Changeset 227434 in webkit

Timestamp:

Jan 23, 2018, 12:39:34 PM (7 years ago)

Author:

mark.lam@apple.com

Message:

Re-arrange TypedArray JSTypes to match the order of the TypedArrayType enum list.
​https://bugs.webkit.org/show_bug.cgi?id=181976
<rdar://problem/36766936>

Reviewed by Filip Pizlo.

1. The order of TypedArray JSTypes now matches the order the TypedArrayType enum list. I also added static asserts in TypedArrayType.h to enforce this.

Also redefined FOR_EACH_TYPED_ARRAY_TYPE() in terms of

2. Define 4 new values:
   1. FirstTypedArrayType
   2. LastTypedArrayType
   3. NumberOfTypedArrayTypesExcludingDataView
   4. NumberOfTypedArrayTypes

Use these everywhere where we iterate or bisect the TypedArray JSTypes.

3. Removed NUMBER_OF_TYPED_ARRAY_TYPES, and use NumberOfTypedArrayTypes instead.

4. Simplify the code that converts between TypedArrayType and JSType.

Changed typedArrayTypeForType() to be the mirror image of typeForTypedArrayType().
Previously, typedArrayTypeForType() converts DataViewType to NotTypedArray
instead of TypeDataView. Now, it converts to TypeDataView.

This does not result in any change of behavior because typedArrayTypeForType()
is only called in Structure::hasIndexingHeader(), and its result is passed to
isTypedView(), which handles TypeDataView correctly.

5. Also fixed a bug in SpeculativeJIT::compileGetTypedArrayByteOffset(). If the vector is null, we can skip the rest of the checks. While the current code does not result in incorrect behavior, it is inefficient, and communicates wrong information to the reader i.e. implying that there's something in the dataGPR when there's not. The dataGPR should also be null in this case.

• dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleConstantInternalFunction):

• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileIsTypedArrayView):
(JSC::DFG::SpeculativeJIT::compileGetTypedArrayByteOffset):

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::isTypedArrayView):

• ftl/FTLOSRExit.cpp:
• llint/LowLevelInterpreter.asm:
• llint/LowLevelInterpreter64.asm:
• runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::visitChildren):

• runtime/JSType.h:
• runtime/TypedArrayType.cpp:

(JSC::typeForTypedArrayType): Deleted.

• runtime/TypedArrayType.h:

(JSC::typedArrayTypeForType):
(JSC::typeForTypedArrayType):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• dfg/DFGByteCodeParser.cpp (modified) (1 diff)
• dfg/DFGSpeculativeJIT.cpp (modified) (3 diffs)
• ftl/FTLLowerDFGToB3.cpp (modified) (1 diff)
• ftl/FTLOSRExit.cpp (modified) (1 diff)
• llint/LowLevelInterpreter.asm (modified) (1 diff)
• llint/LowLevelInterpreter64.asm (modified) (3 diffs)
• runtime/JSGlobalObject.cpp (modified) (1 diff)
• runtime/JSType.h (modified) (3 diffs)
• runtime/TypedArrayType.cpp (modified) (2 diffs)
• runtime/TypedArrayType.h (modified) (5 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2018-01-23  Mark Lam  <mark.lam@apple.com>
+
+        Re-arrange TypedArray JSTypes to match the order of the TypedArrayType enum list.
+        https://bugs.webkit.org/show_bug.cgi?id=181976
+        <rdar://problem/36766936>
+
+        Reviewed by Filip Pizlo.
+
+        1. The order of TypedArray JSTypes now matches the order the TypedArrayType enum
+           list.  I also added static asserts in TypedArrayType.h to enforce this.
+
+           Also redefined FOR_EACH_TYPED_ARRAY_TYPE() in terms of
+
+        2. Define 4 new values:
+           a. FirstTypedArrayType
+           b. LastTypedArrayType
+           c. NumberOfTypedArrayTypesExcludingDataView
+           d. NumberOfTypedArrayTypes
+
+           Use these everywhere where we iterate or bisect the TypedArray JSTypes.
+
+        3. Removed NUMBER_OF_TYPED_ARRAY_TYPES, and use NumberOfTypedArrayTypes instead.
+
+        4. Simplify the code that converts between TypedArrayType and JSType.
+
+           Changed typedArrayTypeForType() to be the mirror image of typeForTypedArrayType().
+           Previously, typedArrayTypeForType() converts DataViewType to NotTypedArray
+           instead of TypeDataView.  Now, it converts to TypeDataView.
+
+           This does not result in any change of behavior because typedArrayTypeForType()
+           is only called in Structure::hasIndexingHeader(), and its result is passed to
+           isTypedView(), which handles TypeDataView correctly.
+
+        5. Also fixed a bug in SpeculativeJIT::compileGetTypedArrayByteOffset().
+           If the vector is null, we can skip the rest of the checks.  While the current
+           code does not result in incorrect behavior, it is inefficient, and communicates
+           wrong information to the reader i.e. implying that there's something in the
+           dataGPR when there's not.  The dataGPR should also be null in this case.
+
+        * dfg/DFGByteCodeParser.cpp:
+        (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::compileIsTypedArrayView):
+        (JSC::DFG::SpeculativeJIT::compileGetTypedArrayByteOffset):
+        * ftl/FTLLowerDFGToB3.cpp:
+        (JSC::FTL::DFG::LowerDFGToB3::isTypedArrayView):
+        * ftl/FTLOSRExit.cpp:
+        * llint/LowLevelInterpreter.asm:
+        * llint/LowLevelInterpreter64.asm:
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::visitChildren):
+        * runtime/JSType.h:
+        * runtime/TypedArrayType.cpp:
+        (JSC::typeForTypedArrayType): Deleted.
+        * runtime/TypedArrayType.h:
+        (JSC::typedArrayTypeForType):
+        (JSC::typeForTypedArrayType):
+
 2018-01-23  Filip Pizlo  <fpizlo@apple.com>
 

trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

@@ -3441 +3441 @@
     }
 
-    for (unsigned typeIndex = 0; typeIndex < NUMBER_OF_TYPED_ARRAY_TYPES; ++typeIndex) {
+    for (unsigned typeIndex = 0; typeIndex < NumberOfTypedArrayTypes; ++typeIndex) {
         bool result = handleTypedArrayConstructor(
             resultOperand, function, registerOffset, argumentCountIncludingThis,

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

@@ -4034 +4034 @@
 
     m_jit.load8(JITCompiler::Address(valueRegs.payloadGPR(), JSCell::typeInfoTypeOffset()), resultGPR);
-    m_jit.sub32(TrustedImm32(Int8ArrayType), resultGPR);
-    m_jit.compare32(JITCompiler::BelowOrEqual,
+    m_jit.sub32(TrustedImm32(FirstTypedArrayType), resultGPR);
+    m_jit.compare32(JITCompiler::Below,
         resultGPR,
-        TrustedImm32(Float64ArrayType - Int8ArrayType),
+        TrustedImm32(NumberOfTypedArrayTypesExcludingDataView),
         resultGPR);
     blessBoolean(resultGPR);
@@ -6388 +6388 @@
     JITCompiler::Jump nullVector = m_jit.branchTestPtr(JITCompiler::Zero, vectorGPR);
     cageTypedArrayStorage(vectorGPR);
-    nullVector.link(&m_jit);
+
     m_jit.loadPtr(MacroAssembler::Address(dataGPR, Butterfly::offsetOfArrayBuffer()), dataGPR);
     // FIXME: This needs caging.
@@ -6401 +6401 @@
     
     done.link(&m_jit);
+    nullVector.link(&m_jit);
 
     int32Result(vectorGPR, node);

trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp

@@ -14388 +14388 @@
         LValue jsType = m_out.sub(
             m_out.load8ZeroExt32(cell, m_heaps.JSCell_typeInfoType),
-            m_out.constInt32(Int8ArrayType));
-        return m_out.belowOrEqual(
+            m_out.constInt32(FirstTypedArrayType));
+        return m_out.below(
             jsType,
-            m_out.constInt32(Float64ArrayType - Int8ArrayType));
+            m_out.constInt32(NumberOfTypedArrayTypesExcludingDataView));
     }
     

trunk/Source/JavaScriptCore/ftl/FTLOSRExit.cpp

@@ -119 +119 @@
 #endif // ENABLE(FTL_JIT)
 
+

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm

@@ -384 +384 @@
 # switch statement in get_by_val and put_by_val.
 const Int8ArrayType = constexpr Int8ArrayType
-const Int16ArrayType = constexpr Int16ArrayType
-const Int32ArrayType = constexpr Int32ArrayType
 const Uint8ArrayType = constexpr Uint8ArrayType
 const Uint8ClampedArrayType = constexpr Uint8ClampedArrayType
+const Int16ArrayType = constexpr Int16ArrayType
 const Uint16ArrayType = constexpr Uint16ArrayType
+const Int32ArrayType = constexpr Int32ArrayType
 const Uint32ArrayType = constexpr Uint32ArrayType
 const Float32ArrayType = constexpr Float32ArrayType
 const Float64ArrayType = constexpr Float64ArrayType
 
-const FirstArrayType = Int8ArrayType
-const LastArrayType = Float64ArrayType
+const FirstArrayType = constexpr FirstTypedArrayType
+const NumberOfTypedArrayTypesExcludingDataView = constexpr NumberOfTypedArrayTypesExcludingDataView
 
 # Type flags constants.

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

@@ -1539 +1539 @@
     loadb JSCell::m_type[t0], t2
     subi FirstArrayType, t2
-    bia t2, LastArrayType - FirstArrayType, .opGetByValSlow
+    biaeq t2, NumberOfTypedArrayTypesExcludingDataView, .opGetByValSlow
     
     # Sweet, now we know that we have a typed array. Do some basic things now.
@@ -1545 +1545 @@
     biaeq t1, JSArrayBufferView::m_length[t0], .opGetByValSlow
     
-    # Now bisect through the various types. Note that we can treat Uint8ArrayType and
-    # Uint8ClampedArrayType the same.
-    bia t2, Uint8ClampedArrayType - FirstArrayType, .opGetByValAboveUint8ClampedArray
-    
-    # We have one of Int8ArrayType .. Uint8ClampedArrayType.
-    bia t2, Int16ArrayType - FirstArrayType, .opGetByValInt32ArrayOrUint8Array
-    
-    # We have one of Int8ArrayType or Int16ArrayType
-    bineq t2, Int8ArrayType - FirstArrayType, .opGetByValInt16Array
-    
+    # Now bisect through the various types:
+    #    Int8ArrayType,
+    #    Uint8ArrayType,
+    #    Uint8ClampedArrayType,
+    #    Int16ArrayType,
+    #    Uint16ArrayType,
+    #    Int32ArrayType,
+    #    Uint32ArrayType,
+    #    Float32ArrayType,
+    #    Float64ArrayType,
+
+    bia t2, Uint16ArrayType - FirstArrayType, .opGetByValAboveUint16Array
+
+    # We have one of Int8ArrayType .. Uint16ArrayType.
+    bia t2, Uint8ClampedArrayType - FirstArrayType, .opGetByValInt16ArrayOrUint16Array
+
+    # We have one of Int8ArrayType ... Uint8ClampedArrayType
+    bineq t2, Int8ArrayType - FirstArrayType, .opGetByValUint8ArrayOrUint8ClampedArray
+
     # We have Int8ArrayType
     loadbs [t3, t1], t0
     finishIntGetByVal(t0, t1)
 
-.opGetByValInt16Array:
+.opGetByValUint8ArrayOrUint8ClampedArray:
+    # We have either Uint8ArrayType or Uint8ClampedArrayType. They behave the same so that's cool.
+    loadb [t3, t1], t0
+    finishIntGetByVal(t0, t1)
+
+.opGetByValInt16ArrayOrUint16Array:
+    # We have either Int16ArrayType or Uint16ClampedArrayType.
+    bieq t2, Uint16ArrayType - FirstArrayType, .opGetByValUint16Array
+
+    # We have Int16ArrayType.
     loadhs [t3, t1, 2], t0
     finishIntGetByVal(t0, t1)
 
-.opGetByValInt32ArrayOrUint8Array:
-    # We have one of Int16Array, Uint8Array, or Uint8ClampedArray.
-    bieq t2, Int32ArrayType - FirstArrayType, .opGetByValInt32Array
-    
-    # We have either Uint8Array or Uint8ClampedArray. They behave the same so that's cool.
-    loadb [t3, t1], t0
-    finishIntGetByVal(t0, t1)
-
-.opGetByValInt32Array:
-    loadi [t3, t1, 4], t0
-    finishIntGetByVal(t0, t1)
-
-.opGetByValAboveUint8ClampedArray:
-    # We have one of Uint16ArrayType .. Float64ArrayType.
-    bia t2, Uint32ArrayType - FirstArrayType, .opGetByValAboveUint32Array
-    
-    # We have either Uint16ArrayType or Uint32ArrayType.
-    bieq t2, Uint32ArrayType - FirstArrayType, .opGetByValUint32Array
-
+.opGetByValUint16Array:
     # We have Uint16ArrayType.
     loadh [t3, t1, 2], t0
     finishIntGetByVal(t0, t1)
 
+.opGetByValAboveUint16Array:
+    # We have one of Int32ArrayType .. Float64ArrayType.
+    bia t2, Uint32ArrayType - FirstArrayType, .opGetByValFloat32ArrayOrFloat64Array
+
+    # We have either Int32ArrayType or Uint32ArrayType
+    bineq t2, Int32ArrayType - FirstArrayType, .opGetByValUint32Array
+
+    # We have Int32ArrayType
+    loadi [t3, t1, 4], t0
+    finishIntGetByVal(t0, t1)
+
 .opGetByValUint32Array:
+    # We have Uint32ArrayType.
     # This is the hardest part because of large unsigned values.
     loadi [t3, t1, 4], t0
@@ -1592 +1604 @@
     finishIntGetByVal(t0, t1)
 
-.opGetByValAboveUint32Array:
+.opGetByValFloat32ArrayOrFloat64Array:
     # We have one of Float32ArrayType or Float64ArrayType. Sadly, we cannot handle Float32Array
     # inline yet. That would require some offlineasm changes.

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

@@ -1421 +1421 @@
 #undef VISIT_LAZY_TYPE
 
-    for (unsigned i = NUMBER_OF_TYPED_ARRAY_TYPES; i--;)
+    for (unsigned i = NumberOfTypedArrayTypes; i--;)
         thisObject->lazyTypedArrayStructure(indexToTypedArrayType(i)).visit(visitor);
     

trunk/Source/JavaScriptCore/runtime/JSType.h

@@ -1 +1 @@
 /*
- *  Copyright (C) 2006-2011, 2015-2016 Apple Inc. All rights reserved.
+ *  Copyright (C) 2006-2018 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
@@ -71 +71 @@
 
     Int8ArrayType,
-    Int16ArrayType,
-    Int32ArrayType,
     Uint8ArrayType,
     Uint8ClampedArrayType,
+    Int16ArrayType,
     Uint16ArrayType,
+    Int32ArrayType,
     Uint32ArrayType,
     Float32ArrayType,
@@ -105 +105 @@
 };
 
+static const uint32_t FirstTypedArrayType = Int8ArrayType;
+static const uint32_t LastTypedArrayType = DataViewType;
+static constexpr uint32_t NumberOfTypedArrayTypes = LastTypedArrayType - FirstTypedArrayType + 1;
+static constexpr uint32_t NumberOfTypedArrayTypesExcludingDataView = NumberOfTypedArrayTypes - 1;
+
 static_assert(sizeof(JSType) == sizeof(uint8_t), "sizeof(JSType) is one byte.");
 static_assert(LastJSCObjectType < 128, "The highest bit is reserved for embedder's extension.");

trunk/Source/JavaScriptCore/runtime/TypedArrayType.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -32 +32 @@
 
 namespace JSC {
-
-JSType typeForTypedArrayType(TypedArrayType type)
-{
-    switch (type) {
-    case NotTypedArray:
-        RELEASE_ASSERT_NOT_REACHED();
-        return Int8ArrayType;
-    case TypeInt8:
-        return Int8ArrayType;
-    case TypeUint8:
-        return Uint8ArrayType;
-    case TypeUint8Clamped:
-        return Uint8ClampedArrayType;
-    case TypeInt16:
-        return Int16ArrayType;
-    case TypeUint16:
-        return Uint16ArrayType;
-    case TypeInt32:
-        return Int32ArrayType;
-    case TypeUint32:
-        return Uint32ArrayType;
-    case TypeFloat32:
-        return Float32ArrayType;
-    case TypeFloat64:
-        return Float64ArrayType;
-    case TypeDataView:
-        return DataViewType;
-
-    default:
-        RELEASE_ASSERT_NOT_REACHED();
-        return Int8ArrayType;
-    }
-}
 
 const ClassInfo* constructorClassInfoForType(TypedArrayType type)

trunk/Source/JavaScriptCore/runtime/TypedArrayType.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2013, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -33 +33 @@
 struct ClassInfo;
 
-#define FOR_EACH_TYPED_ARRAY_TYPE(macro) \
-    macro(Int8) \
-    macro(Uint8) \
-    macro(Uint8Clamped) \
-    macro(Int16) \
-    macro(Uint16) \
-    macro(Int32) \
-    macro(Uint32) \
-    macro(Float32) \
-    macro(Float64) \
-    macro(DataView)
-
 #define FOR_EACH_TYPED_ARRAY_TYPE_EXCLUDING_DATA_VIEW(macro) \
     macro(Int8) \
@@ -56 +44 @@
     macro(Float64)
 
+#define FOR_EACH_TYPED_ARRAY_TYPE(macro) \
+    FOR_EACH_TYPED_ARRAY_TYPE_EXCLUDING_DATA_VIEW(macro) \
+    macro(DataView)
+
 enum TypedArrayType {
     NotTypedArray,
@@ -63 +55 @@
 };
 
-#define NUMBER_OF_TYPED_ARRAY_TYPES TypeDataView
+#define ASSERT_TYPED_ARRAY_TYPE(name) \
+    static_assert(Type ## name == (name ## ArrayType - FirstTypedArrayType + TypeInt8), "");
+    FOR_EACH_TYPED_ARRAY_TYPE_EXCLUDING_DATA_VIEW(ASSERT_TYPED_ARRAY_TYPE)
+#undef ASSERT_TYPED_ARRAY_TYPE
+
+static_assert(TypeDataView == (DataViewType - FirstTypedArrayType + TypeInt8), "");
 
 inline unsigned toIndex(TypedArrayType type)
@@ -118 +115 @@
 
 const ClassInfo* constructorClassInfoForType(TypedArrayType);
-JSType typeForTypedArrayType(TypedArrayType);
 
 inline TypedArrayType typedArrayTypeForType(JSType type)
 {
-    switch (type) {
-    case Int8ArrayType:
-        return TypeInt8;
-    case Int16ArrayType:
-        return TypeInt16;
-    case Int32ArrayType:
-        return TypeInt32;
-    case Uint8ArrayType:
-        return TypeUint8;
-    case Uint8ClampedArrayType:
-        return TypeUint8Clamped;
-    case Uint16ArrayType:
-        return TypeUint16;
-    case Uint32ArrayType:
-        return TypeUint32;
-    case Float32ArrayType:
-        return TypeFloat32;
-    case Float64ArrayType:
-        return TypeFloat64;
-    default:
-        return NotTypedArray;
-    }
+    if (type >= FirstTypedArrayType && type <= LastTypedArrayType)
+        return static_cast<TypedArrayType>(type - FirstTypedArrayType + TypeInt8);
+    return NotTypedArray;
+}
+
+inline JSType typeForTypedArrayType(TypedArrayType type)
+{
+    if (type >= TypeInt8 && type <= TypeDataView)
+        return static_cast<JSType>(type - TypeInt8 + FirstTypedArrayType);
+
+    RELEASE_ASSERT_NOT_REACHED();
+    return Int8ArrayType;
 }