Bug 202014

Summary: [JSC] DFG op_call_varargs should not assume that one-previous-local of freeReg is usable
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: JavaScriptCoreAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch saam: review+

Yusuke Suzuki
Reported 2019-09-19 16:43:22 PDT
This is not correct.
Attachments
Patch (19.66 KB, patch)
2019-09-19 18:06 PDT, Yusuke Suzuki 		saam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2019-09-19 16:43:45 PDT
<rdar://problem/54574453>
Yusuke Suzuki
Comment 2 2019-09-19 18:06:02 PDT
Created attachment 379183 [details] Patch
Yusuke Suzuki
Comment 3 2019-09-19 18:06:56 PDT
Comment on attachment 379183 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=379183&action=review > Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:1861 > + int registerOffset = firstFreeReg; This is the fix.
Mark Lam
Comment 4 2019-09-19 18:23:33 PDT
Comment on attachment 379183 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=379183&action=review r=me too. > Source/JavaScriptCore/ChangeLog:51 > + represent that this includes |this| count. By "this includes |this| count", you mean "the argument count includes |this|", yes? Can you rephrase as that please. The first "this" is a bit ambiguous.
Yusuke Suzuki
Comment 5 2019-09-19 19:17:31 PDT
Comment on attachment 379183 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=379183&action=review >> Source/JavaScriptCore/ChangeLog:51 >> + represent that this includes |this| count. > > By "this includes |this| count", you mean "the argument count includes |this|", yes? Can you rephrase as that please. The first "this" is a bit ambiguous. Fixed.
Yusuke Suzuki
Comment 6 2019-09-19 19:31:50 PDT
Committed r250116: <https://trac.webkit.org/changeset/250116>
Note You need to log in before you can comment on or make changes to this bug.