[Webkit-unassigned] [Bug 70403] New: bytecompiler sometimes generates incorrect bytecode for put_by_id
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Oct 19 01:34:37 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=70403
Summary: bytecompiler sometimes generates incorrect bytecode
for put_by_id
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Linux
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: zheng.z.liu at intel.com
Bytecompiler sometimes generates incorrect bytecode for put_by_id.
case:(a same case of dot)
function f(a,i,j) {
a.__defineSetter__('x',
function(v) {
this['z']=v;
i='CLOBBERED';
});
j['y']=(a['x']=i);
print(j.y);
};
f({},'RVAL',{});
expected: 'RVAL', got: 'CLOBBERED'
Reason:
[ 34] mov r4, "y"(@k1)
[ 37] put_by_val r-9, "x"(@k0), r-8
[ 41] put_by_val r3, r4, r-8
r-8 is clobbered in this case.
Expression (a['x']=i) should not forward r-8.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list