Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: af07422edd14f9c95f376af6c9df4264690a250e
https://github.com/WebKit/WebKit/commit/af07422edd14f9c95f376af6c9df4264690a250e
Author: Yijia Huang <[email protected]>
Date: 2025-05-03 (Sat, 03 May 2025)
Changed paths:
M Source/JavaScriptCore/dfg/DFGCloneHelper.cpp
M Source/JavaScriptCore/dfg/DFGCloneHelper.h
M Source/JavaScriptCore/dfg/DFGLoopUnrollingPhase.cpp
Log Message:
-----------
[JSC] Fix incorrect early return in isNodeCloneable and add debug cycle check
https://bugs.webkit.org/show_bug.cgi?id=292462
rdar://150555146
Reviewed by Yusuke Suzuki.
Previously, the NodeCloneStatus::Special/Common node case in isNodeCloneable()
returned early, skipping cloneableCache update and potential cleanup. This
patch changes it to break and ensures the result flows through the unified
return path.
Also adds a debug-only ThreadSpecific visiting set to detect accidental
cycles during recursion. This check is safe because Phi-like nodes are
categorized as NodeCloneStatus::PreCloned and are not recursively visited.
The visiting set is fully cleared after each cloneability check pass,
ensuring no state leakage between invocations.
Uses UncheckedKeyHashSet for cloneableCache and visiting for better performance.
* Source/JavaScriptCore/dfg/DFGCloneHelper.cpp:
(JSC::DFG::CloneHelper::isNodeCloneable):
* Source/JavaScriptCore/dfg/DFGCloneHelper.h:
* Source/JavaScriptCore/dfg/DFGLoopUnrollingPhase.cpp:
(JSC::DFG::LoopUnrollingPhase::isLoopBodyUnrollable):
Canonical link: https://commits.webkit.org/294474@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
