NEW 203603
codeBlock->expressionRangeForBytecodeIndex() returns wrong range for op_get_from_scope 
https://bugs.webkit.org/show_bug.cgi?id=203603
Summary codeBlock->expressionRangeForBytecodeIndex() returns wrong range for op_get_f...
Tuomas Karkkainen
Reported 2019-10-30 02:46:13 PDT
Created attachment 382291 [details] repro case for the JavaScript: > for (var i = 0; i < 10; ++i) {} the bytecode is: > <global>#DECxqq:[0x1139a0000->0x1139a8000, NoneGlobal, 95]: 21 instructions (0 16-bit instructions, 0 32-bit instructions, 9 instructions with metadata); 203 bytes (108 metadata bytes); 1 parameter(s); 10 callee register(s); 6 variable(s); scope at loc4 > [ 0] enter > [ 1] get_scope loc4 > [ 3] mov loc5, loc4 > [ 6] check_traps > [ 7] mov loc6, Undefined(const0) > [ 10] mov loc6, Undefined(const0) > [ 13] resolve_scope loc7, loc4, 0, GlobalProperty, 0 > [ 20] put_to_scope loc7, 0, Int32: 0(const1), 1048576<DoNotThrowIfNotFound|GlobalProperty|Initialization>, 0, 0 > [ 28] resolve_scope loc7, loc4, 0, GlobalProperty, 0 > [ 35] get_from_scope loc8, loc7, 0, 2048<ThrowIfNotFound|GlobalProperty|NotInitialization>, 0, 0 > [ 43] jnless loc8, Int32: 10(const2), 50(->93) > [ 47] loop_hint > [ 48] check_traps > [ 49] resolve_scope loc7, loc4, 0, GlobalProperty, 0 > [ 56] get_from_scope loc8, loc7, 0, 2048<ThrowIfNotFound|GlobalProperty|NotInitialization>, 0, 0 > [ 64] inc loc8 > [ 66] put_to_scope loc7, 0, loc8, 2048<ThrowIfNotFound|GlobalProperty|NotInitialization>, 0, 0 > [ 74] resolve_scope loc7, loc4, 0, GlobalProperty, 0 > [ 81] get_from_scope loc8, loc7, 0, 2048<ThrowIfNotFound|GlobalProperty|NotInitialization>, 0, 0 > [ 89] jless loc8, Int32: 10(const2), -42(->47) > [ 93] end loc6 > > Identifiers: > id0 = i > > Constants: > k0 = Undefined > k1 = Int32: 0: in source as integer > k2 = Int32: 10: in source as integer output of codeBlock->unlinkedCodeBlock()->dumpExpressionRangeInfo() is: > UnlinkedCodeBlock 0x107aa4000 expressionRangeInfo[6] { > [0] pc 20 @ line 0 col 12 : op_put_to_scope > [1] pc 28 @ line 0 col 17 : op_resolve_scope > [2] pc 43 @ line 0 col 16 : op_jnless > [3] pc 49 @ line 0 col 27 : op_resolve_scope > [4] pc 74 @ line 0 col 17 : op_resolve_scope > [5] pc 89 @ line 0 col 16 : op_jless > } for the op_get_from_scope at #56, codeBlock->expressionRangeForBytecodeIndex returns: divot: 27, startOffset: 3, endOffset: 0, source: '++i' afaik, the correct source would be just 'i' for > for (var i = 0; i < 10; i++) {} there is an op_get_from_scope for 'i++' with the divot at the 'i' for > for (var i = 0; i < 10; i+=1) {} the source is just 'i' the bytecode for the ++i and i++ is identical, and the only difference in the i+=1 case is that the 'inc' is replaced with an 'add'
Attachments
repro case (97 bytes, application/x-javascript)
2019-10-30 02:46 PDT, Tuomas Karkkainen 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Note You need to log in before you can comment on or make changes to this bug.