Bug 233571

Summary: [JSC] GetTypedArrayLengthAsInt52 can get Array::Generic ArrayMode
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: New BugsAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch mark.lam: review+

Yusuke Suzuki
Reported 2021-11-29 10:05:00 PST
[JSC] GetTypedArrayLengthAsInt52 can get Array::Generic ArrayMode
Attachments
Patch (7.18 KB, patch)
2021-11-29 10:07 PST, Yusuke Suzuki 		mark.lam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2021-11-29 10:07:09 PST
Created attachment 445291 [details] Patch
Yusuke Suzuki
Comment 2 2021-11-29 10:07:14 PST
<rdar://problem/85812164>
Mark Lam
Comment 3 2021-11-29 10:25:43 PST
Comment on attachment 445291 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=445291&action=review r=me > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:5110 > + // If arrayMode is ForceExit, we do not compile it. I suggest rephrasing this as "If arrayMode is ForceExit, we would not compile this node and hence, should not have arrived here."
Yusuke Suzuki
Comment 4 2021-11-29 11:09:52 PST
Comment on attachment 445291 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=445291&action=review Thanks! >> Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:5110 >> + // If arrayMode is ForceExit, we do not compile it. > > I suggest rephrasing this as "If arrayMode is ForceExit, we would not compile this node and hence, should not have arrived here." Sounds good. Changed.
Yusuke Suzuki
Comment 5 2021-11-29 11:10:32 PST
Committed r286228 (244609@main): <https://commits.webkit.org/244609@main>
Note You need to log in before you can comment on or make changes to this bug.