Title: [261699] trunk
- Revision
- 261699
- Author
- keith_mil...@apple.com
- Date
- 2020-05-14 11:05:06 -0700 (Thu, 14 May 2020)
Log Message
iteration bytecodes need to handle osr exiting from inlined getter frames
https://bugs.webkit.org/show_bug.cgi?id=211873
Reviewed by Saam Barati.
JSTests:
* stress/for-of-done-getter-osr-exit-inlined.js: Added.
(let.d.get done):
(let.d.get value):
* stress/for-of-next-getter-osr-exit-inlined.js: Added.
(let.x.get next):
(foo):
* stress/for-of-value-getter-osr-exit-inlined.js: Added.
(let.d.get value):
(let.d.get done):
Source/_javascript_Core:
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::slow_path_checkpoint_osr_exit_from_inlined_call):
Modified Paths
Added Paths
Diff
Modified: trunk/JSTests/ChangeLog (261698 => 261699)
--- trunk/JSTests/ChangeLog 2020-05-14 18:02:13 UTC (rev 261698)
+++ trunk/JSTests/ChangeLog 2020-05-14 18:05:06 UTC (rev 261699)
@@ -1,3 +1,20 @@
+2020-05-13 Keith Miller <keith_mil...@apple.com>
+
+ iteration bytecodes need to handle osr exiting from inlined getter frames
+ https://bugs.webkit.org/show_bug.cgi?id=211873
+
+ Reviewed by Saam Barati.
+
+ * stress/for-of-done-getter-osr-exit-inlined.js: Added.
+ (let.d.get done):
+ (let.d.get value):
+ * stress/for-of-next-getter-osr-exit-inlined.js: Added.
+ (let.x.get next):
+ (foo):
+ * stress/for-of-value-getter-osr-exit-inlined.js: Added.
+ (let.d.get value):
+ (let.d.get done):
+
2020-05-14 Michael Catanzaro <mcatanz...@gnome.org>
stress/array-buffer-view-watchpoint-can-be-fired-in-really-add-in-dfg.js failing on ppc64le and s390x
Added: trunk/JSTests/stress/for-of-done-getter-osr-exit-inlined.js (0 => 261699)
--- trunk/JSTests/stress/for-of-done-getter-osr-exit-inlined.js (rev 0)
+++ trunk/JSTests/stress/for-of-done-getter-osr-exit-inlined.js 2020-05-14 18:05:06 UTC (rev 261699)
@@ -0,0 +1,23 @@
+let i = 10000;
+let d = {
+ get done() {
+ if (i % 5000 == 0)
+ OSRExit();
+ return !(--i);
+ },
+
+ get value() { return i; }
+};
+
+let x = {
+ next: ()=>d
+}
+
+let iter = {};
+iter[Symbol.iterator] = ()=>x;
+
+let oldI = i;
+for (let x of iter) {
+ if (x !== --oldI)
+ throw new Error();
+}
Added: trunk/JSTests/stress/for-of-next-getter-osr-exit-inlined.js (0 => 261699)
--- trunk/JSTests/stress/for-of-next-getter-osr-exit-inlined.js (rev 0)
+++ trunk/JSTests/stress/for-of-next-getter-osr-exit-inlined.js 2020-05-14 18:05:06 UTC (rev 261699)
@@ -0,0 +1,21 @@
+let i = 0;
+let x = {
+ get next() {
+ if (i++ === 8000)
+ OSRExit();
+ return () => { return { done: true }; };
+ },
+};
+let iter = {};
+iter[Symbol.iterator] = ()=>x;
+
+function foo() {
+ for (let x of iter) { }
+}
+noInline(foo);
+
+for (let j = 0; j < 1e5; j++) {
+ if (i !== j)
+ throw new Error(i + ", " + j);
+ foo();
+}
Added: trunk/JSTests/stress/for-of-value-getter-osr-exit-inlined.js (0 => 261699)
--- trunk/JSTests/stress/for-of-value-getter-osr-exit-inlined.js (rev 0)
+++ trunk/JSTests/stress/for-of-value-getter-osr-exit-inlined.js 2020-05-14 18:05:06 UTC (rev 261699)
@@ -0,0 +1,23 @@
+let i = 10000;
+let d = {
+ get value() {
+ if (i === 5000)
+ OSRExit();
+ return --i;
+ },
+
+ get done() { return !i; }
+};
+
+let x = {
+ next: ()=>d
+}
+
+let iter = {};
+iter[Symbol.iterator] = ()=>x;
+
+let oldI = i;
+for (let x of iter) {
+ if (x !== --oldI)
+ throw new Error();
+}
Modified: trunk/Source/_javascript_Core/ChangeLog (261698 => 261699)
--- trunk/Source/_javascript_Core/ChangeLog 2020-05-14 18:02:13 UTC (rev 261698)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-05-14 18:05:06 UTC (rev 261699)
@@ -1,3 +1,13 @@
+2020-05-13 Keith Miller <keith_mil...@apple.com>
+
+ iteration bytecodes need to handle osr exiting from inlined getter frames
+ https://bugs.webkit.org/show_bug.cgi?id=211873
+
+ Reviewed by Saam Barati.
+
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::slow_path_checkpoint_osr_exit_from_inlined_call):
+
2020-05-13 Devin Rousso <drou...@apple.com>
Web Inspector: rename CSS.StyleSheetOrigin.Regular to CSS.StyleSheetOrigin.Author to match the spec
Modified: trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp (261698 => 261699)
--- trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2020-05-14 18:02:13 UTC (rev 261698)
+++ trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2020-05-14 18:05:06 UTC (rev 261699)
@@ -2135,7 +2135,10 @@
std::unique_ptr<CheckpointOSRExitSideState> sideState = vm.findCheckpointOSRSideState(callFrame);
BytecodeIndex bytecodeIndex = sideState->bytecodeIndex;
+ ASSERT(bytecodeIndex.checkpoint());
+
auto pc = codeBlock->instructions().at(bytecodeIndex);
+ JSGlobalObject* globalObject = codeBlock->globalObject();
auto opcode = pc->opcodeID();
switch (opcode) {
@@ -2148,8 +2151,24 @@
break;
}
// op_tail_call_varargs should never return if the thing it was calling was inlined.
+
+ case op_iterator_open: {
+ ASSERT(bytecodeIndex.checkpoint() == OpIteratorOpen::getNext);
+ callFrame->uncheckedR(destinationFor(pc->as<OpIteratorOpen>(), bytecodeIndex.checkpoint()).virtualRegister()) = JSValue::decode(result);
+ break;
+ }
+ case op_iterator_next: {
+ callFrame->uncheckedR(destinationFor(pc->as<OpIteratorNext>(), bytecodeIndex.checkpoint()).virtualRegister()) = JSValue::decode(result);
+ if (bytecodeIndex.checkpoint() == OpIteratorNext::getValue)
+ break;
+ ASSERT(bytecodeIndex.checkpoint() == OpIteratorNext::getDone);
+ sideState->bytecodeIndex = bytecodeIndex.withCheckpoint(OpIteratorNext::getValue);
+ handleIteratorNextCheckpoint(vm, callFrame, globalObject, pc->as<OpIteratorNext>(), *sideState.get());
+ break;
+ }
+
default:
- RELEASE_ASSERT_NOT_REACHED();
+ CRASH_WITH_INFO(opcode);
break;
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
