WebKit Bugzilla
Attachment 343706 Details for
Bug 185943
: [JSC] ArrayPatternNode::emitDirectBinding does not return assignment target value if dst is nullptr
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-185943-20180627185800.patch (text/plain), 3.92 KB, created by
Yusuke Suzuki
on 2018-06-27 02:58:00 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Yusuke Suzuki
Created:
2018-06-27 02:58:00 PDT
Size:
3.92 KB
patch
obsolete
>Subversion Revision: 233251 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index dc0887b15b8ae3599624387036a5eb865f167ccf..1b40dcbfb8253bc1926c56831196f1593b10f395 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,21 @@ >+2018-06-27 Yusuke Suzuki <utatane.tea@gmail.com> >+ >+ [JSC] ArrayPatternNode::emitDirectBinding does not return assignment target value if dst is nullptr >+ https://bugs.webkit.org/show_bug.cgi?id=185943 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ ArrayPatternNode::emitDirectBinding should return a register with an assignment target instead of filling >+ the result with undefined if `dst` is nullptr. While `dst == ignoredResult()` means we do not require >+ the result, `dst == nullptr` just means "dst is required, but a register for dst is not allocated.". >+ This patch fixes emitDirectBinding to return an appropriate value with an allocated register for dst. >+ >+ ArrayPatternNode::emitDirectBinding() should be removed later since it does not follow array spreading protocol, >+ but it should be done in a separate patch since it would be performance sensitive. >+ >+ * bytecompiler/NodesCodegen.cpp: >+ (JSC::ArrayPatternNode::emitDirectBinding): >+ > 2018-06-26 Yusuke Suzuki <utatane.tea@gmail.com> > > [JSC] Pass VM& to functions more >diff --git a/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp b/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp >index 850b3d204d3826d9e140034104a94efc3bc0f48e..191ef1c07bbb9b189b7d6963ed42f69a620f92e3 100644 >--- a/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp >+++ b/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp >@@ -4221,7 +4221,7 @@ RegisterID* ArrayPatternNode::emitDirectBinding(BytecodeGenerator& generator, Re > } > > RefPtr<RegisterID> resultRegister; >- if (dst && dst != generator.ignoredResult()) >+ if (dst != generator.ignoredResult()) > resultRegister = generator.emitNewArray(generator.newTemporary(), nullptr, 0, ArrayWithUndecided); > if (m_targetPatterns.size() != elements.size()) > return nullptr; >@@ -4243,7 +4243,7 @@ RegisterID* ArrayPatternNode::emitDirectBinding(BytecodeGenerator& generator, Re > m_targetPatterns[i].pattern->bindValue(generator, registers[i].get()); > } > if (resultRegister) >- return generator.move(dst, resultRegister.get()); >+ return generator.move(generator.finalDestination(dst, resultRegister.get()), resultRegister.get()); > return generator.emitLoad(generator.finalDestination(dst), jsUndefined()); > } > >diff --git a/JSTests/ChangeLog b/JSTests/ChangeLog >index e4adc35f4b79241cbe17489b83ce58535ee2982b..b1863358470366f46bad5e2267a0f2b212ec229b 100644 >--- a/JSTests/ChangeLog >+++ b/JSTests/ChangeLog >@@ -1,3 +1,14 @@ >+2018-06-27 Yusuke Suzuki <utatane.tea@gmail.com> >+ >+ [JSC] ArrayPatternNode::emitDirectBinding does not return assignment target value if dst is nullptr >+ https://bugs.webkit.org/show_bug.cgi?id=185943 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * stress/direct-binding-return-result.js: Added. >+ (shouldBe): >+ (test): >+ > 2018-06-26 Mark Lam <mark.lam@apple.com> > > eval() is wrong about the LiteralParser never throwing any exceptions. >diff --git a/JSTests/stress/direct-binding-return-result.js b/JSTests/stress/direct-binding-return-result.js >new file mode 100644 >index 0000000000000000000000000000000000000000..93bb2d7b084bef39288647e3f87f85c0544f315f >--- /dev/null >+++ b/JSTests/stress/direct-binding-return-result.js >@@ -0,0 +1,17 @@ >+function shouldBe(actual, expected) { >+ if (actual !== expected) >+ throw new Error('bad value: ' + actual); >+} >+ >+function test() { >+ var a, b; >+ return ([a, b] = [1, 2]); >+} >+noInline(test); >+ >+for (var i = 0; i < 1e4; ++i) { >+ var result = test(); >+ shouldBe(result.length, 2); >+ shouldBe(result[0], 1); >+ shouldBe(result[1], 2); >+}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=343706">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
mark.lam
:
review+
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 185943
:
343694
| 343706