RESOLVED FIXED 117217
fourthTier: Clean up AbstractValue 
https://bugs.webkit.org/show_bug.cgi?id=117217
Summary fourthTier: Clean up AbstractValue
Filip Pizlo
Reported 2013-06-04 17:21:21 PDT
Patch forthcoming.
Attachments
the patch (15.43 KB, patch)
2013-06-04 17:34 PDT, Filip Pizlo 		oliver: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2013-06-04 17:34:25 PDT
Created attachment 203743 [details] the patch I'm going to try to come up with a test case for this...
Filip Pizlo
Comment 2 2013-06-04 18:15:24 PDT
(In reply to comment #1) > Created an attachment (id=203743) [details] > the patch > > I'm going to try to come up with a test case for this... I tried but failed. This requires a very perverse combination of circumstances to become symptomatic.
Sam Weinig
Comment 3 2013-06-04 21:57:17 PDT
Comment on attachment 203743 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=203743&action=review > Source/JavaScriptCore/dfg/DFGAbstractValue.cpp:220 > + if (!(m_type & SpecCell)) { > + ASSERT(m_currentKnownStructure.isClear()); > + ASSERT(m_futurePossibleStructure.isClear()); > + ASSERT(!m_arrayModes); > + } > + > + if (isClear()) > + ASSERT(!m_value); > + > + if (!!m_value) > + ASSERT(mergeSpeculations(m_type, speculationFromValue(m_value)) == m_type); > + > + // Note that it's possible for a prediction like (Final, []). This really means that > + // the value is bottom and that any code that uses the value is unreachable. But > + // we don't want to get pedantic about this as it would only increase the computational > + // complexity of the code. You could consider putting this all in a #if !ASSERT_DISABLED
Filip Pizlo
Comment 4 2013-06-05 11:13:23 PDT
Landed in http://trac.webkit.org/changeset/151229
Note You need to log in before you can comment on or make changes to this bug.