[Webkit-unassigned] [Bug 66160] New: DFG JIT has inconsistent use of boxDouble and unboxDouble, inconsistent use of assertions regarding doubles, and those assertions are not turned on in debug builds
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Aug 12 13:39:20 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=66160
Summary: DFG JIT has inconsistent use of boxDouble and
unboxDouble, inconsistent use of assertions regarding
doubles, and those assertions are not turned on in
debug builds
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: fpizlo at apple.com
The DFG JIT has helper methods for boxing and unboxing doubles, but they are not always used, leading to code duplication. The DFG JIT has a way of emitting assertions that something that it thinks is a boxed double is in fact a bosed double, and it uses those assertions in one place (where the code for unboxDouble is duplicated, no less) but not in others. Furthermore, the JIT assertions (assertions emitted in the code stream) are not enabled in debug builds by default, which greatly reduces their utility. The DFG JIT should enable JIT assertions in debug builds, should use existing assertions (such as AssertIsJSDouble) during boxing and unboxing, and should not duplicate the code for boxing and unboxing.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list