[webkit-changes] [WebKit/WebKit] 617664: [JSC] Fix stale assertion in Loop Unrolling
Yusuke Suzuki
noreply at github.com
Tue Jan 28 05:25:04 PST 2025
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 617664a6c6902140a6ccf69f832c7dba23f45645
https://github.com/WebKit/WebKit/commit/617664a6c6902140a6ccf69f832c7dba23f45645
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2025-01-28 (Tue, 28 Jan 2025)
Changed paths:
M Source/JavaScriptCore/dfg/DFGLoopUnrollingPhase.cpp
Log Message:
-----------
[JSC] Fix stale assertion in Loop Unrolling
https://bugs.webkit.org/show_bug.cgi?id=286601
rdar://143723904
Reviewed by Yijia Huang.
If tail's branch is both jumping to the loop, then we should fail loop
unrolling. This condition is only met when we already unrolled this loop
before, and in the following condition check, we always fail already
because condition will be just jsBoolean(true) (so loop unrolling fails
with this). But debug assertion hits here.
* Source/JavaScriptCore/dfg/DFGLoopUnrollingPhase.cpp:
(JSC::DFG::LoopUnrollingPhase::locateTail):
Canonical link: https://commits.webkit.org/289436@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list