[Webkit-unassigned] [Bug 203555] New: codeBlock->expressionRangeForBytecodeIndex() returns wrong range for op_to_this

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Oct 29 00:27:07 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=203555

            Bug ID: 203555
           Summary: codeBlock->expressionRangeForBytecodeIndex() returns
                    wrong range for op_to_this
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: tuomas.webkit at apple.com

Created attachment 382162

  --> https://bugs.webkit.org/attachment.cgi?id=382162&action=review

repro case

for the JavaScript:

> function foo() {
>   this;
>   Array.prototype;
> }
> 
> foo();
> foo();


bytecode is:

> foo#DDE7H8:[0x106ba0140->0x106bc7b80, NoneFunctionCall, 32]: 9 instructions (0 16-bit instructions, 0 32-bit instructions, 4 instructions with metadata); 140 bytes (108 metadata bytes); 1 parameter(s); 10 callee register(s); 6 variable(s); scope at loc4
> [   0] enter
> [   1] get_scope          loc4
> [   3] mov                loc5, loc4
> [   6] check_traps
> [   7] to_this            this
> [  10] resolve_scope      loc7, loc4, 0, GlobalProperty, 0
> [  17] get_from_scope     loc8, loc7, 0, 2048<ThrowIfNotFound|GlobalProperty|NotInitialization>, 0, 0
> [  25] get_by_id          loc6, loc8, 1, id: prototype
> [  30] ret                Undefined(const0)
> 
> Identifiers:
>   id0 = Array
>   id1 = prototype
> 
> Constants:
>    k0 = Undefined

codeBlock->unlinkedCodeBlock()->dumpExpressionRangeInfo() outputs:

> UnlinkedCodeBlock 0x106b98000 expressionRangeInfo[2] {
>   [0] pc 10 @ line 2 col 7 : op_resolve_scope
>   [1] pc 25 @ line 2 col 7 : op_get_by_id
> }

calling codeBlock->expressionRangeForBytecodeIndex() on the op_to_this bytecode at 7 returns:

> divot: 27, startOffset: 5, endOffset: 0, source: "Array"

the expected source is "this"
there is no expressionRangeInfo that corresponds to "this" at all.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191029/8d7607a4/attachment.htm>

More information about the webkit-unassigned mailing list