WebKit Bugzilla
Attachment 358996 Details for
Bug 193372
: [JSC] Do not use asArrayModes() with Structures because it discards TypedArray information
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-193372-20190112144726.patch (text/plain), 39.77 KB, created by
Yusuke Suzuki
on 2019-01-12 14:47:27 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Yusuke Suzuki
Created:
2019-01-12 14:47:27 PST
Size:
39.77 KB
patch
obsolete
>Subversion Revision: 239903 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 9c91d169c12b5fa5c1ba7a2d3f17ce31f80431b6..640cbbab929880cd2d22a1c2decb140cb85798d1 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,53 @@ >+2019-01-12 Yusuke Suzuki <yusukesuzuki@slowstart.org> >+ >+ [JSC] Do not use asArrayModes() with Structures because it discards TypedArray information >+ https://bugs.webkit.org/show_bug.cgi?id=193372 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * bytecode/ArrayProfile.cpp: >+ (JSC::dumpArrayModes): >+ (JSC::ArrayProfile::computeUpdatedPrediction): >+ * bytecode/ArrayProfile.h: >+ (JSC::asArrayModesIgnoringTypedArrays): >+ (JSC::arrayModesFromStructure): >+ (JSC::arrayModesIncludeIgnoringTypedArrays): >+ (JSC::shouldUseSlowPutArrayStorage): >+ (JSC::shouldUseFastArrayStorage): >+ (JSC::shouldUseContiguous): >+ (JSC::shouldUseDouble): >+ (JSC::shouldUseInt32): >+ (JSC::asArrayModes): Deleted. >+ (JSC::arrayModeFromStructure): Deleted. >+ (JSC::arrayModesInclude): Deleted. >+ * dfg/DFGAbstractValue.cpp: >+ (JSC::DFG::AbstractValue::observeTransitions): >+ (JSC::DFG::AbstractValue::set): >+ (JSC::DFG::AbstractValue::mergeOSREntryValue): >+ (JSC::DFG::AbstractValue::contains const): >+ * dfg/DFGAbstractValue.h: >+ (JSC::DFG::AbstractValue::observeTransition): >+ (JSC::DFG::AbstractValue::validate const): >+ (JSC::DFG::AbstractValue::observeIndexingTypeTransition): >+ * dfg/DFGArrayMode.cpp: >+ (JSC::DFG::ArrayMode::fromObserved): >+ (JSC::DFG::ArrayMode::alreadyChecked const): >+ * dfg/DFGArrayMode.h: >+ (JSC::DFG::ArrayMode::structureWouldPassArrayModeFiltering): >+ (JSC::DFG::ArrayMode::arrayModesThatPassFiltering const): >+ (JSC::DFG::ArrayMode::arrayModesWithIndexingShape const): >+ * dfg/DFGOSRExit.cpp: >+ (JSC::DFG::OSRExit::executeOSRExit): >+ (JSC::DFG::OSRExit::compileExit): >+ * dfg/DFGRegisteredStructureSet.cpp: >+ (JSC::DFG::RegisteredStructureSet::filterArrayModes): >+ (JSC::DFG::RegisteredStructureSet::arrayModesFromStructures const): >+ * ftl/FTLOSRExitCompiler.cpp: >+ (JSC::FTL::compileStub): >+ * jit/JITInlines.h: >+ (JSC::JIT::chooseArrayMode): >+ (JSC::arrayProfileSaw): Deleted. >+ > 2019-01-12 Yusuke Suzuki <yusukesuzuki@slowstart.org> > > Unreviewed, fix scope check assertions >diff --git a/Source/JavaScriptCore/bytecode/ArrayProfile.cpp b/Source/JavaScriptCore/bytecode/ArrayProfile.cpp >index f2ff9aff37afc87c42a28c36dfd37c98316e1113..45cb8044233d06edb66f3df73a663893975b4c39 100644 >--- a/Source/JavaScriptCore/bytecode/ArrayProfile.cpp >+++ b/Source/JavaScriptCore/bytecode/ArrayProfile.cpp >@@ -37,6 +37,19 @@ namespace JSC { > const char* const ArrayProfile::s_typeName = "ArrayProfile"; > #endif > >+// Keep in sync with the order of TypedArrayType. >+const ArrayModes TypedArrayModes[NumberOfTypedArrayTypesExcludingDataView] = { >+ Int8ArrayMode, >+ Uint8ArrayMode, >+ Uint8ClampedArrayMode, >+ Int16ArrayMode, >+ Uint16ArrayMode, >+ Int32ArrayMode, >+ Uint32ArrayMode, >+ Float32ArrayMode, >+ Float64ArrayMode, >+}; >+ > void dumpArrayModes(PrintStream& out, ArrayModes arrayModes) > { > if (!arrayModes) { >@@ -50,37 +63,37 @@ void dumpArrayModes(PrintStream& out, ArrayModes arrayModes) > } > > CommaPrinter comma("|"); >- if (arrayModes & asArrayModes(NonArray)) >+ if (arrayModes & asArrayModesIgnoringTypedArrays(NonArray)) > out.print(comma, "NonArray"); >- if (arrayModes & asArrayModes(NonArrayWithInt32)) >+ if (arrayModes & asArrayModesIgnoringTypedArrays(NonArrayWithInt32)) > out.print(comma, "NonArrayWithInt32"); >- if (arrayModes & asArrayModes(NonArrayWithDouble)) >+ if (arrayModes & asArrayModesIgnoringTypedArrays(NonArrayWithDouble)) > out.print(comma, "NonArrayWithDouble"); >- if (arrayModes & asArrayModes(NonArrayWithContiguous)) >+ if (arrayModes & asArrayModesIgnoringTypedArrays(NonArrayWithContiguous)) > out.print(comma, "NonArrayWithContiguous"); >- if (arrayModes & asArrayModes(NonArrayWithArrayStorage)) >+ if (arrayModes & asArrayModesIgnoringTypedArrays(NonArrayWithArrayStorage)) > out.print(comma, "NonArrayWithArrayStorage"); >- if (arrayModes & asArrayModes(NonArrayWithSlowPutArrayStorage)) >+ if (arrayModes & asArrayModesIgnoringTypedArrays(NonArrayWithSlowPutArrayStorage)) > out.print(comma, "NonArrayWithSlowPutArrayStorage"); >- if (arrayModes & asArrayModes(ArrayClass)) >+ if (arrayModes & asArrayModesIgnoringTypedArrays(ArrayClass)) > out.print(comma, "ArrayClass"); >- if (arrayModes & asArrayModes(ArrayWithUndecided)) >+ if (arrayModes & asArrayModesIgnoringTypedArrays(ArrayWithUndecided)) > out.print(comma, "ArrayWithUndecided"); >- if (arrayModes & asArrayModes(ArrayWithInt32)) >+ if (arrayModes & asArrayModesIgnoringTypedArrays(ArrayWithInt32)) > out.print(comma, "ArrayWithInt32"); >- if (arrayModes & asArrayModes(ArrayWithDouble)) >+ if (arrayModes & asArrayModesIgnoringTypedArrays(ArrayWithDouble)) > out.print(comma, "ArrayWithDouble"); >- if (arrayModes & asArrayModes(ArrayWithContiguous)) >+ if (arrayModes & asArrayModesIgnoringTypedArrays(ArrayWithContiguous)) > out.print(comma, "ArrayWithContiguous"); >- if (arrayModes & asArrayModes(ArrayWithArrayStorage)) >+ if (arrayModes & asArrayModesIgnoringTypedArrays(ArrayWithArrayStorage)) > out.print(comma, "ArrayWithArrayStorage"); >- if (arrayModes & asArrayModes(ArrayWithSlowPutArrayStorage)) >+ if (arrayModes & asArrayModesIgnoringTypedArrays(ArrayWithSlowPutArrayStorage)) > out.print(comma, "ArrayWithSlowPutArrayStorage"); >- if (arrayModes & asArrayModes(CopyOnWriteArrayWithInt32)) >+ if (arrayModes & asArrayModesIgnoringTypedArrays(CopyOnWriteArrayWithInt32)) > out.print(comma, "CopyOnWriteArrayWithInt32"); >- if (arrayModes & asArrayModes(CopyOnWriteArrayWithDouble)) >+ if (arrayModes & asArrayModesIgnoringTypedArrays(CopyOnWriteArrayWithDouble)) > out.print(comma, "CopyOnWriteArrayWithDouble"); >- if (arrayModes & asArrayModes(CopyOnWriteArrayWithContiguous)) >+ if (arrayModes & asArrayModesIgnoringTypedArrays(CopyOnWriteArrayWithContiguous)) > out.print(comma, "CopyOnWriteArrayWithContiguous"); > > if (arrayModes & Int8ArrayMode) >@@ -115,11 +128,11 @@ void ArrayProfile::computeUpdatedPrediction(const ConcurrentJSLocker& locker, Co > > void ArrayProfile::computeUpdatedPrediction(const ConcurrentJSLocker&, CodeBlock* codeBlock, Structure* lastSeenStructure) > { >- m_observedArrayModes |= arrayModeFromStructure(lastSeenStructure); >+ m_observedArrayModes |= arrayModesFromStructure(lastSeenStructure); > > if (!m_didPerformFirstRunPruning > && hasTwoOrMoreBitsSet(m_observedArrayModes)) { >- m_observedArrayModes = arrayModeFromStructure(lastSeenStructure); >+ m_observedArrayModes = arrayModesFromStructure(lastSeenStructure); > m_didPerformFirstRunPruning = true; > } > >diff --git a/Source/JavaScriptCore/bytecode/ArrayProfile.h b/Source/JavaScriptCore/bytecode/ArrayProfile.h >index b9d9f37aa4d853cdf598eb96626d2aedc4a633ea..a91a46810bc1e314e307dac8d41802379e9ddbec 100644 >--- a/Source/JavaScriptCore/bytecode/ArrayProfile.h >+++ b/Source/JavaScriptCore/bytecode/ArrayProfile.h >@@ -58,7 +58,9 @@ const ArrayModes Uint32ArrayMode = 1 << 27; > const ArrayModes Float32ArrayMode = 1 << 28; > const ArrayModes Float64ArrayMode = 1 << 29; > >-constexpr ArrayModes asArrayModes(IndexingType indexingMode) >+extern const ArrayModes TypedArrayModes[NumberOfTypedArrayTypesExcludingDataView]; >+ >+constexpr ArrayModes asArrayModesIgnoringTypedArrays(IndexingType indexingMode) > { > return static_cast<unsigned>(1) << static_cast<unsigned>(indexingMode); > } >@@ -76,12 +78,12 @@ constexpr ArrayModes asArrayModes(IndexingType indexingMode) > ) > > #define ALL_NON_ARRAY_ARRAY_MODES \ >- (asArrayModes(NonArray) \ >- | asArrayModes(NonArrayWithInt32) \ >- | asArrayModes(NonArrayWithDouble) \ >- | asArrayModes(NonArrayWithContiguous) \ >- | asArrayModes(NonArrayWithArrayStorage) \ >- | asArrayModes(NonArrayWithSlowPutArrayStorage) \ >+ (asArrayModesIgnoringTypedArrays(NonArray) \ >+ | asArrayModesIgnoringTypedArrays(NonArrayWithInt32) \ >+ | asArrayModesIgnoringTypedArrays(NonArrayWithDouble) \ >+ | asArrayModesIgnoringTypedArrays(NonArrayWithContiguous) \ >+ | asArrayModesIgnoringTypedArrays(NonArrayWithArrayStorage) \ >+ | asArrayModesIgnoringTypedArrays(NonArrayWithSlowPutArrayStorage) \ > | ALL_TYPED_ARRAY_MODES) > > #define ALL_COPY_ON_WRITE_ARRAY_MODES \ >@@ -90,13 +92,13 @@ constexpr ArrayModes asArrayModes(IndexingType indexingMode) > | CopyOnWriteArrayWithContiguousArrayMode) > > #define ALL_WRITABLE_ARRAY_ARRAY_MODES \ >- (asArrayModes(ArrayClass) \ >- | asArrayModes(ArrayWithUndecided) \ >- | asArrayModes(ArrayWithInt32) \ >- | asArrayModes(ArrayWithDouble) \ >- | asArrayModes(ArrayWithContiguous) \ >- | asArrayModes(ArrayWithArrayStorage) \ >- | asArrayModes(ArrayWithSlowPutArrayStorage)) >+ (asArrayModesIgnoringTypedArrays(ArrayClass) \ >+ | asArrayModesIgnoringTypedArrays(ArrayWithUndecided) \ >+ | asArrayModesIgnoringTypedArrays(ArrayWithInt32) \ >+ | asArrayModesIgnoringTypedArrays(ArrayWithDouble) \ >+ | asArrayModesIgnoringTypedArrays(ArrayWithContiguous) \ >+ | asArrayModesIgnoringTypedArrays(ArrayWithArrayStorage) \ >+ | asArrayModesIgnoringTypedArrays(ArrayWithSlowPutArrayStorage)) > > #define ALL_ARRAY_ARRAY_MODES \ > (ALL_WRITABLE_ARRAY_ARRAY_MODES \ >@@ -104,7 +106,7 @@ constexpr ArrayModes asArrayModes(IndexingType indexingMode) > > #define ALL_ARRAY_MODES (ALL_NON_ARRAY_ARRAY_MODES | ALL_ARRAY_ARRAY_MODES) > >-inline ArrayModes arrayModeFromStructure(Structure* structure) >+inline ArrayModes arrayModesFromStructure(Structure* structure) > { > switch (structure->classInfo()->typedArrayStorageType) { > case TypeInt8: >@@ -130,7 +132,7 @@ inline ArrayModes arrayModeFromStructure(Structure* structure) > break; > } > >- return asArrayModes(structure->indexingMode()); >+ return asArrayModesIgnoringTypedArrays(structure->indexingMode()); > } > > void dumpArrayModes(PrintStream&, ArrayModes); >@@ -156,37 +158,37 @@ inline bool arrayModesAlreadyChecked(ArrayModes proven, ArrayModes expected) > return (expected | proven) == expected; > } > >-inline bool arrayModesInclude(ArrayModes arrayModes, IndexingType shape) >+inline bool arrayModesIncludeIgnoringTypedArrays(ArrayModes arrayModes, IndexingType shape) > { >- ArrayModes modes = asArrayModes(NonArray | shape) | asArrayModes(ArrayClass | shape); >+ ArrayModes modes = asArrayModesIgnoringTypedArrays(NonArray | shape) | asArrayModesIgnoringTypedArrays(ArrayClass | shape); > if (hasInt32(shape) || hasDouble(shape) || hasContiguous(shape)) >- modes |= asArrayModes(ArrayClass | shape | CopyOnWrite); >+ modes |= asArrayModesIgnoringTypedArrays(ArrayClass | shape | CopyOnWrite); > return !!(arrayModes & modes); > } > > inline bool shouldUseSlowPutArrayStorage(ArrayModes arrayModes) > { >- return arrayModesInclude(arrayModes, SlowPutArrayStorageShape); >+ return arrayModesIncludeIgnoringTypedArrays(arrayModes, SlowPutArrayStorageShape); > } > > inline bool shouldUseFastArrayStorage(ArrayModes arrayModes) > { >- return arrayModesInclude(arrayModes, ArrayStorageShape); >+ return arrayModesIncludeIgnoringTypedArrays(arrayModes, ArrayStorageShape); > } > > inline bool shouldUseContiguous(ArrayModes arrayModes) > { >- return arrayModesInclude(arrayModes, ContiguousShape); >+ return arrayModesIncludeIgnoringTypedArrays(arrayModes, ContiguousShape); > } > > inline bool shouldUseDouble(ArrayModes arrayModes) > { >- return arrayModesInclude(arrayModes, DoubleShape); >+ return arrayModesIncludeIgnoringTypedArrays(arrayModes, DoubleShape); > } > > inline bool shouldUseInt32(ArrayModes arrayModes) > { >- return arrayModesInclude(arrayModes, Int32Shape); >+ return arrayModesIncludeIgnoringTypedArrays(arrayModes, Int32Shape); > } > > inline bool hasSeenArray(ArrayModes arrayModes) >diff --git a/Source/JavaScriptCore/dfg/DFGAbstractValue.cpp b/Source/JavaScriptCore/dfg/DFGAbstractValue.cpp >index e4e501facc2d14a17aedc63741672a835d153897..ae2f15fd68403fcfb3ba9130886af983c1f944da 100644 >--- a/Source/JavaScriptCore/dfg/DFGAbstractValue.cpp >+++ b/Source/JavaScriptCore/dfg/DFGAbstractValue.cpp >@@ -40,8 +40,8 @@ void AbstractValue::observeTransitions(const TransitionVector& vector) > m_structure.observeTransitions(vector); > ArrayModes newModes = 0; > for (unsigned i = vector.size(); i--;) { >- if (m_arrayModes & asArrayModes(vector[i].previous->indexingType())) >- newModes |= asArrayModes(vector[i].next->indexingType()); >+ if (m_arrayModes & arrayModesFromStructure(vector[i].previous.get())) >+ newModes |= arrayModesFromStructure(vector[i].next.get()); > } > m_arrayModes |= newModes; > } >@@ -60,7 +60,7 @@ void AbstractValue::set(Graph& graph, const FrozenValue& value, StructureClobber > m_arrayModes = ALL_ARRAY_MODES; > m_structure.clobber(); > } else >- m_arrayModes = asArrayModes(structure->indexingMode()); >+ m_arrayModes = arrayModesFromStructure(structure); > } else { > m_structure.makeTop(); > m_arrayModes = ALL_ARRAY_MODES; >@@ -87,7 +87,7 @@ void AbstractValue::set(Graph& graph, RegisteredStructure structure) > RELEASE_ASSERT(structure); > > m_structure = structure; >- m_arrayModes = asArrayModes(structure->indexingMode()); >+ m_arrayModes = arrayModesFromStructure(structure.get()); > m_type = speculationFromStructure(structure.get()); > m_value = JSValue(); > >@@ -228,7 +228,7 @@ bool AbstractValue::mergeOSREntryValue(Graph& graph, JSValue value) > FrozenValue* frozenValue = graph.freeze(value); > if (frozenValue->pointsToHeap()) { > m_structure = graph.registerStructure(frozenValue->structure()); >- m_arrayModes = asArrayModes(frozenValue->structure()->indexingMode()); >+ m_arrayModes = arrayModesFromStructure(frozenValue->structure()); > } else { > m_structure.clear(); > m_arrayModes = 0; >@@ -240,7 +240,7 @@ bool AbstractValue::mergeOSREntryValue(Graph& graph, JSValue value) > mergeSpeculation(m_type, speculationFromValue(value)); > if (!!value && value.isCell()) { > RegisteredStructure structure = graph.registerStructure(value.asCell()->structure(graph.m_vm)); >- mergeArrayModes(m_arrayModes, asArrayModes(structure->indexingMode())); >+ mergeArrayModes(m_arrayModes, arrayModesFromStructure(structure.get())); > m_structure.merge(RegisteredStructureSet(structure)); > } > if (m_value != value) >@@ -365,7 +365,7 @@ FiltrationResult AbstractValue::filterByValue(const FrozenValue& value) > bool AbstractValue::contains(RegisteredStructure structure) const > { > return couldBeType(speculationFromStructure(structure.get())) >- && (m_arrayModes & arrayModeFromStructure(structure.get())) >+ && (m_arrayModes & arrayModesFromStructure(structure.get())) > && m_structure.contains(structure); > } > >diff --git a/Source/JavaScriptCore/dfg/DFGAbstractValue.h b/Source/JavaScriptCore/dfg/DFGAbstractValue.h >index 294efb8f5205c068806775128d3e4d012ae938ed..107046f86852bd416c6956911abf3d40e8a5fcf1 100644 >--- a/Source/JavaScriptCore/dfg/DFGAbstractValue.h >+++ b/Source/JavaScriptCore/dfg/DFGAbstractValue.h >@@ -137,7 +137,7 @@ struct AbstractValue { > { > if (m_type & SpecCell) { > m_structure.observeTransition(from, to); >- observeIndexingTypeTransition(from->indexingType(), to->indexingType()); >+ observeIndexingTypeTransition(arrayModesFromStructure(from.get()), arrayModesFromStructure(to.get())); > } > checkConsistency(); > } >@@ -397,7 +397,7 @@ struct AbstractValue { > ASSERT(m_type & SpecCell); > Structure* structure = value.asCell()->structure(); > return m_structure.contains(structure) >- && (m_arrayModes & asArrayModes(structure->indexingMode())); >+ && (m_arrayModes & arrayModesFromStructure(structure)); > } > > return true; >@@ -492,10 +492,10 @@ struct AbstractValue { > m_arrayModes = ALL_ARRAY_MODES; > } > >- void observeIndexingTypeTransition(IndexingType from, IndexingType to) >+ void observeIndexingTypeTransition(ArrayModes from, ArrayModes to) > { >- if (m_arrayModes & asArrayModes(from)) >- m_arrayModes |= asArrayModes(to); >+ if (m_arrayModes & from) >+ m_arrayModes |= to; > } > > bool validateType(JSValue value) const >diff --git a/Source/JavaScriptCore/dfg/DFGArrayMode.cpp b/Source/JavaScriptCore/dfg/DFGArrayMode.cpp >index dfd68e6699b96fee86541783cd692b3894850131..f926cc16c460500a74328c0273172488eefe7b17 100644 >--- a/Source/JavaScriptCore/dfg/DFGArrayMode.cpp >+++ b/Source/JavaScriptCore/dfg/DFGArrayMode.cpp >@@ -47,17 +47,17 @@ ArrayMode ArrayMode::fromObserved(const ConcurrentJSLocker& locker, ArrayProfile > Array::Class isArray; > Array::Conversion converts; > >- RELEASE_ASSERT((observed & (asArrayModes(toIndexingShape(type)) | asArrayModes(toIndexingShape(type) | ArrayClass) | asArrayModes(toIndexingShape(type) | ArrayClass | CopyOnWrite))) == observed); >+ RELEASE_ASSERT((observed & (asArrayModesIgnoringTypedArrays(toIndexingShape(type)) | asArrayModesIgnoringTypedArrays(toIndexingShape(type) | ArrayClass) | asArrayModesIgnoringTypedArrays(toIndexingShape(type) | ArrayClass | CopyOnWrite))) == observed); > >- if (observed & asArrayModes(toIndexingShape(type))) { >- if ((observed & asArrayModes(toIndexingShape(type))) == observed) >+ if (observed & asArrayModesIgnoringTypedArrays(toIndexingShape(type))) { >+ if ((observed & asArrayModesIgnoringTypedArrays(toIndexingShape(type))) == observed) > isArray = nonArray; > else > isArray = Array::PossiblyArray; > } else > isArray = Array::Array; > >- if (action == Array::Write && (observed & asArrayModes(toIndexingShape(type) | ArrayClass | CopyOnWrite))) >+ if (action == Array::Write && (observed & asArrayModesIgnoringTypedArrays(toIndexingShape(type) | ArrayClass | CopyOnWrite))) > converts = Array::Convert; > else > converts = Array::AsIs; >@@ -69,62 +69,62 @@ ArrayMode ArrayMode::fromObserved(const ConcurrentJSLocker& locker, ArrayProfile > switch (observed) { > case 0: > return ArrayMode(Array::Unprofiled); >- case asArrayModes(NonArray): >+ case asArrayModesIgnoringTypedArrays(NonArray): > if (action == Array::Write && !profile->mayInterceptIndexedAccesses(locker)) > return ArrayMode(Array::SelectUsingArguments, nonArray, Array::OutOfBounds, Array::Convert, action); > return ArrayMode(Array::SelectUsingPredictions, nonArray, action).withSpeculationFromProfile(locker, profile, makeSafe); > >- case asArrayModes(ArrayWithUndecided): >+ case asArrayModesIgnoringTypedArrays(ArrayWithUndecided): > if (action == Array::Write) > return ArrayMode(Array::SelectUsingArguments, Array::Array, Array::OutOfBounds, Array::Convert, action); > return ArrayMode(Array::Undecided, Array::Array, Array::OutOfBounds, Array::AsIs, action).withProfile(locker, profile, makeSafe); > >- case asArrayModes(NonArray) | asArrayModes(ArrayWithUndecided): >+ case asArrayModesIgnoringTypedArrays(NonArray) | asArrayModesIgnoringTypedArrays(ArrayWithUndecided): > if (action == Array::Write && !profile->mayInterceptIndexedAccesses(locker)) > return ArrayMode(Array::SelectUsingArguments, Array::PossiblyArray, Array::OutOfBounds, Array::Convert, action); > return ArrayMode(Array::SelectUsingPredictions, action).withSpeculationFromProfile(locker, profile, makeSafe); > >- case asArrayModes(NonArrayWithInt32): >- case asArrayModes(ArrayWithInt32): >- case asArrayModes(CopyOnWriteArrayWithInt32): >- case asArrayModes(NonArrayWithInt32) | asArrayModes(ArrayWithInt32): >- case asArrayModes(NonArrayWithInt32) | asArrayModes(CopyOnWriteArrayWithInt32): >- case asArrayModes(ArrayWithInt32) | asArrayModes(CopyOnWriteArrayWithInt32): >- case asArrayModes(NonArrayWithInt32) | asArrayModes(ArrayWithInt32) | asArrayModes(CopyOnWriteArrayWithInt32): >+ case asArrayModesIgnoringTypedArrays(NonArrayWithInt32): >+ case asArrayModesIgnoringTypedArrays(ArrayWithInt32): >+ case asArrayModesIgnoringTypedArrays(CopyOnWriteArrayWithInt32): >+ case asArrayModesIgnoringTypedArrays(NonArrayWithInt32) | asArrayModesIgnoringTypedArrays(ArrayWithInt32): >+ case asArrayModesIgnoringTypedArrays(NonArrayWithInt32) | asArrayModesIgnoringTypedArrays(CopyOnWriteArrayWithInt32): >+ case asArrayModesIgnoringTypedArrays(ArrayWithInt32) | asArrayModesIgnoringTypedArrays(CopyOnWriteArrayWithInt32): >+ case asArrayModesIgnoringTypedArrays(NonArrayWithInt32) | asArrayModesIgnoringTypedArrays(ArrayWithInt32) | asArrayModesIgnoringTypedArrays(CopyOnWriteArrayWithInt32): > return handleContiguousModes(Array::Int32, observed); > >- case asArrayModes(NonArrayWithDouble): >- case asArrayModes(ArrayWithDouble): >- case asArrayModes(CopyOnWriteArrayWithDouble): >- case asArrayModes(NonArrayWithDouble) | asArrayModes(ArrayWithDouble): >- case asArrayModes(NonArrayWithDouble) | asArrayModes(CopyOnWriteArrayWithDouble): >- case asArrayModes(ArrayWithDouble) | asArrayModes(CopyOnWriteArrayWithDouble): >- case asArrayModes(NonArrayWithDouble) | asArrayModes(ArrayWithDouble) | asArrayModes(CopyOnWriteArrayWithDouble): >+ case asArrayModesIgnoringTypedArrays(NonArrayWithDouble): >+ case asArrayModesIgnoringTypedArrays(ArrayWithDouble): >+ case asArrayModesIgnoringTypedArrays(CopyOnWriteArrayWithDouble): >+ case asArrayModesIgnoringTypedArrays(NonArrayWithDouble) | asArrayModesIgnoringTypedArrays(ArrayWithDouble): >+ case asArrayModesIgnoringTypedArrays(NonArrayWithDouble) | asArrayModesIgnoringTypedArrays(CopyOnWriteArrayWithDouble): >+ case asArrayModesIgnoringTypedArrays(ArrayWithDouble) | asArrayModesIgnoringTypedArrays(CopyOnWriteArrayWithDouble): >+ case asArrayModesIgnoringTypedArrays(NonArrayWithDouble) | asArrayModesIgnoringTypedArrays(ArrayWithDouble) | asArrayModesIgnoringTypedArrays(CopyOnWriteArrayWithDouble): > return handleContiguousModes(Array::Double, observed); > >- case asArrayModes(NonArrayWithContiguous): >- case asArrayModes(ArrayWithContiguous): >- case asArrayModes(CopyOnWriteArrayWithContiguous): >- case asArrayModes(NonArrayWithContiguous) | asArrayModes(ArrayWithContiguous): >- case asArrayModes(NonArrayWithContiguous) | asArrayModes(CopyOnWriteArrayWithContiguous): >- case asArrayModes(ArrayWithContiguous) | asArrayModes(CopyOnWriteArrayWithContiguous): >- case asArrayModes(NonArrayWithContiguous) | asArrayModes(ArrayWithContiguous) | asArrayModes(CopyOnWriteArrayWithContiguous): >+ case asArrayModesIgnoringTypedArrays(NonArrayWithContiguous): >+ case asArrayModesIgnoringTypedArrays(ArrayWithContiguous): >+ case asArrayModesIgnoringTypedArrays(CopyOnWriteArrayWithContiguous): >+ case asArrayModesIgnoringTypedArrays(NonArrayWithContiguous) | asArrayModesIgnoringTypedArrays(ArrayWithContiguous): >+ case asArrayModesIgnoringTypedArrays(NonArrayWithContiguous) | asArrayModesIgnoringTypedArrays(CopyOnWriteArrayWithContiguous): >+ case asArrayModesIgnoringTypedArrays(ArrayWithContiguous) | asArrayModesIgnoringTypedArrays(CopyOnWriteArrayWithContiguous): >+ case asArrayModesIgnoringTypedArrays(NonArrayWithContiguous) | asArrayModesIgnoringTypedArrays(ArrayWithContiguous) | asArrayModesIgnoringTypedArrays(CopyOnWriteArrayWithContiguous): > return handleContiguousModes(Array::Contiguous, observed); > >- case asArrayModes(NonArrayWithArrayStorage): >+ case asArrayModesIgnoringTypedArrays(NonArrayWithArrayStorage): > return ArrayMode(Array::ArrayStorage, nonArray, Array::AsIs, action).withProfile(locker, profile, makeSafe); >- case asArrayModes(NonArrayWithSlowPutArrayStorage): >- case asArrayModes(NonArrayWithArrayStorage) | asArrayModes(NonArrayWithSlowPutArrayStorage): >+ case asArrayModesIgnoringTypedArrays(NonArrayWithSlowPutArrayStorage): >+ case asArrayModesIgnoringTypedArrays(NonArrayWithArrayStorage) | asArrayModesIgnoringTypedArrays(NonArrayWithSlowPutArrayStorage): > return ArrayMode(Array::SlowPutArrayStorage, nonArray, Array::AsIs, action).withProfile(locker, profile, makeSafe); >- case asArrayModes(ArrayWithArrayStorage): >+ case asArrayModesIgnoringTypedArrays(ArrayWithArrayStorage): > return ArrayMode(Array::ArrayStorage, Array::Array, Array::AsIs, action).withProfile(locker, profile, makeSafe); >- case asArrayModes(ArrayWithSlowPutArrayStorage): >- case asArrayModes(ArrayWithArrayStorage) | asArrayModes(ArrayWithSlowPutArrayStorage): >+ case asArrayModesIgnoringTypedArrays(ArrayWithSlowPutArrayStorage): >+ case asArrayModesIgnoringTypedArrays(ArrayWithArrayStorage) | asArrayModesIgnoringTypedArrays(ArrayWithSlowPutArrayStorage): > return ArrayMode(Array::SlowPutArrayStorage, Array::Array, Array::AsIs, action).withProfile(locker, profile, makeSafe); >- case asArrayModes(NonArrayWithArrayStorage) | asArrayModes(ArrayWithArrayStorage): >+ case asArrayModesIgnoringTypedArrays(NonArrayWithArrayStorage) | asArrayModesIgnoringTypedArrays(ArrayWithArrayStorage): > return ArrayMode(Array::ArrayStorage, Array::PossiblyArray, Array::AsIs, action).withProfile(locker, profile, makeSafe); >- case asArrayModes(NonArrayWithSlowPutArrayStorage) | asArrayModes(ArrayWithSlowPutArrayStorage): >- case asArrayModes(NonArrayWithArrayStorage) | asArrayModes(ArrayWithArrayStorage) | asArrayModes(NonArrayWithSlowPutArrayStorage) | asArrayModes(ArrayWithSlowPutArrayStorage): >+ case asArrayModesIgnoringTypedArrays(NonArrayWithSlowPutArrayStorage) | asArrayModesIgnoringTypedArrays(ArrayWithSlowPutArrayStorage): >+ case asArrayModesIgnoringTypedArrays(NonArrayWithArrayStorage) | asArrayModesIgnoringTypedArrays(ArrayWithArrayStorage) | asArrayModesIgnoringTypedArrays(NonArrayWithSlowPutArrayStorage) | asArrayModesIgnoringTypedArrays(ArrayWithSlowPutArrayStorage): > return ArrayMode(Array::SlowPutArrayStorage, Array::PossiblyArray, Array::AsIs, action).withProfile(locker, profile, makeSafe); > case Int8ArrayMode: > return ArrayMode(Array::Int8Array, nonArray, Array::AsIs, action).withProfile(locker, profile, makeSafe); >@@ -150,7 +150,7 @@ ArrayMode ArrayMode::fromObserved(const ConcurrentJSLocker& locker, ArrayProfile > if (observed & ALL_TYPED_ARRAY_MODES) > return ArrayMode(Array::Generic, nonArray, Array::AsIs, action).withProfile(locker, profile, makeSafe); > >- if ((observed & asArrayModes(NonArray)) && profile->mayInterceptIndexedAccesses(locker)) >+ if ((observed & asArrayModesIgnoringTypedArrays(NonArray)) && profile->mayInterceptIndexedAccesses(locker)) > return ArrayMode(Array::SelectUsingPredictions).withSpeculationFromProfile(locker, profile, makeSafe); > > Array::Type type; >@@ -438,7 +438,7 @@ bool ArrayMode::alreadyChecked(Graph& graph, Node* node, const AbstractValue& va > } > > case Array::Array: { >- if (arrayModesAlreadyChecked(value.m_arrayModes, asArrayModes(shape | IsArray))) >+ if (arrayModesAlreadyChecked(value.m_arrayModes, asArrayModesIgnoringTypedArrays(shape | IsArray))) > return true; > if (value.m_structure.isTop()) > return false; >@@ -455,7 +455,7 @@ bool ArrayMode::alreadyChecked(Graph& graph, Node* node, const AbstractValue& va > } > > default: { >- if (arrayModesAlreadyChecked(value.m_arrayModes, asArrayModes(shape) | asArrayModes(shape | IsArray))) >+ if (arrayModesAlreadyChecked(value.m_arrayModes, asArrayModesIgnoringTypedArrays(shape) | asArrayModesIgnoringTypedArrays(shape | IsArray))) > return true; > if (value.m_structure.isTop()) > return false; >@@ -505,7 +505,7 @@ bool ArrayMode::alreadyChecked(Graph& graph, Node* node, const AbstractValue& va > } > > case Array::Array: { >- if (arrayModesAlreadyChecked(value.m_arrayModes, asArrayModes(ArrayWithArrayStorage) | asArrayModes(ArrayWithSlowPutArrayStorage))) >+ if (arrayModesAlreadyChecked(value.m_arrayModes, asArrayModesIgnoringTypedArrays(ArrayWithArrayStorage) | asArrayModesIgnoringTypedArrays(ArrayWithSlowPutArrayStorage))) > return true; > if (value.m_structure.isTop()) > return false; >@@ -520,7 +520,7 @@ bool ArrayMode::alreadyChecked(Graph& graph, Node* node, const AbstractValue& va > } > > default: { >- if (arrayModesAlreadyChecked(value.m_arrayModes, asArrayModes(NonArrayWithArrayStorage) | asArrayModes(ArrayWithArrayStorage) | asArrayModes(NonArrayWithSlowPutArrayStorage) | asArrayModes(ArrayWithSlowPutArrayStorage))) >+ if (arrayModesAlreadyChecked(value.m_arrayModes, asArrayModesIgnoringTypedArrays(NonArrayWithArrayStorage) | asArrayModesIgnoringTypedArrays(ArrayWithArrayStorage) | asArrayModesIgnoringTypedArrays(NonArrayWithSlowPutArrayStorage) | asArrayModesIgnoringTypedArrays(ArrayWithSlowPutArrayStorage))) > return true; > if (value.m_structure.isTop()) > return false; >diff --git a/Source/JavaScriptCore/dfg/DFGArrayMode.h b/Source/JavaScriptCore/dfg/DFGArrayMode.h >index 0ac2eccb6f8cb8c7c28313b3393c9b6857765d74..c23b0980e57fd1c1958fb78c00a555646fbc9477 100644 >--- a/Source/JavaScriptCore/dfg/DFGArrayMode.h >+++ b/Source/JavaScriptCore/dfg/DFGArrayMode.h >@@ -420,7 +420,7 @@ class ArrayMode { > > bool structureWouldPassArrayModeFiltering(Structure* structure) > { >- return arrayModesAlreadyChecked(arrayModeFromStructure(structure), arrayModesThatPassFiltering()); >+ return arrayModesAlreadyChecked(arrayModesFromStructure(structure), arrayModesThatPassFiltering()); > } > > ArrayModes arrayModesThatPassFiltering() const >@@ -445,8 +445,28 @@ class ArrayMode { > case Array::DirectArguments: > case Array::ScopedArguments: > return arrayModesWithIndexingShapes(ArrayStorageShape, NonArray); >+ case Array::Int8Array: >+ return Int8ArrayMode; >+ case Array::Int16Array: >+ return Int16ArrayMode; >+ case Array::Int32Array: >+ return Int32ArrayMode; >+ case Array::Uint8Array: >+ return Uint8ArrayMode; >+ case Array::Uint8ClampedArray: >+ return Uint8ClampedArrayMode; >+ case Array::Uint16Array: >+ return Uint16ArrayMode; >+ case Array::Uint32Array: >+ return Uint32ArrayMode; >+ case Array::Float32Array: >+ return Float32ArrayMode; >+ case Array::Float64Array: >+ return Float64ArrayMode; >+ case Array::AnyTypedArray: >+ return ALL_TYPED_ARRAY_MODES; > default: >- return asArrayModes(NonArray); >+ return asArrayModesIgnoringTypedArrays(NonArray); > } > > if (action() == Array::Write) >@@ -497,20 +517,20 @@ class ArrayMode { > switch (arrayClass()) { > case Array::NonArray: > case Array::OriginalNonArray: >- return asArrayModes(shape); >+ return asArrayModesIgnoringTypedArrays(shape); > case Array::OriginalCopyOnWriteArray: > ASSERT(hasInt32(shape) || hasDouble(shape) || hasContiguous(shape)); >- return asArrayModes(shape | IsArray) | asArrayModes(shape | IsArray | CopyOnWrite); >+ return asArrayModesIgnoringTypedArrays(shape | IsArray) | asArrayModesIgnoringTypedArrays(shape | IsArray | CopyOnWrite); > case Array::Array: > if (hasInt32(shape) || hasDouble(shape) || hasContiguous(shape)) >- return asArrayModes(shape | IsArray) | asArrayModes(shape | IsArray | CopyOnWrite); >+ return asArrayModesIgnoringTypedArrays(shape | IsArray) | asArrayModesIgnoringTypedArrays(shape | IsArray | CopyOnWrite); > FALLTHROUGH; > case Array::OriginalArray: >- return asArrayModes(shape | IsArray); >+ return asArrayModesIgnoringTypedArrays(shape | IsArray); > case Array::PossiblyArray: > if (hasInt32(shape) || hasDouble(shape) || hasContiguous(shape)) >- return asArrayModes(shape) | asArrayModes(shape | IsArray) | asArrayModes(shape | IsArray | CopyOnWrite); >- return asArrayModes(shape) | asArrayModes(shape | IsArray); >+ return asArrayModesIgnoringTypedArrays(shape) | asArrayModesIgnoringTypedArrays(shape | IsArray) | asArrayModesIgnoringTypedArrays(shape | IsArray | CopyOnWrite); >+ return asArrayModesIgnoringTypedArrays(shape) | asArrayModesIgnoringTypedArrays(shape | IsArray); > default: > // This is only necessary for C++ compilers that don't understand enums. > return 0; >diff --git a/Source/JavaScriptCore/dfg/DFGOSRExit.cpp b/Source/JavaScriptCore/dfg/DFGOSRExit.cpp >index 6d464f3dfb8d24beae17e881a8dbd09cc1a8efc3..0824f06cb19fcd0d80b09977fcbd6b883261abe8 100644 >--- a/Source/JavaScriptCore/dfg/DFGOSRExit.cpp >+++ b/Source/JavaScriptCore/dfg/DFGOSRExit.cpp >@@ -507,7 +507,7 @@ void OSRExit::executeOSRExit(Context& context) > ASSERT(exit.m_kind == BadCache || exit.m_kind == BadIndexingType); > Structure* structure = profiledValue.asCell()->structure(vm); > arrayProfile->observeStructure(structure); >- arrayProfile->observeArrayMode(asArrayModes(structure->indexingMode())); >+ arrayProfile->observeArrayMode(arrayModesFromStructure(structure)); > } > if (extraInitializationLevel <= ExtraInitializationLevel::ArrayProfileUpdate) > break; >@@ -1185,6 +1185,15 @@ void OSRExit::compileExit(CCallHelpers& jit, VM& vm, const OSRExit& exit, const > > jit.load32(AssemblyHelpers::Address(value, JSCell::structureIDOffset()), scratch1); > jit.store32(scratch1, arrayProfile->addressOfLastSeenStructureID()); >+ >+ jit.load8(AssemblyHelpers::Address(value, JSCell::typeInfoTypeOffset()), scratch2); >+ jit.sub32(AssemblyHelpers::TrustedImm32(FirstTypedArrayType), scratch2); >+ auto notTypedArray = jit.branch32(MacroAssembler::AboveOrEqual, scratch2, AssemblyHelpers::TrustedImm32(NumberOfTypedArrayTypesExcludingDataView)); >+ jit.move(AssemblyHelpers::TrustedImmPtr(TypedArrayModes), scratch1); >+ jit.load32(AssemblyHelpers::BaseIndex(scratch1, scratch2, AssemblyHelpers::TimesFour), scratch2); >+ auto storeArrayModes = jit.jump(); >+ >+ notTypedArray.link(&jit); > #if USE(JSVALUE64) > jit.load8(AssemblyHelpers::Address(value, JSCell::indexingTypeAndMiscOffset()), scratch1); > #else >@@ -1193,6 +1202,7 @@ void OSRExit::compileExit(CCallHelpers& jit, VM& vm, const OSRExit& exit, const > jit.and32(AssemblyHelpers::TrustedImm32(IndexingModeMask), scratch1); > jit.move(AssemblyHelpers::TrustedImm32(1), scratch2); > jit.lshift32(scratch1, scratch2); >+ storeArrayModes.link(&jit); > jit.or32(scratch2, AssemblyHelpers::AbsoluteAddress(arrayProfile->addressOfArrayModes())); > > if (isARM64()) { >diff --git a/Source/JavaScriptCore/dfg/DFGRegisteredStructureSet.cpp b/Source/JavaScriptCore/dfg/DFGRegisteredStructureSet.cpp >index 2e166a6e648c5fe2ae1153ae5604c552f84c8000..75b0f05e6514a2588b8fe0326207529b4513a128 100644 >--- a/Source/JavaScriptCore/dfg/DFGRegisteredStructureSet.cpp >+++ b/Source/JavaScriptCore/dfg/DFGRegisteredStructureSet.cpp >@@ -53,7 +53,7 @@ void RegisteredStructureSet::filterArrayModes(ArrayModes arrayModes) > { > genericFilter( > [&] (RegisteredStructure structure) -> bool { >- return arrayModes & arrayModeFromStructure(structure.get()); >+ return arrayModes & arrayModesFromStructure(structure.get()); > }); > } > >@@ -79,7 +79,7 @@ ArrayModes RegisteredStructureSet::arrayModesFromStructures() const > ArrayModes result = 0; > forEach( > [&] (RegisteredStructure structure) { >- mergeArrayModes(result, asArrayModes(structure->indexingMode())); >+ mergeArrayModes(result, arrayModesFromStructure(structure.get())); > }); > return result; > } >diff --git a/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp b/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp >index f066d0ba46623be4a190df3c2d6f2030858f846d..462ad924a8f80e936f6c23556d6ee691b2464dab 100644 >--- a/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp >+++ b/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp >@@ -277,10 +277,20 @@ static void compileStub( > if (ArrayProfile* arrayProfile = jit.baselineCodeBlockFor(codeOrigin)->getArrayProfile(codeOrigin.bytecodeIndex)) { > jit.load32(MacroAssembler::Address(GPRInfo::regT0, JSCell::structureIDOffset()), GPRInfo::regT1); > jit.store32(GPRInfo::regT1, arrayProfile->addressOfLastSeenStructureID()); >+ >+ jit.load8(MacroAssembler::Address(GPRInfo::regT0, JSCell::typeInfoTypeOffset()), GPRInfo::regT2); >+ jit.sub32(MacroAssembler::TrustedImm32(FirstTypedArrayType), GPRInfo::regT2); >+ auto notTypedArray = jit.branch32(MacroAssembler::AboveOrEqual, GPRInfo::regT2, MacroAssembler::TrustedImm32(NumberOfTypedArrayTypesExcludingDataView)); >+ jit.move(MacroAssembler::TrustedImmPtr(TypedArrayModes), GPRInfo::regT1); >+ jit.load32(MacroAssembler::BaseIndex(GPRInfo::regT1, GPRInfo::regT2, MacroAssembler::TimesFour), GPRInfo::regT2); >+ auto storeArrayModes = jit.jump(); >+ >+ notTypedArray.link(&jit); > jit.load8(MacroAssembler::Address(GPRInfo::regT0, JSCell::indexingTypeAndMiscOffset()), GPRInfo::regT1); > jit.and32(MacroAssembler::TrustedImm32(IndexingModeMask), GPRInfo::regT1); > jit.move(MacroAssembler::TrustedImm32(1), GPRInfo::regT2); > jit.lshift32(GPRInfo::regT1, GPRInfo::regT2); >+ storeArrayModes.link(&jit); > jit.or32(GPRInfo::regT2, MacroAssembler::AbsoluteAddress(arrayProfile->addressOfArrayModes())); > } > } >diff --git a/Source/JavaScriptCore/jit/JITInlines.h b/Source/JavaScriptCore/jit/JITInlines.h >index 9ea8deb388abf9bb9887905b5d32d4997fea6a7d..f54bfe96f6efde01ba3c6666565971cab5e18251 100644 >--- a/Source/JavaScriptCore/jit/JITInlines.h >+++ b/Source/JavaScriptCore/jit/JITInlines.h >@@ -364,13 +364,12 @@ inline void JIT::emitArrayProfileOutOfBoundsSpecialCase(ArrayProfile* arrayProfi > store8(TrustedImm32(1), arrayProfile->addressOfOutOfBounds()); > } > >-static inline bool arrayProfileSaw(ArrayModes arrayModes, IndexingType capability) >-{ >- return arrayModesInclude(arrayModes, capability); >-} >- > inline JITArrayMode JIT::chooseArrayMode(ArrayProfile* profile) > { >+ auto arrayProfileSaw = [] (ArrayModes arrayModes, IndexingType capability) { >+ return arrayModesIncludeIgnoringTypedArrays(arrayModes, capability); >+ }; >+ > ConcurrentJSLocker locker(m_codeBlock->m_lock); > profile->computeUpdatedPrediction(locker, m_codeBlock); > ArrayModes arrayModes = profile->observedArrayModes(locker);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=358996">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 193372
:
358969
|
358971
|
358975
|
358976
|
358978
|
358979
|
358980
|
358983
|
358996
|
359003
|
359004