244191 – [DFG] Usekind of input is lifted before print function

NEW 244191

[DFG] Usekind of input is lifted before print function

https://bugs.webkit.org/show_bug.cgi?id=244191

Summary [DFG] Usekind of input is lifted before print function

Yue Sun

Reported 2022-08-22 02:42:32 PDT

path/to/jsc test.js --useConcurrentJIT=0 --forceWeakRandomSeed=1 --useFTLJIT=0 --jitPolicyScale=0 path/to/jsc test.js --useConcurrentJIT=0 --forceWeakRandomSeed=1 --jitPolicyScale=0.01 function bar(a, b) { try { return a; } finally { print(b) b--; } a /= b; } function test_context() { function foo(x) { return 42; } var s, t; for (var i = 0; i < 10; i++) { bar(t = foo(i) ? bar(42 + i - i) : bar(0), s = i + t); } return s; } test_context(); We ran the script with command line options above. In function bar(), variable b have a arithsub after print function. It would have problem if b is undefined, since Low Level Interpreter would first print "undefined" then sub 1 to get NaN, while DFG would transfer undefined to number and print "NaN".

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2022-08-29 02:43:16 PDT

<rdar://problem/99268944>

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware PC

OS Linux

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2022-08-22 02:42 PDT

Modified

2022-08-29 02:43 PDT History

CC List

3 users Show

URL

Keywords InRadar

Depends on

Blocks