Bug 244191
| Summary: | [DFG] Usekind of input is lifted before print function | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Yue Sun <sunyue20z> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | saam, webkit-bug-importer, ysuzuki |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Local Build | ||
| Hardware: | PC | ||
| OS: | Linux | ||
Yue Sun
path/to/jsc test.js --useConcurrentJIT=0 --forceWeakRandomSeed=1 --useFTLJIT=0 --jitPolicyScale=0
path/to/jsc test.js --useConcurrentJIT=0 --forceWeakRandomSeed=1 --jitPolicyScale=0.01
function bar(a, b) {
try {
return a;
} finally {
print(b)
b--;
}
a /= b;
}
function test_context() {
function foo(x) {
return 42;
}
var s, t;
for (var i = 0; i < 10; i++) {
bar(t = foo(i) ? bar(42 + i - i) : bar(0), s = i + t);
}
return s;
}
test_context();
We ran the script with command line options above. In function bar(), variable b have a arithsub after print function. It would have problem if b is undefined, since Low Level Interpreter would first print "undefined" then sub 1 to get NaN, while DFG would transfer undefined to number and print "NaN".
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/99268944>