[webkit-reviews] review denied: [Bug 133660] [ftlopt] Call and Construct DFG nodes aren't always safe to execute : [Attachment 232879] Split Call and Construct DFG nodes into NativeCall and NativeConstruct

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jun 11 13:00:19 PDT 2014 

Filip Pizlo <fpizlo at apple.com> has denied Matthew Mirman <mmirman at apple.com>'s
request for review:
Bug 133660: [ftlopt] Call and Construct DFG nodes aren't always safe to execute
https://bugs.webkit.org/show_bug.cgi?id=133660

Attachment 232879: Split Call and Construct DFG nodes into NativeCall and
NativeConstruct 
https://bugs.webkit.org/attachment.cgi?id=232879&action=review

------- Additional Comments from Filip Pizlo <fpizlo at apple.com>
View in context: https://bugs.webkit.org/attachment.cgi?id=232879&action=review


> Source/JavaScriptCore/dfg/DFGSafeToExecute.h:261
> +	   return false; // TODO: add a check for already checked. 

Can you file a bugzilla bug for this and reference it here?

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:644
> -    if (node->op() != Call)
> -	   ASSERT(node->op() == Construct);
> +    bool isCall = node->op() == Call || node->op() == NativeCall;
> +    if (!isCall)
> +	   ASSERT(node->op() == Construct || node->op() == NativeConstruct);

Why does this check for NativeCall/NativeConstruct?  The DFG backend shouldn't
see them.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:4131
> +    case NativeCall:
> +    case NativeConstruct:

Seems like these cases should be RELEASE_ASSERT_NOT_REACHED().

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:631
> -    if (node->op() != Call)
> -	   RELEASE_ASSERT(node->op() == Construct);
> +
> +    bool isCall = node->op() == Call || node->op() == NativeCall;
> +    if (!isCall)
> +	   RELEASE_ASSERT(node->op() == Construct || node->op() ==
NativeConstruct);

Why does this check for NativeCall/NativeConstruct?  The DFG backend shouldn't
see them.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:4163
> +    case NativeCall:
> +    case NativeConstruct:

Seems like these cases should be RELEASE_ASSERT_NOT_REACHED().

More information about the webkit-reviews mailing list