The compiler emitted incorrect bytecode for logical assignment operations on property expressions. The generated instructions left the stack in an unclean state when the assignment condition was not fulfilled, causing a stack layout mismatch between compiler and vm, leading to undefined variable accesses and other non-deterministic behavior.
Solve this issue by rewriting the bytecode generation to yield an instruction sequence that does not leave garbage on the stack.
The implementation is not optimal yet, as an expression in the form obj.prop ||= val will load obj.prop twice. This is acceptable for now as the load operation has no side effect, but should be solved in a better way by introducing new instructions that allow for swapping stack slots, allowing the vm to operate on a copy of the loaded value.
Also rewrite the corresponding test case to trigger a runtime error on code versions before this fix.
The compiler emitted incorrect bytecode for logical assignment operations on property expressions. The generated instructions left the stack in an unclean state when the assignment condition was not fulfilled, causing a stack layout mismatch between compiler and vm, leading to undefined variable accesses and other non-deterministic behavior.
Solve this issue by rewriting the bytecode generation to yield an instruction sequence that does not leave garbage on the stack.
The implementation is not optimal yet, as an expression in the form
obj.prop ||= valwill loadobj.proptwice. This is acceptable for now as the load operation has no side effect, but should be solved in a better way by introducing new instructions that allow for swapping stack slots, allowing the vm to operate on a copy of the loaded value.Also rewrite the corresponding test case to trigger a runtime error on code versions before this fix.
Fixes: fdc9b6a ("compiler: fix
??=,||=and&&=logical assignment semantics") Signed-off-by: Jo-Philipp Wich jo@mein.io