nephele
/
haikuwebkit
1
0
Fork 0
Code Issues Releases Activity
haikuwebkit/Source/WTF/wtf/DeferrableRefCounted.h

121 lines
3.3 KiB
C
Raw Permalink Normal View History

Typed arrays should be rewritten https://bugs.webkit.org/show_bug.cgi?id=119064 .: Reviewed by Oliver Hunt. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * Source/autotools/symbols.filter: Source/JavaScriptCore: Reviewed by Oliver Hunt. Typed arrays were previously deficient in several major ways: - They were defined separately in WebCore and in the jsc shell. The two implementations were different, and the jsc shell one was basically wrong. The WebCore one was quite awful, also. - Typed arrays were not visible to the JIT except through some weird hooks. For example, the JIT could not ask "what is the Structure that this typed array would have if I just allocated it from this global object". Also, it was difficult to wire any of the typed array intrinsics, because most of the functionality wasn't visible anywhere in JSC. - Typed array allocation was brain-dead. Allocating a typed array involved two JS objects, two GC weak handles, and three malloc allocations. - Neutering. It involved keeping tabs on all native views but not the view wrappers, even though the native views can autoneuter just by asking the buffer if it was neutered anytime you touch them; while the JS view wrappers are the ones that you really want to reach out to. - Common case-ing. Most typed arrays have one buffer and one view, and usually nobody touches the buffer. Yet we created all of that stuff anyway, using data structures optimized for the case where you had a lot of views. - Semantic goofs. Typed arrays should, in the future, behave like ES features rather than DOM features, for example when it comes to exceptions. Firefox already does this and I agree with them. This patch cleanses our codebase of these sins: - Typed arrays are almost entirely defined in JSC. Only the lifecycle management of native references to buffers is left to WebCore. - Allocating a typed array requires either two GC allocations (a cell and a copied storage vector) or one GC allocation, a malloc allocation, and a weak handle (a cell and a malloc'd storage vector, plus a finalizer for the latter). The latter is only used for oversize arrays. Remember that before it was 7 allocations no matter what. - Typed arrays require just 4 words of overhead: Structure*, Butterfly*, mode/length, void* vector. Before it was a lot more than that - remember, there were five additional objects that did absolutely nothing for anybody. - Native views aren't tracked by the buffer, or by the wrappers. They are transient. In the future we'll probably switch to not even having them be malloc'd. - Native array buffers have an efficient way of tracking all of their JS view wrappers, both for neutering, and for lifecycle management. The GC special-cases native array buffers. This saves a bunch of grief; for example it means that a JS view wrapper can refer to its buffer via the butterfly, which would be dead by the time we went to finalize. - Typed array semantics now match Firefox, which also happens to be where the standards are going. The discussion on webkit-dev seemed to confirm that Chrome is also heading in this direction. This includes making Uint8ClampedArray not a subtype of Uint8Array, and getting rid of ArrayBufferView as a JS-visible construct. This is up to a 10x speed-up on programs that allocate a lot of typed arrays. It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for further typed array optimizations in the JSC JITs, including inlining typed array allocation, inlining more of the accessors, reducing the cost of type checks, etc. An additional property of this patch is that typed arrays are mostly implemented using templates. This deduplicates a bunch of code, but does mean that we need some hacks for exporting s_info's of template classes. See JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly low-impact compared to code duplication. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * CMakeLists.txt: * DerivedSources.make: * GNUmakefile.list.am: * JSCTypedArrayStubs.h: Removed. * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * bytecode/ByValInfo.h: (JSC::hasOptimizableIndexingForClassInfo): (JSC::jitArrayModeForClassInfo): (JSC::typedArrayTypeForJITArrayMode): * bytecode/SpeculatedType.cpp: (JSC::speculationFromClassInfo): * dfg/DFGArrayMode.cpp: (JSC::DFG::toTypedArrayType): * dfg/DFGArrayMode.h: (JSC::DFG::ArrayMode::typedArrayType): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetArrayLength): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * heap/CopyToken.h: * heap/DeferGC.h: (JSC::DeferGCForAWhile::DeferGCForAWhile): (JSC::DeferGCForAWhile::~DeferGCForAWhile): * heap/GCIncomingRefCounted.h: Added. (JSC::GCIncomingRefCounted::GCIncomingRefCounted): (JSC::GCIncomingRefCounted::~GCIncomingRefCounted): (JSC::GCIncomingRefCounted::numberOfIncomingReferences): (JSC::GCIncomingRefCounted::incomingReferenceAt): (JSC::GCIncomingRefCounted::singletonFlag): (JSC::GCIncomingRefCounted::hasVectorOfCells): (JSC::GCIncomingRefCounted::hasAnyIncoming): (JSC::GCIncomingRefCounted::hasSingleton): (JSC::GCIncomingRefCounted::singleton): (JSC::GCIncomingRefCounted::vectorOfCells): * heap/GCIncomingRefCountedInlines.h: Added. (JSC::::addIncomingReference): (JSC::::filterIncomingReferences): * heap/GCIncomingRefCountedSet.h: Added. (JSC::GCIncomingRefCountedSet::size): * heap/GCIncomingRefCountedSetInlines.h: Added. (JSC::::GCIncomingRefCountedSet): (JSC::::~GCIncomingRefCountedSet): (JSC::::addReference): (JSC::::sweep): (JSC::::removeAll): (JSC::::removeDead): * heap/Heap.cpp: (JSC::Heap::addReference): (JSC::Heap::extraSize): (JSC::Heap::size): (JSC::Heap::capacity): (JSC::Heap::collect): (JSC::Heap::decrementDeferralDepth): (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): * heap/Heap.h: * interpreter/CallFrame.h: (JSC::ExecState::dataViewTable): * jit/JIT.h: * jit/JITPropertyAccess.cpp: (JSC::JIT::privateCompileGetByVal): (JSC::JIT::privateCompilePutByVal): (JSC::JIT::emitIntTypedArrayGetByVal): (JSC::JIT::emitFloatTypedArrayGetByVal): (JSC::JIT::emitIntTypedArrayPutByVal): (JSC::JIT::emitFloatTypedArrayPutByVal): * jsc.cpp: (GlobalObject::finishCreation): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::ArrayBuffer): (JSC::ArrayBuffer::gcSizeEstimateInBytes): (JSC::ArrayBuffer::pin): (JSC::ArrayBuffer::unpin): (JSC::ArrayBufferContents::tryAllocate): * runtime/ArrayBufferView.cpp: (JSC::ArrayBufferView::ArrayBufferView): (JSC::ArrayBufferView::~ArrayBufferView): (JSC::ArrayBufferView::setNeuterable): * runtime/ArrayBufferView.h: (JSC::ArrayBufferView::isNeutered): (JSC::ArrayBufferView::buffer): (JSC::ArrayBufferView::baseAddress): (JSC::ArrayBufferView::byteOffset): (JSC::ArrayBufferView::verifySubRange): (JSC::ArrayBufferView::clampOffsetAndNumElements): (JSC::ArrayBufferView::calculateOffsetAndLength): * runtime/ClassInfo.h: * runtime/CommonIdentifiers.h: * runtime/DataView.cpp: Added. (JSC::DataView::DataView): (JSC::DataView::create): (JSC::DataView::wrap): * runtime/DataView.h: Added. (JSC::DataView::byteLength): (JSC::DataView::getType): (JSC::DataView::get): (JSC::DataView::set): * runtime/Float32Array.h: * runtime/Float64Array.h: * runtime/GenericTypedArrayView.h: Added. (JSC::GenericTypedArrayView::data): (JSC::GenericTypedArrayView::set): (JSC::GenericTypedArrayView::setRange): (JSC::GenericTypedArrayView::zeroRange): (JSC::GenericTypedArrayView::zeroFill): (JSC::GenericTypedArrayView::length): (JSC::GenericTypedArrayView::byteLength): (JSC::GenericTypedArrayView::item): (JSC::GenericTypedArrayView::checkInboundData): (JSC::GenericTypedArrayView::getType): * runtime/GenericTypedArrayViewInlines.h: Added. (JSC::::GenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::subarray): (JSC::::wrap): * runtime/IndexingHeader.h: (JSC::IndexingHeader::arrayBuffer): (JSC::IndexingHeader::setArrayBuffer): * runtime/Int16Array.h: * runtime/Int32Array.h: * runtime/Int8Array.h: * runtime/JSArrayBuffer.cpp: Added. (JSC::JSArrayBuffer::JSArrayBuffer): (JSC::JSArrayBuffer::finishCreation): (JSC::JSArrayBuffer::create): (JSC::JSArrayBuffer::createStructure): (JSC::JSArrayBuffer::getOwnPropertySlot): (JSC::JSArrayBuffer::getOwnPropertyDescriptor): (JSC::JSArrayBuffer::put): (JSC::JSArrayBuffer::defineOwnProperty): (JSC::JSArrayBuffer::deleteProperty): (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames): * runtime/JSArrayBuffer.h: Added. (JSC::JSArrayBuffer::impl): (JSC::toArrayBuffer): * runtime/JSArrayBufferConstructor.cpp: Added. (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor): (JSC::JSArrayBufferConstructor::finishCreation): (JSC::JSArrayBufferConstructor::create): (JSC::JSArrayBufferConstructor::createStructure): (JSC::constructArrayBuffer): (JSC::JSArrayBufferConstructor::getConstructData): (JSC::JSArrayBufferConstructor::getCallData): * runtime/JSArrayBufferConstructor.h: Added. * runtime/JSArrayBufferPrototype.cpp: Added. (JSC::arrayBufferProtoFuncSlice): (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype): (JSC::JSArrayBufferPrototype::finishCreation): (JSC::JSArrayBufferPrototype::create): (JSC::JSArrayBufferPrototype::createStructure): * runtime/JSArrayBufferPrototype.h: Added. * runtime/JSArrayBufferView.cpp: Added. (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): (JSC::JSArrayBufferView::JSArrayBufferView): (JSC::JSArrayBufferView::finishCreation): (JSC::JSArrayBufferView::getOwnPropertySlot): (JSC::JSArrayBufferView::getOwnPropertyDescriptor): (JSC::JSArrayBufferView::put): (JSC::JSArrayBufferView::defineOwnProperty): (JSC::JSArrayBufferView::deleteProperty): (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames): (JSC::JSArrayBufferView::finalize): * runtime/JSArrayBufferView.h: Added. (JSC::JSArrayBufferView::sizeOf): (JSC::JSArrayBufferView::ConstructionContext::operator!): (JSC::JSArrayBufferView::ConstructionContext::structure): (JSC::JSArrayBufferView::ConstructionContext::vector): (JSC::JSArrayBufferView::ConstructionContext::length): (JSC::JSArrayBufferView::ConstructionContext::mode): (JSC::JSArrayBufferView::ConstructionContext::butterfly): (JSC::JSArrayBufferView::mode): (JSC::JSArrayBufferView::vector): (JSC::JSArrayBufferView::length): (JSC::JSArrayBufferView::offsetOfVector): (JSC::JSArrayBufferView::offsetOfLength): (JSC::JSArrayBufferView::offsetOfMode): * runtime/JSArrayBufferViewInlines.h: Added. (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary): (JSC::JSArrayBufferView::buffer): (JSC::JSArrayBufferView::impl): (JSC::JSArrayBufferView::neuter): (JSC::JSArrayBufferView::byteOffset): * runtime/JSCell.cpp: (JSC::JSCell::slowDownAndWasteMemory): (JSC::JSCell::getTypedArrayImpl): * runtime/JSCell.h: * runtime/JSDataView.cpp: Added. (JSC::JSDataView::JSDataView): (JSC::JSDataView::create): (JSC::JSDataView::createUninitialized): (JSC::JSDataView::set): (JSC::JSDataView::typedImpl): (JSC::JSDataView::getOwnPropertySlot): (JSC::JSDataView::getOwnPropertyDescriptor): (JSC::JSDataView::slowDownAndWasteMemory): (JSC::JSDataView::getTypedArrayImpl): (JSC::JSDataView::createStructure): * runtime/JSDataView.h: Added. * runtime/JSDataViewPrototype.cpp: Added. (JSC::JSDataViewPrototype::JSDataViewPrototype): (JSC::JSDataViewPrototype::create): (JSC::JSDataViewPrototype::createStructure): (JSC::JSDataViewPrototype::getOwnPropertySlot): (JSC::JSDataViewPrototype::getOwnPropertyDescriptor): (JSC::getData): (JSC::setData): (JSC::dataViewProtoFuncGetInt8): (JSC::dataViewProtoFuncGetInt16): (JSC::dataViewProtoFuncGetInt32): (JSC::dataViewProtoFuncGetUint8): (JSC::dataViewProtoFuncGetUint16): (JSC::dataViewProtoFuncGetUint32): (JSC::dataViewProtoFuncGetFloat32): (JSC::dataViewProtoFuncGetFloat64): (JSC::dataViewProtoFuncSetInt8): (JSC::dataViewProtoFuncSetInt16): (JSC::dataViewProtoFuncSetInt32): (JSC::dataViewProtoFuncSetUint8): (JSC::dataViewProtoFuncSetUint16): (JSC::dataViewProtoFuncSetUint32): (JSC::dataViewProtoFuncSetFloat32): (JSC::dataViewProtoFuncSetFloat64): * runtime/JSDataViewPrototype.h: Added. * runtime/JSFloat32Array.h: Added. * runtime/JSFloat64Array.h: Added. * runtime/JSGenericTypedArrayView.h: Added. (JSC::JSGenericTypedArrayView::byteLength): (JSC::JSGenericTypedArrayView::byteSize): (JSC::JSGenericTypedArrayView::typedVector): (JSC::JSGenericTypedArrayView::canGetIndexQuickly): (JSC::JSGenericTypedArrayView::canSetIndexQuickly): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble): (JSC::JSGenericTypedArrayView::getIndexQuickly): (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue): (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble): (JSC::JSGenericTypedArrayView::setIndexQuickly): (JSC::JSGenericTypedArrayView::canAccessRangeQuickly): (JSC::JSGenericTypedArrayView::typedImpl): (JSC::JSGenericTypedArrayView::createStructure): (JSC::JSGenericTypedArrayView::info): (JSC::toNativeTypedView): * runtime/JSGenericTypedArrayViewConstructor.h: Added. * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added. (JSC::::JSGenericTypedArrayViewConstructor): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): (JSC::constructGenericTypedArrayView): (JSC::::getConstructData): (JSC::::getCallData): * runtime/JSGenericTypedArrayViewInlines.h: Added. (JSC::::JSGenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::validateRange): (JSC::::setWithSpecificType): (JSC::::set): (JSC::::getOwnPropertySlot): (JSC::::getOwnPropertyDescriptor): (JSC::::put): (JSC::::defineOwnProperty): (JSC::::deleteProperty): (JSC::::getOwnPropertySlotByIndex): (JSC::::putByIndex): (JSC::::deletePropertyByIndex): (JSC::::getOwnNonIndexPropertyNames): (JSC::::getOwnPropertyNames): (JSC::::visitChildren): (JSC::::copyBackingStore): (JSC::::slowDownAndWasteMemory): (JSC::::getTypedArrayImpl): * runtime/JSGenericTypedArrayViewPrototype.h: Added. * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added. (JSC::genericTypedArrayViewProtoFuncSet): (JSC::genericTypedArrayViewProtoFuncSubarray): (JSC::::JSGenericTypedArrayViewPrototype): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren): * runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype): (JSC::JSGlobalObject::arrayBufferStructure): (JSC::JSGlobalObject::typedArrayStructure): * runtime/JSInt16Array.h: Added. * runtime/JSInt32Array.h: Added. * runtime/JSInt8Array.h: Added. * runtime/JSTypedArrayConstructors.cpp: Added. * runtime/JSTypedArrayConstructors.h: Added. * runtime/JSTypedArrayPrototypes.cpp: Added. * runtime/JSTypedArrayPrototypes.h: Added. * runtime/JSTypedArrays.cpp: Added. * runtime/JSTypedArrays.h: Added. * runtime/JSUint16Array.h: Added. * runtime/JSUint32Array.h: Added. * runtime/JSUint8Array.h: Added. * runtime/JSUint8ClampedArray.h: Added. * runtime/Operations.h: * runtime/Options.h: * runtime/SimpleTypedArrayController.cpp: Added. (JSC::SimpleTypedArrayController::SimpleTypedArrayController): (JSC::SimpleTypedArrayController::~SimpleTypedArrayController): (JSC::SimpleTypedArrayController::toJS): * runtime/SimpleTypedArrayController.h: Added. * runtime/Structure.h: (JSC::Structure::couldHaveIndexingHeader): * runtime/StructureInlines.h: (JSC::Structure::hasIndexingHeader): * runtime/TypedArrayAdaptors.h: Added. (JSC::IntegralTypedArrayAdaptor::toNative): (JSC::IntegralTypedArrayAdaptor::toJSValue): (JSC::IntegralTypedArrayAdaptor::toDouble): (JSC::FloatTypedArrayAdaptor::toNative): (JSC::FloatTypedArrayAdaptor::toJSValue): (JSC::FloatTypedArrayAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::toNative): (JSC::Uint8ClampedAdaptor::toJSValue): (JSC::Uint8ClampedAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::clamp): * runtime/TypedArrayController.cpp: Added. (JSC::TypedArrayController::TypedArrayController): (JSC::TypedArrayController::~TypedArrayController): * runtime/TypedArrayController.h: Added. * runtime/TypedArrayDescriptor.h: Removed. * runtime/TypedArrayInlines.h: Added. * runtime/TypedArrayType.cpp: Added. (JSC::classInfoForType): (WTF::printInternal): * runtime/TypedArrayType.h: Added. (JSC::toIndex): (JSC::isTypedView): (JSC::elementSize): (JSC::isInt): (JSC::isFloat): (JSC::isSigned): (JSC::isClamped): * runtime/TypedArrays.h: Added. * runtime/Uint16Array.h: * runtime/Uint32Array.h: * runtime/Uint8Array.h: * runtime/Uint8ClampedArray.h: * runtime/VM.cpp: (JSC::VM::VM): (JSC::VM::~VM): * runtime/VM.h: Source/WebCore: Reviewed by Oliver Hunt. Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a client of them. There is only one layering violation: WebCore installs a WebCoreTypedArrayController on VM, which makes the ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default, JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer alive but if ArrayBuffer is kept alive from native code then the JSArrayByffer may die. WebCoreTypedArrayController will keep the JSArrayBuffer alive if the ArrayBuffer is in the opaque root set. To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is changed to make most references to wrappers refer to JSObject* rather than JSDOMWrapper*. Array buffer views are now transient; the JS array buffer view wrappers don't own them or keep them alive. This required a bunch of changes to make bindings code use RefPtr<ArrayBufferView> to hold onto their views. Also there is a bunch of new code to make JSC-provided array buffers and views obey the toJS/to<ClassName> idiom for wrapping and unwrapping. Finally, the DataView API is now completely different: the JSDataView provides the same user-visible JS API but using its own internal magic; the C++ code that uses DataView now uses a rather different API that is not aware of usual DOM semantics, since it's in JSC and not WebCore. It's equally useful for all of WebCore's purposes, but some code had to change to adapt the new conventions. Some tests have been changed or rebased due to changes in behavior, that bring us into conformance with where the standards are going and allow us to match Firefox behavior. Automake work and some additional GTK changes courtesy of Zan Dobersek <zdobersek@igalia.com>. Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>. * CMakeLists.txt: * DerivedSources.make: * ForwardingHeaders/runtime/DataView.h: Added. * ForwardingHeaders/runtime/JSArrayBuffer.h: Added. * ForwardingHeaders/runtime/JSArrayBufferView.h: Added. * ForwardingHeaders/runtime/JSDataView.h: Added. * ForwardingHeaders/runtime/JSTypedArrays.h: Added. * ForwardingHeaders/runtime/TypedArrayController.h: Added. * ForwardingHeaders/runtime/TypedArrayInlines.h: Added. * ForwardingHeaders/runtime/TypedArrays.h: Added. * GNUmakefile.list.am: * Modules/webaudio/RealtimeAnalyser.h: * Target.pri: * UseJSC.cmake: * WebCore.exp.in: * WebCore.vcxproj/WebCore.vcxproj: * WebCore.xcodeproj/project.pbxproj: * bindings/js/DOMWrapperWorld.h: * bindings/js/JSArrayBufferCustom.cpp: Removed. * bindings/js/JSArrayBufferViewHelper.h: Removed. * bindings/js/JSAudioContextCustom.cpp: * bindings/js/JSBindingsAllInOne.cpp: * bindings/js/JSBlobCustom.cpp: * bindings/js/JSCSSRuleCustom.cpp: (WebCore::toJS): * bindings/js/JSCSSValueCustom.cpp: (WebCore::toJS): * bindings/js/JSCryptoCustom.cpp: (WebCore::JSCrypto::getRandomValues): * bindings/js/JSDOMBinding.h: (WebCore::wrapperOwner): (WebCore::wrapperContext): (WebCore::getInlineCachedWrapper): (WebCore::setInlineCachedWrapper): (WebCore::clearInlineCachedWrapper): (WebCore::getCachedWrapper): (WebCore::cacheWrapper): (WebCore::uncacheWrapper): (WebCore::wrap): (WebCore::toJS): (WebCore::toArrayBufferView): (WebCore::toInt8Array): (WebCore::toInt16Array): (WebCore::toInt32Array): (WebCore::toUint8Array): (WebCore::toUint8ClampedArray): (WebCore::toUint16Array): (WebCore::toUint32Array): (WebCore::toFloat32Array): (WebCore::toFloat64Array): (WebCore::toDataView): * bindings/js/JSDataViewCustom.cpp: Removed. * bindings/js/JSDictionary.cpp: * bindings/js/JSDictionary.h: * bindings/js/JSDocumentCustom.cpp: (WebCore::JSDocument::location): (WebCore::toJS): * bindings/js/JSEventCustom.cpp: (WebCore::toJS): * bindings/js/JSFileReaderCustom.cpp: * bindings/js/JSHTMLCollectionCustom.cpp: (WebCore::toJS): * bindings/js/JSHTMLTemplateElementCustom.cpp: (WebCore::JSHTMLTemplateElement::content): * bindings/js/JSImageDataCustom.cpp: (WebCore::toJS): * bindings/js/JSInjectedScriptHostCustom.cpp: * bindings/js/JSMessageEventCustom.cpp: * bindings/js/JSMessagePortCustom.cpp: * bindings/js/JSSVGPathSegCustom.cpp: (WebCore::toJS): * bindings/js/JSStyleSheetCustom.cpp: (WebCore::toJS): * bindings/js/JSTrackCustom.cpp: (WebCore::toJS): * bindings/js/JSWebGLRenderingContextCustom.cpp: * bindings/js/JSXMLHttpRequestCustom.cpp: (WebCore::JSXMLHttpRequest::send): * bindings/js/SerializedScriptValue.cpp: (WebCore::SerializedScriptValue::transferArrayBuffers): * bindings/js/WebCoreJSClientData.h: (WebCore::initNormalWorldClientData): * bindings/js/WebCoreTypedArrayController.cpp: Added. (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::toJS): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize): * bindings/js/WebCoreTypedArrayController.h: Added. (WebCore::WebCoreTypedArrayController::wrapperOwner): * bindings/scripts/CodeGenerator.pm: (ForAllParents): (ParseInterface): (SkipIncludeHeader): (IsTypedArrayType): (IsWrapperType): * bindings/scripts/CodeGeneratorJS.pm: (AddIncludesForType): (GenerateHeader): (GenerateImplementation): (GenerateParametersCheck): (GetNativeType): (JSValueToNative): (NativeToJSValue): (GenerateConstructorDefinition): (GenerateConstructorHelperMethods): * fileapi/WebKitBlobBuilder.cpp: (WebCore::BlobBuilder::append): * fileapi/WebKitBlobBuilder.h: * html/canvas/ArrayBuffer.idl: Removed. * html/canvas/ArrayBufferView.idl: Removed. * html/canvas/DataView.cpp: Removed. * html/canvas/DataView.h: Removed. * html/canvas/DataView.idl: Removed. * html/canvas/Float32Array.idl: Removed. * html/canvas/Float64Array.idl: Removed. * html/canvas/Int16Array.idl: Removed. * html/canvas/Int32Array.idl: Removed. * html/canvas/Int8Array.idl: Removed. * html/canvas/Uint16Array.idl: Removed. * html/canvas/Uint32Array.idl: Removed. * html/canvas/Uint8Array.idl: Removed. * html/canvas/Uint8ClampedArray.idl: Removed. * html/canvas/WebGLRenderingContext.cpp: (WebCore::WebGLRenderingContext::readPixels): (WebCore::WebGLRenderingContext::validateTexFuncData): * page/Crypto.cpp: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource): (WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData): * platform/graphics/filters/FECustomFilter.h: * platform/graphics/filters/FEGaussianBlur.cpp: * platform/graphics/filters/FilterEffect.cpp: * testing/MockCDM.cpp: Source/WebKit2: Reviewed by Oliver Hunt. You don't need to include JSUint8Array anymore if you just want to unwrap one; JSDOMBinding gives you all of the things you need. * WebProcess/InjectedBundle/InjectedBundle.cpp: Source/WTF: Reviewed by Oliver Hunt. - Added the notion of a reference counted object that can be marked Deferred, which is like a special-purpose upref. - Added a common byte flipper. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * GNUmakefile.list.am: * WTF.xcodeproj/project.pbxproj: * wtf/DeferrableRefCounted.h: Added. (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::hasOneRef): (WTF::DeferrableRefCountedBase::refCount): (WTF::DeferrableRefCountedBase::isDeferred): (WTF::DeferrableRefCountedBase::DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCountedBase::setIsDeferredBase): (WTF::DeferrableRefCounted::deref): (WTF::DeferrableRefCounted::setIsDeferred): (WTF::DeferrableRefCounted::DeferrableRefCounted): (WTF::DeferrableRefCounted::~DeferrableRefCounted): * wtf/FlipBytes.h: Added. (WTF::needToFlipBytesIfLittleEndian): (WTF::flipBytes): (WTF::flipBytesIfLittleEndian): LayoutTests: Reviewed by Oliver Hunt. * fast/canvas/webgl/array-set-invalid-arguments-expected.txt: * fast/canvas/webgl/array-set-out-of-bounds-expected.txt: * fast/canvas/webgl/array-unit-tests-expected.txt: * fast/canvas/webgl/array-unit-tests.html: * fast/canvas/webgl/data-view-crash-expected.txt: * fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js: (checkView): * fast/dom/call-a-constructor-as-a-function-expected.txt: * fast/dom/call-a-constructor-as-a-function.html: * fast/js/constructor-length.html: * fast/js/global-constructors-attributes-dedicated-worker-expected.txt: * fast/js/global-constructors-attributes-expected.txt: * fast/js/global-constructors-attributes-shared-worker-expected.txt: * fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added. * fast/js/regress/Int32Array-alloc-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-huge.html: Added. * fast/js/regress/Int32Array-alloc-large-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-large.html: Added. * fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-long-lived.html: Added. * fast/js/regress/Int32Array-alloc.html: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc.js: Added. * platform/mac/fast/js/constructor-length-expected.txt: * webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html: * webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html: Canonical link: https://commits.webkit.org/137806@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-08-15 20:43:06 +00:00
/*
Use constexpr instead of const in symbol definitions that are obviously constexpr. https://bugs.webkit.org/show_bug.cgi?id=201879 Rubber-stamped by Joseph Pecoraro. Source/bmalloc: * bmalloc/AvailableMemory.cpp: * bmalloc/IsoTLS.h: * bmalloc/Map.h: * bmalloc/Mutex.cpp: (bmalloc::Mutex::lockSlowCase): * bmalloc/PerThread.h: * bmalloc/Vector.h: * bmalloc/Zone.h: Source/JavaScriptCore: const may require external storage (at the compiler's whim) though these currently do not. constexpr makes it clear that the value is a literal constant that can be inlined. In most cases in the code, when we say static const, we actually mean static constexpr. I'm changing the code to reflect this. * API/JSAPIValueWrapper.h: * API/JSCallbackConstructor.h: * API/JSCallbackObject.h: * API/JSContextRef.cpp: * API/JSWrapperMap.mm: * API/tests/CompareAndSwapTest.cpp: * API/tests/TypedArrayCTest.cpp: * API/tests/testapi.mm: (testObjectiveCAPIMain): * KeywordLookupGenerator.py: (Trie.printAsC): * assembler/ARMv7Assembler.h: * assembler/AssemblerBuffer.h: * assembler/AssemblerCommon.h: * assembler/MacroAssembler.h: * assembler/MacroAssemblerARM64.h: * assembler/MacroAssemblerARM64E.h: * assembler/MacroAssemblerARMv7.h: * assembler/MacroAssemblerCodeRef.h: * assembler/MacroAssemblerMIPS.h: * assembler/MacroAssemblerX86.h: * assembler/MacroAssemblerX86Common.h: (JSC::MacroAssemblerX86Common::absDouble): (JSC::MacroAssemblerX86Common::negateDouble): * assembler/MacroAssemblerX86_64.h: * assembler/X86Assembler.h: * b3/B3Bank.h: * b3/B3CheckSpecial.h: * b3/B3DuplicateTails.cpp: * b3/B3EliminateCommonSubexpressions.cpp: * b3/B3FixSSA.cpp: * b3/B3FoldPathConstants.cpp: * b3/B3InferSwitches.cpp: * b3/B3Kind.h: * b3/B3LowerToAir.cpp: * b3/B3NativeTraits.h: * b3/B3ReduceDoubleToFloat.cpp: * b3/B3ReduceLoopStrength.cpp: * b3/B3ReduceStrength.cpp: * b3/B3ValueKey.h: * b3/air/AirAllocateRegistersByGraphColoring.cpp: * b3/air/AirAllocateStackByGraphColoring.cpp: * b3/air/AirArg.h: * b3/air/AirCCallSpecial.h: * b3/air/AirEmitShuffle.cpp: * b3/air/AirFixObviousSpills.cpp: * b3/air/AirFormTable.h: * b3/air/AirLowerAfterRegAlloc.cpp: * b3/air/AirPrintSpecial.h: * b3/air/AirStackAllocation.cpp: * b3/air/AirTmp.h: * b3/testb3_6.cpp: (testInterpreter): * bytecode/AccessCase.cpp: * bytecode/CallLinkStatus.cpp: * bytecode/CallVariant.h: * bytecode/CodeBlock.h: * bytecode/CodeOrigin.h: * bytecode/DFGExitProfile.h: * bytecode/DirectEvalCodeCache.h: * bytecode/ExecutableToCodeBlockEdge.h: * bytecode/GetterSetterAccessCase.cpp: * bytecode/LazyOperandValueProfile.h: * bytecode/ObjectPropertyCondition.h: * bytecode/ObjectPropertyConditionSet.cpp: * bytecode/PolymorphicAccess.cpp: * bytecode/PropertyCondition.h: * bytecode/SpeculatedType.h: * bytecode/StructureStubInfo.cpp: * bytecode/UnlinkedCodeBlock.cpp: (JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): * bytecode/UnlinkedCodeBlock.h: * bytecode/UnlinkedEvalCodeBlock.h: * bytecode/UnlinkedFunctionCodeBlock.h: * bytecode/UnlinkedFunctionExecutable.h: * bytecode/UnlinkedModuleProgramCodeBlock.h: * bytecode/UnlinkedProgramCodeBlock.h: * bytecode/ValueProfile.h: * bytecode/VirtualRegister.h: * bytecode/Watchpoint.h: * bytecompiler/BytecodeGenerator.h: * bytecompiler/Label.h: * bytecompiler/NodesCodegen.cpp: (JSC::ThisNode::emitBytecode): * bytecompiler/RegisterID.h: * debugger/Breakpoint.h: * debugger/DebuggerParseData.cpp: * debugger/DebuggerPrimitives.h: * debugger/DebuggerScope.h: * dfg/DFGAbstractHeap.h: * dfg/DFGAbstractValue.h: * dfg/DFGArgumentsEliminationPhase.cpp: * dfg/DFGByteCodeParser.cpp: * dfg/DFGCSEPhase.cpp: * dfg/DFGCommon.h: * dfg/DFGCompilationKey.h: * dfg/DFGDesiredGlobalProperty.h: * dfg/DFGEdgeDominates.h: * dfg/DFGEpoch.h: * dfg/DFGForAllKills.h: (JSC::DFG::forAllKilledNodesAtNodeIndex): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::isLiveInBytecode): * dfg/DFGHeapLocation.h: * dfg/DFGInPlaceAbstractState.cpp: * dfg/DFGIntegerCheckCombiningPhase.cpp: * dfg/DFGIntegerRangeOptimizationPhase.cpp: * dfg/DFGInvalidationPointInjectionPhase.cpp: * dfg/DFGLICMPhase.cpp: * dfg/DFGLazyNode.h: * dfg/DFGMinifiedID.h: * dfg/DFGMovHintRemovalPhase.cpp: * dfg/DFGNodeFlowProjection.h: * dfg/DFGNodeType.h: * dfg/DFGObjectAllocationSinkingPhase.cpp: * dfg/DFGPhantomInsertionPhase.cpp: * dfg/DFGPromotedHeapLocation.h: * dfg/DFGPropertyTypeKey.h: * dfg/DFGPureValue.h: * dfg/DFGPutStackSinkingPhase.cpp: * dfg/DFGRegisterBank.h: * dfg/DFGSSAConversionPhase.cpp: * dfg/DFGSSALoweringPhase.cpp: * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileDoubleRep): (JSC::DFG::compileClampDoubleToByte): (JSC::DFG::SpeculativeJIT::compileArithRounding): (JSC::DFG::compileArithPowIntegerFastPath): (JSC::DFG::SpeculativeJIT::compileArithPow): (JSC::DFG::SpeculativeJIT::emitBinarySwitchStringRecurse): * dfg/DFGStackLayoutPhase.cpp: * dfg/DFGStoreBarrierInsertionPhase.cpp: * dfg/DFGStrengthReductionPhase.cpp: * dfg/DFGStructureAbstractValue.h: * dfg/DFGVarargsForwardingPhase.cpp: * dfg/DFGVariableEventStream.cpp: (JSC::DFG::VariableEventStream::reconstruct const): * dfg/DFGWatchpointCollectionPhase.cpp: * disassembler/ARM64/A64DOpcode.h: * ftl/FTLLocation.h: * ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileArithRandom): * ftl/FTLSlowPathCall.cpp: * ftl/FTLSlowPathCallKey.h: * heap/CellContainer.h: * heap/CellState.h: * heap/ConservativeRoots.h: * heap/GCSegmentedArray.h: * heap/HandleBlock.h: * heap/Heap.cpp: (JSC::Heap::updateAllocationLimits): * heap/Heap.h: * heap/HeapSnapshot.h: * heap/HeapUtil.h: (JSC::HeapUtil::findGCObjectPointersForMarking): * heap/IncrementalSweeper.cpp: * heap/LargeAllocation.h: * heap/MarkedBlock.cpp: * heap/Strong.h: * heap/VisitRaceKey.h: * heap/Weak.h: * heap/WeakBlock.h: * inspector/JSInjectedScriptHost.h: * inspector/JSInjectedScriptHostPrototype.h: * inspector/JSJavaScriptCallFrame.h: * inspector/JSJavaScriptCallFramePrototype.h: * inspector/agents/InspectorConsoleAgent.cpp: * inspector/agents/InspectorRuntimeAgent.cpp: (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets): * inspector/scripts/codegen/generate_cpp_protocol_types_header.py: (CppProtocolTypesHeaderGenerator._generate_versions): * inspector/scripts/tests/generic/expected/version.json-result: * interpreter/Interpreter.h: * interpreter/ShadowChicken.cpp: * jit/BinarySwitch.cpp: * jit/CallFrameShuffler.h: * jit/ExecutableAllocator.h: * jit/FPRInfo.h: * jit/GPRInfo.h: * jit/ICStats.h: * jit/JITThunks.h: * jit/Reg.h: * jit/RegisterSet.h: * jit/TempRegisterSet.h: * jsc.cpp: * parser/ASTBuilder.h: * parser/Nodes.h: * parser/SourceCodeKey.h: * parser/SyntaxChecker.h: * parser/VariableEnvironment.h: * profiler/ProfilerOrigin.h: * profiler/ProfilerOriginStack.h: * profiler/ProfilerUID.h: * runtime/AbstractModuleRecord.cpp: * runtime/ArrayBufferNeuteringWatchpointSet.h: * runtime/ArrayConstructor.h: * runtime/ArrayConventions.h: * runtime/ArrayIteratorPrototype.h: * runtime/ArrayPrototype.cpp: (JSC::setLength): * runtime/AsyncFromSyncIteratorPrototype.h: * runtime/AsyncGeneratorFunctionPrototype.h: * runtime/AsyncGeneratorPrototype.h: * runtime/AsyncIteratorPrototype.h: * runtime/AtomicsObject.cpp: * runtime/BigIntConstructor.h: * runtime/BigIntPrototype.h: * runtime/BooleanPrototype.h: * runtime/ClonedArguments.h: * runtime/CodeCache.h: * runtime/ControlFlowProfiler.h: * runtime/CustomGetterSetter.h: * runtime/DateConstructor.h: * runtime/DatePrototype.h: * runtime/DefinePropertyAttributes.h: * runtime/ErrorPrototype.h: * runtime/EvalExecutable.h: * runtime/Exception.h: * runtime/ExceptionHelpers.cpp: (JSC::invalidParameterInSourceAppender): (JSC::invalidParameterInstanceofSourceAppender): * runtime/ExceptionHelpers.h: * runtime/ExecutableBase.h: * runtime/FunctionExecutable.h: * runtime/FunctionRareData.h: * runtime/GeneratorPrototype.h: * runtime/GenericArguments.h: * runtime/GenericOffset.h: * runtime/GetPutInfo.h: * runtime/GetterSetter.h: * runtime/GlobalExecutable.h: * runtime/Identifier.h: * runtime/InspectorInstrumentationObject.h: * runtime/InternalFunction.h: * runtime/IntlCollatorConstructor.h: * runtime/IntlCollatorPrototype.h: * runtime/IntlDateTimeFormatConstructor.h: * runtime/IntlDateTimeFormatPrototype.h: * runtime/IntlNumberFormatConstructor.h: * runtime/IntlNumberFormatPrototype.h: * runtime/IntlObject.h: * runtime/IntlPluralRulesConstructor.h: * runtime/IntlPluralRulesPrototype.h: * runtime/IteratorPrototype.h: * runtime/JSArray.cpp: (JSC::JSArray::tryCreateUninitializedRestricted): * runtime/JSArray.h: * runtime/JSArrayBuffer.h: * runtime/JSArrayBufferView.h: * runtime/JSBigInt.h: * runtime/JSCJSValue.h: * runtime/JSCell.h: * runtime/JSCustomGetterSetterFunction.h: * runtime/JSDataView.h: * runtime/JSDataViewPrototype.h: * runtime/JSDestructibleObject.h: * runtime/JSFixedArray.h: * runtime/JSGenericTypedArrayView.h: * runtime/JSGlobalLexicalEnvironment.h: * runtime/JSGlobalObject.h: * runtime/JSImmutableButterfly.h: * runtime/JSInternalPromiseConstructor.h: * runtime/JSInternalPromiseDeferred.h: * runtime/JSInternalPromisePrototype.h: * runtime/JSLexicalEnvironment.h: * runtime/JSModuleEnvironment.h: * runtime/JSModuleLoader.h: * runtime/JSModuleNamespaceObject.h: * runtime/JSNonDestructibleProxy.h: * runtime/JSONObject.cpp: * runtime/JSONObject.h: * runtime/JSObject.h: * runtime/JSPromiseConstructor.h: * runtime/JSPromiseDeferred.h: * runtime/JSPromisePrototype.h: * runtime/JSPropertyNameEnumerator.h: * runtime/JSProxy.h: * runtime/JSScope.h: * runtime/JSScriptFetchParameters.h: * runtime/JSScriptFetcher.h: * runtime/JSSegmentedVariableObject.h: * runtime/JSSourceCode.h: * runtime/JSString.cpp: * runtime/JSString.h: * runtime/JSSymbolTableObject.h: * runtime/JSTemplateObjectDescriptor.h: * runtime/JSTypeInfo.h: * runtime/MapPrototype.h: * runtime/MinimumReservedZoneSize.h: * runtime/ModuleProgramExecutable.h: * runtime/NativeExecutable.h: * runtime/NativeFunction.h: * runtime/NativeStdFunctionCell.h: * runtime/NumberConstructor.h: * runtime/NumberPrototype.h: * runtime/ObjectConstructor.h: * runtime/ObjectPrototype.h: * runtime/ProgramExecutable.h: * runtime/PromiseDeferredTimer.cpp: * runtime/PropertyMapHashTable.h: * runtime/PropertyNameArray.h: (JSC::PropertyNameArray::add): * runtime/PrototypeKey.h: * runtime/ProxyConstructor.h: * runtime/ProxyObject.cpp: (JSC::ProxyObject::performGetOwnPropertyNames): * runtime/ProxyRevoke.h: * runtime/ReflectObject.h: * runtime/RegExp.h: * runtime/RegExpCache.h: * runtime/RegExpConstructor.h: * runtime/RegExpKey.h: * runtime/RegExpObject.h: * runtime/RegExpPrototype.h: * runtime/RegExpStringIteratorPrototype.h: * runtime/SamplingProfiler.cpp: * runtime/ScopedArgumentsTable.h: * runtime/ScriptExecutable.h: * runtime/SetPrototype.h: * runtime/SmallStrings.h: * runtime/SparseArrayValueMap.h: * runtime/StringConstructor.h: * runtime/StringIteratorPrototype.h: * runtime/StringObject.h: * runtime/StringPrototype.h: * runtime/Structure.h: * runtime/StructureChain.h: * runtime/StructureRareData.h: * runtime/StructureTransitionTable.h: * runtime/Symbol.h: * runtime/SymbolConstructor.h: * runtime/SymbolPrototype.h: * runtime/SymbolTable.h: * runtime/TemplateObjectDescriptor.h: * runtime/TypeProfiler.cpp: * runtime/TypeProfiler.h: * runtime/TypeProfilerLog.cpp: * runtime/VarOffset.h: * testRegExp.cpp: * tools/HeapVerifier.cpp: (JSC::HeapVerifier::checkIfRecorded): * tools/JSDollarVM.cpp: * wasm/WasmB3IRGenerator.cpp: * wasm/WasmBBQPlan.cpp: * wasm/WasmFaultSignalHandler.cpp: * wasm/WasmFunctionParser.h: * wasm/WasmOMGForOSREntryPlan.cpp: * wasm/WasmOMGPlan.cpp: * wasm/WasmPlan.cpp: * wasm/WasmSignature.cpp: * wasm/WasmSignature.h: * wasm/WasmWorklist.cpp: * wasm/js/JSWebAssembly.h: * wasm/js/JSWebAssemblyCodeBlock.h: * wasm/js/WebAssemblyCompileErrorConstructor.h: * wasm/js/WebAssemblyCompileErrorPrototype.h: * wasm/js/WebAssemblyFunction.h: * wasm/js/WebAssemblyInstanceConstructor.h: * wasm/js/WebAssemblyInstancePrototype.h: * wasm/js/WebAssemblyLinkErrorConstructor.h: * wasm/js/WebAssemblyLinkErrorPrototype.h: * wasm/js/WebAssemblyMemoryConstructor.h: * wasm/js/WebAssemblyMemoryPrototype.h: * wasm/js/WebAssemblyModuleConstructor.h: * wasm/js/WebAssemblyModulePrototype.h: * wasm/js/WebAssemblyRuntimeErrorConstructor.h: * wasm/js/WebAssemblyRuntimeErrorPrototype.h: * wasm/js/WebAssemblyTableConstructor.h: * wasm/js/WebAssemblyTablePrototype.h: * wasm/js/WebAssemblyToJSCallee.h: * yarr/Yarr.h: * yarr/YarrParser.h: * yarr/generateYarrCanonicalizeUnicode: Source/WebCore: No new tests. Covered by existing tests. * bindings/js/JSDOMConstructorBase.h: * bindings/js/JSDOMWindowProperties.h: * bindings/scripts/CodeGeneratorJS.pm: (GenerateHeader): (GeneratePrototypeDeclaration): * bindings/scripts/test/JS/JSTestActiveDOMObject.h: * bindings/scripts/test/JS/JSTestEnabledBySetting.h: * bindings/scripts/test/JS/JSTestEnabledForContext.h: * bindings/scripts/test/JS/JSTestEventTarget.h: * bindings/scripts/test/JS/JSTestGlobalObject.h: * bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.h: * bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.h: * bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.h: * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.h: * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.h: * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.h: * bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.h: * bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.h: * bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.h: * bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.h: * bindings/scripts/test/JS/JSTestNamedGetterCallWith.h: * bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.h: * bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.h: * bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.h: * bindings/scripts/test/JS/JSTestNamedSetterThrowingException.h: * bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.h: * bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.h: * bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.h: * bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.h: * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.h: * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.h: * bindings/scripts/test/JS/JSTestObj.h: * bindings/scripts/test/JS/JSTestOverrideBuiltins.h: * bindings/scripts/test/JS/JSTestPluginInterface.h: * bindings/scripts/test/JS/JSTestTypedefs.h: * bridge/objc/objc_runtime.h: * bridge/runtime_array.h: * bridge/runtime_method.h: * bridge/runtime_object.h: Source/WebKit: * WebProcess/Plugins/Netscape/JSNPObject.h: Source/WTF: * wtf/Assertions.cpp: * wtf/AutomaticThread.cpp: * wtf/BitVector.h: * wtf/Bitmap.h: * wtf/BloomFilter.h: * wtf/Brigand.h: * wtf/CheckedArithmetic.h: * wtf/CrossThreadCopier.h: * wtf/CurrentTime.cpp: * wtf/DataLog.cpp: * wtf/DateMath.cpp: (WTF::daysFrom1970ToYear): * wtf/DeferrableRefCounted.h: * wtf/GetPtr.h: * wtf/HashFunctions.h: * wtf/HashMap.h: * wtf/HashTable.h: * wtf/HashTraits.h: * wtf/JSONValues.cpp: * wtf/JSONValues.h: * wtf/ListHashSet.h: * wtf/Lock.h: * wtf/LockAlgorithm.h: * wtf/LockAlgorithmInlines.h: (WTF::Hooks>::lockSlow): * wtf/Logger.h: * wtf/LoggerHelper.h: (WTF::LoggerHelper::childLogIdentifier const): * wtf/MainThread.cpp: * wtf/MetaAllocatorPtr.h: * wtf/MonotonicTime.h: * wtf/NaturalLoops.h: (WTF::NaturalLoops::NaturalLoops): * wtf/ObjectIdentifier.h: * wtf/RAMSize.cpp: * wtf/Ref.h: * wtf/RefPtr.h: * wtf/RetainPtr.h: * wtf/SchedulePair.h: * wtf/StackShot.h: * wtf/StdLibExtras.h: * wtf/TinyPtrSet.h: * wtf/URL.cpp: * wtf/URLHash.h: * wtf/URLParser.cpp: (WTF::URLParser::defaultPortForProtocol): * wtf/Vector.h: * wtf/VectorTraits.h: * wtf/WallTime.h: * wtf/WeakHashSet.h: * wtf/WordLock.h: * wtf/cocoa/CPUTimeCocoa.cpp: * wtf/cocoa/MemoryPressureHandlerCocoa.mm: * wtf/persistence/PersistentDecoder.h: * wtf/persistence/PersistentEncoder.h: * wtf/text/AtomStringHash.h: * wtf/text/CString.h: * wtf/text/StringBuilder.cpp: (WTF::expandedCapacity): * wtf/text/StringHash.h: * wtf/text/StringImpl.h: * wtf/text/StringToIntegerConversion.h: (WTF::toIntegralType): * wtf/text/SymbolRegistry.h: * wtf/text/TextStream.cpp: (WTF::hasFractions): * wtf/text/WTFString.h: * wtf/text/cocoa/TextBreakIteratorInternalICUCocoa.cpp: Canonical link: https://commits.webkit.org/215538@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250005 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2019-09-18 00:36:19 +00:00
* Copyright (C) 2013-2019 Apple Inc. All rights reserved.
Typed arrays should be rewritten https://bugs.webkit.org/show_bug.cgi?id=119064 .: Reviewed by Oliver Hunt. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * Source/autotools/symbols.filter: Source/JavaScriptCore: Reviewed by Oliver Hunt. Typed arrays were previously deficient in several major ways: - They were defined separately in WebCore and in the jsc shell. The two implementations were different, and the jsc shell one was basically wrong. The WebCore one was quite awful, also. - Typed arrays were not visible to the JIT except through some weird hooks. For example, the JIT could not ask "what is the Structure that this typed array would have if I just allocated it from this global object". Also, it was difficult to wire any of the typed array intrinsics, because most of the functionality wasn't visible anywhere in JSC. - Typed array allocation was brain-dead. Allocating a typed array involved two JS objects, two GC weak handles, and three malloc allocations. - Neutering. It involved keeping tabs on all native views but not the view wrappers, even though the native views can autoneuter just by asking the buffer if it was neutered anytime you touch them; while the JS view wrappers are the ones that you really want to reach out to. - Common case-ing. Most typed arrays have one buffer and one view, and usually nobody touches the buffer. Yet we created all of that stuff anyway, using data structures optimized for the case where you had a lot of views. - Semantic goofs. Typed arrays should, in the future, behave like ES features rather than DOM features, for example when it comes to exceptions. Firefox already does this and I agree with them. This patch cleanses our codebase of these sins: - Typed arrays are almost entirely defined in JSC. Only the lifecycle management of native references to buffers is left to WebCore. - Allocating a typed array requires either two GC allocations (a cell and a copied storage vector) or one GC allocation, a malloc allocation, and a weak handle (a cell and a malloc'd storage vector, plus a finalizer for the latter). The latter is only used for oversize arrays. Remember that before it was 7 allocations no matter what. - Typed arrays require just 4 words of overhead: Structure*, Butterfly*, mode/length, void* vector. Before it was a lot more than that - remember, there were five additional objects that did absolutely nothing for anybody. - Native views aren't tracked by the buffer, or by the wrappers. They are transient. In the future we'll probably switch to not even having them be malloc'd. - Native array buffers have an efficient way of tracking all of their JS view wrappers, both for neutering, and for lifecycle management. The GC special-cases native array buffers. This saves a bunch of grief; for example it means that a JS view wrapper can refer to its buffer via the butterfly, which would be dead by the time we went to finalize. - Typed array semantics now match Firefox, which also happens to be where the standards are going. The discussion on webkit-dev seemed to confirm that Chrome is also heading in this direction. This includes making Uint8ClampedArray not a subtype of Uint8Array, and getting rid of ArrayBufferView as a JS-visible construct. This is up to a 10x speed-up on programs that allocate a lot of typed arrays. It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for further typed array optimizations in the JSC JITs, including inlining typed array allocation, inlining more of the accessors, reducing the cost of type checks, etc. An additional property of this patch is that typed arrays are mostly implemented using templates. This deduplicates a bunch of code, but does mean that we need some hacks for exporting s_info's of template classes. See JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly low-impact compared to code duplication. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * CMakeLists.txt: * DerivedSources.make: * GNUmakefile.list.am: * JSCTypedArrayStubs.h: Removed. * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * bytecode/ByValInfo.h: (JSC::hasOptimizableIndexingForClassInfo): (JSC::jitArrayModeForClassInfo): (JSC::typedArrayTypeForJITArrayMode): * bytecode/SpeculatedType.cpp: (JSC::speculationFromClassInfo): * dfg/DFGArrayMode.cpp: (JSC::DFG::toTypedArrayType): * dfg/DFGArrayMode.h: (JSC::DFG::ArrayMode::typedArrayType): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetArrayLength): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * heap/CopyToken.h: * heap/DeferGC.h: (JSC::DeferGCForAWhile::DeferGCForAWhile): (JSC::DeferGCForAWhile::~DeferGCForAWhile): * heap/GCIncomingRefCounted.h: Added. (JSC::GCIncomingRefCounted::GCIncomingRefCounted): (JSC::GCIncomingRefCounted::~GCIncomingRefCounted): (JSC::GCIncomingRefCounted::numberOfIncomingReferences): (JSC::GCIncomingRefCounted::incomingReferenceAt): (JSC::GCIncomingRefCounted::singletonFlag): (JSC::GCIncomingRefCounted::hasVectorOfCells): (JSC::GCIncomingRefCounted::hasAnyIncoming): (JSC::GCIncomingRefCounted::hasSingleton): (JSC::GCIncomingRefCounted::singleton): (JSC::GCIncomingRefCounted::vectorOfCells): * heap/GCIncomingRefCountedInlines.h: Added. (JSC::::addIncomingReference): (JSC::::filterIncomingReferences): * heap/GCIncomingRefCountedSet.h: Added. (JSC::GCIncomingRefCountedSet::size): * heap/GCIncomingRefCountedSetInlines.h: Added. (JSC::::GCIncomingRefCountedSet): (JSC::::~GCIncomingRefCountedSet): (JSC::::addReference): (JSC::::sweep): (JSC::::removeAll): (JSC::::removeDead): * heap/Heap.cpp: (JSC::Heap::addReference): (JSC::Heap::extraSize): (JSC::Heap::size): (JSC::Heap::capacity): (JSC::Heap::collect): (JSC::Heap::decrementDeferralDepth): (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): * heap/Heap.h: * interpreter/CallFrame.h: (JSC::ExecState::dataViewTable): * jit/JIT.h: * jit/JITPropertyAccess.cpp: (JSC::JIT::privateCompileGetByVal): (JSC::JIT::privateCompilePutByVal): (JSC::JIT::emitIntTypedArrayGetByVal): (JSC::JIT::emitFloatTypedArrayGetByVal): (JSC::JIT::emitIntTypedArrayPutByVal): (JSC::JIT::emitFloatTypedArrayPutByVal): * jsc.cpp: (GlobalObject::finishCreation): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::ArrayBuffer): (JSC::ArrayBuffer::gcSizeEstimateInBytes): (JSC::ArrayBuffer::pin): (JSC::ArrayBuffer::unpin): (JSC::ArrayBufferContents::tryAllocate): * runtime/ArrayBufferView.cpp: (JSC::ArrayBufferView::ArrayBufferView): (JSC::ArrayBufferView::~ArrayBufferView): (JSC::ArrayBufferView::setNeuterable): * runtime/ArrayBufferView.h: (JSC::ArrayBufferView::isNeutered): (JSC::ArrayBufferView::buffer): (JSC::ArrayBufferView::baseAddress): (JSC::ArrayBufferView::byteOffset): (JSC::ArrayBufferView::verifySubRange): (JSC::ArrayBufferView::clampOffsetAndNumElements): (JSC::ArrayBufferView::calculateOffsetAndLength): * runtime/ClassInfo.h: * runtime/CommonIdentifiers.h: * runtime/DataView.cpp: Added. (JSC::DataView::DataView): (JSC::DataView::create): (JSC::DataView::wrap): * runtime/DataView.h: Added. (JSC::DataView::byteLength): (JSC::DataView::getType): (JSC::DataView::get): (JSC::DataView::set): * runtime/Float32Array.h: * runtime/Float64Array.h: * runtime/GenericTypedArrayView.h: Added. (JSC::GenericTypedArrayView::data): (JSC::GenericTypedArrayView::set): (JSC::GenericTypedArrayView::setRange): (JSC::GenericTypedArrayView::zeroRange): (JSC::GenericTypedArrayView::zeroFill): (JSC::GenericTypedArrayView::length): (JSC::GenericTypedArrayView::byteLength): (JSC::GenericTypedArrayView::item): (JSC::GenericTypedArrayView::checkInboundData): (JSC::GenericTypedArrayView::getType): * runtime/GenericTypedArrayViewInlines.h: Added. (JSC::::GenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::subarray): (JSC::::wrap): * runtime/IndexingHeader.h: (JSC::IndexingHeader::arrayBuffer): (JSC::IndexingHeader::setArrayBuffer): * runtime/Int16Array.h: * runtime/Int32Array.h: * runtime/Int8Array.h: * runtime/JSArrayBuffer.cpp: Added. (JSC::JSArrayBuffer::JSArrayBuffer): (JSC::JSArrayBuffer::finishCreation): (JSC::JSArrayBuffer::create): (JSC::JSArrayBuffer::createStructure): (JSC::JSArrayBuffer::getOwnPropertySlot): (JSC::JSArrayBuffer::getOwnPropertyDescriptor): (JSC::JSArrayBuffer::put): (JSC::JSArrayBuffer::defineOwnProperty): (JSC::JSArrayBuffer::deleteProperty): (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames): * runtime/JSArrayBuffer.h: Added. (JSC::JSArrayBuffer::impl): (JSC::toArrayBuffer): * runtime/JSArrayBufferConstructor.cpp: Added. (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor): (JSC::JSArrayBufferConstructor::finishCreation): (JSC::JSArrayBufferConstructor::create): (JSC::JSArrayBufferConstructor::createStructure): (JSC::constructArrayBuffer): (JSC::JSArrayBufferConstructor::getConstructData): (JSC::JSArrayBufferConstructor::getCallData): * runtime/JSArrayBufferConstructor.h: Added. * runtime/JSArrayBufferPrototype.cpp: Added. (JSC::arrayBufferProtoFuncSlice): (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype): (JSC::JSArrayBufferPrototype::finishCreation): (JSC::JSArrayBufferPrototype::create): (JSC::JSArrayBufferPrototype::createStructure): * runtime/JSArrayBufferPrototype.h: Added. * runtime/JSArrayBufferView.cpp: Added. (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): (JSC::JSArrayBufferView::JSArrayBufferView): (JSC::JSArrayBufferView::finishCreation): (JSC::JSArrayBufferView::getOwnPropertySlot): (JSC::JSArrayBufferView::getOwnPropertyDescriptor): (JSC::JSArrayBufferView::put): (JSC::JSArrayBufferView::defineOwnProperty): (JSC::JSArrayBufferView::deleteProperty): (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames): (JSC::JSArrayBufferView::finalize): * runtime/JSArrayBufferView.h: Added. (JSC::JSArrayBufferView::sizeOf): (JSC::JSArrayBufferView::ConstructionContext::operator!): (JSC::JSArrayBufferView::ConstructionContext::structure): (JSC::JSArrayBufferView::ConstructionContext::vector): (JSC::JSArrayBufferView::ConstructionContext::length): (JSC::JSArrayBufferView::ConstructionContext::mode): (JSC::JSArrayBufferView::ConstructionContext::butterfly): (JSC::JSArrayBufferView::mode): (JSC::JSArrayBufferView::vector): (JSC::JSArrayBufferView::length): (JSC::JSArrayBufferView::offsetOfVector): (JSC::JSArrayBufferView::offsetOfLength): (JSC::JSArrayBufferView::offsetOfMode): * runtime/JSArrayBufferViewInlines.h: Added. (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary): (JSC::JSArrayBufferView::buffer): (JSC::JSArrayBufferView::impl): (JSC::JSArrayBufferView::neuter): (JSC::JSArrayBufferView::byteOffset): * runtime/JSCell.cpp: (JSC::JSCell::slowDownAndWasteMemory): (JSC::JSCell::getTypedArrayImpl): * runtime/JSCell.h: * runtime/JSDataView.cpp: Added. (JSC::JSDataView::JSDataView): (JSC::JSDataView::create): (JSC::JSDataView::createUninitialized): (JSC::JSDataView::set): (JSC::JSDataView::typedImpl): (JSC::JSDataView::getOwnPropertySlot): (JSC::JSDataView::getOwnPropertyDescriptor): (JSC::JSDataView::slowDownAndWasteMemory): (JSC::JSDataView::getTypedArrayImpl): (JSC::JSDataView::createStructure): * runtime/JSDataView.h: Added. * runtime/JSDataViewPrototype.cpp: Added. (JSC::JSDataViewPrototype::JSDataViewPrototype): (JSC::JSDataViewPrototype::create): (JSC::JSDataViewPrototype::createStructure): (JSC::JSDataViewPrototype::getOwnPropertySlot): (JSC::JSDataViewPrototype::getOwnPropertyDescriptor): (JSC::getData): (JSC::setData): (JSC::dataViewProtoFuncGetInt8): (JSC::dataViewProtoFuncGetInt16): (JSC::dataViewProtoFuncGetInt32): (JSC::dataViewProtoFuncGetUint8): (JSC::dataViewProtoFuncGetUint16): (JSC::dataViewProtoFuncGetUint32): (JSC::dataViewProtoFuncGetFloat32): (JSC::dataViewProtoFuncGetFloat64): (JSC::dataViewProtoFuncSetInt8): (JSC::dataViewProtoFuncSetInt16): (JSC::dataViewProtoFuncSetInt32): (JSC::dataViewProtoFuncSetUint8): (JSC::dataViewProtoFuncSetUint16): (JSC::dataViewProtoFuncSetUint32): (JSC::dataViewProtoFuncSetFloat32): (JSC::dataViewProtoFuncSetFloat64): * runtime/JSDataViewPrototype.h: Added. * runtime/JSFloat32Array.h: Added. * runtime/JSFloat64Array.h: Added. * runtime/JSGenericTypedArrayView.h: Added. (JSC::JSGenericTypedArrayView::byteLength): (JSC::JSGenericTypedArrayView::byteSize): (JSC::JSGenericTypedArrayView::typedVector): (JSC::JSGenericTypedArrayView::canGetIndexQuickly): (JSC::JSGenericTypedArrayView::canSetIndexQuickly): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble): (JSC::JSGenericTypedArrayView::getIndexQuickly): (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue): (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble): (JSC::JSGenericTypedArrayView::setIndexQuickly): (JSC::JSGenericTypedArrayView::canAccessRangeQuickly): (JSC::JSGenericTypedArrayView::typedImpl): (JSC::JSGenericTypedArrayView::createStructure): (JSC::JSGenericTypedArrayView::info): (JSC::toNativeTypedView): * runtime/JSGenericTypedArrayViewConstructor.h: Added. * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added. (JSC::::JSGenericTypedArrayViewConstructor): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): (JSC::constructGenericTypedArrayView): (JSC::::getConstructData): (JSC::::getCallData): * runtime/JSGenericTypedArrayViewInlines.h: Added. (JSC::::JSGenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::validateRange): (JSC::::setWithSpecificType): (JSC::::set): (JSC::::getOwnPropertySlot): (JSC::::getOwnPropertyDescriptor): (JSC::::put): (JSC::::defineOwnProperty): (JSC::::deleteProperty): (JSC::::getOwnPropertySlotByIndex): (JSC::::putByIndex): (JSC::::deletePropertyByIndex): (JSC::::getOwnNonIndexPropertyNames): (JSC::::getOwnPropertyNames): (JSC::::visitChildren): (JSC::::copyBackingStore): (JSC::::slowDownAndWasteMemory): (JSC::::getTypedArrayImpl): * runtime/JSGenericTypedArrayViewPrototype.h: Added. * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added. (JSC::genericTypedArrayViewProtoFuncSet): (JSC::genericTypedArrayViewProtoFuncSubarray): (JSC::::JSGenericTypedArrayViewPrototype): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren): * runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype): (JSC::JSGlobalObject::arrayBufferStructure): (JSC::JSGlobalObject::typedArrayStructure): * runtime/JSInt16Array.h: Added. * runtime/JSInt32Array.h: Added. * runtime/JSInt8Array.h: Added. * runtime/JSTypedArrayConstructors.cpp: Added. * runtime/JSTypedArrayConstructors.h: Added. * runtime/JSTypedArrayPrototypes.cpp: Added. * runtime/JSTypedArrayPrototypes.h: Added. * runtime/JSTypedArrays.cpp: Added. * runtime/JSTypedArrays.h: Added. * runtime/JSUint16Array.h: Added. * runtime/JSUint32Array.h: Added. * runtime/JSUint8Array.h: Added. * runtime/JSUint8ClampedArray.h: Added. * runtime/Operations.h: * runtime/Options.h: * runtime/SimpleTypedArrayController.cpp: Added. (JSC::SimpleTypedArrayController::SimpleTypedArrayController): (JSC::SimpleTypedArrayController::~SimpleTypedArrayController): (JSC::SimpleTypedArrayController::toJS): * runtime/SimpleTypedArrayController.h: Added. * runtime/Structure.h: (JSC::Structure::couldHaveIndexingHeader): * runtime/StructureInlines.h: (JSC::Structure::hasIndexingHeader): * runtime/TypedArrayAdaptors.h: Added. (JSC::IntegralTypedArrayAdaptor::toNative): (JSC::IntegralTypedArrayAdaptor::toJSValue): (JSC::IntegralTypedArrayAdaptor::toDouble): (JSC::FloatTypedArrayAdaptor::toNative): (JSC::FloatTypedArrayAdaptor::toJSValue): (JSC::FloatTypedArrayAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::toNative): (JSC::Uint8ClampedAdaptor::toJSValue): (JSC::Uint8ClampedAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::clamp): * runtime/TypedArrayController.cpp: Added. (JSC::TypedArrayController::TypedArrayController): (JSC::TypedArrayController::~TypedArrayController): * runtime/TypedArrayController.h: Added. * runtime/TypedArrayDescriptor.h: Removed. * runtime/TypedArrayInlines.h: Added. * runtime/TypedArrayType.cpp: Added. (JSC::classInfoForType): (WTF::printInternal): * runtime/TypedArrayType.h: Added. (JSC::toIndex): (JSC::isTypedView): (JSC::elementSize): (JSC::isInt): (JSC::isFloat): (JSC::isSigned): (JSC::isClamped): * runtime/TypedArrays.h: Added. * runtime/Uint16Array.h: * runtime/Uint32Array.h: * runtime/Uint8Array.h: * runtime/Uint8ClampedArray.h: * runtime/VM.cpp: (JSC::VM::VM): (JSC::VM::~VM): * runtime/VM.h: Source/WebCore: Reviewed by Oliver Hunt. Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a client of them. There is only one layering violation: WebCore installs a WebCoreTypedArrayController on VM, which makes the ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default, JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer alive but if ArrayBuffer is kept alive from native code then the JSArrayByffer may die. WebCoreTypedArrayController will keep the JSArrayBuffer alive if the ArrayBuffer is in the opaque root set. To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is changed to make most references to wrappers refer to JSObject* rather than JSDOMWrapper*. Array buffer views are now transient; the JS array buffer view wrappers don't own them or keep them alive. This required a bunch of changes to make bindings code use RefPtr<ArrayBufferView> to hold onto their views. Also there is a bunch of new code to make JSC-provided array buffers and views obey the toJS/to<ClassName> idiom for wrapping and unwrapping. Finally, the DataView API is now completely different: the JSDataView provides the same user-visible JS API but using its own internal magic; the C++ code that uses DataView now uses a rather different API that is not aware of usual DOM semantics, since it's in JSC and not WebCore. It's equally useful for all of WebCore's purposes, but some code had to change to adapt the new conventions. Some tests have been changed or rebased due to changes in behavior, that bring us into conformance with where the standards are going and allow us to match Firefox behavior. Automake work and some additional GTK changes courtesy of Zan Dobersek <zdobersek@igalia.com>. Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>. * CMakeLists.txt: * DerivedSources.make: * ForwardingHeaders/runtime/DataView.h: Added. * ForwardingHeaders/runtime/JSArrayBuffer.h: Added. * ForwardingHeaders/runtime/JSArrayBufferView.h: Added. * ForwardingHeaders/runtime/JSDataView.h: Added. * ForwardingHeaders/runtime/JSTypedArrays.h: Added. * ForwardingHeaders/runtime/TypedArrayController.h: Added. * ForwardingHeaders/runtime/TypedArrayInlines.h: Added. * ForwardingHeaders/runtime/TypedArrays.h: Added. * GNUmakefile.list.am: * Modules/webaudio/RealtimeAnalyser.h: * Target.pri: * UseJSC.cmake: * WebCore.exp.in: * WebCore.vcxproj/WebCore.vcxproj: * WebCore.xcodeproj/project.pbxproj: * bindings/js/DOMWrapperWorld.h: * bindings/js/JSArrayBufferCustom.cpp: Removed. * bindings/js/JSArrayBufferViewHelper.h: Removed. * bindings/js/JSAudioContextCustom.cpp: * bindings/js/JSBindingsAllInOne.cpp: * bindings/js/JSBlobCustom.cpp: * bindings/js/JSCSSRuleCustom.cpp: (WebCore::toJS): * bindings/js/JSCSSValueCustom.cpp: (WebCore::toJS): * bindings/js/JSCryptoCustom.cpp: (WebCore::JSCrypto::getRandomValues): * bindings/js/JSDOMBinding.h: (WebCore::wrapperOwner): (WebCore::wrapperContext): (WebCore::getInlineCachedWrapper): (WebCore::setInlineCachedWrapper): (WebCore::clearInlineCachedWrapper): (WebCore::getCachedWrapper): (WebCore::cacheWrapper): (WebCore::uncacheWrapper): (WebCore::wrap): (WebCore::toJS): (WebCore::toArrayBufferView): (WebCore::toInt8Array): (WebCore::toInt16Array): (WebCore::toInt32Array): (WebCore::toUint8Array): (WebCore::toUint8ClampedArray): (WebCore::toUint16Array): (WebCore::toUint32Array): (WebCore::toFloat32Array): (WebCore::toFloat64Array): (WebCore::toDataView): * bindings/js/JSDataViewCustom.cpp: Removed. * bindings/js/JSDictionary.cpp: * bindings/js/JSDictionary.h: * bindings/js/JSDocumentCustom.cpp: (WebCore::JSDocument::location): (WebCore::toJS): * bindings/js/JSEventCustom.cpp: (WebCore::toJS): * bindings/js/JSFileReaderCustom.cpp: * bindings/js/JSHTMLCollectionCustom.cpp: (WebCore::toJS): * bindings/js/JSHTMLTemplateElementCustom.cpp: (WebCore::JSHTMLTemplateElement::content): * bindings/js/JSImageDataCustom.cpp: (WebCore::toJS): * bindings/js/JSInjectedScriptHostCustom.cpp: * bindings/js/JSMessageEventCustom.cpp: * bindings/js/JSMessagePortCustom.cpp: * bindings/js/JSSVGPathSegCustom.cpp: (WebCore::toJS): * bindings/js/JSStyleSheetCustom.cpp: (WebCore::toJS): * bindings/js/JSTrackCustom.cpp: (WebCore::toJS): * bindings/js/JSWebGLRenderingContextCustom.cpp: * bindings/js/JSXMLHttpRequestCustom.cpp: (WebCore::JSXMLHttpRequest::send): * bindings/js/SerializedScriptValue.cpp: (WebCore::SerializedScriptValue::transferArrayBuffers): * bindings/js/WebCoreJSClientData.h: (WebCore::initNormalWorldClientData): * bindings/js/WebCoreTypedArrayController.cpp: Added. (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::toJS): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize): * bindings/js/WebCoreTypedArrayController.h: Added. (WebCore::WebCoreTypedArrayController::wrapperOwner): * bindings/scripts/CodeGenerator.pm: (ForAllParents): (ParseInterface): (SkipIncludeHeader): (IsTypedArrayType): (IsWrapperType): * bindings/scripts/CodeGeneratorJS.pm: (AddIncludesForType): (GenerateHeader): (GenerateImplementation): (GenerateParametersCheck): (GetNativeType): (JSValueToNative): (NativeToJSValue): (GenerateConstructorDefinition): (GenerateConstructorHelperMethods): * fileapi/WebKitBlobBuilder.cpp: (WebCore::BlobBuilder::append): * fileapi/WebKitBlobBuilder.h: * html/canvas/ArrayBuffer.idl: Removed. * html/canvas/ArrayBufferView.idl: Removed. * html/canvas/DataView.cpp: Removed. * html/canvas/DataView.h: Removed. * html/canvas/DataView.idl: Removed. * html/canvas/Float32Array.idl: Removed. * html/canvas/Float64Array.idl: Removed. * html/canvas/Int16Array.idl: Removed. * html/canvas/Int32Array.idl: Removed. * html/canvas/Int8Array.idl: Removed. * html/canvas/Uint16Array.idl: Removed. * html/canvas/Uint32Array.idl: Removed. * html/canvas/Uint8Array.idl: Removed. * html/canvas/Uint8ClampedArray.idl: Removed. * html/canvas/WebGLRenderingContext.cpp: (WebCore::WebGLRenderingContext::readPixels): (WebCore::WebGLRenderingContext::validateTexFuncData): * page/Crypto.cpp: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource): (WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData): * platform/graphics/filters/FECustomFilter.h: * platform/graphics/filters/FEGaussianBlur.cpp: * platform/graphics/filters/FilterEffect.cpp: * testing/MockCDM.cpp: Source/WebKit2: Reviewed by Oliver Hunt. You don't need to include JSUint8Array anymore if you just want to unwrap one; JSDOMBinding gives you all of the things you need. * WebProcess/InjectedBundle/InjectedBundle.cpp: Source/WTF: Reviewed by Oliver Hunt. - Added the notion of a reference counted object that can be marked Deferred, which is like a special-purpose upref. - Added a common byte flipper. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * GNUmakefile.list.am: * WTF.xcodeproj/project.pbxproj: * wtf/DeferrableRefCounted.h: Added. (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::hasOneRef): (WTF::DeferrableRefCountedBase::refCount): (WTF::DeferrableRefCountedBase::isDeferred): (WTF::DeferrableRefCountedBase::DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCountedBase::setIsDeferredBase): (WTF::DeferrableRefCounted::deref): (WTF::DeferrableRefCounted::setIsDeferred): (WTF::DeferrableRefCounted::DeferrableRefCounted): (WTF::DeferrableRefCounted::~DeferrableRefCounted): * wtf/FlipBytes.h: Added. (WTF::needToFlipBytesIfLittleEndian): (WTF::flipBytes): (WTF::flipBytesIfLittleEndian): LayoutTests: Reviewed by Oliver Hunt. * fast/canvas/webgl/array-set-invalid-arguments-expected.txt: * fast/canvas/webgl/array-set-out-of-bounds-expected.txt: * fast/canvas/webgl/array-unit-tests-expected.txt: * fast/canvas/webgl/array-unit-tests.html: * fast/canvas/webgl/data-view-crash-expected.txt: * fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js: (checkView): * fast/dom/call-a-constructor-as-a-function-expected.txt: * fast/dom/call-a-constructor-as-a-function.html: * fast/js/constructor-length.html: * fast/js/global-constructors-attributes-dedicated-worker-expected.txt: * fast/js/global-constructors-attributes-expected.txt: * fast/js/global-constructors-attributes-shared-worker-expected.txt: * fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added. * fast/js/regress/Int32Array-alloc-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-huge.html: Added. * fast/js/regress/Int32Array-alloc-large-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-large.html: Added. * fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-long-lived.html: Added. * fast/js/regress/Int32Array-alloc.html: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc.js: Added. * platform/mac/fast/js/constructor-length-expected.txt: * webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html: * webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html: Canonical link: https://commits.webkit.org/137806@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-08-15 20:43:06 +00:00
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
[Fetch API] Use Ref<const T> in FetchBody::m_data variant https://bugs.webkit.org/show_bug.cgi?id=162599 Patch by Youenn Fablet <youenn@apple.com> on 2016-09-27 Reviewed by Alex Christensen. Source/WebCore: Covered by existing tests. Using Ref<const T> for all variants of m_data except for FormData since FetchBody is actually creating it and may modifiy it. Updating blob loading code path to use a const Blob& instead of a Blob&. * Modules/fetch/FetchBody.cpp: (WebCore::FetchBody::FetchBody): (WebCore::FetchBody::extract): (WebCore::FetchBody::clone): * Modules/fetch/FetchBody.h: (WebCore::FetchBody::blobBody): (WebCore::FetchBody::arrayBufferBody): (WebCore::FetchBody::arrayBufferViewBody): * Modules/fetch/FetchBodyOwner.cpp: (WebCore::FetchBodyOwner::loadBlob): * Modules/fetch/FetchBodyOwner.h: * Modules/fetch/FetchLoader.cpp: (WebCore::FetchLoader::start): * Modules/fetch/FetchLoader.h: Source/WTF: Enabling to use DeferrableRefCounted<const T> by making m_refCount mutable. * wtf/DeferrableRefCounted.h: (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCounted::deref): Canonical link: https://commits.webkit.org/180554@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@206438 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-09-27 16:47:49 +00:00
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Typed arrays should be rewritten https://bugs.webkit.org/show_bug.cgi?id=119064 .: Reviewed by Oliver Hunt. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * Source/autotools/symbols.filter: Source/JavaScriptCore: Reviewed by Oliver Hunt. Typed arrays were previously deficient in several major ways: - They were defined separately in WebCore and in the jsc shell. The two implementations were different, and the jsc shell one was basically wrong. The WebCore one was quite awful, also. - Typed arrays were not visible to the JIT except through some weird hooks. For example, the JIT could not ask "what is the Structure that this typed array would have if I just allocated it from this global object". Also, it was difficult to wire any of the typed array intrinsics, because most of the functionality wasn't visible anywhere in JSC. - Typed array allocation was brain-dead. Allocating a typed array involved two JS objects, two GC weak handles, and three malloc allocations. - Neutering. It involved keeping tabs on all native views but not the view wrappers, even though the native views can autoneuter just by asking the buffer if it was neutered anytime you touch them; while the JS view wrappers are the ones that you really want to reach out to. - Common case-ing. Most typed arrays have one buffer and one view, and usually nobody touches the buffer. Yet we created all of that stuff anyway, using data structures optimized for the case where you had a lot of views. - Semantic goofs. Typed arrays should, in the future, behave like ES features rather than DOM features, for example when it comes to exceptions. Firefox already does this and I agree with them. This patch cleanses our codebase of these sins: - Typed arrays are almost entirely defined in JSC. Only the lifecycle management of native references to buffers is left to WebCore. - Allocating a typed array requires either two GC allocations (a cell and a copied storage vector) or one GC allocation, a malloc allocation, and a weak handle (a cell and a malloc'd storage vector, plus a finalizer for the latter). The latter is only used for oversize arrays. Remember that before it was 7 allocations no matter what. - Typed arrays require just 4 words of overhead: Structure*, Butterfly*, mode/length, void* vector. Before it was a lot more than that - remember, there were five additional objects that did absolutely nothing for anybody. - Native views aren't tracked by the buffer, or by the wrappers. They are transient. In the future we'll probably switch to not even having them be malloc'd. - Native array buffers have an efficient way of tracking all of their JS view wrappers, both for neutering, and for lifecycle management. The GC special-cases native array buffers. This saves a bunch of grief; for example it means that a JS view wrapper can refer to its buffer via the butterfly, which would be dead by the time we went to finalize. - Typed array semantics now match Firefox, which also happens to be where the standards are going. The discussion on webkit-dev seemed to confirm that Chrome is also heading in this direction. This includes making Uint8ClampedArray not a subtype of Uint8Array, and getting rid of ArrayBufferView as a JS-visible construct. This is up to a 10x speed-up on programs that allocate a lot of typed arrays. It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for further typed array optimizations in the JSC JITs, including inlining typed array allocation, inlining more of the accessors, reducing the cost of type checks, etc. An additional property of this patch is that typed arrays are mostly implemented using templates. This deduplicates a bunch of code, but does mean that we need some hacks for exporting s_info's of template classes. See JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly low-impact compared to code duplication. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * CMakeLists.txt: * DerivedSources.make: * GNUmakefile.list.am: * JSCTypedArrayStubs.h: Removed. * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * bytecode/ByValInfo.h: (JSC::hasOptimizableIndexingForClassInfo): (JSC::jitArrayModeForClassInfo): (JSC::typedArrayTypeForJITArrayMode): * bytecode/SpeculatedType.cpp: (JSC::speculationFromClassInfo): * dfg/DFGArrayMode.cpp: (JSC::DFG::toTypedArrayType): * dfg/DFGArrayMode.h: (JSC::DFG::ArrayMode::typedArrayType): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetArrayLength): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * heap/CopyToken.h: * heap/DeferGC.h: (JSC::DeferGCForAWhile::DeferGCForAWhile): (JSC::DeferGCForAWhile::~DeferGCForAWhile): * heap/GCIncomingRefCounted.h: Added. (JSC::GCIncomingRefCounted::GCIncomingRefCounted): (JSC::GCIncomingRefCounted::~GCIncomingRefCounted): (JSC::GCIncomingRefCounted::numberOfIncomingReferences): (JSC::GCIncomingRefCounted::incomingReferenceAt): (JSC::GCIncomingRefCounted::singletonFlag): (JSC::GCIncomingRefCounted::hasVectorOfCells): (JSC::GCIncomingRefCounted::hasAnyIncoming): (JSC::GCIncomingRefCounted::hasSingleton): (JSC::GCIncomingRefCounted::singleton): (JSC::GCIncomingRefCounted::vectorOfCells): * heap/GCIncomingRefCountedInlines.h: Added. (JSC::::addIncomingReference): (JSC::::filterIncomingReferences): * heap/GCIncomingRefCountedSet.h: Added. (JSC::GCIncomingRefCountedSet::size): * heap/GCIncomingRefCountedSetInlines.h: Added. (JSC::::GCIncomingRefCountedSet): (JSC::::~GCIncomingRefCountedSet): (JSC::::addReference): (JSC::::sweep): (JSC::::removeAll): (JSC::::removeDead): * heap/Heap.cpp: (JSC::Heap::addReference): (JSC::Heap::extraSize): (JSC::Heap::size): (JSC::Heap::capacity): (JSC::Heap::collect): (JSC::Heap::decrementDeferralDepth): (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): * heap/Heap.h: * interpreter/CallFrame.h: (JSC::ExecState::dataViewTable): * jit/JIT.h: * jit/JITPropertyAccess.cpp: (JSC::JIT::privateCompileGetByVal): (JSC::JIT::privateCompilePutByVal): (JSC::JIT::emitIntTypedArrayGetByVal): (JSC::JIT::emitFloatTypedArrayGetByVal): (JSC::JIT::emitIntTypedArrayPutByVal): (JSC::JIT::emitFloatTypedArrayPutByVal): * jsc.cpp: (GlobalObject::finishCreation): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::ArrayBuffer): (JSC::ArrayBuffer::gcSizeEstimateInBytes): (JSC::ArrayBuffer::pin): (JSC::ArrayBuffer::unpin): (JSC::ArrayBufferContents::tryAllocate): * runtime/ArrayBufferView.cpp: (JSC::ArrayBufferView::ArrayBufferView): (JSC::ArrayBufferView::~ArrayBufferView): (JSC::ArrayBufferView::setNeuterable): * runtime/ArrayBufferView.h: (JSC::ArrayBufferView::isNeutered): (JSC::ArrayBufferView::buffer): (JSC::ArrayBufferView::baseAddress): (JSC::ArrayBufferView::byteOffset): (JSC::ArrayBufferView::verifySubRange): (JSC::ArrayBufferView::clampOffsetAndNumElements): (JSC::ArrayBufferView::calculateOffsetAndLength): * runtime/ClassInfo.h: * runtime/CommonIdentifiers.h: * runtime/DataView.cpp: Added. (JSC::DataView::DataView): (JSC::DataView::create): (JSC::DataView::wrap): * runtime/DataView.h: Added. (JSC::DataView::byteLength): (JSC::DataView::getType): (JSC::DataView::get): (JSC::DataView::set): * runtime/Float32Array.h: * runtime/Float64Array.h: * runtime/GenericTypedArrayView.h: Added. (JSC::GenericTypedArrayView::data): (JSC::GenericTypedArrayView::set): (JSC::GenericTypedArrayView::setRange): (JSC::GenericTypedArrayView::zeroRange): (JSC::GenericTypedArrayView::zeroFill): (JSC::GenericTypedArrayView::length): (JSC::GenericTypedArrayView::byteLength): (JSC::GenericTypedArrayView::item): (JSC::GenericTypedArrayView::checkInboundData): (JSC::GenericTypedArrayView::getType): * runtime/GenericTypedArrayViewInlines.h: Added. (JSC::::GenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::subarray): (JSC::::wrap): * runtime/IndexingHeader.h: (JSC::IndexingHeader::arrayBuffer): (JSC::IndexingHeader::setArrayBuffer): * runtime/Int16Array.h: * runtime/Int32Array.h: * runtime/Int8Array.h: * runtime/JSArrayBuffer.cpp: Added. (JSC::JSArrayBuffer::JSArrayBuffer): (JSC::JSArrayBuffer::finishCreation): (JSC::JSArrayBuffer::create): (JSC::JSArrayBuffer::createStructure): (JSC::JSArrayBuffer::getOwnPropertySlot): (JSC::JSArrayBuffer::getOwnPropertyDescriptor): (JSC::JSArrayBuffer::put): (JSC::JSArrayBuffer::defineOwnProperty): (JSC::JSArrayBuffer::deleteProperty): (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames): * runtime/JSArrayBuffer.h: Added. (JSC::JSArrayBuffer::impl): (JSC::toArrayBuffer): * runtime/JSArrayBufferConstructor.cpp: Added. (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor): (JSC::JSArrayBufferConstructor::finishCreation): (JSC::JSArrayBufferConstructor::create): (JSC::JSArrayBufferConstructor::createStructure): (JSC::constructArrayBuffer): (JSC::JSArrayBufferConstructor::getConstructData): (JSC::JSArrayBufferConstructor::getCallData): * runtime/JSArrayBufferConstructor.h: Added. * runtime/JSArrayBufferPrototype.cpp: Added. (JSC::arrayBufferProtoFuncSlice): (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype): (JSC::JSArrayBufferPrototype::finishCreation): (JSC::JSArrayBufferPrototype::create): (JSC::JSArrayBufferPrototype::createStructure): * runtime/JSArrayBufferPrototype.h: Added. * runtime/JSArrayBufferView.cpp: Added. (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): (JSC::JSArrayBufferView::JSArrayBufferView): (JSC::JSArrayBufferView::finishCreation): (JSC::JSArrayBufferView::getOwnPropertySlot): (JSC::JSArrayBufferView::getOwnPropertyDescriptor): (JSC::JSArrayBufferView::put): (JSC::JSArrayBufferView::defineOwnProperty): (JSC::JSArrayBufferView::deleteProperty): (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames): (JSC::JSArrayBufferView::finalize): * runtime/JSArrayBufferView.h: Added. (JSC::JSArrayBufferView::sizeOf): (JSC::JSArrayBufferView::ConstructionContext::operator!): (JSC::JSArrayBufferView::ConstructionContext::structure): (JSC::JSArrayBufferView::ConstructionContext::vector): (JSC::JSArrayBufferView::ConstructionContext::length): (JSC::JSArrayBufferView::ConstructionContext::mode): (JSC::JSArrayBufferView::ConstructionContext::butterfly): (JSC::JSArrayBufferView::mode): (JSC::JSArrayBufferView::vector): (JSC::JSArrayBufferView::length): (JSC::JSArrayBufferView::offsetOfVector): (JSC::JSArrayBufferView::offsetOfLength): (JSC::JSArrayBufferView::offsetOfMode): * runtime/JSArrayBufferViewInlines.h: Added. (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary): (JSC::JSArrayBufferView::buffer): (JSC::JSArrayBufferView::impl): (JSC::JSArrayBufferView::neuter): (JSC::JSArrayBufferView::byteOffset): * runtime/JSCell.cpp: (JSC::JSCell::slowDownAndWasteMemory): (JSC::JSCell::getTypedArrayImpl): * runtime/JSCell.h: * runtime/JSDataView.cpp: Added. (JSC::JSDataView::JSDataView): (JSC::JSDataView::create): (JSC::JSDataView::createUninitialized): (JSC::JSDataView::set): (JSC::JSDataView::typedImpl): (JSC::JSDataView::getOwnPropertySlot): (JSC::JSDataView::getOwnPropertyDescriptor): (JSC::JSDataView::slowDownAndWasteMemory): (JSC::JSDataView::getTypedArrayImpl): (JSC::JSDataView::createStructure): * runtime/JSDataView.h: Added. * runtime/JSDataViewPrototype.cpp: Added. (JSC::JSDataViewPrototype::JSDataViewPrototype): (JSC::JSDataViewPrototype::create): (JSC::JSDataViewPrototype::createStructure): (JSC::JSDataViewPrototype::getOwnPropertySlot): (JSC::JSDataViewPrototype::getOwnPropertyDescriptor): (JSC::getData): (JSC::setData): (JSC::dataViewProtoFuncGetInt8): (JSC::dataViewProtoFuncGetInt16): (JSC::dataViewProtoFuncGetInt32): (JSC::dataViewProtoFuncGetUint8): (JSC::dataViewProtoFuncGetUint16): (JSC::dataViewProtoFuncGetUint32): (JSC::dataViewProtoFuncGetFloat32): (JSC::dataViewProtoFuncGetFloat64): (JSC::dataViewProtoFuncSetInt8): (JSC::dataViewProtoFuncSetInt16): (JSC::dataViewProtoFuncSetInt32): (JSC::dataViewProtoFuncSetUint8): (JSC::dataViewProtoFuncSetUint16): (JSC::dataViewProtoFuncSetUint32): (JSC::dataViewProtoFuncSetFloat32): (JSC::dataViewProtoFuncSetFloat64): * runtime/JSDataViewPrototype.h: Added. * runtime/JSFloat32Array.h: Added. * runtime/JSFloat64Array.h: Added. * runtime/JSGenericTypedArrayView.h: Added. (JSC::JSGenericTypedArrayView::byteLength): (JSC::JSGenericTypedArrayView::byteSize): (JSC::JSGenericTypedArrayView::typedVector): (JSC::JSGenericTypedArrayView::canGetIndexQuickly): (JSC::JSGenericTypedArrayView::canSetIndexQuickly): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble): (JSC::JSGenericTypedArrayView::getIndexQuickly): (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue): (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble): (JSC::JSGenericTypedArrayView::setIndexQuickly): (JSC::JSGenericTypedArrayView::canAccessRangeQuickly): (JSC::JSGenericTypedArrayView::typedImpl): (JSC::JSGenericTypedArrayView::createStructure): (JSC::JSGenericTypedArrayView::info): (JSC::toNativeTypedView): * runtime/JSGenericTypedArrayViewConstructor.h: Added. * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added. (JSC::::JSGenericTypedArrayViewConstructor): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): (JSC::constructGenericTypedArrayView): (JSC::::getConstructData): (JSC::::getCallData): * runtime/JSGenericTypedArrayViewInlines.h: Added. (JSC::::JSGenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::validateRange): (JSC::::setWithSpecificType): (JSC::::set): (JSC::::getOwnPropertySlot): (JSC::::getOwnPropertyDescriptor): (JSC::::put): (JSC::::defineOwnProperty): (JSC::::deleteProperty): (JSC::::getOwnPropertySlotByIndex): (JSC::::putByIndex): (JSC::::deletePropertyByIndex): (JSC::::getOwnNonIndexPropertyNames): (JSC::::getOwnPropertyNames): (JSC::::visitChildren): (JSC::::copyBackingStore): (JSC::::slowDownAndWasteMemory): (JSC::::getTypedArrayImpl): * runtime/JSGenericTypedArrayViewPrototype.h: Added. * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added. (JSC::genericTypedArrayViewProtoFuncSet): (JSC::genericTypedArrayViewProtoFuncSubarray): (JSC::::JSGenericTypedArrayViewPrototype): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren): * runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype): (JSC::JSGlobalObject::arrayBufferStructure): (JSC::JSGlobalObject::typedArrayStructure): * runtime/JSInt16Array.h: Added. * runtime/JSInt32Array.h: Added. * runtime/JSInt8Array.h: Added. * runtime/JSTypedArrayConstructors.cpp: Added. * runtime/JSTypedArrayConstructors.h: Added. * runtime/JSTypedArrayPrototypes.cpp: Added. * runtime/JSTypedArrayPrototypes.h: Added. * runtime/JSTypedArrays.cpp: Added. * runtime/JSTypedArrays.h: Added. * runtime/JSUint16Array.h: Added. * runtime/JSUint32Array.h: Added. * runtime/JSUint8Array.h: Added. * runtime/JSUint8ClampedArray.h: Added. * runtime/Operations.h: * runtime/Options.h: * runtime/SimpleTypedArrayController.cpp: Added. (JSC::SimpleTypedArrayController::SimpleTypedArrayController): (JSC::SimpleTypedArrayController::~SimpleTypedArrayController): (JSC::SimpleTypedArrayController::toJS): * runtime/SimpleTypedArrayController.h: Added. * runtime/Structure.h: (JSC::Structure::couldHaveIndexingHeader): * runtime/StructureInlines.h: (JSC::Structure::hasIndexingHeader): * runtime/TypedArrayAdaptors.h: Added. (JSC::IntegralTypedArrayAdaptor::toNative): (JSC::IntegralTypedArrayAdaptor::toJSValue): (JSC::IntegralTypedArrayAdaptor::toDouble): (JSC::FloatTypedArrayAdaptor::toNative): (JSC::FloatTypedArrayAdaptor::toJSValue): (JSC::FloatTypedArrayAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::toNative): (JSC::Uint8ClampedAdaptor::toJSValue): (JSC::Uint8ClampedAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::clamp): * runtime/TypedArrayController.cpp: Added. (JSC::TypedArrayController::TypedArrayController): (JSC::TypedArrayController::~TypedArrayController): * runtime/TypedArrayController.h: Added. * runtime/TypedArrayDescriptor.h: Removed. * runtime/TypedArrayInlines.h: Added. * runtime/TypedArrayType.cpp: Added. (JSC::classInfoForType): (WTF::printInternal): * runtime/TypedArrayType.h: Added. (JSC::toIndex): (JSC::isTypedView): (JSC::elementSize): (JSC::isInt): (JSC::isFloat): (JSC::isSigned): (JSC::isClamped): * runtime/TypedArrays.h: Added. * runtime/Uint16Array.h: * runtime/Uint32Array.h: * runtime/Uint8Array.h: * runtime/Uint8ClampedArray.h: * runtime/VM.cpp: (JSC::VM::VM): (JSC::VM::~VM): * runtime/VM.h: Source/WebCore: Reviewed by Oliver Hunt. Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a client of them. There is only one layering violation: WebCore installs a WebCoreTypedArrayController on VM, which makes the ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default, JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer alive but if ArrayBuffer is kept alive from native code then the JSArrayByffer may die. WebCoreTypedArrayController will keep the JSArrayBuffer alive if the ArrayBuffer is in the opaque root set. To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is changed to make most references to wrappers refer to JSObject* rather than JSDOMWrapper*. Array buffer views are now transient; the JS array buffer view wrappers don't own them or keep them alive. This required a bunch of changes to make bindings code use RefPtr<ArrayBufferView> to hold onto their views. Also there is a bunch of new code to make JSC-provided array buffers and views obey the toJS/to<ClassName> idiom for wrapping and unwrapping. Finally, the DataView API is now completely different: the JSDataView provides the same user-visible JS API but using its own internal magic; the C++ code that uses DataView now uses a rather different API that is not aware of usual DOM semantics, since it's in JSC and not WebCore. It's equally useful for all of WebCore's purposes, but some code had to change to adapt the new conventions. Some tests have been changed or rebased due to changes in behavior, that bring us into conformance with where the standards are going and allow us to match Firefox behavior. Automake work and some additional GTK changes courtesy of Zan Dobersek <zdobersek@igalia.com>. Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>. * CMakeLists.txt: * DerivedSources.make: * ForwardingHeaders/runtime/DataView.h: Added. * ForwardingHeaders/runtime/JSArrayBuffer.h: Added. * ForwardingHeaders/runtime/JSArrayBufferView.h: Added. * ForwardingHeaders/runtime/JSDataView.h: Added. * ForwardingHeaders/runtime/JSTypedArrays.h: Added. * ForwardingHeaders/runtime/TypedArrayController.h: Added. * ForwardingHeaders/runtime/TypedArrayInlines.h: Added. * ForwardingHeaders/runtime/TypedArrays.h: Added. * GNUmakefile.list.am: * Modules/webaudio/RealtimeAnalyser.h: * Target.pri: * UseJSC.cmake: * WebCore.exp.in: * WebCore.vcxproj/WebCore.vcxproj: * WebCore.xcodeproj/project.pbxproj: * bindings/js/DOMWrapperWorld.h: * bindings/js/JSArrayBufferCustom.cpp: Removed. * bindings/js/JSArrayBufferViewHelper.h: Removed. * bindings/js/JSAudioContextCustom.cpp: * bindings/js/JSBindingsAllInOne.cpp: * bindings/js/JSBlobCustom.cpp: * bindings/js/JSCSSRuleCustom.cpp: (WebCore::toJS): * bindings/js/JSCSSValueCustom.cpp: (WebCore::toJS): * bindings/js/JSCryptoCustom.cpp: (WebCore::JSCrypto::getRandomValues): * bindings/js/JSDOMBinding.h: (WebCore::wrapperOwner): (WebCore::wrapperContext): (WebCore::getInlineCachedWrapper): (WebCore::setInlineCachedWrapper): (WebCore::clearInlineCachedWrapper): (WebCore::getCachedWrapper): (WebCore::cacheWrapper): (WebCore::uncacheWrapper): (WebCore::wrap): (WebCore::toJS): (WebCore::toArrayBufferView): (WebCore::toInt8Array): (WebCore::toInt16Array): (WebCore::toInt32Array): (WebCore::toUint8Array): (WebCore::toUint8ClampedArray): (WebCore::toUint16Array): (WebCore::toUint32Array): (WebCore::toFloat32Array): (WebCore::toFloat64Array): (WebCore::toDataView): * bindings/js/JSDataViewCustom.cpp: Removed. * bindings/js/JSDictionary.cpp: * bindings/js/JSDictionary.h: * bindings/js/JSDocumentCustom.cpp: (WebCore::JSDocument::location): (WebCore::toJS): * bindings/js/JSEventCustom.cpp: (WebCore::toJS): * bindings/js/JSFileReaderCustom.cpp: * bindings/js/JSHTMLCollectionCustom.cpp: (WebCore::toJS): * bindings/js/JSHTMLTemplateElementCustom.cpp: (WebCore::JSHTMLTemplateElement::content): * bindings/js/JSImageDataCustom.cpp: (WebCore::toJS): * bindings/js/JSInjectedScriptHostCustom.cpp: * bindings/js/JSMessageEventCustom.cpp: * bindings/js/JSMessagePortCustom.cpp: * bindings/js/JSSVGPathSegCustom.cpp: (WebCore::toJS): * bindings/js/JSStyleSheetCustom.cpp: (WebCore::toJS): * bindings/js/JSTrackCustom.cpp: (WebCore::toJS): * bindings/js/JSWebGLRenderingContextCustom.cpp: * bindings/js/JSXMLHttpRequestCustom.cpp: (WebCore::JSXMLHttpRequest::send): * bindings/js/SerializedScriptValue.cpp: (WebCore::SerializedScriptValue::transferArrayBuffers): * bindings/js/WebCoreJSClientData.h: (WebCore::initNormalWorldClientData): * bindings/js/WebCoreTypedArrayController.cpp: Added. (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::toJS): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize): * bindings/js/WebCoreTypedArrayController.h: Added. (WebCore::WebCoreTypedArrayController::wrapperOwner): * bindings/scripts/CodeGenerator.pm: (ForAllParents): (ParseInterface): (SkipIncludeHeader): (IsTypedArrayType): (IsWrapperType): * bindings/scripts/CodeGeneratorJS.pm: (AddIncludesForType): (GenerateHeader): (GenerateImplementation): (GenerateParametersCheck): (GetNativeType): (JSValueToNative): (NativeToJSValue): (GenerateConstructorDefinition): (GenerateConstructorHelperMethods): * fileapi/WebKitBlobBuilder.cpp: (WebCore::BlobBuilder::append): * fileapi/WebKitBlobBuilder.h: * html/canvas/ArrayBuffer.idl: Removed. * html/canvas/ArrayBufferView.idl: Removed. * html/canvas/DataView.cpp: Removed. * html/canvas/DataView.h: Removed. * html/canvas/DataView.idl: Removed. * html/canvas/Float32Array.idl: Removed. * html/canvas/Float64Array.idl: Removed. * html/canvas/Int16Array.idl: Removed. * html/canvas/Int32Array.idl: Removed. * html/canvas/Int8Array.idl: Removed. * html/canvas/Uint16Array.idl: Removed. * html/canvas/Uint32Array.idl: Removed. * html/canvas/Uint8Array.idl: Removed. * html/canvas/Uint8ClampedArray.idl: Removed. * html/canvas/WebGLRenderingContext.cpp: (WebCore::WebGLRenderingContext::readPixels): (WebCore::WebGLRenderingContext::validateTexFuncData): * page/Crypto.cpp: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource): (WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData): * platform/graphics/filters/FECustomFilter.h: * platform/graphics/filters/FEGaussianBlur.cpp: * platform/graphics/filters/FilterEffect.cpp: * testing/MockCDM.cpp: Source/WebKit2: Reviewed by Oliver Hunt. You don't need to include JSUint8Array anymore if you just want to unwrap one; JSDOMBinding gives you all of the things you need. * WebProcess/InjectedBundle/InjectedBundle.cpp: Source/WTF: Reviewed by Oliver Hunt. - Added the notion of a reference counted object that can be marked Deferred, which is like a special-purpose upref. - Added a common byte flipper. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * GNUmakefile.list.am: * WTF.xcodeproj/project.pbxproj: * wtf/DeferrableRefCounted.h: Added. (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::hasOneRef): (WTF::DeferrableRefCountedBase::refCount): (WTF::DeferrableRefCountedBase::isDeferred): (WTF::DeferrableRefCountedBase::DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCountedBase::setIsDeferredBase): (WTF::DeferrableRefCounted::deref): (WTF::DeferrableRefCounted::setIsDeferred): (WTF::DeferrableRefCounted::DeferrableRefCounted): (WTF::DeferrableRefCounted::~DeferrableRefCounted): * wtf/FlipBytes.h: Added. (WTF::needToFlipBytesIfLittleEndian): (WTF::flipBytes): (WTF::flipBytesIfLittleEndian): LayoutTests: Reviewed by Oliver Hunt. * fast/canvas/webgl/array-set-invalid-arguments-expected.txt: * fast/canvas/webgl/array-set-out-of-bounds-expected.txt: * fast/canvas/webgl/array-unit-tests-expected.txt: * fast/canvas/webgl/array-unit-tests.html: * fast/canvas/webgl/data-view-crash-expected.txt: * fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js: (checkView): * fast/dom/call-a-constructor-as-a-function-expected.txt: * fast/dom/call-a-constructor-as-a-function.html: * fast/js/constructor-length.html: * fast/js/global-constructors-attributes-dedicated-worker-expected.txt: * fast/js/global-constructors-attributes-expected.txt: * fast/js/global-constructors-attributes-shared-worker-expected.txt: * fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added. * fast/js/regress/Int32Array-alloc-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-huge.html: Added. * fast/js/regress/Int32Array-alloc-large-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-large.html: Added. * fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-long-lived.html: Added. * fast/js/regress/Int32Array-alloc.html: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc.js: Added. * platform/mac/fast/js/constructor-length-expected.txt: * webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html: * webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html: Canonical link: https://commits.webkit.org/137806@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-08-15 20:43:06 +00:00
*/
[Fetch API] Use Ref<const T> in FetchBody::m_data variant https://bugs.webkit.org/show_bug.cgi?id=162599 Patch by Youenn Fablet <youenn@apple.com> on 2016-09-27 Reviewed by Alex Christensen. Source/WebCore: Covered by existing tests. Using Ref<const T> for all variants of m_data except for FormData since FetchBody is actually creating it and may modifiy it. Updating blob loading code path to use a const Blob& instead of a Blob&. * Modules/fetch/FetchBody.cpp: (WebCore::FetchBody::FetchBody): (WebCore::FetchBody::extract): (WebCore::FetchBody::clone): * Modules/fetch/FetchBody.h: (WebCore::FetchBody::blobBody): (WebCore::FetchBody::arrayBufferBody): (WebCore::FetchBody::arrayBufferViewBody): * Modules/fetch/FetchBodyOwner.cpp: (WebCore::FetchBodyOwner::loadBlob): * Modules/fetch/FetchBodyOwner.h: * Modules/fetch/FetchLoader.cpp: (WebCore::FetchLoader::start): * Modules/fetch/FetchLoader.h: Source/WTF: Enabling to use DeferrableRefCounted<const T> by making m_refCount mutable. * wtf/DeferrableRefCounted.h: (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCounted::deref): Canonical link: https://commits.webkit.org/180554@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@206438 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-09-27 16:47:49 +00:00
#pragma once
Typed arrays should be rewritten https://bugs.webkit.org/show_bug.cgi?id=119064 .: Reviewed by Oliver Hunt. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * Source/autotools/symbols.filter: Source/JavaScriptCore: Reviewed by Oliver Hunt. Typed arrays were previously deficient in several major ways: - They were defined separately in WebCore and in the jsc shell. The two implementations were different, and the jsc shell one was basically wrong. The WebCore one was quite awful, also. - Typed arrays were not visible to the JIT except through some weird hooks. For example, the JIT could not ask "what is the Structure that this typed array would have if I just allocated it from this global object". Also, it was difficult to wire any of the typed array intrinsics, because most of the functionality wasn't visible anywhere in JSC. - Typed array allocation was brain-dead. Allocating a typed array involved two JS objects, two GC weak handles, and three malloc allocations. - Neutering. It involved keeping tabs on all native views but not the view wrappers, even though the native views can autoneuter just by asking the buffer if it was neutered anytime you touch them; while the JS view wrappers are the ones that you really want to reach out to. - Common case-ing. Most typed arrays have one buffer and one view, and usually nobody touches the buffer. Yet we created all of that stuff anyway, using data structures optimized for the case where you had a lot of views. - Semantic goofs. Typed arrays should, in the future, behave like ES features rather than DOM features, for example when it comes to exceptions. Firefox already does this and I agree with them. This patch cleanses our codebase of these sins: - Typed arrays are almost entirely defined in JSC. Only the lifecycle management of native references to buffers is left to WebCore. - Allocating a typed array requires either two GC allocations (a cell and a copied storage vector) or one GC allocation, a malloc allocation, and a weak handle (a cell and a malloc'd storage vector, plus a finalizer for the latter). The latter is only used for oversize arrays. Remember that before it was 7 allocations no matter what. - Typed arrays require just 4 words of overhead: Structure*, Butterfly*, mode/length, void* vector. Before it was a lot more than that - remember, there were five additional objects that did absolutely nothing for anybody. - Native views aren't tracked by the buffer, or by the wrappers. They are transient. In the future we'll probably switch to not even having them be malloc'd. - Native array buffers have an efficient way of tracking all of their JS view wrappers, both for neutering, and for lifecycle management. The GC special-cases native array buffers. This saves a bunch of grief; for example it means that a JS view wrapper can refer to its buffer via the butterfly, which would be dead by the time we went to finalize. - Typed array semantics now match Firefox, which also happens to be where the standards are going. The discussion on webkit-dev seemed to confirm that Chrome is also heading in this direction. This includes making Uint8ClampedArray not a subtype of Uint8Array, and getting rid of ArrayBufferView as a JS-visible construct. This is up to a 10x speed-up on programs that allocate a lot of typed arrays. It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for further typed array optimizations in the JSC JITs, including inlining typed array allocation, inlining more of the accessors, reducing the cost of type checks, etc. An additional property of this patch is that typed arrays are mostly implemented using templates. This deduplicates a bunch of code, but does mean that we need some hacks for exporting s_info's of template classes. See JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly low-impact compared to code duplication. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * CMakeLists.txt: * DerivedSources.make: * GNUmakefile.list.am: * JSCTypedArrayStubs.h: Removed. * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * bytecode/ByValInfo.h: (JSC::hasOptimizableIndexingForClassInfo): (JSC::jitArrayModeForClassInfo): (JSC::typedArrayTypeForJITArrayMode): * bytecode/SpeculatedType.cpp: (JSC::speculationFromClassInfo): * dfg/DFGArrayMode.cpp: (JSC::DFG::toTypedArrayType): * dfg/DFGArrayMode.h: (JSC::DFG::ArrayMode::typedArrayType): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetArrayLength): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * heap/CopyToken.h: * heap/DeferGC.h: (JSC::DeferGCForAWhile::DeferGCForAWhile): (JSC::DeferGCForAWhile::~DeferGCForAWhile): * heap/GCIncomingRefCounted.h: Added. (JSC::GCIncomingRefCounted::GCIncomingRefCounted): (JSC::GCIncomingRefCounted::~GCIncomingRefCounted): (JSC::GCIncomingRefCounted::numberOfIncomingReferences): (JSC::GCIncomingRefCounted::incomingReferenceAt): (JSC::GCIncomingRefCounted::singletonFlag): (JSC::GCIncomingRefCounted::hasVectorOfCells): (JSC::GCIncomingRefCounted::hasAnyIncoming): (JSC::GCIncomingRefCounted::hasSingleton): (JSC::GCIncomingRefCounted::singleton): (JSC::GCIncomingRefCounted::vectorOfCells): * heap/GCIncomingRefCountedInlines.h: Added. (JSC::::addIncomingReference): (JSC::::filterIncomingReferences): * heap/GCIncomingRefCountedSet.h: Added. (JSC::GCIncomingRefCountedSet::size): * heap/GCIncomingRefCountedSetInlines.h: Added. (JSC::::GCIncomingRefCountedSet): (JSC::::~GCIncomingRefCountedSet): (JSC::::addReference): (JSC::::sweep): (JSC::::removeAll): (JSC::::removeDead): * heap/Heap.cpp: (JSC::Heap::addReference): (JSC::Heap::extraSize): (JSC::Heap::size): (JSC::Heap::capacity): (JSC::Heap::collect): (JSC::Heap::decrementDeferralDepth): (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): * heap/Heap.h: * interpreter/CallFrame.h: (JSC::ExecState::dataViewTable): * jit/JIT.h: * jit/JITPropertyAccess.cpp: (JSC::JIT::privateCompileGetByVal): (JSC::JIT::privateCompilePutByVal): (JSC::JIT::emitIntTypedArrayGetByVal): (JSC::JIT::emitFloatTypedArrayGetByVal): (JSC::JIT::emitIntTypedArrayPutByVal): (JSC::JIT::emitFloatTypedArrayPutByVal): * jsc.cpp: (GlobalObject::finishCreation): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::ArrayBuffer): (JSC::ArrayBuffer::gcSizeEstimateInBytes): (JSC::ArrayBuffer::pin): (JSC::ArrayBuffer::unpin): (JSC::ArrayBufferContents::tryAllocate): * runtime/ArrayBufferView.cpp: (JSC::ArrayBufferView::ArrayBufferView): (JSC::ArrayBufferView::~ArrayBufferView): (JSC::ArrayBufferView::setNeuterable): * runtime/ArrayBufferView.h: (JSC::ArrayBufferView::isNeutered): (JSC::ArrayBufferView::buffer): (JSC::ArrayBufferView::baseAddress): (JSC::ArrayBufferView::byteOffset): (JSC::ArrayBufferView::verifySubRange): (JSC::ArrayBufferView::clampOffsetAndNumElements): (JSC::ArrayBufferView::calculateOffsetAndLength): * runtime/ClassInfo.h: * runtime/CommonIdentifiers.h: * runtime/DataView.cpp: Added. (JSC::DataView::DataView): (JSC::DataView::create): (JSC::DataView::wrap): * runtime/DataView.h: Added. (JSC::DataView::byteLength): (JSC::DataView::getType): (JSC::DataView::get): (JSC::DataView::set): * runtime/Float32Array.h: * runtime/Float64Array.h: * runtime/GenericTypedArrayView.h: Added. (JSC::GenericTypedArrayView::data): (JSC::GenericTypedArrayView::set): (JSC::GenericTypedArrayView::setRange): (JSC::GenericTypedArrayView::zeroRange): (JSC::GenericTypedArrayView::zeroFill): (JSC::GenericTypedArrayView::length): (JSC::GenericTypedArrayView::byteLength): (JSC::GenericTypedArrayView::item): (JSC::GenericTypedArrayView::checkInboundData): (JSC::GenericTypedArrayView::getType): * runtime/GenericTypedArrayViewInlines.h: Added. (JSC::::GenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::subarray): (JSC::::wrap): * runtime/IndexingHeader.h: (JSC::IndexingHeader::arrayBuffer): (JSC::IndexingHeader::setArrayBuffer): * runtime/Int16Array.h: * runtime/Int32Array.h: * runtime/Int8Array.h: * runtime/JSArrayBuffer.cpp: Added. (JSC::JSArrayBuffer::JSArrayBuffer): (JSC::JSArrayBuffer::finishCreation): (JSC::JSArrayBuffer::create): (JSC::JSArrayBuffer::createStructure): (JSC::JSArrayBuffer::getOwnPropertySlot): (JSC::JSArrayBuffer::getOwnPropertyDescriptor): (JSC::JSArrayBuffer::put): (JSC::JSArrayBuffer::defineOwnProperty): (JSC::JSArrayBuffer::deleteProperty): (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames): * runtime/JSArrayBuffer.h: Added. (JSC::JSArrayBuffer::impl): (JSC::toArrayBuffer): * runtime/JSArrayBufferConstructor.cpp: Added. (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor): (JSC::JSArrayBufferConstructor::finishCreation): (JSC::JSArrayBufferConstructor::create): (JSC::JSArrayBufferConstructor::createStructure): (JSC::constructArrayBuffer): (JSC::JSArrayBufferConstructor::getConstructData): (JSC::JSArrayBufferConstructor::getCallData): * runtime/JSArrayBufferConstructor.h: Added. * runtime/JSArrayBufferPrototype.cpp: Added. (JSC::arrayBufferProtoFuncSlice): (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype): (JSC::JSArrayBufferPrototype::finishCreation): (JSC::JSArrayBufferPrototype::create): (JSC::JSArrayBufferPrototype::createStructure): * runtime/JSArrayBufferPrototype.h: Added. * runtime/JSArrayBufferView.cpp: Added. (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): (JSC::JSArrayBufferView::JSArrayBufferView): (JSC::JSArrayBufferView::finishCreation): (JSC::JSArrayBufferView::getOwnPropertySlot): (JSC::JSArrayBufferView::getOwnPropertyDescriptor): (JSC::JSArrayBufferView::put): (JSC::JSArrayBufferView::defineOwnProperty): (JSC::JSArrayBufferView::deleteProperty): (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames): (JSC::JSArrayBufferView::finalize): * runtime/JSArrayBufferView.h: Added. (JSC::JSArrayBufferView::sizeOf): (JSC::JSArrayBufferView::ConstructionContext::operator!): (JSC::JSArrayBufferView::ConstructionContext::structure): (JSC::JSArrayBufferView::ConstructionContext::vector): (JSC::JSArrayBufferView::ConstructionContext::length): (JSC::JSArrayBufferView::ConstructionContext::mode): (JSC::JSArrayBufferView::ConstructionContext::butterfly): (JSC::JSArrayBufferView::mode): (JSC::JSArrayBufferView::vector): (JSC::JSArrayBufferView::length): (JSC::JSArrayBufferView::offsetOfVector): (JSC::JSArrayBufferView::offsetOfLength): (JSC::JSArrayBufferView::offsetOfMode): * runtime/JSArrayBufferViewInlines.h: Added. (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary): (JSC::JSArrayBufferView::buffer): (JSC::JSArrayBufferView::impl): (JSC::JSArrayBufferView::neuter): (JSC::JSArrayBufferView::byteOffset): * runtime/JSCell.cpp: (JSC::JSCell::slowDownAndWasteMemory): (JSC::JSCell::getTypedArrayImpl): * runtime/JSCell.h: * runtime/JSDataView.cpp: Added. (JSC::JSDataView::JSDataView): (JSC::JSDataView::create): (JSC::JSDataView::createUninitialized): (JSC::JSDataView::set): (JSC::JSDataView::typedImpl): (JSC::JSDataView::getOwnPropertySlot): (JSC::JSDataView::getOwnPropertyDescriptor): (JSC::JSDataView::slowDownAndWasteMemory): (JSC::JSDataView::getTypedArrayImpl): (JSC::JSDataView::createStructure): * runtime/JSDataView.h: Added. * runtime/JSDataViewPrototype.cpp: Added. (JSC::JSDataViewPrototype::JSDataViewPrototype): (JSC::JSDataViewPrototype::create): (JSC::JSDataViewPrototype::createStructure): (JSC::JSDataViewPrototype::getOwnPropertySlot): (JSC::JSDataViewPrototype::getOwnPropertyDescriptor): (JSC::getData): (JSC::setData): (JSC::dataViewProtoFuncGetInt8): (JSC::dataViewProtoFuncGetInt16): (JSC::dataViewProtoFuncGetInt32): (JSC::dataViewProtoFuncGetUint8): (JSC::dataViewProtoFuncGetUint16): (JSC::dataViewProtoFuncGetUint32): (JSC::dataViewProtoFuncGetFloat32): (JSC::dataViewProtoFuncGetFloat64): (JSC::dataViewProtoFuncSetInt8): (JSC::dataViewProtoFuncSetInt16): (JSC::dataViewProtoFuncSetInt32): (JSC::dataViewProtoFuncSetUint8): (JSC::dataViewProtoFuncSetUint16): (JSC::dataViewProtoFuncSetUint32): (JSC::dataViewProtoFuncSetFloat32): (JSC::dataViewProtoFuncSetFloat64): * runtime/JSDataViewPrototype.h: Added. * runtime/JSFloat32Array.h: Added. * runtime/JSFloat64Array.h: Added. * runtime/JSGenericTypedArrayView.h: Added. (JSC::JSGenericTypedArrayView::byteLength): (JSC::JSGenericTypedArrayView::byteSize): (JSC::JSGenericTypedArrayView::typedVector): (JSC::JSGenericTypedArrayView::canGetIndexQuickly): (JSC::JSGenericTypedArrayView::canSetIndexQuickly): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble): (JSC::JSGenericTypedArrayView::getIndexQuickly): (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue): (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble): (JSC::JSGenericTypedArrayView::setIndexQuickly): (JSC::JSGenericTypedArrayView::canAccessRangeQuickly): (JSC::JSGenericTypedArrayView::typedImpl): (JSC::JSGenericTypedArrayView::createStructure): (JSC::JSGenericTypedArrayView::info): (JSC::toNativeTypedView): * runtime/JSGenericTypedArrayViewConstructor.h: Added. * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added. (JSC::::JSGenericTypedArrayViewConstructor): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): (JSC::constructGenericTypedArrayView): (JSC::::getConstructData): (JSC::::getCallData): * runtime/JSGenericTypedArrayViewInlines.h: Added. (JSC::::JSGenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::validateRange): (JSC::::setWithSpecificType): (JSC::::set): (JSC::::getOwnPropertySlot): (JSC::::getOwnPropertyDescriptor): (JSC::::put): (JSC::::defineOwnProperty): (JSC::::deleteProperty): (JSC::::getOwnPropertySlotByIndex): (JSC::::putByIndex): (JSC::::deletePropertyByIndex): (JSC::::getOwnNonIndexPropertyNames): (JSC::::getOwnPropertyNames): (JSC::::visitChildren): (JSC::::copyBackingStore): (JSC::::slowDownAndWasteMemory): (JSC::::getTypedArrayImpl): * runtime/JSGenericTypedArrayViewPrototype.h: Added. * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added. (JSC::genericTypedArrayViewProtoFuncSet): (JSC::genericTypedArrayViewProtoFuncSubarray): (JSC::::JSGenericTypedArrayViewPrototype): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren): * runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype): (JSC::JSGlobalObject::arrayBufferStructure): (JSC::JSGlobalObject::typedArrayStructure): * runtime/JSInt16Array.h: Added. * runtime/JSInt32Array.h: Added. * runtime/JSInt8Array.h: Added. * runtime/JSTypedArrayConstructors.cpp: Added. * runtime/JSTypedArrayConstructors.h: Added. * runtime/JSTypedArrayPrototypes.cpp: Added. * runtime/JSTypedArrayPrototypes.h: Added. * runtime/JSTypedArrays.cpp: Added. * runtime/JSTypedArrays.h: Added. * runtime/JSUint16Array.h: Added. * runtime/JSUint32Array.h: Added. * runtime/JSUint8Array.h: Added. * runtime/JSUint8ClampedArray.h: Added. * runtime/Operations.h: * runtime/Options.h: * runtime/SimpleTypedArrayController.cpp: Added. (JSC::SimpleTypedArrayController::SimpleTypedArrayController): (JSC::SimpleTypedArrayController::~SimpleTypedArrayController): (JSC::SimpleTypedArrayController::toJS): * runtime/SimpleTypedArrayController.h: Added. * runtime/Structure.h: (JSC::Structure::couldHaveIndexingHeader): * runtime/StructureInlines.h: (JSC::Structure::hasIndexingHeader): * runtime/TypedArrayAdaptors.h: Added. (JSC::IntegralTypedArrayAdaptor::toNative): (JSC::IntegralTypedArrayAdaptor::toJSValue): (JSC::IntegralTypedArrayAdaptor::toDouble): (JSC::FloatTypedArrayAdaptor::toNative): (JSC::FloatTypedArrayAdaptor::toJSValue): (JSC::FloatTypedArrayAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::toNative): (JSC::Uint8ClampedAdaptor::toJSValue): (JSC::Uint8ClampedAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::clamp): * runtime/TypedArrayController.cpp: Added. (JSC::TypedArrayController::TypedArrayController): (JSC::TypedArrayController::~TypedArrayController): * runtime/TypedArrayController.h: Added. * runtime/TypedArrayDescriptor.h: Removed. * runtime/TypedArrayInlines.h: Added. * runtime/TypedArrayType.cpp: Added. (JSC::classInfoForType): (WTF::printInternal): * runtime/TypedArrayType.h: Added. (JSC::toIndex): (JSC::isTypedView): (JSC::elementSize): (JSC::isInt): (JSC::isFloat): (JSC::isSigned): (JSC::isClamped): * runtime/TypedArrays.h: Added. * runtime/Uint16Array.h: * runtime/Uint32Array.h: * runtime/Uint8Array.h: * runtime/Uint8ClampedArray.h: * runtime/VM.cpp: (JSC::VM::VM): (JSC::VM::~VM): * runtime/VM.h: Source/WebCore: Reviewed by Oliver Hunt. Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a client of them. There is only one layering violation: WebCore installs a WebCoreTypedArrayController on VM, which makes the ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default, JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer alive but if ArrayBuffer is kept alive from native code then the JSArrayByffer may die. WebCoreTypedArrayController will keep the JSArrayBuffer alive if the ArrayBuffer is in the opaque root set. To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is changed to make most references to wrappers refer to JSObject* rather than JSDOMWrapper*. Array buffer views are now transient; the JS array buffer view wrappers don't own them or keep them alive. This required a bunch of changes to make bindings code use RefPtr<ArrayBufferView> to hold onto their views. Also there is a bunch of new code to make JSC-provided array buffers and views obey the toJS/to<ClassName> idiom for wrapping and unwrapping. Finally, the DataView API is now completely different: the JSDataView provides the same user-visible JS API but using its own internal magic; the C++ code that uses DataView now uses a rather different API that is not aware of usual DOM semantics, since it's in JSC and not WebCore. It's equally useful for all of WebCore's purposes, but some code had to change to adapt the new conventions. Some tests have been changed or rebased due to changes in behavior, that bring us into conformance with where the standards are going and allow us to match Firefox behavior. Automake work and some additional GTK changes courtesy of Zan Dobersek <zdobersek@igalia.com>. Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>. * CMakeLists.txt: * DerivedSources.make: * ForwardingHeaders/runtime/DataView.h: Added. * ForwardingHeaders/runtime/JSArrayBuffer.h: Added. * ForwardingHeaders/runtime/JSArrayBufferView.h: Added. * ForwardingHeaders/runtime/JSDataView.h: Added. * ForwardingHeaders/runtime/JSTypedArrays.h: Added. * ForwardingHeaders/runtime/TypedArrayController.h: Added. * ForwardingHeaders/runtime/TypedArrayInlines.h: Added. * ForwardingHeaders/runtime/TypedArrays.h: Added. * GNUmakefile.list.am: * Modules/webaudio/RealtimeAnalyser.h: * Target.pri: * UseJSC.cmake: * WebCore.exp.in: * WebCore.vcxproj/WebCore.vcxproj: * WebCore.xcodeproj/project.pbxproj: * bindings/js/DOMWrapperWorld.h: * bindings/js/JSArrayBufferCustom.cpp: Removed. * bindings/js/JSArrayBufferViewHelper.h: Removed. * bindings/js/JSAudioContextCustom.cpp: * bindings/js/JSBindingsAllInOne.cpp: * bindings/js/JSBlobCustom.cpp: * bindings/js/JSCSSRuleCustom.cpp: (WebCore::toJS): * bindings/js/JSCSSValueCustom.cpp: (WebCore::toJS): * bindings/js/JSCryptoCustom.cpp: (WebCore::JSCrypto::getRandomValues): * bindings/js/JSDOMBinding.h: (WebCore::wrapperOwner): (WebCore::wrapperContext): (WebCore::getInlineCachedWrapper): (WebCore::setInlineCachedWrapper): (WebCore::clearInlineCachedWrapper): (WebCore::getCachedWrapper): (WebCore::cacheWrapper): (WebCore::uncacheWrapper): (WebCore::wrap): (WebCore::toJS): (WebCore::toArrayBufferView): (WebCore::toInt8Array): (WebCore::toInt16Array): (WebCore::toInt32Array): (WebCore::toUint8Array): (WebCore::toUint8ClampedArray): (WebCore::toUint16Array): (WebCore::toUint32Array): (WebCore::toFloat32Array): (WebCore::toFloat64Array): (WebCore::toDataView): * bindings/js/JSDataViewCustom.cpp: Removed. * bindings/js/JSDictionary.cpp: * bindings/js/JSDictionary.h: * bindings/js/JSDocumentCustom.cpp: (WebCore::JSDocument::location): (WebCore::toJS): * bindings/js/JSEventCustom.cpp: (WebCore::toJS): * bindings/js/JSFileReaderCustom.cpp: * bindings/js/JSHTMLCollectionCustom.cpp: (WebCore::toJS): * bindings/js/JSHTMLTemplateElementCustom.cpp: (WebCore::JSHTMLTemplateElement::content): * bindings/js/JSImageDataCustom.cpp: (WebCore::toJS): * bindings/js/JSInjectedScriptHostCustom.cpp: * bindings/js/JSMessageEventCustom.cpp: * bindings/js/JSMessagePortCustom.cpp: * bindings/js/JSSVGPathSegCustom.cpp: (WebCore::toJS): * bindings/js/JSStyleSheetCustom.cpp: (WebCore::toJS): * bindings/js/JSTrackCustom.cpp: (WebCore::toJS): * bindings/js/JSWebGLRenderingContextCustom.cpp: * bindings/js/JSXMLHttpRequestCustom.cpp: (WebCore::JSXMLHttpRequest::send): * bindings/js/SerializedScriptValue.cpp: (WebCore::SerializedScriptValue::transferArrayBuffers): * bindings/js/WebCoreJSClientData.h: (WebCore::initNormalWorldClientData): * bindings/js/WebCoreTypedArrayController.cpp: Added. (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::toJS): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize): * bindings/js/WebCoreTypedArrayController.h: Added. (WebCore::WebCoreTypedArrayController::wrapperOwner): * bindings/scripts/CodeGenerator.pm: (ForAllParents): (ParseInterface): (SkipIncludeHeader): (IsTypedArrayType): (IsWrapperType): * bindings/scripts/CodeGeneratorJS.pm: (AddIncludesForType): (GenerateHeader): (GenerateImplementation): (GenerateParametersCheck): (GetNativeType): (JSValueToNative): (NativeToJSValue): (GenerateConstructorDefinition): (GenerateConstructorHelperMethods): * fileapi/WebKitBlobBuilder.cpp: (WebCore::BlobBuilder::append): * fileapi/WebKitBlobBuilder.h: * html/canvas/ArrayBuffer.idl: Removed. * html/canvas/ArrayBufferView.idl: Removed. * html/canvas/DataView.cpp: Removed. * html/canvas/DataView.h: Removed. * html/canvas/DataView.idl: Removed. * html/canvas/Float32Array.idl: Removed. * html/canvas/Float64Array.idl: Removed. * html/canvas/Int16Array.idl: Removed. * html/canvas/Int32Array.idl: Removed. * html/canvas/Int8Array.idl: Removed. * html/canvas/Uint16Array.idl: Removed. * html/canvas/Uint32Array.idl: Removed. * html/canvas/Uint8Array.idl: Removed. * html/canvas/Uint8ClampedArray.idl: Removed. * html/canvas/WebGLRenderingContext.cpp: (WebCore::WebGLRenderingContext::readPixels): (WebCore::WebGLRenderingContext::validateTexFuncData): * page/Crypto.cpp: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource): (WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData): * platform/graphics/filters/FECustomFilter.h: * platform/graphics/filters/FEGaussianBlur.cpp: * platform/graphics/filters/FilterEffect.cpp: * testing/MockCDM.cpp: Source/WebKit2: Reviewed by Oliver Hunt. You don't need to include JSUint8Array anymore if you just want to unwrap one; JSDOMBinding gives you all of the things you need. * WebProcess/InjectedBundle/InjectedBundle.cpp: Source/WTF: Reviewed by Oliver Hunt. - Added the notion of a reference counted object that can be marked Deferred, which is like a special-purpose upref. - Added a common byte flipper. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * GNUmakefile.list.am: * WTF.xcodeproj/project.pbxproj: * wtf/DeferrableRefCounted.h: Added. (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::hasOneRef): (WTF::DeferrableRefCountedBase::refCount): (WTF::DeferrableRefCountedBase::isDeferred): (WTF::DeferrableRefCountedBase::DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCountedBase::setIsDeferredBase): (WTF::DeferrableRefCounted::deref): (WTF::DeferrableRefCounted::setIsDeferred): (WTF::DeferrableRefCounted::DeferrableRefCounted): (WTF::DeferrableRefCounted::~DeferrableRefCounted): * wtf/FlipBytes.h: Added. (WTF::needToFlipBytesIfLittleEndian): (WTF::flipBytes): (WTF::flipBytesIfLittleEndian): LayoutTests: Reviewed by Oliver Hunt. * fast/canvas/webgl/array-set-invalid-arguments-expected.txt: * fast/canvas/webgl/array-set-out-of-bounds-expected.txt: * fast/canvas/webgl/array-unit-tests-expected.txt: * fast/canvas/webgl/array-unit-tests.html: * fast/canvas/webgl/data-view-crash-expected.txt: * fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js: (checkView): * fast/dom/call-a-constructor-as-a-function-expected.txt: * fast/dom/call-a-constructor-as-a-function.html: * fast/js/constructor-length.html: * fast/js/global-constructors-attributes-dedicated-worker-expected.txt: * fast/js/global-constructors-attributes-expected.txt: * fast/js/global-constructors-attributes-shared-worker-expected.txt: * fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added. * fast/js/regress/Int32Array-alloc-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-huge.html: Added. * fast/js/regress/Int32Array-alloc-large-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-large.html: Added. * fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-long-lived.html: Added. * fast/js/regress/Int32Array-alloc.html: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc.js: Added. * platform/mac/fast/js/constructor-length-expected.txt: * webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html: * webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html: Canonical link: https://commits.webkit.org/137806@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-08-15 20:43:06 +00:00
#include <wtf/Assertions.h>
Get rid of FastAllocBase.h https://bugs.webkit.org/show_bug.cgi?id=120952 Reviewed by Antti Koivisto. Source/JavaScriptCore: Include FastMalloc.h instead of FastAllocBase.h. * assembler/LinkBuffer.h: * bytecode/CodeBlock.h: * bytecode/StructureStubClearingWatchpoint.h: * dfg/DFGFinalizer.h: * dfg/DFGLongLivedState.h: * dfg/DFGSlowPathGenerator.h: * ftl/FTLAbstractHeap.h: * heap/JITStubRoutineSet.h: * jit/CompactJITCodeMap.h: * profiler/ProfilerDatabase.h: * profiler/ProfilerExecutionCounter.h: Source/WebCore: Include FastMalloc.h instead of FastAllocBase.h. * Modules/webdatabase/SQLTransactionClient.h: * bindings/js/GCController.h: * bridge/Bridge.h: * bridge/IdentifierRep.h: * dom/DocumentStyleSheetCollection.h: * dom/TransformSource.h: * html/InputType.h: * inspector/InspectorCounters.h: * inspector/InstrumentingAgents.h: * inspector/WorkerInspectorController.h: * loader/cache/CachedResourceClient.h: * page/FrameActionScheduler.h: * platform/Length.h: * platform/MemoryPressureHandler.h: * platform/ScrollAnimator.h: * platform/SharedTimer.h: * platform/audio/gstreamer/FFTFrameGStreamer.cpp: * platform/cairo/WidgetBackingStore.h: * platform/graphics/Color.h: * platform/graphics/FontData.h: * platform/graphics/Path.h: * platform/graphics/qt/FontCustomPlatformData.h: * platform/graphics/transforms/AffineTransform.h: * platform/graphics/transforms/TransformationMatrix.h: * platform/gtk/GtkDragAndDropHelper.h: * platform/gtk/GtkPopupMenu.h: * platform/network/NetworkStateNotifier.h: * platform/sql/SQLiteTransaction.h: * platform/text/enchant/TextCheckerEnchant.h: * rendering/RenderArena.h: * rendering/TableLayout.h: * rendering/style/StyleCustomFilterProgram.h: * rendering/style/StyleCustomFilterProgramCache.h: * svg/SVGPathConsumer.h: * workers/WorkerScriptLoader.h: Source/WTF: FastAllocBase.h now only contains the WTF_MAKE_FAST_ALLOCATED macro. Move that macro to FastMalloc.h instead and remove FastAllocBase.h. * WTF.vcxproj/WTF.vcxproj: * WTF.vcxproj/WTF.vcxproj.filters: * WTF.xcodeproj/project.pbxproj: * wtf/DeferrableRefCounted.h: * wtf/FastAllocBase.h: Removed. * wtf/FastMalloc.h: * wtf/HashSet.h: * wtf/MediaTime.h: * wtf/PrintStream.h: * wtf/RefCounted.h: * wtf/RefPtr.h: * wtf/ThreadingPrimitives.h: * wtf/Vector.h: * wtf/gobject/GMutexLocker.h: * wtf/unicode/Collator.h: Canonical link: https://commits.webkit.org/138855@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@155251 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-09-07 18:04:57 +00:00
#include <wtf/FastMalloc.h>
Typed arrays should be rewritten https://bugs.webkit.org/show_bug.cgi?id=119064 .: Reviewed by Oliver Hunt. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * Source/autotools/symbols.filter: Source/JavaScriptCore: Reviewed by Oliver Hunt. Typed arrays were previously deficient in several major ways: - They were defined separately in WebCore and in the jsc shell. The two implementations were different, and the jsc shell one was basically wrong. The WebCore one was quite awful, also. - Typed arrays were not visible to the JIT except through some weird hooks. For example, the JIT could not ask "what is the Structure that this typed array would have if I just allocated it from this global object". Also, it was difficult to wire any of the typed array intrinsics, because most of the functionality wasn't visible anywhere in JSC. - Typed array allocation was brain-dead. Allocating a typed array involved two JS objects, two GC weak handles, and three malloc allocations. - Neutering. It involved keeping tabs on all native views but not the view wrappers, even though the native views can autoneuter just by asking the buffer if it was neutered anytime you touch them; while the JS view wrappers are the ones that you really want to reach out to. - Common case-ing. Most typed arrays have one buffer and one view, and usually nobody touches the buffer. Yet we created all of that stuff anyway, using data structures optimized for the case where you had a lot of views. - Semantic goofs. Typed arrays should, in the future, behave like ES features rather than DOM features, for example when it comes to exceptions. Firefox already does this and I agree with them. This patch cleanses our codebase of these sins: - Typed arrays are almost entirely defined in JSC. Only the lifecycle management of native references to buffers is left to WebCore. - Allocating a typed array requires either two GC allocations (a cell and a copied storage vector) or one GC allocation, a malloc allocation, and a weak handle (a cell and a malloc'd storage vector, plus a finalizer for the latter). The latter is only used for oversize arrays. Remember that before it was 7 allocations no matter what. - Typed arrays require just 4 words of overhead: Structure*, Butterfly*, mode/length, void* vector. Before it was a lot more than that - remember, there were five additional objects that did absolutely nothing for anybody. - Native views aren't tracked by the buffer, or by the wrappers. They are transient. In the future we'll probably switch to not even having them be malloc'd. - Native array buffers have an efficient way of tracking all of their JS view wrappers, both for neutering, and for lifecycle management. The GC special-cases native array buffers. This saves a bunch of grief; for example it means that a JS view wrapper can refer to its buffer via the butterfly, which would be dead by the time we went to finalize. - Typed array semantics now match Firefox, which also happens to be where the standards are going. The discussion on webkit-dev seemed to confirm that Chrome is also heading in this direction. This includes making Uint8ClampedArray not a subtype of Uint8Array, and getting rid of ArrayBufferView as a JS-visible construct. This is up to a 10x speed-up on programs that allocate a lot of typed arrays. It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for further typed array optimizations in the JSC JITs, including inlining typed array allocation, inlining more of the accessors, reducing the cost of type checks, etc. An additional property of this patch is that typed arrays are mostly implemented using templates. This deduplicates a bunch of code, but does mean that we need some hacks for exporting s_info's of template classes. See JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly low-impact compared to code duplication. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * CMakeLists.txt: * DerivedSources.make: * GNUmakefile.list.am: * JSCTypedArrayStubs.h: Removed. * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * bytecode/ByValInfo.h: (JSC::hasOptimizableIndexingForClassInfo): (JSC::jitArrayModeForClassInfo): (JSC::typedArrayTypeForJITArrayMode): * bytecode/SpeculatedType.cpp: (JSC::speculationFromClassInfo): * dfg/DFGArrayMode.cpp: (JSC::DFG::toTypedArrayType): * dfg/DFGArrayMode.h: (JSC::DFG::ArrayMode::typedArrayType): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetArrayLength): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * heap/CopyToken.h: * heap/DeferGC.h: (JSC::DeferGCForAWhile::DeferGCForAWhile): (JSC::DeferGCForAWhile::~DeferGCForAWhile): * heap/GCIncomingRefCounted.h: Added. (JSC::GCIncomingRefCounted::GCIncomingRefCounted): (JSC::GCIncomingRefCounted::~GCIncomingRefCounted): (JSC::GCIncomingRefCounted::numberOfIncomingReferences): (JSC::GCIncomingRefCounted::incomingReferenceAt): (JSC::GCIncomingRefCounted::singletonFlag): (JSC::GCIncomingRefCounted::hasVectorOfCells): (JSC::GCIncomingRefCounted::hasAnyIncoming): (JSC::GCIncomingRefCounted::hasSingleton): (JSC::GCIncomingRefCounted::singleton): (JSC::GCIncomingRefCounted::vectorOfCells): * heap/GCIncomingRefCountedInlines.h: Added. (JSC::::addIncomingReference): (JSC::::filterIncomingReferences): * heap/GCIncomingRefCountedSet.h: Added. (JSC::GCIncomingRefCountedSet::size): * heap/GCIncomingRefCountedSetInlines.h: Added. (JSC::::GCIncomingRefCountedSet): (JSC::::~GCIncomingRefCountedSet): (JSC::::addReference): (JSC::::sweep): (JSC::::removeAll): (JSC::::removeDead): * heap/Heap.cpp: (JSC::Heap::addReference): (JSC::Heap::extraSize): (JSC::Heap::size): (JSC::Heap::capacity): (JSC::Heap::collect): (JSC::Heap::decrementDeferralDepth): (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): * heap/Heap.h: * interpreter/CallFrame.h: (JSC::ExecState::dataViewTable): * jit/JIT.h: * jit/JITPropertyAccess.cpp: (JSC::JIT::privateCompileGetByVal): (JSC::JIT::privateCompilePutByVal): (JSC::JIT::emitIntTypedArrayGetByVal): (JSC::JIT::emitFloatTypedArrayGetByVal): (JSC::JIT::emitIntTypedArrayPutByVal): (JSC::JIT::emitFloatTypedArrayPutByVal): * jsc.cpp: (GlobalObject::finishCreation): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::ArrayBuffer): (JSC::ArrayBuffer::gcSizeEstimateInBytes): (JSC::ArrayBuffer::pin): (JSC::ArrayBuffer::unpin): (JSC::ArrayBufferContents::tryAllocate): * runtime/ArrayBufferView.cpp: (JSC::ArrayBufferView::ArrayBufferView): (JSC::ArrayBufferView::~ArrayBufferView): (JSC::ArrayBufferView::setNeuterable): * runtime/ArrayBufferView.h: (JSC::ArrayBufferView::isNeutered): (JSC::ArrayBufferView::buffer): (JSC::ArrayBufferView::baseAddress): (JSC::ArrayBufferView::byteOffset): (JSC::ArrayBufferView::verifySubRange): (JSC::ArrayBufferView::clampOffsetAndNumElements): (JSC::ArrayBufferView::calculateOffsetAndLength): * runtime/ClassInfo.h: * runtime/CommonIdentifiers.h: * runtime/DataView.cpp: Added. (JSC::DataView::DataView): (JSC::DataView::create): (JSC::DataView::wrap): * runtime/DataView.h: Added. (JSC::DataView::byteLength): (JSC::DataView::getType): (JSC::DataView::get): (JSC::DataView::set): * runtime/Float32Array.h: * runtime/Float64Array.h: * runtime/GenericTypedArrayView.h: Added. (JSC::GenericTypedArrayView::data): (JSC::GenericTypedArrayView::set): (JSC::GenericTypedArrayView::setRange): (JSC::GenericTypedArrayView::zeroRange): (JSC::GenericTypedArrayView::zeroFill): (JSC::GenericTypedArrayView::length): (JSC::GenericTypedArrayView::byteLength): (JSC::GenericTypedArrayView::item): (JSC::GenericTypedArrayView::checkInboundData): (JSC::GenericTypedArrayView::getType): * runtime/GenericTypedArrayViewInlines.h: Added. (JSC::::GenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::subarray): (JSC::::wrap): * runtime/IndexingHeader.h: (JSC::IndexingHeader::arrayBuffer): (JSC::IndexingHeader::setArrayBuffer): * runtime/Int16Array.h: * runtime/Int32Array.h: * runtime/Int8Array.h: * runtime/JSArrayBuffer.cpp: Added. (JSC::JSArrayBuffer::JSArrayBuffer): (JSC::JSArrayBuffer::finishCreation): (JSC::JSArrayBuffer::create): (JSC::JSArrayBuffer::createStructure): (JSC::JSArrayBuffer::getOwnPropertySlot): (JSC::JSArrayBuffer::getOwnPropertyDescriptor): (JSC::JSArrayBuffer::put): (JSC::JSArrayBuffer::defineOwnProperty): (JSC::JSArrayBuffer::deleteProperty): (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames): * runtime/JSArrayBuffer.h: Added. (JSC::JSArrayBuffer::impl): (JSC::toArrayBuffer): * runtime/JSArrayBufferConstructor.cpp: Added. (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor): (JSC::JSArrayBufferConstructor::finishCreation): (JSC::JSArrayBufferConstructor::create): (JSC::JSArrayBufferConstructor::createStructure): (JSC::constructArrayBuffer): (JSC::JSArrayBufferConstructor::getConstructData): (JSC::JSArrayBufferConstructor::getCallData): * runtime/JSArrayBufferConstructor.h: Added. * runtime/JSArrayBufferPrototype.cpp: Added. (JSC::arrayBufferProtoFuncSlice): (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype): (JSC::JSArrayBufferPrototype::finishCreation): (JSC::JSArrayBufferPrototype::create): (JSC::JSArrayBufferPrototype::createStructure): * runtime/JSArrayBufferPrototype.h: Added. * runtime/JSArrayBufferView.cpp: Added. (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): (JSC::JSArrayBufferView::JSArrayBufferView): (JSC::JSArrayBufferView::finishCreation): (JSC::JSArrayBufferView::getOwnPropertySlot): (JSC::JSArrayBufferView::getOwnPropertyDescriptor): (JSC::JSArrayBufferView::put): (JSC::JSArrayBufferView::defineOwnProperty): (JSC::JSArrayBufferView::deleteProperty): (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames): (JSC::JSArrayBufferView::finalize): * runtime/JSArrayBufferView.h: Added. (JSC::JSArrayBufferView::sizeOf): (JSC::JSArrayBufferView::ConstructionContext::operator!): (JSC::JSArrayBufferView::ConstructionContext::structure): (JSC::JSArrayBufferView::ConstructionContext::vector): (JSC::JSArrayBufferView::ConstructionContext::length): (JSC::JSArrayBufferView::ConstructionContext::mode): (JSC::JSArrayBufferView::ConstructionContext::butterfly): (JSC::JSArrayBufferView::mode): (JSC::JSArrayBufferView::vector): (JSC::JSArrayBufferView::length): (JSC::JSArrayBufferView::offsetOfVector): (JSC::JSArrayBufferView::offsetOfLength): (JSC::JSArrayBufferView::offsetOfMode): * runtime/JSArrayBufferViewInlines.h: Added. (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary): (JSC::JSArrayBufferView::buffer): (JSC::JSArrayBufferView::impl): (JSC::JSArrayBufferView::neuter): (JSC::JSArrayBufferView::byteOffset): * runtime/JSCell.cpp: (JSC::JSCell::slowDownAndWasteMemory): (JSC::JSCell::getTypedArrayImpl): * runtime/JSCell.h: * runtime/JSDataView.cpp: Added. (JSC::JSDataView::JSDataView): (JSC::JSDataView::create): (JSC::JSDataView::createUninitialized): (JSC::JSDataView::set): (JSC::JSDataView::typedImpl): (JSC::JSDataView::getOwnPropertySlot): (JSC::JSDataView::getOwnPropertyDescriptor): (JSC::JSDataView::slowDownAndWasteMemory): (JSC::JSDataView::getTypedArrayImpl): (JSC::JSDataView::createStructure): * runtime/JSDataView.h: Added. * runtime/JSDataViewPrototype.cpp: Added. (JSC::JSDataViewPrototype::JSDataViewPrototype): (JSC::JSDataViewPrototype::create): (JSC::JSDataViewPrototype::createStructure): (JSC::JSDataViewPrototype::getOwnPropertySlot): (JSC::JSDataViewPrototype::getOwnPropertyDescriptor): (JSC::getData): (JSC::setData): (JSC::dataViewProtoFuncGetInt8): (JSC::dataViewProtoFuncGetInt16): (JSC::dataViewProtoFuncGetInt32): (JSC::dataViewProtoFuncGetUint8): (JSC::dataViewProtoFuncGetUint16): (JSC::dataViewProtoFuncGetUint32): (JSC::dataViewProtoFuncGetFloat32): (JSC::dataViewProtoFuncGetFloat64): (JSC::dataViewProtoFuncSetInt8): (JSC::dataViewProtoFuncSetInt16): (JSC::dataViewProtoFuncSetInt32): (JSC::dataViewProtoFuncSetUint8): (JSC::dataViewProtoFuncSetUint16): (JSC::dataViewProtoFuncSetUint32): (JSC::dataViewProtoFuncSetFloat32): (JSC::dataViewProtoFuncSetFloat64): * runtime/JSDataViewPrototype.h: Added. * runtime/JSFloat32Array.h: Added. * runtime/JSFloat64Array.h: Added. * runtime/JSGenericTypedArrayView.h: Added. (JSC::JSGenericTypedArrayView::byteLength): (JSC::JSGenericTypedArrayView::byteSize): (JSC::JSGenericTypedArrayView::typedVector): (JSC::JSGenericTypedArrayView::canGetIndexQuickly): (JSC::JSGenericTypedArrayView::canSetIndexQuickly): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble): (JSC::JSGenericTypedArrayView::getIndexQuickly): (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue): (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble): (JSC::JSGenericTypedArrayView::setIndexQuickly): (JSC::JSGenericTypedArrayView::canAccessRangeQuickly): (JSC::JSGenericTypedArrayView::typedImpl): (JSC::JSGenericTypedArrayView::createStructure): (JSC::JSGenericTypedArrayView::info): (JSC::toNativeTypedView): * runtime/JSGenericTypedArrayViewConstructor.h: Added. * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added. (JSC::::JSGenericTypedArrayViewConstructor): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): (JSC::constructGenericTypedArrayView): (JSC::::getConstructData): (JSC::::getCallData): * runtime/JSGenericTypedArrayViewInlines.h: Added. (JSC::::JSGenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::validateRange): (JSC::::setWithSpecificType): (JSC::::set): (JSC::::getOwnPropertySlot): (JSC::::getOwnPropertyDescriptor): (JSC::::put): (JSC::::defineOwnProperty): (JSC::::deleteProperty): (JSC::::getOwnPropertySlotByIndex): (JSC::::putByIndex): (JSC::::deletePropertyByIndex): (JSC::::getOwnNonIndexPropertyNames): (JSC::::getOwnPropertyNames): (JSC::::visitChildren): (JSC::::copyBackingStore): (JSC::::slowDownAndWasteMemory): (JSC::::getTypedArrayImpl): * runtime/JSGenericTypedArrayViewPrototype.h: Added. * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added. (JSC::genericTypedArrayViewProtoFuncSet): (JSC::genericTypedArrayViewProtoFuncSubarray): (JSC::::JSGenericTypedArrayViewPrototype): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren): * runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype): (JSC::JSGlobalObject::arrayBufferStructure): (JSC::JSGlobalObject::typedArrayStructure): * runtime/JSInt16Array.h: Added. * runtime/JSInt32Array.h: Added. * runtime/JSInt8Array.h: Added. * runtime/JSTypedArrayConstructors.cpp: Added. * runtime/JSTypedArrayConstructors.h: Added. * runtime/JSTypedArrayPrototypes.cpp: Added. * runtime/JSTypedArrayPrototypes.h: Added. * runtime/JSTypedArrays.cpp: Added. * runtime/JSTypedArrays.h: Added. * runtime/JSUint16Array.h: Added. * runtime/JSUint32Array.h: Added. * runtime/JSUint8Array.h: Added. * runtime/JSUint8ClampedArray.h: Added. * runtime/Operations.h: * runtime/Options.h: * runtime/SimpleTypedArrayController.cpp: Added. (JSC::SimpleTypedArrayController::SimpleTypedArrayController): (JSC::SimpleTypedArrayController::~SimpleTypedArrayController): (JSC::SimpleTypedArrayController::toJS): * runtime/SimpleTypedArrayController.h: Added. * runtime/Structure.h: (JSC::Structure::couldHaveIndexingHeader): * runtime/StructureInlines.h: (JSC::Structure::hasIndexingHeader): * runtime/TypedArrayAdaptors.h: Added. (JSC::IntegralTypedArrayAdaptor::toNative): (JSC::IntegralTypedArrayAdaptor::toJSValue): (JSC::IntegralTypedArrayAdaptor::toDouble): (JSC::FloatTypedArrayAdaptor::toNative): (JSC::FloatTypedArrayAdaptor::toJSValue): (JSC::FloatTypedArrayAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::toNative): (JSC::Uint8ClampedAdaptor::toJSValue): (JSC::Uint8ClampedAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::clamp): * runtime/TypedArrayController.cpp: Added. (JSC::TypedArrayController::TypedArrayController): (JSC::TypedArrayController::~TypedArrayController): * runtime/TypedArrayController.h: Added. * runtime/TypedArrayDescriptor.h: Removed. * runtime/TypedArrayInlines.h: Added. * runtime/TypedArrayType.cpp: Added. (JSC::classInfoForType): (WTF::printInternal): * runtime/TypedArrayType.h: Added. (JSC::toIndex): (JSC::isTypedView): (JSC::elementSize): (JSC::isInt): (JSC::isFloat): (JSC::isSigned): (JSC::isClamped): * runtime/TypedArrays.h: Added. * runtime/Uint16Array.h: * runtime/Uint32Array.h: * runtime/Uint8Array.h: * runtime/Uint8ClampedArray.h: * runtime/VM.cpp: (JSC::VM::VM): (JSC::VM::~VM): * runtime/VM.h: Source/WebCore: Reviewed by Oliver Hunt. Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a client of them. There is only one layering violation: WebCore installs a WebCoreTypedArrayController on VM, which makes the ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default, JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer alive but if ArrayBuffer is kept alive from native code then the JSArrayByffer may die. WebCoreTypedArrayController will keep the JSArrayBuffer alive if the ArrayBuffer is in the opaque root set. To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is changed to make most references to wrappers refer to JSObject* rather than JSDOMWrapper*. Array buffer views are now transient; the JS array buffer view wrappers don't own them or keep them alive. This required a bunch of changes to make bindings code use RefPtr<ArrayBufferView> to hold onto their views. Also there is a bunch of new code to make JSC-provided array buffers and views obey the toJS/to<ClassName> idiom for wrapping and unwrapping. Finally, the DataView API is now completely different: the JSDataView provides the same user-visible JS API but using its own internal magic; the C++ code that uses DataView now uses a rather different API that is not aware of usual DOM semantics, since it's in JSC and not WebCore. It's equally useful for all of WebCore's purposes, but some code had to change to adapt the new conventions. Some tests have been changed or rebased due to changes in behavior, that bring us into conformance with where the standards are going and allow us to match Firefox behavior. Automake work and some additional GTK changes courtesy of Zan Dobersek <zdobersek@igalia.com>. Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>. * CMakeLists.txt: * DerivedSources.make: * ForwardingHeaders/runtime/DataView.h: Added. * ForwardingHeaders/runtime/JSArrayBuffer.h: Added. * ForwardingHeaders/runtime/JSArrayBufferView.h: Added. * ForwardingHeaders/runtime/JSDataView.h: Added. * ForwardingHeaders/runtime/JSTypedArrays.h: Added. * ForwardingHeaders/runtime/TypedArrayController.h: Added. * ForwardingHeaders/runtime/TypedArrayInlines.h: Added. * ForwardingHeaders/runtime/TypedArrays.h: Added. * GNUmakefile.list.am: * Modules/webaudio/RealtimeAnalyser.h: * Target.pri: * UseJSC.cmake: * WebCore.exp.in: * WebCore.vcxproj/WebCore.vcxproj: * WebCore.xcodeproj/project.pbxproj: * bindings/js/DOMWrapperWorld.h: * bindings/js/JSArrayBufferCustom.cpp: Removed. * bindings/js/JSArrayBufferViewHelper.h: Removed. * bindings/js/JSAudioContextCustom.cpp: * bindings/js/JSBindingsAllInOne.cpp: * bindings/js/JSBlobCustom.cpp: * bindings/js/JSCSSRuleCustom.cpp: (WebCore::toJS): * bindings/js/JSCSSValueCustom.cpp: (WebCore::toJS): * bindings/js/JSCryptoCustom.cpp: (WebCore::JSCrypto::getRandomValues): * bindings/js/JSDOMBinding.h: (WebCore::wrapperOwner): (WebCore::wrapperContext): (WebCore::getInlineCachedWrapper): (WebCore::setInlineCachedWrapper): (WebCore::clearInlineCachedWrapper): (WebCore::getCachedWrapper): (WebCore::cacheWrapper): (WebCore::uncacheWrapper): (WebCore::wrap): (WebCore::toJS): (WebCore::toArrayBufferView): (WebCore::toInt8Array): (WebCore::toInt16Array): (WebCore::toInt32Array): (WebCore::toUint8Array): (WebCore::toUint8ClampedArray): (WebCore::toUint16Array): (WebCore::toUint32Array): (WebCore::toFloat32Array): (WebCore::toFloat64Array): (WebCore::toDataView): * bindings/js/JSDataViewCustom.cpp: Removed. * bindings/js/JSDictionary.cpp: * bindings/js/JSDictionary.h: * bindings/js/JSDocumentCustom.cpp: (WebCore::JSDocument::location): (WebCore::toJS): * bindings/js/JSEventCustom.cpp: (WebCore::toJS): * bindings/js/JSFileReaderCustom.cpp: * bindings/js/JSHTMLCollectionCustom.cpp: (WebCore::toJS): * bindings/js/JSHTMLTemplateElementCustom.cpp: (WebCore::JSHTMLTemplateElement::content): * bindings/js/JSImageDataCustom.cpp: (WebCore::toJS): * bindings/js/JSInjectedScriptHostCustom.cpp: * bindings/js/JSMessageEventCustom.cpp: * bindings/js/JSMessagePortCustom.cpp: * bindings/js/JSSVGPathSegCustom.cpp: (WebCore::toJS): * bindings/js/JSStyleSheetCustom.cpp: (WebCore::toJS): * bindings/js/JSTrackCustom.cpp: (WebCore::toJS): * bindings/js/JSWebGLRenderingContextCustom.cpp: * bindings/js/JSXMLHttpRequestCustom.cpp: (WebCore::JSXMLHttpRequest::send): * bindings/js/SerializedScriptValue.cpp: (WebCore::SerializedScriptValue::transferArrayBuffers): * bindings/js/WebCoreJSClientData.h: (WebCore::initNormalWorldClientData): * bindings/js/WebCoreTypedArrayController.cpp: Added. (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::toJS): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize): * bindings/js/WebCoreTypedArrayController.h: Added. (WebCore::WebCoreTypedArrayController::wrapperOwner): * bindings/scripts/CodeGenerator.pm: (ForAllParents): (ParseInterface): (SkipIncludeHeader): (IsTypedArrayType): (IsWrapperType): * bindings/scripts/CodeGeneratorJS.pm: (AddIncludesForType): (GenerateHeader): (GenerateImplementation): (GenerateParametersCheck): (GetNativeType): (JSValueToNative): (NativeToJSValue): (GenerateConstructorDefinition): (GenerateConstructorHelperMethods): * fileapi/WebKitBlobBuilder.cpp: (WebCore::BlobBuilder::append): * fileapi/WebKitBlobBuilder.h: * html/canvas/ArrayBuffer.idl: Removed. * html/canvas/ArrayBufferView.idl: Removed. * html/canvas/DataView.cpp: Removed. * html/canvas/DataView.h: Removed. * html/canvas/DataView.idl: Removed. * html/canvas/Float32Array.idl: Removed. * html/canvas/Float64Array.idl: Removed. * html/canvas/Int16Array.idl: Removed. * html/canvas/Int32Array.idl: Removed. * html/canvas/Int8Array.idl: Removed. * html/canvas/Uint16Array.idl: Removed. * html/canvas/Uint32Array.idl: Removed. * html/canvas/Uint8Array.idl: Removed. * html/canvas/Uint8ClampedArray.idl: Removed. * html/canvas/WebGLRenderingContext.cpp: (WebCore::WebGLRenderingContext::readPixels): (WebCore::WebGLRenderingContext::validateTexFuncData): * page/Crypto.cpp: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource): (WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData): * platform/graphics/filters/FECustomFilter.h: * platform/graphics/filters/FEGaussianBlur.cpp: * platform/graphics/filters/FilterEffect.cpp: * testing/MockCDM.cpp: Source/WebKit2: Reviewed by Oliver Hunt. You don't need to include JSUint8Array anymore if you just want to unwrap one; JSDOMBinding gives you all of the things you need. * WebProcess/InjectedBundle/InjectedBundle.cpp: Source/WTF: Reviewed by Oliver Hunt. - Added the notion of a reference counted object that can be marked Deferred, which is like a special-purpose upref. - Added a common byte flipper. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * GNUmakefile.list.am: * WTF.xcodeproj/project.pbxproj: * wtf/DeferrableRefCounted.h: Added. (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::hasOneRef): (WTF::DeferrableRefCountedBase::refCount): (WTF::DeferrableRefCountedBase::isDeferred): (WTF::DeferrableRefCountedBase::DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCountedBase::setIsDeferredBase): (WTF::DeferrableRefCounted::deref): (WTF::DeferrableRefCounted::setIsDeferred): (WTF::DeferrableRefCounted::DeferrableRefCounted): (WTF::DeferrableRefCounted::~DeferrableRefCounted): * wtf/FlipBytes.h: Added. (WTF::needToFlipBytesIfLittleEndian): (WTF::flipBytes): (WTF::flipBytesIfLittleEndian): LayoutTests: Reviewed by Oliver Hunt. * fast/canvas/webgl/array-set-invalid-arguments-expected.txt: * fast/canvas/webgl/array-set-out-of-bounds-expected.txt: * fast/canvas/webgl/array-unit-tests-expected.txt: * fast/canvas/webgl/array-unit-tests.html: * fast/canvas/webgl/data-view-crash-expected.txt: * fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js: (checkView): * fast/dom/call-a-constructor-as-a-function-expected.txt: * fast/dom/call-a-constructor-as-a-function.html: * fast/js/constructor-length.html: * fast/js/global-constructors-attributes-dedicated-worker-expected.txt: * fast/js/global-constructors-attributes-expected.txt: * fast/js/global-constructors-attributes-shared-worker-expected.txt: * fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added. * fast/js/regress/Int32Array-alloc-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-huge.html: Added. * fast/js/regress/Int32Array-alloc-large-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-large.html: Added. * fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-long-lived.html: Added. * fast/js/regress/Int32Array-alloc.html: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc.js: Added. * platform/mac/fast/js/constructor-length-expected.txt: * webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html: * webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html: Canonical link: https://commits.webkit.org/137806@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-08-15 20:43:06 +00:00
#include <wtf/Noncopyable.h>
namespace WTF {
// A variant of RefCounted that allows reference counting to be deferred,
// and can tell you if that has happened. You can think of a deferral as
// just being an additional "ref", except that you can detect if it has
// specifically happened - this can be useful either for debugging, or
// sometimes even for some additional functionality.
class DeferrableRefCountedBase {
Use constexpr instead of const in symbol definitions that are obviously constexpr. https://bugs.webkit.org/show_bug.cgi?id=201879 Rubber-stamped by Joseph Pecoraro. Source/bmalloc: * bmalloc/AvailableMemory.cpp: * bmalloc/IsoTLS.h: * bmalloc/Map.h: * bmalloc/Mutex.cpp: (bmalloc::Mutex::lockSlowCase): * bmalloc/PerThread.h: * bmalloc/Vector.h: * bmalloc/Zone.h: Source/JavaScriptCore: const may require external storage (at the compiler's whim) though these currently do not. constexpr makes it clear that the value is a literal constant that can be inlined. In most cases in the code, when we say static const, we actually mean static constexpr. I'm changing the code to reflect this. * API/JSAPIValueWrapper.h: * API/JSCallbackConstructor.h: * API/JSCallbackObject.h: * API/JSContextRef.cpp: * API/JSWrapperMap.mm: * API/tests/CompareAndSwapTest.cpp: * API/tests/TypedArrayCTest.cpp: * API/tests/testapi.mm: (testObjectiveCAPIMain): * KeywordLookupGenerator.py: (Trie.printAsC): * assembler/ARMv7Assembler.h: * assembler/AssemblerBuffer.h: * assembler/AssemblerCommon.h: * assembler/MacroAssembler.h: * assembler/MacroAssemblerARM64.h: * assembler/MacroAssemblerARM64E.h: * assembler/MacroAssemblerARMv7.h: * assembler/MacroAssemblerCodeRef.h: * assembler/MacroAssemblerMIPS.h: * assembler/MacroAssemblerX86.h: * assembler/MacroAssemblerX86Common.h: (JSC::MacroAssemblerX86Common::absDouble): (JSC::MacroAssemblerX86Common::negateDouble): * assembler/MacroAssemblerX86_64.h: * assembler/X86Assembler.h: * b3/B3Bank.h: * b3/B3CheckSpecial.h: * b3/B3DuplicateTails.cpp: * b3/B3EliminateCommonSubexpressions.cpp: * b3/B3FixSSA.cpp: * b3/B3FoldPathConstants.cpp: * b3/B3InferSwitches.cpp: * b3/B3Kind.h: * b3/B3LowerToAir.cpp: * b3/B3NativeTraits.h: * b3/B3ReduceDoubleToFloat.cpp: * b3/B3ReduceLoopStrength.cpp: * b3/B3ReduceStrength.cpp: * b3/B3ValueKey.h: * b3/air/AirAllocateRegistersByGraphColoring.cpp: * b3/air/AirAllocateStackByGraphColoring.cpp: * b3/air/AirArg.h: * b3/air/AirCCallSpecial.h: * b3/air/AirEmitShuffle.cpp: * b3/air/AirFixObviousSpills.cpp: * b3/air/AirFormTable.h: * b3/air/AirLowerAfterRegAlloc.cpp: * b3/air/AirPrintSpecial.h: * b3/air/AirStackAllocation.cpp: * b3/air/AirTmp.h: * b3/testb3_6.cpp: (testInterpreter): * bytecode/AccessCase.cpp: * bytecode/CallLinkStatus.cpp: * bytecode/CallVariant.h: * bytecode/CodeBlock.h: * bytecode/CodeOrigin.h: * bytecode/DFGExitProfile.h: * bytecode/DirectEvalCodeCache.h: * bytecode/ExecutableToCodeBlockEdge.h: * bytecode/GetterSetterAccessCase.cpp: * bytecode/LazyOperandValueProfile.h: * bytecode/ObjectPropertyCondition.h: * bytecode/ObjectPropertyConditionSet.cpp: * bytecode/PolymorphicAccess.cpp: * bytecode/PropertyCondition.h: * bytecode/SpeculatedType.h: * bytecode/StructureStubInfo.cpp: * bytecode/UnlinkedCodeBlock.cpp: (JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): * bytecode/UnlinkedCodeBlock.h: * bytecode/UnlinkedEvalCodeBlock.h: * bytecode/UnlinkedFunctionCodeBlock.h: * bytecode/UnlinkedFunctionExecutable.h: * bytecode/UnlinkedModuleProgramCodeBlock.h: * bytecode/UnlinkedProgramCodeBlock.h: * bytecode/ValueProfile.h: * bytecode/VirtualRegister.h: * bytecode/Watchpoint.h: * bytecompiler/BytecodeGenerator.h: * bytecompiler/Label.h: * bytecompiler/NodesCodegen.cpp: (JSC::ThisNode::emitBytecode): * bytecompiler/RegisterID.h: * debugger/Breakpoint.h: * debugger/DebuggerParseData.cpp: * debugger/DebuggerPrimitives.h: * debugger/DebuggerScope.h: * dfg/DFGAbstractHeap.h: * dfg/DFGAbstractValue.h: * dfg/DFGArgumentsEliminationPhase.cpp: * dfg/DFGByteCodeParser.cpp: * dfg/DFGCSEPhase.cpp: * dfg/DFGCommon.h: * dfg/DFGCompilationKey.h: * dfg/DFGDesiredGlobalProperty.h: * dfg/DFGEdgeDominates.h: * dfg/DFGEpoch.h: * dfg/DFGForAllKills.h: (JSC::DFG::forAllKilledNodesAtNodeIndex): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::isLiveInBytecode): * dfg/DFGHeapLocation.h: * dfg/DFGInPlaceAbstractState.cpp: * dfg/DFGIntegerCheckCombiningPhase.cpp: * dfg/DFGIntegerRangeOptimizationPhase.cpp: * dfg/DFGInvalidationPointInjectionPhase.cpp: * dfg/DFGLICMPhase.cpp: * dfg/DFGLazyNode.h: * dfg/DFGMinifiedID.h: * dfg/DFGMovHintRemovalPhase.cpp: * dfg/DFGNodeFlowProjection.h: * dfg/DFGNodeType.h: * dfg/DFGObjectAllocationSinkingPhase.cpp: * dfg/DFGPhantomInsertionPhase.cpp: * dfg/DFGPromotedHeapLocation.h: * dfg/DFGPropertyTypeKey.h: * dfg/DFGPureValue.h: * dfg/DFGPutStackSinkingPhase.cpp: * dfg/DFGRegisterBank.h: * dfg/DFGSSAConversionPhase.cpp: * dfg/DFGSSALoweringPhase.cpp: * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileDoubleRep): (JSC::DFG::compileClampDoubleToByte): (JSC::DFG::SpeculativeJIT::compileArithRounding): (JSC::DFG::compileArithPowIntegerFastPath): (JSC::DFG::SpeculativeJIT::compileArithPow): (JSC::DFG::SpeculativeJIT::emitBinarySwitchStringRecurse): * dfg/DFGStackLayoutPhase.cpp: * dfg/DFGStoreBarrierInsertionPhase.cpp: * dfg/DFGStrengthReductionPhase.cpp: * dfg/DFGStructureAbstractValue.h: * dfg/DFGVarargsForwardingPhase.cpp: * dfg/DFGVariableEventStream.cpp: (JSC::DFG::VariableEventStream::reconstruct const): * dfg/DFGWatchpointCollectionPhase.cpp: * disassembler/ARM64/A64DOpcode.h: * ftl/FTLLocation.h: * ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileArithRandom): * ftl/FTLSlowPathCall.cpp: * ftl/FTLSlowPathCallKey.h: * heap/CellContainer.h: * heap/CellState.h: * heap/ConservativeRoots.h: * heap/GCSegmentedArray.h: * heap/HandleBlock.h: * heap/Heap.cpp: (JSC::Heap::updateAllocationLimits): * heap/Heap.h: * heap/HeapSnapshot.h: * heap/HeapUtil.h: (JSC::HeapUtil::findGCObjectPointersForMarking): * heap/IncrementalSweeper.cpp: * heap/LargeAllocation.h: * heap/MarkedBlock.cpp: * heap/Strong.h: * heap/VisitRaceKey.h: * heap/Weak.h: * heap/WeakBlock.h: * inspector/JSInjectedScriptHost.h: * inspector/JSInjectedScriptHostPrototype.h: * inspector/JSJavaScriptCallFrame.h: * inspector/JSJavaScriptCallFramePrototype.h: * inspector/agents/InspectorConsoleAgent.cpp: * inspector/agents/InspectorRuntimeAgent.cpp: (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets): * inspector/scripts/codegen/generate_cpp_protocol_types_header.py: (CppProtocolTypesHeaderGenerator._generate_versions): * inspector/scripts/tests/generic/expected/version.json-result: * interpreter/Interpreter.h: * interpreter/ShadowChicken.cpp: * jit/BinarySwitch.cpp: * jit/CallFrameShuffler.h: * jit/ExecutableAllocator.h: * jit/FPRInfo.h: * jit/GPRInfo.h: * jit/ICStats.h: * jit/JITThunks.h: * jit/Reg.h: * jit/RegisterSet.h: * jit/TempRegisterSet.h: * jsc.cpp: * parser/ASTBuilder.h: * parser/Nodes.h: * parser/SourceCodeKey.h: * parser/SyntaxChecker.h: * parser/VariableEnvironment.h: * profiler/ProfilerOrigin.h: * profiler/ProfilerOriginStack.h: * profiler/ProfilerUID.h: * runtime/AbstractModuleRecord.cpp: * runtime/ArrayBufferNeuteringWatchpointSet.h: * runtime/ArrayConstructor.h: * runtime/ArrayConventions.h: * runtime/ArrayIteratorPrototype.h: * runtime/ArrayPrototype.cpp: (JSC::setLength): * runtime/AsyncFromSyncIteratorPrototype.h: * runtime/AsyncGeneratorFunctionPrototype.h: * runtime/AsyncGeneratorPrototype.h: * runtime/AsyncIteratorPrototype.h: * runtime/AtomicsObject.cpp: * runtime/BigIntConstructor.h: * runtime/BigIntPrototype.h: * runtime/BooleanPrototype.h: * runtime/ClonedArguments.h: * runtime/CodeCache.h: * runtime/ControlFlowProfiler.h: * runtime/CustomGetterSetter.h: * runtime/DateConstructor.h: * runtime/DatePrototype.h: * runtime/DefinePropertyAttributes.h: * runtime/ErrorPrototype.h: * runtime/EvalExecutable.h: * runtime/Exception.h: * runtime/ExceptionHelpers.cpp: (JSC::invalidParameterInSourceAppender): (JSC::invalidParameterInstanceofSourceAppender): * runtime/ExceptionHelpers.h: * runtime/ExecutableBase.h: * runtime/FunctionExecutable.h: * runtime/FunctionRareData.h: * runtime/GeneratorPrototype.h: * runtime/GenericArguments.h: * runtime/GenericOffset.h: * runtime/GetPutInfo.h: * runtime/GetterSetter.h: * runtime/GlobalExecutable.h: * runtime/Identifier.h: * runtime/InspectorInstrumentationObject.h: * runtime/InternalFunction.h: * runtime/IntlCollatorConstructor.h: * runtime/IntlCollatorPrototype.h: * runtime/IntlDateTimeFormatConstructor.h: * runtime/IntlDateTimeFormatPrototype.h: * runtime/IntlNumberFormatConstructor.h: * runtime/IntlNumberFormatPrototype.h: * runtime/IntlObject.h: * runtime/IntlPluralRulesConstructor.h: * runtime/IntlPluralRulesPrototype.h: * runtime/IteratorPrototype.h: * runtime/JSArray.cpp: (JSC::JSArray::tryCreateUninitializedRestricted): * runtime/JSArray.h: * runtime/JSArrayBuffer.h: * runtime/JSArrayBufferView.h: * runtime/JSBigInt.h: * runtime/JSCJSValue.h: * runtime/JSCell.h: * runtime/JSCustomGetterSetterFunction.h: * runtime/JSDataView.h: * runtime/JSDataViewPrototype.h: * runtime/JSDestructibleObject.h: * runtime/JSFixedArray.h: * runtime/JSGenericTypedArrayView.h: * runtime/JSGlobalLexicalEnvironment.h: * runtime/JSGlobalObject.h: * runtime/JSImmutableButterfly.h: * runtime/JSInternalPromiseConstructor.h: * runtime/JSInternalPromiseDeferred.h: * runtime/JSInternalPromisePrototype.h: * runtime/JSLexicalEnvironment.h: * runtime/JSModuleEnvironment.h: * runtime/JSModuleLoader.h: * runtime/JSModuleNamespaceObject.h: * runtime/JSNonDestructibleProxy.h: * runtime/JSONObject.cpp: * runtime/JSONObject.h: * runtime/JSObject.h: * runtime/JSPromiseConstructor.h: * runtime/JSPromiseDeferred.h: * runtime/JSPromisePrototype.h: * runtime/JSPropertyNameEnumerator.h: * runtime/JSProxy.h: * runtime/JSScope.h: * runtime/JSScriptFetchParameters.h: * runtime/JSScriptFetcher.h: * runtime/JSSegmentedVariableObject.h: * runtime/JSSourceCode.h: * runtime/JSString.cpp: * runtime/JSString.h: * runtime/JSSymbolTableObject.h: * runtime/JSTemplateObjectDescriptor.h: * runtime/JSTypeInfo.h: * runtime/MapPrototype.h: * runtime/MinimumReservedZoneSize.h: * runtime/ModuleProgramExecutable.h: * runtime/NativeExecutable.h: * runtime/NativeFunction.h: * runtime/NativeStdFunctionCell.h: * runtime/NumberConstructor.h: * runtime/NumberPrototype.h: * runtime/ObjectConstructor.h: * runtime/ObjectPrototype.h: * runtime/ProgramExecutable.h: * runtime/PromiseDeferredTimer.cpp: * runtime/PropertyMapHashTable.h: * runtime/PropertyNameArray.h: (JSC::PropertyNameArray::add): * runtime/PrototypeKey.h: * runtime/ProxyConstructor.h: * runtime/ProxyObject.cpp: (JSC::ProxyObject::performGetOwnPropertyNames): * runtime/ProxyRevoke.h: * runtime/ReflectObject.h: * runtime/RegExp.h: * runtime/RegExpCache.h: * runtime/RegExpConstructor.h: * runtime/RegExpKey.h: * runtime/RegExpObject.h: * runtime/RegExpPrototype.h: * runtime/RegExpStringIteratorPrototype.h: * runtime/SamplingProfiler.cpp: * runtime/ScopedArgumentsTable.h: * runtime/ScriptExecutable.h: * runtime/SetPrototype.h: * runtime/SmallStrings.h: * runtime/SparseArrayValueMap.h: * runtime/StringConstructor.h: * runtime/StringIteratorPrototype.h: * runtime/StringObject.h: * runtime/StringPrototype.h: * runtime/Structure.h: * runtime/StructureChain.h: * runtime/StructureRareData.h: * runtime/StructureTransitionTable.h: * runtime/Symbol.h: * runtime/SymbolConstructor.h: * runtime/SymbolPrototype.h: * runtime/SymbolTable.h: * runtime/TemplateObjectDescriptor.h: * runtime/TypeProfiler.cpp: * runtime/TypeProfiler.h: * runtime/TypeProfilerLog.cpp: * runtime/VarOffset.h: * testRegExp.cpp: * tools/HeapVerifier.cpp: (JSC::HeapVerifier::checkIfRecorded): * tools/JSDollarVM.cpp: * wasm/WasmB3IRGenerator.cpp: * wasm/WasmBBQPlan.cpp: * wasm/WasmFaultSignalHandler.cpp: * wasm/WasmFunctionParser.h: * wasm/WasmOMGForOSREntryPlan.cpp: * wasm/WasmOMGPlan.cpp: * wasm/WasmPlan.cpp: * wasm/WasmSignature.cpp: * wasm/WasmSignature.h: * wasm/WasmWorklist.cpp: * wasm/js/JSWebAssembly.h: * wasm/js/JSWebAssemblyCodeBlock.h: * wasm/js/WebAssemblyCompileErrorConstructor.h: * wasm/js/WebAssemblyCompileErrorPrototype.h: * wasm/js/WebAssemblyFunction.h: * wasm/js/WebAssemblyInstanceConstructor.h: * wasm/js/WebAssemblyInstancePrototype.h: * wasm/js/WebAssemblyLinkErrorConstructor.h: * wasm/js/WebAssemblyLinkErrorPrototype.h: * wasm/js/WebAssemblyMemoryConstructor.h: * wasm/js/WebAssemblyMemoryPrototype.h: * wasm/js/WebAssemblyModuleConstructor.h: * wasm/js/WebAssemblyModulePrototype.h: * wasm/js/WebAssemblyRuntimeErrorConstructor.h: * wasm/js/WebAssemblyRuntimeErrorPrototype.h: * wasm/js/WebAssemblyTableConstructor.h: * wasm/js/WebAssemblyTablePrototype.h: * wasm/js/WebAssemblyToJSCallee.h: * yarr/Yarr.h: * yarr/YarrParser.h: * yarr/generateYarrCanonicalizeUnicode: Source/WebCore: No new tests. Covered by existing tests. * bindings/js/JSDOMConstructorBase.h: * bindings/js/JSDOMWindowProperties.h: * bindings/scripts/CodeGeneratorJS.pm: (GenerateHeader): (GeneratePrototypeDeclaration): * bindings/scripts/test/JS/JSTestActiveDOMObject.h: * bindings/scripts/test/JS/JSTestEnabledBySetting.h: * bindings/scripts/test/JS/JSTestEnabledForContext.h: * bindings/scripts/test/JS/JSTestEventTarget.h: * bindings/scripts/test/JS/JSTestGlobalObject.h: * bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.h: * bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.h: * bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.h: * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.h: * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.h: * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.h: * bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.h: * bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.h: * bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.h: * bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.h: * bindings/scripts/test/JS/JSTestNamedGetterCallWith.h: * bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.h: * bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.h: * bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.h: * bindings/scripts/test/JS/JSTestNamedSetterThrowingException.h: * bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.h: * bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.h: * bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.h: * bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.h: * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.h: * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.h: * bindings/scripts/test/JS/JSTestObj.h: * bindings/scripts/test/JS/JSTestOverrideBuiltins.h: * bindings/scripts/test/JS/JSTestPluginInterface.h: * bindings/scripts/test/JS/JSTestTypedefs.h: * bridge/objc/objc_runtime.h: * bridge/runtime_array.h: * bridge/runtime_method.h: * bridge/runtime_object.h: Source/WebKit: * WebProcess/Plugins/Netscape/JSNPObject.h: Source/WTF: * wtf/Assertions.cpp: * wtf/AutomaticThread.cpp: * wtf/BitVector.h: * wtf/Bitmap.h: * wtf/BloomFilter.h: * wtf/Brigand.h: * wtf/CheckedArithmetic.h: * wtf/CrossThreadCopier.h: * wtf/CurrentTime.cpp: * wtf/DataLog.cpp: * wtf/DateMath.cpp: (WTF::daysFrom1970ToYear): * wtf/DeferrableRefCounted.h: * wtf/GetPtr.h: * wtf/HashFunctions.h: * wtf/HashMap.h: * wtf/HashTable.h: * wtf/HashTraits.h: * wtf/JSONValues.cpp: * wtf/JSONValues.h: * wtf/ListHashSet.h: * wtf/Lock.h: * wtf/LockAlgorithm.h: * wtf/LockAlgorithmInlines.h: (WTF::Hooks>::lockSlow): * wtf/Logger.h: * wtf/LoggerHelper.h: (WTF::LoggerHelper::childLogIdentifier const): * wtf/MainThread.cpp: * wtf/MetaAllocatorPtr.h: * wtf/MonotonicTime.h: * wtf/NaturalLoops.h: (WTF::NaturalLoops::NaturalLoops): * wtf/ObjectIdentifier.h: * wtf/RAMSize.cpp: * wtf/Ref.h: * wtf/RefPtr.h: * wtf/RetainPtr.h: * wtf/SchedulePair.h: * wtf/StackShot.h: * wtf/StdLibExtras.h: * wtf/TinyPtrSet.h: * wtf/URL.cpp: * wtf/URLHash.h: * wtf/URLParser.cpp: (WTF::URLParser::defaultPortForProtocol): * wtf/Vector.h: * wtf/VectorTraits.h: * wtf/WallTime.h: * wtf/WeakHashSet.h: * wtf/WordLock.h: * wtf/cocoa/CPUTimeCocoa.cpp: * wtf/cocoa/MemoryPressureHandlerCocoa.mm: * wtf/persistence/PersistentDecoder.h: * wtf/persistence/PersistentEncoder.h: * wtf/text/AtomStringHash.h: * wtf/text/CString.h: * wtf/text/StringBuilder.cpp: (WTF::expandedCapacity): * wtf/text/StringHash.h: * wtf/text/StringImpl.h: * wtf/text/StringToIntegerConversion.h: (WTF::toIntegralType): * wtf/text/SymbolRegistry.h: * wtf/text/TextStream.cpp: (WTF::hasFractions): * wtf/text/WTFString.h: * wtf/text/cocoa/TextBreakIteratorInternalICUCocoa.cpp: Canonical link: https://commits.webkit.org/215538@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250005 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2019-09-18 00:36:19 +00:00
static constexpr unsigned deferredFlag = 1;
static constexpr unsigned normalIncrement = 2;
[Fetch API] Use Ref<const T> in FetchBody::m_data variant https://bugs.webkit.org/show_bug.cgi?id=162599 Patch by Youenn Fablet <youenn@apple.com> on 2016-09-27 Reviewed by Alex Christensen. Source/WebCore: Covered by existing tests. Using Ref<const T> for all variants of m_data except for FormData since FetchBody is actually creating it and may modifiy it. Updating blob loading code path to use a const Blob& instead of a Blob&. * Modules/fetch/FetchBody.cpp: (WebCore::FetchBody::FetchBody): (WebCore::FetchBody::extract): (WebCore::FetchBody::clone): * Modules/fetch/FetchBody.h: (WebCore::FetchBody::blobBody): (WebCore::FetchBody::arrayBufferBody): (WebCore::FetchBody::arrayBufferViewBody): * Modules/fetch/FetchBodyOwner.cpp: (WebCore::FetchBodyOwner::loadBlob): * Modules/fetch/FetchBodyOwner.h: * Modules/fetch/FetchLoader.cpp: (WebCore::FetchLoader::start): * Modules/fetch/FetchLoader.h: Source/WTF: Enabling to use DeferrableRefCounted<const T> by making m_refCount mutable. * wtf/DeferrableRefCounted.h: (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCounted::deref): Canonical link: https://commits.webkit.org/180554@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@206438 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-09-27 16:47:49 +00:00
Typed arrays should be rewritten https://bugs.webkit.org/show_bug.cgi?id=119064 .: Reviewed by Oliver Hunt. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * Source/autotools/symbols.filter: Source/JavaScriptCore: Reviewed by Oliver Hunt. Typed arrays were previously deficient in several major ways: - They were defined separately in WebCore and in the jsc shell. The two implementations were different, and the jsc shell one was basically wrong. The WebCore one was quite awful, also. - Typed arrays were not visible to the JIT except through some weird hooks. For example, the JIT could not ask "what is the Structure that this typed array would have if I just allocated it from this global object". Also, it was difficult to wire any of the typed array intrinsics, because most of the functionality wasn't visible anywhere in JSC. - Typed array allocation was brain-dead. Allocating a typed array involved two JS objects, two GC weak handles, and three malloc allocations. - Neutering. It involved keeping tabs on all native views but not the view wrappers, even though the native views can autoneuter just by asking the buffer if it was neutered anytime you touch them; while the JS view wrappers are the ones that you really want to reach out to. - Common case-ing. Most typed arrays have one buffer and one view, and usually nobody touches the buffer. Yet we created all of that stuff anyway, using data structures optimized for the case where you had a lot of views. - Semantic goofs. Typed arrays should, in the future, behave like ES features rather than DOM features, for example when it comes to exceptions. Firefox already does this and I agree with them. This patch cleanses our codebase of these sins: - Typed arrays are almost entirely defined in JSC. Only the lifecycle management of native references to buffers is left to WebCore. - Allocating a typed array requires either two GC allocations (a cell and a copied storage vector) or one GC allocation, a malloc allocation, and a weak handle (a cell and a malloc'd storage vector, plus a finalizer for the latter). The latter is only used for oversize arrays. Remember that before it was 7 allocations no matter what. - Typed arrays require just 4 words of overhead: Structure*, Butterfly*, mode/length, void* vector. Before it was a lot more than that - remember, there were five additional objects that did absolutely nothing for anybody. - Native views aren't tracked by the buffer, or by the wrappers. They are transient. In the future we'll probably switch to not even having them be malloc'd. - Native array buffers have an efficient way of tracking all of their JS view wrappers, both for neutering, and for lifecycle management. The GC special-cases native array buffers. This saves a bunch of grief; for example it means that a JS view wrapper can refer to its buffer via the butterfly, which would be dead by the time we went to finalize. - Typed array semantics now match Firefox, which also happens to be where the standards are going. The discussion on webkit-dev seemed to confirm that Chrome is also heading in this direction. This includes making Uint8ClampedArray not a subtype of Uint8Array, and getting rid of ArrayBufferView as a JS-visible construct. This is up to a 10x speed-up on programs that allocate a lot of typed arrays. It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for further typed array optimizations in the JSC JITs, including inlining typed array allocation, inlining more of the accessors, reducing the cost of type checks, etc. An additional property of this patch is that typed arrays are mostly implemented using templates. This deduplicates a bunch of code, but does mean that we need some hacks for exporting s_info's of template classes. See JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly low-impact compared to code duplication. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * CMakeLists.txt: * DerivedSources.make: * GNUmakefile.list.am: * JSCTypedArrayStubs.h: Removed. * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * bytecode/ByValInfo.h: (JSC::hasOptimizableIndexingForClassInfo): (JSC::jitArrayModeForClassInfo): (JSC::typedArrayTypeForJITArrayMode): * bytecode/SpeculatedType.cpp: (JSC::speculationFromClassInfo): * dfg/DFGArrayMode.cpp: (JSC::DFG::toTypedArrayType): * dfg/DFGArrayMode.h: (JSC::DFG::ArrayMode::typedArrayType): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetArrayLength): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * heap/CopyToken.h: * heap/DeferGC.h: (JSC::DeferGCForAWhile::DeferGCForAWhile): (JSC::DeferGCForAWhile::~DeferGCForAWhile): * heap/GCIncomingRefCounted.h: Added. (JSC::GCIncomingRefCounted::GCIncomingRefCounted): (JSC::GCIncomingRefCounted::~GCIncomingRefCounted): (JSC::GCIncomingRefCounted::numberOfIncomingReferences): (JSC::GCIncomingRefCounted::incomingReferenceAt): (JSC::GCIncomingRefCounted::singletonFlag): (JSC::GCIncomingRefCounted::hasVectorOfCells): (JSC::GCIncomingRefCounted::hasAnyIncoming): (JSC::GCIncomingRefCounted::hasSingleton): (JSC::GCIncomingRefCounted::singleton): (JSC::GCIncomingRefCounted::vectorOfCells): * heap/GCIncomingRefCountedInlines.h: Added. (JSC::::addIncomingReference): (JSC::::filterIncomingReferences): * heap/GCIncomingRefCountedSet.h: Added. (JSC::GCIncomingRefCountedSet::size): * heap/GCIncomingRefCountedSetInlines.h: Added. (JSC::::GCIncomingRefCountedSet): (JSC::::~GCIncomingRefCountedSet): (JSC::::addReference): (JSC::::sweep): (JSC::::removeAll): (JSC::::removeDead): * heap/Heap.cpp: (JSC::Heap::addReference): (JSC::Heap::extraSize): (JSC::Heap::size): (JSC::Heap::capacity): (JSC::Heap::collect): (JSC::Heap::decrementDeferralDepth): (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): * heap/Heap.h: * interpreter/CallFrame.h: (JSC::ExecState::dataViewTable): * jit/JIT.h: * jit/JITPropertyAccess.cpp: (JSC::JIT::privateCompileGetByVal): (JSC::JIT::privateCompilePutByVal): (JSC::JIT::emitIntTypedArrayGetByVal): (JSC::JIT::emitFloatTypedArrayGetByVal): (JSC::JIT::emitIntTypedArrayPutByVal): (JSC::JIT::emitFloatTypedArrayPutByVal): * jsc.cpp: (GlobalObject::finishCreation): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::ArrayBuffer): (JSC::ArrayBuffer::gcSizeEstimateInBytes): (JSC::ArrayBuffer::pin): (JSC::ArrayBuffer::unpin): (JSC::ArrayBufferContents::tryAllocate): * runtime/ArrayBufferView.cpp: (JSC::ArrayBufferView::ArrayBufferView): (JSC::ArrayBufferView::~ArrayBufferView): (JSC::ArrayBufferView::setNeuterable): * runtime/ArrayBufferView.h: (JSC::ArrayBufferView::isNeutered): (JSC::ArrayBufferView::buffer): (JSC::ArrayBufferView::baseAddress): (JSC::ArrayBufferView::byteOffset): (JSC::ArrayBufferView::verifySubRange): (JSC::ArrayBufferView::clampOffsetAndNumElements): (JSC::ArrayBufferView::calculateOffsetAndLength): * runtime/ClassInfo.h: * runtime/CommonIdentifiers.h: * runtime/DataView.cpp: Added. (JSC::DataView::DataView): (JSC::DataView::create): (JSC::DataView::wrap): * runtime/DataView.h: Added. (JSC::DataView::byteLength): (JSC::DataView::getType): (JSC::DataView::get): (JSC::DataView::set): * runtime/Float32Array.h: * runtime/Float64Array.h: * runtime/GenericTypedArrayView.h: Added. (JSC::GenericTypedArrayView::data): (JSC::GenericTypedArrayView::set): (JSC::GenericTypedArrayView::setRange): (JSC::GenericTypedArrayView::zeroRange): (JSC::GenericTypedArrayView::zeroFill): (JSC::GenericTypedArrayView::length): (JSC::GenericTypedArrayView::byteLength): (JSC::GenericTypedArrayView::item): (JSC::GenericTypedArrayView::checkInboundData): (JSC::GenericTypedArrayView::getType): * runtime/GenericTypedArrayViewInlines.h: Added. (JSC::::GenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::subarray): (JSC::::wrap): * runtime/IndexingHeader.h: (JSC::IndexingHeader::arrayBuffer): (JSC::IndexingHeader::setArrayBuffer): * runtime/Int16Array.h: * runtime/Int32Array.h: * runtime/Int8Array.h: * runtime/JSArrayBuffer.cpp: Added. (JSC::JSArrayBuffer::JSArrayBuffer): (JSC::JSArrayBuffer::finishCreation): (JSC::JSArrayBuffer::create): (JSC::JSArrayBuffer::createStructure): (JSC::JSArrayBuffer::getOwnPropertySlot): (JSC::JSArrayBuffer::getOwnPropertyDescriptor): (JSC::JSArrayBuffer::put): (JSC::JSArrayBuffer::defineOwnProperty): (JSC::JSArrayBuffer::deleteProperty): (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames): * runtime/JSArrayBuffer.h: Added. (JSC::JSArrayBuffer::impl): (JSC::toArrayBuffer): * runtime/JSArrayBufferConstructor.cpp: Added. (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor): (JSC::JSArrayBufferConstructor::finishCreation): (JSC::JSArrayBufferConstructor::create): (JSC::JSArrayBufferConstructor::createStructure): (JSC::constructArrayBuffer): (JSC::JSArrayBufferConstructor::getConstructData): (JSC::JSArrayBufferConstructor::getCallData): * runtime/JSArrayBufferConstructor.h: Added. * runtime/JSArrayBufferPrototype.cpp: Added. (JSC::arrayBufferProtoFuncSlice): (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype): (JSC::JSArrayBufferPrototype::finishCreation): (JSC::JSArrayBufferPrototype::create): (JSC::JSArrayBufferPrototype::createStructure): * runtime/JSArrayBufferPrototype.h: Added. * runtime/JSArrayBufferView.cpp: Added. (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): (JSC::JSArrayBufferView::JSArrayBufferView): (JSC::JSArrayBufferView::finishCreation): (JSC::JSArrayBufferView::getOwnPropertySlot): (JSC::JSArrayBufferView::getOwnPropertyDescriptor): (JSC::JSArrayBufferView::put): (JSC::JSArrayBufferView::defineOwnProperty): (JSC::JSArrayBufferView::deleteProperty): (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames): (JSC::JSArrayBufferView::finalize): * runtime/JSArrayBufferView.h: Added. (JSC::JSArrayBufferView::sizeOf): (JSC::JSArrayBufferView::ConstructionContext::operator!): (JSC::JSArrayBufferView::ConstructionContext::structure): (JSC::JSArrayBufferView::ConstructionContext::vector): (JSC::JSArrayBufferView::ConstructionContext::length): (JSC::JSArrayBufferView::ConstructionContext::mode): (JSC::JSArrayBufferView::ConstructionContext::butterfly): (JSC::JSArrayBufferView::mode): (JSC::JSArrayBufferView::vector): (JSC::JSArrayBufferView::length): (JSC::JSArrayBufferView::offsetOfVector): (JSC::JSArrayBufferView::offsetOfLength): (JSC::JSArrayBufferView::offsetOfMode): * runtime/JSArrayBufferViewInlines.h: Added. (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary): (JSC::JSArrayBufferView::buffer): (JSC::JSArrayBufferView::impl): (JSC::JSArrayBufferView::neuter): (JSC::JSArrayBufferView::byteOffset): * runtime/JSCell.cpp: (JSC::JSCell::slowDownAndWasteMemory): (JSC::JSCell::getTypedArrayImpl): * runtime/JSCell.h: * runtime/JSDataView.cpp: Added. (JSC::JSDataView::JSDataView): (JSC::JSDataView::create): (JSC::JSDataView::createUninitialized): (JSC::JSDataView::set): (JSC::JSDataView::typedImpl): (JSC::JSDataView::getOwnPropertySlot): (JSC::JSDataView::getOwnPropertyDescriptor): (JSC::JSDataView::slowDownAndWasteMemory): (JSC::JSDataView::getTypedArrayImpl): (JSC::JSDataView::createStructure): * runtime/JSDataView.h: Added. * runtime/JSDataViewPrototype.cpp: Added. (JSC::JSDataViewPrototype::JSDataViewPrototype): (JSC::JSDataViewPrototype::create): (JSC::JSDataViewPrototype::createStructure): (JSC::JSDataViewPrototype::getOwnPropertySlot): (JSC::JSDataViewPrototype::getOwnPropertyDescriptor): (JSC::getData): (JSC::setData): (JSC::dataViewProtoFuncGetInt8): (JSC::dataViewProtoFuncGetInt16): (JSC::dataViewProtoFuncGetInt32): (JSC::dataViewProtoFuncGetUint8): (JSC::dataViewProtoFuncGetUint16): (JSC::dataViewProtoFuncGetUint32): (JSC::dataViewProtoFuncGetFloat32): (JSC::dataViewProtoFuncGetFloat64): (JSC::dataViewProtoFuncSetInt8): (JSC::dataViewProtoFuncSetInt16): (JSC::dataViewProtoFuncSetInt32): (JSC::dataViewProtoFuncSetUint8): (JSC::dataViewProtoFuncSetUint16): (JSC::dataViewProtoFuncSetUint32): (JSC::dataViewProtoFuncSetFloat32): (JSC::dataViewProtoFuncSetFloat64): * runtime/JSDataViewPrototype.h: Added. * runtime/JSFloat32Array.h: Added. * runtime/JSFloat64Array.h: Added. * runtime/JSGenericTypedArrayView.h: Added. (JSC::JSGenericTypedArrayView::byteLength): (JSC::JSGenericTypedArrayView::byteSize): (JSC::JSGenericTypedArrayView::typedVector): (JSC::JSGenericTypedArrayView::canGetIndexQuickly): (JSC::JSGenericTypedArrayView::canSetIndexQuickly): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble): (JSC::JSGenericTypedArrayView::getIndexQuickly): (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue): (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble): (JSC::JSGenericTypedArrayView::setIndexQuickly): (JSC::JSGenericTypedArrayView::canAccessRangeQuickly): (JSC::JSGenericTypedArrayView::typedImpl): (JSC::JSGenericTypedArrayView::createStructure): (JSC::JSGenericTypedArrayView::info): (JSC::toNativeTypedView): * runtime/JSGenericTypedArrayViewConstructor.h: Added. * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added. (JSC::::JSGenericTypedArrayViewConstructor): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): (JSC::constructGenericTypedArrayView): (JSC::::getConstructData): (JSC::::getCallData): * runtime/JSGenericTypedArrayViewInlines.h: Added. (JSC::::JSGenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::validateRange): (JSC::::setWithSpecificType): (JSC::::set): (JSC::::getOwnPropertySlot): (JSC::::getOwnPropertyDescriptor): (JSC::::put): (JSC::::defineOwnProperty): (JSC::::deleteProperty): (JSC::::getOwnPropertySlotByIndex): (JSC::::putByIndex): (JSC::::deletePropertyByIndex): (JSC::::getOwnNonIndexPropertyNames): (JSC::::getOwnPropertyNames): (JSC::::visitChildren): (JSC::::copyBackingStore): (JSC::::slowDownAndWasteMemory): (JSC::::getTypedArrayImpl): * runtime/JSGenericTypedArrayViewPrototype.h: Added. * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added. (JSC::genericTypedArrayViewProtoFuncSet): (JSC::genericTypedArrayViewProtoFuncSubarray): (JSC::::JSGenericTypedArrayViewPrototype): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren): * runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype): (JSC::JSGlobalObject::arrayBufferStructure): (JSC::JSGlobalObject::typedArrayStructure): * runtime/JSInt16Array.h: Added. * runtime/JSInt32Array.h: Added. * runtime/JSInt8Array.h: Added. * runtime/JSTypedArrayConstructors.cpp: Added. * runtime/JSTypedArrayConstructors.h: Added. * runtime/JSTypedArrayPrototypes.cpp: Added. * runtime/JSTypedArrayPrototypes.h: Added. * runtime/JSTypedArrays.cpp: Added. * runtime/JSTypedArrays.h: Added. * runtime/JSUint16Array.h: Added. * runtime/JSUint32Array.h: Added. * runtime/JSUint8Array.h: Added. * runtime/JSUint8ClampedArray.h: Added. * runtime/Operations.h: * runtime/Options.h: * runtime/SimpleTypedArrayController.cpp: Added. (JSC::SimpleTypedArrayController::SimpleTypedArrayController): (JSC::SimpleTypedArrayController::~SimpleTypedArrayController): (JSC::SimpleTypedArrayController::toJS): * runtime/SimpleTypedArrayController.h: Added. * runtime/Structure.h: (JSC::Structure::couldHaveIndexingHeader): * runtime/StructureInlines.h: (JSC::Structure::hasIndexingHeader): * runtime/TypedArrayAdaptors.h: Added. (JSC::IntegralTypedArrayAdaptor::toNative): (JSC::IntegralTypedArrayAdaptor::toJSValue): (JSC::IntegralTypedArrayAdaptor::toDouble): (JSC::FloatTypedArrayAdaptor::toNative): (JSC::FloatTypedArrayAdaptor::toJSValue): (JSC::FloatTypedArrayAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::toNative): (JSC::Uint8ClampedAdaptor::toJSValue): (JSC::Uint8ClampedAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::clamp): * runtime/TypedArrayController.cpp: Added. (JSC::TypedArrayController::TypedArrayController): (JSC::TypedArrayController::~TypedArrayController): * runtime/TypedArrayController.h: Added. * runtime/TypedArrayDescriptor.h: Removed. * runtime/TypedArrayInlines.h: Added. * runtime/TypedArrayType.cpp: Added. (JSC::classInfoForType): (WTF::printInternal): * runtime/TypedArrayType.h: Added. (JSC::toIndex): (JSC::isTypedView): (JSC::elementSize): (JSC::isInt): (JSC::isFloat): (JSC::isSigned): (JSC::isClamped): * runtime/TypedArrays.h: Added. * runtime/Uint16Array.h: * runtime/Uint32Array.h: * runtime/Uint8Array.h: * runtime/Uint8ClampedArray.h: * runtime/VM.cpp: (JSC::VM::VM): (JSC::VM::~VM): * runtime/VM.h: Source/WebCore: Reviewed by Oliver Hunt. Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a client of them. There is only one layering violation: WebCore installs a WebCoreTypedArrayController on VM, which makes the ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default, JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer alive but if ArrayBuffer is kept alive from native code then the JSArrayByffer may die. WebCoreTypedArrayController will keep the JSArrayBuffer alive if the ArrayBuffer is in the opaque root set. To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is changed to make most references to wrappers refer to JSObject* rather than JSDOMWrapper*. Array buffer views are now transient; the JS array buffer view wrappers don't own them or keep them alive. This required a bunch of changes to make bindings code use RefPtr<ArrayBufferView> to hold onto their views. Also there is a bunch of new code to make JSC-provided array buffers and views obey the toJS/to<ClassName> idiom for wrapping and unwrapping. Finally, the DataView API is now completely different: the JSDataView provides the same user-visible JS API but using its own internal magic; the C++ code that uses DataView now uses a rather different API that is not aware of usual DOM semantics, since it's in JSC and not WebCore. It's equally useful for all of WebCore's purposes, but some code had to change to adapt the new conventions. Some tests have been changed or rebased due to changes in behavior, that bring us into conformance with where the standards are going and allow us to match Firefox behavior. Automake work and some additional GTK changes courtesy of Zan Dobersek <zdobersek@igalia.com>. Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>. * CMakeLists.txt: * DerivedSources.make: * ForwardingHeaders/runtime/DataView.h: Added. * ForwardingHeaders/runtime/JSArrayBuffer.h: Added. * ForwardingHeaders/runtime/JSArrayBufferView.h: Added. * ForwardingHeaders/runtime/JSDataView.h: Added. * ForwardingHeaders/runtime/JSTypedArrays.h: Added. * ForwardingHeaders/runtime/TypedArrayController.h: Added. * ForwardingHeaders/runtime/TypedArrayInlines.h: Added. * ForwardingHeaders/runtime/TypedArrays.h: Added. * GNUmakefile.list.am: * Modules/webaudio/RealtimeAnalyser.h: * Target.pri: * UseJSC.cmake: * WebCore.exp.in: * WebCore.vcxproj/WebCore.vcxproj: * WebCore.xcodeproj/project.pbxproj: * bindings/js/DOMWrapperWorld.h: * bindings/js/JSArrayBufferCustom.cpp: Removed. * bindings/js/JSArrayBufferViewHelper.h: Removed. * bindings/js/JSAudioContextCustom.cpp: * bindings/js/JSBindingsAllInOne.cpp: * bindings/js/JSBlobCustom.cpp: * bindings/js/JSCSSRuleCustom.cpp: (WebCore::toJS): * bindings/js/JSCSSValueCustom.cpp: (WebCore::toJS): * bindings/js/JSCryptoCustom.cpp: (WebCore::JSCrypto::getRandomValues): * bindings/js/JSDOMBinding.h: (WebCore::wrapperOwner): (WebCore::wrapperContext): (WebCore::getInlineCachedWrapper): (WebCore::setInlineCachedWrapper): (WebCore::clearInlineCachedWrapper): (WebCore::getCachedWrapper): (WebCore::cacheWrapper): (WebCore::uncacheWrapper): (WebCore::wrap): (WebCore::toJS): (WebCore::toArrayBufferView): (WebCore::toInt8Array): (WebCore::toInt16Array): (WebCore::toInt32Array): (WebCore::toUint8Array): (WebCore::toUint8ClampedArray): (WebCore::toUint16Array): (WebCore::toUint32Array): (WebCore::toFloat32Array): (WebCore::toFloat64Array): (WebCore::toDataView): * bindings/js/JSDataViewCustom.cpp: Removed. * bindings/js/JSDictionary.cpp: * bindings/js/JSDictionary.h: * bindings/js/JSDocumentCustom.cpp: (WebCore::JSDocument::location): (WebCore::toJS): * bindings/js/JSEventCustom.cpp: (WebCore::toJS): * bindings/js/JSFileReaderCustom.cpp: * bindings/js/JSHTMLCollectionCustom.cpp: (WebCore::toJS): * bindings/js/JSHTMLTemplateElementCustom.cpp: (WebCore::JSHTMLTemplateElement::content): * bindings/js/JSImageDataCustom.cpp: (WebCore::toJS): * bindings/js/JSInjectedScriptHostCustom.cpp: * bindings/js/JSMessageEventCustom.cpp: * bindings/js/JSMessagePortCustom.cpp: * bindings/js/JSSVGPathSegCustom.cpp: (WebCore::toJS): * bindings/js/JSStyleSheetCustom.cpp: (WebCore::toJS): * bindings/js/JSTrackCustom.cpp: (WebCore::toJS): * bindings/js/JSWebGLRenderingContextCustom.cpp: * bindings/js/JSXMLHttpRequestCustom.cpp: (WebCore::JSXMLHttpRequest::send): * bindings/js/SerializedScriptValue.cpp: (WebCore::SerializedScriptValue::transferArrayBuffers): * bindings/js/WebCoreJSClientData.h: (WebCore::initNormalWorldClientData): * bindings/js/WebCoreTypedArrayController.cpp: Added. (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::toJS): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize): * bindings/js/WebCoreTypedArrayController.h: Added. (WebCore::WebCoreTypedArrayController::wrapperOwner): * bindings/scripts/CodeGenerator.pm: (ForAllParents): (ParseInterface): (SkipIncludeHeader): (IsTypedArrayType): (IsWrapperType): * bindings/scripts/CodeGeneratorJS.pm: (AddIncludesForType): (GenerateHeader): (GenerateImplementation): (GenerateParametersCheck): (GetNativeType): (JSValueToNative): (NativeToJSValue): (GenerateConstructorDefinition): (GenerateConstructorHelperMethods): * fileapi/WebKitBlobBuilder.cpp: (WebCore::BlobBuilder::append): * fileapi/WebKitBlobBuilder.h: * html/canvas/ArrayBuffer.idl: Removed. * html/canvas/ArrayBufferView.idl: Removed. * html/canvas/DataView.cpp: Removed. * html/canvas/DataView.h: Removed. * html/canvas/DataView.idl: Removed. * html/canvas/Float32Array.idl: Removed. * html/canvas/Float64Array.idl: Removed. * html/canvas/Int16Array.idl: Removed. * html/canvas/Int32Array.idl: Removed. * html/canvas/Int8Array.idl: Removed. * html/canvas/Uint16Array.idl: Removed. * html/canvas/Uint32Array.idl: Removed. * html/canvas/Uint8Array.idl: Removed. * html/canvas/Uint8ClampedArray.idl: Removed. * html/canvas/WebGLRenderingContext.cpp: (WebCore::WebGLRenderingContext::readPixels): (WebCore::WebGLRenderingContext::validateTexFuncData): * page/Crypto.cpp: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource): (WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData): * platform/graphics/filters/FECustomFilter.h: * platform/graphics/filters/FEGaussianBlur.cpp: * platform/graphics/filters/FilterEffect.cpp: * testing/MockCDM.cpp: Source/WebKit2: Reviewed by Oliver Hunt. You don't need to include JSUint8Array anymore if you just want to unwrap one; JSDOMBinding gives you all of the things you need. * WebProcess/InjectedBundle/InjectedBundle.cpp: Source/WTF: Reviewed by Oliver Hunt. - Added the notion of a reference counted object that can be marked Deferred, which is like a special-purpose upref. - Added a common byte flipper. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * GNUmakefile.list.am: * WTF.xcodeproj/project.pbxproj: * wtf/DeferrableRefCounted.h: Added. (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::hasOneRef): (WTF::DeferrableRefCountedBase::refCount): (WTF::DeferrableRefCountedBase::isDeferred): (WTF::DeferrableRefCountedBase::DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCountedBase::setIsDeferredBase): (WTF::DeferrableRefCounted::deref): (WTF::DeferrableRefCounted::setIsDeferred): (WTF::DeferrableRefCounted::DeferrableRefCounted): (WTF::DeferrableRefCounted::~DeferrableRefCounted): * wtf/FlipBytes.h: Added. (WTF::needToFlipBytesIfLittleEndian): (WTF::flipBytes): (WTF::flipBytesIfLittleEndian): LayoutTests: Reviewed by Oliver Hunt. * fast/canvas/webgl/array-set-invalid-arguments-expected.txt: * fast/canvas/webgl/array-set-out-of-bounds-expected.txt: * fast/canvas/webgl/array-unit-tests-expected.txt: * fast/canvas/webgl/array-unit-tests.html: * fast/canvas/webgl/data-view-crash-expected.txt: * fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js: (checkView): * fast/dom/call-a-constructor-as-a-function-expected.txt: * fast/dom/call-a-constructor-as-a-function.html: * fast/js/constructor-length.html: * fast/js/global-constructors-attributes-dedicated-worker-expected.txt: * fast/js/global-constructors-attributes-expected.txt: * fast/js/global-constructors-attributes-shared-worker-expected.txt: * fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added. * fast/js/regress/Int32Array-alloc-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-huge.html: Added. * fast/js/regress/Int32Array-alloc-large-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-large.html: Added. * fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-long-lived.html: Added. * fast/js/regress/Int32Array-alloc.html: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc.js: Added. * platform/mac/fast/js/constructor-length-expected.txt: * webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html: * webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html: Canonical link: https://commits.webkit.org/137806@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-08-15 20:43:06 +00:00
public:
[Fetch API] Use Ref<const T> in FetchBody::m_data variant https://bugs.webkit.org/show_bug.cgi?id=162599 Patch by Youenn Fablet <youenn@apple.com> on 2016-09-27 Reviewed by Alex Christensen. Source/WebCore: Covered by existing tests. Using Ref<const T> for all variants of m_data except for FormData since FetchBody is actually creating it and may modifiy it. Updating blob loading code path to use a const Blob& instead of a Blob&. * Modules/fetch/FetchBody.cpp: (WebCore::FetchBody::FetchBody): (WebCore::FetchBody::extract): (WebCore::FetchBody::clone): * Modules/fetch/FetchBody.h: (WebCore::FetchBody::blobBody): (WebCore::FetchBody::arrayBufferBody): (WebCore::FetchBody::arrayBufferViewBody): * Modules/fetch/FetchBodyOwner.cpp: (WebCore::FetchBodyOwner::loadBlob): * Modules/fetch/FetchBodyOwner.h: * Modules/fetch/FetchLoader.cpp: (WebCore::FetchLoader::start): * Modules/fetch/FetchLoader.h: Source/WTF: Enabling to use DeferrableRefCounted<const T> by making m_refCount mutable. * wtf/DeferrableRefCounted.h: (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCounted::deref): Canonical link: https://commits.webkit.org/180554@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@206438 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-09-27 16:47:49 +00:00
void ref() const
Typed arrays should be rewritten https://bugs.webkit.org/show_bug.cgi?id=119064 .: Reviewed by Oliver Hunt. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * Source/autotools/symbols.filter: Source/JavaScriptCore: Reviewed by Oliver Hunt. Typed arrays were previously deficient in several major ways: - They were defined separately in WebCore and in the jsc shell. The two implementations were different, and the jsc shell one was basically wrong. The WebCore one was quite awful, also. - Typed arrays were not visible to the JIT except through some weird hooks. For example, the JIT could not ask "what is the Structure that this typed array would have if I just allocated it from this global object". Also, it was difficult to wire any of the typed array intrinsics, because most of the functionality wasn't visible anywhere in JSC. - Typed array allocation was brain-dead. Allocating a typed array involved two JS objects, two GC weak handles, and three malloc allocations. - Neutering. It involved keeping tabs on all native views but not the view wrappers, even though the native views can autoneuter just by asking the buffer if it was neutered anytime you touch them; while the JS view wrappers are the ones that you really want to reach out to. - Common case-ing. Most typed arrays have one buffer and one view, and usually nobody touches the buffer. Yet we created all of that stuff anyway, using data structures optimized for the case where you had a lot of views. - Semantic goofs. Typed arrays should, in the future, behave like ES features rather than DOM features, for example when it comes to exceptions. Firefox already does this and I agree with them. This patch cleanses our codebase of these sins: - Typed arrays are almost entirely defined in JSC. Only the lifecycle management of native references to buffers is left to WebCore. - Allocating a typed array requires either two GC allocations (a cell and a copied storage vector) or one GC allocation, a malloc allocation, and a weak handle (a cell and a malloc'd storage vector, plus a finalizer for the latter). The latter is only used for oversize arrays. Remember that before it was 7 allocations no matter what. - Typed arrays require just 4 words of overhead: Structure*, Butterfly*, mode/length, void* vector. Before it was a lot more than that - remember, there were five additional objects that did absolutely nothing for anybody. - Native views aren't tracked by the buffer, or by the wrappers. They are transient. In the future we'll probably switch to not even having them be malloc'd. - Native array buffers have an efficient way of tracking all of their JS view wrappers, both for neutering, and for lifecycle management. The GC special-cases native array buffers. This saves a bunch of grief; for example it means that a JS view wrapper can refer to its buffer via the butterfly, which would be dead by the time we went to finalize. - Typed array semantics now match Firefox, which also happens to be where the standards are going. The discussion on webkit-dev seemed to confirm that Chrome is also heading in this direction. This includes making Uint8ClampedArray not a subtype of Uint8Array, and getting rid of ArrayBufferView as a JS-visible construct. This is up to a 10x speed-up on programs that allocate a lot of typed arrays. It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for further typed array optimizations in the JSC JITs, including inlining typed array allocation, inlining more of the accessors, reducing the cost of type checks, etc. An additional property of this patch is that typed arrays are mostly implemented using templates. This deduplicates a bunch of code, but does mean that we need some hacks for exporting s_info's of template classes. See JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly low-impact compared to code duplication. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * CMakeLists.txt: * DerivedSources.make: * GNUmakefile.list.am: * JSCTypedArrayStubs.h: Removed. * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * bytecode/ByValInfo.h: (JSC::hasOptimizableIndexingForClassInfo): (JSC::jitArrayModeForClassInfo): (JSC::typedArrayTypeForJITArrayMode): * bytecode/SpeculatedType.cpp: (JSC::speculationFromClassInfo): * dfg/DFGArrayMode.cpp: (JSC::DFG::toTypedArrayType): * dfg/DFGArrayMode.h: (JSC::DFG::ArrayMode::typedArrayType): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetArrayLength): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * heap/CopyToken.h: * heap/DeferGC.h: (JSC::DeferGCForAWhile::DeferGCForAWhile): (JSC::DeferGCForAWhile::~DeferGCForAWhile): * heap/GCIncomingRefCounted.h: Added. (JSC::GCIncomingRefCounted::GCIncomingRefCounted): (JSC::GCIncomingRefCounted::~GCIncomingRefCounted): (JSC::GCIncomingRefCounted::numberOfIncomingReferences): (JSC::GCIncomingRefCounted::incomingReferenceAt): (JSC::GCIncomingRefCounted::singletonFlag): (JSC::GCIncomingRefCounted::hasVectorOfCells): (JSC::GCIncomingRefCounted::hasAnyIncoming): (JSC::GCIncomingRefCounted::hasSingleton): (JSC::GCIncomingRefCounted::singleton): (JSC::GCIncomingRefCounted::vectorOfCells): * heap/GCIncomingRefCountedInlines.h: Added. (JSC::::addIncomingReference): (JSC::::filterIncomingReferences): * heap/GCIncomingRefCountedSet.h: Added. (JSC::GCIncomingRefCountedSet::size): * heap/GCIncomingRefCountedSetInlines.h: Added. (JSC::::GCIncomingRefCountedSet): (JSC::::~GCIncomingRefCountedSet): (JSC::::addReference): (JSC::::sweep): (JSC::::removeAll): (JSC::::removeDead): * heap/Heap.cpp: (JSC::Heap::addReference): (JSC::Heap::extraSize): (JSC::Heap::size): (JSC::Heap::capacity): (JSC::Heap::collect): (JSC::Heap::decrementDeferralDepth): (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): * heap/Heap.h: * interpreter/CallFrame.h: (JSC::ExecState::dataViewTable): * jit/JIT.h: * jit/JITPropertyAccess.cpp: (JSC::JIT::privateCompileGetByVal): (JSC::JIT::privateCompilePutByVal): (JSC::JIT::emitIntTypedArrayGetByVal): (JSC::JIT::emitFloatTypedArrayGetByVal): (JSC::JIT::emitIntTypedArrayPutByVal): (JSC::JIT::emitFloatTypedArrayPutByVal): * jsc.cpp: (GlobalObject::finishCreation): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::ArrayBuffer): (JSC::ArrayBuffer::gcSizeEstimateInBytes): (JSC::ArrayBuffer::pin): (JSC::ArrayBuffer::unpin): (JSC::ArrayBufferContents::tryAllocate): * runtime/ArrayBufferView.cpp: (JSC::ArrayBufferView::ArrayBufferView): (JSC::ArrayBufferView::~ArrayBufferView): (JSC::ArrayBufferView::setNeuterable): * runtime/ArrayBufferView.h: (JSC::ArrayBufferView::isNeutered): (JSC::ArrayBufferView::buffer): (JSC::ArrayBufferView::baseAddress): (JSC::ArrayBufferView::byteOffset): (JSC::ArrayBufferView::verifySubRange): (JSC::ArrayBufferView::clampOffsetAndNumElements): (JSC::ArrayBufferView::calculateOffsetAndLength): * runtime/ClassInfo.h: * runtime/CommonIdentifiers.h: * runtime/DataView.cpp: Added. (JSC::DataView::DataView): (JSC::DataView::create): (JSC::DataView::wrap): * runtime/DataView.h: Added. (JSC::DataView::byteLength): (JSC::DataView::getType): (JSC::DataView::get): (JSC::DataView::set): * runtime/Float32Array.h: * runtime/Float64Array.h: * runtime/GenericTypedArrayView.h: Added. (JSC::GenericTypedArrayView::data): (JSC::GenericTypedArrayView::set): (JSC::GenericTypedArrayView::setRange): (JSC::GenericTypedArrayView::zeroRange): (JSC::GenericTypedArrayView::zeroFill): (JSC::GenericTypedArrayView::length): (JSC::GenericTypedArrayView::byteLength): (JSC::GenericTypedArrayView::item): (JSC::GenericTypedArrayView::checkInboundData): (JSC::GenericTypedArrayView::getType): * runtime/GenericTypedArrayViewInlines.h: Added. (JSC::::GenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::subarray): (JSC::::wrap): * runtime/IndexingHeader.h: (JSC::IndexingHeader::arrayBuffer): (JSC::IndexingHeader::setArrayBuffer): * runtime/Int16Array.h: * runtime/Int32Array.h: * runtime/Int8Array.h: * runtime/JSArrayBuffer.cpp: Added. (JSC::JSArrayBuffer::JSArrayBuffer): (JSC::JSArrayBuffer::finishCreation): (JSC::JSArrayBuffer::create): (JSC::JSArrayBuffer::createStructure): (JSC::JSArrayBuffer::getOwnPropertySlot): (JSC::JSArrayBuffer::getOwnPropertyDescriptor): (JSC::JSArrayBuffer::put): (JSC::JSArrayBuffer::defineOwnProperty): (JSC::JSArrayBuffer::deleteProperty): (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames): * runtime/JSArrayBuffer.h: Added. (JSC::JSArrayBuffer::impl): (JSC::toArrayBuffer): * runtime/JSArrayBufferConstructor.cpp: Added. (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor): (JSC::JSArrayBufferConstructor::finishCreation): (JSC::JSArrayBufferConstructor::create): (JSC::JSArrayBufferConstructor::createStructure): (JSC::constructArrayBuffer): (JSC::JSArrayBufferConstructor::getConstructData): (JSC::JSArrayBufferConstructor::getCallData): * runtime/JSArrayBufferConstructor.h: Added. * runtime/JSArrayBufferPrototype.cpp: Added. (JSC::arrayBufferProtoFuncSlice): (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype): (JSC::JSArrayBufferPrototype::finishCreation): (JSC::JSArrayBufferPrototype::create): (JSC::JSArrayBufferPrototype::createStructure): * runtime/JSArrayBufferPrototype.h: Added. * runtime/JSArrayBufferView.cpp: Added. (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): (JSC::JSArrayBufferView::JSArrayBufferView): (JSC::JSArrayBufferView::finishCreation): (JSC::JSArrayBufferView::getOwnPropertySlot): (JSC::JSArrayBufferView::getOwnPropertyDescriptor): (JSC::JSArrayBufferView::put): (JSC::JSArrayBufferView::defineOwnProperty): (JSC::JSArrayBufferView::deleteProperty): (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames): (JSC::JSArrayBufferView::finalize): * runtime/JSArrayBufferView.h: Added. (JSC::JSArrayBufferView::sizeOf): (JSC::JSArrayBufferView::ConstructionContext::operator!): (JSC::JSArrayBufferView::ConstructionContext::structure): (JSC::JSArrayBufferView::ConstructionContext::vector): (JSC::JSArrayBufferView::ConstructionContext::length): (JSC::JSArrayBufferView::ConstructionContext::mode): (JSC::JSArrayBufferView::ConstructionContext::butterfly): (JSC::JSArrayBufferView::mode): (JSC::JSArrayBufferView::vector): (JSC::JSArrayBufferView::length): (JSC::JSArrayBufferView::offsetOfVector): (JSC::JSArrayBufferView::offsetOfLength): (JSC::JSArrayBufferView::offsetOfMode): * runtime/JSArrayBufferViewInlines.h: Added. (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary): (JSC::JSArrayBufferView::buffer): (JSC::JSArrayBufferView::impl): (JSC::JSArrayBufferView::neuter): (JSC::JSArrayBufferView::byteOffset): * runtime/JSCell.cpp: (JSC::JSCell::slowDownAndWasteMemory): (JSC::JSCell::getTypedArrayImpl): * runtime/JSCell.h: * runtime/JSDataView.cpp: Added. (JSC::JSDataView::JSDataView): (JSC::JSDataView::create): (JSC::JSDataView::createUninitialized): (JSC::JSDataView::set): (JSC::JSDataView::typedImpl): (JSC::JSDataView::getOwnPropertySlot): (JSC::JSDataView::getOwnPropertyDescriptor): (JSC::JSDataView::slowDownAndWasteMemory): (JSC::JSDataView::getTypedArrayImpl): (JSC::JSDataView::createStructure): * runtime/JSDataView.h: Added. * runtime/JSDataViewPrototype.cpp: Added. (JSC::JSDataViewPrototype::JSDataViewPrototype): (JSC::JSDataViewPrototype::create): (JSC::JSDataViewPrototype::createStructure): (JSC::JSDataViewPrototype::getOwnPropertySlot): (JSC::JSDataViewPrototype::getOwnPropertyDescriptor): (JSC::getData): (JSC::setData): (JSC::dataViewProtoFuncGetInt8): (JSC::dataViewProtoFuncGetInt16): (JSC::dataViewProtoFuncGetInt32): (JSC::dataViewProtoFuncGetUint8): (JSC::dataViewProtoFuncGetUint16): (JSC::dataViewProtoFuncGetUint32): (JSC::dataViewProtoFuncGetFloat32): (JSC::dataViewProtoFuncGetFloat64): (JSC::dataViewProtoFuncSetInt8): (JSC::dataViewProtoFuncSetInt16): (JSC::dataViewProtoFuncSetInt32): (JSC::dataViewProtoFuncSetUint8): (JSC::dataViewProtoFuncSetUint16): (JSC::dataViewProtoFuncSetUint32): (JSC::dataViewProtoFuncSetFloat32): (JSC::dataViewProtoFuncSetFloat64): * runtime/JSDataViewPrototype.h: Added. * runtime/JSFloat32Array.h: Added. * runtime/JSFloat64Array.h: Added. * runtime/JSGenericTypedArrayView.h: Added. (JSC::JSGenericTypedArrayView::byteLength): (JSC::JSGenericTypedArrayView::byteSize): (JSC::JSGenericTypedArrayView::typedVector): (JSC::JSGenericTypedArrayView::canGetIndexQuickly): (JSC::JSGenericTypedArrayView::canSetIndexQuickly): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble): (JSC::JSGenericTypedArrayView::getIndexQuickly): (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue): (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble): (JSC::JSGenericTypedArrayView::setIndexQuickly): (JSC::JSGenericTypedArrayView::canAccessRangeQuickly): (JSC::JSGenericTypedArrayView::typedImpl): (JSC::JSGenericTypedArrayView::createStructure): (JSC::JSGenericTypedArrayView::info): (JSC::toNativeTypedView): * runtime/JSGenericTypedArrayViewConstructor.h: Added. * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added. (JSC::::JSGenericTypedArrayViewConstructor): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): (JSC::constructGenericTypedArrayView): (JSC::::getConstructData): (JSC::::getCallData): * runtime/JSGenericTypedArrayViewInlines.h: Added. (JSC::::JSGenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::validateRange): (JSC::::setWithSpecificType): (JSC::::set): (JSC::::getOwnPropertySlot): (JSC::::getOwnPropertyDescriptor): (JSC::::put): (JSC::::defineOwnProperty): (JSC::::deleteProperty): (JSC::::getOwnPropertySlotByIndex): (JSC::::putByIndex): (JSC::::deletePropertyByIndex): (JSC::::getOwnNonIndexPropertyNames): (JSC::::getOwnPropertyNames): (JSC::::visitChildren): (JSC::::copyBackingStore): (JSC::::slowDownAndWasteMemory): (JSC::::getTypedArrayImpl): * runtime/JSGenericTypedArrayViewPrototype.h: Added. * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added. (JSC::genericTypedArrayViewProtoFuncSet): (JSC::genericTypedArrayViewProtoFuncSubarray): (JSC::::JSGenericTypedArrayViewPrototype): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren): * runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype): (JSC::JSGlobalObject::arrayBufferStructure): (JSC::JSGlobalObject::typedArrayStructure): * runtime/JSInt16Array.h: Added. * runtime/JSInt32Array.h: Added. * runtime/JSInt8Array.h: Added. * runtime/JSTypedArrayConstructors.cpp: Added. * runtime/JSTypedArrayConstructors.h: Added. * runtime/JSTypedArrayPrototypes.cpp: Added. * runtime/JSTypedArrayPrototypes.h: Added. * runtime/JSTypedArrays.cpp: Added. * runtime/JSTypedArrays.h: Added. * runtime/JSUint16Array.h: Added. * runtime/JSUint32Array.h: Added. * runtime/JSUint8Array.h: Added. * runtime/JSUint8ClampedArray.h: Added. * runtime/Operations.h: * runtime/Options.h: * runtime/SimpleTypedArrayController.cpp: Added. (JSC::SimpleTypedArrayController::SimpleTypedArrayController): (JSC::SimpleTypedArrayController::~SimpleTypedArrayController): (JSC::SimpleTypedArrayController::toJS): * runtime/SimpleTypedArrayController.h: Added. * runtime/Structure.h: (JSC::Structure::couldHaveIndexingHeader): * runtime/StructureInlines.h: (JSC::Structure::hasIndexingHeader): * runtime/TypedArrayAdaptors.h: Added. (JSC::IntegralTypedArrayAdaptor::toNative): (JSC::IntegralTypedArrayAdaptor::toJSValue): (JSC::IntegralTypedArrayAdaptor::toDouble): (JSC::FloatTypedArrayAdaptor::toNative): (JSC::FloatTypedArrayAdaptor::toJSValue): (JSC::FloatTypedArrayAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::toNative): (JSC::Uint8ClampedAdaptor::toJSValue): (JSC::Uint8ClampedAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::clamp): * runtime/TypedArrayController.cpp: Added. (JSC::TypedArrayController::TypedArrayController): (JSC::TypedArrayController::~TypedArrayController): * runtime/TypedArrayController.h: Added. * runtime/TypedArrayDescriptor.h: Removed. * runtime/TypedArrayInlines.h: Added. * runtime/TypedArrayType.cpp: Added. (JSC::classInfoForType): (WTF::printInternal): * runtime/TypedArrayType.h: Added. (JSC::toIndex): (JSC::isTypedView): (JSC::elementSize): (JSC::isInt): (JSC::isFloat): (JSC::isSigned): (JSC::isClamped): * runtime/TypedArrays.h: Added. * runtime/Uint16Array.h: * runtime/Uint32Array.h: * runtime/Uint8Array.h: * runtime/Uint8ClampedArray.h: * runtime/VM.cpp: (JSC::VM::VM): (JSC::VM::~VM): * runtime/VM.h: Source/WebCore: Reviewed by Oliver Hunt. Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a client of them. There is only one layering violation: WebCore installs a WebCoreTypedArrayController on VM, which makes the ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default, JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer alive but if ArrayBuffer is kept alive from native code then the JSArrayByffer may die. WebCoreTypedArrayController will keep the JSArrayBuffer alive if the ArrayBuffer is in the opaque root set. To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is changed to make most references to wrappers refer to JSObject* rather than JSDOMWrapper*. Array buffer views are now transient; the JS array buffer view wrappers don't own them or keep them alive. This required a bunch of changes to make bindings code use RefPtr<ArrayBufferView> to hold onto their views. Also there is a bunch of new code to make JSC-provided array buffers and views obey the toJS/to<ClassName> idiom for wrapping and unwrapping. Finally, the DataView API is now completely different: the JSDataView provides the same user-visible JS API but using its own internal magic; the C++ code that uses DataView now uses a rather different API that is not aware of usual DOM semantics, since it's in JSC and not WebCore. It's equally useful for all of WebCore's purposes, but some code had to change to adapt the new conventions. Some tests have been changed or rebased due to changes in behavior, that bring us into conformance with where the standards are going and allow us to match Firefox behavior. Automake work and some additional GTK changes courtesy of Zan Dobersek <zdobersek@igalia.com>. Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>. * CMakeLists.txt: * DerivedSources.make: * ForwardingHeaders/runtime/DataView.h: Added. * ForwardingHeaders/runtime/JSArrayBuffer.h: Added. * ForwardingHeaders/runtime/JSArrayBufferView.h: Added. * ForwardingHeaders/runtime/JSDataView.h: Added. * ForwardingHeaders/runtime/JSTypedArrays.h: Added. * ForwardingHeaders/runtime/TypedArrayController.h: Added. * ForwardingHeaders/runtime/TypedArrayInlines.h: Added. * ForwardingHeaders/runtime/TypedArrays.h: Added. * GNUmakefile.list.am: * Modules/webaudio/RealtimeAnalyser.h: * Target.pri: * UseJSC.cmake: * WebCore.exp.in: * WebCore.vcxproj/WebCore.vcxproj: * WebCore.xcodeproj/project.pbxproj: * bindings/js/DOMWrapperWorld.h: * bindings/js/JSArrayBufferCustom.cpp: Removed. * bindings/js/JSArrayBufferViewHelper.h: Removed. * bindings/js/JSAudioContextCustom.cpp: * bindings/js/JSBindingsAllInOne.cpp: * bindings/js/JSBlobCustom.cpp: * bindings/js/JSCSSRuleCustom.cpp: (WebCore::toJS): * bindings/js/JSCSSValueCustom.cpp: (WebCore::toJS): * bindings/js/JSCryptoCustom.cpp: (WebCore::JSCrypto::getRandomValues): * bindings/js/JSDOMBinding.h: (WebCore::wrapperOwner): (WebCore::wrapperContext): (WebCore::getInlineCachedWrapper): (WebCore::setInlineCachedWrapper): (WebCore::clearInlineCachedWrapper): (WebCore::getCachedWrapper): (WebCore::cacheWrapper): (WebCore::uncacheWrapper): (WebCore::wrap): (WebCore::toJS): (WebCore::toArrayBufferView): (WebCore::toInt8Array): (WebCore::toInt16Array): (WebCore::toInt32Array): (WebCore::toUint8Array): (WebCore::toUint8ClampedArray): (WebCore::toUint16Array): (WebCore::toUint32Array): (WebCore::toFloat32Array): (WebCore::toFloat64Array): (WebCore::toDataView): * bindings/js/JSDataViewCustom.cpp: Removed. * bindings/js/JSDictionary.cpp: * bindings/js/JSDictionary.h: * bindings/js/JSDocumentCustom.cpp: (WebCore::JSDocument::location): (WebCore::toJS): * bindings/js/JSEventCustom.cpp: (WebCore::toJS): * bindings/js/JSFileReaderCustom.cpp: * bindings/js/JSHTMLCollectionCustom.cpp: (WebCore::toJS): * bindings/js/JSHTMLTemplateElementCustom.cpp: (WebCore::JSHTMLTemplateElement::content): * bindings/js/JSImageDataCustom.cpp: (WebCore::toJS): * bindings/js/JSInjectedScriptHostCustom.cpp: * bindings/js/JSMessageEventCustom.cpp: * bindings/js/JSMessagePortCustom.cpp: * bindings/js/JSSVGPathSegCustom.cpp: (WebCore::toJS): * bindings/js/JSStyleSheetCustom.cpp: (WebCore::toJS): * bindings/js/JSTrackCustom.cpp: (WebCore::toJS): * bindings/js/JSWebGLRenderingContextCustom.cpp: * bindings/js/JSXMLHttpRequestCustom.cpp: (WebCore::JSXMLHttpRequest::send): * bindings/js/SerializedScriptValue.cpp: (WebCore::SerializedScriptValue::transferArrayBuffers): * bindings/js/WebCoreJSClientData.h: (WebCore::initNormalWorldClientData): * bindings/js/WebCoreTypedArrayController.cpp: Added. (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::toJS): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize): * bindings/js/WebCoreTypedArrayController.h: Added. (WebCore::WebCoreTypedArrayController::wrapperOwner): * bindings/scripts/CodeGenerator.pm: (ForAllParents): (ParseInterface): (SkipIncludeHeader): (IsTypedArrayType): (IsWrapperType): * bindings/scripts/CodeGeneratorJS.pm: (AddIncludesForType): (GenerateHeader): (GenerateImplementation): (GenerateParametersCheck): (GetNativeType): (JSValueToNative): (NativeToJSValue): (GenerateConstructorDefinition): (GenerateConstructorHelperMethods): * fileapi/WebKitBlobBuilder.cpp: (WebCore::BlobBuilder::append): * fileapi/WebKitBlobBuilder.h: * html/canvas/ArrayBuffer.idl: Removed. * html/canvas/ArrayBufferView.idl: Removed. * html/canvas/DataView.cpp: Removed. * html/canvas/DataView.h: Removed. * html/canvas/DataView.idl: Removed. * html/canvas/Float32Array.idl: Removed. * html/canvas/Float64Array.idl: Removed. * html/canvas/Int16Array.idl: Removed. * html/canvas/Int32Array.idl: Removed. * html/canvas/Int8Array.idl: Removed. * html/canvas/Uint16Array.idl: Removed. * html/canvas/Uint32Array.idl: Removed. * html/canvas/Uint8Array.idl: Removed. * html/canvas/Uint8ClampedArray.idl: Removed. * html/canvas/WebGLRenderingContext.cpp: (WebCore::WebGLRenderingContext::readPixels): (WebCore::WebGLRenderingContext::validateTexFuncData): * page/Crypto.cpp: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource): (WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData): * platform/graphics/filters/FECustomFilter.h: * platform/graphics/filters/FEGaussianBlur.cpp: * platform/graphics/filters/FilterEffect.cpp: * testing/MockCDM.cpp: Source/WebKit2: Reviewed by Oliver Hunt. You don't need to include JSUint8Array anymore if you just want to unwrap one; JSDOMBinding gives you all of the things you need. * WebProcess/InjectedBundle/InjectedBundle.cpp: Source/WTF: Reviewed by Oliver Hunt. - Added the notion of a reference counted object that can be marked Deferred, which is like a special-purpose upref. - Added a common byte flipper. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * GNUmakefile.list.am: * WTF.xcodeproj/project.pbxproj: * wtf/DeferrableRefCounted.h: Added. (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::hasOneRef): (WTF::DeferrableRefCountedBase::refCount): (WTF::DeferrableRefCountedBase::isDeferred): (WTF::DeferrableRefCountedBase::DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCountedBase::setIsDeferredBase): (WTF::DeferrableRefCounted::deref): (WTF::DeferrableRefCounted::setIsDeferred): (WTF::DeferrableRefCounted::DeferrableRefCounted): (WTF::DeferrableRefCounted::~DeferrableRefCounted): * wtf/FlipBytes.h: Added. (WTF::needToFlipBytesIfLittleEndian): (WTF::flipBytes): (WTF::flipBytesIfLittleEndian): LayoutTests: Reviewed by Oliver Hunt. * fast/canvas/webgl/array-set-invalid-arguments-expected.txt: * fast/canvas/webgl/array-set-out-of-bounds-expected.txt: * fast/canvas/webgl/array-unit-tests-expected.txt: * fast/canvas/webgl/array-unit-tests.html: * fast/canvas/webgl/data-view-crash-expected.txt: * fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js: (checkView): * fast/dom/call-a-constructor-as-a-function-expected.txt: * fast/dom/call-a-constructor-as-a-function.html: * fast/js/constructor-length.html: * fast/js/global-constructors-attributes-dedicated-worker-expected.txt: * fast/js/global-constructors-attributes-expected.txt: * fast/js/global-constructors-attributes-shared-worker-expected.txt: * fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added. * fast/js/regress/Int32Array-alloc-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-huge.html: Added. * fast/js/regress/Int32Array-alloc-large-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-large.html: Added. * fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-long-lived.html: Added. * fast/js/regress/Int32Array-alloc.html: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc.js: Added. * platform/mac/fast/js/constructor-length-expected.txt: * webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html: * webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html: Canonical link: https://commits.webkit.org/137806@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-08-15 20:43:06 +00:00
{
m_refCount += normalIncrement;
}
[Fetch API] Use Ref<const T> in FetchBody::m_data variant https://bugs.webkit.org/show_bug.cgi?id=162599 Patch by Youenn Fablet <youenn@apple.com> on 2016-09-27 Reviewed by Alex Christensen. Source/WebCore: Covered by existing tests. Using Ref<const T> for all variants of m_data except for FormData since FetchBody is actually creating it and may modifiy it. Updating blob loading code path to use a const Blob& instead of a Blob&. * Modules/fetch/FetchBody.cpp: (WebCore::FetchBody::FetchBody): (WebCore::FetchBody::extract): (WebCore::FetchBody::clone): * Modules/fetch/FetchBody.h: (WebCore::FetchBody::blobBody): (WebCore::FetchBody::arrayBufferBody): (WebCore::FetchBody::arrayBufferViewBody): * Modules/fetch/FetchBodyOwner.cpp: (WebCore::FetchBodyOwner::loadBlob): * Modules/fetch/FetchBodyOwner.h: * Modules/fetch/FetchLoader.cpp: (WebCore::FetchLoader::start): * Modules/fetch/FetchLoader.h: Source/WTF: Enabling to use DeferrableRefCounted<const T> by making m_refCount mutable. * wtf/DeferrableRefCounted.h: (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCounted::deref): Canonical link: https://commits.webkit.org/180554@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@206438 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-09-27 16:47:49 +00:00
Typed arrays should be rewritten https://bugs.webkit.org/show_bug.cgi?id=119064 .: Reviewed by Oliver Hunt. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * Source/autotools/symbols.filter: Source/JavaScriptCore: Reviewed by Oliver Hunt. Typed arrays were previously deficient in several major ways: - They were defined separately in WebCore and in the jsc shell. The two implementations were different, and the jsc shell one was basically wrong. The WebCore one was quite awful, also. - Typed arrays were not visible to the JIT except through some weird hooks. For example, the JIT could not ask "what is the Structure that this typed array would have if I just allocated it from this global object". Also, it was difficult to wire any of the typed array intrinsics, because most of the functionality wasn't visible anywhere in JSC. - Typed array allocation was brain-dead. Allocating a typed array involved two JS objects, two GC weak handles, and three malloc allocations. - Neutering. It involved keeping tabs on all native views but not the view wrappers, even though the native views can autoneuter just by asking the buffer if it was neutered anytime you touch them; while the JS view wrappers are the ones that you really want to reach out to. - Common case-ing. Most typed arrays have one buffer and one view, and usually nobody touches the buffer. Yet we created all of that stuff anyway, using data structures optimized for the case where you had a lot of views. - Semantic goofs. Typed arrays should, in the future, behave like ES features rather than DOM features, for example when it comes to exceptions. Firefox already does this and I agree with them. This patch cleanses our codebase of these sins: - Typed arrays are almost entirely defined in JSC. Only the lifecycle management of native references to buffers is left to WebCore. - Allocating a typed array requires either two GC allocations (a cell and a copied storage vector) or one GC allocation, a malloc allocation, and a weak handle (a cell and a malloc'd storage vector, plus a finalizer for the latter). The latter is only used for oversize arrays. Remember that before it was 7 allocations no matter what. - Typed arrays require just 4 words of overhead: Structure*, Butterfly*, mode/length, void* vector. Before it was a lot more than that - remember, there were five additional objects that did absolutely nothing for anybody. - Native views aren't tracked by the buffer, or by the wrappers. They are transient. In the future we'll probably switch to not even having them be malloc'd. - Native array buffers have an efficient way of tracking all of their JS view wrappers, both for neutering, and for lifecycle management. The GC special-cases native array buffers. This saves a bunch of grief; for example it means that a JS view wrapper can refer to its buffer via the butterfly, which would be dead by the time we went to finalize. - Typed array semantics now match Firefox, which also happens to be where the standards are going. The discussion on webkit-dev seemed to confirm that Chrome is also heading in this direction. This includes making Uint8ClampedArray not a subtype of Uint8Array, and getting rid of ArrayBufferView as a JS-visible construct. This is up to a 10x speed-up on programs that allocate a lot of typed arrays. It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for further typed array optimizations in the JSC JITs, including inlining typed array allocation, inlining more of the accessors, reducing the cost of type checks, etc. An additional property of this patch is that typed arrays are mostly implemented using templates. This deduplicates a bunch of code, but does mean that we need some hacks for exporting s_info's of template classes. See JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly low-impact compared to code duplication. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * CMakeLists.txt: * DerivedSources.make: * GNUmakefile.list.am: * JSCTypedArrayStubs.h: Removed. * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * bytecode/ByValInfo.h: (JSC::hasOptimizableIndexingForClassInfo): (JSC::jitArrayModeForClassInfo): (JSC::typedArrayTypeForJITArrayMode): * bytecode/SpeculatedType.cpp: (JSC::speculationFromClassInfo): * dfg/DFGArrayMode.cpp: (JSC::DFG::toTypedArrayType): * dfg/DFGArrayMode.h: (JSC::DFG::ArrayMode::typedArrayType): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetArrayLength): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * heap/CopyToken.h: * heap/DeferGC.h: (JSC::DeferGCForAWhile::DeferGCForAWhile): (JSC::DeferGCForAWhile::~DeferGCForAWhile): * heap/GCIncomingRefCounted.h: Added. (JSC::GCIncomingRefCounted::GCIncomingRefCounted): (JSC::GCIncomingRefCounted::~GCIncomingRefCounted): (JSC::GCIncomingRefCounted::numberOfIncomingReferences): (JSC::GCIncomingRefCounted::incomingReferenceAt): (JSC::GCIncomingRefCounted::singletonFlag): (JSC::GCIncomingRefCounted::hasVectorOfCells): (JSC::GCIncomingRefCounted::hasAnyIncoming): (JSC::GCIncomingRefCounted::hasSingleton): (JSC::GCIncomingRefCounted::singleton): (JSC::GCIncomingRefCounted::vectorOfCells): * heap/GCIncomingRefCountedInlines.h: Added. (JSC::::addIncomingReference): (JSC::::filterIncomingReferences): * heap/GCIncomingRefCountedSet.h: Added. (JSC::GCIncomingRefCountedSet::size): * heap/GCIncomingRefCountedSetInlines.h: Added. (JSC::::GCIncomingRefCountedSet): (JSC::::~GCIncomingRefCountedSet): (JSC::::addReference): (JSC::::sweep): (JSC::::removeAll): (JSC::::removeDead): * heap/Heap.cpp: (JSC::Heap::addReference): (JSC::Heap::extraSize): (JSC::Heap::size): (JSC::Heap::capacity): (JSC::Heap::collect): (JSC::Heap::decrementDeferralDepth): (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): * heap/Heap.h: * interpreter/CallFrame.h: (JSC::ExecState::dataViewTable): * jit/JIT.h: * jit/JITPropertyAccess.cpp: (JSC::JIT::privateCompileGetByVal): (JSC::JIT::privateCompilePutByVal): (JSC::JIT::emitIntTypedArrayGetByVal): (JSC::JIT::emitFloatTypedArrayGetByVal): (JSC::JIT::emitIntTypedArrayPutByVal): (JSC::JIT::emitFloatTypedArrayPutByVal): * jsc.cpp: (GlobalObject::finishCreation): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::ArrayBuffer): (JSC::ArrayBuffer::gcSizeEstimateInBytes): (JSC::ArrayBuffer::pin): (JSC::ArrayBuffer::unpin): (JSC::ArrayBufferContents::tryAllocate): * runtime/ArrayBufferView.cpp: (JSC::ArrayBufferView::ArrayBufferView): (JSC::ArrayBufferView::~ArrayBufferView): (JSC::ArrayBufferView::setNeuterable): * runtime/ArrayBufferView.h: (JSC::ArrayBufferView::isNeutered): (JSC::ArrayBufferView::buffer): (JSC::ArrayBufferView::baseAddress): (JSC::ArrayBufferView::byteOffset): (JSC::ArrayBufferView::verifySubRange): (JSC::ArrayBufferView::clampOffsetAndNumElements): (JSC::ArrayBufferView::calculateOffsetAndLength): * runtime/ClassInfo.h: * runtime/CommonIdentifiers.h: * runtime/DataView.cpp: Added. (JSC::DataView::DataView): (JSC::DataView::create): (JSC::DataView::wrap): * runtime/DataView.h: Added. (JSC::DataView::byteLength): (JSC::DataView::getType): (JSC::DataView::get): (JSC::DataView::set): * runtime/Float32Array.h: * runtime/Float64Array.h: * runtime/GenericTypedArrayView.h: Added. (JSC::GenericTypedArrayView::data): (JSC::GenericTypedArrayView::set): (JSC::GenericTypedArrayView::setRange): (JSC::GenericTypedArrayView::zeroRange): (JSC::GenericTypedArrayView::zeroFill): (JSC::GenericTypedArrayView::length): (JSC::GenericTypedArrayView::byteLength): (JSC::GenericTypedArrayView::item): (JSC::GenericTypedArrayView::checkInboundData): (JSC::GenericTypedArrayView::getType): * runtime/GenericTypedArrayViewInlines.h: Added. (JSC::::GenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::subarray): (JSC::::wrap): * runtime/IndexingHeader.h: (JSC::IndexingHeader::arrayBuffer): (JSC::IndexingHeader::setArrayBuffer): * runtime/Int16Array.h: * runtime/Int32Array.h: * runtime/Int8Array.h: * runtime/JSArrayBuffer.cpp: Added. (JSC::JSArrayBuffer::JSArrayBuffer): (JSC::JSArrayBuffer::finishCreation): (JSC::JSArrayBuffer::create): (JSC::JSArrayBuffer::createStructure): (JSC::JSArrayBuffer::getOwnPropertySlot): (JSC::JSArrayBuffer::getOwnPropertyDescriptor): (JSC::JSArrayBuffer::put): (JSC::JSArrayBuffer::defineOwnProperty): (JSC::JSArrayBuffer::deleteProperty): (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames): * runtime/JSArrayBuffer.h: Added. (JSC::JSArrayBuffer::impl): (JSC::toArrayBuffer): * runtime/JSArrayBufferConstructor.cpp: Added. (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor): (JSC::JSArrayBufferConstructor::finishCreation): (JSC::JSArrayBufferConstructor::create): (JSC::JSArrayBufferConstructor::createStructure): (JSC::constructArrayBuffer): (JSC::JSArrayBufferConstructor::getConstructData): (JSC::JSArrayBufferConstructor::getCallData): * runtime/JSArrayBufferConstructor.h: Added. * runtime/JSArrayBufferPrototype.cpp: Added. (JSC::arrayBufferProtoFuncSlice): (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype): (JSC::JSArrayBufferPrototype::finishCreation): (JSC::JSArrayBufferPrototype::create): (JSC::JSArrayBufferPrototype::createStructure): * runtime/JSArrayBufferPrototype.h: Added. * runtime/JSArrayBufferView.cpp: Added. (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): (JSC::JSArrayBufferView::JSArrayBufferView): (JSC::JSArrayBufferView::finishCreation): (JSC::JSArrayBufferView::getOwnPropertySlot): (JSC::JSArrayBufferView::getOwnPropertyDescriptor): (JSC::JSArrayBufferView::put): (JSC::JSArrayBufferView::defineOwnProperty): (JSC::JSArrayBufferView::deleteProperty): (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames): (JSC::JSArrayBufferView::finalize): * runtime/JSArrayBufferView.h: Added. (JSC::JSArrayBufferView::sizeOf): (JSC::JSArrayBufferView::ConstructionContext::operator!): (JSC::JSArrayBufferView::ConstructionContext::structure): (JSC::JSArrayBufferView::ConstructionContext::vector): (JSC::JSArrayBufferView::ConstructionContext::length): (JSC::JSArrayBufferView::ConstructionContext::mode): (JSC::JSArrayBufferView::ConstructionContext::butterfly): (JSC::JSArrayBufferView::mode): (JSC::JSArrayBufferView::vector): (JSC::JSArrayBufferView::length): (JSC::JSArrayBufferView::offsetOfVector): (JSC::JSArrayBufferView::offsetOfLength): (JSC::JSArrayBufferView::offsetOfMode): * runtime/JSArrayBufferViewInlines.h: Added. (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary): (JSC::JSArrayBufferView::buffer): (JSC::JSArrayBufferView::impl): (JSC::JSArrayBufferView::neuter): (JSC::JSArrayBufferView::byteOffset): * runtime/JSCell.cpp: (JSC::JSCell::slowDownAndWasteMemory): (JSC::JSCell::getTypedArrayImpl): * runtime/JSCell.h: * runtime/JSDataView.cpp: Added. (JSC::JSDataView::JSDataView): (JSC::JSDataView::create): (JSC::JSDataView::createUninitialized): (JSC::JSDataView::set): (JSC::JSDataView::typedImpl): (JSC::JSDataView::getOwnPropertySlot): (JSC::JSDataView::getOwnPropertyDescriptor): (JSC::JSDataView::slowDownAndWasteMemory): (JSC::JSDataView::getTypedArrayImpl): (JSC::JSDataView::createStructure): * runtime/JSDataView.h: Added. * runtime/JSDataViewPrototype.cpp: Added. (JSC::JSDataViewPrototype::JSDataViewPrototype): (JSC::JSDataViewPrototype::create): (JSC::JSDataViewPrototype::createStructure): (JSC::JSDataViewPrototype::getOwnPropertySlot): (JSC::JSDataViewPrototype::getOwnPropertyDescriptor): (JSC::getData): (JSC::setData): (JSC::dataViewProtoFuncGetInt8): (JSC::dataViewProtoFuncGetInt16): (JSC::dataViewProtoFuncGetInt32): (JSC::dataViewProtoFuncGetUint8): (JSC::dataViewProtoFuncGetUint16): (JSC::dataViewProtoFuncGetUint32): (JSC::dataViewProtoFuncGetFloat32): (JSC::dataViewProtoFuncGetFloat64): (JSC::dataViewProtoFuncSetInt8): (JSC::dataViewProtoFuncSetInt16): (JSC::dataViewProtoFuncSetInt32): (JSC::dataViewProtoFuncSetUint8): (JSC::dataViewProtoFuncSetUint16): (JSC::dataViewProtoFuncSetUint32): (JSC::dataViewProtoFuncSetFloat32): (JSC::dataViewProtoFuncSetFloat64): * runtime/JSDataViewPrototype.h: Added. * runtime/JSFloat32Array.h: Added. * runtime/JSFloat64Array.h: Added. * runtime/JSGenericTypedArrayView.h: Added. (JSC::JSGenericTypedArrayView::byteLength): (JSC::JSGenericTypedArrayView::byteSize): (JSC::JSGenericTypedArrayView::typedVector): (JSC::JSGenericTypedArrayView::canGetIndexQuickly): (JSC::JSGenericTypedArrayView::canSetIndexQuickly): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble): (JSC::JSGenericTypedArrayView::getIndexQuickly): (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue): (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble): (JSC::JSGenericTypedArrayView::setIndexQuickly): (JSC::JSGenericTypedArrayView::canAccessRangeQuickly): (JSC::JSGenericTypedArrayView::typedImpl): (JSC::JSGenericTypedArrayView::createStructure): (JSC::JSGenericTypedArrayView::info): (JSC::toNativeTypedView): * runtime/JSGenericTypedArrayViewConstructor.h: Added. * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added. (JSC::::JSGenericTypedArrayViewConstructor): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): (JSC::constructGenericTypedArrayView): (JSC::::getConstructData): (JSC::::getCallData): * runtime/JSGenericTypedArrayViewInlines.h: Added. (JSC::::JSGenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::validateRange): (JSC::::setWithSpecificType): (JSC::::set): (JSC::::getOwnPropertySlot): (JSC::::getOwnPropertyDescriptor): (JSC::::put): (JSC::::defineOwnProperty): (JSC::::deleteProperty): (JSC::::getOwnPropertySlotByIndex): (JSC::::putByIndex): (JSC::::deletePropertyByIndex): (JSC::::getOwnNonIndexPropertyNames): (JSC::::getOwnPropertyNames): (JSC::::visitChildren): (JSC::::copyBackingStore): (JSC::::slowDownAndWasteMemory): (JSC::::getTypedArrayImpl): * runtime/JSGenericTypedArrayViewPrototype.h: Added. * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added. (JSC::genericTypedArrayViewProtoFuncSet): (JSC::genericTypedArrayViewProtoFuncSubarray): (JSC::::JSGenericTypedArrayViewPrototype): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren): * runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype): (JSC::JSGlobalObject::arrayBufferStructure): (JSC::JSGlobalObject::typedArrayStructure): * runtime/JSInt16Array.h: Added. * runtime/JSInt32Array.h: Added. * runtime/JSInt8Array.h: Added. * runtime/JSTypedArrayConstructors.cpp: Added. * runtime/JSTypedArrayConstructors.h: Added. * runtime/JSTypedArrayPrototypes.cpp: Added. * runtime/JSTypedArrayPrototypes.h: Added. * runtime/JSTypedArrays.cpp: Added. * runtime/JSTypedArrays.h: Added. * runtime/JSUint16Array.h: Added. * runtime/JSUint32Array.h: Added. * runtime/JSUint8Array.h: Added. * runtime/JSUint8ClampedArray.h: Added. * runtime/Operations.h: * runtime/Options.h: * runtime/SimpleTypedArrayController.cpp: Added. (JSC::SimpleTypedArrayController::SimpleTypedArrayController): (JSC::SimpleTypedArrayController::~SimpleTypedArrayController): (JSC::SimpleTypedArrayController::toJS): * runtime/SimpleTypedArrayController.h: Added. * runtime/Structure.h: (JSC::Structure::couldHaveIndexingHeader): * runtime/StructureInlines.h: (JSC::Structure::hasIndexingHeader): * runtime/TypedArrayAdaptors.h: Added. (JSC::IntegralTypedArrayAdaptor::toNative): (JSC::IntegralTypedArrayAdaptor::toJSValue): (JSC::IntegralTypedArrayAdaptor::toDouble): (JSC::FloatTypedArrayAdaptor::toNative): (JSC::FloatTypedArrayAdaptor::toJSValue): (JSC::FloatTypedArrayAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::toNative): (JSC::Uint8ClampedAdaptor::toJSValue): (JSC::Uint8ClampedAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::clamp): * runtime/TypedArrayController.cpp: Added. (JSC::TypedArrayController::TypedArrayController): (JSC::TypedArrayController::~TypedArrayController): * runtime/TypedArrayController.h: Added. * runtime/TypedArrayDescriptor.h: Removed. * runtime/TypedArrayInlines.h: Added. * runtime/TypedArrayType.cpp: Added. (JSC::classInfoForType): (WTF::printInternal): * runtime/TypedArrayType.h: Added. (JSC::toIndex): (JSC::isTypedView): (JSC::elementSize): (JSC::isInt): (JSC::isFloat): (JSC::isSigned): (JSC::isClamped): * runtime/TypedArrays.h: Added. * runtime/Uint16Array.h: * runtime/Uint32Array.h: * runtime/Uint8Array.h: * runtime/Uint8ClampedArray.h: * runtime/VM.cpp: (JSC::VM::VM): (JSC::VM::~VM): * runtime/VM.h: Source/WebCore: Reviewed by Oliver Hunt. Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a client of them. There is only one layering violation: WebCore installs a WebCoreTypedArrayController on VM, which makes the ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default, JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer alive but if ArrayBuffer is kept alive from native code then the JSArrayByffer may die. WebCoreTypedArrayController will keep the JSArrayBuffer alive if the ArrayBuffer is in the opaque root set. To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is changed to make most references to wrappers refer to JSObject* rather than JSDOMWrapper*. Array buffer views are now transient; the JS array buffer view wrappers don't own them or keep them alive. This required a bunch of changes to make bindings code use RefPtr<ArrayBufferView> to hold onto their views. Also there is a bunch of new code to make JSC-provided array buffers and views obey the toJS/to<ClassName> idiom for wrapping and unwrapping. Finally, the DataView API is now completely different: the JSDataView provides the same user-visible JS API but using its own internal magic; the C++ code that uses DataView now uses a rather different API that is not aware of usual DOM semantics, since it's in JSC and not WebCore. It's equally useful for all of WebCore's purposes, but some code had to change to adapt the new conventions. Some tests have been changed or rebased due to changes in behavior, that bring us into conformance with where the standards are going and allow us to match Firefox behavior. Automake work and some additional GTK changes courtesy of Zan Dobersek <zdobersek@igalia.com>. Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>. * CMakeLists.txt: * DerivedSources.make: * ForwardingHeaders/runtime/DataView.h: Added. * ForwardingHeaders/runtime/JSArrayBuffer.h: Added. * ForwardingHeaders/runtime/JSArrayBufferView.h: Added. * ForwardingHeaders/runtime/JSDataView.h: Added. * ForwardingHeaders/runtime/JSTypedArrays.h: Added. * ForwardingHeaders/runtime/TypedArrayController.h: Added. * ForwardingHeaders/runtime/TypedArrayInlines.h: Added. * ForwardingHeaders/runtime/TypedArrays.h: Added. * GNUmakefile.list.am: * Modules/webaudio/RealtimeAnalyser.h: * Target.pri: * UseJSC.cmake: * WebCore.exp.in: * WebCore.vcxproj/WebCore.vcxproj: * WebCore.xcodeproj/project.pbxproj: * bindings/js/DOMWrapperWorld.h: * bindings/js/JSArrayBufferCustom.cpp: Removed. * bindings/js/JSArrayBufferViewHelper.h: Removed. * bindings/js/JSAudioContextCustom.cpp: * bindings/js/JSBindingsAllInOne.cpp: * bindings/js/JSBlobCustom.cpp: * bindings/js/JSCSSRuleCustom.cpp: (WebCore::toJS): * bindings/js/JSCSSValueCustom.cpp: (WebCore::toJS): * bindings/js/JSCryptoCustom.cpp: (WebCore::JSCrypto::getRandomValues): * bindings/js/JSDOMBinding.h: (WebCore::wrapperOwner): (WebCore::wrapperContext): (WebCore::getInlineCachedWrapper): (WebCore::setInlineCachedWrapper): (WebCore::clearInlineCachedWrapper): (WebCore::getCachedWrapper): (WebCore::cacheWrapper): (WebCore::uncacheWrapper): (WebCore::wrap): (WebCore::toJS): (WebCore::toArrayBufferView): (WebCore::toInt8Array): (WebCore::toInt16Array): (WebCore::toInt32Array): (WebCore::toUint8Array): (WebCore::toUint8ClampedArray): (WebCore::toUint16Array): (WebCore::toUint32Array): (WebCore::toFloat32Array): (WebCore::toFloat64Array): (WebCore::toDataView): * bindings/js/JSDataViewCustom.cpp: Removed. * bindings/js/JSDictionary.cpp: * bindings/js/JSDictionary.h: * bindings/js/JSDocumentCustom.cpp: (WebCore::JSDocument::location): (WebCore::toJS): * bindings/js/JSEventCustom.cpp: (WebCore::toJS): * bindings/js/JSFileReaderCustom.cpp: * bindings/js/JSHTMLCollectionCustom.cpp: (WebCore::toJS): * bindings/js/JSHTMLTemplateElementCustom.cpp: (WebCore::JSHTMLTemplateElement::content): * bindings/js/JSImageDataCustom.cpp: (WebCore::toJS): * bindings/js/JSInjectedScriptHostCustom.cpp: * bindings/js/JSMessageEventCustom.cpp: * bindings/js/JSMessagePortCustom.cpp: * bindings/js/JSSVGPathSegCustom.cpp: (WebCore::toJS): * bindings/js/JSStyleSheetCustom.cpp: (WebCore::toJS): * bindings/js/JSTrackCustom.cpp: (WebCore::toJS): * bindings/js/JSWebGLRenderingContextCustom.cpp: * bindings/js/JSXMLHttpRequestCustom.cpp: (WebCore::JSXMLHttpRequest::send): * bindings/js/SerializedScriptValue.cpp: (WebCore::SerializedScriptValue::transferArrayBuffers): * bindings/js/WebCoreJSClientData.h: (WebCore::initNormalWorldClientData): * bindings/js/WebCoreTypedArrayController.cpp: Added. (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::toJS): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize): * bindings/js/WebCoreTypedArrayController.h: Added. (WebCore::WebCoreTypedArrayController::wrapperOwner): * bindings/scripts/CodeGenerator.pm: (ForAllParents): (ParseInterface): (SkipIncludeHeader): (IsTypedArrayType): (IsWrapperType): * bindings/scripts/CodeGeneratorJS.pm: (AddIncludesForType): (GenerateHeader): (GenerateImplementation): (GenerateParametersCheck): (GetNativeType): (JSValueToNative): (NativeToJSValue): (GenerateConstructorDefinition): (GenerateConstructorHelperMethods): * fileapi/WebKitBlobBuilder.cpp: (WebCore::BlobBuilder::append): * fileapi/WebKitBlobBuilder.h: * html/canvas/ArrayBuffer.idl: Removed. * html/canvas/ArrayBufferView.idl: Removed. * html/canvas/DataView.cpp: Removed. * html/canvas/DataView.h: Removed. * html/canvas/DataView.idl: Removed. * html/canvas/Float32Array.idl: Removed. * html/canvas/Float64Array.idl: Removed. * html/canvas/Int16Array.idl: Removed. * html/canvas/Int32Array.idl: Removed. * html/canvas/Int8Array.idl: Removed. * html/canvas/Uint16Array.idl: Removed. * html/canvas/Uint32Array.idl: Removed. * html/canvas/Uint8Array.idl: Removed. * html/canvas/Uint8ClampedArray.idl: Removed. * html/canvas/WebGLRenderingContext.cpp: (WebCore::WebGLRenderingContext::readPixels): (WebCore::WebGLRenderingContext::validateTexFuncData): * page/Crypto.cpp: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource): (WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData): * platform/graphics/filters/FECustomFilter.h: * platform/graphics/filters/FEGaussianBlur.cpp: * platform/graphics/filters/FilterEffect.cpp: * testing/MockCDM.cpp: Source/WebKit2: Reviewed by Oliver Hunt. You don't need to include JSUint8Array anymore if you just want to unwrap one; JSDOMBinding gives you all of the things you need. * WebProcess/InjectedBundle/InjectedBundle.cpp: Source/WTF: Reviewed by Oliver Hunt. - Added the notion of a reference counted object that can be marked Deferred, which is like a special-purpose upref. - Added a common byte flipper. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * GNUmakefile.list.am: * WTF.xcodeproj/project.pbxproj: * wtf/DeferrableRefCounted.h: Added. (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::hasOneRef): (WTF::DeferrableRefCountedBase::refCount): (WTF::DeferrableRefCountedBase::isDeferred): (WTF::DeferrableRefCountedBase::DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCountedBase::setIsDeferredBase): (WTF::DeferrableRefCounted::deref): (WTF::DeferrableRefCounted::setIsDeferred): (WTF::DeferrableRefCounted::DeferrableRefCounted): (WTF::DeferrableRefCounted::~DeferrableRefCounted): * wtf/FlipBytes.h: Added. (WTF::needToFlipBytesIfLittleEndian): (WTF::flipBytes): (WTF::flipBytesIfLittleEndian): LayoutTests: Reviewed by Oliver Hunt. * fast/canvas/webgl/array-set-invalid-arguments-expected.txt: * fast/canvas/webgl/array-set-out-of-bounds-expected.txt: * fast/canvas/webgl/array-unit-tests-expected.txt: * fast/canvas/webgl/array-unit-tests.html: * fast/canvas/webgl/data-view-crash-expected.txt: * fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js: (checkView): * fast/dom/call-a-constructor-as-a-function-expected.txt: * fast/dom/call-a-constructor-as-a-function.html: * fast/js/constructor-length.html: * fast/js/global-constructors-attributes-dedicated-worker-expected.txt: * fast/js/global-constructors-attributes-expected.txt: * fast/js/global-constructors-attributes-shared-worker-expected.txt: * fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added. * fast/js/regress/Int32Array-alloc-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-huge.html: Added. * fast/js/regress/Int32Array-alloc-large-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-large.html: Added. * fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-long-lived.html: Added. * fast/js/regress/Int32Array-alloc.html: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc.js: Added. * platform/mac/fast/js/constructor-length-expected.txt: * webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html: * webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html: Canonical link: https://commits.webkit.org/137806@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-08-15 20:43:06 +00:00
bool hasOneRef() const
{
return refCount() == 1;
}
[Fetch API] Use Ref<const T> in FetchBody::m_data variant https://bugs.webkit.org/show_bug.cgi?id=162599 Patch by Youenn Fablet <youenn@apple.com> on 2016-09-27 Reviewed by Alex Christensen. Source/WebCore: Covered by existing tests. Using Ref<const T> for all variants of m_data except for FormData since FetchBody is actually creating it and may modifiy it. Updating blob loading code path to use a const Blob& instead of a Blob&. * Modules/fetch/FetchBody.cpp: (WebCore::FetchBody::FetchBody): (WebCore::FetchBody::extract): (WebCore::FetchBody::clone): * Modules/fetch/FetchBody.h: (WebCore::FetchBody::blobBody): (WebCore::FetchBody::arrayBufferBody): (WebCore::FetchBody::arrayBufferViewBody): * Modules/fetch/FetchBodyOwner.cpp: (WebCore::FetchBodyOwner::loadBlob): * Modules/fetch/FetchBodyOwner.h: * Modules/fetch/FetchLoader.cpp: (WebCore::FetchLoader::start): * Modules/fetch/FetchLoader.h: Source/WTF: Enabling to use DeferrableRefCounted<const T> by making m_refCount mutable. * wtf/DeferrableRefCounted.h: (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCounted::deref): Canonical link: https://commits.webkit.org/180554@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@206438 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-09-27 16:47:49 +00:00
Typed arrays should be rewritten https://bugs.webkit.org/show_bug.cgi?id=119064 .: Reviewed by Oliver Hunt. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * Source/autotools/symbols.filter: Source/JavaScriptCore: Reviewed by Oliver Hunt. Typed arrays were previously deficient in several major ways: - They were defined separately in WebCore and in the jsc shell. The two implementations were different, and the jsc shell one was basically wrong. The WebCore one was quite awful, also. - Typed arrays were not visible to the JIT except through some weird hooks. For example, the JIT could not ask "what is the Structure that this typed array would have if I just allocated it from this global object". Also, it was difficult to wire any of the typed array intrinsics, because most of the functionality wasn't visible anywhere in JSC. - Typed array allocation was brain-dead. Allocating a typed array involved two JS objects, two GC weak handles, and three malloc allocations. - Neutering. It involved keeping tabs on all native views but not the view wrappers, even though the native views can autoneuter just by asking the buffer if it was neutered anytime you touch them; while the JS view wrappers are the ones that you really want to reach out to. - Common case-ing. Most typed arrays have one buffer and one view, and usually nobody touches the buffer. Yet we created all of that stuff anyway, using data structures optimized for the case where you had a lot of views. - Semantic goofs. Typed arrays should, in the future, behave like ES features rather than DOM features, for example when it comes to exceptions. Firefox already does this and I agree with them. This patch cleanses our codebase of these sins: - Typed arrays are almost entirely defined in JSC. Only the lifecycle management of native references to buffers is left to WebCore. - Allocating a typed array requires either two GC allocations (a cell and a copied storage vector) or one GC allocation, a malloc allocation, and a weak handle (a cell and a malloc'd storage vector, plus a finalizer for the latter). The latter is only used for oversize arrays. Remember that before it was 7 allocations no matter what. - Typed arrays require just 4 words of overhead: Structure*, Butterfly*, mode/length, void* vector. Before it was a lot more than that - remember, there were five additional objects that did absolutely nothing for anybody. - Native views aren't tracked by the buffer, or by the wrappers. They are transient. In the future we'll probably switch to not even having them be malloc'd. - Native array buffers have an efficient way of tracking all of their JS view wrappers, both for neutering, and for lifecycle management. The GC special-cases native array buffers. This saves a bunch of grief; for example it means that a JS view wrapper can refer to its buffer via the butterfly, which would be dead by the time we went to finalize. - Typed array semantics now match Firefox, which also happens to be where the standards are going. The discussion on webkit-dev seemed to confirm that Chrome is also heading in this direction. This includes making Uint8ClampedArray not a subtype of Uint8Array, and getting rid of ArrayBufferView as a JS-visible construct. This is up to a 10x speed-up on programs that allocate a lot of typed arrays. It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for further typed array optimizations in the JSC JITs, including inlining typed array allocation, inlining more of the accessors, reducing the cost of type checks, etc. An additional property of this patch is that typed arrays are mostly implemented using templates. This deduplicates a bunch of code, but does mean that we need some hacks for exporting s_info's of template classes. See JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly low-impact compared to code duplication. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * CMakeLists.txt: * DerivedSources.make: * GNUmakefile.list.am: * JSCTypedArrayStubs.h: Removed. * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * bytecode/ByValInfo.h: (JSC::hasOptimizableIndexingForClassInfo): (JSC::jitArrayModeForClassInfo): (JSC::typedArrayTypeForJITArrayMode): * bytecode/SpeculatedType.cpp: (JSC::speculationFromClassInfo): * dfg/DFGArrayMode.cpp: (JSC::DFG::toTypedArrayType): * dfg/DFGArrayMode.h: (JSC::DFG::ArrayMode::typedArrayType): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetArrayLength): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * heap/CopyToken.h: * heap/DeferGC.h: (JSC::DeferGCForAWhile::DeferGCForAWhile): (JSC::DeferGCForAWhile::~DeferGCForAWhile): * heap/GCIncomingRefCounted.h: Added. (JSC::GCIncomingRefCounted::GCIncomingRefCounted): (JSC::GCIncomingRefCounted::~GCIncomingRefCounted): (JSC::GCIncomingRefCounted::numberOfIncomingReferences): (JSC::GCIncomingRefCounted::incomingReferenceAt): (JSC::GCIncomingRefCounted::singletonFlag): (JSC::GCIncomingRefCounted::hasVectorOfCells): (JSC::GCIncomingRefCounted::hasAnyIncoming): (JSC::GCIncomingRefCounted::hasSingleton): (JSC::GCIncomingRefCounted::singleton): (JSC::GCIncomingRefCounted::vectorOfCells): * heap/GCIncomingRefCountedInlines.h: Added. (JSC::::addIncomingReference): (JSC::::filterIncomingReferences): * heap/GCIncomingRefCountedSet.h: Added. (JSC::GCIncomingRefCountedSet::size): * heap/GCIncomingRefCountedSetInlines.h: Added. (JSC::::GCIncomingRefCountedSet): (JSC::::~GCIncomingRefCountedSet): (JSC::::addReference): (JSC::::sweep): (JSC::::removeAll): (JSC::::removeDead): * heap/Heap.cpp: (JSC::Heap::addReference): (JSC::Heap::extraSize): (JSC::Heap::size): (JSC::Heap::capacity): (JSC::Heap::collect): (JSC::Heap::decrementDeferralDepth): (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): * heap/Heap.h: * interpreter/CallFrame.h: (JSC::ExecState::dataViewTable): * jit/JIT.h: * jit/JITPropertyAccess.cpp: (JSC::JIT::privateCompileGetByVal): (JSC::JIT::privateCompilePutByVal): (JSC::JIT::emitIntTypedArrayGetByVal): (JSC::JIT::emitFloatTypedArrayGetByVal): (JSC::JIT::emitIntTypedArrayPutByVal): (JSC::JIT::emitFloatTypedArrayPutByVal): * jsc.cpp: (GlobalObject::finishCreation): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::ArrayBuffer): (JSC::ArrayBuffer::gcSizeEstimateInBytes): (JSC::ArrayBuffer::pin): (JSC::ArrayBuffer::unpin): (JSC::ArrayBufferContents::tryAllocate): * runtime/ArrayBufferView.cpp: (JSC::ArrayBufferView::ArrayBufferView): (JSC::ArrayBufferView::~ArrayBufferView): (JSC::ArrayBufferView::setNeuterable): * runtime/ArrayBufferView.h: (JSC::ArrayBufferView::isNeutered): (JSC::ArrayBufferView::buffer): (JSC::ArrayBufferView::baseAddress): (JSC::ArrayBufferView::byteOffset): (JSC::ArrayBufferView::verifySubRange): (JSC::ArrayBufferView::clampOffsetAndNumElements): (JSC::ArrayBufferView::calculateOffsetAndLength): * runtime/ClassInfo.h: * runtime/CommonIdentifiers.h: * runtime/DataView.cpp: Added. (JSC::DataView::DataView): (JSC::DataView::create): (JSC::DataView::wrap): * runtime/DataView.h: Added. (JSC::DataView::byteLength): (JSC::DataView::getType): (JSC::DataView::get): (JSC::DataView::set): * runtime/Float32Array.h: * runtime/Float64Array.h: * runtime/GenericTypedArrayView.h: Added. (JSC::GenericTypedArrayView::data): (JSC::GenericTypedArrayView::set): (JSC::GenericTypedArrayView::setRange): (JSC::GenericTypedArrayView::zeroRange): (JSC::GenericTypedArrayView::zeroFill): (JSC::GenericTypedArrayView::length): (JSC::GenericTypedArrayView::byteLength): (JSC::GenericTypedArrayView::item): (JSC::GenericTypedArrayView::checkInboundData): (JSC::GenericTypedArrayView::getType): * runtime/GenericTypedArrayViewInlines.h: Added. (JSC::::GenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::subarray): (JSC::::wrap): * runtime/IndexingHeader.h: (JSC::IndexingHeader::arrayBuffer): (JSC::IndexingHeader::setArrayBuffer): * runtime/Int16Array.h: * runtime/Int32Array.h: * runtime/Int8Array.h: * runtime/JSArrayBuffer.cpp: Added. (JSC::JSArrayBuffer::JSArrayBuffer): (JSC::JSArrayBuffer::finishCreation): (JSC::JSArrayBuffer::create): (JSC::JSArrayBuffer::createStructure): (JSC::JSArrayBuffer::getOwnPropertySlot): (JSC::JSArrayBuffer::getOwnPropertyDescriptor): (JSC::JSArrayBuffer::put): (JSC::JSArrayBuffer::defineOwnProperty): (JSC::JSArrayBuffer::deleteProperty): (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames): * runtime/JSArrayBuffer.h: Added. (JSC::JSArrayBuffer::impl): (JSC::toArrayBuffer): * runtime/JSArrayBufferConstructor.cpp: Added. (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor): (JSC::JSArrayBufferConstructor::finishCreation): (JSC::JSArrayBufferConstructor::create): (JSC::JSArrayBufferConstructor::createStructure): (JSC::constructArrayBuffer): (JSC::JSArrayBufferConstructor::getConstructData): (JSC::JSArrayBufferConstructor::getCallData): * runtime/JSArrayBufferConstructor.h: Added. * runtime/JSArrayBufferPrototype.cpp: Added. (JSC::arrayBufferProtoFuncSlice): (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype): (JSC::JSArrayBufferPrototype::finishCreation): (JSC::JSArrayBufferPrototype::create): (JSC::JSArrayBufferPrototype::createStructure): * runtime/JSArrayBufferPrototype.h: Added. * runtime/JSArrayBufferView.cpp: Added. (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): (JSC::JSArrayBufferView::JSArrayBufferView): (JSC::JSArrayBufferView::finishCreation): (JSC::JSArrayBufferView::getOwnPropertySlot): (JSC::JSArrayBufferView::getOwnPropertyDescriptor): (JSC::JSArrayBufferView::put): (JSC::JSArrayBufferView::defineOwnProperty): (JSC::JSArrayBufferView::deleteProperty): (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames): (JSC::JSArrayBufferView::finalize): * runtime/JSArrayBufferView.h: Added. (JSC::JSArrayBufferView::sizeOf): (JSC::JSArrayBufferView::ConstructionContext::operator!): (JSC::JSArrayBufferView::ConstructionContext::structure): (JSC::JSArrayBufferView::ConstructionContext::vector): (JSC::JSArrayBufferView::ConstructionContext::length): (JSC::JSArrayBufferView::ConstructionContext::mode): (JSC::JSArrayBufferView::ConstructionContext::butterfly): (JSC::JSArrayBufferView::mode): (JSC::JSArrayBufferView::vector): (JSC::JSArrayBufferView::length): (JSC::JSArrayBufferView::offsetOfVector): (JSC::JSArrayBufferView::offsetOfLength): (JSC::JSArrayBufferView::offsetOfMode): * runtime/JSArrayBufferViewInlines.h: Added. (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary): (JSC::JSArrayBufferView::buffer): (JSC::JSArrayBufferView::impl): (JSC::JSArrayBufferView::neuter): (JSC::JSArrayBufferView::byteOffset): * runtime/JSCell.cpp: (JSC::JSCell::slowDownAndWasteMemory): (JSC::JSCell::getTypedArrayImpl): * runtime/JSCell.h: * runtime/JSDataView.cpp: Added. (JSC::JSDataView::JSDataView): (JSC::JSDataView::create): (JSC::JSDataView::createUninitialized): (JSC::JSDataView::set): (JSC::JSDataView::typedImpl): (JSC::JSDataView::getOwnPropertySlot): (JSC::JSDataView::getOwnPropertyDescriptor): (JSC::JSDataView::slowDownAndWasteMemory): (JSC::JSDataView::getTypedArrayImpl): (JSC::JSDataView::createStructure): * runtime/JSDataView.h: Added. * runtime/JSDataViewPrototype.cpp: Added. (JSC::JSDataViewPrototype::JSDataViewPrototype): (JSC::JSDataViewPrototype::create): (JSC::JSDataViewPrototype::createStructure): (JSC::JSDataViewPrototype::getOwnPropertySlot): (JSC::JSDataViewPrototype::getOwnPropertyDescriptor): (JSC::getData): (JSC::setData): (JSC::dataViewProtoFuncGetInt8): (JSC::dataViewProtoFuncGetInt16): (JSC::dataViewProtoFuncGetInt32): (JSC::dataViewProtoFuncGetUint8): (JSC::dataViewProtoFuncGetUint16): (JSC::dataViewProtoFuncGetUint32): (JSC::dataViewProtoFuncGetFloat32): (JSC::dataViewProtoFuncGetFloat64): (JSC::dataViewProtoFuncSetInt8): (JSC::dataViewProtoFuncSetInt16): (JSC::dataViewProtoFuncSetInt32): (JSC::dataViewProtoFuncSetUint8): (JSC::dataViewProtoFuncSetUint16): (JSC::dataViewProtoFuncSetUint32): (JSC::dataViewProtoFuncSetFloat32): (JSC::dataViewProtoFuncSetFloat64): * runtime/JSDataViewPrototype.h: Added. * runtime/JSFloat32Array.h: Added. * runtime/JSFloat64Array.h: Added. * runtime/JSGenericTypedArrayView.h: Added. (JSC::JSGenericTypedArrayView::byteLength): (JSC::JSGenericTypedArrayView::byteSize): (JSC::JSGenericTypedArrayView::typedVector): (JSC::JSGenericTypedArrayView::canGetIndexQuickly): (JSC::JSGenericTypedArrayView::canSetIndexQuickly): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble): (JSC::JSGenericTypedArrayView::getIndexQuickly): (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue): (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble): (JSC::JSGenericTypedArrayView::setIndexQuickly): (JSC::JSGenericTypedArrayView::canAccessRangeQuickly): (JSC::JSGenericTypedArrayView::typedImpl): (JSC::JSGenericTypedArrayView::createStructure): (JSC::JSGenericTypedArrayView::info): (JSC::toNativeTypedView): * runtime/JSGenericTypedArrayViewConstructor.h: Added. * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added. (JSC::::JSGenericTypedArrayViewConstructor): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): (JSC::constructGenericTypedArrayView): (JSC::::getConstructData): (JSC::::getCallData): * runtime/JSGenericTypedArrayViewInlines.h: Added. (JSC::::JSGenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::validateRange): (JSC::::setWithSpecificType): (JSC::::set): (JSC::::getOwnPropertySlot): (JSC::::getOwnPropertyDescriptor): (JSC::::put): (JSC::::defineOwnProperty): (JSC::::deleteProperty): (JSC::::getOwnPropertySlotByIndex): (JSC::::putByIndex): (JSC::::deletePropertyByIndex): (JSC::::getOwnNonIndexPropertyNames): (JSC::::getOwnPropertyNames): (JSC::::visitChildren): (JSC::::copyBackingStore): (JSC::::slowDownAndWasteMemory): (JSC::::getTypedArrayImpl): * runtime/JSGenericTypedArrayViewPrototype.h: Added. * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added. (JSC::genericTypedArrayViewProtoFuncSet): (JSC::genericTypedArrayViewProtoFuncSubarray): (JSC::::JSGenericTypedArrayViewPrototype): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren): * runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype): (JSC::JSGlobalObject::arrayBufferStructure): (JSC::JSGlobalObject::typedArrayStructure): * runtime/JSInt16Array.h: Added. * runtime/JSInt32Array.h: Added. * runtime/JSInt8Array.h: Added. * runtime/JSTypedArrayConstructors.cpp: Added. * runtime/JSTypedArrayConstructors.h: Added. * runtime/JSTypedArrayPrototypes.cpp: Added. * runtime/JSTypedArrayPrototypes.h: Added. * runtime/JSTypedArrays.cpp: Added. * runtime/JSTypedArrays.h: Added. * runtime/JSUint16Array.h: Added. * runtime/JSUint32Array.h: Added. * runtime/JSUint8Array.h: Added. * runtime/JSUint8ClampedArray.h: Added. * runtime/Operations.h: * runtime/Options.h: * runtime/SimpleTypedArrayController.cpp: Added. (JSC::SimpleTypedArrayController::SimpleTypedArrayController): (JSC::SimpleTypedArrayController::~SimpleTypedArrayController): (JSC::SimpleTypedArrayController::toJS): * runtime/SimpleTypedArrayController.h: Added. * runtime/Structure.h: (JSC::Structure::couldHaveIndexingHeader): * runtime/StructureInlines.h: (JSC::Structure::hasIndexingHeader): * runtime/TypedArrayAdaptors.h: Added. (JSC::IntegralTypedArrayAdaptor::toNative): (JSC::IntegralTypedArrayAdaptor::toJSValue): (JSC::IntegralTypedArrayAdaptor::toDouble): (JSC::FloatTypedArrayAdaptor::toNative): (JSC::FloatTypedArrayAdaptor::toJSValue): (JSC::FloatTypedArrayAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::toNative): (JSC::Uint8ClampedAdaptor::toJSValue): (JSC::Uint8ClampedAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::clamp): * runtime/TypedArrayController.cpp: Added. (JSC::TypedArrayController::TypedArrayController): (JSC::TypedArrayController::~TypedArrayController): * runtime/TypedArrayController.h: Added. * runtime/TypedArrayDescriptor.h: Removed. * runtime/TypedArrayInlines.h: Added. * runtime/TypedArrayType.cpp: Added. (JSC::classInfoForType): (WTF::printInternal): * runtime/TypedArrayType.h: Added. (JSC::toIndex): (JSC::isTypedView): (JSC::elementSize): (JSC::isInt): (JSC::isFloat): (JSC::isSigned): (JSC::isClamped): * runtime/TypedArrays.h: Added. * runtime/Uint16Array.h: * runtime/Uint32Array.h: * runtime/Uint8Array.h: * runtime/Uint8ClampedArray.h: * runtime/VM.cpp: (JSC::VM::VM): (JSC::VM::~VM): * runtime/VM.h: Source/WebCore: Reviewed by Oliver Hunt. Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a client of them. There is only one layering violation: WebCore installs a WebCoreTypedArrayController on VM, which makes the ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default, JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer alive but if ArrayBuffer is kept alive from native code then the JSArrayByffer may die. WebCoreTypedArrayController will keep the JSArrayBuffer alive if the ArrayBuffer is in the opaque root set. To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is changed to make most references to wrappers refer to JSObject* rather than JSDOMWrapper*. Array buffer views are now transient; the JS array buffer view wrappers don't own them or keep them alive. This required a bunch of changes to make bindings code use RefPtr<ArrayBufferView> to hold onto their views. Also there is a bunch of new code to make JSC-provided array buffers and views obey the toJS/to<ClassName> idiom for wrapping and unwrapping. Finally, the DataView API is now completely different: the JSDataView provides the same user-visible JS API but using its own internal magic; the C++ code that uses DataView now uses a rather different API that is not aware of usual DOM semantics, since it's in JSC and not WebCore. It's equally useful for all of WebCore's purposes, but some code had to change to adapt the new conventions. Some tests have been changed or rebased due to changes in behavior, that bring us into conformance with where the standards are going and allow us to match Firefox behavior. Automake work and some additional GTK changes courtesy of Zan Dobersek <zdobersek@igalia.com>. Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>. * CMakeLists.txt: * DerivedSources.make: * ForwardingHeaders/runtime/DataView.h: Added. * ForwardingHeaders/runtime/JSArrayBuffer.h: Added. * ForwardingHeaders/runtime/JSArrayBufferView.h: Added. * ForwardingHeaders/runtime/JSDataView.h: Added. * ForwardingHeaders/runtime/JSTypedArrays.h: Added. * ForwardingHeaders/runtime/TypedArrayController.h: Added. * ForwardingHeaders/runtime/TypedArrayInlines.h: Added. * ForwardingHeaders/runtime/TypedArrays.h: Added. * GNUmakefile.list.am: * Modules/webaudio/RealtimeAnalyser.h: * Target.pri: * UseJSC.cmake: * WebCore.exp.in: * WebCore.vcxproj/WebCore.vcxproj: * WebCore.xcodeproj/project.pbxproj: * bindings/js/DOMWrapperWorld.h: * bindings/js/JSArrayBufferCustom.cpp: Removed. * bindings/js/JSArrayBufferViewHelper.h: Removed. * bindings/js/JSAudioContextCustom.cpp: * bindings/js/JSBindingsAllInOne.cpp: * bindings/js/JSBlobCustom.cpp: * bindings/js/JSCSSRuleCustom.cpp: (WebCore::toJS): * bindings/js/JSCSSValueCustom.cpp: (WebCore::toJS): * bindings/js/JSCryptoCustom.cpp: (WebCore::JSCrypto::getRandomValues): * bindings/js/JSDOMBinding.h: (WebCore::wrapperOwner): (WebCore::wrapperContext): (WebCore::getInlineCachedWrapper): (WebCore::setInlineCachedWrapper): (WebCore::clearInlineCachedWrapper): (WebCore::getCachedWrapper): (WebCore::cacheWrapper): (WebCore::uncacheWrapper): (WebCore::wrap): (WebCore::toJS): (WebCore::toArrayBufferView): (WebCore::toInt8Array): (WebCore::toInt16Array): (WebCore::toInt32Array): (WebCore::toUint8Array): (WebCore::toUint8ClampedArray): (WebCore::toUint16Array): (WebCore::toUint32Array): (WebCore::toFloat32Array): (WebCore::toFloat64Array): (WebCore::toDataView): * bindings/js/JSDataViewCustom.cpp: Removed. * bindings/js/JSDictionary.cpp: * bindings/js/JSDictionary.h: * bindings/js/JSDocumentCustom.cpp: (WebCore::JSDocument::location): (WebCore::toJS): * bindings/js/JSEventCustom.cpp: (WebCore::toJS): * bindings/js/JSFileReaderCustom.cpp: * bindings/js/JSHTMLCollectionCustom.cpp: (WebCore::toJS): * bindings/js/JSHTMLTemplateElementCustom.cpp: (WebCore::JSHTMLTemplateElement::content): * bindings/js/JSImageDataCustom.cpp: (WebCore::toJS): * bindings/js/JSInjectedScriptHostCustom.cpp: * bindings/js/JSMessageEventCustom.cpp: * bindings/js/JSMessagePortCustom.cpp: * bindings/js/JSSVGPathSegCustom.cpp: (WebCore::toJS): * bindings/js/JSStyleSheetCustom.cpp: (WebCore::toJS): * bindings/js/JSTrackCustom.cpp: (WebCore::toJS): * bindings/js/JSWebGLRenderingContextCustom.cpp: * bindings/js/JSXMLHttpRequestCustom.cpp: (WebCore::JSXMLHttpRequest::send): * bindings/js/SerializedScriptValue.cpp: (WebCore::SerializedScriptValue::transferArrayBuffers): * bindings/js/WebCoreJSClientData.h: (WebCore::initNormalWorldClientData): * bindings/js/WebCoreTypedArrayController.cpp: Added. (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::toJS): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize): * bindings/js/WebCoreTypedArrayController.h: Added. (WebCore::WebCoreTypedArrayController::wrapperOwner): * bindings/scripts/CodeGenerator.pm: (ForAllParents): (ParseInterface): (SkipIncludeHeader): (IsTypedArrayType): (IsWrapperType): * bindings/scripts/CodeGeneratorJS.pm: (AddIncludesForType): (GenerateHeader): (GenerateImplementation): (GenerateParametersCheck): (GetNativeType): (JSValueToNative): (NativeToJSValue): (GenerateConstructorDefinition): (GenerateConstructorHelperMethods): * fileapi/WebKitBlobBuilder.cpp: (WebCore::BlobBuilder::append): * fileapi/WebKitBlobBuilder.h: * html/canvas/ArrayBuffer.idl: Removed. * html/canvas/ArrayBufferView.idl: Removed. * html/canvas/DataView.cpp: Removed. * html/canvas/DataView.h: Removed. * html/canvas/DataView.idl: Removed. * html/canvas/Float32Array.idl: Removed. * html/canvas/Float64Array.idl: Removed. * html/canvas/Int16Array.idl: Removed. * html/canvas/Int32Array.idl: Removed. * html/canvas/Int8Array.idl: Removed. * html/canvas/Uint16Array.idl: Removed. * html/canvas/Uint32Array.idl: Removed. * html/canvas/Uint8Array.idl: Removed. * html/canvas/Uint8ClampedArray.idl: Removed. * html/canvas/WebGLRenderingContext.cpp: (WebCore::WebGLRenderingContext::readPixels): (WebCore::WebGLRenderingContext::validateTexFuncData): * page/Crypto.cpp: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource): (WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData): * platform/graphics/filters/FECustomFilter.h: * platform/graphics/filters/FEGaussianBlur.cpp: * platform/graphics/filters/FilterEffect.cpp: * testing/MockCDM.cpp: Source/WebKit2: Reviewed by Oliver Hunt. You don't need to include JSUint8Array anymore if you just want to unwrap one; JSDOMBinding gives you all of the things you need. * WebProcess/InjectedBundle/InjectedBundle.cpp: Source/WTF: Reviewed by Oliver Hunt. - Added the notion of a reference counted object that can be marked Deferred, which is like a special-purpose upref. - Added a common byte flipper. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * GNUmakefile.list.am: * WTF.xcodeproj/project.pbxproj: * wtf/DeferrableRefCounted.h: Added. (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::hasOneRef): (WTF::DeferrableRefCountedBase::refCount): (WTF::DeferrableRefCountedBase::isDeferred): (WTF::DeferrableRefCountedBase::DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCountedBase::setIsDeferredBase): (WTF::DeferrableRefCounted::deref): (WTF::DeferrableRefCounted::setIsDeferred): (WTF::DeferrableRefCounted::DeferrableRefCounted): (WTF::DeferrableRefCounted::~DeferrableRefCounted): * wtf/FlipBytes.h: Added. (WTF::needToFlipBytesIfLittleEndian): (WTF::flipBytes): (WTF::flipBytesIfLittleEndian): LayoutTests: Reviewed by Oliver Hunt. * fast/canvas/webgl/array-set-invalid-arguments-expected.txt: * fast/canvas/webgl/array-set-out-of-bounds-expected.txt: * fast/canvas/webgl/array-unit-tests-expected.txt: * fast/canvas/webgl/array-unit-tests.html: * fast/canvas/webgl/data-view-crash-expected.txt: * fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js: (checkView): * fast/dom/call-a-constructor-as-a-function-expected.txt: * fast/dom/call-a-constructor-as-a-function.html: * fast/js/constructor-length.html: * fast/js/global-constructors-attributes-dedicated-worker-expected.txt: * fast/js/global-constructors-attributes-expected.txt: * fast/js/global-constructors-attributes-shared-worker-expected.txt: * fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added. * fast/js/regress/Int32Array-alloc-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-huge.html: Added. * fast/js/regress/Int32Array-alloc-large-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-large.html: Added. * fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-long-lived.html: Added. * fast/js/regress/Int32Array-alloc.html: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc.js: Added. * platform/mac/fast/js/constructor-length-expected.txt: * webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html: * webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html: Canonical link: https://commits.webkit.org/137806@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-08-15 20:43:06 +00:00
unsigned refCount() const
{
return m_refCount / normalIncrement;
}
[Fetch API] Use Ref<const T> in FetchBody::m_data variant https://bugs.webkit.org/show_bug.cgi?id=162599 Patch by Youenn Fablet <youenn@apple.com> on 2016-09-27 Reviewed by Alex Christensen. Source/WebCore: Covered by existing tests. Using Ref<const T> for all variants of m_data except for FormData since FetchBody is actually creating it and may modifiy it. Updating blob loading code path to use a const Blob& instead of a Blob&. * Modules/fetch/FetchBody.cpp: (WebCore::FetchBody::FetchBody): (WebCore::FetchBody::extract): (WebCore::FetchBody::clone): * Modules/fetch/FetchBody.h: (WebCore::FetchBody::blobBody): (WebCore::FetchBody::arrayBufferBody): (WebCore::FetchBody::arrayBufferViewBody): * Modules/fetch/FetchBodyOwner.cpp: (WebCore::FetchBodyOwner::loadBlob): * Modules/fetch/FetchBodyOwner.h: * Modules/fetch/FetchLoader.cpp: (WebCore::FetchLoader::start): * Modules/fetch/FetchLoader.h: Source/WTF: Enabling to use DeferrableRefCounted<const T> by making m_refCount mutable. * wtf/DeferrableRefCounted.h: (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCounted::deref): Canonical link: https://commits.webkit.org/180554@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@206438 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-09-27 16:47:49 +00:00
Typed arrays should be rewritten https://bugs.webkit.org/show_bug.cgi?id=119064 .: Reviewed by Oliver Hunt. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * Source/autotools/symbols.filter: Source/JavaScriptCore: Reviewed by Oliver Hunt. Typed arrays were previously deficient in several major ways: - They were defined separately in WebCore and in the jsc shell. The two implementations were different, and the jsc shell one was basically wrong. The WebCore one was quite awful, also. - Typed arrays were not visible to the JIT except through some weird hooks. For example, the JIT could not ask "what is the Structure that this typed array would have if I just allocated it from this global object". Also, it was difficult to wire any of the typed array intrinsics, because most of the functionality wasn't visible anywhere in JSC. - Typed array allocation was brain-dead. Allocating a typed array involved two JS objects, two GC weak handles, and three malloc allocations. - Neutering. It involved keeping tabs on all native views but not the view wrappers, even though the native views can autoneuter just by asking the buffer if it was neutered anytime you touch them; while the JS view wrappers are the ones that you really want to reach out to. - Common case-ing. Most typed arrays have one buffer and one view, and usually nobody touches the buffer. Yet we created all of that stuff anyway, using data structures optimized for the case where you had a lot of views. - Semantic goofs. Typed arrays should, in the future, behave like ES features rather than DOM features, for example when it comes to exceptions. Firefox already does this and I agree with them. This patch cleanses our codebase of these sins: - Typed arrays are almost entirely defined in JSC. Only the lifecycle management of native references to buffers is left to WebCore. - Allocating a typed array requires either two GC allocations (a cell and a copied storage vector) or one GC allocation, a malloc allocation, and a weak handle (a cell and a malloc'd storage vector, plus a finalizer for the latter). The latter is only used for oversize arrays. Remember that before it was 7 allocations no matter what. - Typed arrays require just 4 words of overhead: Structure*, Butterfly*, mode/length, void* vector. Before it was a lot more than that - remember, there were five additional objects that did absolutely nothing for anybody. - Native views aren't tracked by the buffer, or by the wrappers. They are transient. In the future we'll probably switch to not even having them be malloc'd. - Native array buffers have an efficient way of tracking all of their JS view wrappers, both for neutering, and for lifecycle management. The GC special-cases native array buffers. This saves a bunch of grief; for example it means that a JS view wrapper can refer to its buffer via the butterfly, which would be dead by the time we went to finalize. - Typed array semantics now match Firefox, which also happens to be where the standards are going. The discussion on webkit-dev seemed to confirm that Chrome is also heading in this direction. This includes making Uint8ClampedArray not a subtype of Uint8Array, and getting rid of ArrayBufferView as a JS-visible construct. This is up to a 10x speed-up on programs that allocate a lot of typed arrays. It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for further typed array optimizations in the JSC JITs, including inlining typed array allocation, inlining more of the accessors, reducing the cost of type checks, etc. An additional property of this patch is that typed arrays are mostly implemented using templates. This deduplicates a bunch of code, but does mean that we need some hacks for exporting s_info's of template classes. See JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly low-impact compared to code duplication. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * CMakeLists.txt: * DerivedSources.make: * GNUmakefile.list.am: * JSCTypedArrayStubs.h: Removed. * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * bytecode/ByValInfo.h: (JSC::hasOptimizableIndexingForClassInfo): (JSC::jitArrayModeForClassInfo): (JSC::typedArrayTypeForJITArrayMode): * bytecode/SpeculatedType.cpp: (JSC::speculationFromClassInfo): * dfg/DFGArrayMode.cpp: (JSC::DFG::toTypedArrayType): * dfg/DFGArrayMode.h: (JSC::DFG::ArrayMode::typedArrayType): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetArrayLength): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * heap/CopyToken.h: * heap/DeferGC.h: (JSC::DeferGCForAWhile::DeferGCForAWhile): (JSC::DeferGCForAWhile::~DeferGCForAWhile): * heap/GCIncomingRefCounted.h: Added. (JSC::GCIncomingRefCounted::GCIncomingRefCounted): (JSC::GCIncomingRefCounted::~GCIncomingRefCounted): (JSC::GCIncomingRefCounted::numberOfIncomingReferences): (JSC::GCIncomingRefCounted::incomingReferenceAt): (JSC::GCIncomingRefCounted::singletonFlag): (JSC::GCIncomingRefCounted::hasVectorOfCells): (JSC::GCIncomingRefCounted::hasAnyIncoming): (JSC::GCIncomingRefCounted::hasSingleton): (JSC::GCIncomingRefCounted::singleton): (JSC::GCIncomingRefCounted::vectorOfCells): * heap/GCIncomingRefCountedInlines.h: Added. (JSC::::addIncomingReference): (JSC::::filterIncomingReferences): * heap/GCIncomingRefCountedSet.h: Added. (JSC::GCIncomingRefCountedSet::size): * heap/GCIncomingRefCountedSetInlines.h: Added. (JSC::::GCIncomingRefCountedSet): (JSC::::~GCIncomingRefCountedSet): (JSC::::addReference): (JSC::::sweep): (JSC::::removeAll): (JSC::::removeDead): * heap/Heap.cpp: (JSC::Heap::addReference): (JSC::Heap::extraSize): (JSC::Heap::size): (JSC::Heap::capacity): (JSC::Heap::collect): (JSC::Heap::decrementDeferralDepth): (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): * heap/Heap.h: * interpreter/CallFrame.h: (JSC::ExecState::dataViewTable): * jit/JIT.h: * jit/JITPropertyAccess.cpp: (JSC::JIT::privateCompileGetByVal): (JSC::JIT::privateCompilePutByVal): (JSC::JIT::emitIntTypedArrayGetByVal): (JSC::JIT::emitFloatTypedArrayGetByVal): (JSC::JIT::emitIntTypedArrayPutByVal): (JSC::JIT::emitFloatTypedArrayPutByVal): * jsc.cpp: (GlobalObject::finishCreation): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::ArrayBuffer): (JSC::ArrayBuffer::gcSizeEstimateInBytes): (JSC::ArrayBuffer::pin): (JSC::ArrayBuffer::unpin): (JSC::ArrayBufferContents::tryAllocate): * runtime/ArrayBufferView.cpp: (JSC::ArrayBufferView::ArrayBufferView): (JSC::ArrayBufferView::~ArrayBufferView): (JSC::ArrayBufferView::setNeuterable): * runtime/ArrayBufferView.h: (JSC::ArrayBufferView::isNeutered): (JSC::ArrayBufferView::buffer): (JSC::ArrayBufferView::baseAddress): (JSC::ArrayBufferView::byteOffset): (JSC::ArrayBufferView::verifySubRange): (JSC::ArrayBufferView::clampOffsetAndNumElements): (JSC::ArrayBufferView::calculateOffsetAndLength): * runtime/ClassInfo.h: * runtime/CommonIdentifiers.h: * runtime/DataView.cpp: Added. (JSC::DataView::DataView): (JSC::DataView::create): (JSC::DataView::wrap): * runtime/DataView.h: Added. (JSC::DataView::byteLength): (JSC::DataView::getType): (JSC::DataView::get): (JSC::DataView::set): * runtime/Float32Array.h: * runtime/Float64Array.h: * runtime/GenericTypedArrayView.h: Added. (JSC::GenericTypedArrayView::data): (JSC::GenericTypedArrayView::set): (JSC::GenericTypedArrayView::setRange): (JSC::GenericTypedArrayView::zeroRange): (JSC::GenericTypedArrayView::zeroFill): (JSC::GenericTypedArrayView::length): (JSC::GenericTypedArrayView::byteLength): (JSC::GenericTypedArrayView::item): (JSC::GenericTypedArrayView::checkInboundData): (JSC::GenericTypedArrayView::getType): * runtime/GenericTypedArrayViewInlines.h: Added. (JSC::::GenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::subarray): (JSC::::wrap): * runtime/IndexingHeader.h: (JSC::IndexingHeader::arrayBuffer): (JSC::IndexingHeader::setArrayBuffer): * runtime/Int16Array.h: * runtime/Int32Array.h: * runtime/Int8Array.h: * runtime/JSArrayBuffer.cpp: Added. (JSC::JSArrayBuffer::JSArrayBuffer): (JSC::JSArrayBuffer::finishCreation): (JSC::JSArrayBuffer::create): (JSC::JSArrayBuffer::createStructure): (JSC::JSArrayBuffer::getOwnPropertySlot): (JSC::JSArrayBuffer::getOwnPropertyDescriptor): (JSC::JSArrayBuffer::put): (JSC::JSArrayBuffer::defineOwnProperty): (JSC::JSArrayBuffer::deleteProperty): (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames): * runtime/JSArrayBuffer.h: Added. (JSC::JSArrayBuffer::impl): (JSC::toArrayBuffer): * runtime/JSArrayBufferConstructor.cpp: Added. (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor): (JSC::JSArrayBufferConstructor::finishCreation): (JSC::JSArrayBufferConstructor::create): (JSC::JSArrayBufferConstructor::createStructure): (JSC::constructArrayBuffer): (JSC::JSArrayBufferConstructor::getConstructData): (JSC::JSArrayBufferConstructor::getCallData): * runtime/JSArrayBufferConstructor.h: Added. * runtime/JSArrayBufferPrototype.cpp: Added. (JSC::arrayBufferProtoFuncSlice): (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype): (JSC::JSArrayBufferPrototype::finishCreation): (JSC::JSArrayBufferPrototype::create): (JSC::JSArrayBufferPrototype::createStructure): * runtime/JSArrayBufferPrototype.h: Added. * runtime/JSArrayBufferView.cpp: Added. (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): (JSC::JSArrayBufferView::JSArrayBufferView): (JSC::JSArrayBufferView::finishCreation): (JSC::JSArrayBufferView::getOwnPropertySlot): (JSC::JSArrayBufferView::getOwnPropertyDescriptor): (JSC::JSArrayBufferView::put): (JSC::JSArrayBufferView::defineOwnProperty): (JSC::JSArrayBufferView::deleteProperty): (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames): (JSC::JSArrayBufferView::finalize): * runtime/JSArrayBufferView.h: Added. (JSC::JSArrayBufferView::sizeOf): (JSC::JSArrayBufferView::ConstructionContext::operator!): (JSC::JSArrayBufferView::ConstructionContext::structure): (JSC::JSArrayBufferView::ConstructionContext::vector): (JSC::JSArrayBufferView::ConstructionContext::length): (JSC::JSArrayBufferView::ConstructionContext::mode): (JSC::JSArrayBufferView::ConstructionContext::butterfly): (JSC::JSArrayBufferView::mode): (JSC::JSArrayBufferView::vector): (JSC::JSArrayBufferView::length): (JSC::JSArrayBufferView::offsetOfVector): (JSC::JSArrayBufferView::offsetOfLength): (JSC::JSArrayBufferView::offsetOfMode): * runtime/JSArrayBufferViewInlines.h: Added. (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary): (JSC::JSArrayBufferView::buffer): (JSC::JSArrayBufferView::impl): (JSC::JSArrayBufferView::neuter): (JSC::JSArrayBufferView::byteOffset): * runtime/JSCell.cpp: (JSC::JSCell::slowDownAndWasteMemory): (JSC::JSCell::getTypedArrayImpl): * runtime/JSCell.h: * runtime/JSDataView.cpp: Added. (JSC::JSDataView::JSDataView): (JSC::JSDataView::create): (JSC::JSDataView::createUninitialized): (JSC::JSDataView::set): (JSC::JSDataView::typedImpl): (JSC::JSDataView::getOwnPropertySlot): (JSC::JSDataView::getOwnPropertyDescriptor): (JSC::JSDataView::slowDownAndWasteMemory): (JSC::JSDataView::getTypedArrayImpl): (JSC::JSDataView::createStructure): * runtime/JSDataView.h: Added. * runtime/JSDataViewPrototype.cpp: Added. (JSC::JSDataViewPrototype::JSDataViewPrototype): (JSC::JSDataViewPrototype::create): (JSC::JSDataViewPrototype::createStructure): (JSC::JSDataViewPrototype::getOwnPropertySlot): (JSC::JSDataViewPrototype::getOwnPropertyDescriptor): (JSC::getData): (JSC::setData): (JSC::dataViewProtoFuncGetInt8): (JSC::dataViewProtoFuncGetInt16): (JSC::dataViewProtoFuncGetInt32): (JSC::dataViewProtoFuncGetUint8): (JSC::dataViewProtoFuncGetUint16): (JSC::dataViewProtoFuncGetUint32): (JSC::dataViewProtoFuncGetFloat32): (JSC::dataViewProtoFuncGetFloat64): (JSC::dataViewProtoFuncSetInt8): (JSC::dataViewProtoFuncSetInt16): (JSC::dataViewProtoFuncSetInt32): (JSC::dataViewProtoFuncSetUint8): (JSC::dataViewProtoFuncSetUint16): (JSC::dataViewProtoFuncSetUint32): (JSC::dataViewProtoFuncSetFloat32): (JSC::dataViewProtoFuncSetFloat64): * runtime/JSDataViewPrototype.h: Added. * runtime/JSFloat32Array.h: Added. * runtime/JSFloat64Array.h: Added. * runtime/JSGenericTypedArrayView.h: Added. (JSC::JSGenericTypedArrayView::byteLength): (JSC::JSGenericTypedArrayView::byteSize): (JSC::JSGenericTypedArrayView::typedVector): (JSC::JSGenericTypedArrayView::canGetIndexQuickly): (JSC::JSGenericTypedArrayView::canSetIndexQuickly): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble): (JSC::JSGenericTypedArrayView::getIndexQuickly): (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue): (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble): (JSC::JSGenericTypedArrayView::setIndexQuickly): (JSC::JSGenericTypedArrayView::canAccessRangeQuickly): (JSC::JSGenericTypedArrayView::typedImpl): (JSC::JSGenericTypedArrayView::createStructure): (JSC::JSGenericTypedArrayView::info): (JSC::toNativeTypedView): * runtime/JSGenericTypedArrayViewConstructor.h: Added. * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added. (JSC::::JSGenericTypedArrayViewConstructor): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): (JSC::constructGenericTypedArrayView): (JSC::::getConstructData): (JSC::::getCallData): * runtime/JSGenericTypedArrayViewInlines.h: Added. (JSC::::JSGenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::validateRange): (JSC::::setWithSpecificType): (JSC::::set): (JSC::::getOwnPropertySlot): (JSC::::getOwnPropertyDescriptor): (JSC::::put): (JSC::::defineOwnProperty): (JSC::::deleteProperty): (JSC::::getOwnPropertySlotByIndex): (JSC::::putByIndex): (JSC::::deletePropertyByIndex): (JSC::::getOwnNonIndexPropertyNames): (JSC::::getOwnPropertyNames): (JSC::::visitChildren): (JSC::::copyBackingStore): (JSC::::slowDownAndWasteMemory): (JSC::::getTypedArrayImpl): * runtime/JSGenericTypedArrayViewPrototype.h: Added. * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added. (JSC::genericTypedArrayViewProtoFuncSet): (JSC::genericTypedArrayViewProtoFuncSubarray): (JSC::::JSGenericTypedArrayViewPrototype): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren): * runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype): (JSC::JSGlobalObject::arrayBufferStructure): (JSC::JSGlobalObject::typedArrayStructure): * runtime/JSInt16Array.h: Added. * runtime/JSInt32Array.h: Added. * runtime/JSInt8Array.h: Added. * runtime/JSTypedArrayConstructors.cpp: Added. * runtime/JSTypedArrayConstructors.h: Added. * runtime/JSTypedArrayPrototypes.cpp: Added. * runtime/JSTypedArrayPrototypes.h: Added. * runtime/JSTypedArrays.cpp: Added. * runtime/JSTypedArrays.h: Added. * runtime/JSUint16Array.h: Added. * runtime/JSUint32Array.h: Added. * runtime/JSUint8Array.h: Added. * runtime/JSUint8ClampedArray.h: Added. * runtime/Operations.h: * runtime/Options.h: * runtime/SimpleTypedArrayController.cpp: Added. (JSC::SimpleTypedArrayController::SimpleTypedArrayController): (JSC::SimpleTypedArrayController::~SimpleTypedArrayController): (JSC::SimpleTypedArrayController::toJS): * runtime/SimpleTypedArrayController.h: Added. * runtime/Structure.h: (JSC::Structure::couldHaveIndexingHeader): * runtime/StructureInlines.h: (JSC::Structure::hasIndexingHeader): * runtime/TypedArrayAdaptors.h: Added. (JSC::IntegralTypedArrayAdaptor::toNative): (JSC::IntegralTypedArrayAdaptor::toJSValue): (JSC::IntegralTypedArrayAdaptor::toDouble): (JSC::FloatTypedArrayAdaptor::toNative): (JSC::FloatTypedArrayAdaptor::toJSValue): (JSC::FloatTypedArrayAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::toNative): (JSC::Uint8ClampedAdaptor::toJSValue): (JSC::Uint8ClampedAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::clamp): * runtime/TypedArrayController.cpp: Added. (JSC::TypedArrayController::TypedArrayController): (JSC::TypedArrayController::~TypedArrayController): * runtime/TypedArrayController.h: Added. * runtime/TypedArrayDescriptor.h: Removed. * runtime/TypedArrayInlines.h: Added. * runtime/TypedArrayType.cpp: Added. (JSC::classInfoForType): (WTF::printInternal): * runtime/TypedArrayType.h: Added. (JSC::toIndex): (JSC::isTypedView): (JSC::elementSize): (JSC::isInt): (JSC::isFloat): (JSC::isSigned): (JSC::isClamped): * runtime/TypedArrays.h: Added. * runtime/Uint16Array.h: * runtime/Uint32Array.h: * runtime/Uint8Array.h: * runtime/Uint8ClampedArray.h: * runtime/VM.cpp: (JSC::VM::VM): (JSC::VM::~VM): * runtime/VM.h: Source/WebCore: Reviewed by Oliver Hunt. Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a client of them. There is only one layering violation: WebCore installs a WebCoreTypedArrayController on VM, which makes the ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default, JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer alive but if ArrayBuffer is kept alive from native code then the JSArrayByffer may die. WebCoreTypedArrayController will keep the JSArrayBuffer alive if the ArrayBuffer is in the opaque root set. To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is changed to make most references to wrappers refer to JSObject* rather than JSDOMWrapper*. Array buffer views are now transient; the JS array buffer view wrappers don't own them or keep them alive. This required a bunch of changes to make bindings code use RefPtr<ArrayBufferView> to hold onto their views. Also there is a bunch of new code to make JSC-provided array buffers and views obey the toJS/to<ClassName> idiom for wrapping and unwrapping. Finally, the DataView API is now completely different: the JSDataView provides the same user-visible JS API but using its own internal magic; the C++ code that uses DataView now uses a rather different API that is not aware of usual DOM semantics, since it's in JSC and not WebCore. It's equally useful for all of WebCore's purposes, but some code had to change to adapt the new conventions. Some tests have been changed or rebased due to changes in behavior, that bring us into conformance with where the standards are going and allow us to match Firefox behavior. Automake work and some additional GTK changes courtesy of Zan Dobersek <zdobersek@igalia.com>. Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>. * CMakeLists.txt: * DerivedSources.make: * ForwardingHeaders/runtime/DataView.h: Added. * ForwardingHeaders/runtime/JSArrayBuffer.h: Added. * ForwardingHeaders/runtime/JSArrayBufferView.h: Added. * ForwardingHeaders/runtime/JSDataView.h: Added. * ForwardingHeaders/runtime/JSTypedArrays.h: Added. * ForwardingHeaders/runtime/TypedArrayController.h: Added. * ForwardingHeaders/runtime/TypedArrayInlines.h: Added. * ForwardingHeaders/runtime/TypedArrays.h: Added. * GNUmakefile.list.am: * Modules/webaudio/RealtimeAnalyser.h: * Target.pri: * UseJSC.cmake: * WebCore.exp.in: * WebCore.vcxproj/WebCore.vcxproj: * WebCore.xcodeproj/project.pbxproj: * bindings/js/DOMWrapperWorld.h: * bindings/js/JSArrayBufferCustom.cpp: Removed. * bindings/js/JSArrayBufferViewHelper.h: Removed. * bindings/js/JSAudioContextCustom.cpp: * bindings/js/JSBindingsAllInOne.cpp: * bindings/js/JSBlobCustom.cpp: * bindings/js/JSCSSRuleCustom.cpp: (WebCore::toJS): * bindings/js/JSCSSValueCustom.cpp: (WebCore::toJS): * bindings/js/JSCryptoCustom.cpp: (WebCore::JSCrypto::getRandomValues): * bindings/js/JSDOMBinding.h: (WebCore::wrapperOwner): (WebCore::wrapperContext): (WebCore::getInlineCachedWrapper): (WebCore::setInlineCachedWrapper): (WebCore::clearInlineCachedWrapper): (WebCore::getCachedWrapper): (WebCore::cacheWrapper): (WebCore::uncacheWrapper): (WebCore::wrap): (WebCore::toJS): (WebCore::toArrayBufferView): (WebCore::toInt8Array): (WebCore::toInt16Array): (WebCore::toInt32Array): (WebCore::toUint8Array): (WebCore::toUint8ClampedArray): (WebCore::toUint16Array): (WebCore::toUint32Array): (WebCore::toFloat32Array): (WebCore::toFloat64Array): (WebCore::toDataView): * bindings/js/JSDataViewCustom.cpp: Removed. * bindings/js/JSDictionary.cpp: * bindings/js/JSDictionary.h: * bindings/js/JSDocumentCustom.cpp: (WebCore::JSDocument::location): (WebCore::toJS): * bindings/js/JSEventCustom.cpp: (WebCore::toJS): * bindings/js/JSFileReaderCustom.cpp: * bindings/js/JSHTMLCollectionCustom.cpp: (WebCore::toJS): * bindings/js/JSHTMLTemplateElementCustom.cpp: (WebCore::JSHTMLTemplateElement::content): * bindings/js/JSImageDataCustom.cpp: (WebCore::toJS): * bindings/js/JSInjectedScriptHostCustom.cpp: * bindings/js/JSMessageEventCustom.cpp: * bindings/js/JSMessagePortCustom.cpp: * bindings/js/JSSVGPathSegCustom.cpp: (WebCore::toJS): * bindings/js/JSStyleSheetCustom.cpp: (WebCore::toJS): * bindings/js/JSTrackCustom.cpp: (WebCore::toJS): * bindings/js/JSWebGLRenderingContextCustom.cpp: * bindings/js/JSXMLHttpRequestCustom.cpp: (WebCore::JSXMLHttpRequest::send): * bindings/js/SerializedScriptValue.cpp: (WebCore::SerializedScriptValue::transferArrayBuffers): * bindings/js/WebCoreJSClientData.h: (WebCore::initNormalWorldClientData): * bindings/js/WebCoreTypedArrayController.cpp: Added. (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::toJS): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize): * bindings/js/WebCoreTypedArrayController.h: Added. (WebCore::WebCoreTypedArrayController::wrapperOwner): * bindings/scripts/CodeGenerator.pm: (ForAllParents): (ParseInterface): (SkipIncludeHeader): (IsTypedArrayType): (IsWrapperType): * bindings/scripts/CodeGeneratorJS.pm: (AddIncludesForType): (GenerateHeader): (GenerateImplementation): (GenerateParametersCheck): (GetNativeType): (JSValueToNative): (NativeToJSValue): (GenerateConstructorDefinition): (GenerateConstructorHelperMethods): * fileapi/WebKitBlobBuilder.cpp: (WebCore::BlobBuilder::append): * fileapi/WebKitBlobBuilder.h: * html/canvas/ArrayBuffer.idl: Removed. * html/canvas/ArrayBufferView.idl: Removed. * html/canvas/DataView.cpp: Removed. * html/canvas/DataView.h: Removed. * html/canvas/DataView.idl: Removed. * html/canvas/Float32Array.idl: Removed. * html/canvas/Float64Array.idl: Removed. * html/canvas/Int16Array.idl: Removed. * html/canvas/Int32Array.idl: Removed. * html/canvas/Int8Array.idl: Removed. * html/canvas/Uint16Array.idl: Removed. * html/canvas/Uint32Array.idl: Removed. * html/canvas/Uint8Array.idl: Removed. * html/canvas/Uint8ClampedArray.idl: Removed. * html/canvas/WebGLRenderingContext.cpp: (WebCore::WebGLRenderingContext::readPixels): (WebCore::WebGLRenderingContext::validateTexFuncData): * page/Crypto.cpp: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource): (WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData): * platform/graphics/filters/FECustomFilter.h: * platform/graphics/filters/FEGaussianBlur.cpp: * platform/graphics/filters/FilterEffect.cpp: * testing/MockCDM.cpp: Source/WebKit2: Reviewed by Oliver Hunt. You don't need to include JSUint8Array anymore if you just want to unwrap one; JSDOMBinding gives you all of the things you need. * WebProcess/InjectedBundle/InjectedBundle.cpp: Source/WTF: Reviewed by Oliver Hunt. - Added the notion of a reference counted object that can be marked Deferred, which is like a special-purpose upref. - Added a common byte flipper. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * GNUmakefile.list.am: * WTF.xcodeproj/project.pbxproj: * wtf/DeferrableRefCounted.h: Added. (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::hasOneRef): (WTF::DeferrableRefCountedBase::refCount): (WTF::DeferrableRefCountedBase::isDeferred): (WTF::DeferrableRefCountedBase::DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCountedBase::setIsDeferredBase): (WTF::DeferrableRefCounted::deref): (WTF::DeferrableRefCounted::setIsDeferred): (WTF::DeferrableRefCounted::DeferrableRefCounted): (WTF::DeferrableRefCounted::~DeferrableRefCounted): * wtf/FlipBytes.h: Added. (WTF::needToFlipBytesIfLittleEndian): (WTF::flipBytes): (WTF::flipBytesIfLittleEndian): LayoutTests: Reviewed by Oliver Hunt. * fast/canvas/webgl/array-set-invalid-arguments-expected.txt: * fast/canvas/webgl/array-set-out-of-bounds-expected.txt: * fast/canvas/webgl/array-unit-tests-expected.txt: * fast/canvas/webgl/array-unit-tests.html: * fast/canvas/webgl/data-view-crash-expected.txt: * fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js: (checkView): * fast/dom/call-a-constructor-as-a-function-expected.txt: * fast/dom/call-a-constructor-as-a-function.html: * fast/js/constructor-length.html: * fast/js/global-constructors-attributes-dedicated-worker-expected.txt: * fast/js/global-constructors-attributes-expected.txt: * fast/js/global-constructors-attributes-shared-worker-expected.txt: * fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added. * fast/js/regress/Int32Array-alloc-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-huge.html: Added. * fast/js/regress/Int32Array-alloc-large-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-large.html: Added. * fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-long-lived.html: Added. * fast/js/regress/Int32Array-alloc.html: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc.js: Added. * platform/mac/fast/js/constructor-length-expected.txt: * webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html: * webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html: Canonical link: https://commits.webkit.org/137806@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-08-15 20:43:06 +00:00
bool isDeferred() const
{
return !!(m_refCount & deferredFlag);
}
[Fetch API] Use Ref<const T> in FetchBody::m_data variant https://bugs.webkit.org/show_bug.cgi?id=162599 Patch by Youenn Fablet <youenn@apple.com> on 2016-09-27 Reviewed by Alex Christensen. Source/WebCore: Covered by existing tests. Using Ref<const T> for all variants of m_data except for FormData since FetchBody is actually creating it and may modifiy it. Updating blob loading code path to use a const Blob& instead of a Blob&. * Modules/fetch/FetchBody.cpp: (WebCore::FetchBody::FetchBody): (WebCore::FetchBody::extract): (WebCore::FetchBody::clone): * Modules/fetch/FetchBody.h: (WebCore::FetchBody::blobBody): (WebCore::FetchBody::arrayBufferBody): (WebCore::FetchBody::arrayBufferViewBody): * Modules/fetch/FetchBodyOwner.cpp: (WebCore::FetchBodyOwner::loadBlob): * Modules/fetch/FetchBodyOwner.h: * Modules/fetch/FetchLoader.cpp: (WebCore::FetchLoader::start): * Modules/fetch/FetchLoader.h: Source/WTF: Enabling to use DeferrableRefCounted<const T> by making m_refCount mutable. * wtf/DeferrableRefCounted.h: (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCounted::deref): Canonical link: https://commits.webkit.org/180554@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@206438 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-09-27 16:47:49 +00:00
Typed arrays should be rewritten https://bugs.webkit.org/show_bug.cgi?id=119064 .: Reviewed by Oliver Hunt. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * Source/autotools/symbols.filter: Source/JavaScriptCore: Reviewed by Oliver Hunt. Typed arrays were previously deficient in several major ways: - They were defined separately in WebCore and in the jsc shell. The two implementations were different, and the jsc shell one was basically wrong. The WebCore one was quite awful, also. - Typed arrays were not visible to the JIT except through some weird hooks. For example, the JIT could not ask "what is the Structure that this typed array would have if I just allocated it from this global object". Also, it was difficult to wire any of the typed array intrinsics, because most of the functionality wasn't visible anywhere in JSC. - Typed array allocation was brain-dead. Allocating a typed array involved two JS objects, two GC weak handles, and three malloc allocations. - Neutering. It involved keeping tabs on all native views but not the view wrappers, even though the native views can autoneuter just by asking the buffer if it was neutered anytime you touch them; while the JS view wrappers are the ones that you really want to reach out to. - Common case-ing. Most typed arrays have one buffer and one view, and usually nobody touches the buffer. Yet we created all of that stuff anyway, using data structures optimized for the case where you had a lot of views. - Semantic goofs. Typed arrays should, in the future, behave like ES features rather than DOM features, for example when it comes to exceptions. Firefox already does this and I agree with them. This patch cleanses our codebase of these sins: - Typed arrays are almost entirely defined in JSC. Only the lifecycle management of native references to buffers is left to WebCore. - Allocating a typed array requires either two GC allocations (a cell and a copied storage vector) or one GC allocation, a malloc allocation, and a weak handle (a cell and a malloc'd storage vector, plus a finalizer for the latter). The latter is only used for oversize arrays. Remember that before it was 7 allocations no matter what. - Typed arrays require just 4 words of overhead: Structure*, Butterfly*, mode/length, void* vector. Before it was a lot more than that - remember, there were five additional objects that did absolutely nothing for anybody. - Native views aren't tracked by the buffer, or by the wrappers. They are transient. In the future we'll probably switch to not even having them be malloc'd. - Native array buffers have an efficient way of tracking all of their JS view wrappers, both for neutering, and for lifecycle management. The GC special-cases native array buffers. This saves a bunch of grief; for example it means that a JS view wrapper can refer to its buffer via the butterfly, which would be dead by the time we went to finalize. - Typed array semantics now match Firefox, which also happens to be where the standards are going. The discussion on webkit-dev seemed to confirm that Chrome is also heading in this direction. This includes making Uint8ClampedArray not a subtype of Uint8Array, and getting rid of ArrayBufferView as a JS-visible construct. This is up to a 10x speed-up on programs that allocate a lot of typed arrays. It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for further typed array optimizations in the JSC JITs, including inlining typed array allocation, inlining more of the accessors, reducing the cost of type checks, etc. An additional property of this patch is that typed arrays are mostly implemented using templates. This deduplicates a bunch of code, but does mean that we need some hacks for exporting s_info's of template classes. See JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly low-impact compared to code duplication. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * CMakeLists.txt: * DerivedSources.make: * GNUmakefile.list.am: * JSCTypedArrayStubs.h: Removed. * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * bytecode/ByValInfo.h: (JSC::hasOptimizableIndexingForClassInfo): (JSC::jitArrayModeForClassInfo): (JSC::typedArrayTypeForJITArrayMode): * bytecode/SpeculatedType.cpp: (JSC::speculationFromClassInfo): * dfg/DFGArrayMode.cpp: (JSC::DFG::toTypedArrayType): * dfg/DFGArrayMode.h: (JSC::DFG::ArrayMode::typedArrayType): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetArrayLength): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * heap/CopyToken.h: * heap/DeferGC.h: (JSC::DeferGCForAWhile::DeferGCForAWhile): (JSC::DeferGCForAWhile::~DeferGCForAWhile): * heap/GCIncomingRefCounted.h: Added. (JSC::GCIncomingRefCounted::GCIncomingRefCounted): (JSC::GCIncomingRefCounted::~GCIncomingRefCounted): (JSC::GCIncomingRefCounted::numberOfIncomingReferences): (JSC::GCIncomingRefCounted::incomingReferenceAt): (JSC::GCIncomingRefCounted::singletonFlag): (JSC::GCIncomingRefCounted::hasVectorOfCells): (JSC::GCIncomingRefCounted::hasAnyIncoming): (JSC::GCIncomingRefCounted::hasSingleton): (JSC::GCIncomingRefCounted::singleton): (JSC::GCIncomingRefCounted::vectorOfCells): * heap/GCIncomingRefCountedInlines.h: Added. (JSC::::addIncomingReference): (JSC::::filterIncomingReferences): * heap/GCIncomingRefCountedSet.h: Added. (JSC::GCIncomingRefCountedSet::size): * heap/GCIncomingRefCountedSetInlines.h: Added. (JSC::::GCIncomingRefCountedSet): (JSC::::~GCIncomingRefCountedSet): (JSC::::addReference): (JSC::::sweep): (JSC::::removeAll): (JSC::::removeDead): * heap/Heap.cpp: (JSC::Heap::addReference): (JSC::Heap::extraSize): (JSC::Heap::size): (JSC::Heap::capacity): (JSC::Heap::collect): (JSC::Heap::decrementDeferralDepth): (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): * heap/Heap.h: * interpreter/CallFrame.h: (JSC::ExecState::dataViewTable): * jit/JIT.h: * jit/JITPropertyAccess.cpp: (JSC::JIT::privateCompileGetByVal): (JSC::JIT::privateCompilePutByVal): (JSC::JIT::emitIntTypedArrayGetByVal): (JSC::JIT::emitFloatTypedArrayGetByVal): (JSC::JIT::emitIntTypedArrayPutByVal): (JSC::JIT::emitFloatTypedArrayPutByVal): * jsc.cpp: (GlobalObject::finishCreation): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::ArrayBuffer): (JSC::ArrayBuffer::gcSizeEstimateInBytes): (JSC::ArrayBuffer::pin): (JSC::ArrayBuffer::unpin): (JSC::ArrayBufferContents::tryAllocate): * runtime/ArrayBufferView.cpp: (JSC::ArrayBufferView::ArrayBufferView): (JSC::ArrayBufferView::~ArrayBufferView): (JSC::ArrayBufferView::setNeuterable): * runtime/ArrayBufferView.h: (JSC::ArrayBufferView::isNeutered): (JSC::ArrayBufferView::buffer): (JSC::ArrayBufferView::baseAddress): (JSC::ArrayBufferView::byteOffset): (JSC::ArrayBufferView::verifySubRange): (JSC::ArrayBufferView::clampOffsetAndNumElements): (JSC::ArrayBufferView::calculateOffsetAndLength): * runtime/ClassInfo.h: * runtime/CommonIdentifiers.h: * runtime/DataView.cpp: Added. (JSC::DataView::DataView): (JSC::DataView::create): (JSC::DataView::wrap): * runtime/DataView.h: Added. (JSC::DataView::byteLength): (JSC::DataView::getType): (JSC::DataView::get): (JSC::DataView::set): * runtime/Float32Array.h: * runtime/Float64Array.h: * runtime/GenericTypedArrayView.h: Added. (JSC::GenericTypedArrayView::data): (JSC::GenericTypedArrayView::set): (JSC::GenericTypedArrayView::setRange): (JSC::GenericTypedArrayView::zeroRange): (JSC::GenericTypedArrayView::zeroFill): (JSC::GenericTypedArrayView::length): (JSC::GenericTypedArrayView::byteLength): (JSC::GenericTypedArrayView::item): (JSC::GenericTypedArrayView::checkInboundData): (JSC::GenericTypedArrayView::getType): * runtime/GenericTypedArrayViewInlines.h: Added. (JSC::::GenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::subarray): (JSC::::wrap): * runtime/IndexingHeader.h: (JSC::IndexingHeader::arrayBuffer): (JSC::IndexingHeader::setArrayBuffer): * runtime/Int16Array.h: * runtime/Int32Array.h: * runtime/Int8Array.h: * runtime/JSArrayBuffer.cpp: Added. (JSC::JSArrayBuffer::JSArrayBuffer): (JSC::JSArrayBuffer::finishCreation): (JSC::JSArrayBuffer::create): (JSC::JSArrayBuffer::createStructure): (JSC::JSArrayBuffer::getOwnPropertySlot): (JSC::JSArrayBuffer::getOwnPropertyDescriptor): (JSC::JSArrayBuffer::put): (JSC::JSArrayBuffer::defineOwnProperty): (JSC::JSArrayBuffer::deleteProperty): (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames): * runtime/JSArrayBuffer.h: Added. (JSC::JSArrayBuffer::impl): (JSC::toArrayBuffer): * runtime/JSArrayBufferConstructor.cpp: Added. (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor): (JSC::JSArrayBufferConstructor::finishCreation): (JSC::JSArrayBufferConstructor::create): (JSC::JSArrayBufferConstructor::createStructure): (JSC::constructArrayBuffer): (JSC::JSArrayBufferConstructor::getConstructData): (JSC::JSArrayBufferConstructor::getCallData): * runtime/JSArrayBufferConstructor.h: Added. * runtime/JSArrayBufferPrototype.cpp: Added. (JSC::arrayBufferProtoFuncSlice): (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype): (JSC::JSArrayBufferPrototype::finishCreation): (JSC::JSArrayBufferPrototype::create): (JSC::JSArrayBufferPrototype::createStructure): * runtime/JSArrayBufferPrototype.h: Added. * runtime/JSArrayBufferView.cpp: Added. (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): (JSC::JSArrayBufferView::JSArrayBufferView): (JSC::JSArrayBufferView::finishCreation): (JSC::JSArrayBufferView::getOwnPropertySlot): (JSC::JSArrayBufferView::getOwnPropertyDescriptor): (JSC::JSArrayBufferView::put): (JSC::JSArrayBufferView::defineOwnProperty): (JSC::JSArrayBufferView::deleteProperty): (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames): (JSC::JSArrayBufferView::finalize): * runtime/JSArrayBufferView.h: Added. (JSC::JSArrayBufferView::sizeOf): (JSC::JSArrayBufferView::ConstructionContext::operator!): (JSC::JSArrayBufferView::ConstructionContext::structure): (JSC::JSArrayBufferView::ConstructionContext::vector): (JSC::JSArrayBufferView::ConstructionContext::length): (JSC::JSArrayBufferView::ConstructionContext::mode): (JSC::JSArrayBufferView::ConstructionContext::butterfly): (JSC::JSArrayBufferView::mode): (JSC::JSArrayBufferView::vector): (JSC::JSArrayBufferView::length): (JSC::JSArrayBufferView::offsetOfVector): (JSC::JSArrayBufferView::offsetOfLength): (JSC::JSArrayBufferView::offsetOfMode): * runtime/JSArrayBufferViewInlines.h: Added. (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary): (JSC::JSArrayBufferView::buffer): (JSC::JSArrayBufferView::impl): (JSC::JSArrayBufferView::neuter): (JSC::JSArrayBufferView::byteOffset): * runtime/JSCell.cpp: (JSC::JSCell::slowDownAndWasteMemory): (JSC::JSCell::getTypedArrayImpl): * runtime/JSCell.h: * runtime/JSDataView.cpp: Added. (JSC::JSDataView::JSDataView): (JSC::JSDataView::create): (JSC::JSDataView::createUninitialized): (JSC::JSDataView::set): (JSC::JSDataView::typedImpl): (JSC::JSDataView::getOwnPropertySlot): (JSC::JSDataView::getOwnPropertyDescriptor): (JSC::JSDataView::slowDownAndWasteMemory): (JSC::JSDataView::getTypedArrayImpl): (JSC::JSDataView::createStructure): * runtime/JSDataView.h: Added. * runtime/JSDataViewPrototype.cpp: Added. (JSC::JSDataViewPrototype::JSDataViewPrototype): (JSC::JSDataViewPrototype::create): (JSC::JSDataViewPrototype::createStructure): (JSC::JSDataViewPrototype::getOwnPropertySlot): (JSC::JSDataViewPrototype::getOwnPropertyDescriptor): (JSC::getData): (JSC::setData): (JSC::dataViewProtoFuncGetInt8): (JSC::dataViewProtoFuncGetInt16): (JSC::dataViewProtoFuncGetInt32): (JSC::dataViewProtoFuncGetUint8): (JSC::dataViewProtoFuncGetUint16): (JSC::dataViewProtoFuncGetUint32): (JSC::dataViewProtoFuncGetFloat32): (JSC::dataViewProtoFuncGetFloat64): (JSC::dataViewProtoFuncSetInt8): (JSC::dataViewProtoFuncSetInt16): (JSC::dataViewProtoFuncSetInt32): (JSC::dataViewProtoFuncSetUint8): (JSC::dataViewProtoFuncSetUint16): (JSC::dataViewProtoFuncSetUint32): (JSC::dataViewProtoFuncSetFloat32): (JSC::dataViewProtoFuncSetFloat64): * runtime/JSDataViewPrototype.h: Added. * runtime/JSFloat32Array.h: Added. * runtime/JSFloat64Array.h: Added. * runtime/JSGenericTypedArrayView.h: Added. (JSC::JSGenericTypedArrayView::byteLength): (JSC::JSGenericTypedArrayView::byteSize): (JSC::JSGenericTypedArrayView::typedVector): (JSC::JSGenericTypedArrayView::canGetIndexQuickly): (JSC::JSGenericTypedArrayView::canSetIndexQuickly): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble): (JSC::JSGenericTypedArrayView::getIndexQuickly): (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue): (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble): (JSC::JSGenericTypedArrayView::setIndexQuickly): (JSC::JSGenericTypedArrayView::canAccessRangeQuickly): (JSC::JSGenericTypedArrayView::typedImpl): (JSC::JSGenericTypedArrayView::createStructure): (JSC::JSGenericTypedArrayView::info): (JSC::toNativeTypedView): * runtime/JSGenericTypedArrayViewConstructor.h: Added. * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added. (JSC::::JSGenericTypedArrayViewConstructor): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): (JSC::constructGenericTypedArrayView): (JSC::::getConstructData): (JSC::::getCallData): * runtime/JSGenericTypedArrayViewInlines.h: Added. (JSC::::JSGenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::validateRange): (JSC::::setWithSpecificType): (JSC::::set): (JSC::::getOwnPropertySlot): (JSC::::getOwnPropertyDescriptor): (JSC::::put): (JSC::::defineOwnProperty): (JSC::::deleteProperty): (JSC::::getOwnPropertySlotByIndex): (JSC::::putByIndex): (JSC::::deletePropertyByIndex): (JSC::::getOwnNonIndexPropertyNames): (JSC::::getOwnPropertyNames): (JSC::::visitChildren): (JSC::::copyBackingStore): (JSC::::slowDownAndWasteMemory): (JSC::::getTypedArrayImpl): * runtime/JSGenericTypedArrayViewPrototype.h: Added. * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added. (JSC::genericTypedArrayViewProtoFuncSet): (JSC::genericTypedArrayViewProtoFuncSubarray): (JSC::::JSGenericTypedArrayViewPrototype): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren): * runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype): (JSC::JSGlobalObject::arrayBufferStructure): (JSC::JSGlobalObject::typedArrayStructure): * runtime/JSInt16Array.h: Added. * runtime/JSInt32Array.h: Added. * runtime/JSInt8Array.h: Added. * runtime/JSTypedArrayConstructors.cpp: Added. * runtime/JSTypedArrayConstructors.h: Added. * runtime/JSTypedArrayPrototypes.cpp: Added. * runtime/JSTypedArrayPrototypes.h: Added. * runtime/JSTypedArrays.cpp: Added. * runtime/JSTypedArrays.h: Added. * runtime/JSUint16Array.h: Added. * runtime/JSUint32Array.h: Added. * runtime/JSUint8Array.h: Added. * runtime/JSUint8ClampedArray.h: Added. * runtime/Operations.h: * runtime/Options.h: * runtime/SimpleTypedArrayController.cpp: Added. (JSC::SimpleTypedArrayController::SimpleTypedArrayController): (JSC::SimpleTypedArrayController::~SimpleTypedArrayController): (JSC::SimpleTypedArrayController::toJS): * runtime/SimpleTypedArrayController.h: Added. * runtime/Structure.h: (JSC::Structure::couldHaveIndexingHeader): * runtime/StructureInlines.h: (JSC::Structure::hasIndexingHeader): * runtime/TypedArrayAdaptors.h: Added. (JSC::IntegralTypedArrayAdaptor::toNative): (JSC::IntegralTypedArrayAdaptor::toJSValue): (JSC::IntegralTypedArrayAdaptor::toDouble): (JSC::FloatTypedArrayAdaptor::toNative): (JSC::FloatTypedArrayAdaptor::toJSValue): (JSC::FloatTypedArrayAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::toNative): (JSC::Uint8ClampedAdaptor::toJSValue): (JSC::Uint8ClampedAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::clamp): * runtime/TypedArrayController.cpp: Added. (JSC::TypedArrayController::TypedArrayController): (JSC::TypedArrayController::~TypedArrayController): * runtime/TypedArrayController.h: Added. * runtime/TypedArrayDescriptor.h: Removed. * runtime/TypedArrayInlines.h: Added. * runtime/TypedArrayType.cpp: Added. (JSC::classInfoForType): (WTF::printInternal): * runtime/TypedArrayType.h: Added. (JSC::toIndex): (JSC::isTypedView): (JSC::elementSize): (JSC::isInt): (JSC::isFloat): (JSC::isSigned): (JSC::isClamped): * runtime/TypedArrays.h: Added. * runtime/Uint16Array.h: * runtime/Uint32Array.h: * runtime/Uint8Array.h: * runtime/Uint8ClampedArray.h: * runtime/VM.cpp: (JSC::VM::VM): (JSC::VM::~VM): * runtime/VM.h: Source/WebCore: Reviewed by Oliver Hunt. Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a client of them. There is only one layering violation: WebCore installs a WebCoreTypedArrayController on VM, which makes the ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default, JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer alive but if ArrayBuffer is kept alive from native code then the JSArrayByffer may die. WebCoreTypedArrayController will keep the JSArrayBuffer alive if the ArrayBuffer is in the opaque root set. To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is changed to make most references to wrappers refer to JSObject* rather than JSDOMWrapper*. Array buffer views are now transient; the JS array buffer view wrappers don't own them or keep them alive. This required a bunch of changes to make bindings code use RefPtr<ArrayBufferView> to hold onto their views. Also there is a bunch of new code to make JSC-provided array buffers and views obey the toJS/to<ClassName> idiom for wrapping and unwrapping. Finally, the DataView API is now completely different: the JSDataView provides the same user-visible JS API but using its own internal magic; the C++ code that uses DataView now uses a rather different API that is not aware of usual DOM semantics, since it's in JSC and not WebCore. It's equally useful for all of WebCore's purposes, but some code had to change to adapt the new conventions. Some tests have been changed or rebased due to changes in behavior, that bring us into conformance with where the standards are going and allow us to match Firefox behavior. Automake work and some additional GTK changes courtesy of Zan Dobersek <zdobersek@igalia.com>. Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>. * CMakeLists.txt: * DerivedSources.make: * ForwardingHeaders/runtime/DataView.h: Added. * ForwardingHeaders/runtime/JSArrayBuffer.h: Added. * ForwardingHeaders/runtime/JSArrayBufferView.h: Added. * ForwardingHeaders/runtime/JSDataView.h: Added. * ForwardingHeaders/runtime/JSTypedArrays.h: Added. * ForwardingHeaders/runtime/TypedArrayController.h: Added. * ForwardingHeaders/runtime/TypedArrayInlines.h: Added. * ForwardingHeaders/runtime/TypedArrays.h: Added. * GNUmakefile.list.am: * Modules/webaudio/RealtimeAnalyser.h: * Target.pri: * UseJSC.cmake: * WebCore.exp.in: * WebCore.vcxproj/WebCore.vcxproj: * WebCore.xcodeproj/project.pbxproj: * bindings/js/DOMWrapperWorld.h: * bindings/js/JSArrayBufferCustom.cpp: Removed. * bindings/js/JSArrayBufferViewHelper.h: Removed. * bindings/js/JSAudioContextCustom.cpp: * bindings/js/JSBindingsAllInOne.cpp: * bindings/js/JSBlobCustom.cpp: * bindings/js/JSCSSRuleCustom.cpp: (WebCore::toJS): * bindings/js/JSCSSValueCustom.cpp: (WebCore::toJS): * bindings/js/JSCryptoCustom.cpp: (WebCore::JSCrypto::getRandomValues): * bindings/js/JSDOMBinding.h: (WebCore::wrapperOwner): (WebCore::wrapperContext): (WebCore::getInlineCachedWrapper): (WebCore::setInlineCachedWrapper): (WebCore::clearInlineCachedWrapper): (WebCore::getCachedWrapper): (WebCore::cacheWrapper): (WebCore::uncacheWrapper): (WebCore::wrap): (WebCore::toJS): (WebCore::toArrayBufferView): (WebCore::toInt8Array): (WebCore::toInt16Array): (WebCore::toInt32Array): (WebCore::toUint8Array): (WebCore::toUint8ClampedArray): (WebCore::toUint16Array): (WebCore::toUint32Array): (WebCore::toFloat32Array): (WebCore::toFloat64Array): (WebCore::toDataView): * bindings/js/JSDataViewCustom.cpp: Removed. * bindings/js/JSDictionary.cpp: * bindings/js/JSDictionary.h: * bindings/js/JSDocumentCustom.cpp: (WebCore::JSDocument::location): (WebCore::toJS): * bindings/js/JSEventCustom.cpp: (WebCore::toJS): * bindings/js/JSFileReaderCustom.cpp: * bindings/js/JSHTMLCollectionCustom.cpp: (WebCore::toJS): * bindings/js/JSHTMLTemplateElementCustom.cpp: (WebCore::JSHTMLTemplateElement::content): * bindings/js/JSImageDataCustom.cpp: (WebCore::toJS): * bindings/js/JSInjectedScriptHostCustom.cpp: * bindings/js/JSMessageEventCustom.cpp: * bindings/js/JSMessagePortCustom.cpp: * bindings/js/JSSVGPathSegCustom.cpp: (WebCore::toJS): * bindings/js/JSStyleSheetCustom.cpp: (WebCore::toJS): * bindings/js/JSTrackCustom.cpp: (WebCore::toJS): * bindings/js/JSWebGLRenderingContextCustom.cpp: * bindings/js/JSXMLHttpRequestCustom.cpp: (WebCore::JSXMLHttpRequest::send): * bindings/js/SerializedScriptValue.cpp: (WebCore::SerializedScriptValue::transferArrayBuffers): * bindings/js/WebCoreJSClientData.h: (WebCore::initNormalWorldClientData): * bindings/js/WebCoreTypedArrayController.cpp: Added. (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::toJS): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize): * bindings/js/WebCoreTypedArrayController.h: Added. (WebCore::WebCoreTypedArrayController::wrapperOwner): * bindings/scripts/CodeGenerator.pm: (ForAllParents): (ParseInterface): (SkipIncludeHeader): (IsTypedArrayType): (IsWrapperType): * bindings/scripts/CodeGeneratorJS.pm: (AddIncludesForType): (GenerateHeader): (GenerateImplementation): (GenerateParametersCheck): (GetNativeType): (JSValueToNative): (NativeToJSValue): (GenerateConstructorDefinition): (GenerateConstructorHelperMethods): * fileapi/WebKitBlobBuilder.cpp: (WebCore::BlobBuilder::append): * fileapi/WebKitBlobBuilder.h: * html/canvas/ArrayBuffer.idl: Removed. * html/canvas/ArrayBufferView.idl: Removed. * html/canvas/DataView.cpp: Removed. * html/canvas/DataView.h: Removed. * html/canvas/DataView.idl: Removed. * html/canvas/Float32Array.idl: Removed. * html/canvas/Float64Array.idl: Removed. * html/canvas/Int16Array.idl: Removed. * html/canvas/Int32Array.idl: Removed. * html/canvas/Int8Array.idl: Removed. * html/canvas/Uint16Array.idl: Removed. * html/canvas/Uint32Array.idl: Removed. * html/canvas/Uint8Array.idl: Removed. * html/canvas/Uint8ClampedArray.idl: Removed. * html/canvas/WebGLRenderingContext.cpp: (WebCore::WebGLRenderingContext::readPixels): (WebCore::WebGLRenderingContext::validateTexFuncData): * page/Crypto.cpp: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource): (WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData): * platform/graphics/filters/FECustomFilter.h: * platform/graphics/filters/FEGaussianBlur.cpp: * platform/graphics/filters/FilterEffect.cpp: * testing/MockCDM.cpp: Source/WebKit2: Reviewed by Oliver Hunt. You don't need to include JSUint8Array anymore if you just want to unwrap one; JSDOMBinding gives you all of the things you need. * WebProcess/InjectedBundle/InjectedBundle.cpp: Source/WTF: Reviewed by Oliver Hunt. - Added the notion of a reference counted object that can be marked Deferred, which is like a special-purpose upref. - Added a common byte flipper. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * GNUmakefile.list.am: * WTF.xcodeproj/project.pbxproj: * wtf/DeferrableRefCounted.h: Added. (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::hasOneRef): (WTF::DeferrableRefCountedBase::refCount): (WTF::DeferrableRefCountedBase::isDeferred): (WTF::DeferrableRefCountedBase::DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCountedBase::setIsDeferredBase): (WTF::DeferrableRefCounted::deref): (WTF::DeferrableRefCounted::setIsDeferred): (WTF::DeferrableRefCounted::DeferrableRefCounted): (WTF::DeferrableRefCounted::~DeferrableRefCounted): * wtf/FlipBytes.h: Added. (WTF::needToFlipBytesIfLittleEndian): (WTF::flipBytes): (WTF::flipBytesIfLittleEndian): LayoutTests: Reviewed by Oliver Hunt. * fast/canvas/webgl/array-set-invalid-arguments-expected.txt: * fast/canvas/webgl/array-set-out-of-bounds-expected.txt: * fast/canvas/webgl/array-unit-tests-expected.txt: * fast/canvas/webgl/array-unit-tests.html: * fast/canvas/webgl/data-view-crash-expected.txt: * fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js: (checkView): * fast/dom/call-a-constructor-as-a-function-expected.txt: * fast/dom/call-a-constructor-as-a-function.html: * fast/js/constructor-length.html: * fast/js/global-constructors-attributes-dedicated-worker-expected.txt: * fast/js/global-constructors-attributes-expected.txt: * fast/js/global-constructors-attributes-shared-worker-expected.txt: * fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added. * fast/js/regress/Int32Array-alloc-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-huge.html: Added. * fast/js/regress/Int32Array-alloc-large-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-large.html: Added. * fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-long-lived.html: Added. * fast/js/regress/Int32Array-alloc.html: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc.js: Added. * platform/mac/fast/js/constructor-length-expected.txt: * webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html: * webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html: Canonical link: https://commits.webkit.org/137806@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-08-15 20:43:06 +00:00
protected:
DeferrableRefCountedBase()
: m_refCount(normalIncrement)
{
}
[Fetch API] Use Ref<const T> in FetchBody::m_data variant https://bugs.webkit.org/show_bug.cgi?id=162599 Patch by Youenn Fablet <youenn@apple.com> on 2016-09-27 Reviewed by Alex Christensen. Source/WebCore: Covered by existing tests. Using Ref<const T> for all variants of m_data except for FormData since FetchBody is actually creating it and may modifiy it. Updating blob loading code path to use a const Blob& instead of a Blob&. * Modules/fetch/FetchBody.cpp: (WebCore::FetchBody::FetchBody): (WebCore::FetchBody::extract): (WebCore::FetchBody::clone): * Modules/fetch/FetchBody.h: (WebCore::FetchBody::blobBody): (WebCore::FetchBody::arrayBufferBody): (WebCore::FetchBody::arrayBufferViewBody): * Modules/fetch/FetchBodyOwner.cpp: (WebCore::FetchBodyOwner::loadBlob): * Modules/fetch/FetchBodyOwner.h: * Modules/fetch/FetchLoader.cpp: (WebCore::FetchLoader::start): * Modules/fetch/FetchLoader.h: Source/WTF: Enabling to use DeferrableRefCounted<const T> by making m_refCount mutable. * wtf/DeferrableRefCounted.h: (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCounted::deref): Canonical link: https://commits.webkit.org/180554@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@206438 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-09-27 16:47:49 +00:00
Typed arrays should be rewritten https://bugs.webkit.org/show_bug.cgi?id=119064 .: Reviewed by Oliver Hunt. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * Source/autotools/symbols.filter: Source/JavaScriptCore: Reviewed by Oliver Hunt. Typed arrays were previously deficient in several major ways: - They were defined separately in WebCore and in the jsc shell. The two implementations were different, and the jsc shell one was basically wrong. The WebCore one was quite awful, also. - Typed arrays were not visible to the JIT except through some weird hooks. For example, the JIT could not ask "what is the Structure that this typed array would have if I just allocated it from this global object". Also, it was difficult to wire any of the typed array intrinsics, because most of the functionality wasn't visible anywhere in JSC. - Typed array allocation was brain-dead. Allocating a typed array involved two JS objects, two GC weak handles, and three malloc allocations. - Neutering. It involved keeping tabs on all native views but not the view wrappers, even though the native views can autoneuter just by asking the buffer if it was neutered anytime you touch them; while the JS view wrappers are the ones that you really want to reach out to. - Common case-ing. Most typed arrays have one buffer and one view, and usually nobody touches the buffer. Yet we created all of that stuff anyway, using data structures optimized for the case where you had a lot of views. - Semantic goofs. Typed arrays should, in the future, behave like ES features rather than DOM features, for example when it comes to exceptions. Firefox already does this and I agree with them. This patch cleanses our codebase of these sins: - Typed arrays are almost entirely defined in JSC. Only the lifecycle management of native references to buffers is left to WebCore. - Allocating a typed array requires either two GC allocations (a cell and a copied storage vector) or one GC allocation, a malloc allocation, and a weak handle (a cell and a malloc'd storage vector, plus a finalizer for the latter). The latter is only used for oversize arrays. Remember that before it was 7 allocations no matter what. - Typed arrays require just 4 words of overhead: Structure*, Butterfly*, mode/length, void* vector. Before it was a lot more than that - remember, there were five additional objects that did absolutely nothing for anybody. - Native views aren't tracked by the buffer, or by the wrappers. They are transient. In the future we'll probably switch to not even having them be malloc'd. - Native array buffers have an efficient way of tracking all of their JS view wrappers, both for neutering, and for lifecycle management. The GC special-cases native array buffers. This saves a bunch of grief; for example it means that a JS view wrapper can refer to its buffer via the butterfly, which would be dead by the time we went to finalize. - Typed array semantics now match Firefox, which also happens to be where the standards are going. The discussion on webkit-dev seemed to confirm that Chrome is also heading in this direction. This includes making Uint8ClampedArray not a subtype of Uint8Array, and getting rid of ArrayBufferView as a JS-visible construct. This is up to a 10x speed-up on programs that allocate a lot of typed arrays. It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for further typed array optimizations in the JSC JITs, including inlining typed array allocation, inlining more of the accessors, reducing the cost of type checks, etc. An additional property of this patch is that typed arrays are mostly implemented using templates. This deduplicates a bunch of code, but does mean that we need some hacks for exporting s_info's of template classes. See JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly low-impact compared to code duplication. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * CMakeLists.txt: * DerivedSources.make: * GNUmakefile.list.am: * JSCTypedArrayStubs.h: Removed. * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * bytecode/ByValInfo.h: (JSC::hasOptimizableIndexingForClassInfo): (JSC::jitArrayModeForClassInfo): (JSC::typedArrayTypeForJITArrayMode): * bytecode/SpeculatedType.cpp: (JSC::speculationFromClassInfo): * dfg/DFGArrayMode.cpp: (JSC::DFG::toTypedArrayType): * dfg/DFGArrayMode.h: (JSC::DFG::ArrayMode::typedArrayType): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetArrayLength): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * heap/CopyToken.h: * heap/DeferGC.h: (JSC::DeferGCForAWhile::DeferGCForAWhile): (JSC::DeferGCForAWhile::~DeferGCForAWhile): * heap/GCIncomingRefCounted.h: Added. (JSC::GCIncomingRefCounted::GCIncomingRefCounted): (JSC::GCIncomingRefCounted::~GCIncomingRefCounted): (JSC::GCIncomingRefCounted::numberOfIncomingReferences): (JSC::GCIncomingRefCounted::incomingReferenceAt): (JSC::GCIncomingRefCounted::singletonFlag): (JSC::GCIncomingRefCounted::hasVectorOfCells): (JSC::GCIncomingRefCounted::hasAnyIncoming): (JSC::GCIncomingRefCounted::hasSingleton): (JSC::GCIncomingRefCounted::singleton): (JSC::GCIncomingRefCounted::vectorOfCells): * heap/GCIncomingRefCountedInlines.h: Added. (JSC::::addIncomingReference): (JSC::::filterIncomingReferences): * heap/GCIncomingRefCountedSet.h: Added. (JSC::GCIncomingRefCountedSet::size): * heap/GCIncomingRefCountedSetInlines.h: Added. (JSC::::GCIncomingRefCountedSet): (JSC::::~GCIncomingRefCountedSet): (JSC::::addReference): (JSC::::sweep): (JSC::::removeAll): (JSC::::removeDead): * heap/Heap.cpp: (JSC::Heap::addReference): (JSC::Heap::extraSize): (JSC::Heap::size): (JSC::Heap::capacity): (JSC::Heap::collect): (JSC::Heap::decrementDeferralDepth): (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): * heap/Heap.h: * interpreter/CallFrame.h: (JSC::ExecState::dataViewTable): * jit/JIT.h: * jit/JITPropertyAccess.cpp: (JSC::JIT::privateCompileGetByVal): (JSC::JIT::privateCompilePutByVal): (JSC::JIT::emitIntTypedArrayGetByVal): (JSC::JIT::emitFloatTypedArrayGetByVal): (JSC::JIT::emitIntTypedArrayPutByVal): (JSC::JIT::emitFloatTypedArrayPutByVal): * jsc.cpp: (GlobalObject::finishCreation): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::ArrayBuffer): (JSC::ArrayBuffer::gcSizeEstimateInBytes): (JSC::ArrayBuffer::pin): (JSC::ArrayBuffer::unpin): (JSC::ArrayBufferContents::tryAllocate): * runtime/ArrayBufferView.cpp: (JSC::ArrayBufferView::ArrayBufferView): (JSC::ArrayBufferView::~ArrayBufferView): (JSC::ArrayBufferView::setNeuterable): * runtime/ArrayBufferView.h: (JSC::ArrayBufferView::isNeutered): (JSC::ArrayBufferView::buffer): (JSC::ArrayBufferView::baseAddress): (JSC::ArrayBufferView::byteOffset): (JSC::ArrayBufferView::verifySubRange): (JSC::ArrayBufferView::clampOffsetAndNumElements): (JSC::ArrayBufferView::calculateOffsetAndLength): * runtime/ClassInfo.h: * runtime/CommonIdentifiers.h: * runtime/DataView.cpp: Added. (JSC::DataView::DataView): (JSC::DataView::create): (JSC::DataView::wrap): * runtime/DataView.h: Added. (JSC::DataView::byteLength): (JSC::DataView::getType): (JSC::DataView::get): (JSC::DataView::set): * runtime/Float32Array.h: * runtime/Float64Array.h: * runtime/GenericTypedArrayView.h: Added. (JSC::GenericTypedArrayView::data): (JSC::GenericTypedArrayView::set): (JSC::GenericTypedArrayView::setRange): (JSC::GenericTypedArrayView::zeroRange): (JSC::GenericTypedArrayView::zeroFill): (JSC::GenericTypedArrayView::length): (JSC::GenericTypedArrayView::byteLength): (JSC::GenericTypedArrayView::item): (JSC::GenericTypedArrayView::checkInboundData): (JSC::GenericTypedArrayView::getType): * runtime/GenericTypedArrayViewInlines.h: Added. (JSC::::GenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::subarray): (JSC::::wrap): * runtime/IndexingHeader.h: (JSC::IndexingHeader::arrayBuffer): (JSC::IndexingHeader::setArrayBuffer): * runtime/Int16Array.h: * runtime/Int32Array.h: * runtime/Int8Array.h: * runtime/JSArrayBuffer.cpp: Added. (JSC::JSArrayBuffer::JSArrayBuffer): (JSC::JSArrayBuffer::finishCreation): (JSC::JSArrayBuffer::create): (JSC::JSArrayBuffer::createStructure): (JSC::JSArrayBuffer::getOwnPropertySlot): (JSC::JSArrayBuffer::getOwnPropertyDescriptor): (JSC::JSArrayBuffer::put): (JSC::JSArrayBuffer::defineOwnProperty): (JSC::JSArrayBuffer::deleteProperty): (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames): * runtime/JSArrayBuffer.h: Added. (JSC::JSArrayBuffer::impl): (JSC::toArrayBuffer): * runtime/JSArrayBufferConstructor.cpp: Added. (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor): (JSC::JSArrayBufferConstructor::finishCreation): (JSC::JSArrayBufferConstructor::create): (JSC::JSArrayBufferConstructor::createStructure): (JSC::constructArrayBuffer): (JSC::JSArrayBufferConstructor::getConstructData): (JSC::JSArrayBufferConstructor::getCallData): * runtime/JSArrayBufferConstructor.h: Added. * runtime/JSArrayBufferPrototype.cpp: Added. (JSC::arrayBufferProtoFuncSlice): (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype): (JSC::JSArrayBufferPrototype::finishCreation): (JSC::JSArrayBufferPrototype::create): (JSC::JSArrayBufferPrototype::createStructure): * runtime/JSArrayBufferPrototype.h: Added. * runtime/JSArrayBufferView.cpp: Added. (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): (JSC::JSArrayBufferView::JSArrayBufferView): (JSC::JSArrayBufferView::finishCreation): (JSC::JSArrayBufferView::getOwnPropertySlot): (JSC::JSArrayBufferView::getOwnPropertyDescriptor): (JSC::JSArrayBufferView::put): (JSC::JSArrayBufferView::defineOwnProperty): (JSC::JSArrayBufferView::deleteProperty): (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames): (JSC::JSArrayBufferView::finalize): * runtime/JSArrayBufferView.h: Added. (JSC::JSArrayBufferView::sizeOf): (JSC::JSArrayBufferView::ConstructionContext::operator!): (JSC::JSArrayBufferView::ConstructionContext::structure): (JSC::JSArrayBufferView::ConstructionContext::vector): (JSC::JSArrayBufferView::ConstructionContext::length): (JSC::JSArrayBufferView::ConstructionContext::mode): (JSC::JSArrayBufferView::ConstructionContext::butterfly): (JSC::JSArrayBufferView::mode): (JSC::JSArrayBufferView::vector): (JSC::JSArrayBufferView::length): (JSC::JSArrayBufferView::offsetOfVector): (JSC::JSArrayBufferView::offsetOfLength): (JSC::JSArrayBufferView::offsetOfMode): * runtime/JSArrayBufferViewInlines.h: Added. (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary): (JSC::JSArrayBufferView::buffer): (JSC::JSArrayBufferView::impl): (JSC::JSArrayBufferView::neuter): (JSC::JSArrayBufferView::byteOffset): * runtime/JSCell.cpp: (JSC::JSCell::slowDownAndWasteMemory): (JSC::JSCell::getTypedArrayImpl): * runtime/JSCell.h: * runtime/JSDataView.cpp: Added. (JSC::JSDataView::JSDataView): (JSC::JSDataView::create): (JSC::JSDataView::createUninitialized): (JSC::JSDataView::set): (JSC::JSDataView::typedImpl): (JSC::JSDataView::getOwnPropertySlot): (JSC::JSDataView::getOwnPropertyDescriptor): (JSC::JSDataView::slowDownAndWasteMemory): (JSC::JSDataView::getTypedArrayImpl): (JSC::JSDataView::createStructure): * runtime/JSDataView.h: Added. * runtime/JSDataViewPrototype.cpp: Added. (JSC::JSDataViewPrototype::JSDataViewPrototype): (JSC::JSDataViewPrototype::create): (JSC::JSDataViewPrototype::createStructure): (JSC::JSDataViewPrototype::getOwnPropertySlot): (JSC::JSDataViewPrototype::getOwnPropertyDescriptor): (JSC::getData): (JSC::setData): (JSC::dataViewProtoFuncGetInt8): (JSC::dataViewProtoFuncGetInt16): (JSC::dataViewProtoFuncGetInt32): (JSC::dataViewProtoFuncGetUint8): (JSC::dataViewProtoFuncGetUint16): (JSC::dataViewProtoFuncGetUint32): (JSC::dataViewProtoFuncGetFloat32): (JSC::dataViewProtoFuncGetFloat64): (JSC::dataViewProtoFuncSetInt8): (JSC::dataViewProtoFuncSetInt16): (JSC::dataViewProtoFuncSetInt32): (JSC::dataViewProtoFuncSetUint8): (JSC::dataViewProtoFuncSetUint16): (JSC::dataViewProtoFuncSetUint32): (JSC::dataViewProtoFuncSetFloat32): (JSC::dataViewProtoFuncSetFloat64): * runtime/JSDataViewPrototype.h: Added. * runtime/JSFloat32Array.h: Added. * runtime/JSFloat64Array.h: Added. * runtime/JSGenericTypedArrayView.h: Added. (JSC::JSGenericTypedArrayView::byteLength): (JSC::JSGenericTypedArrayView::byteSize): (JSC::JSGenericTypedArrayView::typedVector): (JSC::JSGenericTypedArrayView::canGetIndexQuickly): (JSC::JSGenericTypedArrayView::canSetIndexQuickly): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble): (JSC::JSGenericTypedArrayView::getIndexQuickly): (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue): (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble): (JSC::JSGenericTypedArrayView::setIndexQuickly): (JSC::JSGenericTypedArrayView::canAccessRangeQuickly): (JSC::JSGenericTypedArrayView::typedImpl): (JSC::JSGenericTypedArrayView::createStructure): (JSC::JSGenericTypedArrayView::info): (JSC::toNativeTypedView): * runtime/JSGenericTypedArrayViewConstructor.h: Added. * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added. (JSC::::JSGenericTypedArrayViewConstructor): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): (JSC::constructGenericTypedArrayView): (JSC::::getConstructData): (JSC::::getCallData): * runtime/JSGenericTypedArrayViewInlines.h: Added. (JSC::::JSGenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::validateRange): (JSC::::setWithSpecificType): (JSC::::set): (JSC::::getOwnPropertySlot): (JSC::::getOwnPropertyDescriptor): (JSC::::put): (JSC::::defineOwnProperty): (JSC::::deleteProperty): (JSC::::getOwnPropertySlotByIndex): (JSC::::putByIndex): (JSC::::deletePropertyByIndex): (JSC::::getOwnNonIndexPropertyNames): (JSC::::getOwnPropertyNames): (JSC::::visitChildren): (JSC::::copyBackingStore): (JSC::::slowDownAndWasteMemory): (JSC::::getTypedArrayImpl): * runtime/JSGenericTypedArrayViewPrototype.h: Added. * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added. (JSC::genericTypedArrayViewProtoFuncSet): (JSC::genericTypedArrayViewProtoFuncSubarray): (JSC::::JSGenericTypedArrayViewPrototype): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren): * runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype): (JSC::JSGlobalObject::arrayBufferStructure): (JSC::JSGlobalObject::typedArrayStructure): * runtime/JSInt16Array.h: Added. * runtime/JSInt32Array.h: Added. * runtime/JSInt8Array.h: Added. * runtime/JSTypedArrayConstructors.cpp: Added. * runtime/JSTypedArrayConstructors.h: Added. * runtime/JSTypedArrayPrototypes.cpp: Added. * runtime/JSTypedArrayPrototypes.h: Added. * runtime/JSTypedArrays.cpp: Added. * runtime/JSTypedArrays.h: Added. * runtime/JSUint16Array.h: Added. * runtime/JSUint32Array.h: Added. * runtime/JSUint8Array.h: Added. * runtime/JSUint8ClampedArray.h: Added. * runtime/Operations.h: * runtime/Options.h: * runtime/SimpleTypedArrayController.cpp: Added. (JSC::SimpleTypedArrayController::SimpleTypedArrayController): (JSC::SimpleTypedArrayController::~SimpleTypedArrayController): (JSC::SimpleTypedArrayController::toJS): * runtime/SimpleTypedArrayController.h: Added. * runtime/Structure.h: (JSC::Structure::couldHaveIndexingHeader): * runtime/StructureInlines.h: (JSC::Structure::hasIndexingHeader): * runtime/TypedArrayAdaptors.h: Added. (JSC::IntegralTypedArrayAdaptor::toNative): (JSC::IntegralTypedArrayAdaptor::toJSValue): (JSC::IntegralTypedArrayAdaptor::toDouble): (JSC::FloatTypedArrayAdaptor::toNative): (JSC::FloatTypedArrayAdaptor::toJSValue): (JSC::FloatTypedArrayAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::toNative): (JSC::Uint8ClampedAdaptor::toJSValue): (JSC::Uint8ClampedAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::clamp): * runtime/TypedArrayController.cpp: Added. (JSC::TypedArrayController::TypedArrayController): (JSC::TypedArrayController::~TypedArrayController): * runtime/TypedArrayController.h: Added. * runtime/TypedArrayDescriptor.h: Removed. * runtime/TypedArrayInlines.h: Added. * runtime/TypedArrayType.cpp: Added. (JSC::classInfoForType): (WTF::printInternal): * runtime/TypedArrayType.h: Added. (JSC::toIndex): (JSC::isTypedView): (JSC::elementSize): (JSC::isInt): (JSC::isFloat): (JSC::isSigned): (JSC::isClamped): * runtime/TypedArrays.h: Added. * runtime/Uint16Array.h: * runtime/Uint32Array.h: * runtime/Uint8Array.h: * runtime/Uint8ClampedArray.h: * runtime/VM.cpp: (JSC::VM::VM): (JSC::VM::~VM): * runtime/VM.h: Source/WebCore: Reviewed by Oliver Hunt. Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a client of them. There is only one layering violation: WebCore installs a WebCoreTypedArrayController on VM, which makes the ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default, JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer alive but if ArrayBuffer is kept alive from native code then the JSArrayByffer may die. WebCoreTypedArrayController will keep the JSArrayBuffer alive if the ArrayBuffer is in the opaque root set. To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is changed to make most references to wrappers refer to JSObject* rather than JSDOMWrapper*. Array buffer views are now transient; the JS array buffer view wrappers don't own them or keep them alive. This required a bunch of changes to make bindings code use RefPtr<ArrayBufferView> to hold onto their views. Also there is a bunch of new code to make JSC-provided array buffers and views obey the toJS/to<ClassName> idiom for wrapping and unwrapping. Finally, the DataView API is now completely different: the JSDataView provides the same user-visible JS API but using its own internal magic; the C++ code that uses DataView now uses a rather different API that is not aware of usual DOM semantics, since it's in JSC and not WebCore. It's equally useful for all of WebCore's purposes, but some code had to change to adapt the new conventions. Some tests have been changed or rebased due to changes in behavior, that bring us into conformance with where the standards are going and allow us to match Firefox behavior. Automake work and some additional GTK changes courtesy of Zan Dobersek <zdobersek@igalia.com>. Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>. * CMakeLists.txt: * DerivedSources.make: * ForwardingHeaders/runtime/DataView.h: Added. * ForwardingHeaders/runtime/JSArrayBuffer.h: Added. * ForwardingHeaders/runtime/JSArrayBufferView.h: Added. * ForwardingHeaders/runtime/JSDataView.h: Added. * ForwardingHeaders/runtime/JSTypedArrays.h: Added. * ForwardingHeaders/runtime/TypedArrayController.h: Added. * ForwardingHeaders/runtime/TypedArrayInlines.h: Added. * ForwardingHeaders/runtime/TypedArrays.h: Added. * GNUmakefile.list.am: * Modules/webaudio/RealtimeAnalyser.h: * Target.pri: * UseJSC.cmake: * WebCore.exp.in: * WebCore.vcxproj/WebCore.vcxproj: * WebCore.xcodeproj/project.pbxproj: * bindings/js/DOMWrapperWorld.h: * bindings/js/JSArrayBufferCustom.cpp: Removed. * bindings/js/JSArrayBufferViewHelper.h: Removed. * bindings/js/JSAudioContextCustom.cpp: * bindings/js/JSBindingsAllInOne.cpp: * bindings/js/JSBlobCustom.cpp: * bindings/js/JSCSSRuleCustom.cpp: (WebCore::toJS): * bindings/js/JSCSSValueCustom.cpp: (WebCore::toJS): * bindings/js/JSCryptoCustom.cpp: (WebCore::JSCrypto::getRandomValues): * bindings/js/JSDOMBinding.h: (WebCore::wrapperOwner): (WebCore::wrapperContext): (WebCore::getInlineCachedWrapper): (WebCore::setInlineCachedWrapper): (WebCore::clearInlineCachedWrapper): (WebCore::getCachedWrapper): (WebCore::cacheWrapper): (WebCore::uncacheWrapper): (WebCore::wrap): (WebCore::toJS): (WebCore::toArrayBufferView): (WebCore::toInt8Array): (WebCore::toInt16Array): (WebCore::toInt32Array): (WebCore::toUint8Array): (WebCore::toUint8ClampedArray): (WebCore::toUint16Array): (WebCore::toUint32Array): (WebCore::toFloat32Array): (WebCore::toFloat64Array): (WebCore::toDataView): * bindings/js/JSDataViewCustom.cpp: Removed. * bindings/js/JSDictionary.cpp: * bindings/js/JSDictionary.h: * bindings/js/JSDocumentCustom.cpp: (WebCore::JSDocument::location): (WebCore::toJS): * bindings/js/JSEventCustom.cpp: (WebCore::toJS): * bindings/js/JSFileReaderCustom.cpp: * bindings/js/JSHTMLCollectionCustom.cpp: (WebCore::toJS): * bindings/js/JSHTMLTemplateElementCustom.cpp: (WebCore::JSHTMLTemplateElement::content): * bindings/js/JSImageDataCustom.cpp: (WebCore::toJS): * bindings/js/JSInjectedScriptHostCustom.cpp: * bindings/js/JSMessageEventCustom.cpp: * bindings/js/JSMessagePortCustom.cpp: * bindings/js/JSSVGPathSegCustom.cpp: (WebCore::toJS): * bindings/js/JSStyleSheetCustom.cpp: (WebCore::toJS): * bindings/js/JSTrackCustom.cpp: (WebCore::toJS): * bindings/js/JSWebGLRenderingContextCustom.cpp: * bindings/js/JSXMLHttpRequestCustom.cpp: (WebCore::JSXMLHttpRequest::send): * bindings/js/SerializedScriptValue.cpp: (WebCore::SerializedScriptValue::transferArrayBuffers): * bindings/js/WebCoreJSClientData.h: (WebCore::initNormalWorldClientData): * bindings/js/WebCoreTypedArrayController.cpp: Added. (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::toJS): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize): * bindings/js/WebCoreTypedArrayController.h: Added. (WebCore::WebCoreTypedArrayController::wrapperOwner): * bindings/scripts/CodeGenerator.pm: (ForAllParents): (ParseInterface): (SkipIncludeHeader): (IsTypedArrayType): (IsWrapperType): * bindings/scripts/CodeGeneratorJS.pm: (AddIncludesForType): (GenerateHeader): (GenerateImplementation): (GenerateParametersCheck): (GetNativeType): (JSValueToNative): (NativeToJSValue): (GenerateConstructorDefinition): (GenerateConstructorHelperMethods): * fileapi/WebKitBlobBuilder.cpp: (WebCore::BlobBuilder::append): * fileapi/WebKitBlobBuilder.h: * html/canvas/ArrayBuffer.idl: Removed. * html/canvas/ArrayBufferView.idl: Removed. * html/canvas/DataView.cpp: Removed. * html/canvas/DataView.h: Removed. * html/canvas/DataView.idl: Removed. * html/canvas/Float32Array.idl: Removed. * html/canvas/Float64Array.idl: Removed. * html/canvas/Int16Array.idl: Removed. * html/canvas/Int32Array.idl: Removed. * html/canvas/Int8Array.idl: Removed. * html/canvas/Uint16Array.idl: Removed. * html/canvas/Uint32Array.idl: Removed. * html/canvas/Uint8Array.idl: Removed. * html/canvas/Uint8ClampedArray.idl: Removed. * html/canvas/WebGLRenderingContext.cpp: (WebCore::WebGLRenderingContext::readPixels): (WebCore::WebGLRenderingContext::validateTexFuncData): * page/Crypto.cpp: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource): (WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData): * platform/graphics/filters/FECustomFilter.h: * platform/graphics/filters/FEGaussianBlur.cpp: * platform/graphics/filters/FilterEffect.cpp: * testing/MockCDM.cpp: Source/WebKit2: Reviewed by Oliver Hunt. You don't need to include JSUint8Array anymore if you just want to unwrap one; JSDOMBinding gives you all of the things you need. * WebProcess/InjectedBundle/InjectedBundle.cpp: Source/WTF: Reviewed by Oliver Hunt. - Added the notion of a reference counted object that can be marked Deferred, which is like a special-purpose upref. - Added a common byte flipper. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * GNUmakefile.list.am: * WTF.xcodeproj/project.pbxproj: * wtf/DeferrableRefCounted.h: Added. (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::hasOneRef): (WTF::DeferrableRefCountedBase::refCount): (WTF::DeferrableRefCountedBase::isDeferred): (WTF::DeferrableRefCountedBase::DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCountedBase::setIsDeferredBase): (WTF::DeferrableRefCounted::deref): (WTF::DeferrableRefCounted::setIsDeferred): (WTF::DeferrableRefCounted::DeferrableRefCounted): (WTF::DeferrableRefCounted::~DeferrableRefCounted): * wtf/FlipBytes.h: Added. (WTF::needToFlipBytesIfLittleEndian): (WTF::flipBytes): (WTF::flipBytesIfLittleEndian): LayoutTests: Reviewed by Oliver Hunt. * fast/canvas/webgl/array-set-invalid-arguments-expected.txt: * fast/canvas/webgl/array-set-out-of-bounds-expected.txt: * fast/canvas/webgl/array-unit-tests-expected.txt: * fast/canvas/webgl/array-unit-tests.html: * fast/canvas/webgl/data-view-crash-expected.txt: * fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js: (checkView): * fast/dom/call-a-constructor-as-a-function-expected.txt: * fast/dom/call-a-constructor-as-a-function.html: * fast/js/constructor-length.html: * fast/js/global-constructors-attributes-dedicated-worker-expected.txt: * fast/js/global-constructors-attributes-expected.txt: * fast/js/global-constructors-attributes-shared-worker-expected.txt: * fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added. * fast/js/regress/Int32Array-alloc-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-huge.html: Added. * fast/js/regress/Int32Array-alloc-large-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-large.html: Added. * fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-long-lived.html: Added. * fast/js/regress/Int32Array-alloc.html: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc.js: Added. * platform/mac/fast/js/constructor-length-expected.txt: * webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html: * webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html: Canonical link: https://commits.webkit.org/137806@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-08-15 20:43:06 +00:00
~DeferrableRefCountedBase()
{
}
[Fetch API] Use Ref<const T> in FetchBody::m_data variant https://bugs.webkit.org/show_bug.cgi?id=162599 Patch by Youenn Fablet <youenn@apple.com> on 2016-09-27 Reviewed by Alex Christensen. Source/WebCore: Covered by existing tests. Using Ref<const T> for all variants of m_data except for FormData since FetchBody is actually creating it and may modifiy it. Updating blob loading code path to use a const Blob& instead of a Blob&. * Modules/fetch/FetchBody.cpp: (WebCore::FetchBody::FetchBody): (WebCore::FetchBody::extract): (WebCore::FetchBody::clone): * Modules/fetch/FetchBody.h: (WebCore::FetchBody::blobBody): (WebCore::FetchBody::arrayBufferBody): (WebCore::FetchBody::arrayBufferViewBody): * Modules/fetch/FetchBodyOwner.cpp: (WebCore::FetchBodyOwner::loadBlob): * Modules/fetch/FetchBodyOwner.h: * Modules/fetch/FetchLoader.cpp: (WebCore::FetchLoader::start): * Modules/fetch/FetchLoader.h: Source/WTF: Enabling to use DeferrableRefCounted<const T> by making m_refCount mutable. * wtf/DeferrableRefCounted.h: (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCounted::deref): Canonical link: https://commits.webkit.org/180554@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@206438 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-09-27 16:47:49 +00:00
bool derefBase() const
Typed arrays should be rewritten https://bugs.webkit.org/show_bug.cgi?id=119064 .: Reviewed by Oliver Hunt. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * Source/autotools/symbols.filter: Source/JavaScriptCore: Reviewed by Oliver Hunt. Typed arrays were previously deficient in several major ways: - They were defined separately in WebCore and in the jsc shell. The two implementations were different, and the jsc shell one was basically wrong. The WebCore one was quite awful, also. - Typed arrays were not visible to the JIT except through some weird hooks. For example, the JIT could not ask "what is the Structure that this typed array would have if I just allocated it from this global object". Also, it was difficult to wire any of the typed array intrinsics, because most of the functionality wasn't visible anywhere in JSC. - Typed array allocation was brain-dead. Allocating a typed array involved two JS objects, two GC weak handles, and three malloc allocations. - Neutering. It involved keeping tabs on all native views but not the view wrappers, even though the native views can autoneuter just by asking the buffer if it was neutered anytime you touch them; while the JS view wrappers are the ones that you really want to reach out to. - Common case-ing. Most typed arrays have one buffer and one view, and usually nobody touches the buffer. Yet we created all of that stuff anyway, using data structures optimized for the case where you had a lot of views. - Semantic goofs. Typed arrays should, in the future, behave like ES features rather than DOM features, for example when it comes to exceptions. Firefox already does this and I agree with them. This patch cleanses our codebase of these sins: - Typed arrays are almost entirely defined in JSC. Only the lifecycle management of native references to buffers is left to WebCore. - Allocating a typed array requires either two GC allocations (a cell and a copied storage vector) or one GC allocation, a malloc allocation, and a weak handle (a cell and a malloc'd storage vector, plus a finalizer for the latter). The latter is only used for oversize arrays. Remember that before it was 7 allocations no matter what. - Typed arrays require just 4 words of overhead: Structure*, Butterfly*, mode/length, void* vector. Before it was a lot more than that - remember, there were five additional objects that did absolutely nothing for anybody. - Native views aren't tracked by the buffer, or by the wrappers. They are transient. In the future we'll probably switch to not even having them be malloc'd. - Native array buffers have an efficient way of tracking all of their JS view wrappers, both for neutering, and for lifecycle management. The GC special-cases native array buffers. This saves a bunch of grief; for example it means that a JS view wrapper can refer to its buffer via the butterfly, which would be dead by the time we went to finalize. - Typed array semantics now match Firefox, which also happens to be where the standards are going. The discussion on webkit-dev seemed to confirm that Chrome is also heading in this direction. This includes making Uint8ClampedArray not a subtype of Uint8Array, and getting rid of ArrayBufferView as a JS-visible construct. This is up to a 10x speed-up on programs that allocate a lot of typed arrays. It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for further typed array optimizations in the JSC JITs, including inlining typed array allocation, inlining more of the accessors, reducing the cost of type checks, etc. An additional property of this patch is that typed arrays are mostly implemented using templates. This deduplicates a bunch of code, but does mean that we need some hacks for exporting s_info's of template classes. See JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly low-impact compared to code duplication. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * CMakeLists.txt: * DerivedSources.make: * GNUmakefile.list.am: * JSCTypedArrayStubs.h: Removed. * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * bytecode/ByValInfo.h: (JSC::hasOptimizableIndexingForClassInfo): (JSC::jitArrayModeForClassInfo): (JSC::typedArrayTypeForJITArrayMode): * bytecode/SpeculatedType.cpp: (JSC::speculationFromClassInfo): * dfg/DFGArrayMode.cpp: (JSC::DFG::toTypedArrayType): * dfg/DFGArrayMode.h: (JSC::DFG::ArrayMode::typedArrayType): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetArrayLength): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * heap/CopyToken.h: * heap/DeferGC.h: (JSC::DeferGCForAWhile::DeferGCForAWhile): (JSC::DeferGCForAWhile::~DeferGCForAWhile): * heap/GCIncomingRefCounted.h: Added. (JSC::GCIncomingRefCounted::GCIncomingRefCounted): (JSC::GCIncomingRefCounted::~GCIncomingRefCounted): (JSC::GCIncomingRefCounted::numberOfIncomingReferences): (JSC::GCIncomingRefCounted::incomingReferenceAt): (JSC::GCIncomingRefCounted::singletonFlag): (JSC::GCIncomingRefCounted::hasVectorOfCells): (JSC::GCIncomingRefCounted::hasAnyIncoming): (JSC::GCIncomingRefCounted::hasSingleton): (JSC::GCIncomingRefCounted::singleton): (JSC::GCIncomingRefCounted::vectorOfCells): * heap/GCIncomingRefCountedInlines.h: Added. (JSC::::addIncomingReference): (JSC::::filterIncomingReferences): * heap/GCIncomingRefCountedSet.h: Added. (JSC::GCIncomingRefCountedSet::size): * heap/GCIncomingRefCountedSetInlines.h: Added. (JSC::::GCIncomingRefCountedSet): (JSC::::~GCIncomingRefCountedSet): (JSC::::addReference): (JSC::::sweep): (JSC::::removeAll): (JSC::::removeDead): * heap/Heap.cpp: (JSC::Heap::addReference): (JSC::Heap::extraSize): (JSC::Heap::size): (JSC::Heap::capacity): (JSC::Heap::collect): (JSC::Heap::decrementDeferralDepth): (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): * heap/Heap.h: * interpreter/CallFrame.h: (JSC::ExecState::dataViewTable): * jit/JIT.h: * jit/JITPropertyAccess.cpp: (JSC::JIT::privateCompileGetByVal): (JSC::JIT::privateCompilePutByVal): (JSC::JIT::emitIntTypedArrayGetByVal): (JSC::JIT::emitFloatTypedArrayGetByVal): (JSC::JIT::emitIntTypedArrayPutByVal): (JSC::JIT::emitFloatTypedArrayPutByVal): * jsc.cpp: (GlobalObject::finishCreation): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::ArrayBuffer): (JSC::ArrayBuffer::gcSizeEstimateInBytes): (JSC::ArrayBuffer::pin): (JSC::ArrayBuffer::unpin): (JSC::ArrayBufferContents::tryAllocate): * runtime/ArrayBufferView.cpp: (JSC::ArrayBufferView::ArrayBufferView): (JSC::ArrayBufferView::~ArrayBufferView): (JSC::ArrayBufferView::setNeuterable): * runtime/ArrayBufferView.h: (JSC::ArrayBufferView::isNeutered): (JSC::ArrayBufferView::buffer): (JSC::ArrayBufferView::baseAddress): (JSC::ArrayBufferView::byteOffset): (JSC::ArrayBufferView::verifySubRange): (JSC::ArrayBufferView::clampOffsetAndNumElements): (JSC::ArrayBufferView::calculateOffsetAndLength): * runtime/ClassInfo.h: * runtime/CommonIdentifiers.h: * runtime/DataView.cpp: Added. (JSC::DataView::DataView): (JSC::DataView::create): (JSC::DataView::wrap): * runtime/DataView.h: Added. (JSC::DataView::byteLength): (JSC::DataView::getType): (JSC::DataView::get): (JSC::DataView::set): * runtime/Float32Array.h: * runtime/Float64Array.h: * runtime/GenericTypedArrayView.h: Added. (JSC::GenericTypedArrayView::data): (JSC::GenericTypedArrayView::set): (JSC::GenericTypedArrayView::setRange): (JSC::GenericTypedArrayView::zeroRange): (JSC::GenericTypedArrayView::zeroFill): (JSC::GenericTypedArrayView::length): (JSC::GenericTypedArrayView::byteLength): (JSC::GenericTypedArrayView::item): (JSC::GenericTypedArrayView::checkInboundData): (JSC::GenericTypedArrayView::getType): * runtime/GenericTypedArrayViewInlines.h: Added. (JSC::::GenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::subarray): (JSC::::wrap): * runtime/IndexingHeader.h: (JSC::IndexingHeader::arrayBuffer): (JSC::IndexingHeader::setArrayBuffer): * runtime/Int16Array.h: * runtime/Int32Array.h: * runtime/Int8Array.h: * runtime/JSArrayBuffer.cpp: Added. (JSC::JSArrayBuffer::JSArrayBuffer): (JSC::JSArrayBuffer::finishCreation): (JSC::JSArrayBuffer::create): (JSC::JSArrayBuffer::createStructure): (JSC::JSArrayBuffer::getOwnPropertySlot): (JSC::JSArrayBuffer::getOwnPropertyDescriptor): (JSC::JSArrayBuffer::put): (JSC::JSArrayBuffer::defineOwnProperty): (JSC::JSArrayBuffer::deleteProperty): (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames): * runtime/JSArrayBuffer.h: Added. (JSC::JSArrayBuffer::impl): (JSC::toArrayBuffer): * runtime/JSArrayBufferConstructor.cpp: Added. (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor): (JSC::JSArrayBufferConstructor::finishCreation): (JSC::JSArrayBufferConstructor::create): (JSC::JSArrayBufferConstructor::createStructure): (JSC::constructArrayBuffer): (JSC::JSArrayBufferConstructor::getConstructData): (JSC::JSArrayBufferConstructor::getCallData): * runtime/JSArrayBufferConstructor.h: Added. * runtime/JSArrayBufferPrototype.cpp: Added. (JSC::arrayBufferProtoFuncSlice): (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype): (JSC::JSArrayBufferPrototype::finishCreation): (JSC::JSArrayBufferPrototype::create): (JSC::JSArrayBufferPrototype::createStructure): * runtime/JSArrayBufferPrototype.h: Added. * runtime/JSArrayBufferView.cpp: Added. (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): (JSC::JSArrayBufferView::JSArrayBufferView): (JSC::JSArrayBufferView::finishCreation): (JSC::JSArrayBufferView::getOwnPropertySlot): (JSC::JSArrayBufferView::getOwnPropertyDescriptor): (JSC::JSArrayBufferView::put): (JSC::JSArrayBufferView::defineOwnProperty): (JSC::JSArrayBufferView::deleteProperty): (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames): (JSC::JSArrayBufferView::finalize): * runtime/JSArrayBufferView.h: Added. (JSC::JSArrayBufferView::sizeOf): (JSC::JSArrayBufferView::ConstructionContext::operator!): (JSC::JSArrayBufferView::ConstructionContext::structure): (JSC::JSArrayBufferView::ConstructionContext::vector): (JSC::JSArrayBufferView::ConstructionContext::length): (JSC::JSArrayBufferView::ConstructionContext::mode): (JSC::JSArrayBufferView::ConstructionContext::butterfly): (JSC::JSArrayBufferView::mode): (JSC::JSArrayBufferView::vector): (JSC::JSArrayBufferView::length): (JSC::JSArrayBufferView::offsetOfVector): (JSC::JSArrayBufferView::offsetOfLength): (JSC::JSArrayBufferView::offsetOfMode): * runtime/JSArrayBufferViewInlines.h: Added. (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary): (JSC::JSArrayBufferView::buffer): (JSC::JSArrayBufferView::impl): (JSC::JSArrayBufferView::neuter): (JSC::JSArrayBufferView::byteOffset): * runtime/JSCell.cpp: (JSC::JSCell::slowDownAndWasteMemory): (JSC::JSCell::getTypedArrayImpl): * runtime/JSCell.h: * runtime/JSDataView.cpp: Added. (JSC::JSDataView::JSDataView): (JSC::JSDataView::create): (JSC::JSDataView::createUninitialized): (JSC::JSDataView::set): (JSC::JSDataView::typedImpl): (JSC::JSDataView::getOwnPropertySlot): (JSC::JSDataView::getOwnPropertyDescriptor): (JSC::JSDataView::slowDownAndWasteMemory): (JSC::JSDataView::getTypedArrayImpl): (JSC::JSDataView::createStructure): * runtime/JSDataView.h: Added. * runtime/JSDataViewPrototype.cpp: Added. (JSC::JSDataViewPrototype::JSDataViewPrototype): (JSC::JSDataViewPrototype::create): (JSC::JSDataViewPrototype::createStructure): (JSC::JSDataViewPrototype::getOwnPropertySlot): (JSC::JSDataViewPrototype::getOwnPropertyDescriptor): (JSC::getData): (JSC::setData): (JSC::dataViewProtoFuncGetInt8): (JSC::dataViewProtoFuncGetInt16): (JSC::dataViewProtoFuncGetInt32): (JSC::dataViewProtoFuncGetUint8): (JSC::dataViewProtoFuncGetUint16): (JSC::dataViewProtoFuncGetUint32): (JSC::dataViewProtoFuncGetFloat32): (JSC::dataViewProtoFuncGetFloat64): (JSC::dataViewProtoFuncSetInt8): (JSC::dataViewProtoFuncSetInt16): (JSC::dataViewProtoFuncSetInt32): (JSC::dataViewProtoFuncSetUint8): (JSC::dataViewProtoFuncSetUint16): (JSC::dataViewProtoFuncSetUint32): (JSC::dataViewProtoFuncSetFloat32): (JSC::dataViewProtoFuncSetFloat64): * runtime/JSDataViewPrototype.h: Added. * runtime/JSFloat32Array.h: Added. * runtime/JSFloat64Array.h: Added. * runtime/JSGenericTypedArrayView.h: Added. (JSC::JSGenericTypedArrayView::byteLength): (JSC::JSGenericTypedArrayView::byteSize): (JSC::JSGenericTypedArrayView::typedVector): (JSC::JSGenericTypedArrayView::canGetIndexQuickly): (JSC::JSGenericTypedArrayView::canSetIndexQuickly): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble): (JSC::JSGenericTypedArrayView::getIndexQuickly): (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue): (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble): (JSC::JSGenericTypedArrayView::setIndexQuickly): (JSC::JSGenericTypedArrayView::canAccessRangeQuickly): (JSC::JSGenericTypedArrayView::typedImpl): (JSC::JSGenericTypedArrayView::createStructure): (JSC::JSGenericTypedArrayView::info): (JSC::toNativeTypedView): * runtime/JSGenericTypedArrayViewConstructor.h: Added. * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added. (JSC::::JSGenericTypedArrayViewConstructor): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): (JSC::constructGenericTypedArrayView): (JSC::::getConstructData): (JSC::::getCallData): * runtime/JSGenericTypedArrayViewInlines.h: Added. (JSC::::JSGenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::validateRange): (JSC::::setWithSpecificType): (JSC::::set): (JSC::::getOwnPropertySlot): (JSC::::getOwnPropertyDescriptor): (JSC::::put): (JSC::::defineOwnProperty): (JSC::::deleteProperty): (JSC::::getOwnPropertySlotByIndex): (JSC::::putByIndex): (JSC::::deletePropertyByIndex): (JSC::::getOwnNonIndexPropertyNames): (JSC::::getOwnPropertyNames): (JSC::::visitChildren): (JSC::::copyBackingStore): (JSC::::slowDownAndWasteMemory): (JSC::::getTypedArrayImpl): * runtime/JSGenericTypedArrayViewPrototype.h: Added. * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added. (JSC::genericTypedArrayViewProtoFuncSet): (JSC::genericTypedArrayViewProtoFuncSubarray): (JSC::::JSGenericTypedArrayViewPrototype): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren): * runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype): (JSC::JSGlobalObject::arrayBufferStructure): (JSC::JSGlobalObject::typedArrayStructure): * runtime/JSInt16Array.h: Added. * runtime/JSInt32Array.h: Added. * runtime/JSInt8Array.h: Added. * runtime/JSTypedArrayConstructors.cpp: Added. * runtime/JSTypedArrayConstructors.h: Added. * runtime/JSTypedArrayPrototypes.cpp: Added. * runtime/JSTypedArrayPrototypes.h: Added. * runtime/JSTypedArrays.cpp: Added. * runtime/JSTypedArrays.h: Added. * runtime/JSUint16Array.h: Added. * runtime/JSUint32Array.h: Added. * runtime/JSUint8Array.h: Added. * runtime/JSUint8ClampedArray.h: Added. * runtime/Operations.h: * runtime/Options.h: * runtime/SimpleTypedArrayController.cpp: Added. (JSC::SimpleTypedArrayController::SimpleTypedArrayController): (JSC::SimpleTypedArrayController::~SimpleTypedArrayController): (JSC::SimpleTypedArrayController::toJS): * runtime/SimpleTypedArrayController.h: Added. * runtime/Structure.h: (JSC::Structure::couldHaveIndexingHeader): * runtime/StructureInlines.h: (JSC::Structure::hasIndexingHeader): * runtime/TypedArrayAdaptors.h: Added. (JSC::IntegralTypedArrayAdaptor::toNative): (JSC::IntegralTypedArrayAdaptor::toJSValue): (JSC::IntegralTypedArrayAdaptor::toDouble): (JSC::FloatTypedArrayAdaptor::toNative): (JSC::FloatTypedArrayAdaptor::toJSValue): (JSC::FloatTypedArrayAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::toNative): (JSC::Uint8ClampedAdaptor::toJSValue): (JSC::Uint8ClampedAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::clamp): * runtime/TypedArrayController.cpp: Added. (JSC::TypedArrayController::TypedArrayController): (JSC::TypedArrayController::~TypedArrayController): * runtime/TypedArrayController.h: Added. * runtime/TypedArrayDescriptor.h: Removed. * runtime/TypedArrayInlines.h: Added. * runtime/TypedArrayType.cpp: Added. (JSC::classInfoForType): (WTF::printInternal): * runtime/TypedArrayType.h: Added. (JSC::toIndex): (JSC::isTypedView): (JSC::elementSize): (JSC::isInt): (JSC::isFloat): (JSC::isSigned): (JSC::isClamped): * runtime/TypedArrays.h: Added. * runtime/Uint16Array.h: * runtime/Uint32Array.h: * runtime/Uint8Array.h: * runtime/Uint8ClampedArray.h: * runtime/VM.cpp: (JSC::VM::VM): (JSC::VM::~VM): * runtime/VM.h: Source/WebCore: Reviewed by Oliver Hunt. Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a client of them. There is only one layering violation: WebCore installs a WebCoreTypedArrayController on VM, which makes the ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default, JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer alive but if ArrayBuffer is kept alive from native code then the JSArrayByffer may die. WebCoreTypedArrayController will keep the JSArrayBuffer alive if the ArrayBuffer is in the opaque root set. To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is changed to make most references to wrappers refer to JSObject* rather than JSDOMWrapper*. Array buffer views are now transient; the JS array buffer view wrappers don't own them or keep them alive. This required a bunch of changes to make bindings code use RefPtr<ArrayBufferView> to hold onto their views. Also there is a bunch of new code to make JSC-provided array buffers and views obey the toJS/to<ClassName> idiom for wrapping and unwrapping. Finally, the DataView API is now completely different: the JSDataView provides the same user-visible JS API but using its own internal magic; the C++ code that uses DataView now uses a rather different API that is not aware of usual DOM semantics, since it's in JSC and not WebCore. It's equally useful for all of WebCore's purposes, but some code had to change to adapt the new conventions. Some tests have been changed or rebased due to changes in behavior, that bring us into conformance with where the standards are going and allow us to match Firefox behavior. Automake work and some additional GTK changes courtesy of Zan Dobersek <zdobersek@igalia.com>. Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>. * CMakeLists.txt: * DerivedSources.make: * ForwardingHeaders/runtime/DataView.h: Added. * ForwardingHeaders/runtime/JSArrayBuffer.h: Added. * ForwardingHeaders/runtime/JSArrayBufferView.h: Added. * ForwardingHeaders/runtime/JSDataView.h: Added. * ForwardingHeaders/runtime/JSTypedArrays.h: Added. * ForwardingHeaders/runtime/TypedArrayController.h: Added. * ForwardingHeaders/runtime/TypedArrayInlines.h: Added. * ForwardingHeaders/runtime/TypedArrays.h: Added. * GNUmakefile.list.am: * Modules/webaudio/RealtimeAnalyser.h: * Target.pri: * UseJSC.cmake: * WebCore.exp.in: * WebCore.vcxproj/WebCore.vcxproj: * WebCore.xcodeproj/project.pbxproj: * bindings/js/DOMWrapperWorld.h: * bindings/js/JSArrayBufferCustom.cpp: Removed. * bindings/js/JSArrayBufferViewHelper.h: Removed. * bindings/js/JSAudioContextCustom.cpp: * bindings/js/JSBindingsAllInOne.cpp: * bindings/js/JSBlobCustom.cpp: * bindings/js/JSCSSRuleCustom.cpp: (WebCore::toJS): * bindings/js/JSCSSValueCustom.cpp: (WebCore::toJS): * bindings/js/JSCryptoCustom.cpp: (WebCore::JSCrypto::getRandomValues): * bindings/js/JSDOMBinding.h: (WebCore::wrapperOwner): (WebCore::wrapperContext): (WebCore::getInlineCachedWrapper): (WebCore::setInlineCachedWrapper): (WebCore::clearInlineCachedWrapper): (WebCore::getCachedWrapper): (WebCore::cacheWrapper): (WebCore::uncacheWrapper): (WebCore::wrap): (WebCore::toJS): (WebCore::toArrayBufferView): (WebCore::toInt8Array): (WebCore::toInt16Array): (WebCore::toInt32Array): (WebCore::toUint8Array): (WebCore::toUint8ClampedArray): (WebCore::toUint16Array): (WebCore::toUint32Array): (WebCore::toFloat32Array): (WebCore::toFloat64Array): (WebCore::toDataView): * bindings/js/JSDataViewCustom.cpp: Removed. * bindings/js/JSDictionary.cpp: * bindings/js/JSDictionary.h: * bindings/js/JSDocumentCustom.cpp: (WebCore::JSDocument::location): (WebCore::toJS): * bindings/js/JSEventCustom.cpp: (WebCore::toJS): * bindings/js/JSFileReaderCustom.cpp: * bindings/js/JSHTMLCollectionCustom.cpp: (WebCore::toJS): * bindings/js/JSHTMLTemplateElementCustom.cpp: (WebCore::JSHTMLTemplateElement::content): * bindings/js/JSImageDataCustom.cpp: (WebCore::toJS): * bindings/js/JSInjectedScriptHostCustom.cpp: * bindings/js/JSMessageEventCustom.cpp: * bindings/js/JSMessagePortCustom.cpp: * bindings/js/JSSVGPathSegCustom.cpp: (WebCore::toJS): * bindings/js/JSStyleSheetCustom.cpp: (WebCore::toJS): * bindings/js/JSTrackCustom.cpp: (WebCore::toJS): * bindings/js/JSWebGLRenderingContextCustom.cpp: * bindings/js/JSXMLHttpRequestCustom.cpp: (WebCore::JSXMLHttpRequest::send): * bindings/js/SerializedScriptValue.cpp: (WebCore::SerializedScriptValue::transferArrayBuffers): * bindings/js/WebCoreJSClientData.h: (WebCore::initNormalWorldClientData): * bindings/js/WebCoreTypedArrayController.cpp: Added. (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::toJS): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize): * bindings/js/WebCoreTypedArrayController.h: Added. (WebCore::WebCoreTypedArrayController::wrapperOwner): * bindings/scripts/CodeGenerator.pm: (ForAllParents): (ParseInterface): (SkipIncludeHeader): (IsTypedArrayType): (IsWrapperType): * bindings/scripts/CodeGeneratorJS.pm: (AddIncludesForType): (GenerateHeader): (GenerateImplementation): (GenerateParametersCheck): (GetNativeType): (JSValueToNative): (NativeToJSValue): (GenerateConstructorDefinition): (GenerateConstructorHelperMethods): * fileapi/WebKitBlobBuilder.cpp: (WebCore::BlobBuilder::append): * fileapi/WebKitBlobBuilder.h: * html/canvas/ArrayBuffer.idl: Removed. * html/canvas/ArrayBufferView.idl: Removed. * html/canvas/DataView.cpp: Removed. * html/canvas/DataView.h: Removed. * html/canvas/DataView.idl: Removed. * html/canvas/Float32Array.idl: Removed. * html/canvas/Float64Array.idl: Removed. * html/canvas/Int16Array.idl: Removed. * html/canvas/Int32Array.idl: Removed. * html/canvas/Int8Array.idl: Removed. * html/canvas/Uint16Array.idl: Removed. * html/canvas/Uint32Array.idl: Removed. * html/canvas/Uint8Array.idl: Removed. * html/canvas/Uint8ClampedArray.idl: Removed. * html/canvas/WebGLRenderingContext.cpp: (WebCore::WebGLRenderingContext::readPixels): (WebCore::WebGLRenderingContext::validateTexFuncData): * page/Crypto.cpp: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource): (WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData): * platform/graphics/filters/FECustomFilter.h: * platform/graphics/filters/FEGaussianBlur.cpp: * platform/graphics/filters/FilterEffect.cpp: * testing/MockCDM.cpp: Source/WebKit2: Reviewed by Oliver Hunt. You don't need to include JSUint8Array anymore if you just want to unwrap one; JSDOMBinding gives you all of the things you need. * WebProcess/InjectedBundle/InjectedBundle.cpp: Source/WTF: Reviewed by Oliver Hunt. - Added the notion of a reference counted object that can be marked Deferred, which is like a special-purpose upref. - Added a common byte flipper. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * GNUmakefile.list.am: * WTF.xcodeproj/project.pbxproj: * wtf/DeferrableRefCounted.h: Added. (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::hasOneRef): (WTF::DeferrableRefCountedBase::refCount): (WTF::DeferrableRefCountedBase::isDeferred): (WTF::DeferrableRefCountedBase::DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCountedBase::setIsDeferredBase): (WTF::DeferrableRefCounted::deref): (WTF::DeferrableRefCounted::setIsDeferred): (WTF::DeferrableRefCounted::DeferrableRefCounted): (WTF::DeferrableRefCounted::~DeferrableRefCounted): * wtf/FlipBytes.h: Added. (WTF::needToFlipBytesIfLittleEndian): (WTF::flipBytes): (WTF::flipBytesIfLittleEndian): LayoutTests: Reviewed by Oliver Hunt. * fast/canvas/webgl/array-set-invalid-arguments-expected.txt: * fast/canvas/webgl/array-set-out-of-bounds-expected.txt: * fast/canvas/webgl/array-unit-tests-expected.txt: * fast/canvas/webgl/array-unit-tests.html: * fast/canvas/webgl/data-view-crash-expected.txt: * fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js: (checkView): * fast/dom/call-a-constructor-as-a-function-expected.txt: * fast/dom/call-a-constructor-as-a-function.html: * fast/js/constructor-length.html: * fast/js/global-constructors-attributes-dedicated-worker-expected.txt: * fast/js/global-constructors-attributes-expected.txt: * fast/js/global-constructors-attributes-shared-worker-expected.txt: * fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added. * fast/js/regress/Int32Array-alloc-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-huge.html: Added. * fast/js/regress/Int32Array-alloc-large-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-large.html: Added. * fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-long-lived.html: Added. * fast/js/regress/Int32Array-alloc.html: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc.js: Added. * platform/mac/fast/js/constructor-length-expected.txt: * webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html: * webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html: Canonical link: https://commits.webkit.org/137806@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-08-15 20:43:06 +00:00
{
m_refCount -= normalIncrement;
return !m_refCount;
}
bool setIsDeferredBase(bool value)
{
if (value) {
m_refCount |= deferredFlag;
return false;
}
m_refCount &= ~deferredFlag;
return !m_refCount;
}
[Fetch API] Use Ref<const T> in FetchBody::m_data variant https://bugs.webkit.org/show_bug.cgi?id=162599 Patch by Youenn Fablet <youenn@apple.com> on 2016-09-27 Reviewed by Alex Christensen. Source/WebCore: Covered by existing tests. Using Ref<const T> for all variants of m_data except for FormData since FetchBody is actually creating it and may modifiy it. Updating blob loading code path to use a const Blob& instead of a Blob&. * Modules/fetch/FetchBody.cpp: (WebCore::FetchBody::FetchBody): (WebCore::FetchBody::extract): (WebCore::FetchBody::clone): * Modules/fetch/FetchBody.h: (WebCore::FetchBody::blobBody): (WebCore::FetchBody::arrayBufferBody): (WebCore::FetchBody::arrayBufferViewBody): * Modules/fetch/FetchBodyOwner.cpp: (WebCore::FetchBodyOwner::loadBlob): * Modules/fetch/FetchBodyOwner.h: * Modules/fetch/FetchLoader.cpp: (WebCore::FetchLoader::start): * Modules/fetch/FetchLoader.h: Source/WTF: Enabling to use DeferrableRefCounted<const T> by making m_refCount mutable. * wtf/DeferrableRefCounted.h: (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCounted::deref): Canonical link: https://commits.webkit.org/180554@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@206438 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-09-27 16:47:49 +00:00
Typed arrays should be rewritten https://bugs.webkit.org/show_bug.cgi?id=119064 .: Reviewed by Oliver Hunt. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * Source/autotools/symbols.filter: Source/JavaScriptCore: Reviewed by Oliver Hunt. Typed arrays were previously deficient in several major ways: - They were defined separately in WebCore and in the jsc shell. The two implementations were different, and the jsc shell one was basically wrong. The WebCore one was quite awful, also. - Typed arrays were not visible to the JIT except through some weird hooks. For example, the JIT could not ask "what is the Structure that this typed array would have if I just allocated it from this global object". Also, it was difficult to wire any of the typed array intrinsics, because most of the functionality wasn't visible anywhere in JSC. - Typed array allocation was brain-dead. Allocating a typed array involved two JS objects, two GC weak handles, and three malloc allocations. - Neutering. It involved keeping tabs on all native views but not the view wrappers, even though the native views can autoneuter just by asking the buffer if it was neutered anytime you touch them; while the JS view wrappers are the ones that you really want to reach out to. - Common case-ing. Most typed arrays have one buffer and one view, and usually nobody touches the buffer. Yet we created all of that stuff anyway, using data structures optimized for the case where you had a lot of views. - Semantic goofs. Typed arrays should, in the future, behave like ES features rather than DOM features, for example when it comes to exceptions. Firefox already does this and I agree with them. This patch cleanses our codebase of these sins: - Typed arrays are almost entirely defined in JSC. Only the lifecycle management of native references to buffers is left to WebCore. - Allocating a typed array requires either two GC allocations (a cell and a copied storage vector) or one GC allocation, a malloc allocation, and a weak handle (a cell and a malloc'd storage vector, plus a finalizer for the latter). The latter is only used for oversize arrays. Remember that before it was 7 allocations no matter what. - Typed arrays require just 4 words of overhead: Structure*, Butterfly*, mode/length, void* vector. Before it was a lot more than that - remember, there were five additional objects that did absolutely nothing for anybody. - Native views aren't tracked by the buffer, or by the wrappers. They are transient. In the future we'll probably switch to not even having them be malloc'd. - Native array buffers have an efficient way of tracking all of their JS view wrappers, both for neutering, and for lifecycle management. The GC special-cases native array buffers. This saves a bunch of grief; for example it means that a JS view wrapper can refer to its buffer via the butterfly, which would be dead by the time we went to finalize. - Typed array semantics now match Firefox, which also happens to be where the standards are going. The discussion on webkit-dev seemed to confirm that Chrome is also heading in this direction. This includes making Uint8ClampedArray not a subtype of Uint8Array, and getting rid of ArrayBufferView as a JS-visible construct. This is up to a 10x speed-up on programs that allocate a lot of typed arrays. It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for further typed array optimizations in the JSC JITs, including inlining typed array allocation, inlining more of the accessors, reducing the cost of type checks, etc. An additional property of this patch is that typed arrays are mostly implemented using templates. This deduplicates a bunch of code, but does mean that we need some hacks for exporting s_info's of template classes. See JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly low-impact compared to code duplication. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * CMakeLists.txt: * DerivedSources.make: * GNUmakefile.list.am: * JSCTypedArrayStubs.h: Removed. * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * bytecode/ByValInfo.h: (JSC::hasOptimizableIndexingForClassInfo): (JSC::jitArrayModeForClassInfo): (JSC::typedArrayTypeForJITArrayMode): * bytecode/SpeculatedType.cpp: (JSC::speculationFromClassInfo): * dfg/DFGArrayMode.cpp: (JSC::DFG::toTypedArrayType): * dfg/DFGArrayMode.h: (JSC::DFG::ArrayMode::typedArrayType): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetArrayLength): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * heap/CopyToken.h: * heap/DeferGC.h: (JSC::DeferGCForAWhile::DeferGCForAWhile): (JSC::DeferGCForAWhile::~DeferGCForAWhile): * heap/GCIncomingRefCounted.h: Added. (JSC::GCIncomingRefCounted::GCIncomingRefCounted): (JSC::GCIncomingRefCounted::~GCIncomingRefCounted): (JSC::GCIncomingRefCounted::numberOfIncomingReferences): (JSC::GCIncomingRefCounted::incomingReferenceAt): (JSC::GCIncomingRefCounted::singletonFlag): (JSC::GCIncomingRefCounted::hasVectorOfCells): (JSC::GCIncomingRefCounted::hasAnyIncoming): (JSC::GCIncomingRefCounted::hasSingleton): (JSC::GCIncomingRefCounted::singleton): (JSC::GCIncomingRefCounted::vectorOfCells): * heap/GCIncomingRefCountedInlines.h: Added. (JSC::::addIncomingReference): (JSC::::filterIncomingReferences): * heap/GCIncomingRefCountedSet.h: Added. (JSC::GCIncomingRefCountedSet::size): * heap/GCIncomingRefCountedSetInlines.h: Added. (JSC::::GCIncomingRefCountedSet): (JSC::::~GCIncomingRefCountedSet): (JSC::::addReference): (JSC::::sweep): (JSC::::removeAll): (JSC::::removeDead): * heap/Heap.cpp: (JSC::Heap::addReference): (JSC::Heap::extraSize): (JSC::Heap::size): (JSC::Heap::capacity): (JSC::Heap::collect): (JSC::Heap::decrementDeferralDepth): (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): * heap/Heap.h: * interpreter/CallFrame.h: (JSC::ExecState::dataViewTable): * jit/JIT.h: * jit/JITPropertyAccess.cpp: (JSC::JIT::privateCompileGetByVal): (JSC::JIT::privateCompilePutByVal): (JSC::JIT::emitIntTypedArrayGetByVal): (JSC::JIT::emitFloatTypedArrayGetByVal): (JSC::JIT::emitIntTypedArrayPutByVal): (JSC::JIT::emitFloatTypedArrayPutByVal): * jsc.cpp: (GlobalObject::finishCreation): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::ArrayBuffer): (JSC::ArrayBuffer::gcSizeEstimateInBytes): (JSC::ArrayBuffer::pin): (JSC::ArrayBuffer::unpin): (JSC::ArrayBufferContents::tryAllocate): * runtime/ArrayBufferView.cpp: (JSC::ArrayBufferView::ArrayBufferView): (JSC::ArrayBufferView::~ArrayBufferView): (JSC::ArrayBufferView::setNeuterable): * runtime/ArrayBufferView.h: (JSC::ArrayBufferView::isNeutered): (JSC::ArrayBufferView::buffer): (JSC::ArrayBufferView::baseAddress): (JSC::ArrayBufferView::byteOffset): (JSC::ArrayBufferView::verifySubRange): (JSC::ArrayBufferView::clampOffsetAndNumElements): (JSC::ArrayBufferView::calculateOffsetAndLength): * runtime/ClassInfo.h: * runtime/CommonIdentifiers.h: * runtime/DataView.cpp: Added. (JSC::DataView::DataView): (JSC::DataView::create): (JSC::DataView::wrap): * runtime/DataView.h: Added. (JSC::DataView::byteLength): (JSC::DataView::getType): (JSC::DataView::get): (JSC::DataView::set): * runtime/Float32Array.h: * runtime/Float64Array.h: * runtime/GenericTypedArrayView.h: Added. (JSC::GenericTypedArrayView::data): (JSC::GenericTypedArrayView::set): (JSC::GenericTypedArrayView::setRange): (JSC::GenericTypedArrayView::zeroRange): (JSC::GenericTypedArrayView::zeroFill): (JSC::GenericTypedArrayView::length): (JSC::GenericTypedArrayView::byteLength): (JSC::GenericTypedArrayView::item): (JSC::GenericTypedArrayView::checkInboundData): (JSC::GenericTypedArrayView::getType): * runtime/GenericTypedArrayViewInlines.h: Added. (JSC::::GenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::subarray): (JSC::::wrap): * runtime/IndexingHeader.h: (JSC::IndexingHeader::arrayBuffer): (JSC::IndexingHeader::setArrayBuffer): * runtime/Int16Array.h: * runtime/Int32Array.h: * runtime/Int8Array.h: * runtime/JSArrayBuffer.cpp: Added. (JSC::JSArrayBuffer::JSArrayBuffer): (JSC::JSArrayBuffer::finishCreation): (JSC::JSArrayBuffer::create): (JSC::JSArrayBuffer::createStructure): (JSC::JSArrayBuffer::getOwnPropertySlot): (JSC::JSArrayBuffer::getOwnPropertyDescriptor): (JSC::JSArrayBuffer::put): (JSC::JSArrayBuffer::defineOwnProperty): (JSC::JSArrayBuffer::deleteProperty): (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames): * runtime/JSArrayBuffer.h: Added. (JSC::JSArrayBuffer::impl): (JSC::toArrayBuffer): * runtime/JSArrayBufferConstructor.cpp: Added. (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor): (JSC::JSArrayBufferConstructor::finishCreation): (JSC::JSArrayBufferConstructor::create): (JSC::JSArrayBufferConstructor::createStructure): (JSC::constructArrayBuffer): (JSC::JSArrayBufferConstructor::getConstructData): (JSC::JSArrayBufferConstructor::getCallData): * runtime/JSArrayBufferConstructor.h: Added. * runtime/JSArrayBufferPrototype.cpp: Added. (JSC::arrayBufferProtoFuncSlice): (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype): (JSC::JSArrayBufferPrototype::finishCreation): (JSC::JSArrayBufferPrototype::create): (JSC::JSArrayBufferPrototype::createStructure): * runtime/JSArrayBufferPrototype.h: Added. * runtime/JSArrayBufferView.cpp: Added. (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): (JSC::JSArrayBufferView::JSArrayBufferView): (JSC::JSArrayBufferView::finishCreation): (JSC::JSArrayBufferView::getOwnPropertySlot): (JSC::JSArrayBufferView::getOwnPropertyDescriptor): (JSC::JSArrayBufferView::put): (JSC::JSArrayBufferView::defineOwnProperty): (JSC::JSArrayBufferView::deleteProperty): (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames): (JSC::JSArrayBufferView::finalize): * runtime/JSArrayBufferView.h: Added. (JSC::JSArrayBufferView::sizeOf): (JSC::JSArrayBufferView::ConstructionContext::operator!): (JSC::JSArrayBufferView::ConstructionContext::structure): (JSC::JSArrayBufferView::ConstructionContext::vector): (JSC::JSArrayBufferView::ConstructionContext::length): (JSC::JSArrayBufferView::ConstructionContext::mode): (JSC::JSArrayBufferView::ConstructionContext::butterfly): (JSC::JSArrayBufferView::mode): (JSC::JSArrayBufferView::vector): (JSC::JSArrayBufferView::length): (JSC::JSArrayBufferView::offsetOfVector): (JSC::JSArrayBufferView::offsetOfLength): (JSC::JSArrayBufferView::offsetOfMode): * runtime/JSArrayBufferViewInlines.h: Added. (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary): (JSC::JSArrayBufferView::buffer): (JSC::JSArrayBufferView::impl): (JSC::JSArrayBufferView::neuter): (JSC::JSArrayBufferView::byteOffset): * runtime/JSCell.cpp: (JSC::JSCell::slowDownAndWasteMemory): (JSC::JSCell::getTypedArrayImpl): * runtime/JSCell.h: * runtime/JSDataView.cpp: Added. (JSC::JSDataView::JSDataView): (JSC::JSDataView::create): (JSC::JSDataView::createUninitialized): (JSC::JSDataView::set): (JSC::JSDataView::typedImpl): (JSC::JSDataView::getOwnPropertySlot): (JSC::JSDataView::getOwnPropertyDescriptor): (JSC::JSDataView::slowDownAndWasteMemory): (JSC::JSDataView::getTypedArrayImpl): (JSC::JSDataView::createStructure): * runtime/JSDataView.h: Added. * runtime/JSDataViewPrototype.cpp: Added. (JSC::JSDataViewPrototype::JSDataViewPrototype): (JSC::JSDataViewPrototype::create): (JSC::JSDataViewPrototype::createStructure): (JSC::JSDataViewPrototype::getOwnPropertySlot): (JSC::JSDataViewPrototype::getOwnPropertyDescriptor): (JSC::getData): (JSC::setData): (JSC::dataViewProtoFuncGetInt8): (JSC::dataViewProtoFuncGetInt16): (JSC::dataViewProtoFuncGetInt32): (JSC::dataViewProtoFuncGetUint8): (JSC::dataViewProtoFuncGetUint16): (JSC::dataViewProtoFuncGetUint32): (JSC::dataViewProtoFuncGetFloat32): (JSC::dataViewProtoFuncGetFloat64): (JSC::dataViewProtoFuncSetInt8): (JSC::dataViewProtoFuncSetInt16): (JSC::dataViewProtoFuncSetInt32): (JSC::dataViewProtoFuncSetUint8): (JSC::dataViewProtoFuncSetUint16): (JSC::dataViewProtoFuncSetUint32): (JSC::dataViewProtoFuncSetFloat32): (JSC::dataViewProtoFuncSetFloat64): * runtime/JSDataViewPrototype.h: Added. * runtime/JSFloat32Array.h: Added. * runtime/JSFloat64Array.h: Added. * runtime/JSGenericTypedArrayView.h: Added. (JSC::JSGenericTypedArrayView::byteLength): (JSC::JSGenericTypedArrayView::byteSize): (JSC::JSGenericTypedArrayView::typedVector): (JSC::JSGenericTypedArrayView::canGetIndexQuickly): (JSC::JSGenericTypedArrayView::canSetIndexQuickly): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble): (JSC::JSGenericTypedArrayView::getIndexQuickly): (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue): (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble): (JSC::JSGenericTypedArrayView::setIndexQuickly): (JSC::JSGenericTypedArrayView::canAccessRangeQuickly): (JSC::JSGenericTypedArrayView::typedImpl): (JSC::JSGenericTypedArrayView::createStructure): (JSC::JSGenericTypedArrayView::info): (JSC::toNativeTypedView): * runtime/JSGenericTypedArrayViewConstructor.h: Added. * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added. (JSC::::JSGenericTypedArrayViewConstructor): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): (JSC::constructGenericTypedArrayView): (JSC::::getConstructData): (JSC::::getCallData): * runtime/JSGenericTypedArrayViewInlines.h: Added. (JSC::::JSGenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::validateRange): (JSC::::setWithSpecificType): (JSC::::set): (JSC::::getOwnPropertySlot): (JSC::::getOwnPropertyDescriptor): (JSC::::put): (JSC::::defineOwnProperty): (JSC::::deleteProperty): (JSC::::getOwnPropertySlotByIndex): (JSC::::putByIndex): (JSC::::deletePropertyByIndex): (JSC::::getOwnNonIndexPropertyNames): (JSC::::getOwnPropertyNames): (JSC::::visitChildren): (JSC::::copyBackingStore): (JSC::::slowDownAndWasteMemory): (JSC::::getTypedArrayImpl): * runtime/JSGenericTypedArrayViewPrototype.h: Added. * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added. (JSC::genericTypedArrayViewProtoFuncSet): (JSC::genericTypedArrayViewProtoFuncSubarray): (JSC::::JSGenericTypedArrayViewPrototype): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren): * runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype): (JSC::JSGlobalObject::arrayBufferStructure): (JSC::JSGlobalObject::typedArrayStructure): * runtime/JSInt16Array.h: Added. * runtime/JSInt32Array.h: Added. * runtime/JSInt8Array.h: Added. * runtime/JSTypedArrayConstructors.cpp: Added. * runtime/JSTypedArrayConstructors.h: Added. * runtime/JSTypedArrayPrototypes.cpp: Added. * runtime/JSTypedArrayPrototypes.h: Added. * runtime/JSTypedArrays.cpp: Added. * runtime/JSTypedArrays.h: Added. * runtime/JSUint16Array.h: Added. * runtime/JSUint32Array.h: Added. * runtime/JSUint8Array.h: Added. * runtime/JSUint8ClampedArray.h: Added. * runtime/Operations.h: * runtime/Options.h: * runtime/SimpleTypedArrayController.cpp: Added. (JSC::SimpleTypedArrayController::SimpleTypedArrayController): (JSC::SimpleTypedArrayController::~SimpleTypedArrayController): (JSC::SimpleTypedArrayController::toJS): * runtime/SimpleTypedArrayController.h: Added. * runtime/Structure.h: (JSC::Structure::couldHaveIndexingHeader): * runtime/StructureInlines.h: (JSC::Structure::hasIndexingHeader): * runtime/TypedArrayAdaptors.h: Added. (JSC::IntegralTypedArrayAdaptor::toNative): (JSC::IntegralTypedArrayAdaptor::toJSValue): (JSC::IntegralTypedArrayAdaptor::toDouble): (JSC::FloatTypedArrayAdaptor::toNative): (JSC::FloatTypedArrayAdaptor::toJSValue): (JSC::FloatTypedArrayAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::toNative): (JSC::Uint8ClampedAdaptor::toJSValue): (JSC::Uint8ClampedAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::clamp): * runtime/TypedArrayController.cpp: Added. (JSC::TypedArrayController::TypedArrayController): (JSC::TypedArrayController::~TypedArrayController): * runtime/TypedArrayController.h: Added. * runtime/TypedArrayDescriptor.h: Removed. * runtime/TypedArrayInlines.h: Added. * runtime/TypedArrayType.cpp: Added. (JSC::classInfoForType): (WTF::printInternal): * runtime/TypedArrayType.h: Added. (JSC::toIndex): (JSC::isTypedView): (JSC::elementSize): (JSC::isInt): (JSC::isFloat): (JSC::isSigned): (JSC::isClamped): * runtime/TypedArrays.h: Added. * runtime/Uint16Array.h: * runtime/Uint32Array.h: * runtime/Uint8Array.h: * runtime/Uint8ClampedArray.h: * runtime/VM.cpp: (JSC::VM::VM): (JSC::VM::~VM): * runtime/VM.h: Source/WebCore: Reviewed by Oliver Hunt. Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a client of them. There is only one layering violation: WebCore installs a WebCoreTypedArrayController on VM, which makes the ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default, JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer alive but if ArrayBuffer is kept alive from native code then the JSArrayByffer may die. WebCoreTypedArrayController will keep the JSArrayBuffer alive if the ArrayBuffer is in the opaque root set. To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is changed to make most references to wrappers refer to JSObject* rather than JSDOMWrapper*. Array buffer views are now transient; the JS array buffer view wrappers don't own them or keep them alive. This required a bunch of changes to make bindings code use RefPtr<ArrayBufferView> to hold onto their views. Also there is a bunch of new code to make JSC-provided array buffers and views obey the toJS/to<ClassName> idiom for wrapping and unwrapping. Finally, the DataView API is now completely different: the JSDataView provides the same user-visible JS API but using its own internal magic; the C++ code that uses DataView now uses a rather different API that is not aware of usual DOM semantics, since it's in JSC and not WebCore. It's equally useful for all of WebCore's purposes, but some code had to change to adapt the new conventions. Some tests have been changed or rebased due to changes in behavior, that bring us into conformance with where the standards are going and allow us to match Firefox behavior. Automake work and some additional GTK changes courtesy of Zan Dobersek <zdobersek@igalia.com>. Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>. * CMakeLists.txt: * DerivedSources.make: * ForwardingHeaders/runtime/DataView.h: Added. * ForwardingHeaders/runtime/JSArrayBuffer.h: Added. * ForwardingHeaders/runtime/JSArrayBufferView.h: Added. * ForwardingHeaders/runtime/JSDataView.h: Added. * ForwardingHeaders/runtime/JSTypedArrays.h: Added. * ForwardingHeaders/runtime/TypedArrayController.h: Added. * ForwardingHeaders/runtime/TypedArrayInlines.h: Added. * ForwardingHeaders/runtime/TypedArrays.h: Added. * GNUmakefile.list.am: * Modules/webaudio/RealtimeAnalyser.h: * Target.pri: * UseJSC.cmake: * WebCore.exp.in: * WebCore.vcxproj/WebCore.vcxproj: * WebCore.xcodeproj/project.pbxproj: * bindings/js/DOMWrapperWorld.h: * bindings/js/JSArrayBufferCustom.cpp: Removed. * bindings/js/JSArrayBufferViewHelper.h: Removed. * bindings/js/JSAudioContextCustom.cpp: * bindings/js/JSBindingsAllInOne.cpp: * bindings/js/JSBlobCustom.cpp: * bindings/js/JSCSSRuleCustom.cpp: (WebCore::toJS): * bindings/js/JSCSSValueCustom.cpp: (WebCore::toJS): * bindings/js/JSCryptoCustom.cpp: (WebCore::JSCrypto::getRandomValues): * bindings/js/JSDOMBinding.h: (WebCore::wrapperOwner): (WebCore::wrapperContext): (WebCore::getInlineCachedWrapper): (WebCore::setInlineCachedWrapper): (WebCore::clearInlineCachedWrapper): (WebCore::getCachedWrapper): (WebCore::cacheWrapper): (WebCore::uncacheWrapper): (WebCore::wrap): (WebCore::toJS): (WebCore::toArrayBufferView): (WebCore::toInt8Array): (WebCore::toInt16Array): (WebCore::toInt32Array): (WebCore::toUint8Array): (WebCore::toUint8ClampedArray): (WebCore::toUint16Array): (WebCore::toUint32Array): (WebCore::toFloat32Array): (WebCore::toFloat64Array): (WebCore::toDataView): * bindings/js/JSDataViewCustom.cpp: Removed. * bindings/js/JSDictionary.cpp: * bindings/js/JSDictionary.h: * bindings/js/JSDocumentCustom.cpp: (WebCore::JSDocument::location): (WebCore::toJS): * bindings/js/JSEventCustom.cpp: (WebCore::toJS): * bindings/js/JSFileReaderCustom.cpp: * bindings/js/JSHTMLCollectionCustom.cpp: (WebCore::toJS): * bindings/js/JSHTMLTemplateElementCustom.cpp: (WebCore::JSHTMLTemplateElement::content): * bindings/js/JSImageDataCustom.cpp: (WebCore::toJS): * bindings/js/JSInjectedScriptHostCustom.cpp: * bindings/js/JSMessageEventCustom.cpp: * bindings/js/JSMessagePortCustom.cpp: * bindings/js/JSSVGPathSegCustom.cpp: (WebCore::toJS): * bindings/js/JSStyleSheetCustom.cpp: (WebCore::toJS): * bindings/js/JSTrackCustom.cpp: (WebCore::toJS): * bindings/js/JSWebGLRenderingContextCustom.cpp: * bindings/js/JSXMLHttpRequestCustom.cpp: (WebCore::JSXMLHttpRequest::send): * bindings/js/SerializedScriptValue.cpp: (WebCore::SerializedScriptValue::transferArrayBuffers): * bindings/js/WebCoreJSClientData.h: (WebCore::initNormalWorldClientData): * bindings/js/WebCoreTypedArrayController.cpp: Added. (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::toJS): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize): * bindings/js/WebCoreTypedArrayController.h: Added. (WebCore::WebCoreTypedArrayController::wrapperOwner): * bindings/scripts/CodeGenerator.pm: (ForAllParents): (ParseInterface): (SkipIncludeHeader): (IsTypedArrayType): (IsWrapperType): * bindings/scripts/CodeGeneratorJS.pm: (AddIncludesForType): (GenerateHeader): (GenerateImplementation): (GenerateParametersCheck): (GetNativeType): (JSValueToNative): (NativeToJSValue): (GenerateConstructorDefinition): (GenerateConstructorHelperMethods): * fileapi/WebKitBlobBuilder.cpp: (WebCore::BlobBuilder::append): * fileapi/WebKitBlobBuilder.h: * html/canvas/ArrayBuffer.idl: Removed. * html/canvas/ArrayBufferView.idl: Removed. * html/canvas/DataView.cpp: Removed. * html/canvas/DataView.h: Removed. * html/canvas/DataView.idl: Removed. * html/canvas/Float32Array.idl: Removed. * html/canvas/Float64Array.idl: Removed. * html/canvas/Int16Array.idl: Removed. * html/canvas/Int32Array.idl: Removed. * html/canvas/Int8Array.idl: Removed. * html/canvas/Uint16Array.idl: Removed. * html/canvas/Uint32Array.idl: Removed. * html/canvas/Uint8Array.idl: Removed. * html/canvas/Uint8ClampedArray.idl: Removed. * html/canvas/WebGLRenderingContext.cpp: (WebCore::WebGLRenderingContext::readPixels): (WebCore::WebGLRenderingContext::validateTexFuncData): * page/Crypto.cpp: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource): (WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData): * platform/graphics/filters/FECustomFilter.h: * platform/graphics/filters/FEGaussianBlur.cpp: * platform/graphics/filters/FilterEffect.cpp: * testing/MockCDM.cpp: Source/WebKit2: Reviewed by Oliver Hunt. You don't need to include JSUint8Array anymore if you just want to unwrap one; JSDOMBinding gives you all of the things you need. * WebProcess/InjectedBundle/InjectedBundle.cpp: Source/WTF: Reviewed by Oliver Hunt. - Added the notion of a reference counted object that can be marked Deferred, which is like a special-purpose upref. - Added a common byte flipper. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * GNUmakefile.list.am: * WTF.xcodeproj/project.pbxproj: * wtf/DeferrableRefCounted.h: Added. (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::hasOneRef): (WTF::DeferrableRefCountedBase::refCount): (WTF::DeferrableRefCountedBase::isDeferred): (WTF::DeferrableRefCountedBase::DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCountedBase::setIsDeferredBase): (WTF::DeferrableRefCounted::deref): (WTF::DeferrableRefCounted::setIsDeferred): (WTF::DeferrableRefCounted::DeferrableRefCounted): (WTF::DeferrableRefCounted::~DeferrableRefCounted): * wtf/FlipBytes.h: Added. (WTF::needToFlipBytesIfLittleEndian): (WTF::flipBytes): (WTF::flipBytesIfLittleEndian): LayoutTests: Reviewed by Oliver Hunt. * fast/canvas/webgl/array-set-invalid-arguments-expected.txt: * fast/canvas/webgl/array-set-out-of-bounds-expected.txt: * fast/canvas/webgl/array-unit-tests-expected.txt: * fast/canvas/webgl/array-unit-tests.html: * fast/canvas/webgl/data-view-crash-expected.txt: * fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js: (checkView): * fast/dom/call-a-constructor-as-a-function-expected.txt: * fast/dom/call-a-constructor-as-a-function.html: * fast/js/constructor-length.html: * fast/js/global-constructors-attributes-dedicated-worker-expected.txt: * fast/js/global-constructors-attributes-expected.txt: * fast/js/global-constructors-attributes-shared-worker-expected.txt: * fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added. * fast/js/regress/Int32Array-alloc-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-huge.html: Added. * fast/js/regress/Int32Array-alloc-large-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-large.html: Added. * fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-long-lived.html: Added. * fast/js/regress/Int32Array-alloc.html: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc.js: Added. * platform/mac/fast/js/constructor-length-expected.txt: * webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html: * webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html: Canonical link: https://commits.webkit.org/137806@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-08-15 20:43:06 +00:00
private:
[Fetch API] Use Ref<const T> in FetchBody::m_data variant https://bugs.webkit.org/show_bug.cgi?id=162599 Patch by Youenn Fablet <youenn@apple.com> on 2016-09-27 Reviewed by Alex Christensen. Source/WebCore: Covered by existing tests. Using Ref<const T> for all variants of m_data except for FormData since FetchBody is actually creating it and may modifiy it. Updating blob loading code path to use a const Blob& instead of a Blob&. * Modules/fetch/FetchBody.cpp: (WebCore::FetchBody::FetchBody): (WebCore::FetchBody::extract): (WebCore::FetchBody::clone): * Modules/fetch/FetchBody.h: (WebCore::FetchBody::blobBody): (WebCore::FetchBody::arrayBufferBody): (WebCore::FetchBody::arrayBufferViewBody): * Modules/fetch/FetchBodyOwner.cpp: (WebCore::FetchBodyOwner::loadBlob): * Modules/fetch/FetchBodyOwner.h: * Modules/fetch/FetchLoader.cpp: (WebCore::FetchLoader::start): * Modules/fetch/FetchLoader.h: Source/WTF: Enabling to use DeferrableRefCounted<const T> by making m_refCount mutable. * wtf/DeferrableRefCounted.h: (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCounted::deref): Canonical link: https://commits.webkit.org/180554@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@206438 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-09-27 16:47:49 +00:00
mutable unsigned m_refCount;
Typed arrays should be rewritten https://bugs.webkit.org/show_bug.cgi?id=119064 .: Reviewed by Oliver Hunt. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * Source/autotools/symbols.filter: Source/JavaScriptCore: Reviewed by Oliver Hunt. Typed arrays were previously deficient in several major ways: - They were defined separately in WebCore and in the jsc shell. The two implementations were different, and the jsc shell one was basically wrong. The WebCore one was quite awful, also. - Typed arrays were not visible to the JIT except through some weird hooks. For example, the JIT could not ask "what is the Structure that this typed array would have if I just allocated it from this global object". Also, it was difficult to wire any of the typed array intrinsics, because most of the functionality wasn't visible anywhere in JSC. - Typed array allocation was brain-dead. Allocating a typed array involved two JS objects, two GC weak handles, and three malloc allocations. - Neutering. It involved keeping tabs on all native views but not the view wrappers, even though the native views can autoneuter just by asking the buffer if it was neutered anytime you touch them; while the JS view wrappers are the ones that you really want to reach out to. - Common case-ing. Most typed arrays have one buffer and one view, and usually nobody touches the buffer. Yet we created all of that stuff anyway, using data structures optimized for the case where you had a lot of views. - Semantic goofs. Typed arrays should, in the future, behave like ES features rather than DOM features, for example when it comes to exceptions. Firefox already does this and I agree with them. This patch cleanses our codebase of these sins: - Typed arrays are almost entirely defined in JSC. Only the lifecycle management of native references to buffers is left to WebCore. - Allocating a typed array requires either two GC allocations (a cell and a copied storage vector) or one GC allocation, a malloc allocation, and a weak handle (a cell and a malloc'd storage vector, plus a finalizer for the latter). The latter is only used for oversize arrays. Remember that before it was 7 allocations no matter what. - Typed arrays require just 4 words of overhead: Structure*, Butterfly*, mode/length, void* vector. Before it was a lot more than that - remember, there were five additional objects that did absolutely nothing for anybody. - Native views aren't tracked by the buffer, or by the wrappers. They are transient. In the future we'll probably switch to not even having them be malloc'd. - Native array buffers have an efficient way of tracking all of their JS view wrappers, both for neutering, and for lifecycle management. The GC special-cases native array buffers. This saves a bunch of grief; for example it means that a JS view wrapper can refer to its buffer via the butterfly, which would be dead by the time we went to finalize. - Typed array semantics now match Firefox, which also happens to be where the standards are going. The discussion on webkit-dev seemed to confirm that Chrome is also heading in this direction. This includes making Uint8ClampedArray not a subtype of Uint8Array, and getting rid of ArrayBufferView as a JS-visible construct. This is up to a 10x speed-up on programs that allocate a lot of typed arrays. It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for further typed array optimizations in the JSC JITs, including inlining typed array allocation, inlining more of the accessors, reducing the cost of type checks, etc. An additional property of this patch is that typed arrays are mostly implemented using templates. This deduplicates a bunch of code, but does mean that we need some hacks for exporting s_info's of template classes. See JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly low-impact compared to code duplication. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * CMakeLists.txt: * DerivedSources.make: * GNUmakefile.list.am: * JSCTypedArrayStubs.h: Removed. * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * bytecode/ByValInfo.h: (JSC::hasOptimizableIndexingForClassInfo): (JSC::jitArrayModeForClassInfo): (JSC::typedArrayTypeForJITArrayMode): * bytecode/SpeculatedType.cpp: (JSC::speculationFromClassInfo): * dfg/DFGArrayMode.cpp: (JSC::DFG::toTypedArrayType): * dfg/DFGArrayMode.h: (JSC::DFG::ArrayMode::typedArrayType): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetArrayLength): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * heap/CopyToken.h: * heap/DeferGC.h: (JSC::DeferGCForAWhile::DeferGCForAWhile): (JSC::DeferGCForAWhile::~DeferGCForAWhile): * heap/GCIncomingRefCounted.h: Added. (JSC::GCIncomingRefCounted::GCIncomingRefCounted): (JSC::GCIncomingRefCounted::~GCIncomingRefCounted): (JSC::GCIncomingRefCounted::numberOfIncomingReferences): (JSC::GCIncomingRefCounted::incomingReferenceAt): (JSC::GCIncomingRefCounted::singletonFlag): (JSC::GCIncomingRefCounted::hasVectorOfCells): (JSC::GCIncomingRefCounted::hasAnyIncoming): (JSC::GCIncomingRefCounted::hasSingleton): (JSC::GCIncomingRefCounted::singleton): (JSC::GCIncomingRefCounted::vectorOfCells): * heap/GCIncomingRefCountedInlines.h: Added. (JSC::::addIncomingReference): (JSC::::filterIncomingReferences): * heap/GCIncomingRefCountedSet.h: Added. (JSC::GCIncomingRefCountedSet::size): * heap/GCIncomingRefCountedSetInlines.h: Added. (JSC::::GCIncomingRefCountedSet): (JSC::::~GCIncomingRefCountedSet): (JSC::::addReference): (JSC::::sweep): (JSC::::removeAll): (JSC::::removeDead): * heap/Heap.cpp: (JSC::Heap::addReference): (JSC::Heap::extraSize): (JSC::Heap::size): (JSC::Heap::capacity): (JSC::Heap::collect): (JSC::Heap::decrementDeferralDepth): (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): * heap/Heap.h: * interpreter/CallFrame.h: (JSC::ExecState::dataViewTable): * jit/JIT.h: * jit/JITPropertyAccess.cpp: (JSC::JIT::privateCompileGetByVal): (JSC::JIT::privateCompilePutByVal): (JSC::JIT::emitIntTypedArrayGetByVal): (JSC::JIT::emitFloatTypedArrayGetByVal): (JSC::JIT::emitIntTypedArrayPutByVal): (JSC::JIT::emitFloatTypedArrayPutByVal): * jsc.cpp: (GlobalObject::finishCreation): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::ArrayBuffer): (JSC::ArrayBuffer::gcSizeEstimateInBytes): (JSC::ArrayBuffer::pin): (JSC::ArrayBuffer::unpin): (JSC::ArrayBufferContents::tryAllocate): * runtime/ArrayBufferView.cpp: (JSC::ArrayBufferView::ArrayBufferView): (JSC::ArrayBufferView::~ArrayBufferView): (JSC::ArrayBufferView::setNeuterable): * runtime/ArrayBufferView.h: (JSC::ArrayBufferView::isNeutered): (JSC::ArrayBufferView::buffer): (JSC::ArrayBufferView::baseAddress): (JSC::ArrayBufferView::byteOffset): (JSC::ArrayBufferView::verifySubRange): (JSC::ArrayBufferView::clampOffsetAndNumElements): (JSC::ArrayBufferView::calculateOffsetAndLength): * runtime/ClassInfo.h: * runtime/CommonIdentifiers.h: * runtime/DataView.cpp: Added. (JSC::DataView::DataView): (JSC::DataView::create): (JSC::DataView::wrap): * runtime/DataView.h: Added. (JSC::DataView::byteLength): (JSC::DataView::getType): (JSC::DataView::get): (JSC::DataView::set): * runtime/Float32Array.h: * runtime/Float64Array.h: * runtime/GenericTypedArrayView.h: Added. (JSC::GenericTypedArrayView::data): (JSC::GenericTypedArrayView::set): (JSC::GenericTypedArrayView::setRange): (JSC::GenericTypedArrayView::zeroRange): (JSC::GenericTypedArrayView::zeroFill): (JSC::GenericTypedArrayView::length): (JSC::GenericTypedArrayView::byteLength): (JSC::GenericTypedArrayView::item): (JSC::GenericTypedArrayView::checkInboundData): (JSC::GenericTypedArrayView::getType): * runtime/GenericTypedArrayViewInlines.h: Added. (JSC::::GenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::subarray): (JSC::::wrap): * runtime/IndexingHeader.h: (JSC::IndexingHeader::arrayBuffer): (JSC::IndexingHeader::setArrayBuffer): * runtime/Int16Array.h: * runtime/Int32Array.h: * runtime/Int8Array.h: * runtime/JSArrayBuffer.cpp: Added. (JSC::JSArrayBuffer::JSArrayBuffer): (JSC::JSArrayBuffer::finishCreation): (JSC::JSArrayBuffer::create): (JSC::JSArrayBuffer::createStructure): (JSC::JSArrayBuffer::getOwnPropertySlot): (JSC::JSArrayBuffer::getOwnPropertyDescriptor): (JSC::JSArrayBuffer::put): (JSC::JSArrayBuffer::defineOwnProperty): (JSC::JSArrayBuffer::deleteProperty): (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames): * runtime/JSArrayBuffer.h: Added. (JSC::JSArrayBuffer::impl): (JSC::toArrayBuffer): * runtime/JSArrayBufferConstructor.cpp: Added. (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor): (JSC::JSArrayBufferConstructor::finishCreation): (JSC::JSArrayBufferConstructor::create): (JSC::JSArrayBufferConstructor::createStructure): (JSC::constructArrayBuffer): (JSC::JSArrayBufferConstructor::getConstructData): (JSC::JSArrayBufferConstructor::getCallData): * runtime/JSArrayBufferConstructor.h: Added. * runtime/JSArrayBufferPrototype.cpp: Added. (JSC::arrayBufferProtoFuncSlice): (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype): (JSC::JSArrayBufferPrototype::finishCreation): (JSC::JSArrayBufferPrototype::create): (JSC::JSArrayBufferPrototype::createStructure): * runtime/JSArrayBufferPrototype.h: Added. * runtime/JSArrayBufferView.cpp: Added. (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): (JSC::JSArrayBufferView::JSArrayBufferView): (JSC::JSArrayBufferView::finishCreation): (JSC::JSArrayBufferView::getOwnPropertySlot): (JSC::JSArrayBufferView::getOwnPropertyDescriptor): (JSC::JSArrayBufferView::put): (JSC::JSArrayBufferView::defineOwnProperty): (JSC::JSArrayBufferView::deleteProperty): (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames): (JSC::JSArrayBufferView::finalize): * runtime/JSArrayBufferView.h: Added. (JSC::JSArrayBufferView::sizeOf): (JSC::JSArrayBufferView::ConstructionContext::operator!): (JSC::JSArrayBufferView::ConstructionContext::structure): (JSC::JSArrayBufferView::ConstructionContext::vector): (JSC::JSArrayBufferView::ConstructionContext::length): (JSC::JSArrayBufferView::ConstructionContext::mode): (JSC::JSArrayBufferView::ConstructionContext::butterfly): (JSC::JSArrayBufferView::mode): (JSC::JSArrayBufferView::vector): (JSC::JSArrayBufferView::length): (JSC::JSArrayBufferView::offsetOfVector): (JSC::JSArrayBufferView::offsetOfLength): (JSC::JSArrayBufferView::offsetOfMode): * runtime/JSArrayBufferViewInlines.h: Added. (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary): (JSC::JSArrayBufferView::buffer): (JSC::JSArrayBufferView::impl): (JSC::JSArrayBufferView::neuter): (JSC::JSArrayBufferView::byteOffset): * runtime/JSCell.cpp: (JSC::JSCell::slowDownAndWasteMemory): (JSC::JSCell::getTypedArrayImpl): * runtime/JSCell.h: * runtime/JSDataView.cpp: Added. (JSC::JSDataView::JSDataView): (JSC::JSDataView::create): (JSC::JSDataView::createUninitialized): (JSC::JSDataView::set): (JSC::JSDataView::typedImpl): (JSC::JSDataView::getOwnPropertySlot): (JSC::JSDataView::getOwnPropertyDescriptor): (JSC::JSDataView::slowDownAndWasteMemory): (JSC::JSDataView::getTypedArrayImpl): (JSC::JSDataView::createStructure): * runtime/JSDataView.h: Added. * runtime/JSDataViewPrototype.cpp: Added. (JSC::JSDataViewPrototype::JSDataViewPrototype): (JSC::JSDataViewPrototype::create): (JSC::JSDataViewPrototype::createStructure): (JSC::JSDataViewPrototype::getOwnPropertySlot): (JSC::JSDataViewPrototype::getOwnPropertyDescriptor): (JSC::getData): (JSC::setData): (JSC::dataViewProtoFuncGetInt8): (JSC::dataViewProtoFuncGetInt16): (JSC::dataViewProtoFuncGetInt32): (JSC::dataViewProtoFuncGetUint8): (JSC::dataViewProtoFuncGetUint16): (JSC::dataViewProtoFuncGetUint32): (JSC::dataViewProtoFuncGetFloat32): (JSC::dataViewProtoFuncGetFloat64): (JSC::dataViewProtoFuncSetInt8): (JSC::dataViewProtoFuncSetInt16): (JSC::dataViewProtoFuncSetInt32): (JSC::dataViewProtoFuncSetUint8): (JSC::dataViewProtoFuncSetUint16): (JSC::dataViewProtoFuncSetUint32): (JSC::dataViewProtoFuncSetFloat32): (JSC::dataViewProtoFuncSetFloat64): * runtime/JSDataViewPrototype.h: Added. * runtime/JSFloat32Array.h: Added. * runtime/JSFloat64Array.h: Added. * runtime/JSGenericTypedArrayView.h: Added. (JSC::JSGenericTypedArrayView::byteLength): (JSC::JSGenericTypedArrayView::byteSize): (JSC::JSGenericTypedArrayView::typedVector): (JSC::JSGenericTypedArrayView::canGetIndexQuickly): (JSC::JSGenericTypedArrayView::canSetIndexQuickly): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble): (JSC::JSGenericTypedArrayView::getIndexQuickly): (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue): (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble): (JSC::JSGenericTypedArrayView::setIndexQuickly): (JSC::JSGenericTypedArrayView::canAccessRangeQuickly): (JSC::JSGenericTypedArrayView::typedImpl): (JSC::JSGenericTypedArrayView::createStructure): (JSC::JSGenericTypedArrayView::info): (JSC::toNativeTypedView): * runtime/JSGenericTypedArrayViewConstructor.h: Added. * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added. (JSC::::JSGenericTypedArrayViewConstructor): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): (JSC::constructGenericTypedArrayView): (JSC::::getConstructData): (JSC::::getCallData): * runtime/JSGenericTypedArrayViewInlines.h: Added. (JSC::::JSGenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::validateRange): (JSC::::setWithSpecificType): (JSC::::set): (JSC::::getOwnPropertySlot): (JSC::::getOwnPropertyDescriptor): (JSC::::put): (JSC::::defineOwnProperty): (JSC::::deleteProperty): (JSC::::getOwnPropertySlotByIndex): (JSC::::putByIndex): (JSC::::deletePropertyByIndex): (JSC::::getOwnNonIndexPropertyNames): (JSC::::getOwnPropertyNames): (JSC::::visitChildren): (JSC::::copyBackingStore): (JSC::::slowDownAndWasteMemory): (JSC::::getTypedArrayImpl): * runtime/JSGenericTypedArrayViewPrototype.h: Added. * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added. (JSC::genericTypedArrayViewProtoFuncSet): (JSC::genericTypedArrayViewProtoFuncSubarray): (JSC::::JSGenericTypedArrayViewPrototype): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren): * runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype): (JSC::JSGlobalObject::arrayBufferStructure): (JSC::JSGlobalObject::typedArrayStructure): * runtime/JSInt16Array.h: Added. * runtime/JSInt32Array.h: Added. * runtime/JSInt8Array.h: Added. * runtime/JSTypedArrayConstructors.cpp: Added. * runtime/JSTypedArrayConstructors.h: Added. * runtime/JSTypedArrayPrototypes.cpp: Added. * runtime/JSTypedArrayPrototypes.h: Added. * runtime/JSTypedArrays.cpp: Added. * runtime/JSTypedArrays.h: Added. * runtime/JSUint16Array.h: Added. * runtime/JSUint32Array.h: Added. * runtime/JSUint8Array.h: Added. * runtime/JSUint8ClampedArray.h: Added. * runtime/Operations.h: * runtime/Options.h: * runtime/SimpleTypedArrayController.cpp: Added. (JSC::SimpleTypedArrayController::SimpleTypedArrayController): (JSC::SimpleTypedArrayController::~SimpleTypedArrayController): (JSC::SimpleTypedArrayController::toJS): * runtime/SimpleTypedArrayController.h: Added. * runtime/Structure.h: (JSC::Structure::couldHaveIndexingHeader): * runtime/StructureInlines.h: (JSC::Structure::hasIndexingHeader): * runtime/TypedArrayAdaptors.h: Added. (JSC::IntegralTypedArrayAdaptor::toNative): (JSC::IntegralTypedArrayAdaptor::toJSValue): (JSC::IntegralTypedArrayAdaptor::toDouble): (JSC::FloatTypedArrayAdaptor::toNative): (JSC::FloatTypedArrayAdaptor::toJSValue): (JSC::FloatTypedArrayAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::toNative): (JSC::Uint8ClampedAdaptor::toJSValue): (JSC::Uint8ClampedAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::clamp): * runtime/TypedArrayController.cpp: Added. (JSC::TypedArrayController::TypedArrayController): (JSC::TypedArrayController::~TypedArrayController): * runtime/TypedArrayController.h: Added. * runtime/TypedArrayDescriptor.h: Removed. * runtime/TypedArrayInlines.h: Added. * runtime/TypedArrayType.cpp: Added. (JSC::classInfoForType): (WTF::printInternal): * runtime/TypedArrayType.h: Added. (JSC::toIndex): (JSC::isTypedView): (JSC::elementSize): (JSC::isInt): (JSC::isFloat): (JSC::isSigned): (JSC::isClamped): * runtime/TypedArrays.h: Added. * runtime/Uint16Array.h: * runtime/Uint32Array.h: * runtime/Uint8Array.h: * runtime/Uint8ClampedArray.h: * runtime/VM.cpp: (JSC::VM::VM): (JSC::VM::~VM): * runtime/VM.h: Source/WebCore: Reviewed by Oliver Hunt. Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a client of them. There is only one layering violation: WebCore installs a WebCoreTypedArrayController on VM, which makes the ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default, JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer alive but if ArrayBuffer is kept alive from native code then the JSArrayByffer may die. WebCoreTypedArrayController will keep the JSArrayBuffer alive if the ArrayBuffer is in the opaque root set. To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is changed to make most references to wrappers refer to JSObject* rather than JSDOMWrapper*. Array buffer views are now transient; the JS array buffer view wrappers don't own them or keep them alive. This required a bunch of changes to make bindings code use RefPtr<ArrayBufferView> to hold onto their views. Also there is a bunch of new code to make JSC-provided array buffers and views obey the toJS/to<ClassName> idiom for wrapping and unwrapping. Finally, the DataView API is now completely different: the JSDataView provides the same user-visible JS API but using its own internal magic; the C++ code that uses DataView now uses a rather different API that is not aware of usual DOM semantics, since it's in JSC and not WebCore. It's equally useful for all of WebCore's purposes, but some code had to change to adapt the new conventions. Some tests have been changed or rebased due to changes in behavior, that bring us into conformance with where the standards are going and allow us to match Firefox behavior. Automake work and some additional GTK changes courtesy of Zan Dobersek <zdobersek@igalia.com>. Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>. * CMakeLists.txt: * DerivedSources.make: * ForwardingHeaders/runtime/DataView.h: Added. * ForwardingHeaders/runtime/JSArrayBuffer.h: Added. * ForwardingHeaders/runtime/JSArrayBufferView.h: Added. * ForwardingHeaders/runtime/JSDataView.h: Added. * ForwardingHeaders/runtime/JSTypedArrays.h: Added. * ForwardingHeaders/runtime/TypedArrayController.h: Added. * ForwardingHeaders/runtime/TypedArrayInlines.h: Added. * ForwardingHeaders/runtime/TypedArrays.h: Added. * GNUmakefile.list.am: * Modules/webaudio/RealtimeAnalyser.h: * Target.pri: * UseJSC.cmake: * WebCore.exp.in: * WebCore.vcxproj/WebCore.vcxproj: * WebCore.xcodeproj/project.pbxproj: * bindings/js/DOMWrapperWorld.h: * bindings/js/JSArrayBufferCustom.cpp: Removed. * bindings/js/JSArrayBufferViewHelper.h: Removed. * bindings/js/JSAudioContextCustom.cpp: * bindings/js/JSBindingsAllInOne.cpp: * bindings/js/JSBlobCustom.cpp: * bindings/js/JSCSSRuleCustom.cpp: (WebCore::toJS): * bindings/js/JSCSSValueCustom.cpp: (WebCore::toJS): * bindings/js/JSCryptoCustom.cpp: (WebCore::JSCrypto::getRandomValues): * bindings/js/JSDOMBinding.h: (WebCore::wrapperOwner): (WebCore::wrapperContext): (WebCore::getInlineCachedWrapper): (WebCore::setInlineCachedWrapper): (WebCore::clearInlineCachedWrapper): (WebCore::getCachedWrapper): (WebCore::cacheWrapper): (WebCore::uncacheWrapper): (WebCore::wrap): (WebCore::toJS): (WebCore::toArrayBufferView): (WebCore::toInt8Array): (WebCore::toInt16Array): (WebCore::toInt32Array): (WebCore::toUint8Array): (WebCore::toUint8ClampedArray): (WebCore::toUint16Array): (WebCore::toUint32Array): (WebCore::toFloat32Array): (WebCore::toFloat64Array): (WebCore::toDataView): * bindings/js/JSDataViewCustom.cpp: Removed. * bindings/js/JSDictionary.cpp: * bindings/js/JSDictionary.h: * bindings/js/JSDocumentCustom.cpp: (WebCore::JSDocument::location): (WebCore::toJS): * bindings/js/JSEventCustom.cpp: (WebCore::toJS): * bindings/js/JSFileReaderCustom.cpp: * bindings/js/JSHTMLCollectionCustom.cpp: (WebCore::toJS): * bindings/js/JSHTMLTemplateElementCustom.cpp: (WebCore::JSHTMLTemplateElement::content): * bindings/js/JSImageDataCustom.cpp: (WebCore::toJS): * bindings/js/JSInjectedScriptHostCustom.cpp: * bindings/js/JSMessageEventCustom.cpp: * bindings/js/JSMessagePortCustom.cpp: * bindings/js/JSSVGPathSegCustom.cpp: (WebCore::toJS): * bindings/js/JSStyleSheetCustom.cpp: (WebCore::toJS): * bindings/js/JSTrackCustom.cpp: (WebCore::toJS): * bindings/js/JSWebGLRenderingContextCustom.cpp: * bindings/js/JSXMLHttpRequestCustom.cpp: (WebCore::JSXMLHttpRequest::send): * bindings/js/SerializedScriptValue.cpp: (WebCore::SerializedScriptValue::transferArrayBuffers): * bindings/js/WebCoreJSClientData.h: (WebCore::initNormalWorldClientData): * bindings/js/WebCoreTypedArrayController.cpp: Added. (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::toJS): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize): * bindings/js/WebCoreTypedArrayController.h: Added. (WebCore::WebCoreTypedArrayController::wrapperOwner): * bindings/scripts/CodeGenerator.pm: (ForAllParents): (ParseInterface): (SkipIncludeHeader): (IsTypedArrayType): (IsWrapperType): * bindings/scripts/CodeGeneratorJS.pm: (AddIncludesForType): (GenerateHeader): (GenerateImplementation): (GenerateParametersCheck): (GetNativeType): (JSValueToNative): (NativeToJSValue): (GenerateConstructorDefinition): (GenerateConstructorHelperMethods): * fileapi/WebKitBlobBuilder.cpp: (WebCore::BlobBuilder::append): * fileapi/WebKitBlobBuilder.h: * html/canvas/ArrayBuffer.idl: Removed. * html/canvas/ArrayBufferView.idl: Removed. * html/canvas/DataView.cpp: Removed. * html/canvas/DataView.h: Removed. * html/canvas/DataView.idl: Removed. * html/canvas/Float32Array.idl: Removed. * html/canvas/Float64Array.idl: Removed. * html/canvas/Int16Array.idl: Removed. * html/canvas/Int32Array.idl: Removed. * html/canvas/Int8Array.idl: Removed. * html/canvas/Uint16Array.idl: Removed. * html/canvas/Uint32Array.idl: Removed. * html/canvas/Uint8Array.idl: Removed. * html/canvas/Uint8ClampedArray.idl: Removed. * html/canvas/WebGLRenderingContext.cpp: (WebCore::WebGLRenderingContext::readPixels): (WebCore::WebGLRenderingContext::validateTexFuncData): * page/Crypto.cpp: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource): (WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData): * platform/graphics/filters/FECustomFilter.h: * platform/graphics/filters/FEGaussianBlur.cpp: * platform/graphics/filters/FilterEffect.cpp: * testing/MockCDM.cpp: Source/WebKit2: Reviewed by Oliver Hunt. You don't need to include JSUint8Array anymore if you just want to unwrap one; JSDOMBinding gives you all of the things you need. * WebProcess/InjectedBundle/InjectedBundle.cpp: Source/WTF: Reviewed by Oliver Hunt. - Added the notion of a reference counted object that can be marked Deferred, which is like a special-purpose upref. - Added a common byte flipper. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * GNUmakefile.list.am: * WTF.xcodeproj/project.pbxproj: * wtf/DeferrableRefCounted.h: Added. (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::hasOneRef): (WTF::DeferrableRefCountedBase::refCount): (WTF::DeferrableRefCountedBase::isDeferred): (WTF::DeferrableRefCountedBase::DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCountedBase::setIsDeferredBase): (WTF::DeferrableRefCounted::deref): (WTF::DeferrableRefCounted::setIsDeferred): (WTF::DeferrableRefCounted::DeferrableRefCounted): (WTF::DeferrableRefCounted::~DeferrableRefCounted): * wtf/FlipBytes.h: Added. (WTF::needToFlipBytesIfLittleEndian): (WTF::flipBytes): (WTF::flipBytesIfLittleEndian): LayoutTests: Reviewed by Oliver Hunt. * fast/canvas/webgl/array-set-invalid-arguments-expected.txt: * fast/canvas/webgl/array-set-out-of-bounds-expected.txt: * fast/canvas/webgl/array-unit-tests-expected.txt: * fast/canvas/webgl/array-unit-tests.html: * fast/canvas/webgl/data-view-crash-expected.txt: * fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js: (checkView): * fast/dom/call-a-constructor-as-a-function-expected.txt: * fast/dom/call-a-constructor-as-a-function.html: * fast/js/constructor-length.html: * fast/js/global-constructors-attributes-dedicated-worker-expected.txt: * fast/js/global-constructors-attributes-expected.txt: * fast/js/global-constructors-attributes-shared-worker-expected.txt: * fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added. * fast/js/regress/Int32Array-alloc-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-huge.html: Added. * fast/js/regress/Int32Array-alloc-large-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-large.html: Added. * fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-long-lived.html: Added. * fast/js/regress/Int32Array-alloc.html: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc.js: Added. * platform/mac/fast/js/constructor-length-expected.txt: * webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html: * webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html: Canonical link: https://commits.webkit.org/137806@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-08-15 20:43:06 +00:00
};
template<typename T>
class DeferrableRefCounted : public DeferrableRefCountedBase {
WTF_MAKE_NONCOPYABLE(DeferrableRefCounted); WTF_MAKE_FAST_ALLOCATED;
public:
[Fetch API] Use Ref<const T> in FetchBody::m_data variant https://bugs.webkit.org/show_bug.cgi?id=162599 Patch by Youenn Fablet <youenn@apple.com> on 2016-09-27 Reviewed by Alex Christensen. Source/WebCore: Covered by existing tests. Using Ref<const T> for all variants of m_data except for FormData since FetchBody is actually creating it and may modifiy it. Updating blob loading code path to use a const Blob& instead of a Blob&. * Modules/fetch/FetchBody.cpp: (WebCore::FetchBody::FetchBody): (WebCore::FetchBody::extract): (WebCore::FetchBody::clone): * Modules/fetch/FetchBody.h: (WebCore::FetchBody::blobBody): (WebCore::FetchBody::arrayBufferBody): (WebCore::FetchBody::arrayBufferViewBody): * Modules/fetch/FetchBodyOwner.cpp: (WebCore::FetchBodyOwner::loadBlob): * Modules/fetch/FetchBodyOwner.h: * Modules/fetch/FetchLoader.cpp: (WebCore::FetchLoader::start): * Modules/fetch/FetchLoader.h: Source/WTF: Enabling to use DeferrableRefCounted<const T> by making m_refCount mutable. * wtf/DeferrableRefCounted.h: (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCounted::deref): Canonical link: https://commits.webkit.org/180554@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@206438 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-09-27 16:47:49 +00:00
void deref() const
Typed arrays should be rewritten https://bugs.webkit.org/show_bug.cgi?id=119064 .: Reviewed by Oliver Hunt. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * Source/autotools/symbols.filter: Source/JavaScriptCore: Reviewed by Oliver Hunt. Typed arrays were previously deficient in several major ways: - They were defined separately in WebCore and in the jsc shell. The two implementations were different, and the jsc shell one was basically wrong. The WebCore one was quite awful, also. - Typed arrays were not visible to the JIT except through some weird hooks. For example, the JIT could not ask "what is the Structure that this typed array would have if I just allocated it from this global object". Also, it was difficult to wire any of the typed array intrinsics, because most of the functionality wasn't visible anywhere in JSC. - Typed array allocation was brain-dead. Allocating a typed array involved two JS objects, two GC weak handles, and three malloc allocations. - Neutering. It involved keeping tabs on all native views but not the view wrappers, even though the native views can autoneuter just by asking the buffer if it was neutered anytime you touch them; while the JS view wrappers are the ones that you really want to reach out to. - Common case-ing. Most typed arrays have one buffer and one view, and usually nobody touches the buffer. Yet we created all of that stuff anyway, using data structures optimized for the case where you had a lot of views. - Semantic goofs. Typed arrays should, in the future, behave like ES features rather than DOM features, for example when it comes to exceptions. Firefox already does this and I agree with them. This patch cleanses our codebase of these sins: - Typed arrays are almost entirely defined in JSC. Only the lifecycle management of native references to buffers is left to WebCore. - Allocating a typed array requires either two GC allocations (a cell and a copied storage vector) or one GC allocation, a malloc allocation, and a weak handle (a cell and a malloc'd storage vector, plus a finalizer for the latter). The latter is only used for oversize arrays. Remember that before it was 7 allocations no matter what. - Typed arrays require just 4 words of overhead: Structure*, Butterfly*, mode/length, void* vector. Before it was a lot more than that - remember, there were five additional objects that did absolutely nothing for anybody. - Native views aren't tracked by the buffer, or by the wrappers. They are transient. In the future we'll probably switch to not even having them be malloc'd. - Native array buffers have an efficient way of tracking all of their JS view wrappers, both for neutering, and for lifecycle management. The GC special-cases native array buffers. This saves a bunch of grief; for example it means that a JS view wrapper can refer to its buffer via the butterfly, which would be dead by the time we went to finalize. - Typed array semantics now match Firefox, which also happens to be where the standards are going. The discussion on webkit-dev seemed to confirm that Chrome is also heading in this direction. This includes making Uint8ClampedArray not a subtype of Uint8Array, and getting rid of ArrayBufferView as a JS-visible construct. This is up to a 10x speed-up on programs that allocate a lot of typed arrays. It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for further typed array optimizations in the JSC JITs, including inlining typed array allocation, inlining more of the accessors, reducing the cost of type checks, etc. An additional property of this patch is that typed arrays are mostly implemented using templates. This deduplicates a bunch of code, but does mean that we need some hacks for exporting s_info's of template classes. See JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly low-impact compared to code duplication. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * CMakeLists.txt: * DerivedSources.make: * GNUmakefile.list.am: * JSCTypedArrayStubs.h: Removed. * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * bytecode/ByValInfo.h: (JSC::hasOptimizableIndexingForClassInfo): (JSC::jitArrayModeForClassInfo): (JSC::typedArrayTypeForJITArrayMode): * bytecode/SpeculatedType.cpp: (JSC::speculationFromClassInfo): * dfg/DFGArrayMode.cpp: (JSC::DFG::toTypedArrayType): * dfg/DFGArrayMode.h: (JSC::DFG::ArrayMode::typedArrayType): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetArrayLength): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * heap/CopyToken.h: * heap/DeferGC.h: (JSC::DeferGCForAWhile::DeferGCForAWhile): (JSC::DeferGCForAWhile::~DeferGCForAWhile): * heap/GCIncomingRefCounted.h: Added. (JSC::GCIncomingRefCounted::GCIncomingRefCounted): (JSC::GCIncomingRefCounted::~GCIncomingRefCounted): (JSC::GCIncomingRefCounted::numberOfIncomingReferences): (JSC::GCIncomingRefCounted::incomingReferenceAt): (JSC::GCIncomingRefCounted::singletonFlag): (JSC::GCIncomingRefCounted::hasVectorOfCells): (JSC::GCIncomingRefCounted::hasAnyIncoming): (JSC::GCIncomingRefCounted::hasSingleton): (JSC::GCIncomingRefCounted::singleton): (JSC::GCIncomingRefCounted::vectorOfCells): * heap/GCIncomingRefCountedInlines.h: Added. (JSC::::addIncomingReference): (JSC::::filterIncomingReferences): * heap/GCIncomingRefCountedSet.h: Added. (JSC::GCIncomingRefCountedSet::size): * heap/GCIncomingRefCountedSetInlines.h: Added. (JSC::::GCIncomingRefCountedSet): (JSC::::~GCIncomingRefCountedSet): (JSC::::addReference): (JSC::::sweep): (JSC::::removeAll): (JSC::::removeDead): * heap/Heap.cpp: (JSC::Heap::addReference): (JSC::Heap::extraSize): (JSC::Heap::size): (JSC::Heap::capacity): (JSC::Heap::collect): (JSC::Heap::decrementDeferralDepth): (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): * heap/Heap.h: * interpreter/CallFrame.h: (JSC::ExecState::dataViewTable): * jit/JIT.h: * jit/JITPropertyAccess.cpp: (JSC::JIT::privateCompileGetByVal): (JSC::JIT::privateCompilePutByVal): (JSC::JIT::emitIntTypedArrayGetByVal): (JSC::JIT::emitFloatTypedArrayGetByVal): (JSC::JIT::emitIntTypedArrayPutByVal): (JSC::JIT::emitFloatTypedArrayPutByVal): * jsc.cpp: (GlobalObject::finishCreation): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::ArrayBuffer): (JSC::ArrayBuffer::gcSizeEstimateInBytes): (JSC::ArrayBuffer::pin): (JSC::ArrayBuffer::unpin): (JSC::ArrayBufferContents::tryAllocate): * runtime/ArrayBufferView.cpp: (JSC::ArrayBufferView::ArrayBufferView): (JSC::ArrayBufferView::~ArrayBufferView): (JSC::ArrayBufferView::setNeuterable): * runtime/ArrayBufferView.h: (JSC::ArrayBufferView::isNeutered): (JSC::ArrayBufferView::buffer): (JSC::ArrayBufferView::baseAddress): (JSC::ArrayBufferView::byteOffset): (JSC::ArrayBufferView::verifySubRange): (JSC::ArrayBufferView::clampOffsetAndNumElements): (JSC::ArrayBufferView::calculateOffsetAndLength): * runtime/ClassInfo.h: * runtime/CommonIdentifiers.h: * runtime/DataView.cpp: Added. (JSC::DataView::DataView): (JSC::DataView::create): (JSC::DataView::wrap): * runtime/DataView.h: Added. (JSC::DataView::byteLength): (JSC::DataView::getType): (JSC::DataView::get): (JSC::DataView::set): * runtime/Float32Array.h: * runtime/Float64Array.h: * runtime/GenericTypedArrayView.h: Added. (JSC::GenericTypedArrayView::data): (JSC::GenericTypedArrayView::set): (JSC::GenericTypedArrayView::setRange): (JSC::GenericTypedArrayView::zeroRange): (JSC::GenericTypedArrayView::zeroFill): (JSC::GenericTypedArrayView::length): (JSC::GenericTypedArrayView::byteLength): (JSC::GenericTypedArrayView::item): (JSC::GenericTypedArrayView::checkInboundData): (JSC::GenericTypedArrayView::getType): * runtime/GenericTypedArrayViewInlines.h: Added. (JSC::::GenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::subarray): (JSC::::wrap): * runtime/IndexingHeader.h: (JSC::IndexingHeader::arrayBuffer): (JSC::IndexingHeader::setArrayBuffer): * runtime/Int16Array.h: * runtime/Int32Array.h: * runtime/Int8Array.h: * runtime/JSArrayBuffer.cpp: Added. (JSC::JSArrayBuffer::JSArrayBuffer): (JSC::JSArrayBuffer::finishCreation): (JSC::JSArrayBuffer::create): (JSC::JSArrayBuffer::createStructure): (JSC::JSArrayBuffer::getOwnPropertySlot): (JSC::JSArrayBuffer::getOwnPropertyDescriptor): (JSC::JSArrayBuffer::put): (JSC::JSArrayBuffer::defineOwnProperty): (JSC::JSArrayBuffer::deleteProperty): (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames): * runtime/JSArrayBuffer.h: Added. (JSC::JSArrayBuffer::impl): (JSC::toArrayBuffer): * runtime/JSArrayBufferConstructor.cpp: Added. (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor): (JSC::JSArrayBufferConstructor::finishCreation): (JSC::JSArrayBufferConstructor::create): (JSC::JSArrayBufferConstructor::createStructure): (JSC::constructArrayBuffer): (JSC::JSArrayBufferConstructor::getConstructData): (JSC::JSArrayBufferConstructor::getCallData): * runtime/JSArrayBufferConstructor.h: Added. * runtime/JSArrayBufferPrototype.cpp: Added. (JSC::arrayBufferProtoFuncSlice): (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype): (JSC::JSArrayBufferPrototype::finishCreation): (JSC::JSArrayBufferPrototype::create): (JSC::JSArrayBufferPrototype::createStructure): * runtime/JSArrayBufferPrototype.h: Added. * runtime/JSArrayBufferView.cpp: Added. (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): (JSC::JSArrayBufferView::JSArrayBufferView): (JSC::JSArrayBufferView::finishCreation): (JSC::JSArrayBufferView::getOwnPropertySlot): (JSC::JSArrayBufferView::getOwnPropertyDescriptor): (JSC::JSArrayBufferView::put): (JSC::JSArrayBufferView::defineOwnProperty): (JSC::JSArrayBufferView::deleteProperty): (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames): (JSC::JSArrayBufferView::finalize): * runtime/JSArrayBufferView.h: Added. (JSC::JSArrayBufferView::sizeOf): (JSC::JSArrayBufferView::ConstructionContext::operator!): (JSC::JSArrayBufferView::ConstructionContext::structure): (JSC::JSArrayBufferView::ConstructionContext::vector): (JSC::JSArrayBufferView::ConstructionContext::length): (JSC::JSArrayBufferView::ConstructionContext::mode): (JSC::JSArrayBufferView::ConstructionContext::butterfly): (JSC::JSArrayBufferView::mode): (JSC::JSArrayBufferView::vector): (JSC::JSArrayBufferView::length): (JSC::JSArrayBufferView::offsetOfVector): (JSC::JSArrayBufferView::offsetOfLength): (JSC::JSArrayBufferView::offsetOfMode): * runtime/JSArrayBufferViewInlines.h: Added. (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary): (JSC::JSArrayBufferView::buffer): (JSC::JSArrayBufferView::impl): (JSC::JSArrayBufferView::neuter): (JSC::JSArrayBufferView::byteOffset): * runtime/JSCell.cpp: (JSC::JSCell::slowDownAndWasteMemory): (JSC::JSCell::getTypedArrayImpl): * runtime/JSCell.h: * runtime/JSDataView.cpp: Added. (JSC::JSDataView::JSDataView): (JSC::JSDataView::create): (JSC::JSDataView::createUninitialized): (JSC::JSDataView::set): (JSC::JSDataView::typedImpl): (JSC::JSDataView::getOwnPropertySlot): (JSC::JSDataView::getOwnPropertyDescriptor): (JSC::JSDataView::slowDownAndWasteMemory): (JSC::JSDataView::getTypedArrayImpl): (JSC::JSDataView::createStructure): * runtime/JSDataView.h: Added. * runtime/JSDataViewPrototype.cpp: Added. (JSC::JSDataViewPrototype::JSDataViewPrototype): (JSC::JSDataViewPrototype::create): (JSC::JSDataViewPrototype::createStructure): (JSC::JSDataViewPrototype::getOwnPropertySlot): (JSC::JSDataViewPrototype::getOwnPropertyDescriptor): (JSC::getData): (JSC::setData): (JSC::dataViewProtoFuncGetInt8): (JSC::dataViewProtoFuncGetInt16): (JSC::dataViewProtoFuncGetInt32): (JSC::dataViewProtoFuncGetUint8): (JSC::dataViewProtoFuncGetUint16): (JSC::dataViewProtoFuncGetUint32): (JSC::dataViewProtoFuncGetFloat32): (JSC::dataViewProtoFuncGetFloat64): (JSC::dataViewProtoFuncSetInt8): (JSC::dataViewProtoFuncSetInt16): (JSC::dataViewProtoFuncSetInt32): (JSC::dataViewProtoFuncSetUint8): (JSC::dataViewProtoFuncSetUint16): (JSC::dataViewProtoFuncSetUint32): (JSC::dataViewProtoFuncSetFloat32): (JSC::dataViewProtoFuncSetFloat64): * runtime/JSDataViewPrototype.h: Added. * runtime/JSFloat32Array.h: Added. * runtime/JSFloat64Array.h: Added. * runtime/JSGenericTypedArrayView.h: Added. (JSC::JSGenericTypedArrayView::byteLength): (JSC::JSGenericTypedArrayView::byteSize): (JSC::JSGenericTypedArrayView::typedVector): (JSC::JSGenericTypedArrayView::canGetIndexQuickly): (JSC::JSGenericTypedArrayView::canSetIndexQuickly): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble): (JSC::JSGenericTypedArrayView::getIndexQuickly): (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue): (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble): (JSC::JSGenericTypedArrayView::setIndexQuickly): (JSC::JSGenericTypedArrayView::canAccessRangeQuickly): (JSC::JSGenericTypedArrayView::typedImpl): (JSC::JSGenericTypedArrayView::createStructure): (JSC::JSGenericTypedArrayView::info): (JSC::toNativeTypedView): * runtime/JSGenericTypedArrayViewConstructor.h: Added. * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added. (JSC::::JSGenericTypedArrayViewConstructor): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): (JSC::constructGenericTypedArrayView): (JSC::::getConstructData): (JSC::::getCallData): * runtime/JSGenericTypedArrayViewInlines.h: Added. (JSC::::JSGenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::validateRange): (JSC::::setWithSpecificType): (JSC::::set): (JSC::::getOwnPropertySlot): (JSC::::getOwnPropertyDescriptor): (JSC::::put): (JSC::::defineOwnProperty): (JSC::::deleteProperty): (JSC::::getOwnPropertySlotByIndex): (JSC::::putByIndex): (JSC::::deletePropertyByIndex): (JSC::::getOwnNonIndexPropertyNames): (JSC::::getOwnPropertyNames): (JSC::::visitChildren): (JSC::::copyBackingStore): (JSC::::slowDownAndWasteMemory): (JSC::::getTypedArrayImpl): * runtime/JSGenericTypedArrayViewPrototype.h: Added. * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added. (JSC::genericTypedArrayViewProtoFuncSet): (JSC::genericTypedArrayViewProtoFuncSubarray): (JSC::::JSGenericTypedArrayViewPrototype): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren): * runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype): (JSC::JSGlobalObject::arrayBufferStructure): (JSC::JSGlobalObject::typedArrayStructure): * runtime/JSInt16Array.h: Added. * runtime/JSInt32Array.h: Added. * runtime/JSInt8Array.h: Added. * runtime/JSTypedArrayConstructors.cpp: Added. * runtime/JSTypedArrayConstructors.h: Added. * runtime/JSTypedArrayPrototypes.cpp: Added. * runtime/JSTypedArrayPrototypes.h: Added. * runtime/JSTypedArrays.cpp: Added. * runtime/JSTypedArrays.h: Added. * runtime/JSUint16Array.h: Added. * runtime/JSUint32Array.h: Added. * runtime/JSUint8Array.h: Added. * runtime/JSUint8ClampedArray.h: Added. * runtime/Operations.h: * runtime/Options.h: * runtime/SimpleTypedArrayController.cpp: Added. (JSC::SimpleTypedArrayController::SimpleTypedArrayController): (JSC::SimpleTypedArrayController::~SimpleTypedArrayController): (JSC::SimpleTypedArrayController::toJS): * runtime/SimpleTypedArrayController.h: Added. * runtime/Structure.h: (JSC::Structure::couldHaveIndexingHeader): * runtime/StructureInlines.h: (JSC::Structure::hasIndexingHeader): * runtime/TypedArrayAdaptors.h: Added. (JSC::IntegralTypedArrayAdaptor::toNative): (JSC::IntegralTypedArrayAdaptor::toJSValue): (JSC::IntegralTypedArrayAdaptor::toDouble): (JSC::FloatTypedArrayAdaptor::toNative): (JSC::FloatTypedArrayAdaptor::toJSValue): (JSC::FloatTypedArrayAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::toNative): (JSC::Uint8ClampedAdaptor::toJSValue): (JSC::Uint8ClampedAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::clamp): * runtime/TypedArrayController.cpp: Added. (JSC::TypedArrayController::TypedArrayController): (JSC::TypedArrayController::~TypedArrayController): * runtime/TypedArrayController.h: Added. * runtime/TypedArrayDescriptor.h: Removed. * runtime/TypedArrayInlines.h: Added. * runtime/TypedArrayType.cpp: Added. (JSC::classInfoForType): (WTF::printInternal): * runtime/TypedArrayType.h: Added. (JSC::toIndex): (JSC::isTypedView): (JSC::elementSize): (JSC::isInt): (JSC::isFloat): (JSC::isSigned): (JSC::isClamped): * runtime/TypedArrays.h: Added. * runtime/Uint16Array.h: * runtime/Uint32Array.h: * runtime/Uint8Array.h: * runtime/Uint8ClampedArray.h: * runtime/VM.cpp: (JSC::VM::VM): (JSC::VM::~VM): * runtime/VM.h: Source/WebCore: Reviewed by Oliver Hunt. Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a client of them. There is only one layering violation: WebCore installs a WebCoreTypedArrayController on VM, which makes the ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default, JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer alive but if ArrayBuffer is kept alive from native code then the JSArrayByffer may die. WebCoreTypedArrayController will keep the JSArrayBuffer alive if the ArrayBuffer is in the opaque root set. To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is changed to make most references to wrappers refer to JSObject* rather than JSDOMWrapper*. Array buffer views are now transient; the JS array buffer view wrappers don't own them or keep them alive. This required a bunch of changes to make bindings code use RefPtr<ArrayBufferView> to hold onto their views. Also there is a bunch of new code to make JSC-provided array buffers and views obey the toJS/to<ClassName> idiom for wrapping and unwrapping. Finally, the DataView API is now completely different: the JSDataView provides the same user-visible JS API but using its own internal magic; the C++ code that uses DataView now uses a rather different API that is not aware of usual DOM semantics, since it's in JSC and not WebCore. It's equally useful for all of WebCore's purposes, but some code had to change to adapt the new conventions. Some tests have been changed or rebased due to changes in behavior, that bring us into conformance with where the standards are going and allow us to match Firefox behavior. Automake work and some additional GTK changes courtesy of Zan Dobersek <zdobersek@igalia.com>. Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>. * CMakeLists.txt: * DerivedSources.make: * ForwardingHeaders/runtime/DataView.h: Added. * ForwardingHeaders/runtime/JSArrayBuffer.h: Added. * ForwardingHeaders/runtime/JSArrayBufferView.h: Added. * ForwardingHeaders/runtime/JSDataView.h: Added. * ForwardingHeaders/runtime/JSTypedArrays.h: Added. * ForwardingHeaders/runtime/TypedArrayController.h: Added. * ForwardingHeaders/runtime/TypedArrayInlines.h: Added. * ForwardingHeaders/runtime/TypedArrays.h: Added. * GNUmakefile.list.am: * Modules/webaudio/RealtimeAnalyser.h: * Target.pri: * UseJSC.cmake: * WebCore.exp.in: * WebCore.vcxproj/WebCore.vcxproj: * WebCore.xcodeproj/project.pbxproj: * bindings/js/DOMWrapperWorld.h: * bindings/js/JSArrayBufferCustom.cpp: Removed. * bindings/js/JSArrayBufferViewHelper.h: Removed. * bindings/js/JSAudioContextCustom.cpp: * bindings/js/JSBindingsAllInOne.cpp: * bindings/js/JSBlobCustom.cpp: * bindings/js/JSCSSRuleCustom.cpp: (WebCore::toJS): * bindings/js/JSCSSValueCustom.cpp: (WebCore::toJS): * bindings/js/JSCryptoCustom.cpp: (WebCore::JSCrypto::getRandomValues): * bindings/js/JSDOMBinding.h: (WebCore::wrapperOwner): (WebCore::wrapperContext): (WebCore::getInlineCachedWrapper): (WebCore::setInlineCachedWrapper): (WebCore::clearInlineCachedWrapper): (WebCore::getCachedWrapper): (WebCore::cacheWrapper): (WebCore::uncacheWrapper): (WebCore::wrap): (WebCore::toJS): (WebCore::toArrayBufferView): (WebCore::toInt8Array): (WebCore::toInt16Array): (WebCore::toInt32Array): (WebCore::toUint8Array): (WebCore::toUint8ClampedArray): (WebCore::toUint16Array): (WebCore::toUint32Array): (WebCore::toFloat32Array): (WebCore::toFloat64Array): (WebCore::toDataView): * bindings/js/JSDataViewCustom.cpp: Removed. * bindings/js/JSDictionary.cpp: * bindings/js/JSDictionary.h: * bindings/js/JSDocumentCustom.cpp: (WebCore::JSDocument::location): (WebCore::toJS): * bindings/js/JSEventCustom.cpp: (WebCore::toJS): * bindings/js/JSFileReaderCustom.cpp: * bindings/js/JSHTMLCollectionCustom.cpp: (WebCore::toJS): * bindings/js/JSHTMLTemplateElementCustom.cpp: (WebCore::JSHTMLTemplateElement::content): * bindings/js/JSImageDataCustom.cpp: (WebCore::toJS): * bindings/js/JSInjectedScriptHostCustom.cpp: * bindings/js/JSMessageEventCustom.cpp: * bindings/js/JSMessagePortCustom.cpp: * bindings/js/JSSVGPathSegCustom.cpp: (WebCore::toJS): * bindings/js/JSStyleSheetCustom.cpp: (WebCore::toJS): * bindings/js/JSTrackCustom.cpp: (WebCore::toJS): * bindings/js/JSWebGLRenderingContextCustom.cpp: * bindings/js/JSXMLHttpRequestCustom.cpp: (WebCore::JSXMLHttpRequest::send): * bindings/js/SerializedScriptValue.cpp: (WebCore::SerializedScriptValue::transferArrayBuffers): * bindings/js/WebCoreJSClientData.h: (WebCore::initNormalWorldClientData): * bindings/js/WebCoreTypedArrayController.cpp: Added. (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::toJS): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize): * bindings/js/WebCoreTypedArrayController.h: Added. (WebCore::WebCoreTypedArrayController::wrapperOwner): * bindings/scripts/CodeGenerator.pm: (ForAllParents): (ParseInterface): (SkipIncludeHeader): (IsTypedArrayType): (IsWrapperType): * bindings/scripts/CodeGeneratorJS.pm: (AddIncludesForType): (GenerateHeader): (GenerateImplementation): (GenerateParametersCheck): (GetNativeType): (JSValueToNative): (NativeToJSValue): (GenerateConstructorDefinition): (GenerateConstructorHelperMethods): * fileapi/WebKitBlobBuilder.cpp: (WebCore::BlobBuilder::append): * fileapi/WebKitBlobBuilder.h: * html/canvas/ArrayBuffer.idl: Removed. * html/canvas/ArrayBufferView.idl: Removed. * html/canvas/DataView.cpp: Removed. * html/canvas/DataView.h: Removed. * html/canvas/DataView.idl: Removed. * html/canvas/Float32Array.idl: Removed. * html/canvas/Float64Array.idl: Removed. * html/canvas/Int16Array.idl: Removed. * html/canvas/Int32Array.idl: Removed. * html/canvas/Int8Array.idl: Removed. * html/canvas/Uint16Array.idl: Removed. * html/canvas/Uint32Array.idl: Removed. * html/canvas/Uint8Array.idl: Removed. * html/canvas/Uint8ClampedArray.idl: Removed. * html/canvas/WebGLRenderingContext.cpp: (WebCore::WebGLRenderingContext::readPixels): (WebCore::WebGLRenderingContext::validateTexFuncData): * page/Crypto.cpp: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource): (WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData): * platform/graphics/filters/FECustomFilter.h: * platform/graphics/filters/FEGaussianBlur.cpp: * platform/graphics/filters/FilterEffect.cpp: * testing/MockCDM.cpp: Source/WebKit2: Reviewed by Oliver Hunt. You don't need to include JSUint8Array anymore if you just want to unwrap one; JSDOMBinding gives you all of the things you need. * WebProcess/InjectedBundle/InjectedBundle.cpp: Source/WTF: Reviewed by Oliver Hunt. - Added the notion of a reference counted object that can be marked Deferred, which is like a special-purpose upref. - Added a common byte flipper. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * GNUmakefile.list.am: * WTF.xcodeproj/project.pbxproj: * wtf/DeferrableRefCounted.h: Added. (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::hasOneRef): (WTF::DeferrableRefCountedBase::refCount): (WTF::DeferrableRefCountedBase::isDeferred): (WTF::DeferrableRefCountedBase::DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCountedBase::setIsDeferredBase): (WTF::DeferrableRefCounted::deref): (WTF::DeferrableRefCounted::setIsDeferred): (WTF::DeferrableRefCounted::DeferrableRefCounted): (WTF::DeferrableRefCounted::~DeferrableRefCounted): * wtf/FlipBytes.h: Added. (WTF::needToFlipBytesIfLittleEndian): (WTF::flipBytes): (WTF::flipBytesIfLittleEndian): LayoutTests: Reviewed by Oliver Hunt. * fast/canvas/webgl/array-set-invalid-arguments-expected.txt: * fast/canvas/webgl/array-set-out-of-bounds-expected.txt: * fast/canvas/webgl/array-unit-tests-expected.txt: * fast/canvas/webgl/array-unit-tests.html: * fast/canvas/webgl/data-view-crash-expected.txt: * fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js: (checkView): * fast/dom/call-a-constructor-as-a-function-expected.txt: * fast/dom/call-a-constructor-as-a-function.html: * fast/js/constructor-length.html: * fast/js/global-constructors-attributes-dedicated-worker-expected.txt: * fast/js/global-constructors-attributes-expected.txt: * fast/js/global-constructors-attributes-shared-worker-expected.txt: * fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added. * fast/js/regress/Int32Array-alloc-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-huge.html: Added. * fast/js/regress/Int32Array-alloc-large-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-large.html: Added. * fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-long-lived.html: Added. * fast/js/regress/Int32Array-alloc.html: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc.js: Added. * platform/mac/fast/js/constructor-length-expected.txt: * webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html: * webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html: Canonical link: https://commits.webkit.org/137806@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-08-15 20:43:06 +00:00
{
if (derefBase())
[Fetch API] Use Ref<const T> in FetchBody::m_data variant https://bugs.webkit.org/show_bug.cgi?id=162599 Patch by Youenn Fablet <youenn@apple.com> on 2016-09-27 Reviewed by Alex Christensen. Source/WebCore: Covered by existing tests. Using Ref<const T> for all variants of m_data except for FormData since FetchBody is actually creating it and may modifiy it. Updating blob loading code path to use a const Blob& instead of a Blob&. * Modules/fetch/FetchBody.cpp: (WebCore::FetchBody::FetchBody): (WebCore::FetchBody::extract): (WebCore::FetchBody::clone): * Modules/fetch/FetchBody.h: (WebCore::FetchBody::blobBody): (WebCore::FetchBody::arrayBufferBody): (WebCore::FetchBody::arrayBufferViewBody): * Modules/fetch/FetchBodyOwner.cpp: (WebCore::FetchBodyOwner::loadBlob): * Modules/fetch/FetchBodyOwner.h: * Modules/fetch/FetchLoader.cpp: (WebCore::FetchLoader::start): * Modules/fetch/FetchLoader.h: Source/WTF: Enabling to use DeferrableRefCounted<const T> by making m_refCount mutable. * wtf/DeferrableRefCounted.h: (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCounted::deref): Canonical link: https://commits.webkit.org/180554@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@206438 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-09-27 16:47:49 +00:00
delete static_cast<const T*>(this);
Typed arrays should be rewritten https://bugs.webkit.org/show_bug.cgi?id=119064 .: Reviewed by Oliver Hunt. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * Source/autotools/symbols.filter: Source/JavaScriptCore: Reviewed by Oliver Hunt. Typed arrays were previously deficient in several major ways: - They were defined separately in WebCore and in the jsc shell. The two implementations were different, and the jsc shell one was basically wrong. The WebCore one was quite awful, also. - Typed arrays were not visible to the JIT except through some weird hooks. For example, the JIT could not ask "what is the Structure that this typed array would have if I just allocated it from this global object". Also, it was difficult to wire any of the typed array intrinsics, because most of the functionality wasn't visible anywhere in JSC. - Typed array allocation was brain-dead. Allocating a typed array involved two JS objects, two GC weak handles, and three malloc allocations. - Neutering. It involved keeping tabs on all native views but not the view wrappers, even though the native views can autoneuter just by asking the buffer if it was neutered anytime you touch them; while the JS view wrappers are the ones that you really want to reach out to. - Common case-ing. Most typed arrays have one buffer and one view, and usually nobody touches the buffer. Yet we created all of that stuff anyway, using data structures optimized for the case where you had a lot of views. - Semantic goofs. Typed arrays should, in the future, behave like ES features rather than DOM features, for example when it comes to exceptions. Firefox already does this and I agree with them. This patch cleanses our codebase of these sins: - Typed arrays are almost entirely defined in JSC. Only the lifecycle management of native references to buffers is left to WebCore. - Allocating a typed array requires either two GC allocations (a cell and a copied storage vector) or one GC allocation, a malloc allocation, and a weak handle (a cell and a malloc'd storage vector, plus a finalizer for the latter). The latter is only used for oversize arrays. Remember that before it was 7 allocations no matter what. - Typed arrays require just 4 words of overhead: Structure*, Butterfly*, mode/length, void* vector. Before it was a lot more than that - remember, there were five additional objects that did absolutely nothing for anybody. - Native views aren't tracked by the buffer, or by the wrappers. They are transient. In the future we'll probably switch to not even having them be malloc'd. - Native array buffers have an efficient way of tracking all of their JS view wrappers, both for neutering, and for lifecycle management. The GC special-cases native array buffers. This saves a bunch of grief; for example it means that a JS view wrapper can refer to its buffer via the butterfly, which would be dead by the time we went to finalize. - Typed array semantics now match Firefox, which also happens to be where the standards are going. The discussion on webkit-dev seemed to confirm that Chrome is also heading in this direction. This includes making Uint8ClampedArray not a subtype of Uint8Array, and getting rid of ArrayBufferView as a JS-visible construct. This is up to a 10x speed-up on programs that allocate a lot of typed arrays. It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for further typed array optimizations in the JSC JITs, including inlining typed array allocation, inlining more of the accessors, reducing the cost of type checks, etc. An additional property of this patch is that typed arrays are mostly implemented using templates. This deduplicates a bunch of code, but does mean that we need some hacks for exporting s_info's of template classes. See JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly low-impact compared to code duplication. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * CMakeLists.txt: * DerivedSources.make: * GNUmakefile.list.am: * JSCTypedArrayStubs.h: Removed. * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * bytecode/ByValInfo.h: (JSC::hasOptimizableIndexingForClassInfo): (JSC::jitArrayModeForClassInfo): (JSC::typedArrayTypeForJITArrayMode): * bytecode/SpeculatedType.cpp: (JSC::speculationFromClassInfo): * dfg/DFGArrayMode.cpp: (JSC::DFG::toTypedArrayType): * dfg/DFGArrayMode.h: (JSC::DFG::ArrayMode::typedArrayType): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetArrayLength): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * heap/CopyToken.h: * heap/DeferGC.h: (JSC::DeferGCForAWhile::DeferGCForAWhile): (JSC::DeferGCForAWhile::~DeferGCForAWhile): * heap/GCIncomingRefCounted.h: Added. (JSC::GCIncomingRefCounted::GCIncomingRefCounted): (JSC::GCIncomingRefCounted::~GCIncomingRefCounted): (JSC::GCIncomingRefCounted::numberOfIncomingReferences): (JSC::GCIncomingRefCounted::incomingReferenceAt): (JSC::GCIncomingRefCounted::singletonFlag): (JSC::GCIncomingRefCounted::hasVectorOfCells): (JSC::GCIncomingRefCounted::hasAnyIncoming): (JSC::GCIncomingRefCounted::hasSingleton): (JSC::GCIncomingRefCounted::singleton): (JSC::GCIncomingRefCounted::vectorOfCells): * heap/GCIncomingRefCountedInlines.h: Added. (JSC::::addIncomingReference): (JSC::::filterIncomingReferences): * heap/GCIncomingRefCountedSet.h: Added. (JSC::GCIncomingRefCountedSet::size): * heap/GCIncomingRefCountedSetInlines.h: Added. (JSC::::GCIncomingRefCountedSet): (JSC::::~GCIncomingRefCountedSet): (JSC::::addReference): (JSC::::sweep): (JSC::::removeAll): (JSC::::removeDead): * heap/Heap.cpp: (JSC::Heap::addReference): (JSC::Heap::extraSize): (JSC::Heap::size): (JSC::Heap::capacity): (JSC::Heap::collect): (JSC::Heap::decrementDeferralDepth): (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): * heap/Heap.h: * interpreter/CallFrame.h: (JSC::ExecState::dataViewTable): * jit/JIT.h: * jit/JITPropertyAccess.cpp: (JSC::JIT::privateCompileGetByVal): (JSC::JIT::privateCompilePutByVal): (JSC::JIT::emitIntTypedArrayGetByVal): (JSC::JIT::emitFloatTypedArrayGetByVal): (JSC::JIT::emitIntTypedArrayPutByVal): (JSC::JIT::emitFloatTypedArrayPutByVal): * jsc.cpp: (GlobalObject::finishCreation): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::ArrayBuffer): (JSC::ArrayBuffer::gcSizeEstimateInBytes): (JSC::ArrayBuffer::pin): (JSC::ArrayBuffer::unpin): (JSC::ArrayBufferContents::tryAllocate): * runtime/ArrayBufferView.cpp: (JSC::ArrayBufferView::ArrayBufferView): (JSC::ArrayBufferView::~ArrayBufferView): (JSC::ArrayBufferView::setNeuterable): * runtime/ArrayBufferView.h: (JSC::ArrayBufferView::isNeutered): (JSC::ArrayBufferView::buffer): (JSC::ArrayBufferView::baseAddress): (JSC::ArrayBufferView::byteOffset): (JSC::ArrayBufferView::verifySubRange): (JSC::ArrayBufferView::clampOffsetAndNumElements): (JSC::ArrayBufferView::calculateOffsetAndLength): * runtime/ClassInfo.h: * runtime/CommonIdentifiers.h: * runtime/DataView.cpp: Added. (JSC::DataView::DataView): (JSC::DataView::create): (JSC::DataView::wrap): * runtime/DataView.h: Added. (JSC::DataView::byteLength): (JSC::DataView::getType): (JSC::DataView::get): (JSC::DataView::set): * runtime/Float32Array.h: * runtime/Float64Array.h: * runtime/GenericTypedArrayView.h: Added. (JSC::GenericTypedArrayView::data): (JSC::GenericTypedArrayView::set): (JSC::GenericTypedArrayView::setRange): (JSC::GenericTypedArrayView::zeroRange): (JSC::GenericTypedArrayView::zeroFill): (JSC::GenericTypedArrayView::length): (JSC::GenericTypedArrayView::byteLength): (JSC::GenericTypedArrayView::item): (JSC::GenericTypedArrayView::checkInboundData): (JSC::GenericTypedArrayView::getType): * runtime/GenericTypedArrayViewInlines.h: Added. (JSC::::GenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::subarray): (JSC::::wrap): * runtime/IndexingHeader.h: (JSC::IndexingHeader::arrayBuffer): (JSC::IndexingHeader::setArrayBuffer): * runtime/Int16Array.h: * runtime/Int32Array.h: * runtime/Int8Array.h: * runtime/JSArrayBuffer.cpp: Added. (JSC::JSArrayBuffer::JSArrayBuffer): (JSC::JSArrayBuffer::finishCreation): (JSC::JSArrayBuffer::create): (JSC::JSArrayBuffer::createStructure): (JSC::JSArrayBuffer::getOwnPropertySlot): (JSC::JSArrayBuffer::getOwnPropertyDescriptor): (JSC::JSArrayBuffer::put): (JSC::JSArrayBuffer::defineOwnProperty): (JSC::JSArrayBuffer::deleteProperty): (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames): * runtime/JSArrayBuffer.h: Added. (JSC::JSArrayBuffer::impl): (JSC::toArrayBuffer): * runtime/JSArrayBufferConstructor.cpp: Added. (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor): (JSC::JSArrayBufferConstructor::finishCreation): (JSC::JSArrayBufferConstructor::create): (JSC::JSArrayBufferConstructor::createStructure): (JSC::constructArrayBuffer): (JSC::JSArrayBufferConstructor::getConstructData): (JSC::JSArrayBufferConstructor::getCallData): * runtime/JSArrayBufferConstructor.h: Added. * runtime/JSArrayBufferPrototype.cpp: Added. (JSC::arrayBufferProtoFuncSlice): (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype): (JSC::JSArrayBufferPrototype::finishCreation): (JSC::JSArrayBufferPrototype::create): (JSC::JSArrayBufferPrototype::createStructure): * runtime/JSArrayBufferPrototype.h: Added. * runtime/JSArrayBufferView.cpp: Added. (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): (JSC::JSArrayBufferView::JSArrayBufferView): (JSC::JSArrayBufferView::finishCreation): (JSC::JSArrayBufferView::getOwnPropertySlot): (JSC::JSArrayBufferView::getOwnPropertyDescriptor): (JSC::JSArrayBufferView::put): (JSC::JSArrayBufferView::defineOwnProperty): (JSC::JSArrayBufferView::deleteProperty): (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames): (JSC::JSArrayBufferView::finalize): * runtime/JSArrayBufferView.h: Added. (JSC::JSArrayBufferView::sizeOf): (JSC::JSArrayBufferView::ConstructionContext::operator!): (JSC::JSArrayBufferView::ConstructionContext::structure): (JSC::JSArrayBufferView::ConstructionContext::vector): (JSC::JSArrayBufferView::ConstructionContext::length): (JSC::JSArrayBufferView::ConstructionContext::mode): (JSC::JSArrayBufferView::ConstructionContext::butterfly): (JSC::JSArrayBufferView::mode): (JSC::JSArrayBufferView::vector): (JSC::JSArrayBufferView::length): (JSC::JSArrayBufferView::offsetOfVector): (JSC::JSArrayBufferView::offsetOfLength): (JSC::JSArrayBufferView::offsetOfMode): * runtime/JSArrayBufferViewInlines.h: Added. (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary): (JSC::JSArrayBufferView::buffer): (JSC::JSArrayBufferView::impl): (JSC::JSArrayBufferView::neuter): (JSC::JSArrayBufferView::byteOffset): * runtime/JSCell.cpp: (JSC::JSCell::slowDownAndWasteMemory): (JSC::JSCell::getTypedArrayImpl): * runtime/JSCell.h: * runtime/JSDataView.cpp: Added. (JSC::JSDataView::JSDataView): (JSC::JSDataView::create): (JSC::JSDataView::createUninitialized): (JSC::JSDataView::set): (JSC::JSDataView::typedImpl): (JSC::JSDataView::getOwnPropertySlot): (JSC::JSDataView::getOwnPropertyDescriptor): (JSC::JSDataView::slowDownAndWasteMemory): (JSC::JSDataView::getTypedArrayImpl): (JSC::JSDataView::createStructure): * runtime/JSDataView.h: Added. * runtime/JSDataViewPrototype.cpp: Added. (JSC::JSDataViewPrototype::JSDataViewPrototype): (JSC::JSDataViewPrototype::create): (JSC::JSDataViewPrototype::createStructure): (JSC::JSDataViewPrototype::getOwnPropertySlot): (JSC::JSDataViewPrototype::getOwnPropertyDescriptor): (JSC::getData): (JSC::setData): (JSC::dataViewProtoFuncGetInt8): (JSC::dataViewProtoFuncGetInt16): (JSC::dataViewProtoFuncGetInt32): (JSC::dataViewProtoFuncGetUint8): (JSC::dataViewProtoFuncGetUint16): (JSC::dataViewProtoFuncGetUint32): (JSC::dataViewProtoFuncGetFloat32): (JSC::dataViewProtoFuncGetFloat64): (JSC::dataViewProtoFuncSetInt8): (JSC::dataViewProtoFuncSetInt16): (JSC::dataViewProtoFuncSetInt32): (JSC::dataViewProtoFuncSetUint8): (JSC::dataViewProtoFuncSetUint16): (JSC::dataViewProtoFuncSetUint32): (JSC::dataViewProtoFuncSetFloat32): (JSC::dataViewProtoFuncSetFloat64): * runtime/JSDataViewPrototype.h: Added. * runtime/JSFloat32Array.h: Added. * runtime/JSFloat64Array.h: Added. * runtime/JSGenericTypedArrayView.h: Added. (JSC::JSGenericTypedArrayView::byteLength): (JSC::JSGenericTypedArrayView::byteSize): (JSC::JSGenericTypedArrayView::typedVector): (JSC::JSGenericTypedArrayView::canGetIndexQuickly): (JSC::JSGenericTypedArrayView::canSetIndexQuickly): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble): (JSC::JSGenericTypedArrayView::getIndexQuickly): (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue): (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble): (JSC::JSGenericTypedArrayView::setIndexQuickly): (JSC::JSGenericTypedArrayView::canAccessRangeQuickly): (JSC::JSGenericTypedArrayView::typedImpl): (JSC::JSGenericTypedArrayView::createStructure): (JSC::JSGenericTypedArrayView::info): (JSC::toNativeTypedView): * runtime/JSGenericTypedArrayViewConstructor.h: Added. * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added. (JSC::::JSGenericTypedArrayViewConstructor): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): (JSC::constructGenericTypedArrayView): (JSC::::getConstructData): (JSC::::getCallData): * runtime/JSGenericTypedArrayViewInlines.h: Added. (JSC::::JSGenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::validateRange): (JSC::::setWithSpecificType): (JSC::::set): (JSC::::getOwnPropertySlot): (JSC::::getOwnPropertyDescriptor): (JSC::::put): (JSC::::defineOwnProperty): (JSC::::deleteProperty): (JSC::::getOwnPropertySlotByIndex): (JSC::::putByIndex): (JSC::::deletePropertyByIndex): (JSC::::getOwnNonIndexPropertyNames): (JSC::::getOwnPropertyNames): (JSC::::visitChildren): (JSC::::copyBackingStore): (JSC::::slowDownAndWasteMemory): (JSC::::getTypedArrayImpl): * runtime/JSGenericTypedArrayViewPrototype.h: Added. * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added. (JSC::genericTypedArrayViewProtoFuncSet): (JSC::genericTypedArrayViewProtoFuncSubarray): (JSC::::JSGenericTypedArrayViewPrototype): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren): * runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype): (JSC::JSGlobalObject::arrayBufferStructure): (JSC::JSGlobalObject::typedArrayStructure): * runtime/JSInt16Array.h: Added. * runtime/JSInt32Array.h: Added. * runtime/JSInt8Array.h: Added. * runtime/JSTypedArrayConstructors.cpp: Added. * runtime/JSTypedArrayConstructors.h: Added. * runtime/JSTypedArrayPrototypes.cpp: Added. * runtime/JSTypedArrayPrototypes.h: Added. * runtime/JSTypedArrays.cpp: Added. * runtime/JSTypedArrays.h: Added. * runtime/JSUint16Array.h: Added. * runtime/JSUint32Array.h: Added. * runtime/JSUint8Array.h: Added. * runtime/JSUint8ClampedArray.h: Added. * runtime/Operations.h: * runtime/Options.h: * runtime/SimpleTypedArrayController.cpp: Added. (JSC::SimpleTypedArrayController::SimpleTypedArrayController): (JSC::SimpleTypedArrayController::~SimpleTypedArrayController): (JSC::SimpleTypedArrayController::toJS): * runtime/SimpleTypedArrayController.h: Added. * runtime/Structure.h: (JSC::Structure::couldHaveIndexingHeader): * runtime/StructureInlines.h: (JSC::Structure::hasIndexingHeader): * runtime/TypedArrayAdaptors.h: Added. (JSC::IntegralTypedArrayAdaptor::toNative): (JSC::IntegralTypedArrayAdaptor::toJSValue): (JSC::IntegralTypedArrayAdaptor::toDouble): (JSC::FloatTypedArrayAdaptor::toNative): (JSC::FloatTypedArrayAdaptor::toJSValue): (JSC::FloatTypedArrayAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::toNative): (JSC::Uint8ClampedAdaptor::toJSValue): (JSC::Uint8ClampedAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::clamp): * runtime/TypedArrayController.cpp: Added. (JSC::TypedArrayController::TypedArrayController): (JSC::TypedArrayController::~TypedArrayController): * runtime/TypedArrayController.h: Added. * runtime/TypedArrayDescriptor.h: Removed. * runtime/TypedArrayInlines.h: Added. * runtime/TypedArrayType.cpp: Added. (JSC::classInfoForType): (WTF::printInternal): * runtime/TypedArrayType.h: Added. (JSC::toIndex): (JSC::isTypedView): (JSC::elementSize): (JSC::isInt): (JSC::isFloat): (JSC::isSigned): (JSC::isClamped): * runtime/TypedArrays.h: Added. * runtime/Uint16Array.h: * runtime/Uint32Array.h: * runtime/Uint8Array.h: * runtime/Uint8ClampedArray.h: * runtime/VM.cpp: (JSC::VM::VM): (JSC::VM::~VM): * runtime/VM.h: Source/WebCore: Reviewed by Oliver Hunt. Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a client of them. There is only one layering violation: WebCore installs a WebCoreTypedArrayController on VM, which makes the ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default, JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer alive but if ArrayBuffer is kept alive from native code then the JSArrayByffer may die. WebCoreTypedArrayController will keep the JSArrayBuffer alive if the ArrayBuffer is in the opaque root set. To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is changed to make most references to wrappers refer to JSObject* rather than JSDOMWrapper*. Array buffer views are now transient; the JS array buffer view wrappers don't own them or keep them alive. This required a bunch of changes to make bindings code use RefPtr<ArrayBufferView> to hold onto their views. Also there is a bunch of new code to make JSC-provided array buffers and views obey the toJS/to<ClassName> idiom for wrapping and unwrapping. Finally, the DataView API is now completely different: the JSDataView provides the same user-visible JS API but using its own internal magic; the C++ code that uses DataView now uses a rather different API that is not aware of usual DOM semantics, since it's in JSC and not WebCore. It's equally useful for all of WebCore's purposes, but some code had to change to adapt the new conventions. Some tests have been changed or rebased due to changes in behavior, that bring us into conformance with where the standards are going and allow us to match Firefox behavior. Automake work and some additional GTK changes courtesy of Zan Dobersek <zdobersek@igalia.com>. Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>. * CMakeLists.txt: * DerivedSources.make: * ForwardingHeaders/runtime/DataView.h: Added. * ForwardingHeaders/runtime/JSArrayBuffer.h: Added. * ForwardingHeaders/runtime/JSArrayBufferView.h: Added. * ForwardingHeaders/runtime/JSDataView.h: Added. * ForwardingHeaders/runtime/JSTypedArrays.h: Added. * ForwardingHeaders/runtime/TypedArrayController.h: Added. * ForwardingHeaders/runtime/TypedArrayInlines.h: Added. * ForwardingHeaders/runtime/TypedArrays.h: Added. * GNUmakefile.list.am: * Modules/webaudio/RealtimeAnalyser.h: * Target.pri: * UseJSC.cmake: * WebCore.exp.in: * WebCore.vcxproj/WebCore.vcxproj: * WebCore.xcodeproj/project.pbxproj: * bindings/js/DOMWrapperWorld.h: * bindings/js/JSArrayBufferCustom.cpp: Removed. * bindings/js/JSArrayBufferViewHelper.h: Removed. * bindings/js/JSAudioContextCustom.cpp: * bindings/js/JSBindingsAllInOne.cpp: * bindings/js/JSBlobCustom.cpp: * bindings/js/JSCSSRuleCustom.cpp: (WebCore::toJS): * bindings/js/JSCSSValueCustom.cpp: (WebCore::toJS): * bindings/js/JSCryptoCustom.cpp: (WebCore::JSCrypto::getRandomValues): * bindings/js/JSDOMBinding.h: (WebCore::wrapperOwner): (WebCore::wrapperContext): (WebCore::getInlineCachedWrapper): (WebCore::setInlineCachedWrapper): (WebCore::clearInlineCachedWrapper): (WebCore::getCachedWrapper): (WebCore::cacheWrapper): (WebCore::uncacheWrapper): (WebCore::wrap): (WebCore::toJS): (WebCore::toArrayBufferView): (WebCore::toInt8Array): (WebCore::toInt16Array): (WebCore::toInt32Array): (WebCore::toUint8Array): (WebCore::toUint8ClampedArray): (WebCore::toUint16Array): (WebCore::toUint32Array): (WebCore::toFloat32Array): (WebCore::toFloat64Array): (WebCore::toDataView): * bindings/js/JSDataViewCustom.cpp: Removed. * bindings/js/JSDictionary.cpp: * bindings/js/JSDictionary.h: * bindings/js/JSDocumentCustom.cpp: (WebCore::JSDocument::location): (WebCore::toJS): * bindings/js/JSEventCustom.cpp: (WebCore::toJS): * bindings/js/JSFileReaderCustom.cpp: * bindings/js/JSHTMLCollectionCustom.cpp: (WebCore::toJS): * bindings/js/JSHTMLTemplateElementCustom.cpp: (WebCore::JSHTMLTemplateElement::content): * bindings/js/JSImageDataCustom.cpp: (WebCore::toJS): * bindings/js/JSInjectedScriptHostCustom.cpp: * bindings/js/JSMessageEventCustom.cpp: * bindings/js/JSMessagePortCustom.cpp: * bindings/js/JSSVGPathSegCustom.cpp: (WebCore::toJS): * bindings/js/JSStyleSheetCustom.cpp: (WebCore::toJS): * bindings/js/JSTrackCustom.cpp: (WebCore::toJS): * bindings/js/JSWebGLRenderingContextCustom.cpp: * bindings/js/JSXMLHttpRequestCustom.cpp: (WebCore::JSXMLHttpRequest::send): * bindings/js/SerializedScriptValue.cpp: (WebCore::SerializedScriptValue::transferArrayBuffers): * bindings/js/WebCoreJSClientData.h: (WebCore::initNormalWorldClientData): * bindings/js/WebCoreTypedArrayController.cpp: Added. (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::toJS): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize): * bindings/js/WebCoreTypedArrayController.h: Added. (WebCore::WebCoreTypedArrayController::wrapperOwner): * bindings/scripts/CodeGenerator.pm: (ForAllParents): (ParseInterface): (SkipIncludeHeader): (IsTypedArrayType): (IsWrapperType): * bindings/scripts/CodeGeneratorJS.pm: (AddIncludesForType): (GenerateHeader): (GenerateImplementation): (GenerateParametersCheck): (GetNativeType): (JSValueToNative): (NativeToJSValue): (GenerateConstructorDefinition): (GenerateConstructorHelperMethods): * fileapi/WebKitBlobBuilder.cpp: (WebCore::BlobBuilder::append): * fileapi/WebKitBlobBuilder.h: * html/canvas/ArrayBuffer.idl: Removed. * html/canvas/ArrayBufferView.idl: Removed. * html/canvas/DataView.cpp: Removed. * html/canvas/DataView.h: Removed. * html/canvas/DataView.idl: Removed. * html/canvas/Float32Array.idl: Removed. * html/canvas/Float64Array.idl: Removed. * html/canvas/Int16Array.idl: Removed. * html/canvas/Int32Array.idl: Removed. * html/canvas/Int8Array.idl: Removed. * html/canvas/Uint16Array.idl: Removed. * html/canvas/Uint32Array.idl: Removed. * html/canvas/Uint8Array.idl: Removed. * html/canvas/Uint8ClampedArray.idl: Removed. * html/canvas/WebGLRenderingContext.cpp: (WebCore::WebGLRenderingContext::readPixels): (WebCore::WebGLRenderingContext::validateTexFuncData): * page/Crypto.cpp: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource): (WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData): * platform/graphics/filters/FECustomFilter.h: * platform/graphics/filters/FEGaussianBlur.cpp: * platform/graphics/filters/FilterEffect.cpp: * testing/MockCDM.cpp: Source/WebKit2: Reviewed by Oliver Hunt. You don't need to include JSUint8Array anymore if you just want to unwrap one; JSDOMBinding gives you all of the things you need. * WebProcess/InjectedBundle/InjectedBundle.cpp: Source/WTF: Reviewed by Oliver Hunt. - Added the notion of a reference counted object that can be marked Deferred, which is like a special-purpose upref. - Added a common byte flipper. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * GNUmakefile.list.am: * WTF.xcodeproj/project.pbxproj: * wtf/DeferrableRefCounted.h: Added. (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::hasOneRef): (WTF::DeferrableRefCountedBase::refCount): (WTF::DeferrableRefCountedBase::isDeferred): (WTF::DeferrableRefCountedBase::DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCountedBase::setIsDeferredBase): (WTF::DeferrableRefCounted::deref): (WTF::DeferrableRefCounted::setIsDeferred): (WTF::DeferrableRefCounted::DeferrableRefCounted): (WTF::DeferrableRefCounted::~DeferrableRefCounted): * wtf/FlipBytes.h: Added. (WTF::needToFlipBytesIfLittleEndian): (WTF::flipBytes): (WTF::flipBytesIfLittleEndian): LayoutTests: Reviewed by Oliver Hunt. * fast/canvas/webgl/array-set-invalid-arguments-expected.txt: * fast/canvas/webgl/array-set-out-of-bounds-expected.txt: * fast/canvas/webgl/array-unit-tests-expected.txt: * fast/canvas/webgl/array-unit-tests.html: * fast/canvas/webgl/data-view-crash-expected.txt: * fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js: (checkView): * fast/dom/call-a-constructor-as-a-function-expected.txt: * fast/dom/call-a-constructor-as-a-function.html: * fast/js/constructor-length.html: * fast/js/global-constructors-attributes-dedicated-worker-expected.txt: * fast/js/global-constructors-attributes-expected.txt: * fast/js/global-constructors-attributes-shared-worker-expected.txt: * fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added. * fast/js/regress/Int32Array-alloc-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-huge.html: Added. * fast/js/regress/Int32Array-alloc-large-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-large.html: Added. * fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-long-lived.html: Added. * fast/js/regress/Int32Array-alloc.html: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc.js: Added. * platform/mac/fast/js/constructor-length-expected.txt: * webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html: * webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html: Canonical link: https://commits.webkit.org/137806@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-08-15 20:43:06 +00:00
}
[Fetch API] Use Ref<const T> in FetchBody::m_data variant https://bugs.webkit.org/show_bug.cgi?id=162599 Patch by Youenn Fablet <youenn@apple.com> on 2016-09-27 Reviewed by Alex Christensen. Source/WebCore: Covered by existing tests. Using Ref<const T> for all variants of m_data except for FormData since FetchBody is actually creating it and may modifiy it. Updating blob loading code path to use a const Blob& instead of a Blob&. * Modules/fetch/FetchBody.cpp: (WebCore::FetchBody::FetchBody): (WebCore::FetchBody::extract): (WebCore::FetchBody::clone): * Modules/fetch/FetchBody.h: (WebCore::FetchBody::blobBody): (WebCore::FetchBody::arrayBufferBody): (WebCore::FetchBody::arrayBufferViewBody): * Modules/fetch/FetchBodyOwner.cpp: (WebCore::FetchBodyOwner::loadBlob): * Modules/fetch/FetchBodyOwner.h: * Modules/fetch/FetchLoader.cpp: (WebCore::FetchLoader::start): * Modules/fetch/FetchLoader.h: Source/WTF: Enabling to use DeferrableRefCounted<const T> by making m_refCount mutable. * wtf/DeferrableRefCounted.h: (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCounted::deref): Canonical link: https://commits.webkit.org/180554@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@206438 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-09-27 16:47:49 +00:00
Typed arrays should be rewritten https://bugs.webkit.org/show_bug.cgi?id=119064 .: Reviewed by Oliver Hunt. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * Source/autotools/symbols.filter: Source/JavaScriptCore: Reviewed by Oliver Hunt. Typed arrays were previously deficient in several major ways: - They were defined separately in WebCore and in the jsc shell. The two implementations were different, and the jsc shell one was basically wrong. The WebCore one was quite awful, also. - Typed arrays were not visible to the JIT except through some weird hooks. For example, the JIT could not ask "what is the Structure that this typed array would have if I just allocated it from this global object". Also, it was difficult to wire any of the typed array intrinsics, because most of the functionality wasn't visible anywhere in JSC. - Typed array allocation was brain-dead. Allocating a typed array involved two JS objects, two GC weak handles, and three malloc allocations. - Neutering. It involved keeping tabs on all native views but not the view wrappers, even though the native views can autoneuter just by asking the buffer if it was neutered anytime you touch them; while the JS view wrappers are the ones that you really want to reach out to. - Common case-ing. Most typed arrays have one buffer and one view, and usually nobody touches the buffer. Yet we created all of that stuff anyway, using data structures optimized for the case where you had a lot of views. - Semantic goofs. Typed arrays should, in the future, behave like ES features rather than DOM features, for example when it comes to exceptions. Firefox already does this and I agree with them. This patch cleanses our codebase of these sins: - Typed arrays are almost entirely defined in JSC. Only the lifecycle management of native references to buffers is left to WebCore. - Allocating a typed array requires either two GC allocations (a cell and a copied storage vector) or one GC allocation, a malloc allocation, and a weak handle (a cell and a malloc'd storage vector, plus a finalizer for the latter). The latter is only used for oversize arrays. Remember that before it was 7 allocations no matter what. - Typed arrays require just 4 words of overhead: Structure*, Butterfly*, mode/length, void* vector. Before it was a lot more than that - remember, there were five additional objects that did absolutely nothing for anybody. - Native views aren't tracked by the buffer, or by the wrappers. They are transient. In the future we'll probably switch to not even having them be malloc'd. - Native array buffers have an efficient way of tracking all of their JS view wrappers, both for neutering, and for lifecycle management. The GC special-cases native array buffers. This saves a bunch of grief; for example it means that a JS view wrapper can refer to its buffer via the butterfly, which would be dead by the time we went to finalize. - Typed array semantics now match Firefox, which also happens to be where the standards are going. The discussion on webkit-dev seemed to confirm that Chrome is also heading in this direction. This includes making Uint8ClampedArray not a subtype of Uint8Array, and getting rid of ArrayBufferView as a JS-visible construct. This is up to a 10x speed-up on programs that allocate a lot of typed arrays. It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for further typed array optimizations in the JSC JITs, including inlining typed array allocation, inlining more of the accessors, reducing the cost of type checks, etc. An additional property of this patch is that typed arrays are mostly implemented using templates. This deduplicates a bunch of code, but does mean that we need some hacks for exporting s_info's of template classes. See JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly low-impact compared to code duplication. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * CMakeLists.txt: * DerivedSources.make: * GNUmakefile.list.am: * JSCTypedArrayStubs.h: Removed. * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * bytecode/ByValInfo.h: (JSC::hasOptimizableIndexingForClassInfo): (JSC::jitArrayModeForClassInfo): (JSC::typedArrayTypeForJITArrayMode): * bytecode/SpeculatedType.cpp: (JSC::speculationFromClassInfo): * dfg/DFGArrayMode.cpp: (JSC::DFG::toTypedArrayType): * dfg/DFGArrayMode.h: (JSC::DFG::ArrayMode::typedArrayType): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetArrayLength): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * heap/CopyToken.h: * heap/DeferGC.h: (JSC::DeferGCForAWhile::DeferGCForAWhile): (JSC::DeferGCForAWhile::~DeferGCForAWhile): * heap/GCIncomingRefCounted.h: Added. (JSC::GCIncomingRefCounted::GCIncomingRefCounted): (JSC::GCIncomingRefCounted::~GCIncomingRefCounted): (JSC::GCIncomingRefCounted::numberOfIncomingReferences): (JSC::GCIncomingRefCounted::incomingReferenceAt): (JSC::GCIncomingRefCounted::singletonFlag): (JSC::GCIncomingRefCounted::hasVectorOfCells): (JSC::GCIncomingRefCounted::hasAnyIncoming): (JSC::GCIncomingRefCounted::hasSingleton): (JSC::GCIncomingRefCounted::singleton): (JSC::GCIncomingRefCounted::vectorOfCells): * heap/GCIncomingRefCountedInlines.h: Added. (JSC::::addIncomingReference): (JSC::::filterIncomingReferences): * heap/GCIncomingRefCountedSet.h: Added. (JSC::GCIncomingRefCountedSet::size): * heap/GCIncomingRefCountedSetInlines.h: Added. (JSC::::GCIncomingRefCountedSet): (JSC::::~GCIncomingRefCountedSet): (JSC::::addReference): (JSC::::sweep): (JSC::::removeAll): (JSC::::removeDead): * heap/Heap.cpp: (JSC::Heap::addReference): (JSC::Heap::extraSize): (JSC::Heap::size): (JSC::Heap::capacity): (JSC::Heap::collect): (JSC::Heap::decrementDeferralDepth): (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): * heap/Heap.h: * interpreter/CallFrame.h: (JSC::ExecState::dataViewTable): * jit/JIT.h: * jit/JITPropertyAccess.cpp: (JSC::JIT::privateCompileGetByVal): (JSC::JIT::privateCompilePutByVal): (JSC::JIT::emitIntTypedArrayGetByVal): (JSC::JIT::emitFloatTypedArrayGetByVal): (JSC::JIT::emitIntTypedArrayPutByVal): (JSC::JIT::emitFloatTypedArrayPutByVal): * jsc.cpp: (GlobalObject::finishCreation): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::ArrayBuffer): (JSC::ArrayBuffer::gcSizeEstimateInBytes): (JSC::ArrayBuffer::pin): (JSC::ArrayBuffer::unpin): (JSC::ArrayBufferContents::tryAllocate): * runtime/ArrayBufferView.cpp: (JSC::ArrayBufferView::ArrayBufferView): (JSC::ArrayBufferView::~ArrayBufferView): (JSC::ArrayBufferView::setNeuterable): * runtime/ArrayBufferView.h: (JSC::ArrayBufferView::isNeutered): (JSC::ArrayBufferView::buffer): (JSC::ArrayBufferView::baseAddress): (JSC::ArrayBufferView::byteOffset): (JSC::ArrayBufferView::verifySubRange): (JSC::ArrayBufferView::clampOffsetAndNumElements): (JSC::ArrayBufferView::calculateOffsetAndLength): * runtime/ClassInfo.h: * runtime/CommonIdentifiers.h: * runtime/DataView.cpp: Added. (JSC::DataView::DataView): (JSC::DataView::create): (JSC::DataView::wrap): * runtime/DataView.h: Added. (JSC::DataView::byteLength): (JSC::DataView::getType): (JSC::DataView::get): (JSC::DataView::set): * runtime/Float32Array.h: * runtime/Float64Array.h: * runtime/GenericTypedArrayView.h: Added. (JSC::GenericTypedArrayView::data): (JSC::GenericTypedArrayView::set): (JSC::GenericTypedArrayView::setRange): (JSC::GenericTypedArrayView::zeroRange): (JSC::GenericTypedArrayView::zeroFill): (JSC::GenericTypedArrayView::length): (JSC::GenericTypedArrayView::byteLength): (JSC::GenericTypedArrayView::item): (JSC::GenericTypedArrayView::checkInboundData): (JSC::GenericTypedArrayView::getType): * runtime/GenericTypedArrayViewInlines.h: Added. (JSC::::GenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::subarray): (JSC::::wrap): * runtime/IndexingHeader.h: (JSC::IndexingHeader::arrayBuffer): (JSC::IndexingHeader::setArrayBuffer): * runtime/Int16Array.h: * runtime/Int32Array.h: * runtime/Int8Array.h: * runtime/JSArrayBuffer.cpp: Added. (JSC::JSArrayBuffer::JSArrayBuffer): (JSC::JSArrayBuffer::finishCreation): (JSC::JSArrayBuffer::create): (JSC::JSArrayBuffer::createStructure): (JSC::JSArrayBuffer::getOwnPropertySlot): (JSC::JSArrayBuffer::getOwnPropertyDescriptor): (JSC::JSArrayBuffer::put): (JSC::JSArrayBuffer::defineOwnProperty): (JSC::JSArrayBuffer::deleteProperty): (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames): * runtime/JSArrayBuffer.h: Added. (JSC::JSArrayBuffer::impl): (JSC::toArrayBuffer): * runtime/JSArrayBufferConstructor.cpp: Added. (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor): (JSC::JSArrayBufferConstructor::finishCreation): (JSC::JSArrayBufferConstructor::create): (JSC::JSArrayBufferConstructor::createStructure): (JSC::constructArrayBuffer): (JSC::JSArrayBufferConstructor::getConstructData): (JSC::JSArrayBufferConstructor::getCallData): * runtime/JSArrayBufferConstructor.h: Added. * runtime/JSArrayBufferPrototype.cpp: Added. (JSC::arrayBufferProtoFuncSlice): (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype): (JSC::JSArrayBufferPrototype::finishCreation): (JSC::JSArrayBufferPrototype::create): (JSC::JSArrayBufferPrototype::createStructure): * runtime/JSArrayBufferPrototype.h: Added. * runtime/JSArrayBufferView.cpp: Added. (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): (JSC::JSArrayBufferView::JSArrayBufferView): (JSC::JSArrayBufferView::finishCreation): (JSC::JSArrayBufferView::getOwnPropertySlot): (JSC::JSArrayBufferView::getOwnPropertyDescriptor): (JSC::JSArrayBufferView::put): (JSC::JSArrayBufferView::defineOwnProperty): (JSC::JSArrayBufferView::deleteProperty): (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames): (JSC::JSArrayBufferView::finalize): * runtime/JSArrayBufferView.h: Added. (JSC::JSArrayBufferView::sizeOf): (JSC::JSArrayBufferView::ConstructionContext::operator!): (JSC::JSArrayBufferView::ConstructionContext::structure): (JSC::JSArrayBufferView::ConstructionContext::vector): (JSC::JSArrayBufferView::ConstructionContext::length): (JSC::JSArrayBufferView::ConstructionContext::mode): (JSC::JSArrayBufferView::ConstructionContext::butterfly): (JSC::JSArrayBufferView::mode): (JSC::JSArrayBufferView::vector): (JSC::JSArrayBufferView::length): (JSC::JSArrayBufferView::offsetOfVector): (JSC::JSArrayBufferView::offsetOfLength): (JSC::JSArrayBufferView::offsetOfMode): * runtime/JSArrayBufferViewInlines.h: Added. (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary): (JSC::JSArrayBufferView::buffer): (JSC::JSArrayBufferView::impl): (JSC::JSArrayBufferView::neuter): (JSC::JSArrayBufferView::byteOffset): * runtime/JSCell.cpp: (JSC::JSCell::slowDownAndWasteMemory): (JSC::JSCell::getTypedArrayImpl): * runtime/JSCell.h: * runtime/JSDataView.cpp: Added. (JSC::JSDataView::JSDataView): (JSC::JSDataView::create): (JSC::JSDataView::createUninitialized): (JSC::JSDataView::set): (JSC::JSDataView::typedImpl): (JSC::JSDataView::getOwnPropertySlot): (JSC::JSDataView::getOwnPropertyDescriptor): (JSC::JSDataView::slowDownAndWasteMemory): (JSC::JSDataView::getTypedArrayImpl): (JSC::JSDataView::createStructure): * runtime/JSDataView.h: Added. * runtime/JSDataViewPrototype.cpp: Added. (JSC::JSDataViewPrototype::JSDataViewPrototype): (JSC::JSDataViewPrototype::create): (JSC::JSDataViewPrototype::createStructure): (JSC::JSDataViewPrototype::getOwnPropertySlot): (JSC::JSDataViewPrototype::getOwnPropertyDescriptor): (JSC::getData): (JSC::setData): (JSC::dataViewProtoFuncGetInt8): (JSC::dataViewProtoFuncGetInt16): (JSC::dataViewProtoFuncGetInt32): (JSC::dataViewProtoFuncGetUint8): (JSC::dataViewProtoFuncGetUint16): (JSC::dataViewProtoFuncGetUint32): (JSC::dataViewProtoFuncGetFloat32): (JSC::dataViewProtoFuncGetFloat64): (JSC::dataViewProtoFuncSetInt8): (JSC::dataViewProtoFuncSetInt16): (JSC::dataViewProtoFuncSetInt32): (JSC::dataViewProtoFuncSetUint8): (JSC::dataViewProtoFuncSetUint16): (JSC::dataViewProtoFuncSetUint32): (JSC::dataViewProtoFuncSetFloat32): (JSC::dataViewProtoFuncSetFloat64): * runtime/JSDataViewPrototype.h: Added. * runtime/JSFloat32Array.h: Added. * runtime/JSFloat64Array.h: Added. * runtime/JSGenericTypedArrayView.h: Added. (JSC::JSGenericTypedArrayView::byteLength): (JSC::JSGenericTypedArrayView::byteSize): (JSC::JSGenericTypedArrayView::typedVector): (JSC::JSGenericTypedArrayView::canGetIndexQuickly): (JSC::JSGenericTypedArrayView::canSetIndexQuickly): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble): (JSC::JSGenericTypedArrayView::getIndexQuickly): (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue): (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble): (JSC::JSGenericTypedArrayView::setIndexQuickly): (JSC::JSGenericTypedArrayView::canAccessRangeQuickly): (JSC::JSGenericTypedArrayView::typedImpl): (JSC::JSGenericTypedArrayView::createStructure): (JSC::JSGenericTypedArrayView::info): (JSC::toNativeTypedView): * runtime/JSGenericTypedArrayViewConstructor.h: Added. * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added. (JSC::::JSGenericTypedArrayViewConstructor): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): (JSC::constructGenericTypedArrayView): (JSC::::getConstructData): (JSC::::getCallData): * runtime/JSGenericTypedArrayViewInlines.h: Added. (JSC::::JSGenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::validateRange): (JSC::::setWithSpecificType): (JSC::::set): (JSC::::getOwnPropertySlot): (JSC::::getOwnPropertyDescriptor): (JSC::::put): (JSC::::defineOwnProperty): (JSC::::deleteProperty): (JSC::::getOwnPropertySlotByIndex): (JSC::::putByIndex): (JSC::::deletePropertyByIndex): (JSC::::getOwnNonIndexPropertyNames): (JSC::::getOwnPropertyNames): (JSC::::visitChildren): (JSC::::copyBackingStore): (JSC::::slowDownAndWasteMemory): (JSC::::getTypedArrayImpl): * runtime/JSGenericTypedArrayViewPrototype.h: Added. * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added. (JSC::genericTypedArrayViewProtoFuncSet): (JSC::genericTypedArrayViewProtoFuncSubarray): (JSC::::JSGenericTypedArrayViewPrototype): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren): * runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype): (JSC::JSGlobalObject::arrayBufferStructure): (JSC::JSGlobalObject::typedArrayStructure): * runtime/JSInt16Array.h: Added. * runtime/JSInt32Array.h: Added. * runtime/JSInt8Array.h: Added. * runtime/JSTypedArrayConstructors.cpp: Added. * runtime/JSTypedArrayConstructors.h: Added. * runtime/JSTypedArrayPrototypes.cpp: Added. * runtime/JSTypedArrayPrototypes.h: Added. * runtime/JSTypedArrays.cpp: Added. * runtime/JSTypedArrays.h: Added. * runtime/JSUint16Array.h: Added. * runtime/JSUint32Array.h: Added. * runtime/JSUint8Array.h: Added. * runtime/JSUint8ClampedArray.h: Added. * runtime/Operations.h: * runtime/Options.h: * runtime/SimpleTypedArrayController.cpp: Added. (JSC::SimpleTypedArrayController::SimpleTypedArrayController): (JSC::SimpleTypedArrayController::~SimpleTypedArrayController): (JSC::SimpleTypedArrayController::toJS): * runtime/SimpleTypedArrayController.h: Added. * runtime/Structure.h: (JSC::Structure::couldHaveIndexingHeader): * runtime/StructureInlines.h: (JSC::Structure::hasIndexingHeader): * runtime/TypedArrayAdaptors.h: Added. (JSC::IntegralTypedArrayAdaptor::toNative): (JSC::IntegralTypedArrayAdaptor::toJSValue): (JSC::IntegralTypedArrayAdaptor::toDouble): (JSC::FloatTypedArrayAdaptor::toNative): (JSC::FloatTypedArrayAdaptor::toJSValue): (JSC::FloatTypedArrayAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::toNative): (JSC::Uint8ClampedAdaptor::toJSValue): (JSC::Uint8ClampedAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::clamp): * runtime/TypedArrayController.cpp: Added. (JSC::TypedArrayController::TypedArrayController): (JSC::TypedArrayController::~TypedArrayController): * runtime/TypedArrayController.h: Added. * runtime/TypedArrayDescriptor.h: Removed. * runtime/TypedArrayInlines.h: Added. * runtime/TypedArrayType.cpp: Added. (JSC::classInfoForType): (WTF::printInternal): * runtime/TypedArrayType.h: Added. (JSC::toIndex): (JSC::isTypedView): (JSC::elementSize): (JSC::isInt): (JSC::isFloat): (JSC::isSigned): (JSC::isClamped): * runtime/TypedArrays.h: Added. * runtime/Uint16Array.h: * runtime/Uint32Array.h: * runtime/Uint8Array.h: * runtime/Uint8ClampedArray.h: * runtime/VM.cpp: (JSC::VM::VM): (JSC::VM::~VM): * runtime/VM.h: Source/WebCore: Reviewed by Oliver Hunt. Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a client of them. There is only one layering violation: WebCore installs a WebCoreTypedArrayController on VM, which makes the ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default, JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer alive but if ArrayBuffer is kept alive from native code then the JSArrayByffer may die. WebCoreTypedArrayController will keep the JSArrayBuffer alive if the ArrayBuffer is in the opaque root set. To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is changed to make most references to wrappers refer to JSObject* rather than JSDOMWrapper*. Array buffer views are now transient; the JS array buffer view wrappers don't own them or keep them alive. This required a bunch of changes to make bindings code use RefPtr<ArrayBufferView> to hold onto their views. Also there is a bunch of new code to make JSC-provided array buffers and views obey the toJS/to<ClassName> idiom for wrapping and unwrapping. Finally, the DataView API is now completely different: the JSDataView provides the same user-visible JS API but using its own internal magic; the C++ code that uses DataView now uses a rather different API that is not aware of usual DOM semantics, since it's in JSC and not WebCore. It's equally useful for all of WebCore's purposes, but some code had to change to adapt the new conventions. Some tests have been changed or rebased due to changes in behavior, that bring us into conformance with where the standards are going and allow us to match Firefox behavior. Automake work and some additional GTK changes courtesy of Zan Dobersek <zdobersek@igalia.com>. Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>. * CMakeLists.txt: * DerivedSources.make: * ForwardingHeaders/runtime/DataView.h: Added. * ForwardingHeaders/runtime/JSArrayBuffer.h: Added. * ForwardingHeaders/runtime/JSArrayBufferView.h: Added. * ForwardingHeaders/runtime/JSDataView.h: Added. * ForwardingHeaders/runtime/JSTypedArrays.h: Added. * ForwardingHeaders/runtime/TypedArrayController.h: Added. * ForwardingHeaders/runtime/TypedArrayInlines.h: Added. * ForwardingHeaders/runtime/TypedArrays.h: Added. * GNUmakefile.list.am: * Modules/webaudio/RealtimeAnalyser.h: * Target.pri: * UseJSC.cmake: * WebCore.exp.in: * WebCore.vcxproj/WebCore.vcxproj: * WebCore.xcodeproj/project.pbxproj: * bindings/js/DOMWrapperWorld.h: * bindings/js/JSArrayBufferCustom.cpp: Removed. * bindings/js/JSArrayBufferViewHelper.h: Removed. * bindings/js/JSAudioContextCustom.cpp: * bindings/js/JSBindingsAllInOne.cpp: * bindings/js/JSBlobCustom.cpp: * bindings/js/JSCSSRuleCustom.cpp: (WebCore::toJS): * bindings/js/JSCSSValueCustom.cpp: (WebCore::toJS): * bindings/js/JSCryptoCustom.cpp: (WebCore::JSCrypto::getRandomValues): * bindings/js/JSDOMBinding.h: (WebCore::wrapperOwner): (WebCore::wrapperContext): (WebCore::getInlineCachedWrapper): (WebCore::setInlineCachedWrapper): (WebCore::clearInlineCachedWrapper): (WebCore::getCachedWrapper): (WebCore::cacheWrapper): (WebCore::uncacheWrapper): (WebCore::wrap): (WebCore::toJS): (WebCore::toArrayBufferView): (WebCore::toInt8Array): (WebCore::toInt16Array): (WebCore::toInt32Array): (WebCore::toUint8Array): (WebCore::toUint8ClampedArray): (WebCore::toUint16Array): (WebCore::toUint32Array): (WebCore::toFloat32Array): (WebCore::toFloat64Array): (WebCore::toDataView): * bindings/js/JSDataViewCustom.cpp: Removed. * bindings/js/JSDictionary.cpp: * bindings/js/JSDictionary.h: * bindings/js/JSDocumentCustom.cpp: (WebCore::JSDocument::location): (WebCore::toJS): * bindings/js/JSEventCustom.cpp: (WebCore::toJS): * bindings/js/JSFileReaderCustom.cpp: * bindings/js/JSHTMLCollectionCustom.cpp: (WebCore::toJS): * bindings/js/JSHTMLTemplateElementCustom.cpp: (WebCore::JSHTMLTemplateElement::content): * bindings/js/JSImageDataCustom.cpp: (WebCore::toJS): * bindings/js/JSInjectedScriptHostCustom.cpp: * bindings/js/JSMessageEventCustom.cpp: * bindings/js/JSMessagePortCustom.cpp: * bindings/js/JSSVGPathSegCustom.cpp: (WebCore::toJS): * bindings/js/JSStyleSheetCustom.cpp: (WebCore::toJS): * bindings/js/JSTrackCustom.cpp: (WebCore::toJS): * bindings/js/JSWebGLRenderingContextCustom.cpp: * bindings/js/JSXMLHttpRequestCustom.cpp: (WebCore::JSXMLHttpRequest::send): * bindings/js/SerializedScriptValue.cpp: (WebCore::SerializedScriptValue::transferArrayBuffers): * bindings/js/WebCoreJSClientData.h: (WebCore::initNormalWorldClientData): * bindings/js/WebCoreTypedArrayController.cpp: Added. (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::toJS): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize): * bindings/js/WebCoreTypedArrayController.h: Added. (WebCore::WebCoreTypedArrayController::wrapperOwner): * bindings/scripts/CodeGenerator.pm: (ForAllParents): (ParseInterface): (SkipIncludeHeader): (IsTypedArrayType): (IsWrapperType): * bindings/scripts/CodeGeneratorJS.pm: (AddIncludesForType): (GenerateHeader): (GenerateImplementation): (GenerateParametersCheck): (GetNativeType): (JSValueToNative): (NativeToJSValue): (GenerateConstructorDefinition): (GenerateConstructorHelperMethods): * fileapi/WebKitBlobBuilder.cpp: (WebCore::BlobBuilder::append): * fileapi/WebKitBlobBuilder.h: * html/canvas/ArrayBuffer.idl: Removed. * html/canvas/ArrayBufferView.idl: Removed. * html/canvas/DataView.cpp: Removed. * html/canvas/DataView.h: Removed. * html/canvas/DataView.idl: Removed. * html/canvas/Float32Array.idl: Removed. * html/canvas/Float64Array.idl: Removed. * html/canvas/Int16Array.idl: Removed. * html/canvas/Int32Array.idl: Removed. * html/canvas/Int8Array.idl: Removed. * html/canvas/Uint16Array.idl: Removed. * html/canvas/Uint32Array.idl: Removed. * html/canvas/Uint8Array.idl: Removed. * html/canvas/Uint8ClampedArray.idl: Removed. * html/canvas/WebGLRenderingContext.cpp: (WebCore::WebGLRenderingContext::readPixels): (WebCore::WebGLRenderingContext::validateTexFuncData): * page/Crypto.cpp: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource): (WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData): * platform/graphics/filters/FECustomFilter.h: * platform/graphics/filters/FEGaussianBlur.cpp: * platform/graphics/filters/FilterEffect.cpp: * testing/MockCDM.cpp: Source/WebKit2: Reviewed by Oliver Hunt. You don't need to include JSUint8Array anymore if you just want to unwrap one; JSDOMBinding gives you all of the things you need. * WebProcess/InjectedBundle/InjectedBundle.cpp: Source/WTF: Reviewed by Oliver Hunt. - Added the notion of a reference counted object that can be marked Deferred, which is like a special-purpose upref. - Added a common byte flipper. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * GNUmakefile.list.am: * WTF.xcodeproj/project.pbxproj: * wtf/DeferrableRefCounted.h: Added. (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::hasOneRef): (WTF::DeferrableRefCountedBase::refCount): (WTF::DeferrableRefCountedBase::isDeferred): (WTF::DeferrableRefCountedBase::DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCountedBase::setIsDeferredBase): (WTF::DeferrableRefCounted::deref): (WTF::DeferrableRefCounted::setIsDeferred): (WTF::DeferrableRefCounted::DeferrableRefCounted): (WTF::DeferrableRefCounted::~DeferrableRefCounted): * wtf/FlipBytes.h: Added. (WTF::needToFlipBytesIfLittleEndian): (WTF::flipBytes): (WTF::flipBytesIfLittleEndian): LayoutTests: Reviewed by Oliver Hunt. * fast/canvas/webgl/array-set-invalid-arguments-expected.txt: * fast/canvas/webgl/array-set-out-of-bounds-expected.txt: * fast/canvas/webgl/array-unit-tests-expected.txt: * fast/canvas/webgl/array-unit-tests.html: * fast/canvas/webgl/data-view-crash-expected.txt: * fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js: (checkView): * fast/dom/call-a-constructor-as-a-function-expected.txt: * fast/dom/call-a-constructor-as-a-function.html: * fast/js/constructor-length.html: * fast/js/global-constructors-attributes-dedicated-worker-expected.txt: * fast/js/global-constructors-attributes-expected.txt: * fast/js/global-constructors-attributes-shared-worker-expected.txt: * fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added. * fast/js/regress/Int32Array-alloc-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-huge.html: Added. * fast/js/regress/Int32Array-alloc-large-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-large.html: Added. * fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-long-lived.html: Added. * fast/js/regress/Int32Array-alloc.html: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc.js: Added. * platform/mac/fast/js/constructor-length-expected.txt: * webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html: * webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html: Canonical link: https://commits.webkit.org/137806@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-08-15 20:43:06 +00:00
bool setIsDeferred(bool value)
{
if (!setIsDeferredBase(value))
return false;
delete static_cast<T*>(this);
return true;
}
[Fetch API] Use Ref<const T> in FetchBody::m_data variant https://bugs.webkit.org/show_bug.cgi?id=162599 Patch by Youenn Fablet <youenn@apple.com> on 2016-09-27 Reviewed by Alex Christensen. Source/WebCore: Covered by existing tests. Using Ref<const T> for all variants of m_data except for FormData since FetchBody is actually creating it and may modifiy it. Updating blob loading code path to use a const Blob& instead of a Blob&. * Modules/fetch/FetchBody.cpp: (WebCore::FetchBody::FetchBody): (WebCore::FetchBody::extract): (WebCore::FetchBody::clone): * Modules/fetch/FetchBody.h: (WebCore::FetchBody::blobBody): (WebCore::FetchBody::arrayBufferBody): (WebCore::FetchBody::arrayBufferViewBody): * Modules/fetch/FetchBodyOwner.cpp: (WebCore::FetchBodyOwner::loadBlob): * Modules/fetch/FetchBodyOwner.h: * Modules/fetch/FetchLoader.cpp: (WebCore::FetchLoader::start): * Modules/fetch/FetchLoader.h: Source/WTF: Enabling to use DeferrableRefCounted<const T> by making m_refCount mutable. * wtf/DeferrableRefCounted.h: (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCounted::deref): Canonical link: https://commits.webkit.org/180554@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@206438 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-09-27 16:47:49 +00:00
Typed arrays should be rewritten https://bugs.webkit.org/show_bug.cgi?id=119064 .: Reviewed by Oliver Hunt. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * Source/autotools/symbols.filter: Source/JavaScriptCore: Reviewed by Oliver Hunt. Typed arrays were previously deficient in several major ways: - They were defined separately in WebCore and in the jsc shell. The two implementations were different, and the jsc shell one was basically wrong. The WebCore one was quite awful, also. - Typed arrays were not visible to the JIT except through some weird hooks. For example, the JIT could not ask "what is the Structure that this typed array would have if I just allocated it from this global object". Also, it was difficult to wire any of the typed array intrinsics, because most of the functionality wasn't visible anywhere in JSC. - Typed array allocation was brain-dead. Allocating a typed array involved two JS objects, two GC weak handles, and three malloc allocations. - Neutering. It involved keeping tabs on all native views but not the view wrappers, even though the native views can autoneuter just by asking the buffer if it was neutered anytime you touch them; while the JS view wrappers are the ones that you really want to reach out to. - Common case-ing. Most typed arrays have one buffer and one view, and usually nobody touches the buffer. Yet we created all of that stuff anyway, using data structures optimized for the case where you had a lot of views. - Semantic goofs. Typed arrays should, in the future, behave like ES features rather than DOM features, for example when it comes to exceptions. Firefox already does this and I agree with them. This patch cleanses our codebase of these sins: - Typed arrays are almost entirely defined in JSC. Only the lifecycle management of native references to buffers is left to WebCore. - Allocating a typed array requires either two GC allocations (a cell and a copied storage vector) or one GC allocation, a malloc allocation, and a weak handle (a cell and a malloc'd storage vector, plus a finalizer for the latter). The latter is only used for oversize arrays. Remember that before it was 7 allocations no matter what. - Typed arrays require just 4 words of overhead: Structure*, Butterfly*, mode/length, void* vector. Before it was a lot more than that - remember, there were five additional objects that did absolutely nothing for anybody. - Native views aren't tracked by the buffer, or by the wrappers. They are transient. In the future we'll probably switch to not even having them be malloc'd. - Native array buffers have an efficient way of tracking all of their JS view wrappers, both for neutering, and for lifecycle management. The GC special-cases native array buffers. This saves a bunch of grief; for example it means that a JS view wrapper can refer to its buffer via the butterfly, which would be dead by the time we went to finalize. - Typed array semantics now match Firefox, which also happens to be where the standards are going. The discussion on webkit-dev seemed to confirm that Chrome is also heading in this direction. This includes making Uint8ClampedArray not a subtype of Uint8Array, and getting rid of ArrayBufferView as a JS-visible construct. This is up to a 10x speed-up on programs that allocate a lot of typed arrays. It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for further typed array optimizations in the JSC JITs, including inlining typed array allocation, inlining more of the accessors, reducing the cost of type checks, etc. An additional property of this patch is that typed arrays are mostly implemented using templates. This deduplicates a bunch of code, but does mean that we need some hacks for exporting s_info's of template classes. See JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly low-impact compared to code duplication. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * CMakeLists.txt: * DerivedSources.make: * GNUmakefile.list.am: * JSCTypedArrayStubs.h: Removed. * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * bytecode/ByValInfo.h: (JSC::hasOptimizableIndexingForClassInfo): (JSC::jitArrayModeForClassInfo): (JSC::typedArrayTypeForJITArrayMode): * bytecode/SpeculatedType.cpp: (JSC::speculationFromClassInfo): * dfg/DFGArrayMode.cpp: (JSC::DFG::toTypedArrayType): * dfg/DFGArrayMode.h: (JSC::DFG::ArrayMode::typedArrayType): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetArrayLength): * dfg/DFGSpeculativeJIT.h: * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * heap/CopyToken.h: * heap/DeferGC.h: (JSC::DeferGCForAWhile::DeferGCForAWhile): (JSC::DeferGCForAWhile::~DeferGCForAWhile): * heap/GCIncomingRefCounted.h: Added. (JSC::GCIncomingRefCounted::GCIncomingRefCounted): (JSC::GCIncomingRefCounted::~GCIncomingRefCounted): (JSC::GCIncomingRefCounted::numberOfIncomingReferences): (JSC::GCIncomingRefCounted::incomingReferenceAt): (JSC::GCIncomingRefCounted::singletonFlag): (JSC::GCIncomingRefCounted::hasVectorOfCells): (JSC::GCIncomingRefCounted::hasAnyIncoming): (JSC::GCIncomingRefCounted::hasSingleton): (JSC::GCIncomingRefCounted::singleton): (JSC::GCIncomingRefCounted::vectorOfCells): * heap/GCIncomingRefCountedInlines.h: Added. (JSC::::addIncomingReference): (JSC::::filterIncomingReferences): * heap/GCIncomingRefCountedSet.h: Added. (JSC::GCIncomingRefCountedSet::size): * heap/GCIncomingRefCountedSetInlines.h: Added. (JSC::::GCIncomingRefCountedSet): (JSC::::~GCIncomingRefCountedSet): (JSC::::addReference): (JSC::::sweep): (JSC::::removeAll): (JSC::::removeDead): * heap/Heap.cpp: (JSC::Heap::addReference): (JSC::Heap::extraSize): (JSC::Heap::size): (JSC::Heap::capacity): (JSC::Heap::collect): (JSC::Heap::decrementDeferralDepth): (JSC::Heap::decrementDeferralDepthAndGCIfNeeded): * heap/Heap.h: * interpreter/CallFrame.h: (JSC::ExecState::dataViewTable): * jit/JIT.h: * jit/JITPropertyAccess.cpp: (JSC::JIT::privateCompileGetByVal): (JSC::JIT::privateCompilePutByVal): (JSC::JIT::emitIntTypedArrayGetByVal): (JSC::JIT::emitFloatTypedArrayGetByVal): (JSC::JIT::emitIntTypedArrayPutByVal): (JSC::JIT::emitFloatTypedArrayPutByVal): * jsc.cpp: (GlobalObject::finishCreation): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::ArrayBuffer): (JSC::ArrayBuffer::gcSizeEstimateInBytes): (JSC::ArrayBuffer::pin): (JSC::ArrayBuffer::unpin): (JSC::ArrayBufferContents::tryAllocate): * runtime/ArrayBufferView.cpp: (JSC::ArrayBufferView::ArrayBufferView): (JSC::ArrayBufferView::~ArrayBufferView): (JSC::ArrayBufferView::setNeuterable): * runtime/ArrayBufferView.h: (JSC::ArrayBufferView::isNeutered): (JSC::ArrayBufferView::buffer): (JSC::ArrayBufferView::baseAddress): (JSC::ArrayBufferView::byteOffset): (JSC::ArrayBufferView::verifySubRange): (JSC::ArrayBufferView::clampOffsetAndNumElements): (JSC::ArrayBufferView::calculateOffsetAndLength): * runtime/ClassInfo.h: * runtime/CommonIdentifiers.h: * runtime/DataView.cpp: Added. (JSC::DataView::DataView): (JSC::DataView::create): (JSC::DataView::wrap): * runtime/DataView.h: Added. (JSC::DataView::byteLength): (JSC::DataView::getType): (JSC::DataView::get): (JSC::DataView::set): * runtime/Float32Array.h: * runtime/Float64Array.h: * runtime/GenericTypedArrayView.h: Added. (JSC::GenericTypedArrayView::data): (JSC::GenericTypedArrayView::set): (JSC::GenericTypedArrayView::setRange): (JSC::GenericTypedArrayView::zeroRange): (JSC::GenericTypedArrayView::zeroFill): (JSC::GenericTypedArrayView::length): (JSC::GenericTypedArrayView::byteLength): (JSC::GenericTypedArrayView::item): (JSC::GenericTypedArrayView::checkInboundData): (JSC::GenericTypedArrayView::getType): * runtime/GenericTypedArrayViewInlines.h: Added. (JSC::::GenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::subarray): (JSC::::wrap): * runtime/IndexingHeader.h: (JSC::IndexingHeader::arrayBuffer): (JSC::IndexingHeader::setArrayBuffer): * runtime/Int16Array.h: * runtime/Int32Array.h: * runtime/Int8Array.h: * runtime/JSArrayBuffer.cpp: Added. (JSC::JSArrayBuffer::JSArrayBuffer): (JSC::JSArrayBuffer::finishCreation): (JSC::JSArrayBuffer::create): (JSC::JSArrayBuffer::createStructure): (JSC::JSArrayBuffer::getOwnPropertySlot): (JSC::JSArrayBuffer::getOwnPropertyDescriptor): (JSC::JSArrayBuffer::put): (JSC::JSArrayBuffer::defineOwnProperty): (JSC::JSArrayBuffer::deleteProperty): (JSC::JSArrayBuffer::getOwnNonIndexPropertyNames): * runtime/JSArrayBuffer.h: Added. (JSC::JSArrayBuffer::impl): (JSC::toArrayBuffer): * runtime/JSArrayBufferConstructor.cpp: Added. (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor): (JSC::JSArrayBufferConstructor::finishCreation): (JSC::JSArrayBufferConstructor::create): (JSC::JSArrayBufferConstructor::createStructure): (JSC::constructArrayBuffer): (JSC::JSArrayBufferConstructor::getConstructData): (JSC::JSArrayBufferConstructor::getCallData): * runtime/JSArrayBufferConstructor.h: Added. * runtime/JSArrayBufferPrototype.cpp: Added. (JSC::arrayBufferProtoFuncSlice): (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype): (JSC::JSArrayBufferPrototype::finishCreation): (JSC::JSArrayBufferPrototype::create): (JSC::JSArrayBufferPrototype::createStructure): * runtime/JSArrayBufferPrototype.h: Added. * runtime/JSArrayBufferView.cpp: Added. (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): (JSC::JSArrayBufferView::JSArrayBufferView): (JSC::JSArrayBufferView::finishCreation): (JSC::JSArrayBufferView::getOwnPropertySlot): (JSC::JSArrayBufferView::getOwnPropertyDescriptor): (JSC::JSArrayBufferView::put): (JSC::JSArrayBufferView::defineOwnProperty): (JSC::JSArrayBufferView::deleteProperty): (JSC::JSArrayBufferView::getOwnNonIndexPropertyNames): (JSC::JSArrayBufferView::finalize): * runtime/JSArrayBufferView.h: Added. (JSC::JSArrayBufferView::sizeOf): (JSC::JSArrayBufferView::ConstructionContext::operator!): (JSC::JSArrayBufferView::ConstructionContext::structure): (JSC::JSArrayBufferView::ConstructionContext::vector): (JSC::JSArrayBufferView::ConstructionContext::length): (JSC::JSArrayBufferView::ConstructionContext::mode): (JSC::JSArrayBufferView::ConstructionContext::butterfly): (JSC::JSArrayBufferView::mode): (JSC::JSArrayBufferView::vector): (JSC::JSArrayBufferView::length): (JSC::JSArrayBufferView::offsetOfVector): (JSC::JSArrayBufferView::offsetOfLength): (JSC::JSArrayBufferView::offsetOfMode): * runtime/JSArrayBufferViewInlines.h: Added. (JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary): (JSC::JSArrayBufferView::buffer): (JSC::JSArrayBufferView::impl): (JSC::JSArrayBufferView::neuter): (JSC::JSArrayBufferView::byteOffset): * runtime/JSCell.cpp: (JSC::JSCell::slowDownAndWasteMemory): (JSC::JSCell::getTypedArrayImpl): * runtime/JSCell.h: * runtime/JSDataView.cpp: Added. (JSC::JSDataView::JSDataView): (JSC::JSDataView::create): (JSC::JSDataView::createUninitialized): (JSC::JSDataView::set): (JSC::JSDataView::typedImpl): (JSC::JSDataView::getOwnPropertySlot): (JSC::JSDataView::getOwnPropertyDescriptor): (JSC::JSDataView::slowDownAndWasteMemory): (JSC::JSDataView::getTypedArrayImpl): (JSC::JSDataView::createStructure): * runtime/JSDataView.h: Added. * runtime/JSDataViewPrototype.cpp: Added. (JSC::JSDataViewPrototype::JSDataViewPrototype): (JSC::JSDataViewPrototype::create): (JSC::JSDataViewPrototype::createStructure): (JSC::JSDataViewPrototype::getOwnPropertySlot): (JSC::JSDataViewPrototype::getOwnPropertyDescriptor): (JSC::getData): (JSC::setData): (JSC::dataViewProtoFuncGetInt8): (JSC::dataViewProtoFuncGetInt16): (JSC::dataViewProtoFuncGetInt32): (JSC::dataViewProtoFuncGetUint8): (JSC::dataViewProtoFuncGetUint16): (JSC::dataViewProtoFuncGetUint32): (JSC::dataViewProtoFuncGetFloat32): (JSC::dataViewProtoFuncGetFloat64): (JSC::dataViewProtoFuncSetInt8): (JSC::dataViewProtoFuncSetInt16): (JSC::dataViewProtoFuncSetInt32): (JSC::dataViewProtoFuncSetUint8): (JSC::dataViewProtoFuncSetUint16): (JSC::dataViewProtoFuncSetUint32): (JSC::dataViewProtoFuncSetFloat32): (JSC::dataViewProtoFuncSetFloat64): * runtime/JSDataViewPrototype.h: Added. * runtime/JSFloat32Array.h: Added. * runtime/JSFloat64Array.h: Added. * runtime/JSGenericTypedArrayView.h: Added. (JSC::JSGenericTypedArrayView::byteLength): (JSC::JSGenericTypedArrayView::byteSize): (JSC::JSGenericTypedArrayView::typedVector): (JSC::JSGenericTypedArrayView::canGetIndexQuickly): (JSC::JSGenericTypedArrayView::canSetIndexQuickly): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue): (JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble): (JSC::JSGenericTypedArrayView::getIndexQuickly): (JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue): (JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble): (JSC::JSGenericTypedArrayView::setIndexQuickly): (JSC::JSGenericTypedArrayView::canAccessRangeQuickly): (JSC::JSGenericTypedArrayView::typedImpl): (JSC::JSGenericTypedArrayView::createStructure): (JSC::JSGenericTypedArrayView::info): (JSC::toNativeTypedView): * runtime/JSGenericTypedArrayViewConstructor.h: Added. * runtime/JSGenericTypedArrayViewConstructorInlines.h: Added. (JSC::::JSGenericTypedArrayViewConstructor): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): (JSC::constructGenericTypedArrayView): (JSC::::getConstructData): (JSC::::getCallData): * runtime/JSGenericTypedArrayViewInlines.h: Added. (JSC::::JSGenericTypedArrayView): (JSC::::create): (JSC::::createUninitialized): (JSC::::validateRange): (JSC::::setWithSpecificType): (JSC::::set): (JSC::::getOwnPropertySlot): (JSC::::getOwnPropertyDescriptor): (JSC::::put): (JSC::::defineOwnProperty): (JSC::::deleteProperty): (JSC::::getOwnPropertySlotByIndex): (JSC::::putByIndex): (JSC::::deletePropertyByIndex): (JSC::::getOwnNonIndexPropertyNames): (JSC::::getOwnPropertyNames): (JSC::::visitChildren): (JSC::::copyBackingStore): (JSC::::slowDownAndWasteMemory): (JSC::::getTypedArrayImpl): * runtime/JSGenericTypedArrayViewPrototype.h: Added. * runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added. (JSC::genericTypedArrayViewProtoFuncSet): (JSC::genericTypedArrayViewProtoFuncSubarray): (JSC::::JSGenericTypedArrayViewPrototype): (JSC::::finishCreation): (JSC::::create): (JSC::::createStructure): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren): * runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype): (JSC::JSGlobalObject::arrayBufferStructure): (JSC::JSGlobalObject::typedArrayStructure): * runtime/JSInt16Array.h: Added. * runtime/JSInt32Array.h: Added. * runtime/JSInt8Array.h: Added. * runtime/JSTypedArrayConstructors.cpp: Added. * runtime/JSTypedArrayConstructors.h: Added. * runtime/JSTypedArrayPrototypes.cpp: Added. * runtime/JSTypedArrayPrototypes.h: Added. * runtime/JSTypedArrays.cpp: Added. * runtime/JSTypedArrays.h: Added. * runtime/JSUint16Array.h: Added. * runtime/JSUint32Array.h: Added. * runtime/JSUint8Array.h: Added. * runtime/JSUint8ClampedArray.h: Added. * runtime/Operations.h: * runtime/Options.h: * runtime/SimpleTypedArrayController.cpp: Added. (JSC::SimpleTypedArrayController::SimpleTypedArrayController): (JSC::SimpleTypedArrayController::~SimpleTypedArrayController): (JSC::SimpleTypedArrayController::toJS): * runtime/SimpleTypedArrayController.h: Added. * runtime/Structure.h: (JSC::Structure::couldHaveIndexingHeader): * runtime/StructureInlines.h: (JSC::Structure::hasIndexingHeader): * runtime/TypedArrayAdaptors.h: Added. (JSC::IntegralTypedArrayAdaptor::toNative): (JSC::IntegralTypedArrayAdaptor::toJSValue): (JSC::IntegralTypedArrayAdaptor::toDouble): (JSC::FloatTypedArrayAdaptor::toNative): (JSC::FloatTypedArrayAdaptor::toJSValue): (JSC::FloatTypedArrayAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::toNative): (JSC::Uint8ClampedAdaptor::toJSValue): (JSC::Uint8ClampedAdaptor::toDouble): (JSC::Uint8ClampedAdaptor::clamp): * runtime/TypedArrayController.cpp: Added. (JSC::TypedArrayController::TypedArrayController): (JSC::TypedArrayController::~TypedArrayController): * runtime/TypedArrayController.h: Added. * runtime/TypedArrayDescriptor.h: Removed. * runtime/TypedArrayInlines.h: Added. * runtime/TypedArrayType.cpp: Added. (JSC::classInfoForType): (WTF::printInternal): * runtime/TypedArrayType.h: Added. (JSC::toIndex): (JSC::isTypedView): (JSC::elementSize): (JSC::isInt): (JSC::isFloat): (JSC::isSigned): (JSC::isClamped): * runtime/TypedArrays.h: Added. * runtime/Uint16Array.h: * runtime/Uint32Array.h: * runtime/Uint8Array.h: * runtime/Uint8ClampedArray.h: * runtime/VM.cpp: (JSC::VM::VM): (JSC::VM::~VM): * runtime/VM.h: Source/WebCore: Reviewed by Oliver Hunt. Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a client of them. There is only one layering violation: WebCore installs a WebCoreTypedArrayController on VM, which makes the ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default, JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer alive but if ArrayBuffer is kept alive from native code then the JSArrayByffer may die. WebCoreTypedArrayController will keep the JSArrayBuffer alive if the ArrayBuffer is in the opaque root set. To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is changed to make most references to wrappers refer to JSObject* rather than JSDOMWrapper*. Array buffer views are now transient; the JS array buffer view wrappers don't own them or keep them alive. This required a bunch of changes to make bindings code use RefPtr<ArrayBufferView> to hold onto their views. Also there is a bunch of new code to make JSC-provided array buffers and views obey the toJS/to<ClassName> idiom for wrapping and unwrapping. Finally, the DataView API is now completely different: the JSDataView provides the same user-visible JS API but using its own internal magic; the C++ code that uses DataView now uses a rather different API that is not aware of usual DOM semantics, since it's in JSC and not WebCore. It's equally useful for all of WebCore's purposes, but some code had to change to adapt the new conventions. Some tests have been changed or rebased due to changes in behavior, that bring us into conformance with where the standards are going and allow us to match Firefox behavior. Automake work and some additional GTK changes courtesy of Zan Dobersek <zdobersek@igalia.com>. Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>. * CMakeLists.txt: * DerivedSources.make: * ForwardingHeaders/runtime/DataView.h: Added. * ForwardingHeaders/runtime/JSArrayBuffer.h: Added. * ForwardingHeaders/runtime/JSArrayBufferView.h: Added. * ForwardingHeaders/runtime/JSDataView.h: Added. * ForwardingHeaders/runtime/JSTypedArrays.h: Added. * ForwardingHeaders/runtime/TypedArrayController.h: Added. * ForwardingHeaders/runtime/TypedArrayInlines.h: Added. * ForwardingHeaders/runtime/TypedArrays.h: Added. * GNUmakefile.list.am: * Modules/webaudio/RealtimeAnalyser.h: * Target.pri: * UseJSC.cmake: * WebCore.exp.in: * WebCore.vcxproj/WebCore.vcxproj: * WebCore.xcodeproj/project.pbxproj: * bindings/js/DOMWrapperWorld.h: * bindings/js/JSArrayBufferCustom.cpp: Removed. * bindings/js/JSArrayBufferViewHelper.h: Removed. * bindings/js/JSAudioContextCustom.cpp: * bindings/js/JSBindingsAllInOne.cpp: * bindings/js/JSBlobCustom.cpp: * bindings/js/JSCSSRuleCustom.cpp: (WebCore::toJS): * bindings/js/JSCSSValueCustom.cpp: (WebCore::toJS): * bindings/js/JSCryptoCustom.cpp: (WebCore::JSCrypto::getRandomValues): * bindings/js/JSDOMBinding.h: (WebCore::wrapperOwner): (WebCore::wrapperContext): (WebCore::getInlineCachedWrapper): (WebCore::setInlineCachedWrapper): (WebCore::clearInlineCachedWrapper): (WebCore::getCachedWrapper): (WebCore::cacheWrapper): (WebCore::uncacheWrapper): (WebCore::wrap): (WebCore::toJS): (WebCore::toArrayBufferView): (WebCore::toInt8Array): (WebCore::toInt16Array): (WebCore::toInt32Array): (WebCore::toUint8Array): (WebCore::toUint8ClampedArray): (WebCore::toUint16Array): (WebCore::toUint32Array): (WebCore::toFloat32Array): (WebCore::toFloat64Array): (WebCore::toDataView): * bindings/js/JSDataViewCustom.cpp: Removed. * bindings/js/JSDictionary.cpp: * bindings/js/JSDictionary.h: * bindings/js/JSDocumentCustom.cpp: (WebCore::JSDocument::location): (WebCore::toJS): * bindings/js/JSEventCustom.cpp: (WebCore::toJS): * bindings/js/JSFileReaderCustom.cpp: * bindings/js/JSHTMLCollectionCustom.cpp: (WebCore::toJS): * bindings/js/JSHTMLTemplateElementCustom.cpp: (WebCore::JSHTMLTemplateElement::content): * bindings/js/JSImageDataCustom.cpp: (WebCore::toJS): * bindings/js/JSInjectedScriptHostCustom.cpp: * bindings/js/JSMessageEventCustom.cpp: * bindings/js/JSMessagePortCustom.cpp: * bindings/js/JSSVGPathSegCustom.cpp: (WebCore::toJS): * bindings/js/JSStyleSheetCustom.cpp: (WebCore::toJS): * bindings/js/JSTrackCustom.cpp: (WebCore::toJS): * bindings/js/JSWebGLRenderingContextCustom.cpp: * bindings/js/JSXMLHttpRequestCustom.cpp: (WebCore::JSXMLHttpRequest::send): * bindings/js/SerializedScriptValue.cpp: (WebCore::SerializedScriptValue::transferArrayBuffers): * bindings/js/WebCoreJSClientData.h: (WebCore::initNormalWorldClientData): * bindings/js/WebCoreTypedArrayController.cpp: Added. (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::toJS): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots): (WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize): * bindings/js/WebCoreTypedArrayController.h: Added. (WebCore::WebCoreTypedArrayController::wrapperOwner): * bindings/scripts/CodeGenerator.pm: (ForAllParents): (ParseInterface): (SkipIncludeHeader): (IsTypedArrayType): (IsWrapperType): * bindings/scripts/CodeGeneratorJS.pm: (AddIncludesForType): (GenerateHeader): (GenerateImplementation): (GenerateParametersCheck): (GetNativeType): (JSValueToNative): (NativeToJSValue): (GenerateConstructorDefinition): (GenerateConstructorHelperMethods): * fileapi/WebKitBlobBuilder.cpp: (WebCore::BlobBuilder::append): * fileapi/WebKitBlobBuilder.h: * html/canvas/ArrayBuffer.idl: Removed. * html/canvas/ArrayBufferView.idl: Removed. * html/canvas/DataView.cpp: Removed. * html/canvas/DataView.h: Removed. * html/canvas/DataView.idl: Removed. * html/canvas/Float32Array.idl: Removed. * html/canvas/Float64Array.idl: Removed. * html/canvas/Int16Array.idl: Removed. * html/canvas/Int32Array.idl: Removed. * html/canvas/Int8Array.idl: Removed. * html/canvas/Uint16Array.idl: Removed. * html/canvas/Uint32Array.idl: Removed. * html/canvas/Uint8Array.idl: Removed. * html/canvas/Uint8ClampedArray.idl: Removed. * html/canvas/WebGLRenderingContext.cpp: (WebCore::WebGLRenderingContext::readPixels): (WebCore::WebGLRenderingContext::validateTexFuncData): * page/Crypto.cpp: * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: (WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource): (WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData): * platform/graphics/filters/FECustomFilter.h: * platform/graphics/filters/FEGaussianBlur.cpp: * platform/graphics/filters/FilterEffect.cpp: * testing/MockCDM.cpp: Source/WebKit2: Reviewed by Oliver Hunt. You don't need to include JSUint8Array anymore if you just want to unwrap one; JSDOMBinding gives you all of the things you need. * WebProcess/InjectedBundle/InjectedBundle.cpp: Source/WTF: Reviewed by Oliver Hunt. - Added the notion of a reference counted object that can be marked Deferred, which is like a special-purpose upref. - Added a common byte flipper. Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>. * GNUmakefile.list.am: * WTF.xcodeproj/project.pbxproj: * wtf/DeferrableRefCounted.h: Added. (WTF::DeferrableRefCountedBase::ref): (WTF::DeferrableRefCountedBase::hasOneRef): (WTF::DeferrableRefCountedBase::refCount): (WTF::DeferrableRefCountedBase::isDeferred): (WTF::DeferrableRefCountedBase::DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase): (WTF::DeferrableRefCountedBase::derefBase): (WTF::DeferrableRefCountedBase::setIsDeferredBase): (WTF::DeferrableRefCounted::deref): (WTF::DeferrableRefCounted::setIsDeferred): (WTF::DeferrableRefCounted::DeferrableRefCounted): (WTF::DeferrableRefCounted::~DeferrableRefCounted): * wtf/FlipBytes.h: Added. (WTF::needToFlipBytesIfLittleEndian): (WTF::flipBytes): (WTF::flipBytesIfLittleEndian): LayoutTests: Reviewed by Oliver Hunt. * fast/canvas/webgl/array-set-invalid-arguments-expected.txt: * fast/canvas/webgl/array-set-out-of-bounds-expected.txt: * fast/canvas/webgl/array-unit-tests-expected.txt: * fast/canvas/webgl/array-unit-tests.html: * fast/canvas/webgl/data-view-crash-expected.txt: * fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js: (checkView): * fast/dom/call-a-constructor-as-a-function-expected.txt: * fast/dom/call-a-constructor-as-a-function.html: * fast/js/constructor-length.html: * fast/js/global-constructors-attributes-dedicated-worker-expected.txt: * fast/js/global-constructors-attributes-expected.txt: * fast/js/global-constructors-attributes-shared-worker-expected.txt: * fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added. * fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added. * fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added. * fast/js/regress/Int32Array-alloc-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-huge.html: Added. * fast/js/regress/Int32Array-alloc-large-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-large-long-lived.html: Added. * fast/js/regress/Int32Array-alloc-large.html: Added. * fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added. * fast/js/regress/Int32Array-alloc-long-lived.html: Added. * fast/js/regress/Int32Array-alloc.html: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-large.js: Added. * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added. * fast/js/regress/script-tests/Int32Array-alloc.js: Added. * platform/mac/fast/js/constructor-length-expected.txt: * webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html: * webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html: Canonical link: https://commits.webkit.org/137806@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-08-15 20:43:06 +00:00
protected:
DeferrableRefCounted() { }
~DeferrableRefCounted() { }
};
} // namespace WTF
using WTF::DeferrableRefCounted;