[webkit-changes] [WebKit/WebKit] cbbc16: [JSC] Fix unnecessary moves in read/modify assignment

Mon Feb 27 03:55:46 PST 2023

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: cbbc1673e3e58028002cea7b245a42672ba2daa4
      https://github.com/WebKit/WebKit/commit/cbbc1673e3e58028002cea7b245a42672ba2daa4
  Author: Tadeu Zagallo <tzagallo at apple.com>
  Date:   2023-02-27 (Mon, 27 Feb 2023)

  Changed paths:
    M Source/JavaScriptCore/parser/ASTBuilder.h

  Log Message:
  -----------
  [JSC] Fix unnecessary moves in read/modify assignment
https://bugs.webkit.org/show_bug.cgi?id=252902
<rdar://problem/105883674>

Reviewed by Yusuke Suzuki.

When generating bytecode for read/modify assignments, e.g. `x += y`, we have to
guard against the right-hand side modifying the variables (e.g. `x += y[x=z]`
or `x += y[y=z]`). In order to do so, the variables are copied after reading.
We detect whether there are assignments on the left- and right-hand sides by
recording the number of assignments the code contains at three points: before
and after parsing the left-hand side and after parsing the right-hand side
expression. We then check if the values before and after parsing the left are
equal to determine if it contains any assignments on the left, and compare the
values after parsing the left and after parsing the right. However, we never
take into account that we are actively parsing an assignment, so the values
after parsing the left-hand side and after parsing the right-hand side could
never be the same. The fix is to simply take into account the assignment we
just parsed, so we say the right doesn't contain any assignments if after
parsing the right-hand side expression we have 1 more assingment than after
parsing the left-hand side expression.

* Source/JavaScriptCore/parser/ASTBuilder.h:
(JSC::ASTBuilder::createAssignment):

Canonical link: https://commits.webkit.org/260874@main