<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[242429] releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/242429">242429</a></dd>
<dt>Author</dt> <dd>carlosgc@webkit.org</dd>
<dt>Date</dt> <dd>2019-03-05 00:44:09 -0800 (Tue, 05 Mar 2019)</dd>
</dl>

<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/242067">r242067</a> - [JSC] stress/function-constructor-reading-from-global-lexical-environment.js fails in 32bit arch
https://bugs.webkit.org/show_bug.cgi?id=195030
<rdar://problem/48385088>

Reviewed by Saam Barati.

While LLInt64 has checkTDZInGlobalPutToScopeIfNecessary for op_put_to_scope GlobalLexicalVar to check the value in the variable slot is not empty,
this check is missing in LLInt32_64. Previously, this check was subsumed accidentally by the WatchpointSet check in GlobalLexicalVar in `notifyWrite`:
because no "put" attempt succeeds here, the status WatchpointSet was ClearWatchpoint, we always go to the slow path, and we always throw the TDZ error
before configuring the WatchpointSet in the slow path. But after <a href="http://trac.webkit.org/projects/webkit/changeset/241862">r241862</a>, WatchpointSet is not used under non-JIT configuration. This skips WatchpointSet
check and LLInt32_64 starts failing tests because of lack of checkTDZInGlobalPutToScopeIfNecessary. This patch adds checkTDZInGlobalPutToScopeIfNecessary
in LLInt32_64 too. This patch fixes the following four failing tests.

    stress/function-constructor-reading-from-global-lexical-environment.js.bytecode-cache
    stress/function-constructor-reading-from-global-lexical-environment.js.default
    stress/global-lexical-variable-tdz.js.bytecode-cache
    stress/global-lexical-variable-tdz.js.default

* llint/LowLevelInterpreter32_64.asm:</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoreChangeLog">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCorellintLowLevelInterpreter32_64asm">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ChangeLog (242428 => 242429)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ChangeLog   2019-03-05 08:44:06 UTC (rev 242428)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ChangeLog      2019-03-05 08:44:09 UTC (rev 242429)
</span><span class="lines">@@ -1,3 +1,25 @@
</span><ins>+2019-02-25  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] stress/function-constructor-reading-from-global-lexical-environment.js fails in 32bit arch
+        https://bugs.webkit.org/show_bug.cgi?id=195030
+        <rdar://problem/48385088>
+
+        Reviewed by Saam Barati.
+
+        While LLInt64 has checkTDZInGlobalPutToScopeIfNecessary for op_put_to_scope GlobalLexicalVar to check the value in the variable slot is not empty,
+        this check is missing in LLInt32_64. Previously, this check was subsumed accidentally by the WatchpointSet check in GlobalLexicalVar in `notifyWrite`:
+        because no "put" attempt succeeds here, the status WatchpointSet was ClearWatchpoint, we always go to the slow path, and we always throw the TDZ error
+        before configuring the WatchpointSet in the slow path. But after r241862, WatchpointSet is not used under non-JIT configuration. This skips WatchpointSet
+        check and LLInt32_64 starts failing tests because of lack of checkTDZInGlobalPutToScopeIfNecessary. This patch adds checkTDZInGlobalPutToScopeIfNecessary
+        in LLInt32_64 too. This patch fixes the following four failing tests.
+
+            stress/function-constructor-reading-from-global-lexical-environment.js.bytecode-cache
+            stress/function-constructor-reading-from-global-lexical-environment.js.default
+            stress/global-lexical-variable-tdz.js.bytecode-cache
+            stress/global-lexical-variable-tdz.js.default
+
+        * llint/LowLevelInterpreter32_64.asm:
+
</ins><span class="cx"> 2019-02-20  Yusuke Suzuki  <ysuzuki@apple.com>
</span><span class="cx"> 
</span><span class="cx">         [JSC] Remove WatchpointSet creation for SymbolTable entries if VM::canUseJIT() returns false
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCorellintLowLevelInterpreter32_64asm"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm (242428 => 242429)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm  2019-03-05 08:44:06 UTC (rev 242428)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm     2019-03-05 08:44:09 UTC (rev 242429)
</span><span class="lines">@@ -2302,6 +2302,16 @@
</span><span class="cx">         storei t3, JSLexicalEnvironment_variables + PayloadOffset[t0, t1, 8]
</span><span class="cx">     end
</span><span class="cx"> 
</span><ins>+    macro checkTDZInGlobalPutToScopeIfNecessary()
+        loadi OpPutToScope::Metadata::m_getPutInfo + GetPutInfo::m_operand[t5], t0
+        andi InitializationModeMask, t0
+        rshifti InitializationModeShift, t0
+        bineq t0, NotInitialization, .noNeedForTDZCheck
+        loadp OpPutToScope::Metadata::m_operand[t5], t0
+        loadi TagOffset[t0], t0
+        bieq t0, EmptyValueTag, .pDynamic
+    .noNeedForTDZCheck:
+    end
</ins><span class="cx"> 
</span><span class="cx">     metadata(t5, t0)
</span><span class="cx">     loadi OpPutToScope::Metadata::m_getPutInfo + GetPutInfo::m_operand[t5], t0
</span><span class="lines">@@ -2329,6 +2339,7 @@
</span><span class="cx"> 
</span><span class="cx"> .pGlobalLexicalVar:
</span><span class="cx">     bineq t0, GlobalLexicalVar, .pClosureVar
</span><ins>+    checkTDZInGlobalPutToScopeIfNecessary()
</ins><span class="cx">     putGlobalVariable()
</span><span class="cx">     writeBarrierOnGlobalLexicalEnvironment(size, get, m_value)
</span><span class="cx">     dispatch()
</span><span class="lines">@@ -2357,6 +2368,7 @@
</span><span class="cx"> .pGlobalLexicalVarWithVarInjectionChecks:
</span><span class="cx">     bineq t0, GlobalLexicalVarWithVarInjectionChecks, .pClosureVarWithVarInjectionChecks
</span><span class="cx">     varInjectionCheck(.pDynamic)
</span><ins>+    checkTDZInGlobalPutToScopeIfNecessary()
</ins><span class="cx">     putGlobalVariable()
</span><span class="cx">     writeBarrierOnGlobalLexicalEnvironment(size, get, m_value)
</span><span class="cx">     dispatch()
</span></span></pre>
</div>
</div>

</body>
</html>