Bug 262181

Summary: [JSC][armv7] Assertion failure in dfg NewMap/NewSet implementations
Product: WebKit Reporter: Joseph Griego <joseph.j.griego>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Joseph Griego 2023-09-27 06:30:25 PDT 
e.g.

```
stress/each-block-at-top-of-polymorphic-call-inlining-should-be-exitOK.js.default: ASSERTION FAILED: JSMap::BucketType::offsetOfKey() + 8 == JSMap::BucketType::offsetOfValue()                                                                                                
stress/each-block-at-top-of-polymorphic-call-inlining-should-be-exitOK.js.default: /home/igalia/jgriego/proj/webkit/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp(11937) : void JSC::DFG::SpeculativeJIT::compileNewMap(JSC::DFG::Node*) 
```

These assertions aren't true on 32-bit and rather than make them portable, I think it makes sense to sink them into the `if CPU(ARM64)` block where they're needed anyways.
Comment 1 Joseph Griego 2023-09-27 06:31:35 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/18276
Comment 2 EWS 2023-09-27 11:38:13 PDT 
Committed 268525@main (77e6461ff053): <https://commits.webkit.org/268525@main>

Reviewed commits have been landed. Closing PR #18276 and removing active labels.
Comment 3 Radar WebKit Bug Importer 2023-09-27 11:39:19 PDT 
<rdar://problem/116133577>