NEW 246787
JavaScript execution result different when disable/enable breakpoints 
https://bugs.webkit.org/show_bug.cgi?id=246787
Summary JavaScript execution result different when disable/enable breakpoints
white
Reported 2022-10-19 20:54:57 PDT
for this code snippet below: (function (){ var car2 = { color: 0 } var temp2 = car2; car2 = (car2.color += 1); console.log("car2's color:" + temp2.color); })(); the print result is different whether breakpoints are enabled or not. Expected result: console prints "car2's color:1" whether breakpoints are enabled or not. Actual result: console prints "car2's color:1" whether breakpoints are enabled console prints "car2's color:0" whether breakpoints are disable Steps to reproduce: 1. open https://google.com in safari 2. opt + cmd + I to show Web Inspector 3. In Console tab, input the code above. 4. In Sources tab, toggle "Enable app breakpoints" button 5. try the code again
Attachments
Add attachment proposed patch, testcase, etc.
white
Comment 1 2022-10-25 21:22:12 PDT
typos: console prints "car2's color:1" whether breakpoints are enabled console prints "car2's color:0" whether breakpoints are disable => console prints "car2's color:1" when breakpoints are enabled console prints "car2's color:0" when breakpoints are disable --------------- 4. In Sources tab, toggle "Enable app breakpoints" button => 4. In Sources tab, toggle "Enable all breakpoints" button
Radar WebKit Bug Importer
Comment 2 2022-10-26 20:55:19 PDT
<rdar://problem/101617598>
linzj
Comment 3 2022-11-16 17:43:53 PST
Here is my fix: diff --git a/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp b/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp index f6293c4c0260..4185b48b6adc 100644 --- a/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp +++ b/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp @@ -3658,6 +3658,10 @@ RegisterID* AssignDotNode::emitBytecode(BytecodeGenerator& generator, RegisterID RegisterID* ReadModifyDotNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst) { RefPtr<RegisterID> base = generator.emitNodeForLeftHandSide(m_base, m_rightHasAssignments, m_right->isPure(generator)); + if (base.get() == dst) { + RefPtr<RegisterID> tmp = generator.newTemporary(); + base = generator.move(tmp.get(), base.get()); + } generator.emitExpressionInfo(subexpressionDivot(), subexpressionStart(), subexpressionEnd()); RefPtr<RegisterID> thisValue; diff --git a/Source/cmake/OptionsGTK.cmake b/Source/cmake/OptionsGTK.cmake But I think there are other ReadModifyNodes need this fix.
Note You need to log in before you can comment on or make changes to this bug.