Changeset 265045 in webkit


Ignore:
Timestamp:
Jul 29, 2020 9:54:11 AM (4 years ago)
Author:
mark.lam@apple.com
Message:

Update some JSArrayBufferView comments and add some assertions.
https://bugs.webkit.org/show_bug.cgi?id=214914

Reviewed by Darin Adler.

  • runtime/ArrayBuffer.cpp:

(JSC::ArrayBuffer::createAdopted):

  • runtime/JSArrayBufferView.cpp:

(JSC::JSArrayBufferView::ConstructionContext::ConstructionContext):
(JSC::JSArrayBufferView::finalize):

  • runtime/JSArrayBufferView.h:
Location:
trunk/Source/JavaScriptCore
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r265036 r265045  
     12020-07-29  Mark Lam  <mark.lam@apple.com>
     2
     3        Update some JSArrayBufferView comments and add some assertions.
     4        https://bugs.webkit.org/show_bug.cgi?id=214914
     5
     6        Reviewed by Darin Adler.
     7
     8        * runtime/ArrayBuffer.cpp:
     9        (JSC::ArrayBuffer::createAdopted):
     10        * runtime/JSArrayBufferView.cpp:
     11        (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext):
     12        (JSC::JSArrayBufferView::finalize):
     13        * runtime/JSArrayBufferView.h:
     14
    1152020-07-29  Paulo Matos  <pmatos@igalia.com>
    216

  • trunk/Source/JavaScriptCore/runtime/ArrayBuffer.cpp

    r261895 r265045  
    11/*
    2  * Copyright (C) 2009-2018 Apple Inc. All rights reserved.
     2 * Copyright (C) 2009-2020 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    211211Ref<ArrayBuffer> ArrayBuffer::createAdopted(const void* data, unsigned byteLength)
    212212{
     213    ASSERT(!Gigacage::isEnabled() || (Gigacage::contains(data) && Gigacage::contains(static_cast<const uint8_t*>(data) + byteLength - 1)));
    213214    return createFromBytes(data, byteLength, ArrayBuffer::primitiveGigacageDestructor());
    214215}

  • trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.cpp

    r261755 r265045  
    11/*
    2  * Copyright (C) 2013-2019 Apple Inc. All rights reserved.
     2 * Copyright (C) 2013-2020 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    4949    , m_butterfly(nullptr)
    5050{
     51    ASSERT(!Gigacage::isEnabled() || (Gigacage::contains(vector) && Gigacage::contains(static_cast<const uint8_t*>(vector) + length - 1)));
    5152    ASSERT(vector == removeArrayPtrTag(vector));
    5253    RELEASE_ASSERT(length <= fastSizeLimit);
     
    191192{
    192193    JSArrayBufferView* thisObject = static_cast<JSArrayBufferView*>(cell);
     194
     195    // This JSArrayBufferView could be an OversizeTypedArray that was converted
     196    // to a WastefulTypedArray via slowDownAndWasteMemory(). Hence, it is possible
     197    // to get to this finalizer and found the mode to be WastefulTypedArray.
    193198    ASSERT(thisObject->m_mode == OversizeTypedArray || thisObject->m_mode == WastefulTypedArray);
    194199    if (thisObject->m_mode == OversizeTypedArray)

  • trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.h

    r261159 r265045  
    11/*
    2  * Copyright (C) 2013-2019 Apple Inc. All rights reserved.
     2 * Copyright (C) 2013-2020 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    5656// buffer or the DOM-specified neutering capabilities.
    5757enum TypedArrayMode : uint32_t {
     58    // Legend:
     59    // B: JSArrayBufferView::m_butterfly pointer
     60    // V: JSArrayBufferView::m_vector pointer
     61    // M: JSArrayBufferView::m_mode
     62
    5863    // Small and fast typed array. B is unused, V points to a vector
    59     // allocated in copied space, and M = FastTypedArray. V's liveness is
    60     // determined entirely by the view's liveness.
     64    // allocated in the primitive Gigacage, and M = FastTypedArray. V's
     65    // liveness is determined entirely by the view's liveness.
    6166    FastTypedArray,
    62    
     67
    6368    // A large typed array that still attempts not to waste too much
    64     // memory. B is initialized to point to a slot that could hold a
    65     // buffer pointer, V points to a vector allocated using fastCalloc(),
    66     // and M = OversizeTypedArray. V's liveness is determined entirely by
    67     // the view's liveness, and the view will add a finalizer to delete V.
     69    // memory. B is unused, V points to a vector allocated using
     70    // Gigacage::tryMalloc(), and M = OversizeTypedArray. V's liveness is
     71    // determined entirely by the view's liveness, and the view will add a
     72    // finalizer to delete V.
    6873    OversizeTypedArray,
    69    
     74
    7075    // A typed array that was used in some crazy way. B's IndexingHeader
    7176    // is hijacked to contain a reference to the native array buffer. The
     
    7479    // The view does not own the vector.
    7580    WastefulTypedArray,
    76    
     81
    7782    // A data view. B is unused, V points to a vector allocated using who-
    7883    // knows-what, and M = DataViewMode. The view does not own the vector.
Note: See TracChangeset for help on using the changeset viewer.