Bug 289746

<rdar://problem/146996893>

Pull request: https://github.com/WebKit/WebKit/pull/42440

Committed 292135@main (1baafd6f56d4): <https://commits.webkit.org/292135@main> Reviewed commits have been landed. Closing PR #42440 and removing active labels.

Debug build became very crashy. Buildbot: builder Apple-Sonoma-Debug-AppleSilicon-WK2-Tests build 5747 : 292135@main https://build.webkit.org/#/builders/934/builds/5747 ASSERTION FAILED: hasConstant() ./dfg/DFGNode.h(612) : FrozenValue *JSC::DFG::Node::constant() 1 0x12a24175c JSC::DFG::Node::constant() 2 0x12a01d7c4 JSC::DFG::(anonymous namespace)::ConstantHoistingPhase::run() 3 0x12a01d3d8 bool JSC::DFG::runAndLog<JSC::DFG::(anonymous namespace)::ConstantHoistingPhase>(JSC::DFG::(anonymous namespace)::ConstantHoistingPhase&) 4 0x12a0143b4 bool JSC::DFG::runPhase<JSC::DFG::(anonymous namespace)::ConstantHoistingPhase>(JSC::DFG::Graph&) 5 0x12a01437c JSC::DFG::performConstantHoisting(JSC::DFG::Graph&) 6 0x12a30f220 JSC::DFG::Plan::compileInThreadImpl() 7 0x12a8326ac JSC::JITPlan::compileInThread(JSC::JITWorklistThread*) 8 0x12a88fbf8 JSC::JITWorklistThread::work() 9 0x128ca5fd0 WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0::operator()() const 10 0x128ca5b80 WTF::Detail::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0, void>::call() 11 0x128cc4d7c WTF::Function<void ()>::operator()() const 12 0x128e1a7e4 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) 13 0x128e27060 WTF::wtfThreadEntryPoint(void*) 14 0x1851cdf94 _pthread_start 15 0x1851c8d34 thread_start com.apple.WebKit.WebContent.Development terminated (pid 37681) for reason: crash LEAK: 1 WebPageProxy

For example, https://results.webkit.org/?suite=layout-tests&test=fast%2Fcanvas%2Fcanvas-put-image-data-after-draw.html&style=debug

Fixed https://github.com/WebKit/WebKit/commit/b8667ed49c48e4da69a0aa9bd003acedae8d6144