Bug 246787
| Summary: | JavaScript execution result different when disable/enable breakpoints | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | white <jinhao.zhang> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Critical | CC: | hi, manjian2006, mark.lam, pangle, webkit-bug-importer, ysuzuki |
| Priority: | P2 | Keywords: | InRadar |
| Version: | Safari 15 | ||
| Hardware: | Mac (Apple Silicon) | ||
| OS: | macOS 12 | ||
white
for this code snippet below:
(function (){
var car2 = { color: 0 }
var temp2 = car2;
car2 = (car2.color += 1);
console.log("car2's color:" + temp2.color);
})();
the print result is different whether breakpoints are enabled or not.
Expected result:
console prints "car2's color:1" whether breakpoints are enabled or not.
Actual result:
console prints "car2's color:1" whether breakpoints are enabled
console prints "car2's color:0" whether breakpoints are disable
Steps to reproduce:
1. open https://google.com in safari
2. opt + cmd + I to show Web Inspector
3. In Console tab, input the code above.
4. In Sources tab, toggle "Enable app breakpoints" button
5. try the code again
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
white
typos:
console prints "car2's color:1" whether breakpoints are enabled
console prints "car2's color:0" whether breakpoints are disable
=>
console prints "car2's color:1" when breakpoints are enabled
console prints "car2's color:0" when breakpoints are disable
---------------
4. In Sources tab, toggle "Enable app breakpoints" button
=>
4. In Sources tab, toggle "Enable all breakpoints" button
Radar WebKit Bug Importer
<rdar://problem/101617598>
linzj
Here is my fix:
diff --git a/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp b/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
index f6293c4c0260..4185b48b6adc 100644
--- a/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
+++ b/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
@@ -3658,6 +3658,10 @@ RegisterID* AssignDotNode::emitBytecode(BytecodeGenerator& generator, RegisterID
RegisterID* ReadModifyDotNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
{
RefPtr<RegisterID> base = generator.emitNodeForLeftHandSide(m_base, m_rightHasAssignments, m_right->isPure(generator));
+ if (base.get() == dst) {
+ RefPtr<RegisterID> tmp = generator.newTemporary();
+ base = generator.move(tmp.get(), base.get());
+ }
generator.emitExpressionInfo(subexpressionDivot(), subexpressionStart(), subexpressionEnd());
RefPtr<RegisterID> thisValue;
diff --git a/Source/cmake/OptionsGTK.cmake b/Source/cmake/OptionsGTK.cmake
But I think there are other ReadModifyNodes need this fix.