Changeset 205494 in webkit


Ignore:
Timestamp:
Sep 6, 2016 11:18:10 AM (8 years ago)
Author:
fpizlo@apple.com
Message:

Typed arrays should use MarkedSpace instead of CopiedSpace
https://bugs.webkit.org/show_bug.cgi?id=161100

Reviewed by Geoffrey Garen.

This moves typed array backing stores out of CopiedSpace and into Auxiliary MarkedSpace.

This is a purely mechanical change since Auxiliary MarkedSpace already knows how to do
everything that typed arrays want.

  • dfg/DFGOperations.cpp:

(JSC::DFG::newTypedArrayWithSize):

  • dfg/DFGOperations.h:

(JSC::DFG::operationNewTypedArrayWithSizeForType):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileNewTypedArray):

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):
(JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage): Deleted.

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
(JSC::FTL::DFG::LowerDFGToB3::initializeArrayElements):
(JSC::FTL::DFG::LowerDFGToB3::splatWords):
(JSC::FTL::DFG::LowerDFGToB3::allocateBasicStorageAndGetEnd): Deleted.
(JSC::FTL::DFG::LowerDFGToB3::allocateBasicStorage): Deleted.

  • heap/CopyToken.h:
  • heap/SlotVisitor.cpp:

(JSC::SlotVisitor::markAuxiliary):

  • jit/JITOperations.h:
  • runtime/JSArrayBufferView.cpp:

(JSC::JSArrayBufferView::ConstructionContext::ConstructionContext):
(JSC::JSArrayBufferView::JSArrayBufferView):

  • runtime/JSArrayBufferView.h:
  • runtime/JSGenericTypedArrayView.h:
  • runtime/JSGenericTypedArrayViewInlines.h:

(JSC::JSGenericTypedArrayView<Adaptor>::createWithFastVector):
(JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
(JSC::JSGenericTypedArrayView<Adaptor>::slowDownAndWasteMemory):
(JSC::JSGenericTypedArrayView<Adaptor>::copyBackingStore): Deleted.

Location:
trunk/Source/JavaScriptCore
Files:
13 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r205477 r205494  
     12016-09-06  Filip Pizlo  <fpizlo@apple.com>
     2
     3        Typed arrays should use MarkedSpace instead of CopiedSpace
     4        https://bugs.webkit.org/show_bug.cgi?id=161100
     5
     6        Reviewed by Geoffrey Garen.
     7       
     8        This moves typed array backing stores out of CopiedSpace and into Auxiliary MarkedSpace.
     9       
     10        This is a purely mechanical change since Auxiliary MarkedSpace already knows how to do
     11        everything that typed arrays want.
     12
     13        * dfg/DFGOperations.cpp:
     14        (JSC::DFG::newTypedArrayWithSize):
     15        * dfg/DFGOperations.h:
     16        (JSC::DFG::operationNewTypedArrayWithSizeForType):
     17        * dfg/DFGSpeculativeJIT.cpp:
     18        (JSC::DFG::SpeculativeJIT::compileNewTypedArray):
     19        * dfg/DFGSpeculativeJIT.h:
     20        (JSC::DFG::SpeculativeJIT::callOperation):
     21        (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage): Deleted.
     22        * ftl/FTLLowerDFGToB3.cpp:
     23        (JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
     24        (JSC::FTL::DFG::LowerDFGToB3::initializeArrayElements):
     25        (JSC::FTL::DFG::LowerDFGToB3::splatWords):
     26        (JSC::FTL::DFG::LowerDFGToB3::allocateBasicStorageAndGetEnd): Deleted.
     27        (JSC::FTL::DFG::LowerDFGToB3::allocateBasicStorage): Deleted.
     28        * heap/CopyToken.h:
     29        * heap/SlotVisitor.cpp:
     30        (JSC::SlotVisitor::markAuxiliary):
     31        * jit/JITOperations.h:
     32        * runtime/JSArrayBufferView.cpp:
     33        (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext):
     34        (JSC::JSArrayBufferView::JSArrayBufferView):
     35        * runtime/JSArrayBufferView.h:
     36        * runtime/JSGenericTypedArrayView.h:
     37        * runtime/JSGenericTypedArrayViewInlines.h:
     38        (JSC::JSGenericTypedArrayView<Adaptor>::createWithFastVector):
     39        (JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
     40        (JSC::JSGenericTypedArrayView<Adaptor>::slowDownAndWasteMemory):
     41        (JSC::JSGenericTypedArrayView<Adaptor>::copyBackingStore): Deleted.
     42
    1432016-09-06  Michael Catanzaro  <mcatanzaro@igalia.com>
    244

  • trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp

    r205462 r205494  
    135135
    136136template<typename ViewClass>
    137 char* newTypedArrayWithSize(ExecState* exec, Structure* structure, int32_t size)
     137char* newTypedArrayWithSize(ExecState* exec, Structure* structure, int32_t size, char* vector)
    138138{
    139139    VM& vm = exec->vm();
     
    145145        return 0;
    146146    }
     147   
     148    if (vector)
     149        return bitwise_cast<char*>(ViewClass::createWithFastVector(exec, structure, size, vector));
     150   
    147151    return bitwise_cast<char*>(ViewClass::create(exec, structure, size));
    148152}
     
    959963
    960964char* JIT_OPERATION operationNewInt8ArrayWithSize(
    961     ExecState* exec, Structure* structure, int32_t length)
    962 {
    963     return newTypedArrayWithSize<JSInt8Array>(exec, structure, length);
     965    ExecState* exec, Structure* structure, int32_t length, char* vector)
     966{
     967    return newTypedArrayWithSize<JSInt8Array>(exec, structure, length, vector);
    964968}
    965969
     
    973977
    974978char* JIT_OPERATION operationNewInt16ArrayWithSize(
    975     ExecState* exec, Structure* structure, int32_t length)
    976 {
    977     return newTypedArrayWithSize<JSInt16Array>(exec, structure, length);
     979    ExecState* exec, Structure* structure, int32_t length, char* vector)
     980{
     981    return newTypedArrayWithSize<JSInt16Array>(exec, structure, length, vector);
    978982}
    979983
     
    987991
    988992char* JIT_OPERATION operationNewInt32ArrayWithSize(
    989     ExecState* exec, Structure* structure, int32_t length)
    990 {
    991     return newTypedArrayWithSize<JSInt32Array>(exec, structure, length);
     993    ExecState* exec, Structure* structure, int32_t length, char* vector)
     994{
     995    return newTypedArrayWithSize<JSInt32Array>(exec, structure, length, vector);
    992996}
    993997
     
    10011005
    10021006char* JIT_OPERATION operationNewUint8ArrayWithSize(
    1003     ExecState* exec, Structure* structure, int32_t length)
    1004 {
    1005     return newTypedArrayWithSize<JSUint8Array>(exec, structure, length);
     1007    ExecState* exec, Structure* structure, int32_t length, char* vector)
     1008{
     1009    return newTypedArrayWithSize<JSUint8Array>(exec, structure, length, vector);
    10061010}
    10071011
     
    10151019
    10161020char* JIT_OPERATION operationNewUint8ClampedArrayWithSize(
    1017     ExecState* exec, Structure* structure, int32_t length)
    1018 {
    1019     return newTypedArrayWithSize<JSUint8ClampedArray>(exec, structure, length);
     1021    ExecState* exec, Structure* structure, int32_t length, char* vector)
     1022{
     1023    return newTypedArrayWithSize<JSUint8ClampedArray>(exec, structure, length, vector);
    10201024}
    10211025
     
    10291033
    10301034char* JIT_OPERATION operationNewUint16ArrayWithSize(
    1031     ExecState* exec, Structure* structure, int32_t length)
    1032 {
    1033     return newTypedArrayWithSize<JSUint16Array>(exec, structure, length);
     1035    ExecState* exec, Structure* structure, int32_t length, char* vector)
     1036{
     1037    return newTypedArrayWithSize<JSUint16Array>(exec, structure, length, vector);
    10341038}
    10351039
     
    10431047
    10441048char* JIT_OPERATION operationNewUint32ArrayWithSize(
    1045     ExecState* exec, Structure* structure, int32_t length)
    1046 {
    1047     return newTypedArrayWithSize<JSUint32Array>(exec, structure, length);
     1049    ExecState* exec, Structure* structure, int32_t length, char* vector)
     1050{
     1051    return newTypedArrayWithSize<JSUint32Array>(exec, structure, length, vector);
    10481052}
    10491053
     
    10571061
    10581062char* JIT_OPERATION operationNewFloat32ArrayWithSize(
    1059     ExecState* exec, Structure* structure, int32_t length)
    1060 {
    1061     return newTypedArrayWithSize<JSFloat32Array>(exec, structure, length);
     1063    ExecState* exec, Structure* structure, int32_t length, char* vector)
     1064{
     1065    return newTypedArrayWithSize<JSFloat32Array>(exec, structure, length, vector);
    10621066}
    10631067
     
    10711075
    10721076char* JIT_OPERATION operationNewFloat64ArrayWithSize(
    1073     ExecState* exec, Structure* structure, int32_t length)
    1074 {
    1075     return newTypedArrayWithSize<JSFloat64Array>(exec, structure, length);
     1077    ExecState* exec, Structure* structure, int32_t length, char* vector)
     1078{
     1079    return newTypedArrayWithSize<JSFloat64Array>(exec, structure, length, vector);
    10761080}
    10771081

  • trunk/Source/JavaScriptCore/dfg/DFGOperations.h

    r205462 r205494  
    7272char* JIT_OPERATION operationNewEmptyArray(ExecState*, Structure*) WTF_INTERNAL;
    7373char* JIT_OPERATION operationNewArrayWithSize(ExecState*, Structure*, int32_t, Butterfly*) WTF_INTERNAL;
    74 char* JIT_OPERATION operationNewInt8ArrayWithSize(ExecState*, Structure*, int32_t) WTF_INTERNAL;
     74char* JIT_OPERATION operationNewInt8ArrayWithSize(ExecState*, Structure*, int32_t, char*) WTF_INTERNAL;
    7575char* JIT_OPERATION operationNewInt8ArrayWithOneArgument(ExecState*, Structure*, EncodedJSValue) WTF_INTERNAL;
    76 char* JIT_OPERATION operationNewInt16ArrayWithSize(ExecState*, Structure*, int32_t) WTF_INTERNAL;
     76char* JIT_OPERATION operationNewInt16ArrayWithSize(ExecState*, Structure*, int32_t, char*) WTF_INTERNAL;
    7777char* JIT_OPERATION operationNewInt16ArrayWithOneArgument(ExecState*, Structure*, EncodedJSValue) WTF_INTERNAL;
    78 char* JIT_OPERATION operationNewInt32ArrayWithSize(ExecState*, Structure*, int32_t) WTF_INTERNAL;
     78char* JIT_OPERATION operationNewInt32ArrayWithSize(ExecState*, Structure*, int32_t, char*) WTF_INTERNAL;
    7979char* JIT_OPERATION operationNewInt32ArrayWithOneArgument(ExecState*, Structure*, EncodedJSValue) WTF_INTERNAL;
    80 char* JIT_OPERATION operationNewUint8ArrayWithSize(ExecState*, Structure*, int32_t) WTF_INTERNAL;
     80char* JIT_OPERATION operationNewUint8ArrayWithSize(ExecState*, Structure*, int32_t, char*) WTF_INTERNAL;
    8181char* JIT_OPERATION operationNewUint8ArrayWithOneArgument(ExecState*, Structure*, EncodedJSValue) WTF_INTERNAL;
    82 char* JIT_OPERATION operationNewUint8ClampedArrayWithSize(ExecState*, Structure*, int32_t) WTF_INTERNAL;
     82char* JIT_OPERATION operationNewUint8ClampedArrayWithSize(ExecState*, Structure*, int32_t, char*) WTF_INTERNAL;
    8383char* JIT_OPERATION operationNewUint8ClampedArrayWithOneArgument(ExecState*, Structure*, EncodedJSValue) WTF_INTERNAL;
    84 char* JIT_OPERATION operationNewUint16ArrayWithSize(ExecState*, Structure*, int32_t) WTF_INTERNAL;
     84char* JIT_OPERATION operationNewUint16ArrayWithSize(ExecState*, Structure*, int32_t, char*) WTF_INTERNAL;
    8585char* JIT_OPERATION operationNewUint16ArrayWithOneArgument(ExecState*, Structure*, EncodedJSValue) WTF_INTERNAL;
    86 char* JIT_OPERATION operationNewUint32ArrayWithSize(ExecState*, Structure*, int32_t) WTF_INTERNAL;
     86char* JIT_OPERATION operationNewUint32ArrayWithSize(ExecState*, Structure*, int32_t, char*) WTF_INTERNAL;
    8787char* JIT_OPERATION operationNewUint32ArrayWithOneArgument(ExecState*, Structure*, EncodedJSValue) WTF_INTERNAL;
    88 char* JIT_OPERATION operationNewFloat32ArrayWithSize(ExecState*, Structure*, int32_t) WTF_INTERNAL;
     88char* JIT_OPERATION operationNewFloat32ArrayWithSize(ExecState*, Structure*, int32_t, char*) WTF_INTERNAL;
    8989char* JIT_OPERATION operationNewFloat32ArrayWithOneArgument(ExecState*, Structure*, EncodedJSValue) WTF_INTERNAL;
    90 char* JIT_OPERATION operationNewFloat64ArrayWithSize(ExecState*, Structure*, int32_t) WTF_INTERNAL;
     90char* JIT_OPERATION operationNewFloat64ArrayWithSize(ExecState*, Structure*, int32_t, char*) WTF_INTERNAL;
    9191char* JIT_OPERATION operationNewFloat64ArrayWithOneArgument(ExecState*, Structure*, EncodedJSValue) WTF_INTERNAL;
    9292void JIT_OPERATION operationPutByValStrict(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedProperty, EncodedJSValue encodedValue) WTF_INTERNAL;
     
    199199} // extern "C"
    200200
    201 inline P_JITOperation_EStZ operationNewTypedArrayWithSizeForType(TypedArrayType type)
     201inline P_JITOperation_EStZP operationNewTypedArrayWithSizeForType(TypedArrayType type)
    202202{
    203203    switch (type) {

  • trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

    r205462 r205494  
    71817181   
    71827182    JITCompiler::JumpList slowCases;
     7183   
     7184    m_jit.move(TrustedImmPtr(0), storageGPR);
    71837185
    71847186    slowCases.append(m_jit.branch32(
     
    71927194        m_jit.and32(TrustedImm32(~7), scratchGPR);
    71937195    }
    7194     slowCases.append(
    7195         emitAllocateBasicStorage(scratchGPR, storageGPR));
    7196    
    7197     m_jit.subPtr(scratchGPR, storageGPR);
    7198    
    7199     emitAllocateJSObject<JSArrayBufferView>(
    7200         resultGPR, TrustedImmPtr(structure), TrustedImmPtr(0), scratchGPR, scratchGPR2,
    7201         slowCases);
    7202    
    7203     m_jit.storePtr(
    7204         storageGPR,
    7205         MacroAssembler::Address(resultGPR, JSArrayBufferView::offsetOfVector()));
    7206     m_jit.store32(
    7207         sizeGPR,
    7208         MacroAssembler::Address(resultGPR, JSArrayBufferView::offsetOfLength()));
    7209     m_jit.store32(
    7210         TrustedImm32(FastTypedArray),
    7211         MacroAssembler::Address(resultGPR, JSArrayBufferView::offsetOfMode()));
    7212    
    7213 #if USE(JSVALUE32_64)
     7196    m_jit.emitAllocateVariableSized(
     7197        storageGPR, m_jit.vm()->heap.subspaceForAuxiliaryData(), scratchGPR, scratchGPR,
     7198        scratchGPR2, slowCases);
     7199   
    72147200    MacroAssembler::Jump done = m_jit.branchTest32(MacroAssembler::Zero, sizeGPR);
    72157201    m_jit.move(sizeGPR, scratchGPR);
     
    72317217    m_jit.branchTest32(MacroAssembler::NonZero, scratchGPR).linkTo(loop, &m_jit);
    72327218    done.link(&m_jit);
    7233 #endif // USE(JSVALUE32_64)
     7219   
     7220    emitAllocateJSObject<JSArrayBufferView>(
     7221        resultGPR, TrustedImmPtr(structure), TrustedImmPtr(0), scratchGPR, scratchGPR2,
     7222        slowCases);
     7223   
     7224    m_jit.storePtr(
     7225        storageGPR,
     7226        MacroAssembler::Address(resultGPR, JSArrayBufferView::offsetOfVector()));
     7227    m_jit.store32(
     7228        sizeGPR,
     7229        MacroAssembler::Address(resultGPR, JSArrayBufferView::offsetOfLength()));
     7230    m_jit.store32(
     7231        TrustedImm32(FastTypedArray),
     7232        MacroAssembler::Address(resultGPR, JSArrayBufferView::offsetOfMode()));
    72347233   
    72357234    addSlowPathGenerator(slowPathCall(
    72367235        slowCases, this, operationNewTypedArrayWithSizeForType(type),
    7237         resultGPR, structure, sizeGPR));
     7236        resultGPR, structure, sizeGPR, storageGPR));
    72387237   
    72397238    cellResult(resultGPR, node);

  • trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h

    r205462 r205494  
    989989        return appendCallSetResult(operation, result);
    990990    }
    991     JITCompiler::Call callOperation(P_JITOperation_EStZ operation, GPRReg result, Structure* structure, GPRReg arg2)
    992     {
    993         m_jit.setupArgumentsWithExecState(TrustedImmPtr(structure), arg2);
    994         return appendCallSetResult(operation, result);
    995     }
    996     JITCompiler::Call callOperation(P_JITOperation_EStZ operation, GPRReg result, Structure* structure, size_t arg2)
    997     {
    998         m_jit.setupArgumentsWithExecState(TrustedImmPtr(structure), TrustedImm32(arg2));
    999         return appendCallSetResult(operation, result);
    1000     }
    1001     JITCompiler::Call callOperation(P_JITOperation_EStZ operation, GPRReg result, GPRReg arg1, GPRReg arg2)
    1002     {
    1003         m_jit.setupArgumentsWithExecState(arg1, arg2);
     991    JITCompiler::Call callOperation(P_JITOperation_EStZP operation, GPRReg result, Structure* structure, GPRReg arg2, GPRReg arg3)
     992    {
     993        m_jit.setupArgumentsWithExecState(TrustedImmPtr(structure), arg2, arg3);
     994        return appendCallSetResult(operation, result);
     995    }
     996    JITCompiler::Call callOperation(P_JITOperation_EStZP operation, GPRReg result, Structure* structure, size_t arg2, GPRReg arg3)
     997    {
     998        m_jit.setupArgumentsWithExecState(TrustedImmPtr(structure), TrustedImm32(arg2), arg3);
     999        return appendCallSetResult(operation, result);
     1000    }
     1001    JITCompiler::Call callOperation(P_JITOperation_EStZP operation, GPRReg result, GPRReg arg1, GPRReg arg2, GPRReg arg3)
     1002    {
     1003        m_jit.setupArgumentsWithExecState(arg1, arg2, arg3);
    10041004        return appendCallSetResult(operation, result);
    10051005    }
     
    25512551    void blessBoolean(GPRReg);
    25522552   
    2553     // size can be an immediate or a register, and must be in bytes. If size is a register,
    2554     // it must be a different register than resultGPR. Emits code that place a pointer to
    2555     // the end of the allocation. The returned jump is the jump to the slow path.
    2556     template<typename SizeType>
    2557     MacroAssembler::Jump emitAllocateBasicStorage(SizeType size, GPRReg resultGPR)
    2558     {
    2559         CopiedAllocator* copiedAllocator = &m_jit.vm()->heap.storageAllocator();
    2560 
    2561         // It's invalid to allocate zero bytes in CopiedSpace.
    2562 #ifndef NDEBUG
    2563         m_jit.move(size, resultGPR);
    2564         MacroAssembler::Jump nonZeroSize = m_jit.branchTest32(MacroAssembler::NonZero, resultGPR);
    2565         m_jit.abortWithReason(DFGBasicStorageAllocatorZeroSize);
    2566         nonZeroSize.link(&m_jit);
    2567 #endif
    2568 
    2569         m_jit.loadPtr(&copiedAllocator->m_currentRemaining, resultGPR);
    2570         MacroAssembler::Jump slowPath = m_jit.branchSubPtr(JITCompiler::Signed, size, resultGPR);
    2571         m_jit.storePtr(resultGPR, &copiedAllocator->m_currentRemaining);
    2572         m_jit.negPtr(resultGPR);
    2573         m_jit.addPtr(JITCompiler::AbsoluteAddress(&copiedAllocator->m_currentPayloadEnd), resultGPR);
    2574        
    2575         return slowPath;
    2576     }
    2577 
    25782553    // Allocator for a cell of a specific size.
    25792554    template <typename StructureType> // StructureType can be GPR or ImmPtr.

  • trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp

    r205462 r205494  
    41334133            LBasicBlock slowCase = m_out.newBlock();
    41344134            LBasicBlock continuation = m_out.newBlock();
     4135           
     4136            ValueFromBlock noStorage = m_out.anchor(m_out.intPtrZero);
    41354137
    41364138            m_out.branch(
     
    41524154            }
    41534155       
    4154             LValue storage = allocateBasicStorage(byteSize, slowCase);
     4156            LValue allocator = allocatorForSize(
     4157                vm().heap.subspaceForAuxiliaryData(), byteSize, slowCase);
     4158            LValue storage = allocateHeapCell(allocator, slowCase);
     4159           
     4160            splatWords(
     4161                storage,
     4162                m_out.int32Zero,
     4163                m_out.castToInt32(m_out.lShr(byteSize, m_out.constIntPtr(3))),
     4164                m_out.int64Zero,
     4165                m_heaps.typedArrayProperties);
     4166
     4167            ValueFromBlock haveStorage = m_out.anchor(storage);
    41554168
    41564169            LValue fastResultValue =
     
    41604173            m_out.store32(size, fastResultValue, m_heaps.JSArrayBufferView_length);
    41614174            m_out.store32(m_out.constInt32(FastTypedArray), fastResultValue, m_heaps.JSArrayBufferView_mode);
    4162 
     4175           
    41634176            ValueFromBlock fastResult = m_out.anchor(fastResultValue);
    41644177            m_out.jump(continuation);
    41654178
    41664179            m_out.appendTo(slowCase, continuation);
     4180            LValue storageValue = m_out.phi(pointerType(), noStorage, haveStorage);
    41674181
    41684182            LValue slowResultValue = lazySlowPath(
     
    41704184                    return createLazyCallGenerator(
    41714185                        operationNewTypedArrayWithSizeForType(type), locations[0].directGPR(),
    4172                         CCallHelpers::TrustedImmPtr(structure), locations[1].directGPR());
     4186                        CCallHelpers::TrustedImmPtr(structure), locations[1].directGPR(),
     4187                        locations[2].directGPR());
    41734188                },
    4174                 size);
     4189                size, storageValue);
    41754190            ValueFromBlock slowResult = m_out.anchor(slowResultValue);
    41764191            m_out.jump(continuation);
     
    77867801            hole = m_out.constInt64(JSValue::encode(JSValue()));
    77877802       
     7803        splatWords(butterfly, begin, end, hole, heap->atAnyIndex());
     7804    }
     7805   
     7806    void splatWords(LValue base, LValue begin, LValue end, LValue value, const AbstractHeap& heap)
     7807    {
    77887808        const uint64_t unrollingLimit = 10;
    77897809        if (begin->hasInt() && end->hasInt()) {
     
    77927812           
    77937813            if (endConst - beginConst <= unrollingLimit) {
    7794                 for (uint64_t i = beginConst; i < endConst; ++i)
    7795                     m_out.store64(hole, butterfly, heap->at(i));
     7814                for (uint64_t i = beginConst; i < endConst; ++i) {
     7815                    LValue pointer = m_out.add(base, m_out.constIntPtr(i * sizeof(uint64_t)));
     7816                    m_out.store64(value, TypedPointer(heap, pointer));
     7817                }
    77967818                return;
    77977819            }
    77987820        }
    77997821
    7800         // Doubles must be initialized to PNaN.
    78017822        LBasicBlock initLoop = m_out.newBlock();
    78027823        LBasicBlock initDone = m_out.newBlock();
    78037824       
     7825        LBasicBlock lastNext = m_out.insertNewBlocksBefore(initLoop);
     7826       
    78047827        ValueFromBlock originalIndex = m_out.anchor(end);
    7805         ValueFromBlock originalPointer = m_out.anchor(butterfly);
     7828        ValueFromBlock originalPointer = m_out.anchor(base);
    78067829        m_out.branch(m_out.notEqual(end, begin), unsure(initLoop), unsure(initDone));
    78077830       
    7808         LBasicBlock initLastNext = m_out.appendTo(initLoop, initDone);
     7831        m_out.appendTo(initLoop, initDone);
    78097832        LValue index = m_out.phi(Int32, originalIndex);
    78107833        LValue pointer = m_out.phi(pointerType(), originalPointer);
    78117834       
    7812         m_out.store64(hole, TypedPointer(heap->atAnyIndex(), pointer));
     7835        m_out.store64(value, TypedPointer(heap, pointer));
    78137836       
    78147837        LValue nextIndex = m_out.sub(index, m_out.int32One);
     
    78187841            m_out.notEqual(nextIndex, begin), unsure(initLoop), unsure(initDone));
    78197842       
    7820         m_out.appendTo(initDone, initLastNext);
     7843        m_out.appendTo(initDone, lastNext);
    78217844    }
    78227845   
     
    85948617            vm().heap.subspaceForObjectOfType<ClassType>(), size, slowPath);
    85958618        return allocateObject(allocator, structure, butterfly, slowPath);
    8596     }
    8597    
    8598     // Returns a pointer to the end of the allocation.
    8599     LValue allocateBasicStorageAndGetEnd(LValue size, LBasicBlock slowPath)
    8600     {
    8601         CopiedAllocator& allocator = vm().heap.storageAllocator();
    8602        
    8603         LBasicBlock success = m_out.newBlock();
    8604        
    8605         LValue remaining = m_out.loadPtr(m_out.absolute(&allocator.m_currentRemaining));
    8606         LValue newRemaining = m_out.sub(remaining, size);
    8607        
    8608         m_out.branch(
    8609             m_out.lessThan(newRemaining, m_out.intPtrZero),
    8610             rarely(slowPath), usually(success));
    8611        
    8612         m_out.appendTo(success);
    8613        
    8614         m_out.storePtr(newRemaining, m_out.absolute(&allocator.m_currentRemaining));
    8615         return m_out.sub(
    8616             m_out.loadPtr(m_out.absolute(&allocator.m_currentPayloadEnd)), newRemaining);
    8617     }
    8618 
    8619     LValue allocateBasicStorage(LValue size, LBasicBlock slowPath)
    8620     {
    8621         return m_out.sub(allocateBasicStorageAndGetEnd(size, slowPath), size);
    86228619    }
    86238620   

  • trunk/Source/JavaScriptCore/heap/CopyToken.h

    r205462 r205494  
    3030
    3131enum CopyToken {
    32     TypedArrayVectorCopyToken,
    3332    MapBackingStoreCopyToken,
    3433    DirectArgumentsOverridesCopyToken

  • trunk/Source/JavaScriptCore/heap/SlotVisitor.cpp

    r205462 r205494  
    247247{
    248248    HeapCell* cell = bitwise_cast<HeapCell*>(base);
     249   
     250    ASSERT(cell->heap() == heap());
    249251   
    250252    if (Heap::testAndSetMarked(m_version, cell)) {

  • trunk/Source/JavaScriptCore/jit/JITOperations.h

    r205462 r205494  
    292292typedef char* (JIT_OPERATION *P_JITOperation_EStZ)(ExecState*, Structure*, int32_t);
    293293typedef char* (JIT_OPERATION *P_JITOperation_EStZB)(ExecState*, Structure*, int32_t, Butterfly*);
     294typedef char* (JIT_OPERATION *P_JITOperation_EStZP)(ExecState*, Structure*, int32_t, char*);
    294295typedef char* (JIT_OPERATION *P_JITOperation_EZZ)(ExecState*, int32_t, int32_t);
    295296typedef SlowPathReturnType (JIT_OPERATION *Sprt_JITOperation_ECli)(ExecState*, CallLinkInfo*);

  • trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.cpp

    r205131 r205494  
    4343
    4444JSArrayBufferView::ConstructionContext::ConstructionContext(
     45    Structure* structure, uint32_t length, void* vector)
     46    : m_structure(structure)
     47    , m_vector(vector)
     48    , m_length(length)
     49    , m_mode(FastTypedArray)
     50    , m_butterfly(nullptr)
     51{
     52    RELEASE_ASSERT(length <= fastSizeLimit);
     53}
     54
     55JSArrayBufferView::ConstructionContext::ConstructionContext(
    4556    VM& vm, Structure* structure, uint32_t length, uint32_t elementSize,
    4657    InitializationMode mode)
     
    5162    if (length <= fastSizeLimit) {
    5263        // Attempt GC allocation.
    53         void* temp = 0;
     64        void* temp;
    5465        size_t size = sizeOf(length, elementSize);
    55         // CopiedSpace only allows non-zero size allocations.
    56         if (size && !vm.heap.tryAllocateStorage(0, size, &temp))
    57             return;
     66        if (size) {
     67            temp = vm.heap.tryAllocateAuxiliary(nullptr, size);
     68            if (!temp)
     69                return;
     70        } else
     71            temp = nullptr;
    5872
    5973        m_structure = structure;
     
    6175        m_mode = FastTypedArray;
    6276
    63 #if USE(JSVALUE32_64)
    6477        if (mode == ZeroFill) {
    6578            uint64_t* asWords = static_cast<uint64_t*>(m_vector);
     
    6780                asWords[i] = 0;
    6881        }
    69 #endif // USE(JSVALUE32_64)
    7082       
    7183        return;
     
    119131    , m_mode(context.mode())
    120132{
    121     m_vector.setWithoutBarrier(static_cast<char*>(context.vector()));
     133    m_vector.setWithoutBarrier(context.vector());
    122134}
    123135

  • trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.h

    r205462 r205494  
    2727#define JSArrayBufferView_h
    2828
    29 #include "CopyBarrier.h"
     29#include "AuxiliaryBarrier.h"
    3030#include "JSObject.h"
    3131
     
    120120        JS_EXPORT_PRIVATE ConstructionContext(VM&, Structure*, uint32_t length, uint32_t elementSize, InitializationMode = ZeroFill);
    121121       
     122        // This is only for constructing fast typed arrays. It's used by the JIT's slow path.
     123        ConstructionContext(Structure*, uint32_t length, void* vector);
     124       
    122125        JS_EXPORT_PRIVATE ConstructionContext(
    123126            VM&, Structure*, PassRefPtr<ArrayBuffer>,
     
    183186    static String toStringName(const JSObject*, ExecState*);
    184187
    185     CopyBarrier<char> m_vector; // this is really a void*, but void would not work here.
     188    AuxiliaryBarrier<void*> m_vector;
    186189    uint32_t m_length;
    187190    TypedArrayMode m_mode;

  • trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayView.h

    r205198 r205494  
    107107public:
    108108    static JSGenericTypedArrayView* create(ExecState*, Structure*, unsigned length);
     109    static JSGenericTypedArrayView* createWithFastVector(ExecState*, Structure*, unsigned length, void* vector);
    109110    static JSGenericTypedArrayView* createUninitialized(ExecState*, Structure*, unsigned length);
    110111    static JSGenericTypedArrayView* create(ExecState*, Structure*, PassRefPtr<ArrayBuffer>, unsigned byteOffset, unsigned length);
     
    288289    static size_t estimatedSize(JSCell*);
    289290    static void visitChildren(JSCell*, SlotVisitor&);
    290     static void copyBackingStore(JSCell*, CopyVisitor&, CopyToken);
    291291
    292292    // Allocates the full-on native buffer and moves data into the C heap if

  • trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h

    r205462 r205494  
    5656        return nullptr;
    5757    }
     58    JSGenericTypedArrayView* result =
     59        new (NotNull, allocateCell<JSGenericTypedArrayView>(vm.heap))
     60        JSGenericTypedArrayView(vm, context);
     61    result->finishCreation(vm);
     62    return result;
     63}
     64
     65template<typename Adaptor>
     66JSGenericTypedArrayView<Adaptor>* JSGenericTypedArrayView<Adaptor>::createWithFastVector(
     67    ExecState* exec, Structure* structure, unsigned length, void* vector)
     68{
     69    VM& vm = exec->vm();
     70    ConstructionContext context(structure, length, vector);
     71    RELEASE_ASSERT(context);
    5872    JSGenericTypedArrayView* result =
    5973        new (NotNull, allocateCell<JSGenericTypedArrayView>(vm.heap))
     
    464478    case FastTypedArray: {
    465479        if (thisObject->m_vector)
    466             visitor.copyLater(thisObject, TypedArrayVectorCopyToken, thisObject->m_vector.get(), thisObject->byteSize());
     480            visitor.markAuxiliary(thisObject->m_vector.get());
    467481        break;
    468482    }
     
    482496   
    483497    Base::visitChildren(thisObject, visitor);
    484 }
    485 
    486 template<typename Adaptor>
    487 void JSGenericTypedArrayView<Adaptor>::copyBackingStore(
    488     JSCell* cell, CopyVisitor& visitor, CopyToken token)
    489 {
    490     JSGenericTypedArrayView* thisObject = jsCast<JSGenericTypedArrayView*>(cell);
    491    
    492     if (token == TypedArrayVectorCopyToken
    493         && visitor.checkIfShouldCopy(thisObject->m_vector.get())) {
    494         ASSERT(thisObject->m_vector);
    495         void* oldVector = thisObject->vector();
    496         void* newVector = visitor.allocateNewSpace(thisObject->byteSize());
    497         memcpy(newVector, oldVector, thisObject->byteSize());
    498         thisObject->m_vector.setWithoutBarrier(static_cast<char*>(newVector));
    499         visitor.didCopy(oldVector, thisObject->byteSize());
    500     }
    501    
    502     Base::copyBackingStore(thisObject, visitor, token);
    503498}
    504499
     
    551546
    552547    thisObject->butterfly()->indexingHeader()->setArrayBuffer(buffer.get());
    553     thisObject->m_vector.setWithoutBarrier(static_cast<char*>(buffer->data()));
     548    thisObject->m_vector.setWithoutBarrier(buffer->data());
    554549    thisObject->m_mode = WastefulTypedArray;
    555550    heap->addReference(thisObject, buffer.get());
Note: See TracChangeset for help on using the changeset viewer.