Branch: refs/heads/webkitglib/2.40
Home: https://github.com/WebKit/WebKit
Commit: ebefb9e6b7e7440ab6bb29452f4ac6350bd8b975
https://github.com/WebKit/WebKit/commit/ebefb9e6b7e7440ab6bb29452f4ac6350bd8b975
Author: Yijia Huang <[email protected]>
Date: 2023-06-22 (Thu, 22 Jun 2023)
Changed paths:
A JSTests/stress/heap-location-collision-dfg-clobberize.js
M Source/JavaScriptCore/dfg/DFGClobberize.h
M Source/JavaScriptCore/dfg/DFGHeapLocation.cpp
M Source/JavaScriptCore/dfg/DFGHeapLocation.h
Log Message:
-----------
Cherry-pick 263909@main (52fe95e5805c).
https://bugs.webkit.org/show_bug.cgi?id=256567
EnumeratorNextUpdateIndexAndMode and HasIndexedProperty should have
different heap location kinds
https://bugs.webkit.org/show_bug.cgi?id=256567
rdar://109089013
Reviewed by Yusuke Suzuki.
EnumeratorNextUpdateIndexAndMode and HasIndexedProperty are different DFG
nodes. However,
they might introduce the same heap location kind in DFGClobberize.h which
might lead to
hash collision. We should introduce a new locationn kind for
EnumeratorNextUpdateIndexAndMode.
* JSTests/stress/heap-location-collision-dfg-clobberize.js: Added.
(foo):
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* Source/JavaScriptCore/dfg/DFGHeapLocation.cpp:
(WTF::printInternal):
* Source/JavaScriptCore/dfg/DFGHeapLocation.h:
Canonical link: https://commits.webkit.org/263909@main
Canonical link: https://commits.webkit.org/260527.376@webkitglib/2.40
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
