nephele
/
haikuwebkit
1
0
Fork 0
Code Issues Releases Activity
haikuwebkit/Source/WTF/wtf/PackedRef.h

39 lines
1.5 KiB
C
Raw Permalink Normal View History

Fold constant typed arrays https://bugs.webkit.org/show_bug.cgi?id=125205 Source/JavaScriptCore: Reviewed by Oliver Hunt and Mark Hahnenberg. If by some other mechanism we have a typed array access on a compile-time constant typed array pointer, then fold: - Array bounds checks. Specifically, fold the load of length. - Loading the vector. This needs to install a watchpoint on the array itself because of the possibility of neutering. Neutering is ridiculous. We do this without bloating the size of ArrayBuffer or JSArrayBufferView in the common case (i.e. the case where you allocated an array that didn't end up becoming a compile-time constant). To install the watchpoint, we slowDownAndWasteMemory and then create an incoming reference to the ArrayBuffer, where that incoming reference is from a watchpoint object. The ArrayBuffer already knows about such incoming references and can fire the watchpoints that way. * CMakeLists.txt: * GNUmakefile.list.am: * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * dfg/DFGDesiredWatchpoints.cpp: (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add): (JSC::DFG::DesiredWatchpoints::addLazily): * dfg/DFGDesiredWatchpoints.h: (JSC::DFG::GenericSetAdaptor::add): (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated): (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated): (JSC::DFG::GenericDesiredWatchpoints::reallyAdd): (JSC::DFG::GenericDesiredWatchpoints::areStillValid): (JSC::DFG::GenericDesiredWatchpoints::isStillValid): (JSC::DFG::GenericDesiredWatchpoints::shouldAssumeMixedState): (JSC::DFG::DesiredWatchpoints::isStillValid): (JSC::DFG::DesiredWatchpoints::shouldAssumeMixedState): (JSC::DFG::DesiredWatchpoints::isValidOrMixed): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::tryGetFoldableView): * dfg/DFGGraph.h: * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::jumpForTypedArrayOutOfBounds): (JSC::DFG::SpeculativeJIT::emitTypedArrayBoundsCheck): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileConstantIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): * dfg/DFGSpeculativeJIT.h: * dfg/DFGWatchpointCollectionPhase.cpp: (JSC::DFG::WatchpointCollectionPhase::handle): (JSC::DFG::WatchpointCollectionPhase::addLazily): * ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileGetIndexedPropertyStorage): (JSC::FTL::LowerDFGToLLVM::compileGetByVal): (JSC::FTL::LowerDFGToLLVM::compilePutByVal): (JSC::FTL::LowerDFGToLLVM::typedArrayLength): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBufferNeuteringWatchpoint.cpp: Added. (JSC::ArrayBufferNeuteringWatchpoint::ArrayBufferNeuteringWatchpoint): (JSC::ArrayBufferNeuteringWatchpoint::~ArrayBufferNeuteringWatchpoint): (JSC::ArrayBufferNeuteringWatchpoint::finishCreation): (JSC::ArrayBufferNeuteringWatchpoint::destroy): (JSC::ArrayBufferNeuteringWatchpoint::create): (JSC::ArrayBufferNeuteringWatchpoint::createStructure): * runtime/ArrayBufferNeuteringWatchpoint.h: Added. (JSC::ArrayBufferNeuteringWatchpoint::set): * runtime/VM.cpp: (JSC::VM::VM): * runtime/VM.h: LayoutTests: Reviewed by Oliver Hunt and Mark Hahnenberg. * js/regress/fixed-typed-array-storage-expected.txt: Added. * js/regress/fixed-typed-array-storage-var-index-expected.txt: Added. * js/regress/fixed-typed-array-storage-var-index.html: Added. * js/regress/fixed-typed-array-storage.html: Added. * js/regress/script-tests/fixed-typed-array-storage-var-index.js: Added. (foo): * js/regress/script-tests/fixed-typed-array-storage.js: Added. (foo): Canonical link: https://commits.webkit.org/143374@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@160150 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-12-05 02:05:35 +00:00
/*
[JSC] Remove ArrayBufferNeuteringWatchpointSet https://bugs.webkit.org/show_bug.cgi?id=205194 Reviewed by Saam Barati. Source/JavaScriptCore: This patch removes ArrayBufferNeuteringWatchpointSet, and instead putting InlineWatchpointSet directly into ArrayBuffer, since this is much simpler. The main reason why we are using ArrayBufferNeuteringWatchpointSet is not to increase sizeof(ArrayBuffer). But this complicates the implementation. So, not to increase sizeof(ArrayBuffer), we use PackedRefPtr in ArrayBuffer, which is RefPtr while the pointer is packed. This gives us 8 bytes which is suitable for placing InlineWatchpointSet without increasing sizeof(ArrayBuffer). We also convert Function<> in ArrayBuffer to PackedRefPtr<SharedTask<>>, and share Gigacage::free destructor by multiple ArrayBuffer. This is memory efficient since this is the common case, and we can pack this field easily. * API/JSTypedArray.cpp: (JSObjectMakeTypedArrayWithBytesNoCopy): (JSObjectMakeArrayBufferWithBytesNoCopy): * JavaScriptCore.xcodeproj/project.pbxproj: * Sources.txt: * dfg/DFGDesiredWatchpoints.cpp: (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::tryGetFoldableView): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::primitiveGigacageDestructor): (JSC::SharedArrayBufferContents::~SharedArrayBufferContents): (JSC::ArrayBufferContents::destroy): (JSC::ArrayBufferContents::reset): (JSC::ArrayBufferContents::tryAllocate): (JSC::ArrayBufferContents::makeShared): (JSC::ArrayBufferContents::shareWith): (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::transferTo): (JSC::ArrayBuffer::neuter): (JSC::ArrayBuffer::notifyIncommingReferencesOfTransfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::neuteringWatchpointSet): * runtime/ArrayBufferNeuteringWatchpointSet.cpp: Removed. * runtime/FileBasedFuzzerAgent.cpp: (JSC::FileBasedFuzzerAgent::getPredictionInternal): * runtime/FileBasedFuzzerAgentBase.cpp: (JSC::FileBasedFuzzerAgentBase::createLookupKey): * runtime/PredictionFileCreatingFuzzerAgent.cpp: (JSC::PredictionFileCreatingFuzzerAgent::getPredictionInternal): * runtime/VM.cpp: (JSC::VM::VM): * runtime/VM.h: * wasm/js/JSWebAssemblyMemory.cpp: (JSC::JSWebAssemblyMemory::buffer): Source/WebCore: * bindings/js/SerializedScriptValue.h: (WebCore::SerializedScriptValue::decode): Source/WTF: This patch adds PackedRef and PackedRefPtr. They are Ref and RefPtr, but its internal pointer is packed. So we can represent them in 6 bytes with 1 byte alignment. * WTF.xcodeproj/project.pbxproj: * wtf/CMakeLists.txt: * wtf/Packed.h: (WTF::alignof): * wtf/PackedRef.h: Copied from Source/JavaScriptCore/runtime/ArrayBufferNeuteringWatchpointSet.h. * wtf/PackedRefPtr.h: Renamed from Source/JavaScriptCore/runtime/ArrayBufferNeuteringWatchpointSet.h. * wtf/RefPtr.h: (WTF::RefPtr::operator UnspecifiedBoolType const): (WTF::RefPtr::unspecifiedBoolTypeInstance const): Tools: Add tests for PackedRef and PackedRefPtr. * TestWebKitAPI/CMakeLists.txt: * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * TestWebKitAPI/Tests/WTF/PackedRef.cpp: Added. (TestWebKitAPI::TEST): (TestWebKitAPI::passWithRef): (TestWebKitAPI::PackedRefCheckingRefLogger::PackedRefCheckingRefLogger): (TestWebKitAPI::PackedRefCheckingRefLogger::ref): (TestWebKitAPI::PackedRefCheckingRefLogger::deref): (TestWebKitAPI::DerivedPackedRefCheckingRefLogger::DerivedPackedRefCheckingRefLogger): * TestWebKitAPI/Tests/WTF/PackedRefPtr.cpp: Copied from Tools/TestWebKitAPI/Tests/WTF/RefPtr.cpp. (TestWebKitAPI::TEST): (TestWebKitAPI::f1): (TestWebKitAPI::ConstRefCounted::create): (TestWebKitAPI::returnConstRefCountedRef): (TestWebKitAPI::returnRefCountedRef): (TestWebKitAPI::PackedRefPtrCheckingRefLogger::PackedRefPtrCheckingRefLogger): (TestWebKitAPI::loggerName): (TestWebKitAPI::PackedRefPtrCheckingRefLogger::ref): (TestWebKitAPI::PackedRefPtrCheckingRefLogger::deref): * TestWebKitAPI/Tests/WTF/RefPtr.cpp: (TestWebKitAPI::f1): (TestWebKitAPI::returnConstRefCountedRef): (TestWebKitAPI::returnRefCountedRef): Canonical link: https://commits.webkit.org/218489@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@253576 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2019-12-16 22:17:27 +00:00
* Copyright (C) 2019 Apple Inc. All rights reserved.
Fold constant typed arrays https://bugs.webkit.org/show_bug.cgi?id=125205 Source/JavaScriptCore: Reviewed by Oliver Hunt and Mark Hahnenberg. If by some other mechanism we have a typed array access on a compile-time constant typed array pointer, then fold: - Array bounds checks. Specifically, fold the load of length. - Loading the vector. This needs to install a watchpoint on the array itself because of the possibility of neutering. Neutering is ridiculous. We do this without bloating the size of ArrayBuffer or JSArrayBufferView in the common case (i.e. the case where you allocated an array that didn't end up becoming a compile-time constant). To install the watchpoint, we slowDownAndWasteMemory and then create an incoming reference to the ArrayBuffer, where that incoming reference is from a watchpoint object. The ArrayBuffer already knows about such incoming references and can fire the watchpoints that way. * CMakeLists.txt: * GNUmakefile.list.am: * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * dfg/DFGDesiredWatchpoints.cpp: (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add): (JSC::DFG::DesiredWatchpoints::addLazily): * dfg/DFGDesiredWatchpoints.h: (JSC::DFG::GenericSetAdaptor::add): (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated): (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated): (JSC::DFG::GenericDesiredWatchpoints::reallyAdd): (JSC::DFG::GenericDesiredWatchpoints::areStillValid): (JSC::DFG::GenericDesiredWatchpoints::isStillValid): (JSC::DFG::GenericDesiredWatchpoints::shouldAssumeMixedState): (JSC::DFG::DesiredWatchpoints::isStillValid): (JSC::DFG::DesiredWatchpoints::shouldAssumeMixedState): (JSC::DFG::DesiredWatchpoints::isValidOrMixed): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::tryGetFoldableView): * dfg/DFGGraph.h: * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::jumpForTypedArrayOutOfBounds): (JSC::DFG::SpeculativeJIT::emitTypedArrayBoundsCheck): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileConstantIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): * dfg/DFGSpeculativeJIT.h: * dfg/DFGWatchpointCollectionPhase.cpp: (JSC::DFG::WatchpointCollectionPhase::handle): (JSC::DFG::WatchpointCollectionPhase::addLazily): * ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileGetIndexedPropertyStorage): (JSC::FTL::LowerDFGToLLVM::compileGetByVal): (JSC::FTL::LowerDFGToLLVM::compilePutByVal): (JSC::FTL::LowerDFGToLLVM::typedArrayLength): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBufferNeuteringWatchpoint.cpp: Added. (JSC::ArrayBufferNeuteringWatchpoint::ArrayBufferNeuteringWatchpoint): (JSC::ArrayBufferNeuteringWatchpoint::~ArrayBufferNeuteringWatchpoint): (JSC::ArrayBufferNeuteringWatchpoint::finishCreation): (JSC::ArrayBufferNeuteringWatchpoint::destroy): (JSC::ArrayBufferNeuteringWatchpoint::create): (JSC::ArrayBufferNeuteringWatchpoint::createStructure): * runtime/ArrayBufferNeuteringWatchpoint.h: Added. (JSC::ArrayBufferNeuteringWatchpoint::set): * runtime/VM.cpp: (JSC::VM::VM): * runtime/VM.h: LayoutTests: Reviewed by Oliver Hunt and Mark Hahnenberg. * js/regress/fixed-typed-array-storage-expected.txt: Added. * js/regress/fixed-typed-array-storage-var-index-expected.txt: Added. * js/regress/fixed-typed-array-storage-var-index.html: Added. * js/regress/fixed-typed-array-storage.html: Added. * js/regress/script-tests/fixed-typed-array-storage-var-index.js: Added. (foo): * js/regress/script-tests/fixed-typed-array-storage.js: Added. (foo): Canonical link: https://commits.webkit.org/143374@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@160150 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-12-05 02:05:35 +00:00
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
[JSC] Remove ArrayBufferNeuteringWatchpointSet https://bugs.webkit.org/show_bug.cgi?id=205194 Reviewed by Saam Barati. Source/JavaScriptCore: This patch removes ArrayBufferNeuteringWatchpointSet, and instead putting InlineWatchpointSet directly into ArrayBuffer, since this is much simpler. The main reason why we are using ArrayBufferNeuteringWatchpointSet is not to increase sizeof(ArrayBuffer). But this complicates the implementation. So, not to increase sizeof(ArrayBuffer), we use PackedRefPtr in ArrayBuffer, which is RefPtr while the pointer is packed. This gives us 8 bytes which is suitable for placing InlineWatchpointSet without increasing sizeof(ArrayBuffer). We also convert Function<> in ArrayBuffer to PackedRefPtr<SharedTask<>>, and share Gigacage::free destructor by multiple ArrayBuffer. This is memory efficient since this is the common case, and we can pack this field easily. * API/JSTypedArray.cpp: (JSObjectMakeTypedArrayWithBytesNoCopy): (JSObjectMakeArrayBufferWithBytesNoCopy): * JavaScriptCore.xcodeproj/project.pbxproj: * Sources.txt: * dfg/DFGDesiredWatchpoints.cpp: (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::tryGetFoldableView): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::primitiveGigacageDestructor): (JSC::SharedArrayBufferContents::~SharedArrayBufferContents): (JSC::ArrayBufferContents::destroy): (JSC::ArrayBufferContents::reset): (JSC::ArrayBufferContents::tryAllocate): (JSC::ArrayBufferContents::makeShared): (JSC::ArrayBufferContents::shareWith): (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::transferTo): (JSC::ArrayBuffer::neuter): (JSC::ArrayBuffer::notifyIncommingReferencesOfTransfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::neuteringWatchpointSet): * runtime/ArrayBufferNeuteringWatchpointSet.cpp: Removed. * runtime/FileBasedFuzzerAgent.cpp: (JSC::FileBasedFuzzerAgent::getPredictionInternal): * runtime/FileBasedFuzzerAgentBase.cpp: (JSC::FileBasedFuzzerAgentBase::createLookupKey): * runtime/PredictionFileCreatingFuzzerAgent.cpp: (JSC::PredictionFileCreatingFuzzerAgent::getPredictionInternal): * runtime/VM.cpp: (JSC::VM::VM): * runtime/VM.h: * wasm/js/JSWebAssemblyMemory.cpp: (JSC::JSWebAssemblyMemory::buffer): Source/WebCore: * bindings/js/SerializedScriptValue.h: (WebCore::SerializedScriptValue::decode): Source/WTF: This patch adds PackedRef and PackedRefPtr. They are Ref and RefPtr, but its internal pointer is packed. So we can represent them in 6 bytes with 1 byte alignment. * WTF.xcodeproj/project.pbxproj: * wtf/CMakeLists.txt: * wtf/Packed.h: (WTF::alignof): * wtf/PackedRef.h: Copied from Source/JavaScriptCore/runtime/ArrayBufferNeuteringWatchpointSet.h. * wtf/PackedRefPtr.h: Renamed from Source/JavaScriptCore/runtime/ArrayBufferNeuteringWatchpointSet.h. * wtf/RefPtr.h: (WTF::RefPtr::operator UnspecifiedBoolType const): (WTF::RefPtr::unspecifiedBoolTypeInstance const): Tools: Add tests for PackedRef and PackedRefPtr. * TestWebKitAPI/CMakeLists.txt: * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * TestWebKitAPI/Tests/WTF/PackedRef.cpp: Added. (TestWebKitAPI::TEST): (TestWebKitAPI::passWithRef): (TestWebKitAPI::PackedRefCheckingRefLogger::PackedRefCheckingRefLogger): (TestWebKitAPI::PackedRefCheckingRefLogger::ref): (TestWebKitAPI::PackedRefCheckingRefLogger::deref): (TestWebKitAPI::DerivedPackedRefCheckingRefLogger::DerivedPackedRefCheckingRefLogger): * TestWebKitAPI/Tests/WTF/PackedRefPtr.cpp: Copied from Tools/TestWebKitAPI/Tests/WTF/RefPtr.cpp. (TestWebKitAPI::TEST): (TestWebKitAPI::f1): (TestWebKitAPI::ConstRefCounted::create): (TestWebKitAPI::returnConstRefCountedRef): (TestWebKitAPI::returnRefCountedRef): (TestWebKitAPI::PackedRefPtrCheckingRefLogger::PackedRefPtrCheckingRefLogger): (TestWebKitAPI::loggerName): (TestWebKitAPI::PackedRefPtrCheckingRefLogger::ref): (TestWebKitAPI::PackedRefPtrCheckingRefLogger::deref): * TestWebKitAPI/Tests/WTF/RefPtr.cpp: (TestWebKitAPI::f1): (TestWebKitAPI::returnConstRefCountedRef): (TestWebKitAPI::returnRefCountedRef): Canonical link: https://commits.webkit.org/218489@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@253576 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2019-12-16 22:17:27 +00:00
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Fold constant typed arrays https://bugs.webkit.org/show_bug.cgi?id=125205 Source/JavaScriptCore: Reviewed by Oliver Hunt and Mark Hahnenberg. If by some other mechanism we have a typed array access on a compile-time constant typed array pointer, then fold: - Array bounds checks. Specifically, fold the load of length. - Loading the vector. This needs to install a watchpoint on the array itself because of the possibility of neutering. Neutering is ridiculous. We do this without bloating the size of ArrayBuffer or JSArrayBufferView in the common case (i.e. the case where you allocated an array that didn't end up becoming a compile-time constant). To install the watchpoint, we slowDownAndWasteMemory and then create an incoming reference to the ArrayBuffer, where that incoming reference is from a watchpoint object. The ArrayBuffer already knows about such incoming references and can fire the watchpoints that way. * CMakeLists.txt: * GNUmakefile.list.am: * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * dfg/DFGDesiredWatchpoints.cpp: (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add): (JSC::DFG::DesiredWatchpoints::addLazily): * dfg/DFGDesiredWatchpoints.h: (JSC::DFG::GenericSetAdaptor::add): (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated): (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated): (JSC::DFG::GenericDesiredWatchpoints::reallyAdd): (JSC::DFG::GenericDesiredWatchpoints::areStillValid): (JSC::DFG::GenericDesiredWatchpoints::isStillValid): (JSC::DFG::GenericDesiredWatchpoints::shouldAssumeMixedState): (JSC::DFG::DesiredWatchpoints::isStillValid): (JSC::DFG::DesiredWatchpoints::shouldAssumeMixedState): (JSC::DFG::DesiredWatchpoints::isValidOrMixed): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::tryGetFoldableView): * dfg/DFGGraph.h: * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::jumpForTypedArrayOutOfBounds): (JSC::DFG::SpeculativeJIT::emitTypedArrayBoundsCheck): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileConstantIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): * dfg/DFGSpeculativeJIT.h: * dfg/DFGWatchpointCollectionPhase.cpp: (JSC::DFG::WatchpointCollectionPhase::handle): (JSC::DFG::WatchpointCollectionPhase::addLazily): * ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileGetIndexedPropertyStorage): (JSC::FTL::LowerDFGToLLVM::compileGetByVal): (JSC::FTL::LowerDFGToLLVM::compilePutByVal): (JSC::FTL::LowerDFGToLLVM::typedArrayLength): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBufferNeuteringWatchpoint.cpp: Added. (JSC::ArrayBufferNeuteringWatchpoint::ArrayBufferNeuteringWatchpoint): (JSC::ArrayBufferNeuteringWatchpoint::~ArrayBufferNeuteringWatchpoint): (JSC::ArrayBufferNeuteringWatchpoint::finishCreation): (JSC::ArrayBufferNeuteringWatchpoint::destroy): (JSC::ArrayBufferNeuteringWatchpoint::create): (JSC::ArrayBufferNeuteringWatchpoint::createStructure): * runtime/ArrayBufferNeuteringWatchpoint.h: Added. (JSC::ArrayBufferNeuteringWatchpoint::set): * runtime/VM.cpp: (JSC::VM::VM): * runtime/VM.h: LayoutTests: Reviewed by Oliver Hunt and Mark Hahnenberg. * js/regress/fixed-typed-array-storage-expected.txt: Added. * js/regress/fixed-typed-array-storage-var-index-expected.txt: Added. * js/regress/fixed-typed-array-storage-var-index.html: Added. * js/regress/fixed-typed-array-storage.html: Added. * js/regress/script-tests/fixed-typed-array-storage-var-index.js: Added. (foo): * js/regress/script-tests/fixed-typed-array-storage.js: Added. (foo): Canonical link: https://commits.webkit.org/143374@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@160150 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-12-05 02:05:35 +00:00
*/
Unreviewed, rolling out r206522. Roll r206506 back in since the build fix landed in r206521 Reverted changeset: "Unreviewed, rolling out r206506." https://bugs.webkit.org/show_bug.cgi?id=162682 http://trac.webkit.org/changeset/206522 Canonical link: https://commits.webkit.org/180623@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@206525 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-09-28 17:08:17 +00:00
#pragma once
Fold constant typed arrays https://bugs.webkit.org/show_bug.cgi?id=125205 Source/JavaScriptCore: Reviewed by Oliver Hunt and Mark Hahnenberg. If by some other mechanism we have a typed array access on a compile-time constant typed array pointer, then fold: - Array bounds checks. Specifically, fold the load of length. - Loading the vector. This needs to install a watchpoint on the array itself because of the possibility of neutering. Neutering is ridiculous. We do this without bloating the size of ArrayBuffer or JSArrayBufferView in the common case (i.e. the case where you allocated an array that didn't end up becoming a compile-time constant). To install the watchpoint, we slowDownAndWasteMemory and then create an incoming reference to the ArrayBuffer, where that incoming reference is from a watchpoint object. The ArrayBuffer already knows about such incoming references and can fire the watchpoints that way. * CMakeLists.txt: * GNUmakefile.list.am: * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * dfg/DFGDesiredWatchpoints.cpp: (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add): (JSC::DFG::DesiredWatchpoints::addLazily): * dfg/DFGDesiredWatchpoints.h: (JSC::DFG::GenericSetAdaptor::add): (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated): (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated): (JSC::DFG::GenericDesiredWatchpoints::reallyAdd): (JSC::DFG::GenericDesiredWatchpoints::areStillValid): (JSC::DFG::GenericDesiredWatchpoints::isStillValid): (JSC::DFG::GenericDesiredWatchpoints::shouldAssumeMixedState): (JSC::DFG::DesiredWatchpoints::isStillValid): (JSC::DFG::DesiredWatchpoints::shouldAssumeMixedState): (JSC::DFG::DesiredWatchpoints::isValidOrMixed): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::tryGetFoldableView): * dfg/DFGGraph.h: * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::jumpForTypedArrayOutOfBounds): (JSC::DFG::SpeculativeJIT::emitTypedArrayBoundsCheck): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileConstantIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): * dfg/DFGSpeculativeJIT.h: * dfg/DFGWatchpointCollectionPhase.cpp: (JSC::DFG::WatchpointCollectionPhase::handle): (JSC::DFG::WatchpointCollectionPhase::addLazily): * ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileGetIndexedPropertyStorage): (JSC::FTL::LowerDFGToLLVM::compileGetByVal): (JSC::FTL::LowerDFGToLLVM::compilePutByVal): (JSC::FTL::LowerDFGToLLVM::typedArrayLength): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBufferNeuteringWatchpoint.cpp: Added. (JSC::ArrayBufferNeuteringWatchpoint::ArrayBufferNeuteringWatchpoint): (JSC::ArrayBufferNeuteringWatchpoint::~ArrayBufferNeuteringWatchpoint): (JSC::ArrayBufferNeuteringWatchpoint::finishCreation): (JSC::ArrayBufferNeuteringWatchpoint::destroy): (JSC::ArrayBufferNeuteringWatchpoint::create): (JSC::ArrayBufferNeuteringWatchpoint::createStructure): * runtime/ArrayBufferNeuteringWatchpoint.h: Added. (JSC::ArrayBufferNeuteringWatchpoint::set): * runtime/VM.cpp: (JSC::VM::VM): * runtime/VM.h: LayoutTests: Reviewed by Oliver Hunt and Mark Hahnenberg. * js/regress/fixed-typed-array-storage-expected.txt: Added. * js/regress/fixed-typed-array-storage-var-index-expected.txt: Added. * js/regress/fixed-typed-array-storage-var-index.html: Added. * js/regress/fixed-typed-array-storage.html: Added. * js/regress/script-tests/fixed-typed-array-storage-var-index.js: Added. (foo): * js/regress/script-tests/fixed-typed-array-storage.js: Added. (foo): Canonical link: https://commits.webkit.org/143374@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@160150 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-12-05 02:05:35 +00:00
[JSC] Remove ArrayBufferNeuteringWatchpointSet https://bugs.webkit.org/show_bug.cgi?id=205194 Reviewed by Saam Barati. Source/JavaScriptCore: This patch removes ArrayBufferNeuteringWatchpointSet, and instead putting InlineWatchpointSet directly into ArrayBuffer, since this is much simpler. The main reason why we are using ArrayBufferNeuteringWatchpointSet is not to increase sizeof(ArrayBuffer). But this complicates the implementation. So, not to increase sizeof(ArrayBuffer), we use PackedRefPtr in ArrayBuffer, which is RefPtr while the pointer is packed. This gives us 8 bytes which is suitable for placing InlineWatchpointSet without increasing sizeof(ArrayBuffer). We also convert Function<> in ArrayBuffer to PackedRefPtr<SharedTask<>>, and share Gigacage::free destructor by multiple ArrayBuffer. This is memory efficient since this is the common case, and we can pack this field easily. * API/JSTypedArray.cpp: (JSObjectMakeTypedArrayWithBytesNoCopy): (JSObjectMakeArrayBufferWithBytesNoCopy): * JavaScriptCore.xcodeproj/project.pbxproj: * Sources.txt: * dfg/DFGDesiredWatchpoints.cpp: (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::tryGetFoldableView): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::primitiveGigacageDestructor): (JSC::SharedArrayBufferContents::~SharedArrayBufferContents): (JSC::ArrayBufferContents::destroy): (JSC::ArrayBufferContents::reset): (JSC::ArrayBufferContents::tryAllocate): (JSC::ArrayBufferContents::makeShared): (JSC::ArrayBufferContents::shareWith): (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::transferTo): (JSC::ArrayBuffer::neuter): (JSC::ArrayBuffer::notifyIncommingReferencesOfTransfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::neuteringWatchpointSet): * runtime/ArrayBufferNeuteringWatchpointSet.cpp: Removed. * runtime/FileBasedFuzzerAgent.cpp: (JSC::FileBasedFuzzerAgent::getPredictionInternal): * runtime/FileBasedFuzzerAgentBase.cpp: (JSC::FileBasedFuzzerAgentBase::createLookupKey): * runtime/PredictionFileCreatingFuzzerAgent.cpp: (JSC::PredictionFileCreatingFuzzerAgent::getPredictionInternal): * runtime/VM.cpp: (JSC::VM::VM): * runtime/VM.h: * wasm/js/JSWebAssemblyMemory.cpp: (JSC::JSWebAssemblyMemory::buffer): Source/WebCore: * bindings/js/SerializedScriptValue.h: (WebCore::SerializedScriptValue::decode): Source/WTF: This patch adds PackedRef and PackedRefPtr. They are Ref and RefPtr, but its internal pointer is packed. So we can represent them in 6 bytes with 1 byte alignment. * WTF.xcodeproj/project.pbxproj: * wtf/CMakeLists.txt: * wtf/Packed.h: (WTF::alignof): * wtf/PackedRef.h: Copied from Source/JavaScriptCore/runtime/ArrayBufferNeuteringWatchpointSet.h. * wtf/PackedRefPtr.h: Renamed from Source/JavaScriptCore/runtime/ArrayBufferNeuteringWatchpointSet.h. * wtf/RefPtr.h: (WTF::RefPtr::operator UnspecifiedBoolType const): (WTF::RefPtr::unspecifiedBoolTypeInstance const): Tools: Add tests for PackedRef and PackedRefPtr. * TestWebKitAPI/CMakeLists.txt: * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * TestWebKitAPI/Tests/WTF/PackedRef.cpp: Added. (TestWebKitAPI::TEST): (TestWebKitAPI::passWithRef): (TestWebKitAPI::PackedRefCheckingRefLogger::PackedRefCheckingRefLogger): (TestWebKitAPI::PackedRefCheckingRefLogger::ref): (TestWebKitAPI::PackedRefCheckingRefLogger::deref): (TestWebKitAPI::DerivedPackedRefCheckingRefLogger::DerivedPackedRefCheckingRefLogger): * TestWebKitAPI/Tests/WTF/PackedRefPtr.cpp: Copied from Tools/TestWebKitAPI/Tests/WTF/RefPtr.cpp. (TestWebKitAPI::TEST): (TestWebKitAPI::f1): (TestWebKitAPI::ConstRefCounted::create): (TestWebKitAPI::returnConstRefCountedRef): (TestWebKitAPI::returnRefCountedRef): (TestWebKitAPI::PackedRefPtrCheckingRefLogger::PackedRefPtrCheckingRefLogger): (TestWebKitAPI::loggerName): (TestWebKitAPI::PackedRefPtrCheckingRefLogger::ref): (TestWebKitAPI::PackedRefPtrCheckingRefLogger::deref): * TestWebKitAPI/Tests/WTF/RefPtr.cpp: (TestWebKitAPI::f1): (TestWebKitAPI::returnConstRefCountedRef): (TestWebKitAPI::returnRefCountedRef): Canonical link: https://commits.webkit.org/218489@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@253576 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2019-12-16 22:17:27 +00:00
#include <wtf/Packed.h>
#include <wtf/Ref.h>
Fold constant typed arrays https://bugs.webkit.org/show_bug.cgi?id=125205 Source/JavaScriptCore: Reviewed by Oliver Hunt and Mark Hahnenberg. If by some other mechanism we have a typed array access on a compile-time constant typed array pointer, then fold: - Array bounds checks. Specifically, fold the load of length. - Loading the vector. This needs to install a watchpoint on the array itself because of the possibility of neutering. Neutering is ridiculous. We do this without bloating the size of ArrayBuffer or JSArrayBufferView in the common case (i.e. the case where you allocated an array that didn't end up becoming a compile-time constant). To install the watchpoint, we slowDownAndWasteMemory and then create an incoming reference to the ArrayBuffer, where that incoming reference is from a watchpoint object. The ArrayBuffer already knows about such incoming references and can fire the watchpoints that way. * CMakeLists.txt: * GNUmakefile.list.am: * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * dfg/DFGDesiredWatchpoints.cpp: (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add): (JSC::DFG::DesiredWatchpoints::addLazily): * dfg/DFGDesiredWatchpoints.h: (JSC::DFG::GenericSetAdaptor::add): (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated): (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated): (JSC::DFG::GenericDesiredWatchpoints::reallyAdd): (JSC::DFG::GenericDesiredWatchpoints::areStillValid): (JSC::DFG::GenericDesiredWatchpoints::isStillValid): (JSC::DFG::GenericDesiredWatchpoints::shouldAssumeMixedState): (JSC::DFG::DesiredWatchpoints::isStillValid): (JSC::DFG::DesiredWatchpoints::shouldAssumeMixedState): (JSC::DFG::DesiredWatchpoints::isValidOrMixed): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::tryGetFoldableView): * dfg/DFGGraph.h: * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::jumpForTypedArrayOutOfBounds): (JSC::DFG::SpeculativeJIT::emitTypedArrayBoundsCheck): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileConstantIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): * dfg/DFGSpeculativeJIT.h: * dfg/DFGWatchpointCollectionPhase.cpp: (JSC::DFG::WatchpointCollectionPhase::handle): (JSC::DFG::WatchpointCollectionPhase::addLazily): * ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileGetIndexedPropertyStorage): (JSC::FTL::LowerDFGToLLVM::compileGetByVal): (JSC::FTL::LowerDFGToLLVM::compilePutByVal): (JSC::FTL::LowerDFGToLLVM::typedArrayLength): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBufferNeuteringWatchpoint.cpp: Added. (JSC::ArrayBufferNeuteringWatchpoint::ArrayBufferNeuteringWatchpoint): (JSC::ArrayBufferNeuteringWatchpoint::~ArrayBufferNeuteringWatchpoint): (JSC::ArrayBufferNeuteringWatchpoint::finishCreation): (JSC::ArrayBufferNeuteringWatchpoint::destroy): (JSC::ArrayBufferNeuteringWatchpoint::create): (JSC::ArrayBufferNeuteringWatchpoint::createStructure): * runtime/ArrayBufferNeuteringWatchpoint.h: Added. (JSC::ArrayBufferNeuteringWatchpoint::set): * runtime/VM.cpp: (JSC::VM::VM): * runtime/VM.h: LayoutTests: Reviewed by Oliver Hunt and Mark Hahnenberg. * js/regress/fixed-typed-array-storage-expected.txt: Added. * js/regress/fixed-typed-array-storage-var-index-expected.txt: Added. * js/regress/fixed-typed-array-storage-var-index.html: Added. * js/regress/fixed-typed-array-storage.html: Added. * js/regress/script-tests/fixed-typed-array-storage-var-index.js: Added. (foo): * js/regress/script-tests/fixed-typed-array-storage.js: Added. (foo): Canonical link: https://commits.webkit.org/143374@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@160150 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-12-05 02:05:35 +00:00
[JSC] Remove ArrayBufferNeuteringWatchpointSet https://bugs.webkit.org/show_bug.cgi?id=205194 Reviewed by Saam Barati. Source/JavaScriptCore: This patch removes ArrayBufferNeuteringWatchpointSet, and instead putting InlineWatchpointSet directly into ArrayBuffer, since this is much simpler. The main reason why we are using ArrayBufferNeuteringWatchpointSet is not to increase sizeof(ArrayBuffer). But this complicates the implementation. So, not to increase sizeof(ArrayBuffer), we use PackedRefPtr in ArrayBuffer, which is RefPtr while the pointer is packed. This gives us 8 bytes which is suitable for placing InlineWatchpointSet without increasing sizeof(ArrayBuffer). We also convert Function<> in ArrayBuffer to PackedRefPtr<SharedTask<>>, and share Gigacage::free destructor by multiple ArrayBuffer. This is memory efficient since this is the common case, and we can pack this field easily. * API/JSTypedArray.cpp: (JSObjectMakeTypedArrayWithBytesNoCopy): (JSObjectMakeArrayBufferWithBytesNoCopy): * JavaScriptCore.xcodeproj/project.pbxproj: * Sources.txt: * dfg/DFGDesiredWatchpoints.cpp: (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::tryGetFoldableView): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::primitiveGigacageDestructor): (JSC::SharedArrayBufferContents::~SharedArrayBufferContents): (JSC::ArrayBufferContents::destroy): (JSC::ArrayBufferContents::reset): (JSC::ArrayBufferContents::tryAllocate): (JSC::ArrayBufferContents::makeShared): (JSC::ArrayBufferContents::shareWith): (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::transferTo): (JSC::ArrayBuffer::neuter): (JSC::ArrayBuffer::notifyIncommingReferencesOfTransfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::neuteringWatchpointSet): * runtime/ArrayBufferNeuteringWatchpointSet.cpp: Removed. * runtime/FileBasedFuzzerAgent.cpp: (JSC::FileBasedFuzzerAgent::getPredictionInternal): * runtime/FileBasedFuzzerAgentBase.cpp: (JSC::FileBasedFuzzerAgentBase::createLookupKey): * runtime/PredictionFileCreatingFuzzerAgent.cpp: (JSC::PredictionFileCreatingFuzzerAgent::getPredictionInternal): * runtime/VM.cpp: (JSC::VM::VM): * runtime/VM.h: * wasm/js/JSWebAssemblyMemory.cpp: (JSC::JSWebAssemblyMemory::buffer): Source/WebCore: * bindings/js/SerializedScriptValue.h: (WebCore::SerializedScriptValue::decode): Source/WTF: This patch adds PackedRef and PackedRefPtr. They are Ref and RefPtr, but its internal pointer is packed. So we can represent them in 6 bytes with 1 byte alignment. * WTF.xcodeproj/project.pbxproj: * wtf/CMakeLists.txt: * wtf/Packed.h: (WTF::alignof): * wtf/PackedRef.h: Copied from Source/JavaScriptCore/runtime/ArrayBufferNeuteringWatchpointSet.h. * wtf/PackedRefPtr.h: Renamed from Source/JavaScriptCore/runtime/ArrayBufferNeuteringWatchpointSet.h. * wtf/RefPtr.h: (WTF::RefPtr::operator UnspecifiedBoolType const): (WTF::RefPtr::unspecifiedBoolTypeInstance const): Tools: Add tests for PackedRef and PackedRefPtr. * TestWebKitAPI/CMakeLists.txt: * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * TestWebKitAPI/Tests/WTF/PackedRef.cpp: Added. (TestWebKitAPI::TEST): (TestWebKitAPI::passWithRef): (TestWebKitAPI::PackedRefCheckingRefLogger::PackedRefCheckingRefLogger): (TestWebKitAPI::PackedRefCheckingRefLogger::ref): (TestWebKitAPI::PackedRefCheckingRefLogger::deref): (TestWebKitAPI::DerivedPackedRefCheckingRefLogger::DerivedPackedRefCheckingRefLogger): * TestWebKitAPI/Tests/WTF/PackedRefPtr.cpp: Copied from Tools/TestWebKitAPI/Tests/WTF/RefPtr.cpp. (TestWebKitAPI::TEST): (TestWebKitAPI::f1): (TestWebKitAPI::ConstRefCounted::create): (TestWebKitAPI::returnConstRefCountedRef): (TestWebKitAPI::returnRefCountedRef): (TestWebKitAPI::PackedRefPtrCheckingRefLogger::PackedRefPtrCheckingRefLogger): (TestWebKitAPI::loggerName): (TestWebKitAPI::PackedRefPtrCheckingRefLogger::ref): (TestWebKitAPI::PackedRefPtrCheckingRefLogger::deref): * TestWebKitAPI/Tests/WTF/RefPtr.cpp: (TestWebKitAPI::f1): (TestWebKitAPI::returnConstRefCountedRef): (TestWebKitAPI::returnRefCountedRef): Canonical link: https://commits.webkit.org/218489@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@253576 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2019-12-16 22:17:27 +00:00
namespace WTF {
Fold constant typed arrays https://bugs.webkit.org/show_bug.cgi?id=125205 Source/JavaScriptCore: Reviewed by Oliver Hunt and Mark Hahnenberg. If by some other mechanism we have a typed array access on a compile-time constant typed array pointer, then fold: - Array bounds checks. Specifically, fold the load of length. - Loading the vector. This needs to install a watchpoint on the array itself because of the possibility of neutering. Neutering is ridiculous. We do this without bloating the size of ArrayBuffer or JSArrayBufferView in the common case (i.e. the case where you allocated an array that didn't end up becoming a compile-time constant). To install the watchpoint, we slowDownAndWasteMemory and then create an incoming reference to the ArrayBuffer, where that incoming reference is from a watchpoint object. The ArrayBuffer already knows about such incoming references and can fire the watchpoints that way. * CMakeLists.txt: * GNUmakefile.list.am: * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * dfg/DFGDesiredWatchpoints.cpp: (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add): (JSC::DFG::DesiredWatchpoints::addLazily): * dfg/DFGDesiredWatchpoints.h: (JSC::DFG::GenericSetAdaptor::add): (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated): (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated): (JSC::DFG::GenericDesiredWatchpoints::reallyAdd): (JSC::DFG::GenericDesiredWatchpoints::areStillValid): (JSC::DFG::GenericDesiredWatchpoints::isStillValid): (JSC::DFG::GenericDesiredWatchpoints::shouldAssumeMixedState): (JSC::DFG::DesiredWatchpoints::isStillValid): (JSC::DFG::DesiredWatchpoints::shouldAssumeMixedState): (JSC::DFG::DesiredWatchpoints::isValidOrMixed): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::tryGetFoldableView): * dfg/DFGGraph.h: * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::jumpForTypedArrayOutOfBounds): (JSC::DFG::SpeculativeJIT::emitTypedArrayBoundsCheck): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileConstantIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): * dfg/DFGSpeculativeJIT.h: * dfg/DFGWatchpointCollectionPhase.cpp: (JSC::DFG::WatchpointCollectionPhase::handle): (JSC::DFG::WatchpointCollectionPhase::addLazily): * ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileGetIndexedPropertyStorage): (JSC::FTL::LowerDFGToLLVM::compileGetByVal): (JSC::FTL::LowerDFGToLLVM::compilePutByVal): (JSC::FTL::LowerDFGToLLVM::typedArrayLength): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBufferNeuteringWatchpoint.cpp: Added. (JSC::ArrayBufferNeuteringWatchpoint::ArrayBufferNeuteringWatchpoint): (JSC::ArrayBufferNeuteringWatchpoint::~ArrayBufferNeuteringWatchpoint): (JSC::ArrayBufferNeuteringWatchpoint::finishCreation): (JSC::ArrayBufferNeuteringWatchpoint::destroy): (JSC::ArrayBufferNeuteringWatchpoint::create): (JSC::ArrayBufferNeuteringWatchpoint::createStructure): * runtime/ArrayBufferNeuteringWatchpoint.h: Added. (JSC::ArrayBufferNeuteringWatchpoint::set): * runtime/VM.cpp: (JSC::VM::VM): * runtime/VM.h: LayoutTests: Reviewed by Oliver Hunt and Mark Hahnenberg. * js/regress/fixed-typed-array-storage-expected.txt: Added. * js/regress/fixed-typed-array-storage-var-index-expected.txt: Added. * js/regress/fixed-typed-array-storage-var-index.html: Added. * js/regress/fixed-typed-array-storage.html: Added. * js/regress/script-tests/fixed-typed-array-storage-var-index.js: Added. (foo): * js/regress/script-tests/fixed-typed-array-storage.js: Added. (foo): Canonical link: https://commits.webkit.org/143374@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@160150 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-12-05 02:05:35 +00:00
[JSC] Remove ArrayBufferNeuteringWatchpointSet https://bugs.webkit.org/show_bug.cgi?id=205194 Reviewed by Saam Barati. Source/JavaScriptCore: This patch removes ArrayBufferNeuteringWatchpointSet, and instead putting InlineWatchpointSet directly into ArrayBuffer, since this is much simpler. The main reason why we are using ArrayBufferNeuteringWatchpointSet is not to increase sizeof(ArrayBuffer). But this complicates the implementation. So, not to increase sizeof(ArrayBuffer), we use PackedRefPtr in ArrayBuffer, which is RefPtr while the pointer is packed. This gives us 8 bytes which is suitable for placing InlineWatchpointSet without increasing sizeof(ArrayBuffer). We also convert Function<> in ArrayBuffer to PackedRefPtr<SharedTask<>>, and share Gigacage::free destructor by multiple ArrayBuffer. This is memory efficient since this is the common case, and we can pack this field easily. * API/JSTypedArray.cpp: (JSObjectMakeTypedArrayWithBytesNoCopy): (JSObjectMakeArrayBufferWithBytesNoCopy): * JavaScriptCore.xcodeproj/project.pbxproj: * Sources.txt: * dfg/DFGDesiredWatchpoints.cpp: (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::tryGetFoldableView): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::primitiveGigacageDestructor): (JSC::SharedArrayBufferContents::~SharedArrayBufferContents): (JSC::ArrayBufferContents::destroy): (JSC::ArrayBufferContents::reset): (JSC::ArrayBufferContents::tryAllocate): (JSC::ArrayBufferContents::makeShared): (JSC::ArrayBufferContents::shareWith): (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::transferTo): (JSC::ArrayBuffer::neuter): (JSC::ArrayBuffer::notifyIncommingReferencesOfTransfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::neuteringWatchpointSet): * runtime/ArrayBufferNeuteringWatchpointSet.cpp: Removed. * runtime/FileBasedFuzzerAgent.cpp: (JSC::FileBasedFuzzerAgent::getPredictionInternal): * runtime/FileBasedFuzzerAgentBase.cpp: (JSC::FileBasedFuzzerAgentBase::createLookupKey): * runtime/PredictionFileCreatingFuzzerAgent.cpp: (JSC::PredictionFileCreatingFuzzerAgent::getPredictionInternal): * runtime/VM.cpp: (JSC::VM::VM): * runtime/VM.h: * wasm/js/JSWebAssemblyMemory.cpp: (JSC::JSWebAssemblyMemory::buffer): Source/WebCore: * bindings/js/SerializedScriptValue.h: (WebCore::SerializedScriptValue::decode): Source/WTF: This patch adds PackedRef and PackedRefPtr. They are Ref and RefPtr, but its internal pointer is packed. So we can represent them in 6 bytes with 1 byte alignment. * WTF.xcodeproj/project.pbxproj: * wtf/CMakeLists.txt: * wtf/Packed.h: (WTF::alignof): * wtf/PackedRef.h: Copied from Source/JavaScriptCore/runtime/ArrayBufferNeuteringWatchpointSet.h. * wtf/PackedRefPtr.h: Renamed from Source/JavaScriptCore/runtime/ArrayBufferNeuteringWatchpointSet.h. * wtf/RefPtr.h: (WTF::RefPtr::operator UnspecifiedBoolType const): (WTF::RefPtr::unspecifiedBoolTypeInstance const): Tools: Add tests for PackedRef and PackedRefPtr. * TestWebKitAPI/CMakeLists.txt: * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * TestWebKitAPI/Tests/WTF/PackedRef.cpp: Added. (TestWebKitAPI::TEST): (TestWebKitAPI::passWithRef): (TestWebKitAPI::PackedRefCheckingRefLogger::PackedRefCheckingRefLogger): (TestWebKitAPI::PackedRefCheckingRefLogger::ref): (TestWebKitAPI::PackedRefCheckingRefLogger::deref): (TestWebKitAPI::DerivedPackedRefCheckingRefLogger::DerivedPackedRefCheckingRefLogger): * TestWebKitAPI/Tests/WTF/PackedRefPtr.cpp: Copied from Tools/TestWebKitAPI/Tests/WTF/RefPtr.cpp. (TestWebKitAPI::TEST): (TestWebKitAPI::f1): (TestWebKitAPI::ConstRefCounted::create): (TestWebKitAPI::returnConstRefCountedRef): (TestWebKitAPI::returnRefCountedRef): (TestWebKitAPI::PackedRefPtrCheckingRefLogger::PackedRefPtrCheckingRefLogger): (TestWebKitAPI::loggerName): (TestWebKitAPI::PackedRefPtrCheckingRefLogger::ref): (TestWebKitAPI::PackedRefPtrCheckingRefLogger::deref): * TestWebKitAPI/Tests/WTF/RefPtr.cpp: (TestWebKitAPI::f1): (TestWebKitAPI::returnConstRefCountedRef): (TestWebKitAPI::returnRefCountedRef): Canonical link: https://commits.webkit.org/218489@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@253576 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2019-12-16 22:17:27 +00:00
template<typename T>
using PackedRef = Ref<T, PackedPtrTraits<T>>;
Don't segregate heap objects based on Structure immortality. <https://webkit.org/b/143638> Reviewed by Darin Adler. Source/JavaScriptCore: Put all objects that need a destructor call into the same MarkedBlock. This reduces memory consumption in many situations, while improving locality, since much more of the MarkedBlock space can be shared. Instead of branching on the MarkedBlock type, we now check a bit in the JSCell's inline type flags (StructureIsImmortal) to see whether it's safe to access the cell's Structure during destruction or not. Performance benchmarks look mostly neutral. Maybe a small regression on SunSpider's date objects. On the amazon.com landing page, this saves us 50 MarkedBlocks (3200kB) along with a bunch of WeakBlocks that were hanging off of them. That's on the higher end of savings we can get from this, but still a very real improvement. Most of this patch is removing the "hasImmortalStructure" constant from JSCell derived classes and passing that responsibility to the StructureIsImmortal flag. StructureFlags is made public so that it's accessible from non-member functions. I made sure to declare it everywhere and make classes final to try to make it explicit what each class is doing to its inherited flags. * API/JSCallbackConstructor.h: * API/JSCallbackObject.h: * bytecode/UnlinkedCodeBlock.h: * debugger/DebuggerScope.h: * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileMakeRope): * ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileMakeRope): * heap/Heap.h: (JSC::Heap::subspaceForObjectDestructor): (JSC::Heap::allocatorForObjectWithDestructor): (JSC::Heap::subspaceForObjectNormalDestructor): Deleted. (JSC::Heap::subspaceForObjectsWithImmortalStructure): Deleted. (JSC::Heap::allocatorForObjectWithNormalDestructor): Deleted. (JSC::Heap::allocatorForObjectWithImmortalStructureDestructor): Deleted. * heap/HeapInlines.h: (JSC::Heap::allocateWithDestructor): (JSC::Heap::allocateObjectOfType): (JSC::Heap::subspaceForObjectOfType): (JSC::Heap::allocatorForObjectOfType): (JSC::Heap::allocateWithNormalDestructor): Deleted. (JSC::Heap::allocateWithImmortalStructureDestructor): Deleted. * heap/MarkedAllocator.cpp: (JSC::MarkedAllocator::allocateBlock): * heap/MarkedAllocator.h: (JSC::MarkedAllocator::needsDestruction): (JSC::MarkedAllocator::MarkedAllocator): (JSC::MarkedAllocator::init): (JSC::MarkedAllocator::destructorType): Deleted. * heap/MarkedBlock.cpp: (JSC::MarkedBlock::create): (JSC::MarkedBlock::MarkedBlock): (JSC::MarkedBlock::callDestructor): (JSC::MarkedBlock::specializedSweep): (JSC::MarkedBlock::sweep): (JSC::MarkedBlock::sweepHelper): * heap/MarkedBlock.h: (JSC::MarkedBlock::needsDestruction): (JSC::MarkedBlock::destructorType): Deleted. * heap/MarkedSpace.cpp: (JSC::MarkedSpace::MarkedSpace): (JSC::MarkedSpace::resetAllocators): (JSC::MarkedSpace::forEachAllocator): (JSC::MarkedSpace::isPagedOut): (JSC::MarkedSpace::clearNewlyAllocated): * heap/MarkedSpace.h: (JSC::MarkedSpace::subspaceForObjectsWithDestructor): (JSC::MarkedSpace::destructorAllocatorFor): (JSC::MarkedSpace::allocateWithDestructor): (JSC::MarkedSpace::forEachBlock): (JSC::MarkedSpace::subspaceForObjectsWithNormalDestructor): Deleted. (JSC::MarkedSpace::subspaceForObjectsWithImmortalStructure): Deleted. (JSC::MarkedSpace::immortalStructureDestructorAllocatorFor): Deleted. (JSC::MarkedSpace::normalDestructorAllocatorFor): Deleted. (JSC::MarkedSpace::allocateWithImmortalStructureDestructor): Deleted. (JSC::MarkedSpace::allocateWithNormalDestructor): Deleted. * inspector/JSInjectedScriptHost.h: * inspector/JSInjectedScriptHostPrototype.h: * inspector/JSJavaScriptCallFrame.h: * inspector/JSJavaScriptCallFramePrototype.h: * jsc.cpp: * runtime/ArrayBufferNeuteringWatchpoint.h: * runtime/ArrayConstructor.h: * runtime/ArrayIteratorPrototype.h: * runtime/BooleanPrototype.h: * runtime/ClonedArguments.h: * runtime/CustomGetterSetter.h: * runtime/DateConstructor.h: * runtime/DatePrototype.h: * runtime/ErrorPrototype.h: * runtime/ExceptionHelpers.h: * runtime/Executable.h: * runtime/GenericArguments.h: * runtime/GetterSetter.h: * runtime/InternalFunction.h: * runtime/JSAPIValueWrapper.h: * runtime/JSArgumentsIterator.h: * runtime/JSArray.h: * runtime/JSArrayBuffer.h: * runtime/JSArrayBufferView.h: * runtime/JSBoundFunction.h: * runtime/JSCallee.h: * runtime/JSCell.h: * runtime/JSCellInlines.h: (JSC::JSCell::classInfo): * runtime/JSDataViewPrototype.h: * runtime/JSEnvironmentRecord.h: * runtime/JSFunction.h: * runtime/JSGenericTypedArrayView.h: * runtime/JSGlobalObject.h: * runtime/JSLexicalEnvironment.h: * runtime/JSNameScope.h: * runtime/JSNotAnObject.h: * runtime/JSONObject.h: * runtime/JSObject.h: (JSC::JSFinalObject::JSFinalObject): * runtime/JSPromiseConstructor.h: * runtime/JSPromiseDeferred.h: * runtime/JSPromisePrototype.h: * runtime/JSPromiseReaction.h: * runtime/JSPropertyNameEnumerator.h: * runtime/JSProxy.h: * runtime/JSScope.h: * runtime/JSString.h: * runtime/JSSymbolTableObject.h: * runtime/JSTypeInfo.h: (JSC::TypeInfo::structureIsImmortal): * runtime/MathObject.h: * runtime/NumberConstructor.h: * runtime/NumberPrototype.h: * runtime/ObjectConstructor.h: * runtime/PropertyMapHashTable.h: * runtime/RegExp.h: * runtime/RegExpConstructor.h: * runtime/RegExpObject.h: * runtime/RegExpPrototype.h: * runtime/ScopedArgumentsTable.h: * runtime/SparseArrayValueMap.h: * runtime/StrictEvalActivation.h: * runtime/StringConstructor.h: * runtime/StringIteratorPrototype.h: * runtime/StringObject.h: * runtime/StringPrototype.h: * runtime/Structure.cpp: (JSC::Structure::Structure): * runtime/Structure.h: * runtime/StructureChain.h: * runtime/StructureRareData.h: * runtime/Symbol.h: * runtime/SymbolPrototype.h: * runtime/SymbolTable.h: * runtime/WeakMapData.h: Source/WebCore: * bindings/js/JSDOMBinding.h: * bindings/scripts/CodeGeneratorJS.pm: (GenerateHeader): (GeneratePrototypeDeclaration): * bridge/objc/objc_runtime.h: * bridge/runtime_array.h: * bridge/runtime_method.h: * bridge/runtime_object.h: Source/WebKit2: * WebProcess/Plugins/Netscape/JSNPObject.h: Canonical link: https://commits.webkit.org/161701@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@182747 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2015-04-13 19:12:48 +00:00
[JSC] Remove ArrayBufferNeuteringWatchpointSet https://bugs.webkit.org/show_bug.cgi?id=205194 Reviewed by Saam Barati. Source/JavaScriptCore: This patch removes ArrayBufferNeuteringWatchpointSet, and instead putting InlineWatchpointSet directly into ArrayBuffer, since this is much simpler. The main reason why we are using ArrayBufferNeuteringWatchpointSet is not to increase sizeof(ArrayBuffer). But this complicates the implementation. So, not to increase sizeof(ArrayBuffer), we use PackedRefPtr in ArrayBuffer, which is RefPtr while the pointer is packed. This gives us 8 bytes which is suitable for placing InlineWatchpointSet without increasing sizeof(ArrayBuffer). We also convert Function<> in ArrayBuffer to PackedRefPtr<SharedTask<>>, and share Gigacage::free destructor by multiple ArrayBuffer. This is memory efficient since this is the common case, and we can pack this field easily. * API/JSTypedArray.cpp: (JSObjectMakeTypedArrayWithBytesNoCopy): (JSObjectMakeArrayBufferWithBytesNoCopy): * JavaScriptCore.xcodeproj/project.pbxproj: * Sources.txt: * dfg/DFGDesiredWatchpoints.cpp: (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::tryGetFoldableView): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::primitiveGigacageDestructor): (JSC::SharedArrayBufferContents::~SharedArrayBufferContents): (JSC::ArrayBufferContents::destroy): (JSC::ArrayBufferContents::reset): (JSC::ArrayBufferContents::tryAllocate): (JSC::ArrayBufferContents::makeShared): (JSC::ArrayBufferContents::shareWith): (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::transferTo): (JSC::ArrayBuffer::neuter): (JSC::ArrayBuffer::notifyIncommingReferencesOfTransfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::neuteringWatchpointSet): * runtime/ArrayBufferNeuteringWatchpointSet.cpp: Removed. * runtime/FileBasedFuzzerAgent.cpp: (JSC::FileBasedFuzzerAgent::getPredictionInternal): * runtime/FileBasedFuzzerAgentBase.cpp: (JSC::FileBasedFuzzerAgentBase::createLookupKey): * runtime/PredictionFileCreatingFuzzerAgent.cpp: (JSC::PredictionFileCreatingFuzzerAgent::getPredictionInternal): * runtime/VM.cpp: (JSC::VM::VM): * runtime/VM.h: * wasm/js/JSWebAssemblyMemory.cpp: (JSC::JSWebAssemblyMemory::buffer): Source/WebCore: * bindings/js/SerializedScriptValue.h: (WebCore::SerializedScriptValue::decode): Source/WTF: This patch adds PackedRef and PackedRefPtr. They are Ref and RefPtr, but its internal pointer is packed. So we can represent them in 6 bytes with 1 byte alignment. * WTF.xcodeproj/project.pbxproj: * wtf/CMakeLists.txt: * wtf/Packed.h: (WTF::alignof): * wtf/PackedRef.h: Copied from Source/JavaScriptCore/runtime/ArrayBufferNeuteringWatchpointSet.h. * wtf/PackedRefPtr.h: Renamed from Source/JavaScriptCore/runtime/ArrayBufferNeuteringWatchpointSet.h. * wtf/RefPtr.h: (WTF::RefPtr::operator UnspecifiedBoolType const): (WTF::RefPtr::unspecifiedBoolTypeInstance const): Tools: Add tests for PackedRef and PackedRefPtr. * TestWebKitAPI/CMakeLists.txt: * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * TestWebKitAPI/Tests/WTF/PackedRef.cpp: Added. (TestWebKitAPI::TEST): (TestWebKitAPI::passWithRef): (TestWebKitAPI::PackedRefCheckingRefLogger::PackedRefCheckingRefLogger): (TestWebKitAPI::PackedRefCheckingRefLogger::ref): (TestWebKitAPI::PackedRefCheckingRefLogger::deref): (TestWebKitAPI::DerivedPackedRefCheckingRefLogger::DerivedPackedRefCheckingRefLogger): * TestWebKitAPI/Tests/WTF/PackedRefPtr.cpp: Copied from Tools/TestWebKitAPI/Tests/WTF/RefPtr.cpp. (TestWebKitAPI::TEST): (TestWebKitAPI::f1): (TestWebKitAPI::ConstRefCounted::create): (TestWebKitAPI::returnConstRefCountedRef): (TestWebKitAPI::returnRefCountedRef): (TestWebKitAPI::PackedRefPtrCheckingRefLogger::PackedRefPtrCheckingRefLogger): (TestWebKitAPI::loggerName): (TestWebKitAPI::PackedRefPtrCheckingRefLogger::ref): (TestWebKitAPI::PackedRefPtrCheckingRefLogger::deref): * TestWebKitAPI/Tests/WTF/RefPtr.cpp: (TestWebKitAPI::f1): (TestWebKitAPI::returnConstRefCountedRef): (TestWebKitAPI::returnRefCountedRef): Canonical link: https://commits.webkit.org/218489@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@253576 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2019-12-16 22:17:27 +00:00
} // namespace WTF
Fold constant typed arrays https://bugs.webkit.org/show_bug.cgi?id=125205 Source/JavaScriptCore: Reviewed by Oliver Hunt and Mark Hahnenberg. If by some other mechanism we have a typed array access on a compile-time constant typed array pointer, then fold: - Array bounds checks. Specifically, fold the load of length. - Loading the vector. This needs to install a watchpoint on the array itself because of the possibility of neutering. Neutering is ridiculous. We do this without bloating the size of ArrayBuffer or JSArrayBufferView in the common case (i.e. the case where you allocated an array that didn't end up becoming a compile-time constant). To install the watchpoint, we slowDownAndWasteMemory and then create an incoming reference to the ArrayBuffer, where that incoming reference is from a watchpoint object. The ArrayBuffer already knows about such incoming references and can fire the watchpoints that way. * CMakeLists.txt: * GNUmakefile.list.am: * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * dfg/DFGDesiredWatchpoints.cpp: (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add): (JSC::DFG::DesiredWatchpoints::addLazily): * dfg/DFGDesiredWatchpoints.h: (JSC::DFG::GenericSetAdaptor::add): (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated): (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated): (JSC::DFG::GenericDesiredWatchpoints::reallyAdd): (JSC::DFG::GenericDesiredWatchpoints::areStillValid): (JSC::DFG::GenericDesiredWatchpoints::isStillValid): (JSC::DFG::GenericDesiredWatchpoints::shouldAssumeMixedState): (JSC::DFG::DesiredWatchpoints::isStillValid): (JSC::DFG::DesiredWatchpoints::shouldAssumeMixedState): (JSC::DFG::DesiredWatchpoints::isValidOrMixed): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::tryGetFoldableView): * dfg/DFGGraph.h: * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::jumpForTypedArrayOutOfBounds): (JSC::DFG::SpeculativeJIT::emitTypedArrayBoundsCheck): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileConstantIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): * dfg/DFGSpeculativeJIT.h: * dfg/DFGWatchpointCollectionPhase.cpp: (JSC::DFG::WatchpointCollectionPhase::handle): (JSC::DFG::WatchpointCollectionPhase::addLazily): * ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileGetIndexedPropertyStorage): (JSC::FTL::LowerDFGToLLVM::compileGetByVal): (JSC::FTL::LowerDFGToLLVM::compilePutByVal): (JSC::FTL::LowerDFGToLLVM::typedArrayLength): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer): * runtime/ArrayBufferNeuteringWatchpoint.cpp: Added. (JSC::ArrayBufferNeuteringWatchpoint::ArrayBufferNeuteringWatchpoint): (JSC::ArrayBufferNeuteringWatchpoint::~ArrayBufferNeuteringWatchpoint): (JSC::ArrayBufferNeuteringWatchpoint::finishCreation): (JSC::ArrayBufferNeuteringWatchpoint::destroy): (JSC::ArrayBufferNeuteringWatchpoint::create): (JSC::ArrayBufferNeuteringWatchpoint::createStructure): * runtime/ArrayBufferNeuteringWatchpoint.h: Added. (JSC::ArrayBufferNeuteringWatchpoint::set): * runtime/VM.cpp: (JSC::VM::VM): * runtime/VM.h: LayoutTests: Reviewed by Oliver Hunt and Mark Hahnenberg. * js/regress/fixed-typed-array-storage-expected.txt: Added. * js/regress/fixed-typed-array-storage-var-index-expected.txt: Added. * js/regress/fixed-typed-array-storage-var-index.html: Added. * js/regress/fixed-typed-array-storage.html: Added. * js/regress/script-tests/fixed-typed-array-storage-var-index.js: Added. (foo): * js/regress/script-tests/fixed-typed-array-storage.js: Added. (foo): Canonical link: https://commits.webkit.org/143374@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@160150 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2013-12-05 02:05:35 +00:00
[JSC] Remove ArrayBufferNeuteringWatchpointSet https://bugs.webkit.org/show_bug.cgi?id=205194 Reviewed by Saam Barati. Source/JavaScriptCore: This patch removes ArrayBufferNeuteringWatchpointSet, and instead putting InlineWatchpointSet directly into ArrayBuffer, since this is much simpler. The main reason why we are using ArrayBufferNeuteringWatchpointSet is not to increase sizeof(ArrayBuffer). But this complicates the implementation. So, not to increase sizeof(ArrayBuffer), we use PackedRefPtr in ArrayBuffer, which is RefPtr while the pointer is packed. This gives us 8 bytes which is suitable for placing InlineWatchpointSet without increasing sizeof(ArrayBuffer). We also convert Function<> in ArrayBuffer to PackedRefPtr<SharedTask<>>, and share Gigacage::free destructor by multiple ArrayBuffer. This is memory efficient since this is the common case, and we can pack this field easily. * API/JSTypedArray.cpp: (JSObjectMakeTypedArrayWithBytesNoCopy): (JSObjectMakeArrayBufferWithBytesNoCopy): * JavaScriptCore.xcodeproj/project.pbxproj: * Sources.txt: * dfg/DFGDesiredWatchpoints.cpp: (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::tryGetFoldableView): * runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::primitiveGigacageDestructor): (JSC::SharedArrayBufferContents::~SharedArrayBufferContents): (JSC::ArrayBufferContents::destroy): (JSC::ArrayBufferContents::reset): (JSC::ArrayBufferContents::tryAllocate): (JSC::ArrayBufferContents::makeShared): (JSC::ArrayBufferContents::shareWith): (JSC::ArrayBuffer::createAdopted): (JSC::ArrayBuffer::transferTo): (JSC::ArrayBuffer::neuter): (JSC::ArrayBuffer::notifyIncommingReferencesOfTransfer): * runtime/ArrayBuffer.h: (JSC::ArrayBuffer::neuteringWatchpointSet): * runtime/ArrayBufferNeuteringWatchpointSet.cpp: Removed. * runtime/FileBasedFuzzerAgent.cpp: (JSC::FileBasedFuzzerAgent::getPredictionInternal): * runtime/FileBasedFuzzerAgentBase.cpp: (JSC::FileBasedFuzzerAgentBase::createLookupKey): * runtime/PredictionFileCreatingFuzzerAgent.cpp: (JSC::PredictionFileCreatingFuzzerAgent::getPredictionInternal): * runtime/VM.cpp: (JSC::VM::VM): * runtime/VM.h: * wasm/js/JSWebAssemblyMemory.cpp: (JSC::JSWebAssemblyMemory::buffer): Source/WebCore: * bindings/js/SerializedScriptValue.h: (WebCore::SerializedScriptValue::decode): Source/WTF: This patch adds PackedRef and PackedRefPtr. They are Ref and RefPtr, but its internal pointer is packed. So we can represent them in 6 bytes with 1 byte alignment. * WTF.xcodeproj/project.pbxproj: * wtf/CMakeLists.txt: * wtf/Packed.h: (WTF::alignof): * wtf/PackedRef.h: Copied from Source/JavaScriptCore/runtime/ArrayBufferNeuteringWatchpointSet.h. * wtf/PackedRefPtr.h: Renamed from Source/JavaScriptCore/runtime/ArrayBufferNeuteringWatchpointSet.h. * wtf/RefPtr.h: (WTF::RefPtr::operator UnspecifiedBoolType const): (WTF::RefPtr::unspecifiedBoolTypeInstance const): Tools: Add tests for PackedRef and PackedRefPtr. * TestWebKitAPI/CMakeLists.txt: * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * TestWebKitAPI/Tests/WTF/PackedRef.cpp: Added. (TestWebKitAPI::TEST): (TestWebKitAPI::passWithRef): (TestWebKitAPI::PackedRefCheckingRefLogger::PackedRefCheckingRefLogger): (TestWebKitAPI::PackedRefCheckingRefLogger::ref): (TestWebKitAPI::PackedRefCheckingRefLogger::deref): (TestWebKitAPI::DerivedPackedRefCheckingRefLogger::DerivedPackedRefCheckingRefLogger): * TestWebKitAPI/Tests/WTF/PackedRefPtr.cpp: Copied from Tools/TestWebKitAPI/Tests/WTF/RefPtr.cpp. (TestWebKitAPI::TEST): (TestWebKitAPI::f1): (TestWebKitAPI::ConstRefCounted::create): (TestWebKitAPI::returnConstRefCountedRef): (TestWebKitAPI::returnRefCountedRef): (TestWebKitAPI::PackedRefPtrCheckingRefLogger::PackedRefPtrCheckingRefLogger): (TestWebKitAPI::loggerName): (TestWebKitAPI::PackedRefPtrCheckingRefLogger::ref): (TestWebKitAPI::PackedRefPtrCheckingRefLogger::deref): * TestWebKitAPI/Tests/WTF/RefPtr.cpp: (TestWebKitAPI::f1): (TestWebKitAPI::returnConstRefCountedRef): (TestWebKitAPI::returnRefCountedRef): Canonical link: https://commits.webkit.org/218489@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@253576 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2019-12-16 22:17:27 +00:00
using WTF::PackedRef;