[webkit-reviews] review granted: [Bug 180768] JSObjects should have a mask for loading indexed properties : [Attachment 329277] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Dec 13 17:30:21 PST 2017
Mark Lam <mark.lam at apple.com> has granted Keith Miller
<keith_miller at apple.com>'s request for review:
Bug 180768: JSObjects should have a mask for loading indexed properties
https://bugs.webkit.org/show_bug.cgi?id=180768
Attachment 329277: Patch
https://bugs.webkit.org/attachment.cgi?id=329277&action=review
--- Comment #10 from Mark Lam <mark.lam at apple.com> ---
Comment on attachment 329277
--> https://bugs.webkit.org/attachment.cgi?id=329277
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=329277&action=review
r=me with fixes.
> Source/JavaScriptCore/bytecode/AccessCase.cpp:1065
> + // If we were to have any indexed properties then we would need
update the indexing mask on the base object.
did you mean "would need to update"? I also suggest putting a comma after
"indexed properties" before "then".
> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:7701
> + // X86 only has 6 GP registers, which is not enough for the fast
case here. At least without custom code, which is not currently worth the extra
code mantainence.
/mantainence/maintenance/.
> Source/JavaScriptCore/jit/AssemblyHelpers.h:1377
> + // sizeGPR may be either scratch register. If for whatever reason the
butterfly is going to change vector length this function does NOT
> + // update the indexing mask.
This comment seems out of place. There's no use of sizeGPR in the function
below.
> Source/JavaScriptCore/runtime/Butterfly.h:135
> + // If vectorLength() is zero clz is undefined.
> + uint32_t computeIndexingMask() { return
computeIndexingMaskForVectorLength(vectorLength()); } // vectorLength() ?
~((1ll << 63) >> std::clz(static_cast<uint64_t>(vectorLength()) *
sizeof(EncodedJSValue))) : 0; }
The comment at line 134 says that clz is undefined for a zero vectorLength, but
then you go ahead and just call computeIndexingMaskForVectorLength() which uses
std::clz() without a zero check first.
The comment after the function at line 135 doesn't seem to describe what this
function does. It says that the return value is scaled by
sizeof(EncodedJSValue). I think that is wrong.
Please fix.
> Source/JavaScriptCore/runtime/JSObject.cpp:2611
> + auto oldButterfly = butterfly;
> + UNUSED_PARAM(oldButterfly);
What is this for? Please remove if not needed.
More information about the webkit-reviews
mailing list