Skip to site navigation (Press enter)

[webkit-changes] [271298] trunk

ysuzuki Fri, 08 Jan 2021 08:54:41 -0800

Title: [271298] trunk

Revision: 271298
Author: [email protected]
Date: 2021-01-08 08:53:57 -0800 (Fri, 08 Jan 2021)

Log Message

[JSC] AtomicsIsLockFree's AI result is wrong
https://bugs.webkit.org/show_bug.cgi?id=220452
<rdar://problem/71228690>


Reviewed by Mark Lam.

JSTests:

* stress/atomics-is-lock-free-and-zero.js: Added.

Source/_javascript_Core:

The result type should be SpecBoolean. This leads to FTL unreachable in the test code.

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

Modified Paths

trunk/JSTests/ChangeLog
trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h

Added Paths

trunk/JSTests/stress/atomics-is-lock-free-and-zero.js

Diff

Modified: trunk/JSTests/ChangeLog (271297 => 271298)


--- trunk/JSTests/ChangeLog	2021-01-08 16:30:35 UTC (rev 271297)
+++ trunk/JSTests/ChangeLog	2021-01-08 16:53:57 UTC (rev 271298)
@@ -1,3 +1,13 @@
+2021-01-08  Yusuke Suzuki  <[email protected]>
+
+        [JSC] AtomicsIsLockFree's AI result is wrong
+        https://bugs.webkit.org/show_bug.cgi?id=220452
+        <rdar://problem/71228690>
+
+        Reviewed by Mark Lam.
+
+        * stress/atomics-is-lock-free-and-zero.js: Added.
+
 2021-01-07  Yusuke Suzuki  <[email protected]>
 
         [JSC] DFG/FTL Atomics should assume non-typed-array input with storage-edge

Added: trunk/JSTests/stress/atomics-is-lock-free-and-zero.js (0 => 271298)


--- trunk/JSTests/stress/atomics-is-lock-free-and-zero.js	                        (rev 0)
+++ trunk/JSTests/stress/atomics-is-lock-free-and-zero.js	2021-01-08 16:53:57 UTC (rev 271298)
@@ -0,0 +1,8 @@
+//@ runDefault("--jitPolicyScale=0", "--useConcurrentJIT=0")
+
+for (let i=0; i<1e4; i++) {
+    let x = Atomics.isLockFree(0);
+    try {
+        eval('a');
+    } catch {}
+}

Modified: trunk/Source/_javascript_Core/ChangeLog (271297 => 271298)


--- trunk/Source/_javascript_Core/ChangeLog	2021-01-08 16:30:35 UTC (rev 271297)
+++ trunk/Source/_javascript_Core/ChangeLog	2021-01-08 16:53:57 UTC (rev 271298)
@@ -1,3 +1,16 @@
+2021-01-08  Yusuke Suzuki  <[email protected]>
+
+        [JSC] AtomicsIsLockFree's AI result is wrong
+        https://bugs.webkit.org/show_bug.cgi?id=220452
+        <rdar://problem/71228690>
+
+        Reviewed by Mark Lam.
+
+        The result type should be SpecBoolean. This leads to FTL unreachable in the test code.
+
+        * dfg/DFGAbstractInterpreterInlines.h:
+        (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
+
 2021-01-07  Yusuke Suzuki  <[email protected]>
 
         [JSC] DFG/FTL Atomics should assume non-typed-array input with storage-edge

Modified: trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h (271297 => 271298)


--- trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h	2021-01-08 16:30:35 UTC (rev 271297)
+++ trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h	2021-01-08 16:53:57 UTC (rev 271298)
@@ -828,7 +828,7 @@
     case AtomicsIsLockFree: {
         if (m_graph.child(node, 0).useKind() != Int32Use)
             clobberWorld();
-        setNonCellTypeForNode(node, SpecBoolInt32);
+        setNonCellTypeForNode(node, SpecBoolean);
         break;
     }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes