[Webkit-unassigned] [Bug 203608] New: codeBlock->expressionRangeForBytecodeIndex() returns wrong range for op_get_from_arguments

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Oct 30 07:05:46 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=203608

            Bug ID: 203608
           Summary: codeBlock->expressionRangeForBytecodeIndex() returns
                    wrong range for op_get_from_arguments
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: tuomas.webkit at apple.com

Created attachment 382305

  --> https://bugs.webkit.org/attachment.cgi?id=382305&action=review

repro case

for the JavaScript:

> function foo(a0) {
>   typeof a0;
>   arguments;
> }
> foo();
> foo();

the bytecode is:

> foo#ES8iwE:[0x10d9a0140->0x10d9c7b80, NoneFunctionCall, 19]: 8 instructions (0 16-bit instructions, 0 32-bit instructions, 1 instructions with metadata); 127 bytes (108 metadata bytes); 2 parameter(s); 10 callee register(s); 8 variable(s); scope at loc4
> [   0] enter
> [   1] get_scope          loc4
> [   3] mov                loc5, loc4
> [   6] check_traps
> [   7] create_direct_arguments loc6
> [   9] mov                loc7, loc6
> [  12] get_from_arguments loc8, loc6, 0
> [  17] ret                Undefined(const0)
> 
> Constants:
>    k0 = Undefined

output of codeBlock->unlinkedCodeBlock()->dumpExpressionRangeInfo() is:

> UnlinkedCodeBlock 0x10d998000 expressionRangeInfo[0] {
> }

for the get_from_arguments at #12, codeBlock->expressionRangeForBytecodeIndex returns a zero length string located at the second 'o' on the first line.


for the JavaScript:

> function foo(a0) {
>   a0;
>   arguments;
> }
> foo();
> foo();

the bytecode is identical, but output of codeBlock->unlinkedCodeBlock()->dumpExpressionRangeInfo() is:

> UnlinkedCodeBlock 0x111398000 expressionRangeInfo[1] {
>   [0] pc 12 @ line 1 col 4 : op_get_from_arguments
> }

and codeBlock->expressionRangeForBytecodeIndex() references 'a0' on the second line as expected

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191030/1c12f7ca/attachment.htm>

More information about the webkit-unassigned mailing list