[Webkit-unassigned] [Bug 203665] New: codeBlock->expressionRangeForBytecodeIndex() returns wrong range for op_get_by_val

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Oct 30 23:39:04 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=203665

            Bug ID: 203665
           Summary: codeBlock->expressionRangeForBytecodeIndex() returns
                    wrong range for op_get_by_val
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: tuomas.webkit at apple.com

Created attachment 382433

  --> https://bugs.webkit.org/attachment.cgi?id=382433&action=review

repro case

for the JavaScript:

> function bar() {}
> 
> function foo() {
>   ({
>     ["x"]: {},
>   } = {
>     x: 0
>   });
>   bar();
> }
> 
> foo();
> foo();

the bytecode is:

> foo#Cy3Ca8:[0x10f9a0140->0x10f9c7c00, NoneFunctionCall, 57]: 15 instructions (0 16-bit instructions, 0 32-bit instructions, 6 instructions with metadata); 165 bytes (108 metadata bytes); 1 parameter(s); 14 callee register(s); 6 variable(s); scope at loc4
> [   0] enter
> [   1] get_scope          loc4
> [   3] mov                loc5, loc4
> [   6] check_traps
> [   7] new_object         loc6, 1
> [  11] put_by_id          loc6, 0, Int32: 0(const0), IsDirect
> [  17] jnundefined_or_null loc6, 6(->23)
> [  20] throw_static_error String (atomic) (identifier): Right side of assignment cannot be destructured, StructureID: 34136(const1), TypeError
> [  23] get_by_val         loc7, loc6, String (atomic) (identifier): x, StructureID: 34136(const2)
> [  28] jnundefined_or_null loc7, 6(->34)
> [  31] throw_static_error String (atomic) (identifier): Right side of assignment cannot be destructured, StructureID: 34136(const1), TypeError
> [  34] resolve_scope      loc8, loc4, 1, GlobalProperty, 0
> [  41] get_from_scope     loc6, loc8, 1, 2048<ThrowIfNotFound|GlobalProperty|NotInitialization>, 0, 0
> [  49] call               loc6, loc6, 1, 14
> [  55] ret                Undefined(const3)
> 
> Identifiers:
>   id0 = x
>   id1 = bar
> 
> Constants:
>    k0 = Int32: 0: in source as integer
>    k1 = String (atomic) (identifier): Right side of assignment cannot be destructured, StructureID: 34136
>    k2 = String (atomic) (identifier): x, StructureID: 34136
>    k3 = Undefined

output of codeBlock->unlinkedCodeBlock()->dumpExpressionRangeInfo() is:

> UnlinkedCodeBlock 0x10f998000 expressionRangeInfo[2] {
>   [0] pc 34 @ line 6 col 5 : op_resolve_scope
>   [1] pc 49 @ line 6 col 5 : op_call
> }

codeBlock->expressionRangeForBytecodeIndex() returns:

> #23 op_get_by_val divot: 84 startOffset: 3 endOffset: 0 source: 'bar'

I don't know what the source should be :-/

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191031/3d2bcee8/attachment.htm>

More information about the webkit-unassigned mailing list