Commit 27a9009a authored by mstarzinger's avatar mstarzinger Committed by Commit bot

[interpreter] Fix label binding for unreached labels.

This fixes the label binding mechanism that forwards a label to another
already bound target label. For source labels that are not being reached
by a jump, we should not try to patch jump sites. We still bind the
source label to reflect the target position though, just in case this
binding method will be used for backwards branches in the future.

R=rmcilroy@chromium.org
TEST=webkit/fast/js/parser-syntax-check

Review URL: https://codereview.chromium.org/1804643002

Cr-Commit-Position: refs/heads/master@{#34759}
parent 36f6f5e1
......@@ -720,8 +720,12 @@ BytecodeArrayBuilder& BytecodeArrayBuilder::Bind(const BytecodeLabel& target,
BytecodeLabel* label) {
DCHECK(!label->is_bound());
DCHECK(target.is_bound());
PatchJump(bytecodes()->begin() + target.offset(),
bytecodes()->begin() + label->offset());
if (label->is_forward_target()) {
// An earlier jump instruction refers to this label. Update it's location.
PatchJump(bytecodes()->begin() + target.offset(),
bytecodes()->begin() + label->offset());
// Now treat as if the label will only be back referred to.
}
label->bind_to(target.offset());
LeaveBasicBlock();
return *this;
......
......@@ -100,9 +100,6 @@
['ignition == True', {
# TODO(4680): Throws a RangeError due to stack overflow. Need investigation.
'fast/js/excessive-comma-usage': [SKIP], # Stack is brittle, SKIP not FAIL.
# TODO(4680): Assertion is C++ collection, looks like ordinary bug.
'fast/js/parser-syntax-check': [SKIP], # Only some C++ libs, SKIP not FAIL.
}], # ignition == True
##############################################################################
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment