Branch: refs/heads/webkitglib/2.42 Home: https://github.com/WebKit/WebKit Commit: 1352cc06fa9f7f64f1b3fc5e9a47e904e6f57ba3 https://github.com/WebKit/WebKit/commit/1352cc06fa9f7f64f1b3fc5e9a47e904e6f57ba3 Author: Joseph Griego <jgri...@igalia.com> Date: 2023-09-19 (Tue, 19 Sep 2023)
Changed paths: A JSTests/stress/typed-array-intrinsic-getter-with-conflicting-value-profile.js M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp Log Message: ----------- Cherry-pick 267511@main (7a9106c7a56f). https://bugs.webkit.org/show_bug.cgi?id=260908 [32 bit] DFG graph generation: intrinsic getters are fallible https://bugs.webkit.org/show_bug.cgi?id=260908 Reviewed by Yusuke Suzuki. On 32-bit, unlike 64-bit, some of the DFG intrinsic getters (really, the TypedArray ones) are _fallible_: if the SpeculatedType doesn't match our expecations (a non-strict subset of SpecInt32Only), we refuse to generate code. [1] However, DFG::ByteCodeParser::handleGetById doesn't appear to handle this case gracefully--if `handleIntrinsicGetter` fails, we attempt to generate a call to the getter, but in the case of TypedArray intrinsics, we won't have the necessary CallLinkStatus and while attempting to do so, we crash. To fix this, I've added a bit of code that handles the failure from handleIntrinsicGetter and emits an ordinary `GetById` node instead of trying to inline anything for this op. I've added a test that demonstrates the current behavior (a segfault) on armv7 and passes with tihs patch. [1] For what it's worth, maybe this shouldn't be the case: it does seem like we should still be able to generate code in these cases anyhow, but it's simpler to just cope with the failure. * JSTests/stress/typed-array-intrinsic-getter-with-conflicting-value-profile.js: Added. (foo): (i.null.foo.Object.create): (i.42.foo): * Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handleGetById): Canonical link: https://commits.webkit.org/267511@main _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes