[MERGE #5901 @rajatd] Bug fixes for .call/.apply target inlining

rajatd · rajatd · commit 32e04beb5549 · 2019-01-09T15:00:39.000-08:00
Merge pull request #5901 from rajatd:bugfix
diff --git a/lib/Backend/IR.cpp b/lib/Backend/IR.cpp
@@ -3464,6 +3464,11 @@ IR::Instr* Instr::GetBytecodeArgOutCapture()
         this->m_opcode == Js::OpCode::ArgOut_A_InlineBuiltIn);
     Assert(this->m_dst->GetStackSym()->m_isArgCaptured);
     IR::Instr* instr = this->GetSrc1()->GetStackSym()->m_instrDef;
+    while (instr->m_opcode != Js::OpCode::BytecodeArgOutCapture)
+    {
+        Assert(instr->GetSrc1() && instr->GetSrc1()->GetStackSym() && instr->GetSrc1()->GetStackSym()->IsSingleDef());
+        instr = instr->GetSrc1()->GetStackSym()->m_instrDef;
+    }
     Assert(instr->m_opcode == Js::OpCode::BytecodeArgOutCapture);
     return instr;
 }
diff --git a/lib/Runtime/Language/DynamicProfileInfo.cpp b/lib/Runtime/Language/DynamicProfileInfo.cpp
@@ -1172,8 +1172,13 @@ namespace Js
         if (functionBody->GetCallSiteToCallApplyCallSiteArray())
         {
             Js::ProfileId callApplyCallSiteId = functionBody->GetCallSiteToCallApplyCallSiteArray()[callSiteId];
+            if (callApplyCallSiteId == Js::Constants::NoProfileId)
+            {
+                return nullptr;
+            } 
+            
             Assert(callApplyCallSiteId < functionBody->GetProfiledCallApplyCallSiteCount());
-
+            
             if (callApplyTargetInfo[callApplyCallSiteId].isPolymorphic)
             {
                 return nullptr;
diff --git a/lib/Runtime/Language/InterpreterStackFrame.cpp b/lib/Runtime/Language/InterpreterStackFrame.cpp
@@ -3909,11 +3909,14 @@ namespace Js
                 if (callSiteToCallApplyCallSiteMap)
                 {
                     Js::ProfileId callApplyCallSiteId = callSiteToCallApplyCallSiteMap[profileId];
-                    Assert(callApplyCallSiteId < functionBody->GetProfiledCallApplyCallSiteCount());
-                    if (callApplyCallSiteId != Js::Constants::NoProfileId)
+                    if (callApplyCallSiteId < functionBody->GetProfiledCallApplyCallSiteCount())
                     {
                         dynamicProfileInfo->RecordCallApplyTargetInfo(functionBody, callApplyCallSiteId, targetFunction->GetFunctionInfo(), targetFunction);
                     }
+                    else
+                    {
+                        Assert(callApplyCallSiteId == Js::Constants::NoProfileId);
+                    }
                 }
             }
         }
diff --git a/test/inlining/callTarget.js b/test/inlining/callTarget.js
@@ -72,3 +72,34 @@ test2();
 test2();
 test2();
 WScript.Echo("PASSED\n");
+
+function test3(a, b)
+{
+    return String.prototype.replace.call(a, b, "a")
+}
+test3("foobar", /foo/i)
+test3("foobar", /foo/i)
+test3("foobar", /foo/i)
+print("passed")
+
+function test4()
+{
+  function bar(a)
+  {
+      return 'call'
+  }
+  function test()
+  {
+      return this;
+  }
+  function foo()
+  {
+      test[bar('1')](this);
+      test.call(this);
+  }
+  foo()
+  foo()
+  foo()
+}
+test4()
+print("passed")

Original file line number	Diff line number	Diff line change
`@@ -3909,11 +3909,14 @@ namespace Js`
`3909`	`3909`	`if (callSiteToCallApplyCallSiteMap)`
`3910`	`3910`	`{`
`3911`	`3911`	`Js::ProfileId callApplyCallSiteId = callSiteToCallApplyCallSiteMap[profileId];`
`3912`		`- Assert(callApplyCallSiteId < functionBody->GetProfiledCallApplyCallSiteCount());`
`3913`		`- if (callApplyCallSiteId != Js::Constants::NoProfileId)`
	`3912`	`+ if (callApplyCallSiteId < functionBody->GetProfiledCallApplyCallSiteCount())`
`3914`	`3913`	`{`
`3915`	`3914`	`dynamicProfileInfo->RecordCallApplyTargetInfo(functionBody, callApplyCallSiteId, targetFunction->GetFunctionInfo(), targetFunction);`
`3916`	`3915`	`}`
	`3916`	`+ else`
	`3917`	`+ {`
	`3918`	`+ Assert(callApplyCallSiteId == Js::Constants::NoProfileId);`
	`3919`	`+ }`
`3917`	`3920`	`}`
`3918`	`3921`	`}`
`3919`	`3922`	`}`