Changeset 272170 in webkit

Timestamp:

Feb 1, 2021 12:56:41 PM (18 months ago)

Author:

ysuzuki@apple.com

Message:

[JSC] Implement BigInt64Array and BigUint64Array
​https://bugs.webkit.org/show_bug.cgi?id=190800

Reviewed by Ross Kirsling.

JSTests:

Through this patch, we encounter two test262 failures and found that these tests have issues.

• stress/bigint-typed-array-array-modes-profile.js: Added.

(foo):

• stress/bigint-typed-array-byte-offset.js: Added.

(foo):

• stress/bigint-typed-array-canonical-numeric-index-string.js: Added.

(makeTest.assert):
(makeTest):
(const.testInvalidIndices.makeTest.set assert):
(const.testInvalidIndices.makeTest):
(const.testValidIndices.makeTest.set assert):
(const.testValidIndices.makeTest):

• stress/bigint-typed-array-constructor-undefined.js: Added.
• stress/bigint-typed-array-get-by-val-profiling.js: Added.

(testArray.testCode):
(testArray):

• stress/bigint-typed-array-lastIndexOf-exception-check.js: Added.
• stress/bigint-typed-array-put-by-val-profiling.js: Added.

(testArray.testCode):
(testArray):

• stress/bigint-typedarray-getownproperty.js: Added.

(assert):
(foo):

• stress/bigint64array-bytelength.js: Added.

(test1):
(test2):
(shouldBe):

• stress/bigint64array-get-by-val.js: Added.

(shouldBe):
(test1):
(test2):

• stress/bigint64array-put-by-val.js: Added.

(shouldBe):
(test11):
(test12):
(test21):
(test22):

• test262/config.yaml:
• test262/expectations.yaml:

Source/JavaScriptCore:

This patch implements BigInt64Array and BigUint64Array.

1. In this patch, we do not support BigInt64Array/BigUint64Array + Atomics yet.
2. We make canGetIndexQuickly false for BigInt64Array and BigUint64Array. And we use generic path for getting values from BigInt64Array and BigUint64Array. We will optimize it in [1] and [2]. But possibly, this does not have super large impact on performance since getting value from BigInt64Array and BigUint64Array are already costly since we always need to allocate BigInt for results.
3. DFG / FTL GetByVal etc. are using Array::Generic for BigInt64Array and BigUint64Array.
4. But GetArrayLength, CheckArray, byteLength getter etc. are using Array::BigInt64Array / Array::BigUint64Array for optimization.
5. Extend ArrayProfile's ArrayMode for BigInt64Array and BigUint64Array so that ArrayProfile can record BigInt64Array and BigUint64Array information.
6. Implement DataView#{setBigInt64,setBigUint64,getBigInt64,getBigUint64}.
7. Extend JSC APIs to support BigInt64Array and BigUint64Array.

[1]: ​https://bugs.webkit.org/show_bug.cgi?id=221181
[2]: ​https://bugs.webkit.org/show_bug.cgi?id=221183

• API/JSTypedArray.cpp:

(toJSTypedArrayType):
(toTypedArrayType):
(createTypedArray):

• API/JSValueRef.h:
• API/tests/TypedArrayCTest.cpp:

(forEachTypedArrayType):

• CMakeLists.txt:
• JavaScriptCore.xcodeproj/project.pbxproj:
• builtins/BuiltinNames.h:
• builtins/TypedArrayPrototype.js:

(fill):
(map):
(filter):

• bytecode/ArrayProfile.cpp:

(JSC::dumpArrayModes):

• bytecode/ArrayProfile.h:
• bytecode/ByValInfo.h:

(JSC::jitArrayModeForClassInfo):
(JSC::jitArrayModePermitsPut):
(JSC::typedArrayTypeForJITArrayMode):

• bytecode/LinkTimeConstant.h:
• bytecode/SpeculatedType.cpp:

(JSC::dumpSpeculation):
(JSC::speculationToAbbreviatedString):
(JSC::speculationFromTypedArrayType):
(JSC::typedArrayTypeFromSpeculation):
(JSC::speculationFromString):

• bytecode/SpeculatedType.h:

(JSC::isBigInt64ArraySpeculation):
(JSC::isBigUint64ArraySpeculation):
(JSC::isDirectArgumentsSpeculation):
(JSC::isScopedArgumentsSpeculation):
(JSC::isActionableIntMutableArraySpeculation): Deleted.
(JSC::isActionableFloatMutableArraySpeculation): Deleted.
(JSC::isActionableTypedMutableArraySpeculation): Deleted.
(JSC::isActionableMutableArraySpeculation): Deleted.
(JSC::isActionableArraySpeculation): Deleted.

• dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

• dfg/DFGArrayMode.cpp:

(JSC::DFG::ArrayMode::fromObserved):
(JSC::DFG::ArrayMode::refine const):
(JSC::DFG::ArrayMode::alreadyChecked const):
(JSC::DFG::arrayTypeToString):
(JSC::DFG::toTypedArrayType):
(JSC::DFG::toArrayType):
(JSC::DFG::permitsBoundsCheckLowering):

• dfg/DFGArrayMode.h:

(JSC::DFG::ArrayMode::supportsSelfLength const):
(JSC::DFG::ArrayMode::arrayModesThatPassFiltering const):

• dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

• dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

• dfg/DFGOperations.cpp:

(JSC::DFG::JSC_DEFINE_JIT_OPERATION):

• dfg/DFGOperations.h:

(JSC::DFG::operationNewTypedArrayWithSizeForType):
(JSC::DFG::operationNewTypedArrayWithOneArgumentForType):

• dfg/DFGPredictionPropagationPhase.cpp:
• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileHasIndexedProperty):

• dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileGetByVal):
(JSC::FTL::DFG::LowerDFGToB3::compilePutByVal):

• inspector/JSInjectedScriptHost.cpp:

(Inspector::JSInjectedScriptHost::subtype):

• jit/JITPropertyAccess.cpp:

(JSC::JIT::privateCompilePutByVal):

• jit/Repatch.cpp:

(JSC::tryCacheArrayGetByVal):

• llint/LowLevelInterpreter.asm:
• runtime/AtomicsObject.cpp:
• runtime/AtomicsObject.h:
• runtime/BigInt64Array.h: Copied from Source/JavaScriptCore/runtime/JSTypedArrayConstructors.cpp.
• runtime/BigUint64Array.h: Copied from Source/JavaScriptCore/runtime/JSTypedArrayConstructors.cpp.
• runtime/JSArrayBufferView.cpp:

(JSC::elementSize):
(JSC::validateTypedArray):

• runtime/JSArrayBufferView.h:
• runtime/JSBigInt.h:
• runtime/JSCell.h:
• runtime/JSDataView.h:
• runtime/JSDataViewPrototype.cpp:

(JSC::getData):
(JSC::JSC_DEFINE_HOST_FUNCTION):

• runtime/JSGenericTypedArrayView.h:
• runtime/JSGenericTypedArrayViewConstructor.h:
• runtime/JSGenericTypedArrayViewConstructorInlines.h:

(JSC::constructGenericTypedArrayViewWithArguments):

• runtime/JSGenericTypedArrayViewInlines.h:

(JSC::JSGenericTypedArrayView<Adaptor>::setWithSpecificType):
(JSC::JSGenericTypedArrayView<Adaptor>::set):
(JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlotByIndex):

• runtime/JSGenericTypedArrayViewPrototypeFunctions.h:

(JSC::genericTypedArrayViewProtoFuncJoin):
(JSC::genericTypedArrayViewProtoFuncSlice):
(JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):

• runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):

• runtime/JSGlobalObjectFunctions.cpp:

(JSC::JSC_DEFINE_HOST_FUNCTION):

• runtime/JSGlobalObjectFunctions.h:
• runtime/JSType.cpp:

(WTF::printInternal):

• runtime/JSType.h:
• runtime/JSTypedArrayConstructors.cpp:
• runtime/JSTypedArrayConstructors.h:
• runtime/JSTypedArrayPrototypes.cpp:
• runtime/JSTypedArrayPrototypes.h:
• runtime/JSTypedArrayViewPrototype.cpp:

(JSC::JSC_DEFINE_HOST_FUNCTION):

• runtime/JSTypedArrayViewPrototype.h:
• runtime/JSTypedArrays.cpp:
• runtime/JSTypedArrays.h:
• runtime/ToNativeFromValue.h:

(JSC::toNativeFromValue):
(JSC::toNativeFromValueWithoutCoercion):

• runtime/TypedArrayAdaptors.h:

(JSC::IntegralTypedArrayAdaptor::toJSValue):
(JSC::FloatTypedArrayAdaptor::toJSValue):
(JSC::BigIntTypedArrayAdaptor::toJSValue):
(JSC::BigIntTypedArrayAdaptor::toNativeFromInt32):
(JSC::BigIntTypedArrayAdaptor::toNativeFromUint32):
(JSC::BigIntTypedArrayAdaptor::toNativeFromDouble):
(JSC::BigIntTypedArrayAdaptor::convertTo):
(JSC::Uint8ClampedAdaptor::toJSValue):
(JSC::IntegralTypedArrayAdaptor::toDouble): Deleted.
(JSC::FloatTypedArrayAdaptor::toDouble): Deleted.
(JSC::Uint8ClampedAdaptor::toDouble): Deleted.

• runtime/TypedArrayType.cpp:

(JSC::constructorClassInfoForType):
(WTF::printInternal):

• runtime/TypedArrayType.h:

(JSC::isBigIntTypedView):
(JSC::logElementSize):
(JSC::isBigInt):
(JSC::isSigned):
(JSC::contentType):

• runtime/TypedArrays.h:
• runtime/VM.cpp:
• runtime/VM.h:

Location:

trunk

Files:

• JSTests/ChangeLog (modified) (1 diff)
• JSTests/stress/bigint-typed-array-array-modes-profile.js (added)
• JSTests/stress/bigint-typed-array-byte-offset.js (added)
• JSTests/stress/bigint-typed-array-canonical-numeric-index-string.js (added)
• JSTests/stress/bigint-typed-array-constructor-undefined.js (added)
• JSTests/stress/bigint-typed-array-get-by-val-profiling.js (added)
• JSTests/stress/bigint-typed-array-lastIndexOf-exception-check.js (added)
• JSTests/stress/bigint-typed-array-put-by-val-profiling.js (added)
• JSTests/stress/bigint-typedarray-getownproperty.js (added)
• JSTests/stress/bigint64array-bytelength.js (added)
• JSTests/stress/bigint64array-get-by-val.js (added)
• JSTests/stress/bigint64array-put-by-val.js (added)
• JSTests/stress/data-view-bigint.js (added)
• JSTests/test262/config.yaml (modified) (3 diffs)
• JSTests/test262/expectations.yaml (modified) (2 diffs)
• Source/JavaScriptCore/API/JSTypedArray.cpp (modified) (3 diffs)
• Source/JavaScriptCore/API/JSValueRef.h (modified) (2 diffs)
• Source/JavaScriptCore/API/tests/TypedArrayCTest.cpp (modified) (4 diffs)
• Source/JavaScriptCore/CMakeLists.txt (modified) (1 diff)
• Source/JavaScriptCore/ChangeLog (modified) (1 diff)
• Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (modified) (5 diffs)
• Source/JavaScriptCore/builtins/BuiltinNames.h (modified) (3 diffs)
• Source/JavaScriptCore/builtins/TypedArrayPrototype.js (modified) (3 diffs)
• Source/JavaScriptCore/bytecode/ArrayProfile.cpp (modified) (2 diffs)
• Source/JavaScriptCore/bytecode/ArrayProfile.h (modified) (2 diffs)
• Source/JavaScriptCore/bytecode/ByValInfo.h (modified) (4 diffs)
• Source/JavaScriptCore/bytecode/LinkTimeConstant.h (modified) (2 diffs)
• Source/JavaScriptCore/bytecode/SpeculatedType.cpp (modified) (5 diffs)
• Source/JavaScriptCore/bytecode/SpeculatedType.h (modified) (5 diffs)
• Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGArrayMode.cpp (modified) (9 diffs)
• Source/JavaScriptCore/dfg/DFGArrayMode.h (modified) (3 diffs)
• Source/JavaScriptCore/dfg/DFGClobberize.h (modified) (2 diffs)
• Source/JavaScriptCore/dfg/DFGFixupPhase.cpp (modified) (3 diffs)
• Source/JavaScriptCore/dfg/DFGOperations.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGOperations.h (modified) (3 diffs)
• Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (modified) (3 diffs)
• Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp (modified) (3 diffs)
• Source/JavaScriptCore/inspector/JSInjectedScriptHost.cpp (modified) (1 diff)
• Source/JavaScriptCore/jit/JITPropertyAccess.cpp (modified) (1 diff)
• Source/JavaScriptCore/jit/Repatch.cpp (modified) (1 diff)
• Source/JavaScriptCore/llint/LowLevelInterpreter.asm (modified) (3 diffs)
• Source/JavaScriptCore/runtime/AtomicsObject.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/BigInt64Array.h (copied) (copied from trunk/Source/JavaScriptCore/runtime/JSTypedArrayConstructors.cpp) (2 diffs)
• Source/JavaScriptCore/runtime/BigUint64Array.h (copied) (copied from trunk/Source/JavaScriptCore/runtime/JSTypedArrayConstructors.cpp) (2 diffs)
• Source/JavaScriptCore/runtime/JSArrayBufferView.cpp (modified) (2 diffs)
• Source/JavaScriptCore/runtime/JSArrayBufferView.h (modified) (1 diff)
• Source/JavaScriptCore/runtime/JSBigInt.h (modified) (3 diffs)
• Source/JavaScriptCore/runtime/JSCell.h (modified) (1 diff)
• Source/JavaScriptCore/runtime/JSDataView.h (modified) (2 diffs)
• Source/JavaScriptCore/runtime/JSDataViewPrototype.cpp (modified) (7 diffs)
• Source/JavaScriptCore/runtime/JSGenericTypedArrayView.h (modified) (9 diffs)
• Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructor.h (modified) (4 diffs)
• Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructorInlines.h (modified) (1 diff)
• Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h (modified) (4 diffs)
• Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h (modified) (6 diffs)
• Source/JavaScriptCore/runtime/JSGlobalObject.cpp (modified) (4 diffs)
• Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.h (modified) (1 diff)
• Source/JavaScriptCore/runtime/JSType.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/JSType.h (modified) (2 diffs)
• Source/JavaScriptCore/runtime/JSTypedArrayConstructors.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/JSTypedArrayConstructors.h (modified) (2 diffs)
• Source/JavaScriptCore/runtime/JSTypedArrayPrototypes.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/JSTypedArrayPrototypes.h (modified) (1 diff)
• Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp (modified) (4 diffs)
• Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.h (modified) (2 diffs)
• Source/JavaScriptCore/runtime/JSTypedArrays.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/JSTypedArrays.h (modified) (1 diff)
• Source/JavaScriptCore/runtime/ToNativeFromValue.h (modified) (4 diffs)
• Source/JavaScriptCore/runtime/TypedArrayAdaptors.h (modified) (9 diffs)
• Source/JavaScriptCore/runtime/TypedArrayType.cpp (modified) (2 diffs)
• Source/JavaScriptCore/runtime/TypedArrayType.h (modified) (7 diffs)
• Source/JavaScriptCore/runtime/TypedArrays.h (modified) (1 diff)
• Source/JavaScriptCore/runtime/VM.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/VM.h (modified) (1 diff)

trunk/JSTests/ChangeLog

@@ +1 @@
+2021-01-31  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] Implement BigInt64Array and BigUint64Array
+        https://bugs.webkit.org/show_bug.cgi?id=190800
+
+        Reviewed by Ross Kirsling.
+
+        Through this patch, we encounter two test262 failures and found that these tests have issues.
+
+        * stress/bigint-typed-array-array-modes-profile.js: Added.
+        (foo):
+        * stress/bigint-typed-array-byte-offset.js: Added.
+        (foo):
+        * stress/bigint-typed-array-canonical-numeric-index-string.js: Added.
+        (makeTest.assert):
+        (makeTest):
+        (const.testInvalidIndices.makeTest.set assert):
+        (const.testInvalidIndices.makeTest):
+        (const.testValidIndices.makeTest.set assert):
+        (const.testValidIndices.makeTest):
+        * stress/bigint-typed-array-constructor-undefined.js: Added.
+        * stress/bigint-typed-array-get-by-val-profiling.js: Added.
+        (testArray.testCode):
+        (testArray):
+        * stress/bigint-typed-array-lastIndexOf-exception-check.js: Added.
+        * stress/bigint-typed-array-put-by-val-profiling.js: Added.
+        (testArray.testCode):
+        (testArray):
+        * stress/bigint-typedarray-getownproperty.js: Added.
+        (assert):
+        (foo):
+        * stress/bigint64array-bytelength.js: Added.
+        (test1):
+        (test2):
+        (shouldBe):
+        * stress/bigint64array-get-by-val.js: Added.
+        (shouldBe):
+        (test1):
+        (test2):
+        * stress/bigint64array-put-by-val.js: Added.
+        (shouldBe):
+        (test11):
+        (test12):
+        (test21):
+        (test22):
+        * test262/config.yaml:
+        * test262/expectations.yaml:
+
 2021-02-01  Yusuke Suzuki  <ysuzuki@apple.com>
 

trunk/JSTests/test262/config.yaml

@@ -29 +29 @@
     - Intl.ListFormat
   paths:
-    - test/built-ins/DataView/prototype/getBigInt64
-    - test/built-ins/DataView/prototype/getBigUint64
-    - test/built-ins/DataView/prototype/setBigInt64
-
-    # https://bugs.webkit.org/show_bug.cgi?id=190800
-    - test/built-ins/TypedArray/prototype/Symbol.toStringTag/BigInt
-    - test/built-ins/TypedArray/prototype/buffer/BigInt
-    - test/built-ins/TypedArray/prototype/byteLength/BigInt
-    - test/built-ins/TypedArray/prototype/byteOffset/BigInt
-    - test/built-ins/TypedArray/prototype/copyWithin/BigInt
-    - test/built-ins/TypedArray/prototype/entries/BigInt
-    - test/built-ins/TypedArray/prototype/every/BigInt
-    - test/built-ins/TypedArray/prototype/fill/BigInt
-    - test/built-ins/TypedArray/prototype/filter/BigInt
-    - test/built-ins/TypedArray/prototype/find/BigInt
-    - test/built-ins/TypedArray/prototype/findIndex/BigInt
-    - test/built-ins/TypedArray/prototype/forEach/BigInt
-    - test/built-ins/TypedArray/prototype/includes/BigInt
-    - test/built-ins/TypedArray/prototype/indexOf/BigInt
-    - test/built-ins/TypedArray/prototype/join/BigInt
-    - test/built-ins/TypedArray/prototype/keys/BigInt
-    - test/built-ins/TypedArray/prototype/lastIndexOf/BigInt
-    - test/built-ins/TypedArray/prototype/length/BigInt
-    - test/built-ins/TypedArray/prototype/map/BigInt
-    - test/built-ins/TypedArray/prototype/reduce/BigInt
-    - test/built-ins/TypedArray/prototype/reduceRight/BigInt
-    - test/built-ins/TypedArray/prototype/reverse/BigInt
-    - test/built-ins/TypedArray/prototype/set/BigInt
-    - test/built-ins/TypedArray/prototype/slice/BigInt
-    - test/built-ins/TypedArray/prototype/some/BigInt
-    - test/built-ins/TypedArray/prototype/sort/BigInt
-    - test/built-ins/TypedArray/prototype/subarray/BigInt
-    - test/built-ins/TypedArray/prototype/toLocaleString/BigInt
-    - test/built-ins/TypedArray/prototype/toString/BigInt
-    - test/built-ins/TypedArray/prototype/values/BigInt
-    - test/built-ins/TypedArrayConstructors/BigInt64Array
-    - test/built-ins/TypedArrayConstructors/BigUint64Array
-    - test/built-ins/TypedArrayConstructors/ctors-bigint
-    - test/built-ins/TypedArrayConstructors/from/BigInt
-    - test/built-ins/TypedArrayConstructors/internals/DefineOwnProperty/BigInt
-    - test/built-ins/TypedArrayConstructors/internals/Delete/BigInt
-    - test/built-ins/TypedArrayConstructors/internals/Get/BigInt
-    - test/built-ins/TypedArrayConstructors/internals/GetOwnProperty/BigInt
-    - test/built-ins/TypedArrayConstructors/internals/HasProperty/BigInt
-    - test/built-ins/TypedArrayConstructors/internals/OwnPropertyKeys/BigInt
-    - test/built-ins/TypedArrayConstructors/internals/Set/BigInt
-    - test/built-ins/TypedArrayConstructors/of/BigInt
-
     - test/built-ins/Atomics/add/bigint
     - test/built-ins/Atomics/and/bigint
@@ -101 +53 @@
     - test/language/identifiers/start-unicode-13.0.0-escaped.js
     - test/language/identifiers/start-unicode-13.0.0.js
-
-    # https://bugs.webkit.org/show_bug.cgi?id=190800
-    - test/built-ins/Object/seal/seal-bigint64array.js
-    - test/built-ins/Object/seal/seal-biguint64array.js
-    - test/built-ins/TypedArray/prototype/set/src-typedarray-big-throws.js
-    - test/built-ins/TypedArrayConstructors/ctors/typedarray-arg/src-typedarray-big-throws.js
-    - test/built-ins/TypedArrayConstructors/prototype/Symbol.toStringTag/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/bigint-Symbol.iterator.js
-    - test/built-ins/TypedArrayConstructors/prototype/buffer/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/byteLength/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/byteOffset/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/copyWithin/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/entries/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/every/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/fill/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/filter/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/find/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/findIndex/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/forEach/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/indexOf/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/join/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/keys/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/lastIndexOf/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/length/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/map/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/reduce/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/reduceRight/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/reverse/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/set/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/slice/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/some/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/sort/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/subarray/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/toLocaleString/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/toString/bigint-inherited.js
-    - test/built-ins/TypedArrayConstructors/prototype/values/bigint-inherited.js
-    - test/language/expressions/class/subclass-builtins/subclass-BigInt64Array.js
-    - test/language/expressions/class/subclass-builtins/subclass-BigUint64Array.js
-    - test/language/statements/class/subclass-builtins/subclass-BigInt64Array.js
-    - test/language/statements/class/subclass-builtins/subclass-BigUint64Array.js
 
     # requires ICU 65 (https://unicode-org.atlassian.net/browse/ICU-20654)
@@ -213 +125 @@
     - test/intl402/NumberFormat/prototype/resolvedOptions/compactDisplay.js
     - test/intl402/NumberFormat/style-unit.js
+
+    # New ICU (66~) raises a different failure
+    - test/intl402/Locale/constructor-non-iana-canon.js

trunk/JSTests/test262/expectations.yaml

@@ -824 +824 @@
   default: 'SyntaxError: Invalid regular expression: number too large in {} quantifier'
   strict mode: 'SyntaxError: Invalid regular expression: number too large in {} quantifier'
+test/built-ins/TypedArray/prototype/filter/BigInt/callbackfn-detachbuffer.js:
+  default: 'TypeError: Invalid argument type in ToBigInt operation (Testing with BigInt64Array.)'
+  strict mode: 'TypeError: Invalid argument type in ToBigInt operation (Testing with BigInt64Array.)'
+test/built-ins/TypedArray/prototype/findIndex/BigInt/predicate-may-detach-buffer.js:
+  default: 'Test262Error: throws a TypeError getting a value from the detached buffer Expected a TypeError to be thrown but no exception was thrown at all (Testing with BigInt64Array.)'
+  strict mode: 'Test262Error: throws a TypeError getting a value from the detached buffer Expected a TypeError to be thrown but no exception was thrown at all (Testing with BigInt64Array.)'
 test/intl402/DateTimeFormat/prototype/formatRange/en-US.js:
   default: 'Test262Error: Expected SameValue(«1/3/2019 – 1/5/2019», «1/3/2019 – 1/5/2019») to be true'
@@ -866 +872 @@
   default: 'Test262Error: Expected SameValue(«ru-Armn-SU», «ru-Armn-AM») to be true'
   strict mode: 'Test262Error: Expected SameValue(«ru-Armn-SU», «ru-Armn-AM») to be true'
-test/intl402/Locale/constructor-non-iana-canon.js:
-  default: 'Test262Error: new Intl.Locale("mo").maximize().toString() returns "ro-Latn-RO" Expected SameValue(«ro», «ro-Latn-RO») to be true'
-  strict mode: 'Test262Error: new Intl.Locale("mo").maximize().toString() returns "ro-Latn-RO" Expected SameValue(«ro», «ro-Latn-RO») to be true'
 test/intl402/Locale/constructor-options-region-valid.js:
   default: "Test262Error: new Intl.Locale('en', {region: \"554\"}).toString() returns \"en-NZ\" Expected SameValue(«en-554», «en-NZ») to be true"

trunk/Source/JavaScriptCore/API/JSTypedArray.cpp

@@ -65 +65 @@
     case TypeFloat64:
         return kJSTypedArrayTypeFloat64Array;
+    case TypeBigInt64:
+        return kJSTypedArrayTypeBigInt64Array;
+    case TypeBigUint64:
+        return kJSTypedArrayTypeBigUint64Array;
     }
     RELEASE_ASSERT_NOT_REACHED();
@@ -93 +97 @@
     case kJSTypedArrayTypeFloat64Array:
         return TypeFloat64;
+    case kJSTypedArrayTypeBigInt64Array:
+        return TypeBigInt64;
+    case kJSTypedArrayTypeBigUint64Array:
+        return TypeBigUint64;
     }
     RELEASE_ASSERT_NOT_REACHED();
@@ -124 +132 @@
     case kJSTypedArrayTypeFloat64Array:
         return JSFloat64Array::create(globalObject, globalObject->typedArrayStructure(TypeFloat64), WTFMove(buffer), offset, length);
+    case kJSTypedArrayTypeBigInt64Array:
+        return JSBigInt64Array::create(globalObject, globalObject->typedArrayStructure(TypeBigInt64), WTFMove(buffer), offset, length);
+    case kJSTypedArrayTypeBigUint64Array:
+        return JSBigUint64Array::create(globalObject, globalObject->typedArrayStructure(TypeBigUint64), WTFMove(buffer), offset, length);
     case kJSTypedArrayTypeArrayBuffer:
     case kJSTypedArrayTypeNone:

trunk/Source/JavaScriptCore/API/JSValueRef.h

@@ -67 +67 @@
  @constant     kJSTypedArrayTypeFloat32Array         Float32Array
  @constant     kJSTypedArrayTypeFloat64Array         Float64Array
+ @constant     kJSTypedArrayTypeBigInt64Array        BigInt64Array
+ @constant     kJSTypedArrayTypeBigUint64Array       BigUint64Array
  @constant     kJSTypedArrayTypeArrayBuffer          ArrayBuffer
  @constant     kJSTypedArrayTypeNone                 Not a Typed Array
@@ -83 +85 @@
     kJSTypedArrayTypeArrayBuffer,
     kJSTypedArrayTypeNone,
+    kJSTypedArrayTypeBigInt64Array,
+    kJSTypedArrayTypeBigUint64Array,
 } JSTypedArrayType JSC_API_AVAILABLE(macos(10.12), ios(10.0));
 

trunk/Source/JavaScriptCore/API/tests/TypedArrayCTest.cpp

@@ -50 +50 @@
 };
 
-static const unsigned byteSizes[kJSTypedArrayTypeArrayBuffer] =
+static const unsigned byteSizes[] =
 {
     1, // kJSTypedArrayTypeInt8Array
@@ -61 +61 @@
     4, // kJSTypedArrayTypeFloat32Array
     8, // kJSTypedArrayTypeFloat64Array
+    0, // kJSTypedArrayTypeArrayBuffer
+    0, // kJSTypedArrayTypeNone
+    8, // kJSTypedArrayTypeBigInt64Array
+    8, // kJSTypedArrayTypeBigUint64Array
 };
 
-static const char* typeToString[kJSTypedArrayTypeArrayBuffer] =
+static const char* typeToString[] =
 {
     "kJSTypedArrayTypeInt8Array",
@@ -74 +78 @@
     "kJSTypedArrayTypeFloat32Array",
     "kJSTypedArrayTypeFloat64Array",
+    "kJSTypedArrayTypeArrayBuffer",
+    "kJSTypedArrayTypeNone",
+    "kJSTypedArrayTypeBigInt64Array",
+    "kJSTypedArrayTypeBigUint64Array",
 };
 
@@ -213 +221 @@
 {
     int failed = 0;
-    for (unsigned i = 0; i < kJSTypedArrayTypeArrayBuffer; i++)
-        failed = failed || functor(static_cast<JSTypedArrayType>(i));
+    for (unsigned i = 0; i < kJSTypedArrayTypeArrayBuffer; i++) {
+        if (i != kJSTypedArrayTypeNone && i != kJSTypedArrayTypeArrayBuffer)
+            failed = failed || functor(static_cast<JSTypedArrayType>(i));
+    }
     return failed;
 }

trunk/Source/JavaScriptCore/CMakeLists.txt

@@ -823 +823 @@
     runtime/BasicBlockLocation.h
     runtime/BatchedTransitionOptimizer.h
+    runtime/BigInt64Array.h
     runtime/BigIntObject.h
     runtime/BigIntPrototype.h
+    runtime/BigUint64Array.h
     runtime/BooleanObject.h
     runtime/BooleanPrototype.h

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2021-01-31  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] Implement BigInt64Array and BigUint64Array
+        https://bugs.webkit.org/show_bug.cgi?id=190800
+
+        Reviewed by Ross Kirsling.
+
+        This patch implements BigInt64Array and BigUint64Array.
+
+            1. In this patch, we do not support BigInt64Array/BigUint64Array + Atomics yet.
+            2. We make canGetIndexQuickly false for BigInt64Array and BigUint64Array. And we
+               use generic path for getting values from BigInt64Array and BigUint64Array. We
+               will optimize it in [1] and [2]. But possibly, this does not have super large
+               impact on performance since getting value from BigInt64Array and BigUint64Array
+               are already costly since we always need to allocate BigInt for results.
+            3. DFG / FTL GetByVal etc. are using Array::Generic for BigInt64Array and BigUint64Array.
+            4. But GetArrayLength, CheckArray, byteLength getter etc. are using Array::BigInt64Array / Array::BigUint64Array
+               for optimization.
+            5. Extend ArrayProfile's ArrayMode for BigInt64Array and BigUint64Array so that ArrayProfile
+               can record BigInt64Array and BigUint64Array information.
+            6. Implement DataView#{setBigInt64,setBigUint64,getBigInt64,getBigUint64}.
+            7. Extend JSC APIs to support BigInt64Array and BigUint64Array.
+
+        [1]: https://bugs.webkit.org/show_bug.cgi?id=221181
+        [2]: https://bugs.webkit.org/show_bug.cgi?id=221183
+
+        * API/JSTypedArray.cpp:
+        (toJSTypedArrayType):
+        (toTypedArrayType):
+        (createTypedArray):
+        * API/JSValueRef.h:
+        * API/tests/TypedArrayCTest.cpp:
+        (forEachTypedArrayType):
+        * CMakeLists.txt:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * builtins/BuiltinNames.h:
+        * builtins/TypedArrayPrototype.js:
+        (fill):
+        (map):
+        (filter):
+        * bytecode/ArrayProfile.cpp:
+        (JSC::dumpArrayModes):
+        * bytecode/ArrayProfile.h:
+        * bytecode/ByValInfo.h:
+        (JSC::jitArrayModeForClassInfo):
+        (JSC::jitArrayModePermitsPut):
+        (JSC::typedArrayTypeForJITArrayMode):
+        * bytecode/LinkTimeConstant.h:
+        * bytecode/SpeculatedType.cpp:
+        (JSC::dumpSpeculation):
+        (JSC::speculationToAbbreviatedString):
+        (JSC::speculationFromTypedArrayType):
+        (JSC::typedArrayTypeFromSpeculation):
+        (JSC::speculationFromString):
+        * bytecode/SpeculatedType.h:
+        (JSC::isBigInt64ArraySpeculation):
+        (JSC::isBigUint64ArraySpeculation):
+        (JSC::isDirectArgumentsSpeculation):
+        (JSC::isScopedArgumentsSpeculation):
+        (JSC::isActionableIntMutableArraySpeculation): Deleted.
+        (JSC::isActionableFloatMutableArraySpeculation): Deleted.
+        (JSC::isActionableTypedMutableArraySpeculation): Deleted.
+        (JSC::isActionableMutableArraySpeculation): Deleted.
+        (JSC::isActionableArraySpeculation): Deleted.
+        * dfg/DFGAbstractInterpreterInlines.h:
+        (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
+        * dfg/DFGArrayMode.cpp:
+        (JSC::DFG::ArrayMode::fromObserved):
+        (JSC::DFG::ArrayMode::refine const):
+        (JSC::DFG::ArrayMode::alreadyChecked const):
+        (JSC::DFG::arrayTypeToString):
+        (JSC::DFG::toTypedArrayType):
+        (JSC::DFG::toArrayType):
+        (JSC::DFG::permitsBoundsCheckLowering):
+        * dfg/DFGArrayMode.h:
+        (JSC::DFG::ArrayMode::supportsSelfLength const):
+        (JSC::DFG::ArrayMode::arrayModesThatPassFiltering const):
+        * dfg/DFGClobberize.h:
+        (JSC::DFG::clobberize):
+        * dfg/DFGFixupPhase.cpp:
+        (JSC::DFG::FixupPhase::fixupNode):
+        * dfg/DFGOperations.cpp:
+        (JSC::DFG::JSC_DEFINE_JIT_OPERATION):
+        * dfg/DFGOperations.h:
+        (JSC::DFG::operationNewTypedArrayWithSizeForType):
+        (JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
+        * dfg/DFGPredictionPropagationPhase.cpp:
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::compileHasIndexedProperty):
+        * dfg/DFGSpeculativeJIT64.cpp:
+        (JSC::DFG::SpeculativeJIT::compile):
+        * ftl/FTLLowerDFGToB3.cpp:
+        (JSC::FTL::DFG::LowerDFGToB3::compileGetByVal):
+        (JSC::FTL::DFG::LowerDFGToB3::compilePutByVal):
+        * inspector/JSInjectedScriptHost.cpp:
+        (Inspector::JSInjectedScriptHost::subtype):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::privateCompilePutByVal):
+        * jit/Repatch.cpp:
+        (JSC::tryCacheArrayGetByVal):
+        * llint/LowLevelInterpreter.asm:
+        * runtime/AtomicsObject.cpp:
+        * runtime/AtomicsObject.h:
+        * runtime/BigInt64Array.h: Copied from Source/JavaScriptCore/runtime/JSTypedArrayConstructors.cpp.
+        * runtime/BigUint64Array.h: Copied from Source/JavaScriptCore/runtime/JSTypedArrayConstructors.cpp.
+        * runtime/JSArrayBufferView.cpp:
+        (JSC::elementSize):
+        (JSC::validateTypedArray):
+        * runtime/JSArrayBufferView.h:
+        * runtime/JSBigInt.h:
+        * runtime/JSCell.h:
+        * runtime/JSDataView.h:
+        * runtime/JSDataViewPrototype.cpp:
+        (JSC::getData):
+        (JSC::JSC_DEFINE_HOST_FUNCTION):
+        * runtime/JSGenericTypedArrayView.h:
+        * runtime/JSGenericTypedArrayViewConstructor.h:
+        * runtime/JSGenericTypedArrayViewConstructorInlines.h:
+        (JSC::constructGenericTypedArrayViewWithArguments):
+        * runtime/JSGenericTypedArrayViewInlines.h:
+        (JSC::JSGenericTypedArrayView<Adaptor>::setWithSpecificType):
+        (JSC::JSGenericTypedArrayView<Adaptor>::set):
+        (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlotByIndex):
+        * runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
+        (JSC::genericTypedArrayViewProtoFuncJoin):
+        (JSC::genericTypedArrayViewProtoFuncSlice):
+        (JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::init):
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::JSC_DEFINE_HOST_FUNCTION):
+        * runtime/JSGlobalObjectFunctions.h:
+        * runtime/JSType.cpp:
+        (WTF::printInternal):
+        * runtime/JSType.h:
+        * runtime/JSTypedArrayConstructors.cpp:
+        * runtime/JSTypedArrayConstructors.h:
+        * runtime/JSTypedArrayPrototypes.cpp:
+        * runtime/JSTypedArrayPrototypes.h:
+        * runtime/JSTypedArrayViewPrototype.cpp:
+        (JSC::JSC_DEFINE_HOST_FUNCTION):
+        * runtime/JSTypedArrayViewPrototype.h:
+        * runtime/JSTypedArrays.cpp:
+        * runtime/JSTypedArrays.h:
+        * runtime/ToNativeFromValue.h:
+        (JSC::toNativeFromValue):
+        (JSC::toNativeFromValueWithoutCoercion):
+        * runtime/TypedArrayAdaptors.h:
+        (JSC::IntegralTypedArrayAdaptor::toJSValue):
+        (JSC::FloatTypedArrayAdaptor::toJSValue):
+        (JSC::BigIntTypedArrayAdaptor::toJSValue):
+        (JSC::BigIntTypedArrayAdaptor::toNativeFromInt32):
+        (JSC::BigIntTypedArrayAdaptor::toNativeFromUint32):
+        (JSC::BigIntTypedArrayAdaptor::toNativeFromDouble):
+        (JSC::BigIntTypedArrayAdaptor::convertTo):
+        (JSC::Uint8ClampedAdaptor::toJSValue):
+        (JSC::IntegralTypedArrayAdaptor::toDouble): Deleted.
+        (JSC::FloatTypedArrayAdaptor::toDouble): Deleted.
+        (JSC::Uint8ClampedAdaptor::toDouble): Deleted.
+        * runtime/TypedArrayType.cpp:
+        (JSC::constructorClassInfoForType):
+        (WTF::printInternal):
+        * runtime/TypedArrayType.h:
+        (JSC::isBigIntTypedView):
+        (JSC::logElementSize):
+        (JSC::isBigInt):
+        (JSC::isSigned):
+        (JSC::contentType):
+        * runtime/TypedArrays.h:
+        * runtime/VM.cpp:
+        * runtime/VM.h:
+
 2021-02-01  Yusuke Suzuki  <ysuzuki@apple.com>
 

trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj

@@ -1849 +1849 @@
                 E35CA1541DBC3A5C00F83516 /* DOMJITHeapRange.h in Headers */ = {isa = PBXBuildFile; fileRef = E35CA1521DBC3A5600F83516 /* DOMJITHeapRange.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 E35CA1561DBC3A5F00F83516 /* DOMJITAbstractHeap.h in Headers */ = {isa = PBXBuildFile; fileRef = E35CA1501DBC3A5600F83516 /* DOMJITAbstractHeap.h */; settings = {ATTRIBUTES = (Private, ); }; };
+                E35E89FD25C50F870071EE1E /* BigInt64Array.h in Headers */ = {isa = PBXBuildFile; fileRef = E35E89FB25C50F860071EE1E /* BigInt64Array.h */; settings = {ATTRIBUTES = (Private, ); }; };
+                E35E89FE25C50F870071EE1E /* BigUint64Array.h in Headers */ = {isa = PBXBuildFile; fileRef = E35E89FC25C50F870071EE1E /* BigUint64Array.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 E3637EE9236E56B00096BD0A /* LinkTimeConstant.h in Headers */ = {isa = PBXBuildFile; fileRef = E3637EE7236E56B00096BD0A /* LinkTimeConstant.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 E365F33A24AA623900C991B2 /* IntlDisplayNamesConstructor.lut.h in Headers */ = {isa = PBXBuildFile; fileRef = E365F33924AA621200C991B2 /* IntlDisplayNamesConstructor.lut.h */; };
@@ -5062 +5064 @@
                 E35CA1511DBC3A5600F83516 /* DOMJITHeapRange.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DOMJITHeapRange.cpp; sourceTree = "<group>"; };
                 E35CA1521DBC3A5600F83516 /* DOMJITHeapRange.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DOMJITHeapRange.h; sourceTree = "<group>"; };
+                E35E89FB25C50F860071EE1E /* BigInt64Array.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BigInt64Array.h; sourceTree = "<group>"; };
+                E35E89FC25C50F870071EE1E /* BigUint64Array.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BigUint64Array.h; sourceTree = "<group>"; };
                 E3637EE7236E56B00096BD0A /* LinkTimeConstant.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LinkTimeConstant.h; sourceTree = "<group>"; };
                 E3637EE8236E56B00096BD0A /* LinkTimeConstant.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = LinkTimeConstant.cpp; sourceTree = "<group>"; };
@@ -7137 +7141 @@
                                 52678F8D1A031009006A306D /* BasicBlockLocation.h */,
                                 147B83AA0E6DB8C9004775A4 /* BatchedTransitionOptimizer.h */,
+                                E35E89FB25C50F860071EE1E /* BigInt64Array.h */,
                                 86976E581FA3756D00E7C4E1 /* BigIntConstructor.cpp */,
                                 86976E571FA3754000E7C4E1 /* BigIntConstructor.h */,
@@ -7144 +7149 @@
                                 86976E5B1FA375A800E7C4E1 /* BigIntPrototype.cpp */,
                                 86976E5A1FA3758A00E7C4E1 /* BigIntPrototype.h */,
+                                E35E89FC25C50F870071EE1E /* BigUint64Array.h */,
                                 BC7952320E15EB5600A898AB /* BooleanConstructor.cpp */,
                                 BC7952330E15EB5600A898AB /* BooleanConstructor.h */,
@@ -9256 +9262 @@
                                 52678F8F1A031009006A306D /* BasicBlockLocation.h in Headers */,
                                 147B83AC0E6DB8C9004775A4 /* BatchedTransitionOptimizer.h in Headers */,
+                                E35E89FD25C50F870071EE1E /* BigInt64Array.h in Headers */,
                                 86976E5F1FA3E8BC00E7C4E1 /* BigIntConstructor.h in Headers */,
                                 866739D213BFDE710023D87C /* BigInteger.h in Headers */,
                                 861816771FB7924200ECC4EC /* BigIntObject.h in Headers */,
                                 86976E5E1FA3E8B600E7C4E1 /* BigIntPrototype.h in Headers */,
+                                E35E89FE25C50F870071EE1E /* BigUint64Array.h in Headers */,
                                 0F64B2721A784BAF006E4E66 /* BinarySwitch.h in Headers */,
                                 C2B916C214DA014E00CBAC86 /* BlockDirectory.h in Headers */,

trunk/Source/JavaScriptCore/builtins/BuiltinNames.h

@@ -71 +71 @@
     macro(throwTypeErrorFunction) \
     macro(typedArrayLength) \
+    macro(typedArrayContentType) \
     macro(typedArraySort) \
     macro(typedArrayGetOriginalConstructor) \
@@ -99 +100 @@
     macro(Float32Array) \
     macro(Float64Array) \
+    macro(BigInt64Array) \
+    macro(BigUint64Array) \
     macro(exec) \
     macro(generator) \
@@ -174 +177 @@
     macro(instanceFieldInitializer) \
     macro(hasOwnPropertyFunction) \
-    macro(createPrivateSymbol)
+    macro(createPrivateSymbol) \
+    macro(toBigInt) \
+    macro(isBigIntTypedArrayView)
 
 namespace Symbols {

trunk/Source/JavaScriptCore/builtins/TypedArrayPrototype.js

@@ -92 +92 @@
     var length = @typedArrayLength(this);
 
-    var number = @toNumber(value);
+    if (@isBigIntTypedArrayView(this))
+        var number = @toBigInt(value);
+    else
+        var number = @toNumber(value);
 
     var start = @typedArrayClampArgumentToStartOrEnd(@argument(1), length, 0);
@@ -336 +339 @@
     if (@typedArrayLength(result) < length)
         @throwTypeError("TypedArray.prototype.map constructed typed array of insufficient length");
+    if (@typedArrayContentType(this) !== @typedArrayContentType(result))
+        @throwTypeError("TypedArray.prototype.map constructed typed array of different content type from |this|");
 
     for (var i = 0; i < length; i++) {
@@ -367 +372 @@
     if (@typedArrayLength(result) < length)
         @throwTypeError("TypedArray.prototype.filter constructed typed array of insufficient length");
+    if (@typedArrayContentType(this) !== @typedArrayContentType(result))
+        @throwTypeError("TypedArray.prototype.filter constructed typed array of different content type from |this|");
 
     for (var i = 0; i < length; i++)

trunk/Source/JavaScriptCore/bytecode/ArrayProfile.cpp

@@ -45 +45 @@
     Float32ArrayMode,
     Float64ArrayMode,
+    BigInt64ArrayMode,
+    BigUint64ArrayMode,
 };
 
@@ -111 +113 @@
     if (arrayModes & Float64ArrayMode)
         out.print(comma, "Float64ArrayMode");
+    if (arrayModes & BigInt64ArrayMode)
+        out.print(comma, "BigInt64ArrayMode");
+    if (arrayModes & BigUint64ArrayMode)
+        out.print(comma, "BigUint64ArrayMode");
 }
 

trunk/Source/JavaScriptCore/bytecode/ArrayProfile.h

@@ -48 +48 @@
 const ArrayModes CopyOnWriteArrayWithContiguousArrayMode = 1 << CopyOnWriteArrayWithContiguous;
 
-const ArrayModes Int8ArrayMode = 1 << 16;
-const ArrayModes Int16ArrayMode = 1 << 17;
-const ArrayModes Int32ArrayMode = 1 << 18;
-const ArrayModes Uint8ArrayMode = 1 << 19;
-const ArrayModes Uint8ClampedArrayMode = 1 << 20; // 21 - 25 are used for CoW arrays.
-const ArrayModes Uint16ArrayMode = 1 << 26;
-const ArrayModes Uint32ArrayMode = 1 << 27;
-const ArrayModes Float32ArrayMode = 1 << 28;
-const ArrayModes Float64ArrayMode = 1 << 29;
+const ArrayModes Int8ArrayMode = 1U << 16;
+const ArrayModes Int16ArrayMode = 1U << 17;
+const ArrayModes Int32ArrayMode = 1U << 18;
+const ArrayModes Uint8ArrayMode = 1U << 19;
+const ArrayModes Uint8ClampedArrayMode = 1U << 20; // 21 - 25 are used for CoW arrays.
+const ArrayModes Uint16ArrayMode = 1U << 26;
+const ArrayModes Uint32ArrayMode = 1U << 27;
+const ArrayModes Float32ArrayMode = 1U << 28;
+const ArrayModes Float64ArrayMode = 1U << 29;
+const ArrayModes BigInt64ArrayMode = 1U << 30;
+const ArrayModes BigUint64ArrayMode = 1U << 31;
 
 JS_EXPORT_PRIVATE extern const ArrayModes typedArrayModes[NumberOfTypedArrayTypesExcludingDataView];
@@ -75 +77 @@
     | Float32ArrayMode        \
     | Float64ArrayMode        \
+    | BigInt64ArrayMode       \
+    | BigUint64ArrayMode      \
     )
 

trunk/Source/JavaScriptCore/bytecode/ByValInfo.h

@@ -57 +57 @@
     JITUint32Array,
     JITFloat32Array,
-    JITFloat64Array
+    JITFloat64Array,
+    JITBigInt64Array,
+    JITBigUint64Array,
 };
 
@@ -147 +149 @@
     case TypeFloat64:
         return JITFloat64Array;
+    case TypeBigInt64:
+        return JITBigInt64Array;
+    case TypeBigUint64:
+        return JITBigUint64Array;
     default:
         CRASH();
@@ -158 +164 @@
     case JITDirectArguments:
     case JITScopedArguments:
+    // FIXME: Optimize BigInt64Array / BigUint64Array in IC
+    // https://bugs.webkit.org/show_bug.cgi?id=221183
+    case JITBigInt64Array:
+    case JITBigUint64Array:
         // We could support put_by_val on these at some point, but it's just not that profitable
         // at the moment.
@@ -207 +217 @@
     case JITFloat64Array:
         return TypeFloat64;
+    case JITBigInt64Array:
+        return TypeBigInt64;
+    case JITBigUint64Array:
+        return TypeBigUint64;
     default:
         CRASH();

trunk/Source/JavaScriptCore/bytecode/LinkTimeConstant.h

@@ -51 +51 @@
     v(AggregateError, nullptr) \
     v(typedArrayLength, nullptr) \
+    v(typedArrayContentType, nullptr) \
     v(typedArrayGetOriginalConstructor, nullptr) \
     v(typedArraySort, nullptr) \
@@ -111 +112 @@
     v(hasOwnPropertyFunction, nullptr) \
     v(createPrivateSymbol, nullptr) \
+    v(toBigInt, nullptr) \
+    v(isBigIntTypedArrayView, nullptr) \
 
 

trunk/Source/JavaScriptCore/bytecode/SpeculatedType.cpp

@@ -149 +149 @@
             else
                 isTop = false;
-    
+
+            if (value & SpecBigInt64Array)
+                strOut.print("BigInt64Array");
+            else
+                isTop = false;
+
+            if (value & SpecBigUint64Array)
+                strOut.print("BigUint64Array");
+            else
+                isTop = false;
+
             if (value & SpecFunction)
                 strOut.print("Function");
@@ -360 +370 @@
     if (isFloat64ArraySpeculation(prediction))
         return "<Float64array>";
+    if (isBigInt64ArraySpeculation(prediction))
+        return "<BigInt64array>";
+    if (isBigUint64ArraySpeculation(prediction))
+        return "<BigUint64array>";
     if (isDirectArgumentsSpeculation(prediction))
         return "<DirectArguments>";
@@ -425 +439 @@
     case TypeFloat64:
         return SpecFloat64Array;
+    case TypeBigInt64:
+        return SpecBigInt64Array;
+    case TypeBigUint64:
+        return SpecBigUint64Array;
     case NotTypedArray:
     case TypeDataView:
@@ -657 +675 @@
     if (isFloat64ArraySpeculation(type))
         return TypeFloat64;
+
+    if (isBigInt64ArraySpeculation(type))
+        return TypeBigInt64;
+
+    if (isBigUint64ArraySpeculation(type))
+        return TypeBigUint64;
     
     return NotTypedArray;
@@ -903 +927 @@
     if (!strncmp(speculation, "SpecFloat64Array", strlen("SpecFloat64Array")))
         return SpecFloat64Array;
+    if (!strncmp(speculation, "SpecBigInt64Array", strlen("SpecBigInt64Array")))
+        return SpecBigInt64Array;
+    if (!strncmp(speculation, "SpecBigUint64Array", strlen("SpecBigUint64Array")))
+        return SpecBigUint64Array;
     if (!strncmp(speculation, "SpecTypedArrayView", strlen("SpecTypedArrayView")))
         return SpecTypedArrayView;

trunk/Source/JavaScriptCore/bytecode/SpeculatedType.h

@@ -52 +52 @@
 static constexpr SpeculatedType SpecUint16Array                       = 1ull << 9; // It's definitely an Uint16Array or one of its subclasses.
 static constexpr SpeculatedType SpecUint32Array                       = 1ull << 10; // It's definitely an Uint32Array or one of its subclasses.
-static constexpr SpeculatedType SpecFloat32Array                      = 1ull << 11; // It's definitely an Uint16Array or one of its subclasses.
-static constexpr SpeculatedType SpecFloat64Array                      = 1ull << 12; // It's definitely an Uint16Array or one of its subclasses.
-static constexpr SpeculatedType SpecTypedArrayView                    = SpecInt8Array | SpecInt16Array | SpecInt32Array | SpecUint8Array | SpecUint8ClampedArray | SpecUint16Array | SpecUint32Array | SpecFloat32Array | SpecFloat64Array;
-static constexpr SpeculatedType SpecDirectArguments                   = 1ull << 13; // It's definitely a DirectArguments object.
-static constexpr SpeculatedType SpecScopedArguments                   = 1ull << 14; // It's definitely a ScopedArguments object.
-static constexpr SpeculatedType SpecStringObject                      = 1ull << 15; // It's definitely a StringObject.
-static constexpr SpeculatedType SpecRegExpObject                      = 1ull << 16; // It's definitely a RegExpObject (and not any subclass of RegExpObject).
-static constexpr SpeculatedType SpecDateObject                        = 1ull << 17; // It's definitely a Date object or one of its subclasses.
-static constexpr SpeculatedType SpecPromiseObject                     = 1ull << 18; // It's definitely a Promise object or one of its subclasses.
-static constexpr SpeculatedType SpecMapObject                         = 1ull << 19; // It's definitely a Map object or one of its subclasses.
-static constexpr SpeculatedType SpecSetObject                         = 1ull << 20; // It's definitely a Set object or one of its subclasses.
-static constexpr SpeculatedType SpecWeakMapObject                     = 1ull << 21; // It's definitely a WeakMap object or one of its subclasses.
-static constexpr SpeculatedType SpecWeakSetObject                     = 1ull << 22; // It's definitely a WeakSet object or one of its subclasses.
-static constexpr SpeculatedType SpecProxyObject                       = 1ull << 23; // It's definitely a Proxy object or one of its subclasses.
-static constexpr SpeculatedType SpecDerivedArray                      = 1ull << 24; // It's definitely a DerivedArray object.
-static constexpr SpeculatedType SpecObjectOther                       = 1ull << 25; // It's definitely an object but not JSFinalObject, JSArray, or JSFunction.
-static constexpr SpeculatedType SpecStringIdent                       = 1ull << 26; // It's definitely a JSString, and it's an identifier.
-static constexpr SpeculatedType SpecStringVar                         = 1ull << 27; // It's definitely a JSString, and it's not an identifier.
+static constexpr SpeculatedType SpecFloat32Array                      = 1ull << 11; // It's definitely an Float32Array or one of its subclasses.
+static constexpr SpeculatedType SpecFloat64Array                      = 1ull << 12; // It's definitely an Float64Array or one of its subclasses.
+static constexpr SpeculatedType SpecBigInt64Array                     = 1ull << 13; // It's definitely an BigInt64Array or one of its subclasses.
+static constexpr SpeculatedType SpecBigUint64Array                    = 1ull << 14; // It's definitely an BigUint64Array or one of its subclasses.
+static constexpr SpeculatedType SpecTypedArrayView                    = SpecInt8Array | SpecInt16Array | SpecInt32Array | SpecUint8Array | SpecUint8ClampedArray | SpecUint16Array | SpecUint32Array | SpecFloat32Array | SpecFloat64Array | SpecBigInt64Array | SpecBigUint64Array;
+static constexpr SpeculatedType SpecDirectArguments                   = 1ull << 15; // It's definitely a DirectArguments object.
+static constexpr SpeculatedType SpecScopedArguments                   = 1ull << 16; // It's definitely a ScopedArguments object.
+static constexpr SpeculatedType SpecStringObject                      = 1ull << 17; // It's definitely a StringObject.
+static constexpr SpeculatedType SpecRegExpObject                      = 1ull << 18; // It's definitely a RegExpObject (and not any subclass of RegExpObject).
+static constexpr SpeculatedType SpecDateObject                        = 1ull << 19; // It's definitely a Date object or one of its subclasses.
+static constexpr SpeculatedType SpecPromiseObject                     = 1ull << 20; // It's definitely a Promise object or one of its subclasses.
+static constexpr SpeculatedType SpecMapObject                         = 1ull << 21; // It's definitely a Map object or one of its subclasses.
+static constexpr SpeculatedType SpecSetObject                         = 1ull << 22; // It's definitely a Set object or one of its subclasses.
+static constexpr SpeculatedType SpecWeakMapObject                     = 1ull << 23; // It's definitely a WeakMap object or one of its subclasses.
+static constexpr SpeculatedType SpecWeakSetObject                     = 1ull << 24; // It's definitely a WeakSet object or one of its subclasses.
+static constexpr SpeculatedType SpecProxyObject                       = 1ull << 25; // It's definitely a Proxy object or one of its subclasses.
+static constexpr SpeculatedType SpecDerivedArray                      = 1ull << 26; // It's definitely a DerivedArray object.
+static constexpr SpeculatedType SpecObjectOther                       = 1ull << 27; // It's definitely an object but not JSFinalObject, JSArray, or JSFunction.
+static constexpr SpeculatedType SpecStringIdent                       = 1ull << 28; // It's definitely a JSString, and it's an identifier.
+static constexpr SpeculatedType SpecStringVar                         = 1ull << 29; // It's definitely a JSString, and it's not an identifier.
 static constexpr SpeculatedType SpecString                            = SpecStringIdent | SpecStringVar; // It's definitely a JSString.
-static constexpr SpeculatedType SpecSymbol                            = 1ull << 28; // It's definitely a Symbol.
-static constexpr SpeculatedType SpecCellOther                         = 1ull << 29; // It's definitely a JSCell but not a subclass of JSObject and definitely not a JSString, BigInt, or Symbol.
-static constexpr SpeculatedType SpecBoolInt32                         = 1ull << 30; // It's definitely an Int32 with value 0 or 1.
-static constexpr SpeculatedType SpecNonBoolInt32                      = 1ull << 31; // It's definitely an Int32 with value other than 0 or 1.
+static constexpr SpeculatedType SpecSymbol                            = 1ull << 30; // It's definitely a Symbol.
+static constexpr SpeculatedType SpecCellOther                         = 1ull << 31; // It's definitely a JSCell but not a subclass of JSObject and definitely not a JSString, BigInt, or Symbol.
+static constexpr SpeculatedType SpecBoolInt32                         = 1ull << 32; // It's definitely an Int32 with value 0 or 1.
+static constexpr SpeculatedType SpecNonBoolInt32                      = 1ull << 33; // It's definitely an Int32 with value other than 0 or 1.
 static constexpr SpeculatedType SpecInt32Only                         = SpecBoolInt32 | SpecNonBoolInt32; // It's definitely an Int32.
 
-static constexpr SpeculatedType SpecInt32AsInt52                      = 1ull << 32; // It's an Int52 and it can fit in an int32.
-static constexpr SpeculatedType SpecNonInt32AsInt52                   = 1ull << 33; // It's an Int52 and it can't fit in an int32.
+static constexpr SpeculatedType SpecInt32AsInt52                      = 1ull << 34; // It's an Int52 and it can fit in an int32.
+static constexpr SpeculatedType SpecNonInt32AsInt52                   = 1ull << 35; // It's an Int52 and it can't fit in an int32.
 static constexpr SpeculatedType SpecInt52Any                          = SpecInt32AsInt52 | SpecNonInt32AsInt52; // It's any kind of Int52.
 
-static constexpr SpeculatedType SpecAnyIntAsDouble                    = 1ull << 34; // It's definitely an Int52 and it's inside a double.
-static constexpr SpeculatedType SpecNonIntAsDouble                    = 1ull << 35; // It's definitely not an Int52 but it's a real number and it's a double.
+static constexpr SpeculatedType SpecAnyIntAsDouble                    = 1ull << 36; // It's definitely an Int52 and it's inside a double.
+static constexpr SpeculatedType SpecNonIntAsDouble                    = 1ull << 37; // It's definitely not an Int52 but it's a real number and it's a double.
 static constexpr SpeculatedType SpecDoubleReal                        = SpecNonIntAsDouble | SpecAnyIntAsDouble; // It's definitely a non-NaN double.
-static constexpr SpeculatedType SpecDoublePureNaN                     = 1ull << 36; // It's definitely a NaN that is safe to tag (i.e. pure).
-static constexpr SpeculatedType SpecDoubleImpureNaN                   = 1ull << 37; // It's definitely a NaN that is unsafe to tag (i.e. impure).
+static constexpr SpeculatedType SpecDoublePureNaN                     = 1ull << 38; // It's definitely a NaN that is safe to tag (i.e. pure).
+static constexpr SpeculatedType SpecDoubleImpureNaN                   = 1ull << 39; // It's definitely a NaN that is unsafe to tag (i.e. impure).
 static constexpr SpeculatedType SpecDoubleNaN                         = SpecDoublePureNaN | SpecDoubleImpureNaN; // It's definitely some kind of NaN.
 static constexpr SpeculatedType SpecBytecodeDouble                    = SpecDoubleReal | SpecDoublePureNaN; // It's either a non-NaN or a NaN double, but it's definitely not impure NaN.
@@ -95 +97 @@
 
 static constexpr SpeculatedType SpecFullNumber                        = SpecIntAnyFormat | SpecFullDouble; // It's either an Int32, Int52, or a Double, and the Double can be impure NaN.
-static constexpr SpeculatedType SpecBoolean                           = 1ull << 38; // It's definitely a Boolean.
-static constexpr SpeculatedType SpecOther                             = 1ull << 39; // It's definitely either Null or Undefined.
+static constexpr SpeculatedType SpecBoolean                           = 1ull << 40; // It's definitely a Boolean.
+static constexpr SpeculatedType SpecOther                             = 1ull << 41; // It's definitely either Null or Undefined.
 static constexpr SpeculatedType SpecMisc                              = SpecBoolean | SpecOther; // It's definitely either a boolean, Null, or Undefined.
-static constexpr SpeculatedType SpecEmpty                             = 1ull << 40; // It's definitely an empty value marker.
-static constexpr SpeculatedType SpecHeapBigInt                        = 1ull << 41; // It's definitely a BigInt that is allocated on the heap
-static constexpr SpeculatedType SpecBigInt32                          = 1ull << 42; // It's definitely a small BigInt that is inline the JSValue
+static constexpr SpeculatedType SpecEmpty                             = 1ull << 42; // It's definitely an empty value marker.
+static constexpr SpeculatedType SpecHeapBigInt                        = 1ull << 43; // It's definitely a BigInt that is allocated on the heap
+static constexpr SpeculatedType SpecBigInt32                          = 1ull << 44; // It's definitely a small BigInt that is inline the JSValue
 #if USE(BIGINT32)
 static constexpr SpeculatedType SpecBigInt                            = SpecBigInt32 | SpecHeapBigInt;
@@ -107 +109 @@
 static constexpr SpeculatedType SpecBigInt                            = SpecHeapBigInt;
 #endif
-static constexpr SpeculatedType SpecDataViewObject                    = 1ull << 43; // It's definitely a JSDataView.
+static constexpr SpeculatedType SpecDataViewObject                    = 1ull << 45; // It's definitely a JSDataView.
 static constexpr SpeculatedType SpecPrimitive                         = SpecString | SpecSymbol | SpecBytecodeNumber | SpecMisc | SpecBigInt; // It's any non-Object JSValue.
 static constexpr SpeculatedType SpecObject                            = SpecFinalObject | SpecArray | SpecFunction | SpecTypedArrayView | SpecDirectArguments | SpecScopedArguments | SpecStringObject | SpecRegExpObject | SpecDateObject | SpecPromiseObject | SpecMapObject | SpecSetObject | SpecWeakMapObject | SpecWeakSetObject | SpecProxyObject | SpecDerivedArray | SpecObjectOther | SpecDataViewObject; // Bitmask used for testing for any kind of object prediction.
@@ -288 +290 @@
 }
 
+inline bool isBigInt64ArraySpeculation(SpeculatedType value)
+{
+    return value == SpecBigInt64Array;
+}
+
+inline bool isBigUint64ArraySpeculation(SpeculatedType value)
+{
+    return value == SpecBigUint64Array;
+}
+
 inline bool isDirectArgumentsSpeculation(SpeculatedType value)
 {
@@ -296 +308 @@
 {
     return value == SpecScopedArguments;
-}
-
-inline bool isActionableIntMutableArraySpeculation(SpeculatedType value)
-{
-    return isInt8ArraySpeculation(value)
-        || isInt16ArraySpeculation(value)
-        || isInt32ArraySpeculation(value)
-        || isUint8ArraySpeculation(value)
-        || isUint8ClampedArraySpeculation(value)
-        || isUint16ArraySpeculation(value)
-        || isUint32ArraySpeculation(value);
-}
-
-inline bool isActionableFloatMutableArraySpeculation(SpeculatedType value)
-{
-    return isFloat32ArraySpeculation(value)
-        || isFloat64ArraySpeculation(value);
-}
-
-inline bool isActionableTypedMutableArraySpeculation(SpeculatedType value)
-{
-    return isActionableIntMutableArraySpeculation(value)
-        || isActionableFloatMutableArraySpeculation(value);
-}
-
-inline bool isActionableMutableArraySpeculation(SpeculatedType value)
-{
-    return isArraySpeculation(value)
-        || isActionableTypedMutableArraySpeculation(value);
-}
-
-inline bool isActionableArraySpeculation(SpeculatedType value)
-{
-    return isStringSpeculation(value)
-        || isDirectArgumentsSpeculation(value)
-        || isScopedArgumentsSpeculation(value)
-        || isActionableMutableArraySpeculation(value);
 }
 

trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h

@@ -3648 +3648 @@
             filter(node->child1(), SpecFloat64Array | admittedTypes);
             break;
+        case Array::BigInt64Array:
+            filter(node->child1(), SpecBigInt64Array | admittedTypes);
+            break;
+        case Array::BigUint64Array:
+            filter(node->child1(), SpecBigUint64Array | admittedTypes);
+            break;
         case Array::AnyTypedArray:
             filter(node->child1(), SpecTypedArrayView | admittedTypes);

trunk/Source/JavaScriptCore/dfg/DFGArrayMode.cpp

@@ -146 +146 @@
     case Float64ArrayMode:
         return ArrayMode(Array::Float64Array, nonArray, Array::AsIs, action).withProfile(locker, profile, makeSafe);
+    case BigInt64ArrayMode:
+        return ArrayMode(Array::BigInt64Array, nonArray, Array::AsIs, action).withProfile(locker, profile, makeSafe);
+    case BigUint64ArrayMode:
+        return ArrayMode(Array::BigUint64Array, nonArray, Array::AsIs, action).withProfile(locker, profile, makeSafe);
 
     default:
@@ -289 +293 @@
     case Array::Float32Array:
     case Array::Float64Array:
+    case Array::BigInt64Array:
+    case Array::BigUint64Array:
         if (node->op() == PutByVal) {
             if (graph.hasExitSite(node->origin.semantic, OutOfBounds) || !isInBounds())
@@ -294 +300 @@
         }
         return typedArrayResult(withSpeculation(Array::InBounds));
+
     case Array::Unprofiled:
     case Array::SelectUsingPredictions: {
@@ -354 +361 @@
         if (isFloat64ArraySpeculation(base))
             return typedArrayResult(result.withType(Array::Float64Array));
+
+        if (isBigInt64ArraySpeculation(base))
+            return typedArrayResult(result.withType(Array::BigInt64Array));
+
+        if (isBigUint64ArraySpeculation(base))
+            return typedArrayResult(result.withType(Array::BigUint64Array));
 
         if (type() == Array::Unprofiled)
@@ -605 +618 @@
     case Array::Float64Array:
         return speculationChecked(value.m_type, SpecFloat64Array);
+
+    case Array::BigInt64Array:
+        return speculationChecked(value.m_type, SpecBigInt64Array);
+
+    case Array::BigUint64Array:
+        return speculationChecked(value.m_type, SpecBigUint64Array);
 
     case Array::AnyTypedArray:
@@ -680 +699 @@
     case Array::Float64Array:
         return "Float64Array";
+    case Array::BigInt64Array:
+        return "BigInt64Array";
+    case Array::BigUint64Array:
+        return "BigUint64Array";
     case Array::AnyTypedArray:
         return "AnyTypedArray";
@@ -782 +805 @@
     case Array::Float64Array:
         return TypeFloat64;
+    case Array::BigInt64Array:
+        return TypeBigInt64;
+    case Array::BigUint64Array:
+        return TypeBigUint64;
     case Array::AnyTypedArray:
         RELEASE_ASSERT_NOT_REACHED();
@@ -811 +838 @@
     case TypeFloat64:
         return Array::Float64Array;
+    case TypeBigInt64:
+        return Array::BigInt64Array;
+    case TypeBigUint64:
+        return Array::BigUint64Array;
     default:
         return Array::Generic;
@@ -846 +877 @@
     case Array::Float32Array:
     case Array::Float64Array:
+    case Array::BigInt64Array:
+    case Array::BigUint64Array:
     case Array::AnyTypedArray:
         return true;

trunk/Source/JavaScriptCore/dfg/DFGArrayMode.h

@@ -77 +77 @@
     Float32Array,
     Float64Array,
+    BigInt64Array,
+    BigUint64Array,
     AnyTypedArray
 };
@@ -394 +396 @@
         case Array::Float32Array:
         case Array::Float64Array:
+        case Array::BigInt64Array:
+        case Array::BigUint64Array:
             return false;
         case Array::Int32:
@@ -478 +482 @@
         case Array::Float64Array:
             return Float64ArrayMode;
+        case Array::BigInt64Array:
+            return BigInt64ArrayMode;
+        case Array::BigUint64Array:
+            return BigUint64ArrayMode;
         case Array::AnyTypedArray:
             return ALL_TYPED_ARRAY_MODES;

trunk/Source/JavaScriptCore/dfg/DFGClobberize.h

@@ -915 +915 @@
             
         case Array::Generic:
+        case Array::BigInt64Array:
+        case Array::BigUint64Array:
             clobberTop();
             return;
@@ -1052 +1054 @@
             
         case Array::Generic:
+        case Array::BigInt64Array:
+        case Array::BigUint64Array:
             clobberTop();
             return;

trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp

@@ -1053 +1053 @@
                     m_graph.varArgChild(node, 1)->prediction(),
                     SpecNone));
-            
+
+            switch (node->arrayMode().type()) {
+            case Array::BigInt64Array:
+            case Array::BigUint64Array:
+                // Make it Array::Generic.
+                // FIXME: Add BigInt64Array / BigUint64Array support.
+                // https://bugs.webkit.org/show_bug.cgi?id=221172
+                node->setArrayMode(ArrayMode(Array::Generic, node->arrayMode().action()));
+                break;
+            default:
+                break;
+            }
+
             blessArrayOperation(m_graph.varArgChild(node, 0), m_graph.varArgChild(node, 1), m_graph.varArgChild(node, 2));
             
@@ -1224 +1236 @@
                     child2->prediction(),
                     child3->prediction()));
+
+            switch (node->arrayMode().type()) {
+            case Array::BigInt64Array:
+            case Array::BigUint64Array:
+                // Make it Array::Generic.
+                // FIXME: Add BigInt64Array / BigUint64Array support.
+                // https://bugs.webkit.org/show_bug.cgi?id=221172
+                node->setArrayMode(ArrayMode(Array::Generic, node->arrayMode().action()));
+                break;
+            default:
+                break;
+            }
             
             blessArrayOperation(child1, child2, m_graph.varArgChild(node, 3));
@@ -1372 +1396 @@
             default: {
                 // Make it Array::Generic.
+                // FIXME: Add BigInt64Array / BigUint64Array support.
+                // https://bugs.webkit.org/show_bug.cgi?id=221172
                 node->setArrayMode(ArrayMode(Array::Generic, node->arrayMode().action()));
                 break;

trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp

@@ -1943 +1943 @@
 }
 
+JSC_DEFINE_JIT_OPERATION(operationNewBigInt64ArrayWithSize, char*, (JSGlobalObject* globalObject, Structure* structure, int32_t length, char* vector))
+{
+    VM& vm = globalObject->vm();
+    CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
+    JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
+    return newTypedArrayWithSize<JSBigInt64Array>(globalObject, vm, structure, length, vector);
+}
+
+JSC_DEFINE_JIT_OPERATION(operationNewBigInt64ArrayWithOneArgument, char*, (JSGlobalObject* globalObject, Structure* structure, EncodedJSValue encodedValue))
+{
+    VM& vm = globalObject->vm();
+    CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
+    JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
+    return reinterpret_cast<char*>(constructGenericTypedArrayViewWithArguments<JSBigInt64Array>(globalObject, structure, encodedValue, 0, WTF::nullopt));
+}
+
+JSC_DEFINE_JIT_OPERATION(operationNewBigUint64ArrayWithSize, char*, (JSGlobalObject* globalObject, Structure* structure, int32_t length, char* vector))
+{
+    VM& vm = globalObject->vm();
+    CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
+    JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
+    return newTypedArrayWithSize<JSBigUint64Array>(globalObject, vm, structure, length, vector);
+}
+
+JSC_DEFINE_JIT_OPERATION(operationNewBigUint64ArrayWithOneArgument, char*, (JSGlobalObject* globalObject, Structure* structure, EncodedJSValue encodedValue))
+{
+    VM& vm = globalObject->vm();
+    CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
+    JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
+    return reinterpret_cast<char*>(constructGenericTypedArrayViewWithArguments<JSBigUint64Array>(globalObject, structure, encodedValue, 0, WTF::nullopt));
+}
+
 JSC_DEFINE_JIT_OPERATION(operationNewArrayIterator, JSCell*, (VM* vmPointer, Structure* structure))
 {

trunk/Source/JavaScriptCore/dfg/DFGOperations.h

@@ -131 +131 @@
 JSC_DECLARE_JIT_OPERATION(operationNewFloat64ArrayWithSize, char*, (JSGlobalObject*, Structure*, int32_t, char*));
 JSC_DECLARE_JIT_OPERATION(operationNewFloat64ArrayWithOneArgument, char*, (JSGlobalObject*, Structure*, EncodedJSValue));
+JSC_DECLARE_JIT_OPERATION(operationNewBigInt64ArrayWithSize, char*, (JSGlobalObject*, Structure*, int32_t, char*));
+JSC_DECLARE_JIT_OPERATION(operationNewBigInt64ArrayWithOneArgument, char*, (JSGlobalObject*, Structure*, EncodedJSValue));
+JSC_DECLARE_JIT_OPERATION(operationNewBigUint64ArrayWithSize, char*, (JSGlobalObject*, Structure*, int32_t, char*));
+JSC_DECLARE_JIT_OPERATION(operationNewBigUint64ArrayWithOneArgument, char*, (JSGlobalObject*, Structure*, EncodedJSValue));
 JSC_DECLARE_JIT_OPERATION(operationNewArrayIterator, JSCell*, (VM*, Structure*));
 JSC_DECLARE_JIT_OPERATION(operationNewMapIterator, JSCell*, (VM*, Structure*));
@@ -362 +366 @@
     case TypeFloat64:
         return operationNewFloat64ArrayWithSize;
+    case TypeBigInt64:
+        return operationNewBigInt64ArrayWithSize;
+    case TypeBigUint64:
+        return operationNewBigUint64ArrayWithSize;
     case NotTypedArray:
     case TypeDataView:
@@ -391 +399 @@
     case TypeFloat64:
         return operationNewFloat64ArrayWithOneArgument;
+    case TypeBigInt64:
+        return operationNewBigInt64ArrayWithOneArgument;
+    case TypeBigUint64:
+        return operationNewBigUint64ArrayWithOneArgument;
     case NotTypedArray:
     case TypeDataView:

trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp

@@ -515 +515 @@
             case Array::Int32Array:
                 changed |= mergePrediction(SpecInt32Only);
+                break;
+            case Array::BigInt64Array:
+            case Array::BigUint64Array:
+                changed |= mergePrediction(SpecBigInt);
                 break;
             default:

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

@@ -14382 +14382 @@
     }
     default: {
+        // FIXME: Optimize TypedArrays in HasIndexedProperty IC
+        // https://bugs.webkit.org/show_bug.cgi?id=221183
         slowCases.append(m_jit.jump());
         break;

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp

@@ -2649 +2649 @@
             break;
         }
+        case Array::BigInt64Array:
+        case Array::BigUint64Array:
         case Array::Generic: {
             if (m_graph.m_slowGetByVal.contains(node)) {
@@ -2981 +2983 @@
             DFG_CRASH(m_jit.graph(), node, "Bad array mode type");
             break;
+        case Array::BigInt64Array:
+        case Array::BigUint64Array:
         case Array::Generic: {
             DFG_ASSERT(m_jit.graph(), node, node->op() == PutByVal || node->op() == PutByValDirect, node->op());
@@ -3211 +3215 @@
         case Array::Undecided:
         case Array::Unprofiled:
+        case Array::BigInt64Array:
+        case Array::BigUint64Array:
             RELEASE_ASSERT_NOT_REACHED();
         }

trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp

@@ -5064 +5064 @@
         }
             
+        case Array::BigInt64Array:
+        case Array::BigUint64Array:
         case Array::Generic: {
             if (m_graph.m_slowGetByVal.contains(m_node)) {
@@ -5359 +5361 @@
         ArrayMode arrayMode = m_node->arrayMode().modeForPut();
         switch (arrayMode.type()) {
+        case Array::BigInt64Array:
+        case Array::BigUint64Array:
         case Array::Generic: {
             if (child1.useKind() == CellUse) {
@@ -5648 +5652 @@
         case Array::Undecided:
         case Array::Unprofiled:
+        case Array::BigInt64Array:
+        case Array::BigUint64Array:
             DFG_CRASH(m_graph, m_node, "Bad array type");
             break;

trunk/Source/JavaScriptCore/inspector/JSInjectedScriptHost.cpp

@@ -229 +229 @@
             || object->inherits<JSUint32Array>(vm)
             || object->inherits<JSFloat32Array>(vm)
-            || object->inherits<JSFloat64Array>(vm))
+            || object->inherits<JSFloat64Array>(vm)
+            || object->inherits<JSBigInt64Array>(vm)
+            || object->inherits<JSBigUint64Array>(vm))
             return jsNontrivialString(vm, "array"_s);
     }

trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp

@@ -1494 +1494 @@
         if (isInt(type))
             slowCases = emitIntTypedArrayPutByVal(bytecode, badType, type);
-        else 
+        else {
+            // FIXME: Optimize BigInt64Array / BigUint64Array in IC
+            // Currently, BigInt64Array / BigUint64Array never comes here.
+            // https://bugs.webkit.org/show_bug.cgi?id=221183
+            ASSERT(isFloat(type));
             slowCases = emitFloatTypedArrayPutByVal(bytecode, badType, type);
+        }
         break;
     }

trunk/Source/JavaScriptCore/jit/Repatch.cpp

@@ -496 +496 @@
                 accessType = AccessCase::IndexedTypedArrayFloat64Load;
                 break;
+            // FIXME: Optimize BigInt64Array / BigUint64Array in IC
+            // https://bugs.webkit.org/show_bug.cgi?id=221183
+            case TypeBigInt64:
+            case TypeBigUint64:
+                return GiveUpOnCache;
             default:
                 RELEASE_ASSERT_NOT_REACHED();

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm

@@ -557 +557 @@
 const FirstTypedArrayType = constexpr FirstTypedArrayType
 const NumberOfTypedArrayTypesExcludingDataView = constexpr NumberOfTypedArrayTypesExcludingDataView
+const NumberOfTypedArrayTypesExcludingBigIntArraysAndDataView = constexpr NumberOfTypedArrayTypesExcludingBigIntArraysAndDataView
 
 # Type flags constants.
@@ -1234 +1235 @@
     loadb JSCell::m_type[base], t2
     subi FirstTypedArrayType, t2
-    biaeq t2, NumberOfTypedArrayTypesExcludingDataView, slowPath
+    biaeq t2, NumberOfTypedArrayTypesExcludingBigIntArraysAndDataView, slowPath
     
     # Sweet, now we know that we have a typed array. Do some basic things now.
@@ -1261 +1262 @@
     #    Float32ArrayType,
     #    Float64ArrayType,
+    #
+    # Yet, we are not supporting BitInt64Array and BigUint64Array.
 
     bia t2, Uint16ArrayType - FirstTypedArrayType, .opGetByValAboveUint16Array

trunk/Source/JavaScriptCore/runtime/AtomicsObject.cpp

@@ -128 +128 @@
 }
 
-static JSArrayBufferView* validateTypedArray(JSGlobalObject* globalObject, JSValue typedArrayValue)
-{
-    VM& vm = globalObject->vm();
-    auto scope = DECLARE_THROW_SCOPE(vm);
-
-    if (!typedArrayValue.isCell()) {
-        throwTypeError(globalObject, scope, "Argument needs to be a typed array."_s);
-        return nullptr;
-    }
-
-    JSCell* typedArrayCell = typedArrayValue.asCell();
-    if (!isTypedView(typedArrayCell->classInfo(vm)->typedArrayStorageType)) {
-        throwTypeError(globalObject, scope, "Argument needs to be a typed array."_s);
-        return nullptr;
-    }
-
-    JSArrayBufferView* typedArray = jsCast<JSArrayBufferView*>(typedArrayCell);
-    if (typedArray->isDetached()) {
-        throwTypeError(globalObject, scope, "Argument typed array is detached."_s);
-        return nullptr;
-    }
-    return typedArray;
-}
-
 enum class TypedArrayOperationMode { Read, Write };
 template<TypedArrayOperationMode mode>

trunk/Source/JavaScriptCore/runtime/BigInt64Array.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2021 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -21 +21 @@
  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#include "config.h"
-#include "JSTypedArrayConstructors.h"
+#pragma once
 
-#include "JSCInlines.h"
+#include "TypedArrays.h"
 
-namespace JSC {
-
-#undef MAKE_S_INFO
-#define MAKE_S_INFO(type) \
-    template<> const ClassInfo JS##type##Constructor::s_info = {"Function", &JS##type##Constructor::Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JS##type##Constructor)}
-
-MAKE_S_INFO(Int8Array);
-MAKE_S_INFO(Int16Array);
-MAKE_S_INFO(Int32Array);
-MAKE_S_INFO(Uint8Array);
-MAKE_S_INFO(Uint8ClampedArray);
-MAKE_S_INFO(Uint16Array);
-MAKE_S_INFO(Uint32Array);
-MAKE_S_INFO(Float32Array);
-MAKE_S_INFO(Float64Array);
-MAKE_S_INFO(DataView);
-
-} // namespace JSC
-
+using JSC::BigInt64Array;

trunk/Source/JavaScriptCore/runtime/BigUint64Array.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2021 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -21 +21 @@
  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#include "config.h"
-#include "JSTypedArrayConstructors.h"
+#pragma once
 
-#include "JSCInlines.h"
+#include "TypedArrays.h"
 
-namespace JSC {
-
-#undef MAKE_S_INFO
-#define MAKE_S_INFO(type) \
-    template<> const ClassInfo JS##type##Constructor::s_info = {"Function", &JS##type##Constructor::Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JS##type##Constructor)}
-
-MAKE_S_INFO(Int8Array);
-MAKE_S_INFO(Int16Array);
-MAKE_S_INFO(Int32Array);
-MAKE_S_INFO(Uint8Array);
-MAKE_S_INFO(Uint8ClampedArray);
-MAKE_S_INFO(Uint16Array);
-MAKE_S_INFO(Uint32Array);
-MAKE_S_INFO(Float32Array);
-MAKE_S_INFO(Float64Array);
-MAKE_S_INFO(DataView);
-
-} // namespace JSC
-
+using JSC::BigUint64Array;

trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.cpp

@@ -244 +244 @@
 {
     ASSERT(type >= Int8ArrayType && type <= DataViewType);
-    static_assert(Float64ArrayType + 1 == DataViewType);
+    static_assert(BigUint64ArrayType + 1 == DataViewType);
     return ElementSizeData[type - Int8ArrayType];
 }
@@ -341 +341 @@
 }
 
+JSArrayBufferView* validateTypedArray(JSGlobalObject* globalObject, JSValue typedArrayValue)
+{
+    VM& vm = globalObject->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
+    if (!typedArrayValue.isCell()) {
+        throwTypeError(globalObject, scope, "Argument needs to be a typed array."_s);
+        return nullptr;
+    }
+
+    JSCell* typedArrayCell = typedArrayValue.asCell();
+    if (!isTypedView(typedArrayCell->classInfo(vm)->typedArrayStorageType)) {
+        throwTypeError(globalObject, scope, "Argument needs to be a typed array."_s);
+        return nullptr;
+    }
+
+    JSArrayBufferView* typedArray = jsCast<JSArrayBufferView*>(typedArrayCell);
+    if (typedArray->isDetached()) {
+        throwTypeError(globalObject, scope, "Argument typed array is detached."_s);
+        return nullptr;
+    }
+    return typedArray;
+}
+
 } // namespace JSC
 

trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.h

@@ -225 +225 @@
 };
 
+JSArrayBufferView* validateTypedArray(JSGlobalObject*, JSValue);
+
 } // namespace JSC
 

trunk/Source/JavaScriptCore/runtime/JSBigInt.h

@@ -73 +73 @@
     static JSBigInt* tryCreateFrom(VM&, int32_t value);
     static JSBigInt* createFrom(JSGlobalObject*, uint32_t value);
-    static JSBigInt* createFrom(JSGlobalObject*, int64_t value);
+    JS_EXPORT_PRIVATE static JSBigInt* createFrom(JSGlobalObject*, int64_t value);
     JS_EXPORT_PRIVATE static JSBigInt* createFrom(JSGlobalObject*, uint64_t value);
     static JSBigInt* createFrom(JSGlobalObject*, bool value);
@@ -98 +98 @@
 #if USE(BIGINT32)
         if (value <= INT_MAX && value >= INT_MIN)
+            return jsBigInt32(static_cast<int32_t>(value));
+#endif
+        return JSBigInt::createFrom(globalObject, value);
+    }
+
+    static JSValue makeHeapBigIntOrBigInt32(JSGlobalObject* globalObject, uint64_t value)
+    {
+#if USE(BIGINT32)
+        if (value <= INT_MAX)
             return jsBigInt32(static_cast<int32_t>(value));
 #endif
@@ -431 +440 @@
     }
 
-    static uint64_t toBigInt64(JSValue bigInt)
+    static int64_t toBigInt64(JSValue bigInt)
     {
         ASSERT(bigInt.isBigInt());

trunk/Source/JavaScriptCore/runtime/JSCell.h

@@ -234 +234 @@
     }
     
-    static const TypedArrayType TypedArrayStorageType = NotTypedArray;
+    static constexpr TypedArrayType TypedArrayStorageType = NotTypedArray;
 
     void setPerCellBit(bool);

trunk/Source/JavaScriptCore/runtime/JSDataView.h

@@ -38 +38 @@
     static constexpr unsigned elementSize = 1;
 
+    static constexpr TypedArrayContentType contentType = TypedArrayContentType::None;
+
     template<typename CellType, SubspaceAccess mode>
     static IsoSubspace* subspaceFor(VM& vm)
@@ -65 +67 @@
     RefPtr<DataView> unsharedTypedImpl();
     
-    static const TypedArrayType TypedArrayStorageType = TypeDataView;
+    static constexpr TypedArrayType TypedArrayStorageType = TypeDataView;
 
     static Structure* createStructure(VM&, JSGlobalObject*, JSValue prototype);

trunk/Source/JavaScriptCore/runtime/JSDataViewPrototype.cpp

@@ -46 +46 @@
   getFloat32            dataViewProtoFuncGetFloat32          DontEnum|Function       1  DataViewGetFloat32
   getFloat64            dataViewProtoFuncGetFloat64          DontEnum|Function       1  DataViewGetFloat64
+  getBigInt64           dataViewProtoFuncGetBigInt64         DontEnum|Function       1
+  getBigUint64          dataViewProtoFuncGetBigUint64        DontEnum|Function       1
   setInt8               dataViewProtoFuncSetInt8             DontEnum|Function       2  DataViewSetInt8
   setUint8              dataViewProtoFuncSetUint8            DontEnum|Function       2  DataViewSetUint8
@@ -54 +56 @@
   setFloat32            dataViewProtoFuncSetFloat32          DontEnum|Function       2  DataViewSetFloat32
   setFloat64            dataViewProtoFuncSetFloat64          DontEnum|Function       2  DataViewSetFloat64
+  setBigInt64           dataViewProtoFuncSetBigInt64         DontEnum|Function       2
+  setBigUint64          dataViewProtoFuncSetBigUint64        DontEnum|Function       2
   buffer                dataViewProtoGetterBuffer            DontEnum|Accessor       0
   byteLength            dataViewProtoGetterByteLength        DontEnum|Accessor       0
@@ -68 +72 @@
 static JSC_DECLARE_HOST_FUNCTION(dataViewProtoFuncGetFloat32);
 static JSC_DECLARE_HOST_FUNCTION(dataViewProtoFuncGetFloat64);
+static JSC_DECLARE_HOST_FUNCTION(dataViewProtoFuncGetBigInt64);
+static JSC_DECLARE_HOST_FUNCTION(dataViewProtoFuncGetBigUint64);
 static JSC_DECLARE_HOST_FUNCTION(dataViewProtoFuncSetInt8);
 static JSC_DECLARE_HOST_FUNCTION(dataViewProtoFuncSetInt16);
@@ -76 +82 @@
 static JSC_DECLARE_HOST_FUNCTION(dataViewProtoFuncSetFloat32);
 static JSC_DECLARE_HOST_FUNCTION(dataViewProtoFuncSetFloat64);
+static JSC_DECLARE_HOST_FUNCTION(dataViewProtoFuncSetBigInt64);
+static JSC_DECLARE_HOST_FUNCTION(dataViewProtoFuncSetBigUint64);
 static JSC_DECLARE_HOST_FUNCTION(dataViewProtoGetterBuffer);
 static JSC_DECLARE_HOST_FUNCTION(dataViewProtoGetterByteLength);
@@ -162 +170 @@
     }
 
-    return JSValue::encode(Adaptor::toJSValue(u.value));
+    RELEASE_AND_RETURN(scope, JSValue::encode(Adaptor::toJSValue(globalObject, u.value)));
 }
 
@@ -296 +304 @@
 }
 
+JSC_DEFINE_HOST_FUNCTION(dataViewProtoFuncGetBigInt64, (JSGlobalObject* globalObject, CallFrame* callFrame))
+{
+    return getData<BigInt64Adaptor>(globalObject, callFrame);
+}
+
+JSC_DEFINE_HOST_FUNCTION(dataViewProtoFuncGetBigUint64, (JSGlobalObject* globalObject, CallFrame* callFrame))
+{
+    return getData<BigUint64Adaptor>(globalObject, callFrame);
+}
+
 JSC_DEFINE_HOST_FUNCTION(dataViewProtoFuncSetInt8, (JSGlobalObject* globalObject, CallFrame* callFrame))
 {
@@ -335 +353 @@
     return setData<Float64Adaptor>(globalObject, callFrame);
 }
+
+JSC_DEFINE_HOST_FUNCTION(dataViewProtoFuncSetBigInt64, (JSGlobalObject* globalObject, CallFrame* callFrame))
+{
+    return setData<BigInt64Adaptor>(globalObject, callFrame);
+}
+
+JSC_DEFINE_HOST_FUNCTION(dataViewProtoFuncSetBigUint64, (JSGlobalObject* globalObject, CallFrame* callFrame))
+{
+    return setData<BigUint64Adaptor>(globalObject, callFrame);
+}
 IGNORE_CLANG_WARNINGS_END
 

trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayView.h

@@ -41 +41 @@
 JS_EXPORT_PRIVATE const ClassInfo* getFloat32ArrayClassInfo();
 JS_EXPORT_PRIVATE const ClassInfo* getFloat64ArrayClassInfo();
+JS_EXPORT_PRIVATE const ClassInfo* getBigInt64ArrayClassInfo();
+JS_EXPORT_PRIVATE const ClassInfo* getBigUint64ArrayClassInfo();
 
 // A typed array view is our representation of a typed array object as seen
@@ -80 +82 @@
 //     static int8_t toNativeFromDouble(double);
 //     static JSValue toJSValue(int8_t);
-//     static double toDouble(int8_t);
 //     template<T> static T::Type convertTo(uint8_t);
 // };
@@ -91 +92 @@
 extern const ASCIILiteral typedArrayBufferHasBeenDetachedErrorMessage;
 
-template<typename Adaptor>
+template<typename PassedAdaptor>
 class JSGenericTypedArrayView final : public JSArrayBufferView {
 public:
     using Base = JSArrayBufferView;
-    typedef typename Adaptor::Type ElementType;
+    using Adaptor = PassedAdaptor;
+    using ElementType = typename Adaptor::Type;
+    static constexpr TypedArrayContentType contentType = Adaptor::contentType;
 
     static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetOwnPropertyNames | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero;
@@ -120 +123 @@
     }
 
+    bool inBounds(unsigned i) const
+    {
+        return i < m_length;
+    }
+
     // These methods are meant to match indexed access methods that JSObject
     // supports - hence the slight redundancy.
     bool canGetIndexQuickly(unsigned i) const
     {
-        return i < m_length;
+        return inBounds(i) && Adaptor::canConvertToJSQuickly;
     }
     bool canSetIndexQuickly(unsigned i, JSValue value) const
     {
-        return i < m_length && value.isNumber();
+        return i < m_length && value.isNumber() && Adaptor::canConvertToJSQuickly;
     }
     
@@ -137 +145 @@
     }
     
-    double getIndexQuicklyAsDouble(unsigned i)
-    {
-        return Adaptor::toDouble(getIndexQuicklyAsNativeValue(i));
-    }
-    
     JSValue getIndexQuickly(unsigned i) const
     {
-        return Adaptor::toJSValue(getIndexQuicklyAsNativeValue(i));
+        return Adaptor::toJSValue(nullptr, getIndexQuicklyAsNativeValue(i));
     }
     
@@ -151 +154 @@
         ASSERT(i < m_length);
         typedVector()[i] = value;
-    }
-    
-    void setIndexQuicklyToDouble(unsigned i, double value)
-    {
-        setIndexQuicklyToNativeValue(i, toNativeFromValue<Adaptor>(jsNumber(value)));
     }
     
@@ -248 +246 @@
         case TypeFloat64:
             return getFloat64ArrayClassInfo();
+        case TypeBigInt64:
+            return getBigInt64ArrayClassInfo();
+        case TypeBigUint64:
+            return getBigUint64ArrayClassInfo();
         default:
             RELEASE_ASSERT_NOT_REACHED();
@@ -276 +278 @@
         case TypeFloat64:
             return vm.float64ArraySpace<mode>();
+        case TypeBigInt64:
+            return vm.bigInt64ArraySpace<mode>();
+        case TypeBigUint64:
+            return vm.bigUint64ArraySpace<mode>();
         default:
             RELEASE_ASSERT_NOT_REACHED();
@@ -284 +290 @@
     ArrayBuffer* existingBuffer();
 
-    static const TypedArrayType TypedArrayStorageType = Adaptor::typeValue;
+    static constexpr TypedArrayType TypedArrayStorageType = Adaptor::typeValue;
 
     // This is the default DOM unwrapping. It calls toUnsharedNativeTypedView().

trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructor.h

@@ -39 +39 @@
 JS_EXPORT_PRIVATE JSC_DECLARE_HOST_FUNCTION(callFloat32Array);
 JS_EXPORT_PRIVATE JSC_DECLARE_HOST_FUNCTION(callFloat64Array);
+JS_EXPORT_PRIVATE JSC_DECLARE_HOST_FUNCTION(callBigInt64Array);
+JS_EXPORT_PRIVATE JSC_DECLARE_HOST_FUNCTION(callBigUint64Array);
 JS_EXPORT_PRIVATE JSC_DECLARE_HOST_FUNCTION(callDataView);
 
@@ -50 +52 @@
 JS_EXPORT_PRIVATE JSC_DECLARE_HOST_FUNCTION(constructFloat32Array);
 JS_EXPORT_PRIVATE JSC_DECLARE_HOST_FUNCTION(constructFloat64Array);
+JS_EXPORT_PRIVATE JSC_DECLARE_HOST_FUNCTION(constructBigInt64Array);
+JS_EXPORT_PRIVATE JSC_DECLARE_HOST_FUNCTION(constructBigUint64Array);
 JS_EXPORT_PRIVATE JSC_DECLARE_HOST_FUNCTION(constructDataView);
 
@@ -88 +92 @@
         case TypeFloat64:
             return callFloat64Array;
+        case TypeBigInt64:
+            return callBigInt64Array;
+        case TypeBigUint64:
+            return callBigUint64Array;
         case TypeDataView:
             return callDataView;
@@ -117 +125 @@
         case TypeFloat64:
             return constructFloat64Array;
+        case TypeBigInt64:
+            return constructBigInt64Array;
+        case TypeBigUint64:
+            return constructBigUint64Array;
         case TypeDataView:
             return constructDataView;

trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructorInlines.h

@@ -194 +194 @@
             }
 
+            if (contentType(object->classInfo(vm)->typedArrayStorageType) != ViewClass::contentType) {
+                throwTypeError(globalObject, scope, "Content types of source and new typed array are different"_s);
+                return nullptr;
+            }
+
             length = view->length();
         } else {

trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h

@@ -163 +163 @@
     unsigned otherOffset, unsigned length, CopyType type)
 {
+    VM& vm = globalObject->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+
     // Handle the hilarious case: the act of getting the length could have resulted
     // in detaching. Well, no. That'll never happen because there cannot be
@@ -172 +175 @@
 
     RELEASE_ASSERT(other->canAccessRangeQuickly(otherOffset, length));
-    if (!validateRange(globalObject, offset, length))
+    bool success = validateRange(globalObject, offset, length);
+    EXCEPTION_ASSERT(!scope.exception() == success);
+    if (!success)
         return false;
+
+    if constexpr (Adaptor::contentType != OtherAdaptor::contentType) {
+        throwTypeError(globalObject, scope, "Content types of source and destination typed arrays are different"_s);
+        return false;
+    }
     
     // This method doesn't support copying between the same array. Note that
@@ -290 +300 @@
         RELEASE_AND_RETURN(scope, setWithSpecificType<Float64Adaptor>(
             globalObject, offset, jsCast<JSFloat64Array*>(object), objectOffset, length, type));
+    case TypeBigInt64:
+        RELEASE_AND_RETURN(scope, setWithSpecificType<BigInt64Adaptor>(
+            globalObject, offset, jsCast<JSBigInt64Array*>(object), objectOffset, length, type));
+    case TypeBigUint64:
+        RELEASE_AND_RETURN(scope, setWithSpecificType<BigUint64Adaptor>(
+            globalObject, offset, jsCast<JSBigUint64Array*>(object), objectOffset, length, type));
     case NotTypedArray:
     case TypeDataView: {
@@ -434 +450 @@
 template<typename Adaptor>
 bool JSGenericTypedArrayView<Adaptor>::getOwnPropertySlotByIndex(
-    JSObject* object, JSGlobalObject*, unsigned propertyName, PropertySlot& slot)
-{
+    JSObject* object, JSGlobalObject* globalObject, unsigned propertyName, PropertySlot& slot)
+{
+    VM& vm = globalObject->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
     JSGenericTypedArrayView* thisObject = jsCast<JSGenericTypedArrayView*>(object);
 
-    if (thisObject->isDetached() || !thisObject->canGetIndexQuickly(propertyName))
+    if (thisObject->isDetached() || !thisObject->inBounds(propertyName))
         return false;
 
-    slot.setValue(thisObject, static_cast<unsigned>(PropertyAttribute::None), thisObject->getIndexQuickly(propertyName));
+    JSValue value;
+    if constexpr (Adaptor::canConvertToJSQuickly)
+        value = thisObject->getIndexQuickly(propertyName);
+    else {
+        auto nativeValue = thisObject->getIndexQuicklyAsNativeValue(propertyName);
+        value = Adaptor::toJSValue(globalObject, nativeValue);
+        RETURN_IF_EXCEPTION(scope, false);
+    }
+    slot.setValue(thisObject, static_cast<unsigned>(PropertyAttribute::None), value);
     return true;
 }

trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h

@@ -273 +273 @@
     auto joinWithSeparator = [&] (StringView separator) -> EncodedJSValue {
         JSStringJoiner joiner(globalObject, separator, length);
-        RETURN_IF_EXCEPTION(scope, encodedJSValue());
+        RETURN_IF_EXCEPTION(scope, { });
         if (!thisObject->isDetached()) {
             for (unsigned i = 0; i < length; i++) {
-                joiner.append(globalObject, thisObject->getIndexQuickly(i));
-                RETURN_IF_EXCEPTION(scope, encodedJSValue());
+                JSValue value;
+                if constexpr (ViewClass::Adaptor::canConvertToJSQuickly)
+                    value = thisObject->getIndexQuickly(i);
+                else {
+                    auto nativeValue = thisObject->getIndexQuicklyAsNativeValue(i);
+                    value = ViewClass::Adaptor::toJSValue(globalObject, nativeValue);
+                    RETURN_IF_EXCEPTION(scope, { });
+                }
+                joiner.append(globalObject, value);
+                RETURN_IF_EXCEPTION(scope, { });
             }
         } else {
@@ -293 +301 @@
 
     JSString* separatorString = separatorValue.toString(globalObject);
-    RETURN_IF_EXCEPTION(scope, encodedJSValue());
+    RETURN_IF_EXCEPTION(scope, { });
 
     auto viewWithString = separatorString->viewWithUnderlyingString(globalObject);
-    RETURN_IF_EXCEPTION(scope, encodedJSValue());
+    RETURN_IF_EXCEPTION(scope, { });
     return joinWithSeparator(viewWithString.view);
 }
@@ -455 +463 @@
     ASSERT(!result->isDetached());
 
+    // https://tc39.es/ecma262/#typedarray-species-create
+    // If result.[[ContentType]] ≠ exemplar.[[ContentType]], throw a TypeError exception.
+    if (contentType(result->classInfo(vm)->typedArrayStorageType) != ViewClass::contentType)
+        return throwVMTypeError(globalObject, scope, "Content types of source and created typed arrays are different"_s);
+
     // We return early here since we don't allocate a backing store if length is 0 and memmove does not like nullptrs
     if (!length)
@@ -502 +515 @@
         scope.release();
         jsCast<JSFloat64Array*>(result)->set(globalObject, 0, thisObject, begin, length, CopyType::LeftToRight);
+        return JSValue::encode(result);
+    case TypeBigInt64:
+        scope.release();
+        jsCast<JSBigInt64Array*>(result)->set(globalObject, 0, thisObject, begin, length, CopyType::LeftToRight);
+        return JSValue::encode(result);
+    case TypeBigUint64:
+        scope.release();
+        jsCast<JSBigUint64Array*>(result)->set(globalObject, 0, thisObject, begin, length, CopyType::LeftToRight);
         return JSValue::encode(result);
     default:
@@ -544 +565 @@
     if (UNLIKELY(!arrayBuffer)) {
         throwOutOfMemoryError(globalObject, scope);
-        return encodedJSValue();
+        return { };
     }
     RELEASE_ASSERT(thisLength == thisObject->length());
@@ -568 +589 @@
 
     JSObject* result = construct(globalObject, species, args, "species is not a constructor");
-    RETURN_IF_EXCEPTION(scope, encodedJSValue());
-
-    if (jsDynamicCast<JSArrayBufferView*>(vm, result))
-        return JSValue::encode(result);
-
-    throwTypeError(globalObject, scope, "species constructor did not return a TypedArray View"_s);
-    return JSValue::encode(JSValue());
+    RETURN_IF_EXCEPTION(scope, { });
+
+    JSArrayBufferView* validated = validateTypedArray(globalObject, result);
+    RETURN_IF_EXCEPTION(scope, { });
+    if (contentType(validated->classInfo(vm)->typedArrayStorageType) != ViewClass::contentType)
+        return throwVMTypeError(globalObject, scope, "TypedArray.prototype.subarray constructed typed array of different content type from |this|"_s);
+
+    return JSValue::encode(validated);
 }
 

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

@@ -458 +458 @@
   Float32Array          JSGlobalObject::m_typedArrayFloat32          DontEnum|ClassStructure
   Float64Array          JSGlobalObject::m_typedArrayFloat64          DontEnum|ClassStructure
+  BigInt64Array         JSGlobalObject::m_typedArrayBigInt64         DontEnum|ClassStructure
+  BigUint64Array        JSGlobalObject::m_typedArrayBigUint64        DontEnum|ClassStructure
   DataView              JSGlobalObject::m_typedArrayDataView         DontEnum|ClassStructure
   Date                  JSGlobalObject::m_dateStructure              DontEnum|ClassStructure
@@ -1208 +1210 @@
             init.set(JSFunction::create(init.vm, jsCast<JSGlobalObject*>(init.owner), 0, String(), typedArrayViewPrivateFuncGetOriginalConstructor));
         });
+    m_linkTimeConstants[static_cast<unsigned>(LinkTimeConstant::typedArrayContentType)].initLater([] (const Initializer<JSCell>& init) {
+            init.set(JSFunction::create(init.vm, jsCast<JSGlobalObject*>(init.owner), 0, String(), typedArrayViewPrivateFuncContentType));
+        });
     m_linkTimeConstants[static_cast<unsigned>(LinkTimeConstant::typedArraySort)].initLater([] (const Initializer<JSCell>& init) {
             init.set(JSFunction::create(init.vm, jsCast<JSGlobalObject*>(init.owner), 0, String(), typedArrayViewPrivateFuncSort));
@@ -1214 +1219 @@
             init.set(JSFunction::create(init.vm, jsCast<JSGlobalObject*>(init.owner), 0, String(), typedArrayViewPrivateFuncIsTypedArrayView, IsTypedArrayViewIntrinsic));
         });
+    m_linkTimeConstants[static_cast<unsigned>(LinkTimeConstant::isBigIntTypedArrayView)].initLater([] (const Initializer<JSCell>& init) {
+            init.set(JSFunction::create(init.vm, jsCast<JSGlobalObject*>(init.owner), 0, String(), typedArrayViewPrivateFuncIsBigIntTypedArrayView));
+        });
     m_linkTimeConstants[static_cast<unsigned>(LinkTimeConstant::isSharedTypedArrayView)].initLater([] (const Initializer<JSCell>& init) {
             init.set(JSFunction::create(init.vm, jsCast<JSGlobalObject*>(init.owner), 0, String(), typedArrayViewPrivateFuncIsSharedTypedArrayView));
@@ -1234 +1242 @@
     m_linkTimeConstants[static_cast<unsigned>(LinkTimeConstant::instanceOf)].initLater([] (const Initializer<JSCell>& init) {
             init.set(JSFunction::create(init.vm, jsCast<JSGlobalObject*>(init.owner), 0, String(), objectPrivateFuncInstanceOf));
+        });
+    m_linkTimeConstants[static_cast<unsigned>(LinkTimeConstant::toBigInt)].initLater([] (const Initializer<JSCell>& init) {
+            init.set(JSFunction::create(init.vm, jsCast<JSGlobalObject*>(init.owner), 0, String(), globalFuncToBigInt));
         });
     m_linkTimeConstants[static_cast<unsigned>(LinkTimeConstant::BuiltinLog)].initLater([] (const Initializer<JSCell>& init) {

trunk/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp

@@ -968 +968 @@
 }
 
+JSC_DEFINE_HOST_FUNCTION(globalFuncToBigInt, (JSGlobalObject* globalObject, CallFrame* callFrame))
+{
+    return JSValue::encode(callFrame->argument(0).toBigInt(globalObject));
+}
+
 } // namespace JSC

trunk/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.h

@@ -60 +60 @@
 JSC_DECLARE_HOST_FUNCTION(globalFuncCopyDataProperties);
 JSC_DECLARE_HOST_FUNCTION(globalFuncDateTimeFormat);
+JSC_DECLARE_HOST_FUNCTION(globalFuncToBigInt);
 
 JS_EXPORT_PRIVATE double jsToNumber(StringView);

trunk/Source/JavaScriptCore/runtime/JSType.cpp

@@ -85 +85 @@
     CASE(Float32ArrayType)
     CASE(Float64ArrayType)
+    CASE(BigInt64ArrayType)
+    CASE(BigUint64ArrayType)
     CASE(DataViewType)
     CASE(GetterSetterType)

trunk/Source/JavaScriptCore/runtime/JSType.h

@@ -88 +88 @@
     Float32ArrayType,
     Float64ArrayType,
+    BigInt64ArrayType,
+    BigUint64ArrayType,
     DataViewType,
     // End JSArrayBufferView types.
@@ -142 +144 @@
 static constexpr uint32_t NumberOfTypedArrayTypes = LastTypedArrayType - FirstTypedArrayType + 1;
 static constexpr uint32_t NumberOfTypedArrayTypesExcludingDataView = NumberOfTypedArrayTypes - 1;
+static constexpr uint32_t NumberOfTypedArrayTypesExcludingBigIntArraysAndDataView = NumberOfTypedArrayTypes - 3;
 
 static_assert(sizeof(JSType) == sizeof(uint8_t), "sizeof(JSType) is one byte.");

trunk/Source/JavaScriptCore/runtime/JSTypedArrayConstructors.cpp

@@ -44 +44 @@
 MAKE_S_INFO(Float32Array);
 MAKE_S_INFO(Float64Array);
+MAKE_S_INFO(BigInt64Array);
+MAKE_S_INFO(BigUint64Array);
 MAKE_S_INFO(DataView);
 

trunk/Source/JavaScriptCore/runtime/JSTypedArrayConstructors.h

@@ -41 +41 @@
 using JSFloat32ArrayConstructor = JSGenericTypedArrayViewConstructor<JSFloat32Array>;
 using JSFloat64ArrayConstructor = JSGenericTypedArrayViewConstructor<JSFloat64Array>;
+using JSBigInt64ArrayConstructor = JSGenericTypedArrayViewConstructor<JSBigInt64Array>;
+using JSBigUint64ArrayConstructor = JSGenericTypedArrayViewConstructor<JSBigUint64Array>;
 using JSDataViewConstructor = JSGenericTypedArrayViewConstructor<JSDataView>;
 STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSInt8ArrayConstructor, InternalFunction);
@@ -51 +53 @@
 STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSFloat32ArrayConstructor, InternalFunction);
 STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSFloat64ArrayConstructor, InternalFunction);
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSBigInt64ArrayConstructor, InternalFunction);
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSBigUint64ArrayConstructor, InternalFunction);
 STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSDataViewConstructor, InternalFunction);
 

trunk/Source/JavaScriptCore/runtime/JSTypedArrayPrototypes.cpp

@@ -48 +48 @@
 MAKE_S_INFO(Float32Array);
 MAKE_S_INFO(Float64Array);
+MAKE_S_INFO(BigInt64Array);
+MAKE_S_INFO(BigUint64Array);
 
 } // namespace JSC

trunk/Source/JavaScriptCore/runtime/JSTypedArrayPrototypes.h

@@ -40 +40 @@
 typedef JSGenericTypedArrayViewPrototype<JSFloat32Array> JSFloat32ArrayPrototype;
 typedef JSGenericTypedArrayViewPrototype<JSFloat64Array> JSFloat64ArrayPrototype;
+typedef JSGenericTypedArrayViewPrototype<JSBigInt64Array> JSBigInt64ArrayPrototype;
+typedef JSGenericTypedArrayViewPrototype<JSBigUint64Array> JSBigUint64ArrayPrototype;
 
 } // namespace JSC

trunk/Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp

@@ -73 +73 @@
     case TypeUint16:                                                                            \
         return functionName<JSUint16Array>(vm, globalObject, callFrame);                        \
+    case TypeBigInt64:                                                                          \
+        return functionName<JSBigInt64Array>(vm, globalObject, callFrame);                      \
+    case TypeBigUint64:                                                                         \
+        return functionName<JSBigUint64Array>(vm, globalObject, callFrame);                     \
     case NotTypedArray:                                                                         \
     case TypeDataView:                                                                          \
@@ -85 +89 @@
     JSValue value = callFrame->uncheckedArgument(0);
     return JSValue::encode(jsBoolean(value.isCell() && isTypedView(value.asCell()->classInfo(globalObject->vm())->typedArrayStorageType)));
+}
+
+JSC_DEFINE_HOST_FUNCTION(typedArrayViewPrivateFuncIsBigIntTypedArrayView, (JSGlobalObject* globalObject, CallFrame* callFrame))
+{
+    JSValue value = callFrame->uncheckedArgument(0);
+    return JSValue::encode(jsBoolean(value.isCell() && isBigIntTypedView(value.asCell()->classInfo(globalObject->vm())->typedArrayStorageType)));
 }
 
@@ -172 +182 @@
 }
 
+JSC_DEFINE_HOST_FUNCTION(typedArrayViewPrivateFuncContentType, (JSGlobalObject* globalObject, CallFrame* callFrame))
+{
+    VM& vm = globalObject->vm();
+    auto scope = DECLARE_THROW_SCOPE(vm);
+    JSValue argument = callFrame->argument(0);
+    if (!argument.isCell() || !isTypedView(argument.asCell()->classInfo(vm)->typedArrayStorageType))
+        return throwVMTypeError(globalObject, scope, "Receiver should be a typed array view"_s);
+    return JSValue::encode(jsNumber(static_cast<int32_t>(contentType(argument.asCell()->classInfo(vm)->typedArrayStorageType))));
+}
+
 JSC_DEFINE_HOST_FUNCTION(typedArrayViewPrivateFuncGetOriginalConstructor, (JSGlobalObject* globalObject, CallFrame* callFrame))
 {
@@ -389 +409 @@
     case TypeUint16:
         return JSValue::encode(jsNontrivialString(vm, "Uint16Array"_s));
+    case TypeBigInt64:
+        return JSValue::encode(jsNontrivialString(vm, "BigInt64Array"_s));
+    case TypeBigUint64:
+        return JSValue::encode(jsNontrivialString(vm, "BigUint64Array"_s));
     case NotTypedArray:
     case TypeDataView:

trunk/Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.h

@@ -53 +53 @@
 
 JSC_DECLARE_HOST_FUNCTION(typedArrayViewPrivateFuncIsTypedArrayView);
+JSC_DECLARE_HOST_FUNCTION(typedArrayViewPrivateFuncIsBigIntTypedArrayView);
 JSC_DECLARE_HOST_FUNCTION(typedArrayViewPrivateFuncIsSharedTypedArrayView);
 JSC_DECLARE_HOST_FUNCTION(typedArrayViewPrivateFuncIsDetached);
@@ -58 +59 @@
 JSC_DECLARE_HOST_FUNCTION(typedArrayViewPrivateFuncSort);
 JSC_DECLARE_HOST_FUNCTION(typedArrayViewPrivateFuncLength);
+JSC_DECLARE_HOST_FUNCTION(typedArrayViewPrivateFuncContentType);
 JSC_DECLARE_HOST_FUNCTION(typedArrayViewPrivateFuncGetOriginalConstructor);
 JSC_DECLARE_HOST_FUNCTION(typedArrayViewPrivateFuncSubarrayCreate);

trunk/Source/JavaScriptCore/runtime/JSTypedArrays.cpp

@@ -62 +62 @@
 MAKE_S_INFO(Float32);
 MAKE_S_INFO(Float64);
+MAKE_S_INFO(BigInt64);
+MAKE_S_INFO(BigUint64);
 
 MAKE_CONSTRUCTORS(DataView);

trunk/Source/JavaScriptCore/runtime/JSTypedArrays.h

@@ -40 +40 @@
 using JSFloat32Array = JSGenericTypedArrayView<Float32Adaptor>;
 using JSFloat64Array = JSGenericTypedArrayView<Float64Adaptor>;
+using JSBigInt64Array = JSGenericTypedArrayView<BigInt64Adaptor>;
+using JSBigUint64Array = JSGenericTypedArrayView<BigUint64Adaptor>;
 
 JS_EXPORT_PRIVATE JSUint8Array* createUint8TypedArray(JSGlobalObject*, Structure*, RefPtr<ArrayBuffer>&&, unsigned byteOffset, unsigned length);

trunk/Source/JavaScriptCore/runtime/ToNativeFromValue.h

@@ -27 +27 @@
 
 #include "JSCJSValue.h"
+#include "TypedArrayAdaptors.h"
 
 namespace JSC {
@@ -33 +34 @@
 typename Adaptor::Type toNativeFromValue(JSValue value)
 {
+    // FIXME: BigInt
     if (value.isInt32())
         return Adaptor::toNativeFromInt32(value.asInt32());
@@ -41 +43 @@
 typename Adaptor::Type toNativeFromValue(JSGlobalObject* globalObject, JSValue value)
 {
-    if (value.isInt32())
-        return Adaptor::toNativeFromInt32(value.asInt32());
-    if (value.isNumber())
-        return Adaptor::toNativeFromDouble(value.asDouble());
-    return Adaptor::toNativeFromDouble(value.toNumber(globalObject));
+    if constexpr (std::is_same_v<Adaptor, BigInt64Adaptor> || std::is_same_v<Adaptor, BigUint64Adaptor>) {
+        if constexpr (std::is_same_v<Adaptor, BigInt64Adaptor>)
+            return value.toBigInt64(globalObject);
+        else
+            return value.toBigUInt64(globalObject);
+    } else {
+        if (value.isInt32())
+            return Adaptor::toNativeFromInt32(value.asInt32());
+        if (value.isNumber())
+            return Adaptor::toNativeFromDouble(value.asDouble());
+        return Adaptor::toNativeFromDouble(value.toNumber(globalObject));
+    }
 }
 
@@ -51 +60 @@
 Optional<typename Adaptor::Type> toNativeFromValueWithoutCoercion(JSValue value)
 {
-    if (!value.isNumber())
-        return WTF::nullopt;
-    if (value.isInt32())
-        return Adaptor::toNativeFromInt32WithoutCoercion(value.asInt32());
-    return Adaptor::toNativeFromDoubleWithoutCoercion(value.asDouble());
+    if constexpr (std::is_same_v<Adaptor, BigInt64Adaptor> || std::is_same_v<Adaptor, BigUint64Adaptor>) {
+        if (!value.isBigInt())
+            return WTF::nullopt;
+        if constexpr (std::is_same_v<Adaptor, BigInt64Adaptor>)
+            return JSBigInt::toBigInt64(value);
+        else
+            return JSBigInt::toBigUInt64(value);
+    } else {
+        if (!value.isNumber())
+            return WTF::nullopt;
+        if (value.isInt32())
+            return Adaptor::toNativeFromInt32WithoutCoercion(value.asInt32());
+        return Adaptor::toNativeFromDoubleWithoutCoercion(value.asDouble());
+    }
 }
 

trunk/Source/JavaScriptCore/runtime/TypedArrayAdaptors.h

@@ -26 +26 @@
 #pragma once
 
+#include "JSBigInt.h"
 #include "JSCJSValue.h"
 #include "MathCommon.h"
@@ -40 +41 @@
     typedef ViewTypeArg ViewType;
     typedef JSViewTypeArg JSViewType;
-    static const TypedArrayType typeValue = typeValueArg;
-    constexpr static const TypeArg minValue = std::numeric_limits<TypeArg>::lowest();
-    constexpr static const TypeArg maxValue = std::numeric_limits<TypeArg>::max();
-
-    static JSValue toJSValue(Type value)
+    static constexpr TypedArrayType typeValue = typeValueArg;
+    static constexpr TypeArg minValue = std::numeric_limits<TypeArg>::lowest();
+    static constexpr TypeArg maxValue = std::numeric_limits<TypeArg>::max();
+    static constexpr bool canConvertToJSQuickly = true;
+    static constexpr TypedArrayContentType contentType = JSC::contentType(typeValue);
+
+    static JSValue toJSValue(JSGlobalObject*, Type value)
     {
         static_assert(!std::is_floating_point<Type>::value, "");
         return jsNumber(value);
-    }
-    
-    static double toDouble(Type value)
-    {
-        return static_cast<double>(value);
     }
     
@@ -116 +114 @@
     typedef ViewTypeArg ViewType;
     typedef JSViewTypeArg JSViewType;
-    static const TypedArrayType typeValue = typeValueArg;
-    constexpr static const TypeArg minValue = std::numeric_limits<TypeArg>::lowest();
-    constexpr static const TypeArg maxValue = std::numeric_limits<TypeArg>::max();
-
-    static JSValue toJSValue(Type value)
+    static constexpr TypedArrayType typeValue = typeValueArg;
+    static constexpr TypeArg minValue = std::numeric_limits<TypeArg>::lowest();
+    static constexpr TypeArg maxValue = std::numeric_limits<TypeArg>::max();
+    static constexpr bool canConvertToJSQuickly = true;
+    static constexpr TypedArrayContentType contentType = JSC::contentType(typeValue);
+
+    static JSValue toJSValue(JSGlobalObject*, Type value)
     {
         return jsDoubleNumber(purifyNaN(value));
-    }
-
-    static double toDouble(Type value)
-    {
-        return static_cast<double>(value);
     }
 
@@ -170 +165 @@
 
         return valueResult;
+    }
+};
+
+template<
+    typename TypeArg, typename ViewTypeArg, typename JSViewTypeArg,
+    TypedArrayType typeValueArg>
+struct BigIntTypedArrayAdaptor {
+    typedef TypeArg Type;
+    typedef ViewTypeArg ViewType;
+    typedef JSViewTypeArg JSViewType;
+    static constexpr TypedArrayType typeValue = typeValueArg;
+    static constexpr TypeArg minValue = std::numeric_limits<TypeArg>::lowest();
+    static constexpr TypeArg maxValue = std::numeric_limits<TypeArg>::max();
+    static constexpr bool canConvertToJSQuickly = false;
+    static constexpr TypedArrayContentType contentType = JSC::contentType(typeValue);
+
+    static JSValue toJSValue(JSGlobalObject* globalObject, Type value)
+    {
+        ASSERT(globalObject);
+        return JSBigInt::makeHeapBigIntOrBigInt32(globalObject, value);
+    }
+
+    static Type toNativeFromInt32(int32_t value)
+    {
+        return static_cast<Type>(value);
+    }
+
+    static Type toNativeFromUint32(uint32_t value)
+    {
+        return static_cast<Type>(value);
+    }
+
+    static Type toNativeFromDouble(double value)
+    {
+        return static_cast<Type>(value);
+    }
+
+    template<typename OtherAdaptor>
+    static typename OtherAdaptor::Type convertTo(Type value)
+    {
+        return static_cast<typename OtherAdaptor::Type>(value);
     }
 };
@@ -182 +218 @@
 struct Float32Adaptor;
 struct Float64Adaptor;
+struct BigInt64Adaptor;
+struct BigUint64Adaptor;
 
 template<typename Adaptor> class GenericTypedArrayView;
@@ -193 +231 @@
 typedef GenericTypedArrayView<Float32Adaptor> Float32Array;
 typedef GenericTypedArrayView<Float64Adaptor> Float64Array;
+typedef GenericTypedArrayView<BigInt64Adaptor> BigInt64Array;
+typedef GenericTypedArrayView<BigUint64Adaptor> BigUint64Array;
 
 template<typename Adaptor> class JSGenericTypedArrayView;
@@ -204 +244 @@
 using JSFloat32Array = JSGenericTypedArrayView<Float32Adaptor>;
 using JSFloat64Array = JSGenericTypedArrayView<Float64Adaptor>;
+using JSBigInt64Array = JSGenericTypedArrayView<BigInt64Adaptor>;
+using JSBigUint64Array = JSGenericTypedArrayView<BigUint64Adaptor>;
 
 struct Int8Adaptor : IntegralTypedArrayAdaptor<int8_t, Int8Array, JSInt8Array, TypeInt8> { };
@@ -213 +255 @@
 struct Float32Adaptor : FloatTypedArrayAdaptor<float, Float32Array, JSFloat32Array, TypeFloat32> { };
 struct Float64Adaptor : FloatTypedArrayAdaptor<double, Float64Array, JSFloat64Array, TypeFloat64> { };
+struct BigInt64Adaptor : BigIntTypedArrayAdaptor<int64_t, BigInt64Array, JSBigInt64Array, TypeBigInt64> { };
+struct BigUint64Adaptor : BigIntTypedArrayAdaptor<uint64_t, BigUint64Array, JSBigUint64Array, TypeBigUint64> { };
 
 struct Uint8ClampedAdaptor {
@@ -218 +262 @@
     typedef Uint8ClampedArray ViewType;
     typedef JSUint8ClampedArray JSViewType;
-    static const TypedArrayType typeValue = TypeUint8Clamped;
-    constexpr static const uint8_t minValue = std::numeric_limits<uint8_t>::lowest();
-    constexpr static const uint8_t maxValue = std::numeric_limits<uint8_t>::max();
-
-    static JSValue toJSValue(uint8_t value)
+    static constexpr TypedArrayType typeValue = TypeUint8Clamped;
+    static constexpr uint8_t minValue = std::numeric_limits<uint8_t>::lowest();
+    static constexpr uint8_t maxValue = std::numeric_limits<uint8_t>::max();
+    static constexpr bool canConvertToJSQuickly = true;
+    static constexpr TypedArrayContentType contentType = JSC::contentType(typeValue);
+
+    static JSValue toJSValue(JSGlobalObject*, uint8_t value)
     {
         return jsNumber(value);
-    }
-
-    static double toDouble(uint8_t value)
-    {
-        return static_cast<double>(value);
     }
 

trunk/Source/JavaScriptCore/runtime/TypedArrayType.cpp

@@ -54 +54 @@
     case TypeFloat64:
         return JSFloat64ArrayConstructor::info();
+    case TypeBigInt64:
+        return JSBigInt64ArrayConstructor::info();
+    case TypeBigUint64:
+        return JSBigUint64ArrayConstructor::info();
     case TypeDataView:
         return JSDataViewConstructor::info();
@@ -100 +104 @@
         out.print("TypeFloat64");
         return;
+    case TypeBigInt64:
+        out.print("TypeBigInt64");
+        return;
+    case TypeBigUint64:
+        out.print("TypeBigUint64");
+        return;
     case TypeDataView:
         out.print("TypeDataView");

trunk/Source/JavaScriptCore/runtime/TypedArrayType.h

@@ -43 +43 @@
     macro(Uint32) \
     macro(Float32) \
-    macro(Float64)
+    macro(Float64) \
+    macro(BigInt64) \
+    macro(BigUint64)
 
 #define FOR_EACH_TYPED_ARRAY_TYPE(macro) \
@@ -56 +58 @@
 };
 
+enum class TypedArrayContentType : uint8_t {
+    None,
+    Number,
+    BigInt,
+};
+
 #define ASSERT_TYPED_ARRAY_TYPE(name) \
     static_assert(static_cast<uint32_t>(Type ## name) == (static_cast<uint32_t>(name ## ArrayType) - FirstTypedArrayType + static_cast<uint32_t>(TypeInt8)), "");
@@ -86 +94 @@
 }
 
+inline bool isBigIntTypedView(TypedArrayType type)
+{
+    switch (type) {
+    case TypeBigInt64:
+    case TypeBigUint64:
+        return true;
+    default:
+        return false;
+    }
+}
+
 inline unsigned logElementSize(TypedArrayType type)
 {
@@ -104 +123 @@
         return 2;
     case TypeFloat64:
+    case TypeBigInt64:
+    case TypeBigUint64:
         return 3;
     }
@@ -160 +181 @@
 }
 
+inline bool isBigInt(TypedArrayType type)
+{
+    switch (type) {
+    case TypeBigInt64:
+    case TypeBigUint64:
+        return true;
+    default:
+        return false;
+    }
+}
+
 inline bool isSigned(TypedArrayType type)
 {
@@ -168 +200 @@
     case TypeFloat32:
     case TypeFloat64:
+    case TypeBigInt64:
         return true;
     default:
@@ -179 +212 @@
 }
 
+inline constexpr TypedArrayContentType contentType(TypedArrayType type)
+{
+    switch (type) {
+    case TypeBigInt64:
+    case TypeBigUint64:
+        return TypedArrayContentType::BigInt;
+    case TypeInt8:
+    case TypeInt16:
+    case TypeInt32:
+    case TypeUint8:
+    case TypeUint16:
+    case TypeUint32:
+    case TypeFloat32:
+    case TypeFloat64:
+    case TypeUint8Clamped:
+        return TypedArrayContentType::Number;
+    case NotTypedArray:
+    case TypeDataView:
+        return TypedArrayContentType::None;
+    }
+    return TypedArrayContentType::None;
+}
+
 } // namespace JSC
 

trunk/Source/JavaScriptCore/runtime/TypedArrays.h

@@ -40 +40 @@
 typedef GenericTypedArrayView<Float32Adaptor> Float32Array;
 typedef GenericTypedArrayView<Float64Adaptor> Float64Array;
+typedef GenericTypedArrayView<BigInt64Adaptor> BigInt64Array;
+typedef GenericTypedArrayView<BigUint64Adaptor> BigUint64Array;
 
 } // namespace JSC

trunk/Source/JavaScriptCore/runtime/VM.cpp

@@ -1472 +1472 @@
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(arrayIteratorSpace, cellHeapCellType.get(), JSArrayIterator)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(asyncGeneratorSpace, cellHeapCellType.get(), JSAsyncGenerator)
+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(bigInt64ArraySpace, cellHeapCellType.get(), JSBigInt64Array)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(bigIntObjectSpace, cellHeapCellType.get(), BigIntObject)
+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(bigUint64ArraySpace, cellHeapCellType.get(), JSBigUint64Array)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(booleanObjectSpace, cellHeapCellType.get(), BooleanObject)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(boundFunctionSpace, cellHeapCellType.get(), JSBoundFunction) // Hash:0xd7916d41

trunk/Source/JavaScriptCore/runtime/VM.h

@@ -494 +494 @@
     DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(arrayIteratorSpace)
     DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(asyncGeneratorSpace)
+    DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(bigInt64ArraySpace)
     DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(bigIntObjectSpace)
+    DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(bigUint64ArraySpace)
     DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(booleanObjectSpace)
     DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(boundFunctionSpace)