228919 2021-08-09 11:47:43 -0700 New single bytecode loop for-in is missing many inline asm optimizations in 32bit 2021-08-18 09:15:20 -0700 1 1 1 Unclassified WebKit JavaScriptCore Other Unspecified Unspecified NEW https://bugs.webkit.org/show_bug.cgi?id=227989 InRadar P2 Normal --- 1 keith_miller webkit-unassigned angelos guijemont mikhail pmatos ticaiolima webkit-bug-importer xan.lopez ysuzuki oldest_to_newest 1782929 0 keith_miller 2021-08-09 11:47:43 -0700 With the new bytecode format 32-bit is missing a bunch of inline assembly optimizations. Most of the code should be similar to the 64 bit code or the previous per-loop instructions. 1784597 1 webkit-bug-importer 2021-08-16 11:48:17 -0700 <rdar://problem/81991479> 1785120 2 435770 mikhail 2021-08-18 09:09:38 -0700 Created attachment 435770 for-in-infinite-loop.js 1785121 3 435771 mikhail 2021-08-18 09:10:19 -0700 Created attachment 435771 for-in-undefined.js 1785122 4 435770 mikhail 2021-08-18 09:13:47 -0700 Comment on attachment 435770 for-in-infinite-loop.js function makeobj(n) { var obj = {}; for (var i = 0; i < n; ++i) obj[i] = i; return obj; } function testdelete(n) { for (var propToDelete = 0; propToDelete <= n; ++propToDelete) { for (var iterToDelete = 0; iterToDelete <= n; ++iterToDelete) { for (var iterToAdd = 0; iterToAdd <= n; ++iterToAdd) { print("testing with " + n + " properties"); print("deleting property number " + propToDelete + " on iteration " + iterToDelete); print("adding a property on iteration " + iterToAdd); var iter = 0; var o = makeobj(n); for (var i in o) { if (iter == iterToDelete) delete o[propToDelete]; if (iter == iterToAdd) o["xxx"] = 1; // print("iter: " + iter + "i: " + i); print(i) ++ iter; } } } } } testdelete(6); 1785123 5 mikhail 2021-08-18 09:15:20 -0700 Added a couple of reduced test cases where jsc starts to return unexpected results: * for-in-infinite-loop.js: for-in seems to be stuck and doesn't increment the value * for-in-undefined.js: for-in returns undefined object at iteration 94 435770 2021-08-18 09:09:38 -0700 2021-08-18 09:13:47 -0700 for-in-infinite-loop.js for-in-infinite-loop.js text/javascript 730 mikhail ZnVuY3Rpb24gYXNzZXJ0KG5hbWUsIGFjdHVhbCwgZXhwZWN0ZWQpIHsKICAgIGlmIChhY3R1YWwg IT0gZXhwZWN0ZWQpIHsKICAgICAgICBwcmludCgiRkFJTEVEIHRlc3QgIiArIG5hbWUgKyAiOiBl eHBlY3RlZCAiICsgZXhwZWN0ZWQgKyAiLCBhY3R1YWw6ICIgKyBhY3R1YWwpOwogICAgICAgIHRo cm93ICJGQUlMRUQiOwogICAgfQp9CgpmdW5jdGlvbiBjaGVja1Jlc3VsdChuYW1lLCByZXN1bHQs IGV4cGVjdGVkSywgZXhwZWN0ZWRQcm9wKSB7CiAgICBhc3NlcnQobmFtZSwgcmVzdWx0WzBdLCBl eHBlY3RlZEspOwogICAgYXNzZXJ0KG5hbWUsIHJlc3VsdFsxXSwgZXhwZWN0ZWRQcm9wKTsKfQoK Ly8gRm9ySW4gb24gSW5kZXhlZCBwcm9wZXJ0aWVzLgoKZnVuY3Rpb24gdGVzdEluZGV4ZWRQcm9w ZXJ0aWVzKG8pIHsKICAgIGZvciAodmFyIGsgaW4gbykgewogICAgICAgIHsKICAgICAgICAgICAg ZnVuY3Rpb24gaygpIHsgfQogICAgICAgIH0KICAgICAgICByZXR1cm4gWyBrLCBvW2tdIF07CiAg ICB9Cn0KCnZhciBvID0gWzQyXTsKZm9yICh2YXIgaSA9IDA7IGkgPCAxMDA7ICsraSkgewogICAg dmFyIHJlc3VsdCA9IHRlc3RJbmRleGVkUHJvcGVydGllcyhvKTsKICAgIHByaW50KCJpOiAiICsg aSArICIsICIgKyByZXN1bHQpOwogICAgY2hlY2tSZXN1bHQoInRlc3RJbmRleGVkUHJvcGVydGll cyIsIHJlc3VsdCwgImZ1bmN0aW9uIGsoKSB7IH0iLCB1bmRlZmluZWQpOwp9Cg== 435771 2021-08-18 09:10:19 -0700 2021-08-18 09:12:49 -0700 for-in-undefined.js for-in-undefined.js text/javascript 730 mikhail ZnVuY3Rpb24gYXNzZXJ0KG5hbWUsIGFjdHVhbCwgZXhwZWN0ZWQpIHsKICAgIGlmIChhY3R1YWwg IT0gZXhwZWN0ZWQpIHsKICAgICAgICBwcmludCgiRkFJTEVEIHRlc3QgIiArIG5hbWUgKyAiOiBl eHBlY3RlZCAiICsgZXhwZWN0ZWQgKyAiLCBhY3R1YWw6ICIgKyBhY3R1YWwpOwogICAgICAgIHRo cm93ICJGQUlMRUQiOwogICAgfQp9CgpmdW5jdGlvbiBjaGVja1Jlc3VsdChuYW1lLCByZXN1bHQs IGV4cGVjdGVkSywgZXhwZWN0ZWRQcm9wKSB7CiAgICBhc3NlcnQobmFtZSwgcmVzdWx0WzBdLCBl eHBlY3RlZEspOwogICAgYXNzZXJ0KG5hbWUsIHJlc3VsdFsxXSwgZXhwZWN0ZWRQcm9wKTsKfQoK Ly8gRm9ySW4gb24gSW5kZXhlZCBwcm9wZXJ0aWVzLgoKZnVuY3Rpb24gdGVzdEluZGV4ZWRQcm9w ZXJ0aWVzKG8pIHsKICAgIGZvciAodmFyIGsgaW4gbykgewogICAgICAgIHsKICAgICAgICAgICAg ZnVuY3Rpb24gaygpIHsgfQogICAgICAgIH0KICAgICAgICByZXR1cm4gWyBrLCBvW2tdIF07CiAg ICB9Cn0KCnZhciBvID0gWzQyXTsKZm9yICh2YXIgaSA9IDA7IGkgPCAxMDA7ICsraSkgewogICAg dmFyIHJlc3VsdCA9IHRlc3RJbmRleGVkUHJvcGVydGllcyhvKTsKICAgIHByaW50KCJpOiAiICsg aSArICIsICIgKyByZXN1bHQpOwogICAgY2hlY2tSZXN1bHQoInRlc3RJbmRleGVkUHJvcGVydGll cyIsIHJlc3VsdCwgImZ1bmN0aW9uIGsoKSB7IH0iLCB1bmRlZmluZWQpOwp9Cg==