Bug 287502

Summary:	[JSC] DirectArguments::visitChildrenImpl calls JSObject::visitChildrenImpl twice
Product:	WebKit	Reporter:	xc.o.c.1180 <xc.o.c.1180>
Component:	JavaScriptCore	Assignee:	Yusuke Suzuki <ysuzuki>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	mark.lam, webkit-bug-importer, ysuzuki
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

xc.o.c.1180@gmail.com

Reported 2025-02-11 11:51:50 PST

DirectArguments does not declare Base, the Base is GenericArguments Base which is JSNonFinalObject. First, Base::visitChildren(thisObject, visitor); Second, GenericArguments<DirectArguments>::visitChildren(thisCell, visitor); Should be similar to ScopedArguments.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2025-02-18 11:52:25 PST

<rdar://problem/145080419>

Yusuke Suzuki

Comment 2 2025-02-21 15:22:46 PST

Pull request: https://github.com/WebKit/WebKit/pull/41102

EWS

Comment 3 2025-02-21 16:51:54 PST

Committed 290839@main (9996e4031b79): <https://commits.webkit.org/290839@main> Reviewed commits have been landed. Closing PR #41102 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.