[webkit-changes] [233098] trunk/Source/JavaScriptCore

Fri, 22 Jun 2018 14:02:15 -0700

Title: [233098] trunk/Source/_javascript_Core
Revision
233098
Author
[email protected]
Date
2018-06-22 14:02:01 -0700 (Fri, 22 Jun 2018)

Log Message

ensureWritableX should only convert away from CoW when it will succeed
https://bugs.webkit.org/show_bug.cgi?id=186898

Reviewed by Keith Miller.

Otherwise, when we OSR exit, we'll end up profiling the array after
it has been converted away from CoW. It's better for the ArrayProfile
to see the array as it's still in CoW mode.

This patch also renames ensureWritableX to tryMakeWritableX since these
were never really "ensure" operations -- they may fail and return null.

* dfg/DFGOperations.cpp:
* runtime/JSObject.cpp:
(JSC::JSObject::tryMakeWritableInt32Slow):
(JSC::JSObject::tryMakeWritableDoubleSlow):
(JSC::JSObject::tryMakeWritableContiguousSlow):
(JSC::JSObject::ensureWritableInt32Slow): Deleted.
(JSC::JSObject::ensureWritableDoubleSlow): Deleted.
(JSC::JSObject::ensureWritableContiguousSlow): Deleted.
* runtime/JSObject.h:
(JSC::JSObject::tryMakeWritableInt32):
(JSC::JSObject::tryMakeWritableDouble):
(JSC::JSObject::tryMakeWritableContiguous):
(JSC::JSObject::ensureWritableInt32): Deleted.
(JSC::JSObject::ensureWritableDouble): Deleted.
(JSC::JSObject::ensureWritableContiguous): Deleted.

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (233097 => 233098)


--- trunk/Source/_javascript_Core/ChangeLog	2018-06-22 20:50:44 UTC (rev 233097)
+++ trunk/Source/_javascript_Core/ChangeLog	2018-06-22 21:02:01 UTC (rev 233098)
@@ -1,3 +1,33 @@
+2018-06-22  Saam Barati  <[email protected]>
+
+        ensureWritableX should only convert away from CoW when it will succeed
+        https://bugs.webkit.org/show_bug.cgi?id=186898
+
+        Reviewed by Keith Miller.
+
+        Otherwise, when we OSR exit, we'll end up profiling the array after
+        it has been converted away from CoW. It's better for the ArrayProfile
+        to see the array as it's still in CoW mode.
+        
+        This patch also renames ensureWritableX to tryMakeWritableX since these
+        were never really "ensure" operations -- they may fail and return null.
+
+        * dfg/DFGOperations.cpp:
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::tryMakeWritableInt32Slow):
+        (JSC::JSObject::tryMakeWritableDoubleSlow):
+        (JSC::JSObject::tryMakeWritableContiguousSlow):
+        (JSC::JSObject::ensureWritableInt32Slow): Deleted.
+        (JSC::JSObject::ensureWritableDoubleSlow): Deleted.
+        (JSC::JSObject::ensureWritableContiguousSlow): Deleted.
+        * runtime/JSObject.h:
+        (JSC::JSObject::tryMakeWritableInt32):
+        (JSC::JSObject::tryMakeWritableDouble):
+        (JSC::JSObject::tryMakeWritableContiguous):
+        (JSC::JSObject::ensureWritableInt32): Deleted.
+        (JSC::JSObject::ensureWritableDouble): Deleted.
+        (JSC::JSObject::ensureWritableContiguous): Deleted.
+
 2018-06-22  Keith Miller  <[email protected]>
 
         We should call visitChildren on Base not the exact typename

Modified: trunk/Source/_javascript_Core/dfg/DFGOperations.cpp (233097 => 233098)


--- trunk/Source/_javascript_Core/dfg/DFGOperations.cpp	2018-06-22 20:50:44 UTC (rev 233097)
+++ trunk/Source/_javascript_Core/dfg/DFGOperations.cpp	2018-06-22 21:02:01 UTC (rev 233098)
@@ -1888,7 +1888,7 @@
     if (!cell->isObject())
         return 0;
 
-    auto* result = reinterpret_cast<char*>(asObject(cell)->ensureWritableInt32(vm).data());
+    auto* result = reinterpret_cast<char*>(asObject(cell)->tryMakeWritableInt32(vm).data());
     ASSERT((!isCopyOnWrite(asObject(cell)->indexingMode()) && hasInt32(cell->indexingMode())) || !result);
     return result;
 }
@@ -1901,7 +1901,7 @@
     if (!cell->isObject())
         return 0;
 
-    auto* result = reinterpret_cast<char*>(asObject(cell)->ensureWritableDouble(vm).data());
+    auto* result = reinterpret_cast<char*>(asObject(cell)->tryMakeWritableDouble(vm).data());
     ASSERT((!isCopyOnWrite(asObject(cell)->indexingMode()) && hasDouble(cell->indexingMode())) || !result);
     return result;
 }
@@ -1914,7 +1914,7 @@
     if (!cell->isObject())
         return 0;
     
-    auto* result = reinterpret_cast<char*>(asObject(cell)->ensureWritableContiguous(vm).data());
+    auto* result = reinterpret_cast<char*>(asObject(cell)->tryMakeWritableContiguous(vm).data());
     ASSERT((!isCopyOnWrite(asObject(cell)->indexingMode()) && hasContiguous(cell->indexingMode())) || !result);
     return result;
 }

Modified: trunk/Source/_javascript_Core/runtime/JSObject.cpp (233097 => 233098)


--- trunk/Source/_javascript_Core/runtime/JSObject.cpp	2018-06-22 20:50:44 UTC (rev 233097)
+++ trunk/Source/_javascript_Core/runtime/JSObject.cpp	2018-06-22 21:02:01 UTC (rev 233098)
@@ -1474,14 +1474,17 @@
     setIndexQuickly(vm, index, value);
 }
 
-ContiguousJSValues JSObject::ensureWritableInt32Slow(VM& vm)
+ContiguousJSValues JSObject::tryMakeWritableInt32Slow(VM& vm)
 {
     ASSERT(inherits(vm, info()));
 
     if (isCopyOnWrite(indexingMode())) {
-        convertFromCopyOnWrite(vm);
-        if (hasInt32(indexingMode()))
+        if (leastUpperBoundOfIndexingTypes(indexingType() & IndexingShapeMask, Int32Shape) == Int32Shape) {
+            ASSERT(hasInt32(indexingMode()));
+            convertFromCopyOnWrite(vm);
             return butterfly()->contiguousInt32();
+        }
+        return ContiguousJSValues();
     }
 
     if (structure(vm)->hijacksIndexingHeader())
@@ -1507,14 +1510,18 @@
     }
 }
 
-ContiguousDoubles JSObject::ensureWritableDoubleSlow(VM& vm)
+ContiguousDoubles JSObject::tryMakeWritableDoubleSlow(VM& vm)
 {
     ASSERT(inherits(vm, info()));
 
     if (isCopyOnWrite(indexingMode())) {
-        convertFromCopyOnWrite(vm);
-        if (hasDouble(indexingMode()))
-            return butterfly()->contiguousDouble();
+        if (leastUpperBoundOfIndexingTypes(indexingType() & IndexingShapeMask, DoubleShape) == DoubleShape) {
+            convertFromCopyOnWrite(vm);
+            if (hasDouble(indexingMode()))
+                return butterfly()->contiguousDouble();
+            ASSERT(hasInt32(indexingMode()));
+        } else
+            return ContiguousDoubles();
     }
 
     if (structure(vm)->hijacksIndexingHeader())
@@ -1542,14 +1549,18 @@
     }
 }
 
-ContiguousJSValues JSObject::ensureWritableContiguousSlow(VM& vm)
+ContiguousJSValues JSObject::tryMakeWritableContiguousSlow(VM& vm)
 {
     ASSERT(inherits(vm, info()));
 
     if (isCopyOnWrite(indexingMode())) {
-        convertFromCopyOnWrite(vm);
-        if (hasContiguous(indexingMode()))
-            return butterfly()->contiguous();
+        if (leastUpperBoundOfIndexingTypes(indexingType() & IndexingShapeMask, ContiguousShape) == ContiguousShape) {
+            convertFromCopyOnWrite(vm);
+            if (hasContiguous(indexingMode()))
+                return butterfly()->contiguous();
+            ASSERT(hasInt32(indexingMode()) || hasDouble(indexingMode()));
+        } else
+            return ContiguousJSValues();
     }
 
     if (structure(vm)->hijacksIndexingHeader())

Modified: trunk/Source/_javascript_Core/runtime/JSObject.h (233097 => 233098)


--- trunk/Source/_javascript_Core/runtime/JSObject.h	2018-06-22 20:50:44 UTC (rev 233097)
+++ trunk/Source/_javascript_Core/runtime/JSObject.h	2018-06-22 21:02:01 UTC (rev 233098)
@@ -822,12 +822,12 @@
     // indexing should be sparse, we're having a bad time, or because
     // we already have a more general form of storage (double,
     // contiguous, array storage).
-    ContiguousJSValues ensureWritableInt32(VM& vm)
+    ContiguousJSValues tryMakeWritableInt32(VM& vm)
     {
         if (LIKELY(hasInt32(indexingType()) && !isCopyOnWrite(indexingMode())))
             return m_butterfly->contiguousInt32();
             
-        return ensureWritableInt32Slow(vm);
+        return tryMakeWritableInt32Slow(vm);
     }
         
     // Returns 0 if double storage cannot be created - either because
@@ -834,22 +834,22 @@
     // indexing should be sparse, we're having a bad time, or because
     // we already have a more general form of storage (contiguous,
     // or array storage).
-    ContiguousDoubles ensureWritableDouble(VM& vm)
+    ContiguousDoubles tryMakeWritableDouble(VM& vm)
     {
         if (LIKELY(hasDouble(indexingType()) && !isCopyOnWrite(indexingMode())))
             return m_butterfly->contiguousDouble();
             
-        return ensureWritableDoubleSlow(vm);
+        return tryMakeWritableDoubleSlow(vm);
     }
         
     // Returns 0 if contiguous storage cannot be created - either because
     // indexing should be sparse or because we're having a bad time.
-    ContiguousJSValues ensureWritableContiguous(VM& vm)
+    ContiguousJSValues tryMakeWritableContiguous(VM& vm)
     {
         if (LIKELY(hasContiguous(indexingType()) && !isCopyOnWrite(indexingMode())))
             return m_butterfly->contiguous();
             
-        return ensureWritableContiguousSlow(vm);
+        return tryMakeWritableContiguousSlow(vm);
     }
 
     // Ensure that the object is in a mode where it has array storage. Use
@@ -1059,9 +1059,9 @@
         
     bool ensureLengthSlow(VM&, unsigned length);
         
-    ContiguousJSValues ensureWritableInt32Slow(VM&);
-    ContiguousDoubles ensureWritableDoubleSlow(VM&);
-    ContiguousJSValues ensureWritableContiguousSlow(VM&);
+    ContiguousJSValues tryMakeWritableInt32Slow(VM&);
+    ContiguousDoubles tryMakeWritableDoubleSlow(VM&);
+    ContiguousJSValues tryMakeWritableContiguousSlow(VM&);
     JS_EXPORT_PRIVATE ArrayStorage* ensureArrayStorageSlow(VM&);
 
     PropertyOffset prepareToPutDirectWithoutTransition(VM&, PropertyName, unsigned attributes, StructureID, Structure*);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to