Bug 202014 - [JSC] DFG op_call_varargs should not assume that one-previous-local of freeReg is usable
Summary: [JSC] DFG op_call_varargs should not assume that one-previous-local of freeRe...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Yusuke Suzuki
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-09-19 16:43 PDT by Yusuke Suzuki
Modified: 2019-09-19 19:31 PDT (History)
7 users (show)

See Also:

Attachments
Patch (19.66 KB, patch)
2019-09-19 18:06 PDT, Yusuke Suzuki 		saam: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yusuke Suzuki 2019-09-19 16:43:22 PDT 
This is not correct.
Comment 1 Yusuke Suzuki 2019-09-19 16:43:45 PDT 
<rdar://problem/54574453>
Comment 2 Yusuke Suzuki 2019-09-19 18:06:02 PDT 
Created attachment 379183 [details]
Patch
Comment 3 Yusuke Suzuki 2019-09-19 18:06:56 PDT 
Comment on attachment 379183 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=379183&action=review

> Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:1861
> +    int registerOffset = firstFreeReg;

This is the fix.
Comment 4 Mark Lam 2019-09-19 18:23:33 PDT 
Comment on attachment 379183 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=379183&action=review

r=me too.

> Source/JavaScriptCore/ChangeLog:51
> +        represent that this includes |this| count.

By "this includes |this| count", you mean "the argument count includes |this|", yes?  Can you rephrase as that please.  The first "this" is a bit ambiguous.
Comment 5 Yusuke Suzuki 2019-09-19 19:17:31 PDT 
Comment on attachment 379183 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=379183&action=review

>> Source/JavaScriptCore/ChangeLog:51
>> +        represent that this includes |this| count.
> 
> By "this includes |this| count", you mean "the argument count includes |this|", yes?  Can you rephrase as that please.  The first "this" is a bit ambiguous.

Fixed.
Comment 6 Yusuke Suzuki 2019-09-19 19:31:50 PDT 
Committed r250116: <https://trac.webkit.org/changeset/250116>