[webkit-reviews] review granted: [Bug 109371] DFG should not change its mind about what type speculations a node does, by encoding the checks in the NodeType, UseKind, and ArrayMode : [Attachment 189455] the patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Feb 21 11:21:48 PST 2013
Oliver Hunt <oliver at apple.com> has granted Filip Pizlo <fpizlo at apple.com>'s
request for review:
Bug 109371: DFG should not change its mind about what type speculations a node
does, by encoding the checks in the NodeType, UseKind, and ArrayMode
https://bugs.webkit.org/show_bug.cgi?id=109371
Attachment 189455: the patch
https://bugs.webkit.org/attachment.cgi?id=189455&action=review
------- Additional Comments from Oliver Hunt <oliver at apple.com>
View in context: https://bugs.webkit.org/attachment.cgi?id=189455&action=review
> Source/JavaScriptCore/dfg/DFGAbstractState.cpp:1298
> + ASSERT(!(value.m_type & ~SpecCell)); // Edge filtering should have
already ensured this.
What happens if there's a bug and this is wrong? will we handle it safely or
should this be a RELEASE_ASSERT?
> Source/JavaScriptCore/dfg/DFGNodeAllocator.h:41
> +typedef Allocator<Node, 112> NodeAllocator;
> +#else
> +typedef Allocator<Node, 80> NodeAllocator;
What are these magic numbers?
More information about the webkit-reviews
mailing list