[webkit-reviews] review granted: [Bug 69215] Support string length in the DFG : [Attachment 109406] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Oct 1 14:28:43 PDT 2011
Geoffrey Garen <ggaren at apple.com> has granted Oliver Hunt <oliver at apple.com>'s
request for review:
Bug 69215: Support string length in the DFG
https://bugs.webkit.org/show_bug.cgi?id=69215
Attachment 109406: Patch
https://bugs.webkit.org/attachment.cgi?id=109406&action=review
------- Additional Comments from Geoffrey Garen <ggaren at apple.com>
View in context: https://bugs.webkit.org/attachment.cgi?id=109406&action=review
r=me
> Source/JavaScriptCore/dfg/DFGPropagator.cpp:715
> if (!isInt32Prediction(m_predictions[m_compileIndex]))
> break;
Not super important, but I think you're guaranteed to have an int once you have
an array / string .length property.
> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:1730
> + speculationCheck(m_jit.branch32(MacroAssembler::LessThan, resultGPR,
MacroAssembler::TrustedImm32(0)));
I believe we could remove this branch, and the branch on array length access,
if we changed array and string length to int from unsigned, and limited their
lengths to 2^31-1.
More information about the webkit-reviews
mailing list