WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
230804
The DFG/FTL need to be aware that Proxy's can produce "function" for typeof and might be callable
https://bugs.webkit.org/show_bug.cgi?id=230804
Summary
The DFG/FTL need to be aware that Proxy's can produce "function" for typeof a...
Lukas Bernhard
Reported
2021-09-26 02:05:29 PDT
Differential testing identifies the following samples to trigger a miscomputation in FTL. Tested on 29c8d02c3b11c096cc67d89e5cfe8c16be42b3b7 (Fri Sep 24 09:39:18 2021 +0000) ./Release/bin/jsc --validateOptions=true --useConcurrentJIT=false --useConcurrentGC=false --thresholdForJITSoon=10 --thresholdForJITAfterWarmUp=10 --thresholdForOptimizeAfterWarmUp=100 --thresholdForOptimizeAfterLongWarmUp=100 --thresholdForOptimizeSoon=100 --thresholdForFTLOptimizeAfterWarmUp=1000 --thresholdForFTLOptimizeSoon=1000 --validateBCE=true --useFTLJIT=true diff.js function main() { let v162; const v25 = {__proto__:"name"}; for (let v113 = 0; v113 < 255; v113++) { const v141 = new Proxy(Object,v25); const v145 = v141["bind"](); // when running with FTL, the previous line raises a JS exception: // TypeError: |this| is not a function inside Function.prototype.bind // without FTL or in v8 this doesn't throw. } } main();
Attachments
patch
(8.22 KB, patch)
2021-09-29 18:17 PDT
,
Saam Barati
no flags
Details
Formatted Diff
Diff
patch
(8.62 KB, patch)
2021-09-29 18:25 PDT
,
Saam Barati
no flags
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2021-09-26 02:05:40 PDT
<
rdar://problem/83543951
>
Saam Barati
Comment 2
2021-09-29 17:58:48 PDT
***
Bug 231002
has been marked as a duplicate of this bug. ***
Saam Barati
Comment 3
2021-09-29 18:17:57 PDT
Created
attachment 439687
[details]
patch
Saam Barati
Comment 4
2021-09-29 18:25:38 PDT
Created
attachment 439689
[details]
patch
Yusuke Suzuki
Comment 5
2021-09-29 21:36:31 PDT
Comment on
attachment 439689
[details]
patch r=me
EWS
Comment 6
2021-09-30 13:38:04 PDT
Committed
r283332
(
242353@main
): <
https://commits.webkit.org/242353@main
> All reviewed patches have been landed. Closing bug and clearing flags on
attachment 439689
[details]
.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug