[webkit-qt] Release assert in JIT on ARM
Andrew Webster
Awebster at arcx.com
Fri Aug 19 08:33:38 PDT 2016
This may be a question for webkit-dev, but I thought I'd check here first since I'm using qtwebkit-tp3.
On an arm 32-bit platform in SpeculativeJIT::speculate, I occasionally hit the default handler which contains a release assert when using the WebInspector:
switch (edge.useKind()) {
...
default:
RELEASE_ASSERT_NOT_REACHED();
break;
}
The value of edge.useKind() causing this is MachineIntUse. The case handler for this value has been ifdef'd out on my platform:
#if USE(JSVALUE64)
case MachineIntUse:
speculateMachineInt(edge);
break;
case DoubleRepMachineIntUse:
speculateDoubleRepMachineInt(edge);
break;
#endif
It appears that MachineIntUse is being set in JSC::DFG::FixupPhase::fixupNode when op is ProfileType:
if (typeSet->doesTypeConformTo(TypeMachineInt)) {
if (node->child1()->shouldSpeculateInt32())
fixEdge<Int32Use>(node->child1());
else
fixEdge<MachineIntUse>(node->child1());
node->remove();
}
I am not at all familiar with this code, but from other usage of MachineIntUse, I would guess that this should not be used except on a 64-bit platform. Given that, I am not sure if
1. The typeSet should not conform to TypeMachineInt on 32-bit,
2. shouldSpeculateInt32 should always be true on 32-bit,
3. Int32Use should always be used on 32-bit, or
4. Something else.
I currently am going with 3:
if (typeSet->doesTypeConformTo(TypeMachineInt)) {
#if USE(JSVALUE64)
if (node->child1()->shouldSpeculateInt32())
#endif
fixEdge<Int32Use>(node->child1());
#if USE(JSVALUE64)
else
fixEdge<MachineIntUse>(node->child1());
#endif
}
This has solved my immediate problem, but due to my lack of understanding, this solution could be quite flawed.
Any help is much appreciated.
Thanks,
Andrew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-qt/attachments/20160819/7580b5ac/attachment.html>
More information about the webkit-qt
mailing list