[MERGE #6105 @akroshg] The allignment in the else block can increase the size of the dst->size.
Merge pull request #6105 from akroshg:assertfix
Fixed this by taking the min value to copy from the source.
diff --git a/lib/Backend/BackwardPass.cpp b/lib/Backend/BackwardPass.cpp
index 6b4c9f9..c008113 100644
--- a/lib/Backend/BackwardPass.cpp
+++ b/lib/Backend/BackwardPass.cpp
@@ -2659,11 +2659,17 @@
BVSparse<JitArenaAllocator>* tmpBv = nullptr;
if (instr->IsBranchInstr())
{
- IR::LabelInstr* target = instr->AsBranchInstr()->GetTarget();
+ IR::BranchInstr* branchInstr = instr->AsBranchInstr();
+ IR::LabelInstr* target = branchInstr->GetTarget();
uint32 targetOffset = target->GetByteCodeOffset();
- if (targetOffset == instr->GetByteCodeOffset())
+
+ // If the instr's label has the same bytecode offset as the instr then move the targetOffset
+ // to the next bytecode instr. This condition can be true on conditional branches, ex: a
+ // while loop with no body (passing the loop's condition would branch the IP back to executing
+ // the loop's condition), in these cases do not move the targetOffset.
+ if (targetOffset == instr->GetByteCodeOffset() && branchInstr->IsUnconditional())
{
- // This can happen if the target is an break or airlock block
+ // This can happen if the target is a break or airlock block.
Assert(
target->GetBasicBlock()->isAirLockBlock ||
target->GetBasicBlock()->isAirLockCompensationBlock ||
@@ -2673,11 +2679,12 @@
);
targetOffset = target->GetNextByteCodeInstr()->GetByteCodeOffset();
}
- BVSparse<JitArenaAllocator>* branchTargetUpdwardExposed = target->m_func->GetByteCodeOffsetUses(targetOffset);
- if (branchTargetUpdwardExposed)
+ BVSparse<JitArenaAllocator>* branchTargetUpwardExposed = target->m_func->GetByteCodeOffsetUses(targetOffset);
+ if (branchTargetUpwardExposed)
{
- // The bailout should restore both the bailout destination and the branch target since we don't know where we'll end up
- trackingByteCodeUpwardExposedUsed = tmpBv = trackingByteCodeUpwardExposedUsed->OrNew(branchTargetUpdwardExposed);
+ // The bailout should restore both the bailout destination and
+ // the branch target since we don't know where we'll end up.
+ trackingByteCodeUpwardExposedUsed = tmpBv = trackingByteCodeUpwardExposedUsed->OrNew(branchTargetUpwardExposed);
}
}
Assert(trackingByteCodeUpwardExposedUsed);
@@ -3857,7 +3864,7 @@
this->tag == Js::DeadStorePhase
// We don't do the masking in simplejit due to reduced perf concerns and the issues
// with handling try/catch structures with late-added blocks
- && !this->func->IsSimpleJit()
+ && this->func->DoGlobOpt()
// We don't need the masking blocks in asmjs/wasm mode
&& !block->GetFirstInstr()->m_func->GetJITFunctionBody()->IsAsmJsMode()
&& !block->GetFirstInstr()->m_func->GetJITFunctionBody()->IsWasmFunction()
@@ -7865,7 +7872,8 @@
if (instr->m_opcode == Js::OpCode::ArgIn_A)
{
- //Ignore tracking ArgIn for "this", as argInsCount only tracks other params - unless it is a asmjs function(which doesn't have a "this").
+ // Ignore tracking ArgIn for "this" as argInsCount only tracks other
+ // params, unless it is a AsmJS function (which doesn't have a "this").
if (instr->GetSrc1()->AsSymOpnd()->m_sym->AsStackSym()->GetParamSlotNum() != 1 || func->GetJITFunctionBody()->IsAsmJsMode())
{
Assert(this->func->argInsCount > 0);
diff --git a/lib/Backend/GlobOpt.cpp b/lib/Backend/GlobOpt.cpp
index d5a28f0..f3fe5e5 100644
--- a/lib/Backend/GlobOpt.cpp
+++ b/lib/Backend/GlobOpt.cpp
@@ -165,7 +165,13 @@
GlobOpt::Optimize()
{
this->objectTypeSyms = nullptr;
- this->func->argInsCount = this->func->GetInParamsCount() - 1; //Don't include "this" pointer in the count.
+
+ this->func->argInsCount = this->func->GetInParamsCount();
+ if (!func->GetJITFunctionBody()->IsAsmJsMode())
+ {
+ // Don't include "this" pointer in the count when not in AsmJs mode (AsmJS does not have "this").
+ this->func->argInsCount--;
+ }
if (!func->DoGlobOpt())
{
@@ -6960,7 +6966,20 @@
{
return false;
}
- *result = !src1ValueInfo->IsPrimitive();
+
+ if (src1ValueInfo->IsPrimitive())
+ {
+ *result = false;
+ }
+ else
+ {
+ if (src1ValueInfo->HasBeenPrimitive())
+ {
+ return false;
+ }
+ *result = true;
+ }
+
break;
}
default:
diff --git a/lib/Runtime/Base/CharStringCache.cpp b/lib/Runtime/Base/CharStringCache.cpp
index adcce77..f41cb54 100644
--- a/lib/Runtime/Base/CharStringCache.cpp
+++ b/lib/Runtime/Base/CharStringCache.cpp
@@ -78,10 +78,19 @@
{
Assert(c >= 0x10000);
CompileAssert(sizeof(char16) * 2 == sizeof(codepoint_t));
+
+ ScriptContext* scriptContext = JavascriptLibrary::FromCharStringCache(this)->GetScriptContext();
+
+ // #sec - string.fromcodepoint: "If nextCP < 0 or nextCP > 0x10FFFF, throw a RangeError exception"
+ if (c > 0x10FFFF)
+ {
+ JavascriptError::ThrowRangeError(scriptContext, JSERR_InvalidCodePoint, scriptContext->GetIntegerString(c));
+ }
+
char16 buffer[2];
Js::NumberUtilities::CodePointAsSurrogatePair(c, buffer, buffer + 1);
- JavascriptString* str = JavascriptString::NewCopyBuffer(buffer, 2, JavascriptLibrary::FromCharStringCache(this)->GetScriptContext());
+ JavascriptString* str = JavascriptString::NewCopyBuffer(buffer, 2, scriptContext);
// TODO: perhaps do some sort of cache for supplementary characters
return str;
}
diff --git a/test/EH/regionBugSpecHoisting.js b/test/EH/regionBugSpecHoisting.js
new file mode 100644
index 0000000..6fb079b
--- /dev/null
+++ b/test/EH/regionBugSpecHoisting.js
@@ -0,0 +1,28 @@
+//-------------------------------------------------------------------------------------------------------
+// Copyright (C) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE.txt file in the project root for full license information.
+//-------------------------------------------------------------------------------------------------------
+
+function test0() {
+ var ui8 = new Uint8Array(1);
+ try {
+ try {
+ for (var _strvar28 in ui8) {
+ try {
+ return '';
+ } catch (ex) {
+ }
+ try {
+ } catch (ex) {
+ }
+ }
+ } catch(ex) {
+ }
+ } finally {
+ }
+}
+test0();
+test0();
+test0();
+test0();
+print("Passed\n");
diff --git a/test/EH/rlexe.xml b/test/EH/rlexe.xml
index 4be81de..77f8c3a 100644
--- a/test/EH/rlexe.xml
+++ b/test/EH/rlexe.xml
@@ -210,4 +210,10 @@
<compile-flags>-args summary -endargs</compile-flags>
</default>
</test>
+ <test>
+ <default>
+ <files>regionBugSpecHoisting.js</files>
+ <compile-flags>-mic:1 -off:simplejit</compile-flags>
+ </default>
+ </test>
</regress-exe>
diff --git a/test/Optimizer/bugconstfoldobject.baseline b/test/Optimizer/bugconstfoldobject.baseline
new file mode 100644
index 0000000..b24310a
--- /dev/null
+++ b/test/Optimizer/bugconstfoldobject.baseline
@@ -0,0 +1,3 @@
+[object Object]
+[object Object]
+[object Object]
diff --git a/test/Optimizer/bugconstfoldobject.js b/test/Optimizer/bugconstfoldobject.js
new file mode 100644
index 0000000..989aef1
--- /dev/null
+++ b/test/Optimizer/bugconstfoldobject.js
@@ -0,0 +1,19 @@
+//-------------------------------------------------------------------------------------------------------
+// Copyright (C) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE.txt file in the project root for full license information.
+//-------------------------------------------------------------------------------------------------------
+
+function test0() {
+ class class3 {
+ constructor() {
+ return '9'.match(/^(?=[a7])$/gim);
+ }
+ }
+ strvar0 = new class3();
+ new class3();
+ WScript.Echo(strvar0);
+}
+test0();
+test0();
+test0();
+
diff --git a/test/Strings/fromCodePoint.js b/test/Strings/fromCodePoint.js
new file mode 100644
index 0000000..fe8943f
--- /dev/null
+++ b/test/Strings/fromCodePoint.js
@@ -0,0 +1,18 @@
+//-------------------------------------------------------------------------------------------------------
+// Copyright (C) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE.txt file in the project root for full license information.
+//-------------------------------------------------------------------------------------------------------
+
+function f() {
+ var var_0 = new Array(1024);
+ for (var var_1 = 0; ; var_1 += 1024) {
+ var_0[var_1] = String.fromCodePoint(var_1);
+ }
+}
+
+try {
+ f();
+}
+catch(e) {
+ WScript.Echo("pass");
+}
diff --git a/test/Strings/rlexe.xml b/test/Strings/rlexe.xml
index fc5b3aa..9a44d07 100644
--- a/test/Strings/rlexe.xml
+++ b/test/Strings/rlexe.xml
@@ -14,6 +14,11 @@
</test>
<test>
<default>
+ <files>fromCodePoint.js</files>
+ </default>
+ </test>
+ <test>
+ <default>
<files>charCodeAt.js</files>
<baseline>charCodeAt.baseline</baseline>
</default>
