You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Promote reference-only WebKit PR-249 files only when zig-js implements the underlying behavior, while keeping blockers machine-auditable.
Current baseline
The allowlist has 236 promoted files out of 259 executable files: 234 in the default corpus plus 2 no-GIL-only witnesses. zig build threads-reference-audit rejects uncategorized executable cases, and maintained negative probes verify the nearest blockers. The audit currently classifies 24 executable reference-only files plus 5 helper/preload files.
Remaining categories
WebAssembly-dependent witnesses.
JIT/compiler hooks, code-artifact hooks, and shell controls not exposed by zig-js.
JSC-specific butterfly verification assumptions that are not portable to zig-js.
Detached-source fresh-view construction assumptions that zig-js deliberately rejects after ArrayBuffer transfer.
Remaining semantic cases whose current failure evidence is listed by the audit tool.
Recently resolved from this tracker
semantics/oom-one-thread.js is promoted after the heap-cap collect/retry work.
The portable part of cve/mc-df-arraycopy-relabel.js is now covered by zig-js-owned TypedArray source-length snapshot witnesses; the reference file remains out for its JSC butterfly-verification shape.
The portable creator-owned buffer lifetime subset behind cve/mc-life-creator-thread-dies.js is covered by unit/threadfuzz witnesses; the reference file remains out for detached-source fresh-view construction.
b0f5193e promoted cve/mc-init-direct-arguments-override.js after bounding its no-GIL stress arm and fast-pathing mapped-arguments indexed get/set through exact local helpers; focused default and no-GIL runs pass, and the audit now reports 236/259 promoted executable files.
Four additional PR-249 references were promoted in d74fa86c: cve/mc-init-butterfly-grow-slack.js, cve/mc-jit-delete-reuse-stale-offset.js, cve/mc-jit-double-relabel-stale-shape.js, and cve/mc-jit-ta-resize-hoisted-base.js.
Parent: #1
Goal
Promote reference-only WebKit PR-249 files only when zig-js implements the underlying behavior, while keeping blockers machine-auditable.
Current baseline
The allowlist has 236 promoted files out of 259 executable files: 234 in the default corpus plus 2 no-GIL-only witnesses.
zig build threads-reference-auditrejects uncategorized executable cases, and maintained negative probes verify the nearest blockers. The audit currently classifies 24 executable reference-only files plus 5 helper/preload files.Remaining categories
Recently resolved from this tracker
semantics/oom-one-thread.jsis promoted after the heap-cap collect/retry work.cve/mc-df-arraycopy-relabel.jsis now covered by zig-js-owned TypedArray source-length snapshot witnesses; the reference file remains out for its JSC butterfly-verification shape.cve/mc-life-creator-thread-dies.jsis covered by unit/threadfuzz witnesses; the reference file remains out for detached-source fresh-view construction.b0f5193epromotedcve/mc-init-direct-arguments-override.jsafter bounding its no-GIL stress arm and fast-pathing mapped-arguments indexed get/set through exact local helpers; focused default and no-GIL runs pass, and the audit now reports236/259promoted executable files.d74fa86c:cve/mc-init-butterfly-grow-slack.js,cve/mc-jit-delete-reuse-stale-offset.js,cve/mc-jit-double-relabel-stale-shape.js, andcve/mc-jit-ta-resize-hoisted-base.js.cve/mc-init-direct-arguments-override.js, which passes serialized/default focused runs but still exceeds the no-GIL promotion budget.Rules
Acceptance criteria