Bug 181200 - Incorrect assertion inside AccessCase
Summary: Incorrect assertion inside AccessCase
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Saam Barati
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2017-12-31 16:59 PST by Saam Barati
Modified: 2018-01-02 19:59 PST (History)
13 users (show)

See Also:

Attachments
patch (3.16 KB, patch)
2017-12-31 17:05 PST, Saam Barati 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Saam Barati 2017-12-31 16:59:30 PST 
In a setter like:

```
o.f = o;
```

The DFG will often assign the same registers to the baseGPR (o in o.f) and the valueRegsPayloadGPR (o in the RHS).
The code totally works when these are assigned to the same register. However, we're asserting that they're not the same register.
Comment 1 Saam Barati 2017-12-31 17:00:09 PST 
<rdar://problem/35494754>
Comment 2 Saam Barati 2017-12-31 17:05:00 PST 
Created attachment 330269 [details]
patch
Comment 3 Yusuke Suzuki 2018-01-01 10:05:08 PST 
Comment on attachment 330269 [details]
patch

r=me
Comment 4 WebKit Commit Bot 2018-01-02 19:59:19 PST 
Comment on attachment 330269 [details]
patch

Clearing flags on attachment: 330269

Committed r226351: <https://trac.webkit.org/changeset/226351>
Comment 5 WebKit Commit Bot 2018-01-02 19:59:21 PST 
All reviewed patches have been landed.  Closing bug.