UNCONFIRMED 117554
DFG NewTypedArray should be a DCE candidate 
https://bugs.webkit.org/show_bug.cgi?id=117554
Summary DFG NewTypedArray should be a DCE candidate
evan.exe
Reported 2013-06-12 11:40:39 PDT
The attached page uses binary search to find the maximum size that the Uint8Array constructor accepts. In Firefox and Chrome the test completes in 4 seconds but with both Safari and WebKit Nightly the test takes 15 minutes and eats up 40gb of virtual memory. This is on a MacBook Air with 4gb of memory.
Attachments
typed-array-limit.html (1.09 KB, text/html)
2013-06-12 11:42 PDT, evan.exe 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
evan.exe
Comment 1 2013-06-12 11:42:39 PDT
Created attachment 204465 [details] typed-array-limit.html
Alexey Proskuryakov
Comment 2 2014-01-23 16:03:48 PST
Safari 7 says "Maximum is around 2048mb, found in 37.4 seconds". This is nowhere as horrible as before, but still still 10x slower than Firefox. ToT is about 20% slower on top of that.
Filip Pizlo
Comment 3 2014-01-23 16:19:58 PST
I think that the title is a bit dramatic. I suspect that all that we're missing is the compiler smarts to eliminate the allocation of the typed array entirely. In this program, the statement: new Uint8Array(mid); is trivially dead code. Our optimizing compiler currently refuses to DCE typed array allocations because of (likely unfounded) paranoia about the typed array allocation having observable error checking. It probably has no observable error checking if the constructor is known to be passed an integer and that integer is non-negative.
Note You need to log in before you can comment on or make changes to this bug.