Diff
Modified: tags/Safari-538.16.2/Source/_javascript_Core/ChangeLog (163486 => 163487)
--- tags/Safari-538.16.2/Source/_javascript_Core/ChangeLog 2014-02-06 00:20:42 UTC (rev 163486)
+++ tags/Safari-538.16.2/Source/_javascript_Core/ChangeLog 2014-02-06 00:28:30 UTC (rev 163487)
@@ -1,3 +1,25 @@
+2014-02-05 Lucas Forschler <[email protected]>
+
+ Merge r163324
+
+ 2014-02-03 Matthew Mirman <[email protected]>
+
+ Added GetTypedArrayByteOffset to FTL
+ https://bugs.webkit.org/show_bug.cgi?id=127589
+
+ Reviewed by Filip Pizlo.
+
+ * ftl/FTLAbstractHeapRepository.h:
+ * ftl/FTLCapabilities.cpp:
+ (JSC::FTL::canCompile):
+ * ftl/FTLLowerDFGToLLVM.cpp:
+ (JSC::FTL::LowerDFGToLLVM::compileNode):
+ (JSC::FTL::LowerDFGToLLVM::compileGetTypedArrayByteOffset):
+ * tests/stress/ftl-gettypedarrayoffset-simple.js: Added.
+ (foo):
+ * tests/stress/ftl-gettypedarrayoffset-wasteful.js: Added.
+ (foo):
+
2014-02-03 Dan Bernstein <[email protected]>
Correctly address Darin’s review comment on the last change.
Modified: tags/Safari-538.16.2/Source/_javascript_Core/ftl/FTLAbstractHeapRepository.h (163486 => 163487)
--- tags/Safari-538.16.2/Source/_javascript_Core/ftl/FTLAbstractHeapRepository.h 2014-02-06 00:20:42 UTC (rev 163486)
+++ tags/Safari-538.16.2/Source/_javascript_Core/ftl/FTLAbstractHeapRepository.h 2014-02-06 00:28:30 UTC (rev 163487)
@@ -42,6 +42,8 @@
macro(WriteBarrierBuffer_bufferContents)
#define FOR_EACH_ABSTRACT_FIELD(macro) \
+ macro(ArrayBuffer_data, ArrayBuffer::offsetOfData()) \
+ macro(Butterfly_arrayBuffer, Butterfly::offsetOfArrayBuffer()) \
macro(Butterfly_publicLength, Butterfly::offsetOfPublicLength()) \
macro(Butterfly_vectorLength, Butterfly::offsetOfVectorLength()) \
macro(CallFrame_callerFrame, CallFrame::callerFrameOffset()) \
Modified: tags/Safari-538.16.2/Source/_javascript_Core/ftl/FTLCapabilities.cpp (163486 => 163487)
--- tags/Safari-538.16.2/Source/_javascript_Core/ftl/FTLCapabilities.cpp 2014-02-06 00:20:42 UTC (rev 163486)
+++ tags/Safari-538.16.2/Source/_javascript_Core/ftl/FTLCapabilities.cpp 2014-02-06 00:28:30 UTC (rev 163487)
@@ -109,6 +109,7 @@
case AllocatePropertyStorage:
case FunctionReentryWatchpoint:
case TypedArrayWatchpoint:
+ case GetTypedArrayByteOffset:
case VariableWatchpoint:
case NotifyWrite:
case StoreBarrier:
Modified: tags/Safari-538.16.2/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp (163486 => 163487)
--- tags/Safari-538.16.2/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp 2014-02-06 00:20:42 UTC (rev 163486)
+++ tags/Safari-538.16.2/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp 2014-02-06 00:28:30 UTC (rev 163487)
@@ -434,6 +434,9 @@
case NewArrayWithSize:
compileNewArrayWithSize();
break;
+ case GetTypedArrayByteOffset:
+ compileGetTypedArrayByteOffset();
+ break;
case AllocatePropertyStorage:
compileAllocatePropertyStorage();
break;
@@ -1725,6 +1728,41 @@
BadIndexingType, jsValueValue(cell), 0,
m_out.bitNot(isArrayType(cell, m_node->arrayMode())));
}
+
+ void compileGetTypedArrayByteOffset()
+ {
+ LValue basePtr = lowCell(m_node->child1());
+
+ LBasicBlock simpleCase = FTL_NEW_BLOCK(m_out, ("wasteless typed array"));
+ LBasicBlock wastefulCase = FTL_NEW_BLOCK(m_out, ("wasteful typed array"));
+ LBasicBlock continuation = FTL_NEW_BLOCK(m_out, ("continuation branch"));
+
+ LValue baseAddress = m_out.addPtr(basePtr, JSArrayBufferView::offsetOfMode());
+ m_out.branch(m_out.notEqual(baseAddress , m_out.constIntPtr(WastefulTypedArray)), simpleCase, wastefulCase);
+
+ // begin simple case
+ LBasicBlock lastNext = m_out.appendTo(simpleCase, wastefulCase);
+
+ ValueFromBlock simpleOut = m_out.anchor(m_out.constIntPtr(0));
+
+ m_out.jump(continuation);
+
+ // begin wasteful case
+ m_out.appendTo(wastefulCase, continuation);
+
+ LValue vectorPtr = m_out.loadPtr(basePtr, m_heaps.JSArrayBufferView_vector);
+ LValue butterflyPtr = m_out.loadPtr(basePtr, m_heaps.JSObject_butterfly);
+ LValue arrayBufferPtr = m_out.loadPtr(butterflyPtr, m_heaps.Butterfly_arrayBuffer);
+ LValue dataPtr = m_out.loadPtr(arrayBufferPtr, m_heaps.ArrayBuffer_data);
+
+ ValueFromBlock wastefulOut = m_out.anchor(m_out.sub(dataPtr, vectorPtr));
+
+ m_out.jump(continuation);
+ m_out.appendTo(continuation, lastNext);
+
+ // output
+ setInt32(m_out.castToInt32(m_out.phi(m_out.intPtr, simpleOut, wastefulOut)));
+ }
void compileGetArrayLength()
{
Copied: tags/Safari-538.16.2/Source/_javascript_Core/tests/stress/ftl-gettypedarrayoffset-simple.js (from rev 163324, trunk/Source/_javascript_Core/tests/stress/ftl-gettypedarrayoffset-simple.js) (0 => 163487)
--- tags/Safari-538.16.2/Source/_javascript_Core/tests/stress/ftl-gettypedarrayoffset-simple.js (rev 0)
+++ tags/Safari-538.16.2/Source/_javascript_Core/tests/stress/ftl-gettypedarrayoffset-simple.js 2014-02-06 00:28:30 UTC (rev 163487)
@@ -0,0 +1,12 @@
+function foo(x){
+ return x.byteOffset
+}
+
+noInline(foo);
+
+for (var i = 0; i < 100000; ++i) {
+ var b = new Uint8Array(42, 0);
+ if (foo(b) != 0)
+ throw "error"
+}
+
Copied: tags/Safari-538.16.2/Source/_javascript_Core/tests/stress/ftl-gettypedarrayoffset-wasteful.js (from rev 163324, trunk/Source/_javascript_Core/tests/stress/ftl-gettypedarrayoffset-wasteful.js) (0 => 163487)
--- tags/Safari-538.16.2/Source/_javascript_Core/tests/stress/ftl-gettypedarrayoffset-wasteful.js (rev 0)
+++ tags/Safari-538.16.2/Source/_javascript_Core/tests/stress/ftl-gettypedarrayoffset-wasteful.js 2014-02-06 00:28:30 UTC (rev 163487)
@@ -0,0 +1,12 @@
+function foo(x){
+ return x.byteOffset
+}
+
+noInline(foo);
+
+for (var i = 0; i < 100000; ++i) {
+ var b = new Uint8Array(new ArrayBuffer(42), 0);
+ if (foo(b) != 0)
+ throw "error"
+}
+
