[Webkit-unassigned] [Bug 196055] New: Cap length of an array with spread to MIN_ARRAY_STORAGE_CONSTRUCTION_LENGTH.

Wed Mar 20 21:46:32 PDT 2019

https://bugs.webkit.org/show_bug.cgi?id=196055

            Bug ID: 196055
           Summary: Cap length of an array with spread to
                    MIN_ARRAY_STORAGE_CONSTRUCTION_LENGTH.
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mark.lam at apple.com

We are doing this because:
1. We expect the array to be densely packed.
2. SpeculativeJIT::compileAllocateNewArrayWithSize() (and the FTL equivalent) expects the array length to be less than MIN_ARRAY_STORAGE_CONSTRUCTION_LENGTH if we don't want to use an ArrayStorage shape.
3. There's no reason why an array with spread needs to be that large anyway.  MIN_ARRAY_STORAGE_CONSTRUCTION_LENGTH is plenty.

<rdar://problem/49067448>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190321/56ac2986/attachment.html>