Bug 126543

Summary:

FTL should ascribe range meta-data when loading array.length

Product:

WebKit

Reporter:

Filip Pizlo <fpizlo>

Component:

JavaScriptCore

Assignee:

Filip Pizlo <fpizlo>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

atrick, barraclough, ggaren, mark.lam, mhahnenberg, msaboff, nrotem, oliver, sam

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Bug Depends on:

Bug Blocks:

112840

Attachments:

Description	Flags
the patch	ggaren: review+

Description Filip Pizlo 2014-01-06 15:41:01 PST

This will allow some interesting optimizations on the LLVM side.

Comment 1 Filip Pizlo 2014-01-19 17:20:46 PST

Created attachment 221604 [details]
the patch

Comment 2 Filip Pizlo 2014-01-19 17:22:34 PST

Landed in branch in http://trac.webkit.org/changeset/162299

Comment 3 Geoffrey Garen 2014-01-19 17:59:37 PST

Comment on attachment 221604 [details]
the patch

View in context: https://bugs.webkit.org/attachment.cgi?id=221604&action=review

r=me

> Source/JavaScriptCore/ftl/FTLCommonValues.cpp:65
> +    , nonNegativeInt32(constInt(int32, 0, SignExtend), constInt(int32, 1ll << 31, SignExtend))

Why the "ll" after the "1"?

Comment 4 Filip Pizlo 2014-01-19 18:12:23 PST

(In reply to comment #3)
> (From update of attachment 221604 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=221604&action=review
> 
> r=me
> 
> > Source/JavaScriptCore/ftl/FTLCommonValues.cpp:65
> > +    , nonNegativeInt32(constInt(int32, 0, SignExtend), constInt(int32, 1ll << 31, SignExtend))
> 
> Why the "ll" after the "1"?

constInt() takes a long long, so I figured that I'd avoid all ambiguity in the implicit integer casting by just starting out with 1 being a long long.

Also, "1" is a 32-bit int and 2^31 isn't a valid 32-bit int value.  So, 1 << 31 is subject to some overflow rules, and I don't feel like figuring out what exactly they are.  It's one of those things that feels like it might fall under undefined behavior and I don't like having to think about that.