
+            (test):
+
 2022-01-07  Alexey Shvayka  <ashva...@apple.com>
 
         Expand the set of objects we take JSArray::fastSlice() path for

Added: branches/safari-613.1.16.1-branch/JSTests/stress/yarr-inlining-dot-star-enclosure.js (0 => 289481)


--- branches/safari-613.1.16.1-branch/JSTests/stress/yarr-inlining-dot-star-enclosure.js	                        (rev 0)
+++ branches/safari-613.1.16.1-branch/JSTests/stress/yarr-inlining-dot-star-enclosure.js	2022-02-09 18:16:32 UTC (rev 289481)
@@ -0,0 +1,9 @@
+function test(string)
+{
+    return /.*\:.*/.test(string);
+}
+noInline(test);
+
+for (var i = 0; i < 1e4; ++i) {
+    test(String(i));
+}

Modified: branches/safari-613.1.16.1-branch/Source/_javascript_Core/ChangeLog (289480 => 289481)


--- branches/safari-613.1.16.1-branch/Source/_javascript_Core/ChangeLog	2022-02-09 18:12:49 UTC (rev 289480)
+++ branches/safari-613.1.16.1-branch/Source/_javascript_Core/ChangeLog	2022-02-09 18:16:32 UTC (rev 289481)
@@ -1,3 +1,44 @@
+2022-02-09  Russell Epstein  <repst...@apple.com>
+
+        Cherry-pick r289450. rdar://problem/88483574
+
+    [JSC] YarrJIT inlining should be disabled when we have DotStarEnclosure
+    https://bugs.webkit.org/show_bug.cgi?id=236332
+    rdar://88483574
+    
+    Reviewed by Michael Saboff.
+    
+    JSTests:
+    
+    * stress/yarr-inlining-dot-star-enclosure.js: Added.
+    (test):
+    
+    Source/_javascript_Core:
+    
+    YarrJITRegisters::initialStart can be used when m_pattern.m_saveInitialStartValue is true while
+    it is not defined in YarrJIT inlining. As a result, we emit broken code using InvalidGPRReg.
+    This patch makes canInline false when m_pattern.m_saveInitialStartValue is true.
+    
+    * yarr/YarrJIT.cpp:
+    * yarr/YarrJITRegisters.h:
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@289450 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2022-02-08  Yusuke Suzuki  <ysuz...@apple.com>
+
+            [JSC] YarrJIT inlining should be disabled when we have DotStarEnclosure
+            https://bugs.webkit.org/show_bug.cgi?id=236332
+            rdar://88483574
+
+            Reviewed by Michael Saboff.
+
+            YarrJITRegisters::initialStart can be used when m_pattern.m_saveInitialStartValue is true while
+            it is not defined in YarrJIT inlining. As a result, we emit broken code using InvalidGPRReg.
+            This patch makes canInline false when m_pattern.m_saveInitialStartValue is true.
+
+            * yarr/YarrJIT.cpp:
+            * yarr/YarrJITRegisters.h:
+
 2022-02-08  Alan Coon  <alanc...@apple.com>
 
         Cherry-pick r289354. rdar://problem/88611690

Modified: branches/safari-613.1.16.1-branch/Source/_javascript_Core/yarr/YarrJIT.cpp (289480 => 289481)


--- branches/safari-613.1.16.1-branch/Source/_javascript_Core/yarr/YarrJIT.cpp	2022-02-09 18:12:49 UTC (rev 289480)
+++ branches/safari-613.1.16.1-branch/Source/_javascript_Core/yarr/YarrJIT.cpp	2022-02-09 18:16:32 UTC (rev 289481)
@@ -4265,7 +4265,8 @@
 #if ENABLE(YARR_JIT_ALL_PARENS_EXPRESSIONS)
             && !m_containsNestedSubpatterns
 #endif
-            && !m_pattern.m_containsBackreferences;
+            && !m_pattern.m_containsBackreferences
+            && !m_pattern.m_saveInitialStartValue;
 
         generateTryReadUnicodeCharacterHelper();

Modified: branches/safari-613.1.16.1-branch/Source/_javascript_Core/yarr/YarrJITRegisters.h (289480 => 289481)


--- branches/safari-613.1.16.1-branch/Source/_javascript_Core/yarr/YarrJITRegisters.h	2022-02-09 18:12:49 UTC (rev 289480)
+++ branches/safari-613.1.16.1-branch/Source/_javascript_Core/yarr/YarrJITRegisters.h	2022-02-09 18:16:32 UTC (rev 289481)
@@ -196,8 +196,10 @@
     GPRReg regT1 { InvalidGPRReg };
     GPRReg regT2 { InvalidGPRReg };
 
+    // DotStarEnclosure
+    GPRReg initialStart { InvalidGPRReg };
+
     // Unicode character processing
-    GPRReg initialStart { InvalidGPRReg };
     GPRReg remainingMatchCount { InvalidGPRReg };
     GPRReg regUnicodeInputAndTrail { InvalidGPRReg };
     GPRReg unicodeTemp { InvalidGPRReg };

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes