Skip to content
  • fpizlo@apple.com's avatar
    Fold constant typed arrays · ee327c85
    fpizlo@apple.com authored
    https://bugs.webkit.org/show_bug.cgi?id=125205
    
    Source/JavaScriptCore: 
    
    Reviewed by Oliver Hunt and Mark Hahnenberg.
            
    If by some other mechanism we have a typed array access on a compile-time constant
    typed array pointer, then fold:
            
    - Array bounds checks. Specifically, fold the load of length.
            
    - Loading the vector.
            
    This needs to install a watchpoint on the array itself because of the possibility of
    neutering. Neutering is ridiculous. We do this without bloating the size of
    ArrayBuffer or JSArrayBufferView in the common case (i.e. the case where you
    allocated an array that didn't end up becoming a compile-time constant). To install
    the watchpoint, we slowDownAndWasteMemory and then create an incoming reference to
    the ArrayBuffer, where that incoming reference is from a watchpoint object. The
    ArrayBuffer already knows about such incoming references and can fire the
    watchpoints that way.
            
    * CMakeLists.txt:
    * GNUmakefile.list.am:
    * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
    * JavaScriptCore.xcodeproj/project.pbxproj:
    * dfg/DFGDesiredWatchpoints.cpp:
    (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add):
    (JSC::DFG::DesiredWatchpoints::addLazily):
    * dfg/DFGDesiredWatchpoints.h:
    (JSC::DFG::GenericSetAdaptor::add):
    (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated):
    (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated):
    (JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
    (JSC::DFG::GenericDesiredWatchpoints::areStillValid):
    (JSC::DFG::GenericDesiredWatchpoints::isStillValid):
    (JSC::DFG::GenericDesiredWatchpoints::shouldAssumeMixedState):
    (JSC::DFG::DesiredWatchpoints::isStillValid):
    (JSC::DFG::DesiredWatchpoints::shouldAssumeMixedState):
    (JSC::DFG::DesiredWatchpoints::isValidOrMixed):
    * dfg/DFGGraph.cpp:
    (JSC::DFG::Graph::tryGetFoldableView):
    * dfg/DFGGraph.h:
    * dfg/DFGSpeculativeJIT.cpp:
    (JSC::DFG::SpeculativeJIT::jumpForTypedArrayOutOfBounds):
    (JSC::DFG::SpeculativeJIT::emitTypedArrayBoundsCheck):
    (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
    (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
    (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
    (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
    (JSC::DFG::SpeculativeJIT::compileConstantIndexedPropertyStorage):
    (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
    * dfg/DFGSpeculativeJIT.h:
    * dfg/DFGWatchpointCollectionPhase.cpp:
    (JSC::DFG::WatchpointCollectionPhase::handle):
    (JSC::DFG::WatchpointCollectionPhase::addLazily):
    * ftl/FTLLowerDFGToLLVM.cpp:
    (JSC::FTL::LowerDFGToLLVM::compileGetIndexedPropertyStorage):
    (JSC::FTL::LowerDFGToLLVM::compileGetByVal):
    (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
    (JSC::FTL::LowerDFGToLLVM::typedArrayLength):
    * runtime/ArrayBuffer.cpp:
    (JSC::ArrayBuffer::transfer):
    * runtime/ArrayBufferNeuteringWatchpoint.cpp: Added.
    (JSC::ArrayBufferNeuteringWatchpoint::ArrayBufferNeuteringWatchpoint):
    (JSC::ArrayBufferNeuteringWatchpoint::~ArrayBufferNeuteringWatchpoint):
    (JSC::ArrayBufferNeuteringWatchpoint::finishCreation):
    (JSC::ArrayBufferNeuteringWatchpoint::destroy):
    (JSC::ArrayBufferNeuteringWatchpoint::create):
    (JSC::ArrayBufferNeuteringWatchpoint::createStructure):
    * runtime/ArrayBufferNeuteringWatchpoint.h: Added.
    (JSC::ArrayBufferNeuteringWatchpoint::set):
    * runtime/VM.cpp:
    (JSC::VM::VM):
    * runtime/VM.h:
    
    LayoutTests: 
    
    Reviewed by Oliver Hunt and Mark Hahnenberg.
    
    * js/regress/fixed-typed-array-storage-expected.txt: Added.
    * js/regress/fixed-typed-array-storage-var-index-expected.txt: Added.
    * js/regress/fixed-typed-array-storage-var-index.html: Added.
    * js/regress/fixed-typed-array-storage.html: Added.
    * js/regress/script-tests/fixed-typed-array-storage-var-index.js: Added.
    (foo):
    * js/regress/script-tests/fixed-typed-array-storage.js: Added.
    (foo):
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160150 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    ee327c85