[JSC] stress/function-constructor-reading-from-global-lexical-environment.js fails...
authorysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 26 Feb 2019 02:59:47 +0000 (02:59 +0000)
committerysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 26 Feb 2019 02:59:47 +0000 (02:59 +0000)
https://bugs.webkit.org/show_bug.cgi?id=195030
<rdar://problem/48385088>

Reviewed by Saam Barati.

While LLInt64 has checkTDZInGlobalPutToScopeIfNecessary for op_put_to_scope GlobalLexicalVar to check the value in the variable slot is not empty,
this check is missing in LLInt32_64. Previously, this check was subsumed accidentally by the WatchpointSet check in GlobalLexicalVar in `notifyWrite`:
because no "put" attempt succeeds here, the status WatchpointSet was ClearWatchpoint, we always go to the slow path, and we always throw the TDZ error
before configuring the WatchpointSet in the slow path. But after r241862, WatchpointSet is not used under non-JIT configuration. This skips WatchpointSet
check and LLInt32_64 starts failing tests because of lack of checkTDZInGlobalPutToScopeIfNecessary. This patch adds checkTDZInGlobalPutToScopeIfNecessary
in LLInt32_64 too. This patch fixes the following four failing tests.

    stress/function-constructor-reading-from-global-lexical-environment.js.bytecode-cache
    stress/function-constructor-reading-from-global-lexical-environment.js.default
    stress/global-lexical-variable-tdz.js.bytecode-cache
    stress/global-lexical-variable-tdz.js.default

* llint/LowLevelInterpreter32_64.asm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@242067 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

index 7b8c1fc..e340025 100644 (file)
@@ -1,5 +1,27 @@
 2019-02-25  Yusuke Suzuki  <ysuzuki@apple.com>
 
+        [JSC] stress/function-constructor-reading-from-global-lexical-environment.js fails in 32bit arch
+        https://bugs.webkit.org/show_bug.cgi?id=195030
+        <rdar://problem/48385088>
+
+        Reviewed by Saam Barati.
+
+        While LLInt64 has checkTDZInGlobalPutToScopeIfNecessary for op_put_to_scope GlobalLexicalVar to check the value in the variable slot is not empty,
+        this check is missing in LLInt32_64. Previously, this check was subsumed accidentally by the WatchpointSet check in GlobalLexicalVar in `notifyWrite`:
+        because no "put" attempt succeeds here, the status WatchpointSet was ClearWatchpoint, we always go to the slow path, and we always throw the TDZ error
+        before configuring the WatchpointSet in the slow path. But after r241862, WatchpointSet is not used under non-JIT configuration. This skips WatchpointSet
+        check and LLInt32_64 starts failing tests because of lack of checkTDZInGlobalPutToScopeIfNecessary. This patch adds checkTDZInGlobalPutToScopeIfNecessary
+        in LLInt32_64 too. This patch fixes the following four failing tests.
+
+            stress/function-constructor-reading-from-global-lexical-environment.js.bytecode-cache
+            stress/function-constructor-reading-from-global-lexical-environment.js.default
+            stress/global-lexical-variable-tdz.js.bytecode-cache
+            stress/global-lexical-variable-tdz.js.default
+
+        * llint/LowLevelInterpreter32_64.asm:
+
+2019-02-25  Yusuke Suzuki  <ysuzuki@apple.com>
+
         [JSC] Make Intl fields lazily-allocated
         https://bugs.webkit.org/show_bug.cgi?id=195022
 
index 9bb10d1..0c77515 100644 (file)
@@ -2302,6 +2302,16 @@ llintOpWithMetadata(op_put_to_scope, OpPutToScope, macro (size, get, dispatch, m
         storei t3, JSLexicalEnvironment_variables + PayloadOffset[t0, t1, 8]
     end
 
+    macro checkTDZInGlobalPutToScopeIfNecessary()
+        loadi OpPutToScope::Metadata::m_getPutInfo + GetPutInfo::m_operand[t5], t0
+        andi InitializationModeMask, t0
+        rshifti InitializationModeShift, t0
+        bineq t0, NotInitialization, .noNeedForTDZCheck
+        loadp OpPutToScope::Metadata::m_operand[t5], t0
+        loadi TagOffset[t0], t0
+        bieq t0, EmptyValueTag, .pDynamic
+    .noNeedForTDZCheck:
+    end
 
     metadata(t5, t0)
     loadi OpPutToScope::Metadata::m_getPutInfo + GetPutInfo::m_operand[t5], t0
@@ -2329,6 +2339,7 @@ llintOpWithMetadata(op_put_to_scope, OpPutToScope, macro (size, get, dispatch, m
 
 .pGlobalLexicalVar:
     bineq t0, GlobalLexicalVar, .pClosureVar
+    checkTDZInGlobalPutToScopeIfNecessary()
     putGlobalVariable()
     writeBarrierOnGlobalLexicalEnvironment(size, get, m_value)
     dispatch()
@@ -2357,6 +2368,7 @@ llintOpWithMetadata(op_put_to_scope, OpPutToScope, macro (size, get, dispatch, m
 .pGlobalLexicalVarWithVarInjectionChecks:
     bineq t0, GlobalLexicalVarWithVarInjectionChecks, .pClosureVarWithVarInjectionChecks
     varInjectionCheck(.pDynamic)
+    checkTDZInGlobalPutToScopeIfNecessary()
     putGlobalVariable()
     writeBarrierOnGlobalLexicalEnvironment(size, get, m_value)
     dispatch()