Bug 69215

Summary: Support string length in the DFG
Product: WebKit Reporter: Oliver Hunt <oliver>
Component: New BugsAssignee: Oliver Hunt <oliver>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch ggaren: review+

Description Oliver Hunt 2011-10-01 12:27:34 PDT 
Support string length in the DFG
Comment 1 Oliver Hunt 2011-10-01 12:31:39 PDT 
Created attachment 109406 [details]
Patch
Comment 2 Geoffrey Garen 2011-10-01 14:28:44 PDT 
Comment on attachment 109406 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=109406&action=review

r=me

> Source/JavaScriptCore/dfg/DFGPropagator.cpp:715
>              if (!isInt32Prediction(m_predictions[m_compileIndex]))
>                  break;

Not super important, but I think you're guaranteed to have an int once you have an array / string .length property.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:1730
> +        speculationCheck(m_jit.branch32(MacroAssembler::LessThan, resultGPR, MacroAssembler::TrustedImm32(0)));

I believe we could remove this branch, and the branch on array length access, if we changed array and string length to int from unsigned, and limited their lengths to 2^31-1.
Comment 3 Oliver Hunt 2011-10-01 14:46:42 PDT 
Committed r96461