RESOLVED FIXED Bug 69721
JSVALUE32_64 DFG JIT - Bug fix for ConvertThis 
https://bugs.webkit.org/show_bug.cgi?id=69721
Summary JSVALUE32_64 DFG JIT - Bug fix for ConvertThis
Yuqiang Xian
Reported 2011-10-09 04:40:52 PDT
Patch soon.
Attachments
the patch (1.63 KB, patch)
2011-10-09 04:45 PDT, Yuqiang Xian 		fpizlo: review-
fpizlo: commit-queue-
DetailsFormatted DiffDiff
the patch (1.76 KB, patch)
2011-10-09 18:20 PDT, Yuqiang Xian 		darin: review+
darin: commit-queue-
DetailsFormatted DiffDiff
patch addressing Darin's comments (1.77 KB, patch)
2011-10-09 19:38 PDT, Yuqiang Xian 		barraclough: review+
barraclough: commit-queue+
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Yuqiang Xian
Comment 1 2011-10-09 04:45:04 PDT
Created attachment 110298 [details] the patch
Filip Pizlo
Comment 2 2011-10-09 12:09:58 PDT
Comment on attachment 110298 [details] the patch This doesn't look right. I think you should be catching the case where thisValueTagGPR holds NullTag. I think that's what this code was trying to do (and failing).
Yuqiang Xian
Comment 3 2011-10-09 18:20:35 PDT
Created attachment 110314 [details] the patch oh...
Darin Adler
Comment 4 2011-10-09 19:29:08 PDT
Comment on attachment 110314 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=110314&action=review > Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:1762 > + ASSERT((JSValue::UndefinedTag + 1 == JSValue::NullTag) && (JSValue::NullTag & 0x1)); As I mentioned in the other bug, this assertion should be: COMPILE_ASSERT((JSValue::UndefinedTag | 1) == JSValue::NullTag);
Yuqiang Xian
Comment 5 2011-10-09 19:38:43 PDT
Created attachment 110318 [details] patch addressing Darin's comments
WebKit Review Bot
Comment 6 2011-10-09 20:10:17 PDT
Comment on attachment 110318 [details] patch addressing Darin's comments Clearing flags on attachment: 110318 Committed r97037: <http://trac.webkit.org/changeset/97037>
WebKit Review Bot
Comment 7 2011-10-09 20:10:22 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.