jalangi2 icon indicating copy to clipboard operation
jalangi2 copied to clipboard

Published 20 hours ago verified publisher icon Samsung

Reusing iids in src/js/runtime/analysis.js:A

Open esbena opened this issue 10 years ago • 2 comments

The implementation of A in src/js/runtime/analysis.js is a bit odd. It uses the same iids for the calls to G, B and P:

    function A(iid, base, offset, op, isComputed) {
        var oprnd1 = G(iid, base, offset, isComputed, true, false);
        return function (oprnd2) {
            var val = B(iid, op, oprnd1, oprnd2, true, false);
            return P(iid, base, offset, val, isComputed, true);
        };
    }

It should use different iids in the style of M:

    function M(iid, base, offset, isConstructor, isComputed) {
        return function () {
            var f = G(iid + 2, base, offset, isComputed, false, true);
            return (lastComputedValue = invokeFun(iid, base, f, arguments, isConstructor, true));
        };
    }

esbena avatar Dec 08 '14 23:12 esbena

@esbena is this still a problem?

msridhar avatar May 08 '15 16:05 msridhar

It has been fixed partly? (see below excerpt from current source)

It is still surprising that the same iid will be used for different callbacks to the analysis. But at least analysis.js documents this now.

        // avoid iid collision: make sure that iid+2 has the same source map as iid (@todo)
        var oprnd1 = G(iid+2, base, offset, isComputed, true, false);
        return function (oprnd2) {
            // still possible to get iid collision with a mem operation
            var val = B(iid, op, oprnd1, oprnd2, false, true, false);
            return P(iid, base, offset, val, isComputed, true);
        };

esbena avatar May 09 '15 09:05 esbena