[webkit-changes] [WebKit/WebKit] 52fe95: EnumeratorNextUpdateIndexAndMode and HasIndexedPro...
Commit Queue
noreply at github.com
Wed May 10 09:43:24 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 52fe95e5805c735cc1fa4d6200fcaa1912efbfea
https://github.com/WebKit/WebKit/commit/52fe95e5805c735cc1fa4d6200fcaa1912efbfea
Author: Yijia Huang <yijia_huang at apple.com>
Date: 2023-05-10 (Wed, 10 May 2023)
Changed paths:
A JSTests/stress/heap-location-collision-dfg-clobberize.js
M Source/JavaScriptCore/dfg/DFGClobberize.h
M Source/JavaScriptCore/dfg/DFGHeapLocation.cpp
M Source/JavaScriptCore/dfg/DFGHeapLocation.h
M Source/JavaScriptCore/dfg/DFGInPlaceAbstractState.cpp
Log Message:
-----------
EnumeratorNextUpdateIndexAndMode and HasIndexedProperty should have different heap location kinds
https://bugs.webkit.org/show_bug.cgi?id=256567
rdar://109089013
Reviewed by Yusuke Suzuki.
EnumeratorNextUpdateIndexAndMode and HasIndexedProperty are different DFG nodes. However,
they might introduce the same heap location kind in DFGClobberize.h which might lead to
hash collision. We should introduce a new locationn kind for EnumeratorNextUpdateIndexAndMode.
* JSTests/stress/heap-location-collision-dfg-clobberize.js: Added.
(foo):
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* Source/JavaScriptCore/dfg/DFGHeapLocation.cpp:
(WTF::printInternal):
* Source/JavaScriptCore/dfg/DFGHeapLocation.h:
* Source/JavaScriptCore/dfg/DFGInPlaceAbstractState.cpp:
(JSC::DFG::InPlaceAbstractState::endBasicBlock):
(JSC::DFG::InPlaceAbstractState::merge):
Canonical link: https://commits.webkit.org/263909@main
More information about the webkit-changes
mailing list