This may be a question for webkit-dev, but I thought I'd check here first since
I'm using qtwebkit-tp3.
On an arm 32-bit platform in SpeculativeJIT::speculate, I occasionally hit the
default handler which contains a release assert when using the WebInspector:
switch (edge.useKind()) {
...
default:
RELEASE_ASSERT_NOT_REACHED();
break;
}
The value of edge.useKind() causing this is MachineIntUse. The case handler for
this value has been ifdef'd out on my platform:
#if USE(JSVALUE64)
case MachineIntUse:
speculateMachineInt(edge);
break;
case DoubleRepMachineIntUse:
speculateDoubleRepMachineInt(edge);
break;
#endif
It appears that MachineIntUse is being set in JSC::DFG::FixupPhase::fixupNode
when op is ProfileType:
if (typeSet->doesTypeConformTo(TypeMachineInt)) {
if (node->child1()->shouldSpeculateInt32())
fixEdge<Int32Use>(node->child1());
else
fixEdge<MachineIntUse>(node->child1());
node->remove();
}
I am not at all familiar with this code, but from other usage of MachineIntUse,
I would guess that this should not be used except on a 64-bit platform. Given
that, I am not sure if
1. The typeSet should not conform to TypeMachineInt on 32-bit,
2. shouldSpeculateInt32 should always be true on 32-bit,
3. Int32Use should always be used on 32-bit, or
4. Something else.
I currently am going with 3:
if (typeSet->doesTypeConformTo(TypeMachineInt)) {
#if USE(JSVALUE64)
if (node->child1()->shouldSpeculateInt32())
#endif
fixEdge<Int32Use>(node->child1());
#if USE(JSVALUE64)
else
fixEdge<MachineIntUse>(node->child1());
#endif
}
This has solved my immediate problem, but due to my lack of understanding, this
solution could be quite flawed.
Any help is much appreciated.
Thanks,
Andrew
_______________________________________________
webkit-qt mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-qt
