RESOLVED FIXED 174110
DFGBytecodeParser op_to_this does not access the correct instruction offset for to this status 
https://bugs.webkit.org/show_bug.cgi?id=174110
Summary DFGBytecodeParser op_to_this does not access the correct instruction offset f...
Saam Barati
Reported 2017-07-03 16:37:16 PDT
This is the code: ``` case op_to_this: { Node* op1 = getThis(); if (op1->op() != ToThis) { Structure* cachedStructure = currentInstruction[2].u.structure.get(); if (currentInstruction[2].u.toThisStatus != ToThisOK || !cachedStructure || cachedStructure->classInfo()->methodTable.toThis != JSObject::info()->methodTable.toThis || m_inlineStackTop->m_profiledBlock->couldTakeSlowCase(m_currentIndex) || m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadCache) || (op1->op() == GetLocal && op1->variableAccessData()->structureCheckHoistingFailed())) { setThis(addToGraph(ToThis, op1)); } else { addToGraph( CheckStructure, OpInfo(m_graph.addStructureSet(cachedStructure)), op1); } } NEXT_OPCODE(op_to_this); } ``` it can't be the case that the toThisStatus and the structure are at the same offset.
Attachments
patch (1.50 KB, patch)
2017-07-03 16:57 PDT, Saam Barati 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Saam Barati
Comment 1 2017-07-03 16:57:54 PDT
Created attachment 314539 [details] patch
Michael Saboff
Comment 2 2017-07-03 17:01:35 PDT
Comment on attachment 314539 [details] patch Wow. r=me
WebKit Commit Bot
Comment 3 2017-07-03 18:34:59 PDT
Comment on attachment 314539 [details] patch Clearing flags on attachment: 314539 Committed r219111: <http://trac.webkit.org/changeset/219111>
WebKit Commit Bot
Comment 4 2017-07-03 18:35:00 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.