| Summary: | New single bytecode loop for-in is missing many inline asm optimizations in 32bit | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Keith Miller <keith_miller> | ||||||
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> | ||||||
| Status: | NEW --- | ||||||||
| Severity: | Normal | CC: | angelos, guijemont, mikhail, pmatos, ticaiolima, webkit-bug-importer, xan.lopez, ysuzuki | ||||||
| Priority: | P2 | Keywords: | InRadar | ||||||
| Version: | Other | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=227989 | ||||||||
| Attachments: |
|
||||||||
|
Description
Keith Miller
2021-08-09 11:47:43 PDT
Created attachment 435770 [details]
for-in-infinite-loop.js
Created attachment 435771 [details]
for-in-undefined.js
Comment on attachment 435770 [details]
for-in-infinite-loop.js
function makeobj(n) {
var obj = {};
for (var i = 0; i < n; ++i)
obj[i] = i;
return obj;
}
function testdelete(n) {
for (var propToDelete = 0; propToDelete <= n; ++propToDelete) {
for (var iterToDelete = 0; iterToDelete <= n; ++iterToDelete) {
for (var iterToAdd = 0; iterToAdd <= n; ++iterToAdd) {
print("testing with " + n + " properties");
print("deleting property number " + propToDelete + " on iteration " +
iterToDelete);
print("adding a property on iteration " + iterToAdd);
var iter = 0;
var o = makeobj(n);
for (var i in o) {
if (iter == iterToDelete)
delete o[propToDelete];
if (iter == iterToAdd)
o["xxx"] = 1;
// print("iter: " + iter + "i: " + i);
print(i)
++ iter;
}
}
}
}
}
testdelete(6);
Added a couple of reduced test cases where jsc starts to return unexpected results: * for-in-infinite-loop.js: for-in seems to be stuck and doesn't increment the value * for-in-undefined.js: for-in returns undefined object at iteration 94 |