Bug 217139

<rdar://problem/70059276>

Closing since this method is being scrapped in bug 217449.

Reopening since this is alive again, but under a new name.

Pull request: https://github.com/WebKit/WebKit/pull/27258

Pull request: https://github.com/WebKit/WebKit/pull/35997

Committed 287653@main (a509a5dd2a1c): <https://commits.webkit.org/287653@main> Reviewed commits have been landed. Closing PR #35997 and removing active labels.

Regressed. ASSERTION FAILED: node->op() == GetByVal || node->op() == StringCharAt || node->op() == StringAt C:\BW\Windows-64-bit-Debug-Build\build\Source\JavaScriptCore\dfg\DFGSpeculativeJIT.cpp(2509) : void JSC::DFG::SpeculativeJIT::compileGetByValOnString(Node *, const ScopedLambda<std::tuple<JSValueRegs, DataFormat> (DataFormat, bool)> &) 1 00007FFED58D07B8 JSC::numberOfOSRExitFuzzChecks 2 00007FFED5A82CBC JSC::numberOfOSRExitFuzzChecks 3 00007FFED5922877 JSC::numberOfOSRExitFuzzChecks 4 00007FFED592269E JSC::numberOfOSRExitFuzzChecks 5 00007FFED5A8E97C JSC::numberOfOSRExitFuzzChecks 6 00007FFED58B7B77 JSC::numberOfOSRExitFuzzChecks 7 00007FFED58AB345 JSC::numberOfOSRExitFuzzChecks 8 00007FFED58ABE8B JSC::numberOfOSRExitFuzzChecks 9 00007FFED58572D5 JSC::numberOfOSRExitFuzzChecks 10 00007FFED61E0C38 JSC::OpaqueByproducts::~OpaqueByproducts 11 00007FFED624CC3D JSC::JITSizeStatistics::dump 12 00007FFED72A449A WTF::AutomaticThread::threadIsStopping 13 00007FFED72A4197 WTF::AutomaticThread::threadIsStopping 14 00007FFED592DC4C JSC::numberOfOSRExitFuzzChecks 15 00007FFED73F5E26 WTF::Thread::allThreadsLock 16 00007FFED74CA2D3 WTF::Thread::~Thread 17 00007FFEFA176B4C recalloc 18 00007FFF00114CB0 BaseThreadInitThunk 19 00007FFF0F6FEC4B RtlUserThreadStart ERROR: 000001E82B7A3BD0 - [PID=3288] WebProcessProxy::didClose (web process crash) C:\BW\Windows-64-bit-Debug-Build\build\Source\WebKit\UIProcess/WebProcessProxy.cpp(1278) : virtual void WebKit::WebProcessProxy::didClose(IPC::Connection &) ERROR: 000001E82B7A3BD0 - [PID=3288] WebProcessProxy::processDidTerminateOrFailedToLaunch: reason=Crash C:\BW\Windows-64-bit-Debug-Build\build\Source\WebKit\UIProcess/WebProcessProxy.cpp(1293) : void WebKit::WebProcessProxy::processDidTerminateOrFailedToLaunch(ProcessTerminationReason) ERROR: 000001E82B789E20 - [pageProxyID=8, webPageID=9, PID=3288] WebPageProxy::processDidTerminate: (pid 3288), reason=Crash C:\BW\Windows-64-bit-Debug-Build\build\Source\WebKit\UIProcess/WebPageProxy.cpp(10633) : void WebKit::WebPageProxy::resetStateAfterProcessTermination(ProcessTerminationReason) ERROR: 000001E82B789E20 - [pageProxyID=8, webPageID=9, PID=3288] WebPageProxy::dispatchProcessDidTerminate: reason=Crash C:\BW\Windows-64-bit-Debug-Build\build\Source\WebKit\UIProcess/WebPageProxy.cpp(10687) : void WebKit::WebPageProxy::dispatchProcessDidTerminate(WebProcessProxy &, ProcessTerminationReason) WebProcess terminated (pid 3288) for reason: crash Regressions: Unexpected crashes (2) jquery/attributes.html [ Crash ] jquery/event.html [ Crash ] https://results.webkit.org/?suite=layout-tests&test=jquery%2Fevent.html&style=debug

https://build.webkit.org/results/Apple-Sequoia-Debug-WK2-Tests/287653@main%20(519)/jquery/event-crash-log.txt ASSERTION FAILED: node->op() == GetByVal || node->op() == StringCharAt || node->op() == StringAt /Volumes/Data/worker/Apple-Sequoia-Debug-Build/build/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp(2509) : void JSC::DFG::SpeculativeJIT::compileGetByValOnString(Node *, const ScopedLambda<std::tuple<JSValueRegs, DataFormat> (DataFormat, bool)> &) 1 0x58afcb4f6 JSC::DFG::SpeculativeJIT::compileGetByValOnString(JSC::DFG::Node*, WTF::ScopedLambda<std::__1::tuple<JSC::JSValueRegs, JSC::DataFormat> (JSC::DataFormat, bool)> const&) 2 0x58b2190cf JSC::DFG::SpeculativeJIT::compileGetByVal(JSC::DFG::Node*, WTF::ScopedLambda<std::__1::tuple<JSC::JSValueRegs, JSC::DataFormat> (JSC::DataFormat, bool)> const&) 3 0x58b0357b5 JSC::DFG::SpeculativeJIT::compileEnumeratorGetByVal(JSC::DFG::Node*)::$_0::operator()(JSC::JSValueRegs) const 4 0x58b035641 JSC::DFG::SpeculativeJIT::compileEnumeratorGetByVal(JSC::DFG::Node*) 5 0x58b224751 JSC::DFG::SpeculativeJIT::compile(JSC::DFG::Node*) 6 0x58afaef80 JSC::DFG::SpeculativeJIT::compileCurrentBlock() 7 0x58af9b2cb JSC::DFG::SpeculativeJIT::compileBody() 8 0x58af9c814 JSC::DFG::SpeculativeJIT::compileFunction() 9 0x58c45fb98 JSC::DFG::Plan::compileInThreadImpl() 10 0x58c9776a0 JSC::JITPlan::compileInThread(JSC::JITWorklistThread*) 11 0x58c9d8bdf JSC::JITWorklistThread::work() 12 0x58ad1bbab WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0::operator()() const 13 0x58ad1b769 WTF::Detail::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0, void>::call() 14 0x58ad38187 WTF::Function<void ()>::operator()() const 15 0x58af1c9f9 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) 16 0x58af288f5 WTF::wtfThreadEntryPoint(void*) 17 0x7ff804e9a253 _pthread_start 18 0x7ff804e95bef thread_start com.apple.WebKit.WebContent.Development terminated (pid 98655) for reason: crash

bug#284488 follows up.