[webkit-changes] [289450] trunk

[ysuzuki]

Title: [289450] trunk

Revision

289450

Author

ysuz...@apple.com

Date

2022-02-08 17:54:25 -0800 (Tue, 08 Feb 2022)

Log Message

[JSC] YarrJIT inlining should be disabled when we have DotStarEnclosure
https://bugs.webkit.org/show_bug.cgi?id=236332
rdar://88483574

Reviewed by Michael Saboff.

JSTests:

* stress/yarr-inlining-dot-star-enclosure.js: Added.
(test):

Source/_javascript_Core:

YarrJITRegisters::initialStart can be used when m_pattern.m_saveInitialStartValue is true while
it is not defined in YarrJIT inlining. As a result, we emit broken code using InvalidGPRReg.
This patch makes canInline false when m_pattern.m_saveInitialStartValue is true.

* yarr/YarrJIT.cpp:
* yarr/YarrJITRegisters.h:

Modified Paths

• trunk/JSTests/ChangeLog
• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/yarr/YarrJIT.cpp
• trunk/Source/_javascript_Core/yarr/YarrJITRegisters.h

Added Paths

• trunk/JSTests/stress/yarr-inlining-dot-star-enclosure.js

Diff

Modified: trunk/JSTests/ChangeLog (289449 => 289450)

--- trunk/JSTests/ChangeLog	2022-02-09 00:35:21 UTC (rev 289449)
+++ trunk/JSTests/ChangeLog	2022-02-09 01:54:25 UTC (rev 289450)
@@ -1,3 +1,14 @@
+2022-02-08  Yusuke Suzuki  <ysuz...@apple.com>
+
+        [JSC] YarrJIT inlining should be disabled when we have DotStarEnclosure
+        https://bugs.webkit.org/show_bug.cgi?id=236332
+        rdar://88483574
+
+        Reviewed by Michael Saboff.
+
+        * stress/yarr-inlining-dot-star-enclosure.js: Added.
+        (test):
+
 2022-02-08  Caitlin Potter  <ca...@igalia.com>
 
         [JSC] move function wrapping logic to a new Function type

Added: trunk/JSTests/stress/yarr-inlining-dot-star-enclosure.js (0 => 289450)

--- trunk/JSTests/stress/yarr-inlining-dot-star-enclosure.js	                        (rev 0)
+++ trunk/JSTests/stress/yarr-inlining-dot-star-enclosure.js	2022-02-09 01:54:25 UTC (rev 289450)
@@ -0,0 +1,9 @@
+function test(string)
+{
+    return /.*\:.*/.test(string);
+}
+noInline(test);
+
+for (var i = 0; i < 1e4; ++i) {
+    test(String(i));
+}

Modified: trunk/Source/_javascript_Core/ChangeLog (289449 => 289450)

--- trunk/Source/_javascript_Core/ChangeLog	2022-02-09 00:35:21 UTC (rev 289449)
+++ trunk/Source/_javascript_Core/ChangeLog	2022-02-09 01:54:25 UTC (rev 289450)
@@ -1,3 +1,18 @@
+2022-02-08  Yusuke Suzuki  <ysuz...@apple.com>
+
+        [JSC] YarrJIT inlining should be disabled when we have DotStarEnclosure
+        https://bugs.webkit.org/show_bug.cgi?id=236332
+        rdar://88483574
+
+        Reviewed by Michael Saboff.
+
+        YarrJITRegisters::initialStart can be used when m_pattern.m_saveInitialStartValue is true while
+        it is not defined in YarrJIT inlining. As a result, we emit broken code using InvalidGPRReg.
+        This patch makes canInline false when m_pattern.m_saveInitialStartValue is true.
+
+        * yarr/YarrJIT.cpp:
+        * yarr/YarrJITRegisters.h:
+
 2022-02-08  Caitlin Potter  <ca...@igalia.com>
 
         [JSC] move function wrapping logic to a new Function type

Modified: trunk/Source/_javascript_Core/yarr/YarrJIT.cpp (289449 => 289450)

--- trunk/Source/_javascript_Core/yarr/YarrJIT.cpp	2022-02-09 00:35:21 UTC (rev 289449)
+++ trunk/Source/_javascript_Core/yarr/YarrJIT.cpp	2022-02-09 01:54:25 UTC (rev 289450)
@@ -4289,7 +4289,8 @@
 #if ENABLE(YARR_JIT_ALL_PARENS_EXPRESSIONS)
             && !m_containsNestedSubpatterns
 #endif
-            && !m_pattern.m_containsBackreferences;
+            && !m_pattern.m_containsBackreferences
+            && !m_pattern.m_saveInitialStartValue;
 
         generateTryReadUnicodeCharacterHelper();
 

Modified: trunk/Source/_javascript_Core/yarr/YarrJITRegisters.h (289449 => 289450)

--- trunk/Source/_javascript_Core/yarr/YarrJITRegisters.h	2022-02-09 00:35:21 UTC (rev 289449)
+++ trunk/Source/_javascript_Core/yarr/YarrJITRegisters.h	2022-02-09 01:54:25 UTC (rev 289450)
@@ -196,8 +196,10 @@
     GPRReg regT1 { InvalidGPRReg };
     GPRReg regT2 { InvalidGPRReg };
 
+    // DotStarEnclosure
+    GPRReg initialStart { InvalidGPRReg };
+
     // Unicode character processing
-    GPRReg initialStart { InvalidGPRReg };
     GPRReg remainingMatchCount { InvalidGPRReg };
     GPRReg regUnicodeInputAndTrail { InvalidGPRReg };
     GPRReg unicodeTemp { InvalidGPRReg };

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes