Bug 66160

Summary: DFG JIT has inconsistent use of boxDouble and unboxDouble, inconsistent use of assertions regarding doubles, and those assertions are not turned on in debug builds
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: barraclough, fpizlo, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
the patch none

Description Filip Pizlo 2011-08-12 13:39:21 PDT
The DFG JIT has helper methods for boxing and unboxing doubles, but they are not always used, leading to code duplication.  The DFG JIT has a way of emitting assertions that something that it thinks is a boxed double is in fact a bosed double, and it uses those assertions in one place (where the code for unboxDouble is duplicated, no less) but not in others.  Furthermore, the JIT assertions (assertions emitted in the code stream) are not enabled in debug builds by default, which greatly reduces their utility.  The DFG JIT should enable JIT assertions in debug builds, should use existing assertions (such as AssertIsJSDouble) during boxing and unboxing, and should not duplicate the code for boxing and unboxing.
Comment 1 Filip Pizlo 2011-08-12 13:43:38 PDT
Created attachment 103808 [details]
the patch
Comment 2 WebKit Review Bot 2011-08-12 16:28:00 PDT
Comment on attachment 103808 [details]
the patch

Clearing flags on attachment: 103808

Committed r93010: <http://trac.webkit.org/changeset/93010>
Comment 3 WebKit Review Bot 2011-08-12 16:28:04 PDT
All reviewed patches have been landed.  Closing bug.