Bug 211395

Summary: [JSC] DFG NotCellUse is used without considering about BigInt32
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: JavaScriptCoreAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch saam: review+

Description Yusuke Suzuki 2020-05-04 13:51:45 PDT 
We are using NonCellUse without considering about BigInt32 case.
Comment 1 Yusuke Suzuki 2020-05-04 15:30:47 PDT 
Created attachment 398426 [details]
Patch
Comment 2 Yusuke Suzuki 2020-05-04 17:38:19 PDT 
<rdar://problem/62845759>
Comment 3 Saam Barati 2020-05-04 21:39:38 PDT 
Comment on attachment 398426 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=398426&action=review

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:10849
> +    GPRReg tempGPR = temp.gpr();

Gonna be unused when USE(BIGINT32) is false

> Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:17609
> +        LValue nonCell = lowNotCell(edge);

You’re gonna need an UNUSED_PARAM below this for non bigint32
Comment 4 Yusuke Suzuki 2020-05-04 22:05:32 PDT 
Committed r261147: <https://trac.webkit.org/changeset/261147>