[Webkit-unassigned] [Bug 82135] New: DFG int-to-double conversion should be revealed to CSE
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Mar 24 15:28:03 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=82135
Summary: DFG int-to-double conversion should be revealed to CSE
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: fpizlo at apple.com
Currently if we have an integer variable, like:
var x = 1;
And we use it in multiple places in a context that requires conversion to double, like:
... = x * 0.5;
... = sqrt(x);
Then we will convert it to double on each of those uses. That's wasteful, and we should be able to remember that the conversion had already been performed by separately tracking the converted-to-double version of the value.
We have an even more gross problem if we do the following:
var x = o.f; // o.f predicted int
... = x * 0.5;
... = array[x];
The first statement will format x as a JSValue. The second statement will speculate that x is a number and convert it to a double in-place. The third statement will then end up doing horrible slow things to try to perform an array access using a double as an index.
Again, if we had a way of separately tracking the converted-to-double form of this integer variable, this would not be a problem.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list