Diff
Modified: branches/safari-605-branch/Source/_javascript_Core/ChangeLog (227447 => 227448)
--- branches/safari-605-branch/Source/_javascript_Core/ChangeLog 2018-01-23 22:30:15 UTC (rev 227447)
+++ branches/safari-605-branch/Source/_javascript_Core/ChangeLog 2018-01-23 22:30:19 UTC (rev 227448)
@@ -1,5 +1,67 @@
2018-01-23 Jason Marcell <jmarc...@apple.com>
+ Cherry-pick r227434. rdar://problem/36791632
+
+ 2018-01-23 Mark Lam <mark....@apple.com>
+
+ Re-arrange TypedArray JSTypes to match the order of the TypedArrayType enum list.
+ https://bugs.webkit.org/show_bug.cgi?id=181976
+ <rdar://problem/36766936>
+
+ Reviewed by Filip Pizlo.
+
+ 1. The order of TypedArray JSTypes now matches the order the TypedArrayType enum
+ list. I also added static asserts in TypedArrayType.h to enforce this.
+
+ Also redefined FOR_EACH_TYPED_ARRAY_TYPE() in terms of
+
+ 2. Define 4 new values:
+ a. FirstTypedArrayType
+ b. LastTypedArrayType
+ c. NumberOfTypedArrayTypesExcludingDataView
+ d. NumberOfTypedArrayTypes
+
+ Use these everywhere where we iterate or bisect the TypedArray JSTypes.
+
+ 3. Removed NUMBER_OF_TYPED_ARRAY_TYPES, and use NumberOfTypedArrayTypes instead.
+
+ 4. Simplify the code that converts between TypedArrayType and JSType.
+
+ Changed typedArrayTypeForType() to be the mirror image of typeForTypedArrayType().
+ Previously, typedArrayTypeForType() converts DataViewType to NotTypedArray
+ instead of TypeDataView. Now, it converts to TypeDataView.
+
+ This does not result in any change of behavior because typedArrayTypeForType()
+ is only called in Structure::hasIndexingHeader(), and its result is passed to
+ isTypedView(), which handles TypeDataView correctly.
+
+ 5. Also fixed a bug in SpeculativeJIT::compileGetTypedArrayByteOffset().
+ If the vector is null, we can skip the rest of the checks. While the current
+ code does not result in incorrect behavior, it is inefficient, and communicates
+ wrong information to the reader i.e. implying that there's something in the
+ dataGPR when there's not. The dataGPR should also be null in this case.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileIsTypedArrayView):
+ (JSC::DFG::SpeculativeJIT::compileGetTypedArrayByteOffset):
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::isTypedArrayView):
+ * ftl/FTLOSRExit.cpp:
+ * llint/LowLevelInterpreter.asm:
+ * llint/LowLevelInterpreter64.asm:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::visitChildren):
+ * runtime/JSType.h:
+ * runtime/TypedArrayType.cpp:
+ (JSC::typeForTypedArrayType): Deleted.
+ * runtime/TypedArrayType.h:
+ (JSC::typedArrayTypeForType):
+ (JSC::typeForTypedArrayType):
+
+2018-01-23 Jason Marcell <jmarc...@apple.com>
+
Cherry-pick r227431. rdar://problem/36791656
2018-01-23 Filip Pizlo <fpi...@apple.com>
Modified: branches/safari-605-branch/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (227447 => 227448)
--- branches/safari-605-branch/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2018-01-23 22:30:15 UTC (rev 227447)
+++ branches/safari-605-branch/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2018-01-23 22:30:19 UTC (rev 227448)
@@ -3429,7 +3429,7 @@
return true;
}
- for (unsigned typeIndex = 0; typeIndex < NUMBER_OF_TYPED_ARRAY_TYPES; ++typeIndex) {
+ for (unsigned typeIndex = 0; typeIndex < NumberOfTypedArrayTypes; ++typeIndex) {
bool result = handleTypedArrayConstructor(
resultOperand, function, registerOffset, argumentCountIncludingThis,
indexToTypedArrayType(typeIndex), insertChecks);
Modified: branches/safari-605-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (227447 => 227448)
--- branches/safari-605-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2018-01-23 22:30:15 UTC (rev 227447)
+++ branches/safari-605-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2018-01-23 22:30:19 UTC (rev 227448)
@@ -4033,10 +4033,10 @@
JITCompiler::Jump isNotCell = m_jit.branchIfNotCell(valueRegs);
m_jit.load8(JITCompiler::Address(valueRegs.payloadGPR(), JSCell::typeInfoTypeOffset()), resultGPR);
- m_jit.sub32(TrustedImm32(Int8ArrayType), resultGPR);
- m_jit.compare32(JITCompiler::BelowOrEqual,
+ m_jit.sub32(TrustedImm32(FirstTypedArrayType), resultGPR);
+ m_jit.compare32(JITCompiler::Below,
resultGPR,
- TrustedImm32(Float64ArrayType - Int8ArrayType),
+ TrustedImm32(NumberOfTypedArrayTypesExcludingDataView),
resultGPR);
blessBoolean(resultGPR);
JITCompiler::Jump done = m_jit.jump();
@@ -6387,7 +6387,7 @@
m_jit.loadPtr(MacroAssembler::Address(baseGPR, JSArrayBufferView::offsetOfVector()), vectorGPR);
JITCompiler::Jump nullVector = m_jit.branchTestPtr(JITCompiler::Zero, vectorGPR);
cageTypedArrayStorage(vectorGPR);
- nullVector.link(&m_jit);
+
m_jit.loadPtr(MacroAssembler::Address(dataGPR, Butterfly::offsetOfArrayBuffer()), dataGPR);
// FIXME: This needs caging.
// https://bugs.webkit.org/show_bug.cgi?id=175515
@@ -6400,6 +6400,7 @@
m_jit.move(TrustedImmPtr(0), vectorGPR);
done.link(&m_jit);
+ nullVector.link(&m_jit);
int32Result(vectorGPR, node);
}
Modified: branches/safari-605-branch/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (227447 => 227448)
--- branches/safari-605-branch/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2018-01-23 22:30:15 UTC (rev 227447)
+++ branches/safari-605-branch/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2018-01-23 22:30:19 UTC (rev 227448)
@@ -14346,10 +14346,10 @@
return proven;
LValue jsType = m_out.sub(
m_out.load8ZeroExt32(cell, m_heaps.JSCell_typeInfoType),
- m_out.constInt32(Int8ArrayType));
- return m_out.belowOrEqual(
+ m_out.constInt32(FirstTypedArrayType));
+ return m_out.below(
jsType,
- m_out.constInt32(Float64ArrayType - Int8ArrayType));
+ m_out.constInt32(NumberOfTypedArrayTypesExcludingDataView));
}
LValue isObject(LValue cell, SpeculatedType type = SpecFullTop)
Modified: branches/safari-605-branch/Source/_javascript_Core/ftl/FTLOSRExit.cpp (227447 => 227448)
--- branches/safari-605-branch/Source/_javascript_Core/ftl/FTLOSRExit.cpp 2018-01-23 22:30:15 UTC (rev 227447)
+++ branches/safari-605-branch/Source/_javascript_Core/ftl/FTLOSRExit.cpp 2018-01-23 22:30:19 UTC (rev 227448)
@@ -118,3 +118,4 @@
#endif // ENABLE(FTL_JIT)
+
Modified: branches/safari-605-branch/Source/_javascript_Core/llint/LowLevelInterpreter.asm (227447 => 227448)
--- branches/safari-605-branch/Source/_javascript_Core/llint/LowLevelInterpreter.asm 2018-01-23 22:30:15 UTC (rev 227447)
+++ branches/safari-605-branch/Source/_javascript_Core/llint/LowLevelInterpreter.asm 2018-01-23 22:30:19 UTC (rev 227448)
@@ -383,17 +383,17 @@
# The typed array types need to be numbered in a particular order because of the manually written
# switch statement in get_by_val and put_by_val.
const Int8ArrayType = constexpr Int8ArrayType
-const Int16ArrayType = constexpr Int16ArrayType
-const Int32ArrayType = constexpr Int32ArrayType
const Uint8ArrayType = constexpr Uint8ArrayType
const Uint8ClampedArrayType = constexpr Uint8ClampedArrayType
+const Int16ArrayType = constexpr Int16ArrayType
const Uint16ArrayType = constexpr Uint16ArrayType
+const Int32ArrayType = constexpr Int32ArrayType
const Uint32ArrayType = constexpr Uint32ArrayType
const Float32ArrayType = constexpr Float32ArrayType
const Float64ArrayType = constexpr Float64ArrayType
-const FirstArrayType = Int8ArrayType
-const LastArrayType = Float64ArrayType
+const FirstArrayType = constexpr FirstTypedArrayType
+const NumberOfTypedArrayTypesExcludingDataView = constexpr NumberOfTypedArrayTypesExcludingDataView
# Type flags constants.
const MasqueradesAsUndefined = constexpr MasqueradesAsUndefined
Modified: branches/safari-605-branch/Source/_javascript_Core/llint/LowLevelInterpreter64.asm (227447 => 227448)
--- branches/safari-605-branch/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2018-01-23 22:30:15 UTC (rev 227447)
+++ branches/safari-605-branch/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2018-01-23 22:30:19 UTC (rev 227448)
@@ -1538,60 +1538,72 @@
# First lets check if we even have a typed array. This lets us do some boilerplate up front.
loadb JSCell::m_type[t0], t2
subi FirstArrayType, t2
- bia t2, LastArrayType - FirstArrayType, .opGetByValSlow
+ biaeq t2, NumberOfTypedArrayTypesExcludingDataView, .opGetByValSlow
# Sweet, now we know that we have a typed array. Do some basic things now.
loadCaged(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr PRIMITIVE_GIGACAGE_MASK, JSArrayBufferView::m_vector[t0], t3, t5)
biaeq t1, JSArrayBufferView::m_length[t0], .opGetByValSlow
- # Now bisect through the various types. Note that we can treat Uint8ArrayType and
- # Uint8ClampedArrayType the same.
- bia t2, Uint8ClampedArrayType - FirstArrayType, .opGetByValAboveUint8ClampedArray
-
- # We have one of Int8ArrayType .. Uint8ClampedArrayType.
- bia t2, Int16ArrayType - FirstArrayType, .opGetByValInt32ArrayOrUint8Array
-
- # We have one of Int8ArrayType or Int16ArrayType
- bineq t2, Int8ArrayType - FirstArrayType, .opGetByValInt16Array
-
+ # Now bisect through the various types:
+ # Int8ArrayType,
+ # Uint8ArrayType,
+ # Uint8ClampedArrayType,
+ # Int16ArrayType,
+ # Uint16ArrayType,
+ # Int32ArrayType,
+ # Uint32ArrayType,
+ # Float32ArrayType,
+ # Float64ArrayType,
+
+ bia t2, Uint16ArrayType - FirstArrayType, .opGetByValAboveUint16Array
+
+ # We have one of Int8ArrayType .. Uint16ArrayType.
+ bia t2, Uint8ClampedArrayType - FirstArrayType, .opGetByValInt16ArrayOrUint16Array
+
+ # We have one of Int8ArrayType ... Uint8ClampedArrayType
+ bineq t2, Int8ArrayType - FirstArrayType, .opGetByValUint8ArrayOrUint8ClampedArray
+
# We have Int8ArrayType
loadbs [t3, t1], t0
finishIntGetByVal(t0, t1)
-.opGetByValInt16Array:
- loadhs [t3, t1, 2], t0
- finishIntGetByVal(t0, t1)
-
-.opGetByValInt32ArrayOrUint8Array:
- # We have one of Int16Array, Uint8Array, or Uint8ClampedArray.
- bieq t2, Int32ArrayType - FirstArrayType, .opGetByValInt32Array
-
- # We have either Uint8Array or Uint8ClampedArray. They behave the same so that's cool.
+.opGetByValUint8ArrayOrUint8ClampedArray:
+ # We have either Uint8ArrayType or Uint8ClampedArrayType. They behave the same so that's cool.
loadb [t3, t1], t0
finishIntGetByVal(t0, t1)
-.opGetByValInt32Array:
- loadi [t3, t1, 4], t0
+.opGetByValInt16ArrayOrUint16Array:
+ # We have either Int16ArrayType or Uint16ClampedArrayType.
+ bieq t2, Uint16ArrayType - FirstArrayType, .opGetByValUint16Array
+
+ # We have Int16ArrayType.
+ loadhs [t3, t1, 2], t0
finishIntGetByVal(t0, t1)
-.opGetByValAboveUint8ClampedArray:
- # We have one of Uint16ArrayType .. Float64ArrayType.
- bia t2, Uint32ArrayType - FirstArrayType, .opGetByValAboveUint32Array
-
- # We have either Uint16ArrayType or Uint32ArrayType.
- bieq t2, Uint32ArrayType - FirstArrayType, .opGetByValUint32Array
-
+.opGetByValUint16Array:
# We have Uint16ArrayType.
loadh [t3, t1, 2], t0
finishIntGetByVal(t0, t1)
+.opGetByValAboveUint16Array:
+ # We have one of Int32ArrayType .. Float64ArrayType.
+ bia t2, Uint32ArrayType - FirstArrayType, .opGetByValFloat32ArrayOrFloat64Array
+
+ # We have either Int32ArrayType or Uint32ArrayType
+ bineq t2, Int32ArrayType - FirstArrayType, .opGetByValUint32Array
+
+ # We have Int32ArrayType
+ loadi [t3, t1, 4], t0
+ finishIntGetByVal(t0, t1)
+
.opGetByValUint32Array:
+ # We have Uint32ArrayType.
# This is the hardest part because of large unsigned values.
loadi [t3, t1, 4], t0
bilt t0, 0, .opGetByValSlow # This case is still awkward to implement in LLInt.
finishIntGetByVal(t0, t1)
-.opGetByValAboveUint32Array:
+.opGetByValFloat32ArrayOrFloat64Array:
# We have one of Float32ArrayType or Float64ArrayType. Sadly, we cannot handle Float32Array
# inline yet. That would require some offlineasm changes.
bieq t2, Float32ArrayType - FirstArrayType, .opGetByValSlow
Modified: branches/safari-605-branch/Source/_javascript_Core/runtime/JSGlobalObject.cpp (227447 => 227448)
--- branches/safari-605-branch/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2018-01-23 22:30:15 UTC (rev 227447)
+++ branches/safari-605-branch/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2018-01-23 22:30:19 UTC (rev 227448)
@@ -1420,7 +1420,7 @@
#undef VISIT_LAZY_TYPE
- for (unsigned i = NUMBER_OF_TYPED_ARRAY_TYPES; i--;)
+ for (unsigned i = NumberOfTypedArrayTypes; i--;)
thisObject->lazyTypedArrayStructure(indexToTypedArrayType(i)).visit(visitor);
visitor.append(thisObject->m_speciesGetterSetter);
Modified: branches/safari-605-branch/Source/_javascript_Core/runtime/JSType.h (227447 => 227448)
--- branches/safari-605-branch/Source/_javascript_Core/runtime/JSType.h 2018-01-23 22:30:15 UTC (rev 227447)
+++ branches/safari-605-branch/Source/_javascript_Core/runtime/JSType.h 2018-01-23 22:30:19 UTC (rev 227448)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2011, 2015-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2006-2018 Apple Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
@@ -68,11 +68,11 @@
DerivedArrayType,
Int8ArrayType,
- Int16ArrayType,
- Int32ArrayType,
Uint8ArrayType,
Uint8ClampedArrayType,
+ Int16ArrayType,
Uint16ArrayType,
+ Int32ArrayType,
Uint32ArrayType,
Float32ArrayType,
Float64ArrayType,
@@ -102,6 +102,11 @@
MaxJSType = 0b11111111,
};
+static const uint32_t FirstTypedArrayType = Int8ArrayType;
+static const uint32_t LastTypedArrayType = DataViewType;
+static constexpr uint32_t NumberOfTypedArrayTypes = LastTypedArrayType - FirstTypedArrayType + 1;
+static constexpr uint32_t NumberOfTypedArrayTypesExcludingDataView = NumberOfTypedArrayTypes - 1;
+
static_assert(sizeof(JSType) == sizeof(uint8_t), "sizeof(JSType) is one byte.");
static_assert(LastJSCObjectType < 128, "The highest bit is reserved for embedder's extension.");
Modified: branches/safari-605-branch/Source/_javascript_Core/runtime/TypedArrayType.cpp (227447 => 227448)
--- branches/safari-605-branch/Source/_javascript_Core/runtime/TypedArrayType.cpp 2018-01-23 22:30:15 UTC (rev 227447)
+++ branches/safari-605-branch/Source/_javascript_Core/runtime/TypedArrayType.cpp 2018-01-23 22:30:19 UTC (rev 227448)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -32,39 +32,6 @@
namespace JSC {
-JSType typeForTypedArrayType(TypedArrayType type)
-{
- switch (type) {
- case NotTypedArray:
- RELEASE_ASSERT_NOT_REACHED();
- return Int8ArrayType;
- case TypeInt8:
- return Int8ArrayType;
- case TypeUint8:
- return Uint8ArrayType;
- case TypeUint8Clamped:
- return Uint8ClampedArrayType;
- case TypeInt16:
- return Int16ArrayType;
- case TypeUint16:
- return Uint16ArrayType;
- case TypeInt32:
- return Int32ArrayType;
- case TypeUint32:
- return Uint32ArrayType;
- case TypeFloat32:
- return Float32ArrayType;
- case TypeFloat64:
- return Float64ArrayType;
- case TypeDataView:
- return DataViewType;
-
- default:
- RELEASE_ASSERT_NOT_REACHED();
- return Int8ArrayType;
- }
-}
-
const ClassInfo* constructorClassInfoForType(TypedArrayType type)
{
switch (type) {
Modified: branches/safari-605-branch/Source/_javascript_Core/runtime/TypedArrayType.h (227447 => 227448)
--- branches/safari-605-branch/Source/_javascript_Core/runtime/TypedArrayType.h 2018-01-23 22:30:15 UTC (rev 227447)
+++ branches/safari-605-branch/Source/_javascript_Core/runtime/TypedArrayType.h 2018-01-23 22:30:19 UTC (rev 227448)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -32,18 +32,6 @@
struct ClassInfo;
-#define FOR_EACH_TYPED_ARRAY_TYPE(macro) \
- macro(Int8) \
- macro(Uint8) \
- macro(Uint8Clamped) \
- macro(Int16) \
- macro(Uint16) \
- macro(Int32) \
- macro(Uint32) \
- macro(Float32) \
- macro(Float64) \
- macro(DataView)
-
#define FOR_EACH_TYPED_ARRAY_TYPE_EXCLUDING_DATA_VIEW(macro) \
macro(Int8) \
macro(Uint8) \
@@ -55,6 +43,10 @@
macro(Float32) \
macro(Float64)
+#define FOR_EACH_TYPED_ARRAY_TYPE(macro) \
+ FOR_EACH_TYPED_ARRAY_TYPE_EXCLUDING_DATA_VIEW(macro) \
+ macro(DataView)
+
enum TypedArrayType {
NotTypedArray,
#define DECLARE_TYPED_ARRAY_TYPE(name) Type ## name,
@@ -62,8 +54,13 @@
#undef DECLARE_TYPED_ARRAY_TYPE
};
-#define NUMBER_OF_TYPED_ARRAY_TYPES TypeDataView
+#define ASSERT_TYPED_ARRAY_TYPE(name) \
+ static_assert(Type ## name == (name ## ArrayType - FirstTypedArrayType + TypeInt8), "");
+ FOR_EACH_TYPED_ARRAY_TYPE_EXCLUDING_DATA_VIEW(ASSERT_TYPED_ARRAY_TYPE)
+#undef ASSERT_TYPED_ARRAY_TYPE
+static_assert(TypeDataView == (DataViewType - FirstTypedArrayType + TypeInt8), "");
+
inline unsigned toIndex(TypedArrayType type)
{
return static_cast<unsigned>(type) - 1;
@@ -117,34 +114,23 @@
}
const ClassInfo* constructorClassInfoForType(TypedArrayType);
-JSType typeForTypedArrayType(TypedArrayType);
inline TypedArrayType typedArrayTypeForType(JSType type)
{
- switch (type) {
- case Int8ArrayType:
- return TypeInt8;
- case Int16ArrayType:
- return TypeInt16;
- case Int32ArrayType:
- return TypeInt32;
- case Uint8ArrayType:
- return TypeUint8;
- case Uint8ClampedArrayType:
- return TypeUint8Clamped;
- case Uint16ArrayType:
- return TypeUint16;
- case Uint32ArrayType:
- return TypeUint32;
- case Float32ArrayType:
- return TypeFloat32;
- case Float64ArrayType:
- return TypeFloat64;
- default:
- return NotTypedArray;
- }
+ if (type >= FirstTypedArrayType && type <= LastTypedArrayType)
+ return static_cast<TypedArrayType>(type - FirstTypedArrayType + TypeInt8);
+ return NotTypedArray;
}
+inline JSType typeForTypedArrayType(TypedArrayType type)
+{
+ if (type >= TypeInt8 && type <= TypeDataView)
+ return static_cast<JSType>(type - TypeInt8 + FirstTypedArrayType);
+
+ RELEASE_ASSERT_NOT_REACHED();
+ return Int8ArrayType;
+}
+
inline bool isInt(TypedArrayType type)
{
switch (type) {
