[Webkit-unassigned] [Bug 203554] New: codeBlock->expressionRangeForBytecodeIndex returns wrong range for op_get_argument

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Oct 28 23:55:25 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=203554

            Bug ID: 203554
           Summary: codeBlock->expressionRangeForBytecodeIndex returns
                    wrong range for op_get_argument
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: tuomas.webkit at apple.com

Created attachment 382161

  --> https://bugs.webkit.org/attachment.cgi?id=382161&action=review

repro case

for the JavaScript:

> function* foo(xx=0, yyy=0, zzzz=0) {
>   xx;
>   yyy;
>   zzzz;
> }
> 
> foo();
> foo();

the abbreviated bytecode is:

> foo#EIbkpk:[0x111fa0140->0x111fc7b80, NoneFunctionCall, 107]: 29 instructions (0 16-bit instructions, 0 32-bit instructions, 8 instructions with metadata); 215 bytes (108 metadata bytes); 1 parameter(s); 12 callee register(s); 8 variable(s); scope at loc4
> ...
> [  22] get_argument       loc9, 1
> ...
> [  35] put_to_scope       loc8, 0, loc9, 1048580<DoNotThrowIfNotFound|LocalClosureVar|Initialization>, 1, 0
> [  43] get_argument       loc9, 2
> ...
> [  56] put_to_scope       loc8, 1, loc9, 1048580<DoNotThrowIfNotFound|LocalClosureVar|Initialization>, 1, 1
> [  64] get_argument       loc9, 3
> ...
> [  77] put_to_scope       loc8, 2, loc9, 1048580<DoNotThrowIfNotFound|LocalClosureVar|Initialization>, 1, 2
> 
> Identifiers:
>   id0 = xx
>   id1 = yyy
>   id2 = zzzz

codeBlock->unlinkedCodeBlock()->dumpExpressionRangeInfo() outputs:

> UnlinkedCodeBlock 0x111f98000 expressionRangeInfo[3] {
>   [0] pc 35 @ line 0 col 3 : op_put_to_scope
>   [1] pc 56 @ line 0 col 10 : op_put_to_scope
>   [2] pc 77 @ line 0 col 18 : op_put_to_scope
> }

calling codeBlock->expressionRangeForBytecodeIndex() on the op_get_argument bytecodes at 22, 43 and 64 returns the following:

> bytecodeIndex: 22 => expressionRangeInfo[0], divot: 16, startOffset: 2, endOffset: 0, source: "xx"
> bytecodeIndex: 43 => expressionRangeInfo[0], divot: 16, startOffset: 2, endOffset: 0, source: "xx"
> bytecodeIndex: 64 => expressionRangeInfo[1], divot: 23, startOffset: 3, endOffset: 0, source: "yyy"

the correct expressionRangeInfos would have been 1, 2 and 3 respectively, that is source "xx", "yyy", and "zzzz"

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191029/591b85ea/attachment.htm>

More information about the webkit-unassigned mailing list