[MERGE chakra-core#2518 @ThomsonTan] Add missing StSlot for non-temp registers for JITLoopBody

ThomsonTan · ThomsonTan · commit f54dfc0380d7 · 2017-02-15T17:54:38.000-08:00
Merge pull request chakra-core#2518 from ThomsonTan:AddMissingStSlotForJITLoopBody In JITLoopBody, we gnerate StSlot for the last instruction we imported from given bytecode instruction. This works fine when one bytecode instruction is mapped to one IR instruction. But in some cases, one bytecode instruction (`NewConcatStrMulti`) could be converted to multiple IR instructions (`Conv_primStr/NewConcatStrMulti/SetConcatStrMultiItem`), then we only check the very last IR instruction to generate StSlot and miss it for previous instructions. This fix keeps the last processed IR instruction and processes all the IR instructions after that in backward order.
diff --git a/lib/Backend/IRBuilder.cpp b/lib/Backend/IRBuilder.cpp
@@ -670,6 +670,7 @@ IRBuilder::Build()
     JsUtil::BaseDictionary<IR::Instr*, int, JitArenaAllocator> ignoreExBranchInstrToOffsetMap(m_tempAlloc);
 
     Js::LayoutSize layoutSize;
+    IR::Instr* lastProcessedInstrForJITLoopBody = m_func->m_headInstr;
     for (Js::OpCode newOpcode = m_jnReader.ReadOp(layoutSize); (uint)m_jnReader.GetCurrentOffset() <= lastOffset; newOpcode = m_jnReader.ReadOp(layoutSize))
     {
         Assert(newOpcode != Js::OpCode::EndOfBlock);
@@ -750,28 +751,43 @@ IRBuilder::Build()
             }
         }
 #endif
-        if (IsLoopBodyInTry() && m_lastInstr->GetDst() && m_lastInstr->GetDst()->IsRegOpnd() && m_lastInstr->GetDst()->GetStackSym()->HasByteCodeRegSlot())
+
+        if (IsLoopBodyInTry() && lastProcessedInstrForJITLoopBody != m_lastInstr)
         {
-            StackSym * dstSym = m_lastInstr->GetDst()->GetStackSym();
-            Js::RegSlot dstRegSlot = dstSym->GetByteCodeRegSlot();
-            if (!this->RegIsTemp(dstRegSlot) && !this->RegIsConstant(dstRegSlot))
+            // traverse in backward so we get new/later value of given symId for storing instead of the earlier/stale
+            // symId value. m_stSlots is used to prevent multiple stores to the same symId.
+            FOREACH_INSTR_BACKWARD_EDITING_IN_RANGE(
+                instr,
+                instrPrev,
+                m_lastInstr,
+                lastProcessedInstrForJITLoopBody->m_next)
             {
-                SymID symId = dstSym->m_id;
-                if (this->m_stSlots->Test(symId))
+                if (instr->GetDst() && instr->GetDst()->IsRegOpnd() && instr->GetDst()->GetStackSym()->HasByteCodeRegSlot())
                 {
-                    // For jitted loop bodies that are in a try block, we consider any symbol that has a
-                    // non-temp bytecode reg slot, to be write-through. Hence, generating StSlots at all
-                    // defs for such symbols
-                    IR::Instr * stSlot = this->GenerateLoopBodyStSlot(dstRegSlot);
-                    AddInstr(stSlot, Js::Constants::NoByteCodeOffset);
+                    StackSym * dstSym = instr->GetDst()->GetStackSym();
+                    Js::RegSlot dstRegSlot = dstSym->GetByteCodeRegSlot();
+                    if (!this->RegIsTemp(dstRegSlot) && !this->RegIsConstant(dstRegSlot))
+                    {
+                        SymID symId = dstSym->m_id;
+                        if (this->m_stSlots->Test(symId))
+                        {
+                            // For jitted loop bodies that are in a try block, we consider any symbol that has a
+                            // non-temp bytecode reg slot, to be write-through. Hence, generating StSlots at all
+                            // defs for such symbols
+                            IR::Instr * stSlot = this->GenerateLoopBodyStSlot(dstRegSlot);
+                            AddInstr(stSlot, Js::Constants::NoByteCodeOffset);
 
-                    this->m_stSlots->Clear(symId);
-                }
-                else
-                {
-                    Assert(dstSym->m_isCatchObjectSym);
+                            this->m_stSlots->Clear(symId);
+                        }
+                        else
+                        {
+                            Assert(dstSym->m_isCatchObjectSym);
+                        }
+                    }
                 }
-            }
+            } NEXT_INSTR_BACKWARD_EDITING_IN_RANGE;
+
+            lastProcessedInstrForJITLoopBody = m_lastInstr;
         }
 
         offset = m_jnReader.GetCurrentOffset();
diff --git a/test/Bugs/MissToGenerateStStSlotForJITLoopBody.js b/test/Bugs/MissToGenerateStStSlotForJITLoopBody.js
@@ -0,0 +1,20 @@
+//-------------------------------------------------------------------------------------------------------
+// Copyright (C) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE.txt file in the project root for full license information.
+//-------------------------------------------------------------------------------------------------------
+
+function test0(i)
+{
+    try{
+        for (var j = 0; j < 20010; j++) {
+            if (j > 20000)
+                return 'j ' + i + ' j in the loop ' + i;
+            else if (j > 30000)
+                return ' test0 ' + j;
+        }
+    } catch(e){}
+}
+
+var ret = test0() + ' test StSlot generation';
+
+print('pass');
diff --git a/test/Bugs/rlexe.xml b/test/Bugs/rlexe.xml
@@ -380,4 +380,10 @@
       <compile-flags>-maxinterpretcount:1 -off:simplejit</compile-flags>
     </default>
   </test>
+  <test>
+    <default>
+      <files>MissToGenerateStStSlotForJITLoopBody.js</files>
+      <compile-flags>-mic:1 -off:simplejit -oopjit- -bgjit-</compile-flags>
+    </default>
+  </test>
 </regress-exe>
