[webkit-changes] [WebKit/WebKit] ebefb9: Cherry-pick 263909@main (52fe95e5805c). https://bu...

Thu, 22 Jun 2023 14:39:13 -0700 

  Branch: refs/heads/webkitglib/2.40
  Home:   https://github.com/WebKit/WebKit
  Commit: ebefb9e6b7e7440ab6bb29452f4ac6350bd8b975
      
https://github.com/WebKit/WebKit/commit/ebefb9e6b7e7440ab6bb29452f4ac6350bd8b975
  Author: Yijia Huang <yijia_hu...@apple.com>
  Date:   2023-06-22 (Thu, 22 Jun 2023)

  Changed paths:
    A JSTests/stress/heap-location-collision-dfg-clobberize.js
    M Source/JavaScriptCore/dfg/DFGClobberize.h
    M Source/JavaScriptCore/dfg/DFGHeapLocation.cpp
    M Source/JavaScriptCore/dfg/DFGHeapLocation.h

  Log Message:
  -----------
  Cherry-pick 263909@main (52fe95e5805c). 
https://bugs.webkit.org/show_bug.cgi?id=256567

    EnumeratorNextUpdateIndexAndMode and HasIndexedProperty should have 
different heap location kinds
    https://bugs.webkit.org/show_bug.cgi?id=256567
    rdar://109089013

    Reviewed by Yusuke Suzuki.

    EnumeratorNextUpdateIndexAndMode and HasIndexedProperty are different DFG 
nodes. However,
    they might introduce the same heap location kind in DFGClobberize.h which 
might lead to
    hash collision. We should introduce a new locationn kind for 
EnumeratorNextUpdateIndexAndMode.

    * JSTests/stress/heap-location-collision-dfg-clobberize.js: Added.
    (foo):
    * Source/JavaScriptCore/dfg/DFGClobberize.h:
    (JSC::DFG::clobberize):
    * Source/JavaScriptCore/dfg/DFGHeapLocation.cpp:
    (WTF::printInternal):
    * Source/JavaScriptCore/dfg/DFGHeapLocation.h:

    Canonical link: https://commits.webkit.org/263909@main

Canonical link: https://commits.webkit.org/260527.376@webkitglib/2.40


_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to