[webkit-changes] [WebKit/WebKit] 4f99c0: Cherry-pick 259548.856 at safari-7615-branch (c3d2e36...

Tue Jul 18 13:02:15 PDT 2023

  Branch: refs/heads/webkitglib/2.40
  Home:   https://github.com/WebKit/WebKit
  Commit: 4f99c0670d2d91dbc51725a7af6909e186db1b07
      https://github.com/WebKit/WebKit/commit/4f99c0670d2d91dbc51725a7af6909e186db1b07
  Author: Justin Michaud <justin_michaud at apple.com>
  Date:   2023-07-18 (Tue, 18 Jul 2023)

  Changed paths:
    M Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h

  Log Message:
  -----------
  Cherry-pick 259548.856 at safari-7615-branch (c3d2e3627b45). https://bugs.webkit.org/show_bug.cgi?id=259231

    CallVarargs should identify that it can read inline call frame arguments.
    rdar://111361499

    Reviewed by Yusuke Suzuki.

    Call already does this, but CallVarargs has a special case that forgot.

    We should not be allowed to push PutStacks below a call of any kind, since
    it might access our call frame's arguments via foo.arguments, unless
    we are strict.

    The only exception is TailCall (but not TailCallForwardVarargsInlinedCaller),
    because it will destroy the entire frame.

    We do not un-pessimize TailCall yet to reduce risk, but it could be made
    to match TailCallForwardVarargs in the future.

    * Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h:
    (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):

    Canonical link: https://commits.webkit.org/259548.856@safari-7615-branch

Canonical link: https://commits.webkit.org/260527.380@webkitglib/2.40