[webkit-changes] [WebKit/WebKit] 7bac52: REGRESSION: JavaScriptCore: JSC::ScopedArguments::...
Michael Saboff
noreply at github.com
Mon Mar 25 13:16:21 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 7bac523bd87dc3ce0c63e66ce5b279ec91e7b9dc
https://github.com/WebKit/WebKit/commit/7bac523bd87dc3ce0c63e66ce5b279ec91e7b9dc
Author: Michael Saboff <msaboff at apple.com>
Date: 2024-03-25 (Mon, 25 Mar 2024)
Changed paths:
M Source/JavaScriptCore/runtime/ScopedArguments.h
M Source/JavaScriptCore/runtime/SymbolTable.cpp
M Source/JavaScriptCore/runtime/SymbolTable.h
Log Message:
-----------
REGRESSION: JavaScriptCore: JSC::ScopedArguments::setIndexQuickly
https://bugs.webkit.org/show_bug.cgi?id=268409
rdar://121748005
Reviewed by Yusuke Suzuki.
A code inspection of the symbol table and scoped arguments code revealed that SymbolTable::cloneScopePart() doesn't
properly copy the ScopedArgumentsTable from the source. Since ScopedArguments point to the WatchpointSets in the
related SymbolTable, we need to create new WatchpointSets in the cloned SymbolTable and have the ScopedArguments
point to the related new WatchpointSets.
This is a speculative fix.
* Source/JavaScriptCore/runtime/ScopedArguments.h:
* Source/JavaScriptCore/runtime/SymbolTable.cpp:
(JSC::SymbolTable::cloneScopePart):
(JSC::SymbolTable::hasScopedWatchpointSet):
* Source/JavaScriptCore/runtime/SymbolTable.h:
Originally-landed-as: 272448.422 at safari-7618-branch (5bc92c9d5253). rdar://124554329
Canonical link: https://commits.webkit.org/276646@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list