[webkit-changes] [281767] branches/safari-612-branch

[repstein]

Title: [281767] branches/safari-612-branch

Revision

281767

Author

repst...@apple.com

Date

2021-08-30 10:43:45 -0700 (Mon, 30 Aug 2021)

Log Message

Cherry-pick r281485. rdar://problem/82535418

    Disable peephole optimizations in the byte code generator after rewriting instructions for for-in
    https://bugs.webkit.org/show_bug.cgi?id=229420
    <rdar://82020528>

    Reviewed by Keith Miller.

    JSTests:

    * stress/for-in-disable-bytecode-generator-peephole-optimizations-after-rewrite.js: Added.
    (foo):

    Source/_javascript_Core:

    The final instruction in a for-in loop might be the get by val that
    we're rewriting because there was an escape. We won't ever actually
    do peephole optimizations on this get_by_val today, but it breaks
    some bookkeeping that the bytecode generator does. This patch makes
    sure the bookkeeping is up to date.

    * bytecompiler/BytecodeGenerator.cpp:
    (JSC::ForInContext::finalize):

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281485 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

• branches/safari-612-branch/JSTests/ChangeLog
• branches/safari-612-branch/Source/_javascript_Core/ChangeLog
• branches/safari-612-branch/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp

Added Paths

• branches/safari-612-branch/JSTests/stress/for-in-disable-bytecode-generator-peephole-optimizations-after-rewrite.js

Diff

Modified: branches/safari-612-branch/JSTests/ChangeLog (281766 => 281767)

--- branches/safari-612-branch/JSTests/ChangeLog	2021-08-30 17:16:03 UTC (rev 281766)
+++ branches/safari-612-branch/JSTests/ChangeLog	2021-08-30 17:43:45 UTC (rev 281767)
@@ -1,3 +1,43 @@
+2021-08-30  Russell Epstein  <repst...@apple.com>
+
+        Cherry-pick r281485. rdar://problem/82535418
+
+    Disable peephole optimizations in the byte code generator after rewriting instructions for for-in
+    https://bugs.webkit.org/show_bug.cgi?id=229420
+    <rdar://82020528>
+    
+    Reviewed by Keith Miller.
+    
+    JSTests:
+    
+    * stress/for-in-disable-bytecode-generator-peephole-optimizations-after-rewrite.js: Added.
+    (foo):
+    
+    Source/_javascript_Core:
+    
+    The final instruction in a for-in loop might be the get by val that
+    we're rewriting because there was an escape. We won't ever actually
+    do peephole optimizations on this get_by_val today, but it breaks
+    some bookkeeping that the bytecode generator does. This patch makes
+    sure the bookkeeping is up to date.
+    
+    * bytecompiler/BytecodeGenerator.cpp:
+    (JSC::ForInContext::finalize):
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281485 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2021-08-23  Saam Barati  <sbar...@apple.com>
+
+            Disable peephole optimizations in the byte code generator after rewriting instructions for for-in
+            https://bugs.webkit.org/show_bug.cgi?id=229420
+            <rdar://82020528>
+
+            Reviewed by Keith Miller.
+
+            * stress/for-in-disable-bytecode-generator-peephole-optimizations-after-rewrite.js: Added.
+            (foo):
+
 2021-08-25  Alan Coon  <alanc...@apple.com>
 
         Cherry-pick r281500. rdar://problem/82350929

Added: branches/safari-612-branch/JSTests/stress/for-in-disable-bytecode-generator-peephole-optimizations-after-rewrite.js (0 => 281767)

--- branches/safari-612-branch/JSTests/stress/for-in-disable-bytecode-generator-peephole-optimizations-after-rewrite.js	                        (rev 0)
+++ branches/safari-612-branch/JSTests/stress/for-in-disable-bytecode-generator-peephole-optimizations-after-rewrite.js	2021-08-30 17:43:45 UTC (rev 281767)
@@ -0,0 +1,9 @@
+function foo() {
+    for (let x in []) {
+        x in undefined;
+        x = 0;
+        [][x];
+    }
+}
+foo();
+

Modified: branches/safari-612-branch/Source/_javascript_Core/ChangeLog (281766 => 281767)

--- branches/safari-612-branch/Source/_javascript_Core/ChangeLog	2021-08-30 17:16:03 UTC (rev 281766)
+++ branches/safari-612-branch/Source/_javascript_Core/ChangeLog	2021-08-30 17:43:45 UTC (rev 281767)
@@ -1,3 +1,49 @@
+2021-08-30  Russell Epstein  <repst...@apple.com>
+
+        Cherry-pick r281485. rdar://problem/82535418
+
+    Disable peephole optimizations in the byte code generator after rewriting instructions for for-in
+    https://bugs.webkit.org/show_bug.cgi?id=229420
+    <rdar://82020528>
+    
+    Reviewed by Keith Miller.
+    
+    JSTests:
+    
+    * stress/for-in-disable-bytecode-generator-peephole-optimizations-after-rewrite.js: Added.
+    (foo):
+    
+    Source/_javascript_Core:
+    
+    The final instruction in a for-in loop might be the get by val that
+    we're rewriting because there was an escape. We won't ever actually
+    do peephole optimizations on this get_by_val today, but it breaks
+    some bookkeeping that the bytecode generator does. This patch makes
+    sure the bookkeeping is up to date.
+    
+    * bytecompiler/BytecodeGenerator.cpp:
+    (JSC::ForInContext::finalize):
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281485 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2021-08-23  Saam Barati  <sbar...@apple.com>
+
+            Disable peephole optimizations in the byte code generator after rewriting instructions for for-in
+            https://bugs.webkit.org/show_bug.cgi?id=229420
+            <rdar://82020528>
+
+            Reviewed by Keith Miller.
+
+            The final instruction in a for-in loop might be the get by val that
+            we're rewriting because there was an escape. We won't ever actually
+            do peephole optimizations on this get_by_val today, but it breaks
+            some bookkeeping that the bytecode generator does. This patch makes
+            sure the bookkeeping is up to date.
+
+            * bytecompiler/BytecodeGenerator.cpp:
+            (JSC::ForInContext::finalize):
+
 2021-08-25  Alan Coon  <alanc...@apple.com>
 
         Cherry-pick r281500. rdar://problem/82350929

Modified: branches/safari-612-branch/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp (281766 => 281767)

--- branches/safari-612-branch/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp	2021-08-30 17:16:03 UTC (rev 281766)
+++ branches/safari-612-branch/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp	2021-08-30 17:43:45 UTC (rev 281767)
@@ -5369,9 +5369,6 @@
     if (!escaped)
         return;
 
-    OpcodeID lastOpcodeID = generator.m_lastOpcodeID;
-    InstructionStream::MutableRef lastInstruction = generator.m_lastInstruction;
-
     for (const auto& instTuple : m_getInsts)
         rewriteOp<OpEnumeratorGetByVal, OpGetByVal>(generator, instTuple);
 
@@ -5390,8 +5387,6 @@
 
         generator.m_writer.seek(branchInstIndex);
 
-        generator.disablePeepholeOptimization();
-
         OpJmp::emit(&generator, BoundLabel(static_cast<int>(newBranchTarget) - static_cast<int>(branchInstIndex)));
 
         while (generator.m_writer.position() < end)
@@ -5398,11 +5393,9 @@
             OpNop::emit<OpcodeSize::Narrow>(&generator);
     }
 
+    generator.disablePeepholeOptimization(); // We might've just changed the last bytecode that was emitted.
+
     generator.m_writer.seek(generator.m_writer.size());
-    if (generator.m_lastInstruction.offset() + generator.m_lastInstruction->size() != generator.m_writer.size()) {
-        generator.m_lastOpcodeID = lastOpcodeID;
-        generator.m_lastInstruction = lastInstruction;
-    }
 }
 
 void StaticPropertyAnalysis::record()

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes