LibJS/Bytecode: Don't fuse unrelated compare and jump in peephole pass

Fixes an issue where https://x.com/awesomekling crashed on load. :^)

Userland/Libraries/LibJS/Bytecode/Pass/Peephole.cpp

@@ -40,32 +40,29 @@ void Peephole::perform(PassPipelineExecutable& executable)
 
  if (instruction.type() == Instruction::Type::Not) {
  auto const& not_ = static_cast<Op::Not const&>(instruction);
- VERIFY(jump.condition() == not_.dst());
- new_block->append<Op::JumpIfNot>(
- not_.source_record().source_start_offset,
- not_.source_record().source_end_offset,
- not_.src(),
- *jump.true_target(),
- *jump.false_target());
- ++it;
- VERIFY(it.at_end());
- continue;
+ if (jump.condition() != not_.dst()) {
+ auto slot_offset = new_block->size();
+ new_block->grow(not_.length());
+ memcpy(new_block->data() + slot_offset, &not_, not_.length());
+ continue;
+ }
  }
 
 #define DO_FUSE_JUMP(PreOp, ...) \
  if (instruction.type() == Instruction::Type::PreOp) { \
  auto const& compare = static_cast<Op::PreOp const&>(instruction); \
- VERIFY(jump.condition() == compare.dst()); \
- new_block->append<Op::Jump##PreOp>( \
- compare.source_record().source_start_offset, \
- compare.source_record().source_end_offset, \
- compare.lhs(), \
- compare.rhs(), \
- *jump.true_target(), \
- *jump.false_target()); \
- ++it; \
- VERIFY(it.at_end()); \
- continue; \
+ if (jump.condition() == compare.dst()) { \
+ new_block->append<Op::Jump##PreOp>( \
+ compare.source_record().source_start_offset, \
+ compare.source_record().source_end_offset, \
+ compare.lhs(), \
+ compare.rhs(), \
+ *jump.true_target(), \
+ *jump.false_target()); \
+ ++it; \
+ VERIFY(it.at_end()); \
+ continue; \
+ } \
  }
  JS_ENUMERATE_FUSABLE_BINARY_OPS(DO_FUSE_JUMP)
  }

Userland/Libraries/LibJS/Tests/optimizer-bugs.js

@@ -0,0 +1,10 @@
+test("Don't fuse unrelated jump and compare", () => {
+ function go(a) {
+ a < 3;
+ a &&= 1;
+
+ a < 3;
+ a ||= 1;
+ }
+ go();
+});