[Webkit-unassigned] [Bug 203604] New: codeBlock->expressionRangeForBytecodeIndex() returns wrong range for op_bitxor, op_bitand, op_bitor (and op_bitnot)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Oct 30 03:53:22 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=203604

            Bug ID: 203604
           Summary: codeBlock->expressionRangeForBytecodeIndex() returns
                    wrong range for op_bitxor, op_bitand, op_bitor (and
                    op_bitnot)
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: tuomas.webkit at apple.com

Created attachment 382294

  --> https://bugs.webkit.org/attachment.cgi?id=382294&action=review

repro case

for the JavaScript:

> function foo() {
>   let i = 0;
>   let j = 0;
>   let k = 0;
>   i ^ j;
>   j ^ k;
>   i ^ j ^ k;
> }
> 
> foo();
> foo();

the bytecode is:

> foo#CWMAwU:[0x1157a0140->0x1157c7b80, NoneFunctionCall, 47]: 15 instructions (0 16-bit instructions, 0 32-bit instructions, 4 instructions with metadata); 155 bytes (108 metadata bytes); 1 parameter(s); 10 callee register(s); 6 variable(s); scope at loc4
> [   0] enter
> [   1] get_scope          loc4
> [   3] mov                loc5, loc4
> [   6] check_traps
> [   7] mov                loc6, <JSValue()>(const0)
> [  10] mov                loc7, <JSValue()>(const0)
> [  13] mov                loc8, <JSValue()>(const0)
> [  16] mov                loc6, Int32: 0(const1)
> [  19] mov                loc8, Int32: 0(const1)
> [  22] mov                loc7, Int32: 0(const1)
> [  25] bitxor             loc9, loc6, loc8
> [  30] bitxor             loc9, loc8, loc7
> [  35] bitxor             loc9, loc6, loc8
> [  40] bitxor             loc9, loc9, loc7
> [  45] ret                Undefined(const2)
> 
> Constants:
>    k0 = <JSValue()>
>    k1 = Int32: 0: in source as integer
>    k2 = Undefined

output of codeBlock->unlinkedCodeBlock()->dumpExpressionRangeInfo() is:

> UnlinkedCodeBlock 0x115798000 expressionRangeInfo[4] {
>   [0] pc 25 @ line 4 col 2 : op_bitxor
>   [1] pc 30 @ line 5 col 2 : op_bitxor
>   [2] pc 35 @ line 6 col 2 : op_bitxor
>   [3] pc 40 @ line 6 col 2 : op_bitxor
> }

for the op_bitxors, codeBlock->expressionRangeForBytecodeIndex returns startOffset and endOffset of zero for all four and the divots are at the beginning of each line, specifically bytecodes #35 and #40 are both targeting the beginning of the line "i ^ j ^ k"

nb. expressionRangeInfo points specifically to the op_bitxor bytecodes.

my expectations for the source ranges for the op_bitxor bytecodes are:
> #25 "i ^ j"
> divot--^
> #30 "j ^ k"
> divot--^
> #35 "j ^ k"
> divot--^
> #40 "i ^ j ^ k"
> divot--^

the opcodes op_bitxor, op_bitand, op_bitor are all similarly affected.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191030/2f8d2249/attachment-0001.htm>

More information about the webkit-unassigned mailing list