Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 0a18d6a5399412f622ee63b867e4659c0d7b05ac
https://github.com/WebKit/WebKit/commit/0a18d6a5399412f622ee63b867e4659c0d7b05ac
Author: Keith Miller <[email protected]>
Date: 2025-09-25 (Thu, 25 Sep 2025)
Changed paths:
M Source/JavaScriptCore/dfg/DFGValidate.cpp
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
Log Message:
-----------
Validation rule for PhantomNewArrayWithButterfly is overly conservative
https://bugs.webkit.org/show_bug.cgi?id=299530
rdar://161331072
Reviewed by Yusuke Suzuki.
Relax our validation rules for a PhantomNewArrayWithButterfly pointing to
a non-Phantom NewButterflyWithSize. We're seeing crashes of this on builds
but don't have any obvious repro steps. It seems like it should be fine
to have a PhantomNewArrayWithButterfly that has an allocated Butterfly
as long as nothing is actually stored into that Butterfly. This should
hopefully solve the crashes.
Canonical link: https://commits.webkit.org/300523@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
