Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 9074c1d4ba4ff03742db0a8630bbd16c20e8276b
https://github.com/WebKit/WebKit/commit/9074c1d4ba4ff03742db0a8630bbd16c20e8276b
Author: Yusuke Suzuki <ysuz...@apple.com>
Date: 2023-08-03 (Thu, 03 Aug 2023)
Changed paths:
M
LayoutTests/platform/ios-wk2/fast/dom/focus-dialog-blur-input-type-change-crash-expected.txt
M Source/JavaScriptCore/bytecode/BytecodeList.rb
M Source/JavaScriptCore/bytecode/BytecodeOperandsForCheckpoint.h
M Source/JavaScriptCore/bytecode/BytecodeUseDef.cpp
M Source/JavaScriptCore/bytecode/CallLinkInfo.cpp
M Source/JavaScriptCore/bytecode/CodeBlock.cpp
M Source/JavaScriptCore/bytecode/Opcode.h
M Source/JavaScriptCore/bytecode/OpcodeInlines.h
M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
M Source/JavaScriptCore/dfg/DFGGraph.cpp
M Source/JavaScriptCore/dfg/DFGNodeType.h
M Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
M Source/JavaScriptCore/ftl/FTLSlowPathCall.h
M Source/JavaScriptCore/jit/CallFrameShuffler.cpp
M Source/JavaScriptCore/jit/JIT.cpp
M Source/JavaScriptCore/jit/JIT.h
M Source/JavaScriptCore/jit/JITCall.cpp
M Source/JavaScriptCore/llint/LLIntOpcode.h
M Source/JavaScriptCore/llint/LLIntThunks.cpp
M Source/JavaScriptCore/llint/LowLevelInterpreter.asm
M Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
M Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
M Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
M Source/JavaScriptCore/runtime/FileBasedFuzzerAgent.cpp
M Source/JavaScriptCore/runtime/Gate.h
M Source/JavaScriptCore/runtime/PredictionFileCreatingFuzzerAgent.cpp
Log Message:
-----------
Unreviewed, relanding 266519@main
https://bugs.webkit.org/show_bug.cgi?id=259749
rdar://113292761
Relanding 266519@main with one fix, adding OpCallIgnoreResult to ArrayProfile
list in Opcode.h
*
LayoutTests/platform/ios-wk2/fast/dom/focus-dialog-blur-input-type-change-crash-expected.txt:
* Source/JavaScriptCore/bytecode/BytecodeList.rb:
* Source/JavaScriptCore/bytecode/BytecodeOperandsForCheckpoint.h:
(JSC::destinationFor):
* Source/JavaScriptCore/bytecode/BytecodeUseDef.cpp:
(JSC::computeUsesForBytecodeIndexImpl):
(JSC::computeDefsForBytecodeIndexImpl):
* Source/JavaScriptCore/bytecode/CallLinkInfo.cpp:
(JSC::CallLinkInfo::callTypeFor):
* Source/JavaScriptCore/bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finishCreation):
* Source/JavaScriptCore/bytecode/Opcode.h:
* Source/JavaScriptCore/bytecode/OpcodeInlines.h:
(JSC::isOpcodeShape):
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::generate):
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitCallInTailPosition):
(JSC::BytecodeGenerator::emitCall):
(JSC::BytecodeGenerator::emitCallVarargsInTailPosition):
(JSC::BytecodeGenerator::emitCallForwardArgumentsInTailPosition):
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::emitNode):
(JSC::BytecodeGenerator::emitNodeInTailPositionFromReturnNode):
(JSC::BytecodeGenerator::emitNodeInTailPositionFromExprStatementNode):
* Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp:
(JSC::ExprStatementNode::emitBytecode):
(JSC::ReturnNode::emitBytecode):
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
(JSC::DFG::ByteCodeParser::handleCallVariant):
(JSC::DFG::ByteCodeParser::handleMinMax):
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
(JSC::DFG::ByteCodeParser::parseBlock):
* Source/JavaScriptCore/dfg/DFGGraph.cpp:
(JSC::DFG::Graph::methodOfGettingAValueProfileFor):
* Source/JavaScriptCore/dfg/DFGNodeType.h:
* Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::callerReturnPC):
(JSC::DFG::reifyInlinedCallFrames):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileFunction):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::lower):
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* Source/JavaScriptCore/ftl/FTLSlowPathCall.h:
(JSC::FTL::callOperation):
* Source/JavaScriptCore/jit/CallFrameShuffler.cpp:
(JSC::CallFrameShuffler::prepareAny):
* Source/JavaScriptCore/jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
* Source/JavaScriptCore/jit/JIT.h:
* Source/JavaScriptCore/jit/JITCall.cpp:
(JSC::JIT::compileSetupFrame):
(JSC::JIT::compileOpCall):
(JSC::JIT::emit_op_call_ignore_result):
(JSC::JIT::emitSlow_op_call_ignore_result):
* Source/JavaScriptCore/llint/LLIntOpcode.h:
* Source/JavaScriptCore/llint/LLIntThunks.cpp:
(JSC::LLInt::returnLocationThunk):
* Source/JavaScriptCore/llint/LowLevelInterpreter.asm:
* Source/JavaScriptCore/llint/LowLevelInterpreter.cpp:
(JSC::CLoop::execute):
* Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm:
* Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:
* Source/JavaScriptCore/runtime/FileBasedFuzzerAgent.cpp:
(JSC::FileBasedFuzzerAgent::getPredictionInternal):
* Source/JavaScriptCore/runtime/Gate.h:
* Source/JavaScriptCore/runtime/PredictionFileCreatingFuzzerAgent.cpp:
(JSC::PredictionFileCreatingFuzzerAgent::getPredictionInternal):
Canonical link: https://commits.webkit.org/266537@main
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
