Bug 172458

Summary:	for-in bytecode generation is exponential
Product:	WebKit	Reporter:	Saam Barati <saam>
Component:	JavaScriptCore	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED DUPLICATE
Severity:	Normal	CC:	ashvayka, benjamin, fpizlo, ggaren, gskachkov, jfbastien, keith_miller, mark.lam, msaboff, oliver, ticaiolima, ysuzuki
Priority:	P2
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Description Saam Barati 2017-05-22 11:44:54 PDT

we emit the loop 3 times. If we start nesting for-in loops, this is exponential. I'll verify this is indeed the case.

Comment 1 Saam Barati 2017-05-22 11:46:41 PDT

Yup. We emit 1072675 instruction words for this function:
```
function foo(o) {
    for (let i in o) {
        for (let i in o) {
            for (let i in o) {
                for (let i in o) {
                    for (let i in o) {
                        for (let i in o) {
                            for (let i in o) {
                                for (let i in o) {
                                    for (let i in o) {
                                        2+2;
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }

}
```

Comment 2 Alexey Shvayka 2021-07-23 16:55:05 PDT

Keith is fixing for / in to emit only one loop in https://bugs.webkit.org/show_bug.cgi?id=227989.

*** This bug has been marked as a duplicate of bug 227989 ***