Title: [202795] trunk/Source
- Revision
- 202795
- Author
- [email protected]
- Date
- 2016-07-03 14:36:48 -0700 (Sun, 03 Jul 2016)
Log Message
BytecodeGenerator::getVariablesUnderTDZ is too conservative
https://bugs.webkit.org/show_bug.cgi?id=159387
Reviewed by Filip Pizlo.
Source/_javascript_Core:
We were too conservative in the following type of programs:
```
{
{
let x;
...
}
let x;
}
```
We used to report "x" as under TDZ when calling getVariablesUnderTDZ at the
"...", even though "x" is not under TDZ. This patch removes this conservatism
and makes the algorithm precise.
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::getVariablesUnderTDZ):
* bytecompiler/BytecodeGenerator.h:
Source/WTF:
I've templatized SmallPtrSet on its SmallArraySize instead
of it always being 8.
* wtf/SmallPtrSet.h:
(WTF::SmallPtrSet::SmallPtrSet):
(WTF::SmallPtrSet::add):
(WTF::SmallPtrSet::iterator::operator!=):
(WTF::SmallPtrSet::bucket):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (202794 => 202795)
--- trunk/Source/_javascript_Core/ChangeLog 2016-07-03 20:01:20 UTC (rev 202794)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-07-03 21:36:48 UTC (rev 202795)
@@ -1,3 +1,28 @@
+2016-07-03 Saam Barati <[email protected]>
+
+ BytecodeGenerator::getVariablesUnderTDZ is too conservative
+ https://bugs.webkit.org/show_bug.cgi?id=159387
+
+ Reviewed by Filip Pizlo.
+
+ We were too conservative in the following type of programs:
+ ```
+ {
+ {
+ let x;
+ ...
+ }
+ let x;
+ }
+ ```
+ We used to report "x" as under TDZ when calling getVariablesUnderTDZ at the
+ "...", even though "x" is not under TDZ. This patch removes this conservatism
+ and makes the algorithm precise.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::getVariablesUnderTDZ):
+ * bytecompiler/BytecodeGenerator.h:
+
2016-07-03 Filip Pizlo <[email protected]>
FTL should refer to B3 types directly
Modified: trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp (202794 => 202795)
--- trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2016-07-03 20:01:20 UTC (rev 202794)
+++ trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2016-07-03 21:36:48 UTC (rev 202795)
@@ -46,6 +46,7 @@
#include "UnlinkedCodeBlock.h"
#include "UnlinkedInstructionStream.h"
#include <wtf/CommaPrinter.h>
+#include <wtf/SmallPtrSet.h>
#include <wtf/StdLibExtras.h>
#include <wtf/text/WTFString.h>
@@ -2791,7 +2792,8 @@
void BytecodeGenerator::getVariablesUnderTDZ(VariableEnvironment& result)
{
- // NOTE: This is conservative. If called at "...", it will report "x" as being under TDZ:
+ // We keep track of variablesThatDontNeedTDZ in this algorithm to prevent
+ // reporting that "x" is under TDZ if this function is called at "...".
//
// {
// {
@@ -2801,11 +2803,15 @@
// let x;
// }
//
- // FIXME: https://bugs.webkit.org/show_bug.cgi?id=159387
- for (auto& map : m_TDZStack) {
+ SmallPtrSet<UniquedStringImpl*, 16> variablesThatDontNeedTDZ;
+ for (unsigned i = m_TDZStack.size(); i--; ) {
+ auto& map = m_TDZStack[i];
for (auto& entry : map) {
- if (entry.value != TDZNecessityLevel::NotNeeded)
- result.add(entry.key.get());
+ if (entry.value != TDZNecessityLevel::NotNeeded) {
+ if (!variablesThatDontNeedTDZ.contains(entry.key.get()))
+ result.add(entry.key.get());
+ } else
+ variablesThatDontNeedTDZ.add(entry.key.get());
}
}
}
Modified: trunk/Source/WTF/ChangeLog (202794 => 202795)
--- trunk/Source/WTF/ChangeLog 2016-07-03 20:01:20 UTC (rev 202794)
+++ trunk/Source/WTF/ChangeLog 2016-07-03 21:36:48 UTC (rev 202795)
@@ -1,3 +1,19 @@
+2016-07-03 Saam Barati <[email protected]>
+
+ BytecodeGenerator::getVariablesUnderTDZ is too conservative
+ https://bugs.webkit.org/show_bug.cgi?id=159387
+
+ Reviewed by Filip Pizlo.
+
+ I've templatized SmallPtrSet on its SmallArraySize instead
+ of it always being 8.
+
+ * wtf/SmallPtrSet.h:
+ (WTF::SmallPtrSet::SmallPtrSet):
+ (WTF::SmallPtrSet::add):
+ (WTF::SmallPtrSet::iterator::operator!=):
+ (WTF::SmallPtrSet::bucket):
+
2016-07-03 Filip Pizlo <[email protected]>
Ugh. Once again, unreviewed, roll out unintentional commit in r202790.
Modified: trunk/Source/WTF/wtf/SmallPtrSet.h (202794 => 202795)
--- trunk/Source/WTF/wtf/SmallPtrSet.h 2016-07-03 20:01:20 UTC (rev 202794)
+++ trunk/Source/WTF/wtf/SmallPtrSet.h 2016-07-03 21:36:48 UTC (rev 202795)
@@ -33,11 +33,12 @@
namespace WTF {
-template<typename PtrType>
+template<typename PtrType, unsigned SmallArraySize = 8>
class SmallPtrSet {
WTF_MAKE_NONCOPYABLE(SmallPtrSet);
static_assert(std::is_trivially_destructible<PtrType>::value, "We currently don't support non-trivially destructible pointer types.");
static_assert(sizeof(PtrType) == sizeof(void*), "Only support pointer sized things.");
+ static_assert(!(SmallArraySize & (SmallArraySize - 1)), "Inline size must be a power of two.");
public:
SmallPtrSet()
@@ -90,7 +91,7 @@
return;
}
- grow(64);
+ grow(std::max(64u, SmallArraySize * 2));
// Fall through. We're no longer small :(
}
@@ -138,7 +139,7 @@
bool operator!=(const iterator& other) const { ASSERT(m_buffer == other.m_buffer); return !(*this == other); }
private:
- template<typename U> friend class WTF::SmallPtrSet;
+ template<typename U, unsigned S> friend class WTF::SmallPtrSet;
unsigned m_index;
unsigned m_capacity;
void** m_buffer;
@@ -239,8 +240,6 @@
}
}
- static const unsigned SmallArraySize = 8;
-
unsigned m_size;
unsigned m_capacity;
void** m_buffer;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
