op_check_tdz does not def its argument
authortzagallo@apple.com <tzagallo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 8 Mar 2019 19:18:18 +0000 (19:18 +0000)
committertzagallo@apple.com <tzagallo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 8 Mar 2019 19:18:18 +0000 (19:18 +0000)
https://bugs.webkit.org/show_bug.cgi?id=192880
<rdar://problem/46221598>

Reviewed by Saam Barati.

JSTests:

* microbenchmarks/let-for-in.js: Added.
(foo):

Source/JavaScriptCore:

This prevented the for-in loop optimization in the bytecode generator, since
the analysis sees a redefinition of the loop variable.

* bytecode/BytecodeUseDef.h:
(JSC::computeDefsForBytecodeOffset):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@242649 268f45cc-cd09-0410-ab3c-d52691b4dbfc

JSTests/ChangeLog
JSTests/microbenchmarks/let-for-in.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/BytecodeUseDef.h

index bba5f1c..e958f86 100644 (file)
@@ -1,3 +1,14 @@
+2019-03-08  Tadeu Zagallo  <tzagallo@apple.com>
+
+        op_check_tdz does not def its argument
+        https://bugs.webkit.org/show_bug.cgi?id=192880
+        <rdar://problem/46221598>
+
+        Reviewed by Saam Barati.
+
+        * microbenchmarks/let-for-in.js: Added.
+        (foo):
+
 2019-03-07  Yusuke Suzuki  <ysuzuki@apple.com>
 
         [JSC] StringFromCharCode fast path should accept 0xff in DFG and FTL
diff --git a/JSTests/microbenchmarks/let-for-in.js b/JSTests/microbenchmarks/let-for-in.js
new file mode 100644 (file)
index 0000000..f5733d0
--- /dev/null
@@ -0,0 +1,15 @@
+function foo(o) {
+    var count = 0;
+    for (let p in o) {
+        if (o[p])
+            count++;
+    }
+    return count;
+}
+noInline(foo);
+
+var total = 0;
+for (let j = 0; j < 100000; ++j)
+    total += foo(new Error);
+if (total != 300000)
+    throw new Error("Bad result: " + total);
index b912bdf..082240b 100644 (file)
@@ -1,3 +1,17 @@
+2019-03-08  Tadeu Zagallo  <tzagallo@apple.com>
+
+        op_check_tdz does not def its argument
+        https://bugs.webkit.org/show_bug.cgi?id=192880
+        <rdar://problem/46221598>
+
+        Reviewed by Saam Barati.
+
+        This prevented the for-in loop optimization in the bytecode generator, since
+        the analysis sees a redefinition of the loop variable.
+
+        * bytecode/BytecodeUseDef.h:
+        (JSC::computeDefsForBytecodeOffset):
+
 2019-03-07  Yusuke Suzuki  <ysuzuki@apple.com>
 
         [JSC] Make more fields lazy in JSGlobalObject
index 1eee584..6a9ee53 100644 (file)
@@ -295,6 +295,7 @@ void computeDefsForBytecodeOffset(Block* codeBlock, OpcodeID opcodeID, const Ins
     case op_end:
     case op_throw:
     case op_throw_static_error:
+    case op_check_tdz:
     case op_debug:
     case op_ret:
     case op_jmp:
@@ -448,7 +449,6 @@ void computeDefsForBytecodeOffset(Block* codeBlock, OpcodeID opcodeID, const Ins
     DEFS(OpMov, dst)
     DEFS(OpNewObject, dst)
     DEFS(OpToThis, srcDst)
-    DEFS(OpCheckTdz, targetVirtualRegister)
     DEFS(OpGetScope, dst)
     DEFS(OpCreateDirectArguments, dst)
     DEFS(OpCreateScopedArguments, dst)