From 27a9009a7c4933d632f74ce0114df9aa82e81010 Mon Sep 17 00:00:00 2001
From: mstarzinger <mstarzinger@chromium.org>
Date: Mon, 14 Mar 2016 11:28:54 -0700
Subject: [PATCH] [interpreter] Fix label binding for unreached labels.

This fixes the label binding mechanism that forwards a label to another
already bound target label. For source labels that are not being reached
by a jump, we should not try to patch jump sites. We still bind the
source label to reflect the target position though, just in case this
binding method will be used for backwards branches in the future.

R=rmcilroy@chromium.org
TEST=webkit/fast/js/parser-syntax-check

Review URL: https://codereview.chromium.org/1804643002

Cr-Commit-Position: refs/heads/master@{#34759}
---
 src/interpreter/bytecode-array-builder.cc | 8 ++++++--
 test/webkit/webkit.status                 | 3 ---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/interpreter/bytecode-array-builder.cc b/src/interpreter/bytecode-array-builder.cc
index a99f0dae7e..c87a6f6712 100644
--- a/src/interpreter/bytecode-array-builder.cc
+++ b/src/interpreter/bytecode-array-builder.cc
@@ -720,8 +720,12 @@ BytecodeArrayBuilder& BytecodeArrayBuilder::Bind(const BytecodeLabel& target,
                                                  BytecodeLabel* label) {
   DCHECK(!label->is_bound());
   DCHECK(target.is_bound());
-  PatchJump(bytecodes()->begin() + target.offset(),
-            bytecodes()->begin() + label->offset());
+  if (label->is_forward_target()) {
+    // An earlier jump instruction refers to this label. Update it's location.
+    PatchJump(bytecodes()->begin() + target.offset(),
+              bytecodes()->begin() + label->offset());
+    // Now treat as if the label will only be back referred to.
+  }
   label->bind_to(target.offset());
   LeaveBasicBlock();
   return *this;
diff --git a/test/webkit/webkit.status b/test/webkit/webkit.status
index 2e2bbcc928..e2d2c4054e 100644
--- a/test/webkit/webkit.status
+++ b/test/webkit/webkit.status
@@ -100,9 +100,6 @@
 ['ignition == True', {
   # TODO(4680): Throws a RangeError due to stack overflow. Need investigation.
   'fast/js/excessive-comma-usage': [SKIP],  # Stack is brittle, SKIP not FAIL.
-
-  # TODO(4680): Assertion is C++ collection, looks like ordinary bug.
-  'fast/js/parser-syntax-check': [SKIP],  # Only some C++ libs, SKIP not FAIL.
 }],  # ignition == True
 
 ##############################################################################