181200 – Incorrect assertion inside AccessCase

RESOLVED FIXED 181200

Incorrect assertion inside AccessCase

https://bugs.webkit.org/show_bug.cgi?id=181200

Summary Incorrect assertion inside AccessCase

Saam Barati

Reported 2017-12-31 16:59:30 PST

In a setter like: ``` o.f = o; ``` The DFG will often assign the same registers to the baseGPR (o in o.f) and the valueRegsPayloadGPR (o in the RHS). The code totally works when these are assigned to the same register. However, we're asserting that they're not the same register.

Attachments
patch (3.16 KB, patch) 2017-12-31 17:05 PST, Saam Barati	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Saam Barati

Comment 1 2017-12-31 17:00:09 PST

<rdar://problem/35494754>

Saam Barati

Comment 2 2017-12-31 17:05:00 PST

Created attachment 330269 [details] patch

Yusuke Suzuki

Comment 3 2018-01-01 10:05:08 PST

Comment on attachment 330269 [details] patch r=me

WebKit Commit Bot

Comment 4 2018-01-02 19:59:19 PST

Comment on attachment 330269 [details] patch Clearing flags on attachment: 330269 Committed r226351: <https://trac.webkit.org/changeset/226351>

WebKit Commit Bot

Comment 5 2018-01-02 19:59:21 PST

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Saam Barati

Reported

2017-12-31 16:59 PST

Modified

2018-01-02 19:59 PST History

CC List

13 users Show

URL

Keywords InRadar

Depends on

Blocks