174110 2017-07-03 16:37:16 -0700 DFGBytecodeParser op_to_this does not access the correct instruction offset for to this status 2017-07-03 18:35:00 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 saam saam benjamin commit-queue fpizlo ggaren gskachkov jfbastien keith_miller mark.lam msaboff ticaiolima ysuzuki oldest_to_newest 1325322 0 saam 2017-07-03 16:37:16 -0700 This is the code: ``` case op_to_this: { Node* op1 = getThis(); if (op1->op() != ToThis) { Structure* cachedStructure = currentInstruction[2].u.structure.get(); if (currentInstruction[2].u.toThisStatus != ToThisOK || !cachedStructure || cachedStructure->classInfo()->methodTable.toThis != JSObject::info()->methodTable.toThis || m_inlineStackTop->m_profiledBlock->couldTakeSlowCase(m_currentIndex) || m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadCache) || (op1->op() == GetLocal && op1->variableAccessData()->structureCheckHoistingFailed())) { setThis(addToGraph(ToThis, op1)); } else { addToGraph( CheckStructure, OpInfo(m_graph.addStructureSet(cachedStructure)), op1); } } NEXT_OPCODE(op_to_this); } ``` it can't be the case that the toThisStatus and the structure are at the same offset. 1325333 1 314539 saam 2017-07-03 16:57:54 -0700 Created attachment 314539 patch 1325334 2 314539 msaboff 2017-07-03 17:01:35 -0700 Comment on attachment 314539 patch Wow. r=me 1325357 3 314539 commit-queue 2017-07-03 18:34:59 -0700 Comment on attachment 314539 patch Clearing flags on attachment: 314539 Committed r219111: <http://trac.webkit.org/changeset/219111> 1325358 4 commit-queue 2017-07-03 18:35:00 -0700 All reviewed patches have been landed. Closing bug. 314539 2017-07-03 16:57:54 -0700 2017-07-03 18:34:59 -0700 patch c-backup.diff text/plain 1537 saam SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMjE5MTA4KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDEzIEBA CisyMDE3LTA3LTAzICBTYWFtIEJhcmF0aSAgPHNiYXJhdGlAYXBwbGUuY29tPgorCisgICAgICAg IERGR0J5dGVjb2RlUGFyc2VyIG9wX3RvX3RoaXMgZG9lcyBub3QgYWNjZXNzIHRoZSBjb3JyZWN0 IGluc3RydWN0aW9uIG9mZnNldCBmb3IgdG8gdGhpcyBzdGF0dXMKKyAgICAgICAgaHR0cHM6Ly9i dWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE3NDExMAorCisgICAgICAgIFJldmlld2Vk IGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgICogZGZnL0RGR0J5dGVDb2RlUGFyc2VyLmNw cDoKKyAgICAgICAgKEpTQzo6REZHOjpCeXRlQ29kZVBhcnNlcjo6cGFyc2VCbG9jayk6CisKIDIw MTctMDctMDMgIENvbW1pdCBRdWV1ZSAgPGNvbW1pdC1xdWV1ZUB3ZWJraXQub3JnPgogCiAgICAg ICAgIFVucmV2aWV3ZWQsIHJvbGxpbmcgb3V0IHIyMTkwNjAuCkluZGV4OiBTb3VyY2UvSmF2YVNj cmlwdENvcmUvZGZnL0RGR0J5dGVDb2RlUGFyc2VyLmNwcAo9PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2Uv SmF2YVNjcmlwdENvcmUvZGZnL0RGR0J5dGVDb2RlUGFyc2VyLmNwcAkocmV2aXNpb24gMjE5MTAy KQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL2RmZy9ERkdCeXRlQ29kZVBhcnNlci5jcHAJKHdv cmtpbmcgY29weSkKQEAgLTQxNDAsNyArNDE0MCw3IEBAIGJvb2wgQnl0ZUNvZGVQYXJzZXI6OnBh cnNlQmxvY2sodW5zaWduZWQKICAgICAgICAgICAgIE5vZGUqIG9wMSA9IGdldFRoaXMoKTsKICAg ICAgICAgICAgIGlmIChvcDEtPm9wKCkgIT0gVG9UaGlzKSB7CiAgICAgICAgICAgICAgICAgU3Ry dWN0dXJlKiBjYWNoZWRTdHJ1Y3R1cmUgPSBjdXJyZW50SW5zdHJ1Y3Rpb25bMl0udS5zdHJ1Y3R1 cmUuZ2V0KCk7Ci0gICAgICAgICAgICAgICAgaWYgKGN1cnJlbnRJbnN0cnVjdGlvblsyXS51LnRv VGhpc1N0YXR1cyAhPSBUb1RoaXNPSworICAgICAgICAgICAgICAgIGlmIChjdXJyZW50SW5zdHJ1 Y3Rpb25bM10udS50b1RoaXNTdGF0dXMgIT0gVG9UaGlzT0sKICAgICAgICAgICAgICAgICAgICAg fHwgIWNhY2hlZFN0cnVjdHVyZQogICAgICAgICAgICAgICAgICAgICB8fCBjYWNoZWRTdHJ1Y3R1 cmUtPmNsYXNzSW5mbygpLT5tZXRob2RUYWJsZS50b1RoaXMgIT0gSlNPYmplY3Q6OmluZm8oKS0+ bWV0aG9kVGFibGUudG9UaGlzCiAgICAgICAgICAgICAgICAgICAgIHx8IG1faW5saW5lU3RhY2tU b3AtPm1fcHJvZmlsZWRCbG9jay0+Y291bGRUYWtlU2xvd0Nhc2UobV9jdXJyZW50SW5kZXgpCg==