Typed arrays should be rewritten
https://bugs.webkit.org/show_bug.cgi?id=119064
.:
Reviewed by Oliver Hunt.
Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>.
* Source/autotools/symbols.filter:
Source/JavaScriptCore:
Reviewed by Oliver Hunt.
Typed arrays were previously deficient in several major ways:
- They were defined separately in WebCore and in the jsc shell. The two
implementations were different, and the jsc shell one was basically wrong.
The WebCore one was quite awful, also.
- Typed arrays were not visible to the JIT except through some weird hooks.
For example, the JIT could not ask "what is the Structure that this typed
array would have if I just allocated it from this global object". Also,
it was difficult to wire any of the typed array intrinsics, because most
of the functionality wasn't visible anywhere in JSC.
- Typed array allocation was brain-dead. Allocating a typed array involved
two JS objects, two GC weak handles, and three malloc allocations.
- Neutering. It involved keeping tabs on all native views but not the view
wrappers, even though the native views can autoneuter just by asking the
buffer if it was neutered anytime you touch them; while the JS view
wrappers are the ones that you really want to reach out to.
- Common case-ing. Most typed arrays have one buffer and one view, and
usually nobody touches the buffer. Yet we created all of that stuff
anyway, using data structures optimized for the case where you had a lot
of views.
- Semantic goofs. Typed arrays should, in the future, behave like ES
features rather than DOM features, for example when it comes to exceptions.
Firefox already does this and I agree with them.
This patch cleanses our codebase of these sins:
- Typed arrays are almost entirely defined in JSC. Only the lifecycle
management of native references to buffers is left to WebCore.
- Allocating a typed array requires either two GC allocations (a cell and a
copied storage vector) or one GC allocation, a malloc allocation, and a
weak handle (a cell and a malloc'd storage vector, plus a finalizer for the
latter). The latter is only used for oversize arrays. Remember that before
it was 7 allocations no matter what.
- Typed arrays require just 4 words of overhead: Structure*, Butterfly*,
mode/length, void* vector. Before it was a lot more than that - remember,
there were five additional objects that did absolutely nothing for anybody.
- Native views aren't tracked by the buffer, or by the wrappers. They are
transient. In the future we'll probably switch to not even having them be
malloc'd.
- Native array buffers have an efficient way of tracking all of their JS view
wrappers, both for neutering, and for lifecycle management. The GC
special-cases native array buffers. This saves a bunch of grief; for example
it means that a JS view wrapper can refer to its buffer via the butterfly,
which would be dead by the time we went to finalize.
- Typed array semantics now match Firefox, which also happens to be where the
standards are going. The discussion on webkit-dev seemed to confirm that
Chrome is also heading in this direction. This includes making
Uint8ClampedArray not a subtype of Uint8Array, and getting rid of
ArrayBufferView as a JS-visible construct.
This is up to a 10x speed-up on programs that allocate a lot of typed arrays.
It's a 1% speed-up on Octane. It also opens up a bunch of possibilities for
further typed array optimizations in the JSC JITs, including inlining typed
array allocation, inlining more of the accessors, reducing the cost of type
checks, etc.
An additional property of this patch is that typed arrays are mostly
implemented using templates. This deduplicates a bunch of code, but does mean
that we need some hacks for exporting s_info's of template classes. See
JSGenericTypedArrayView.h and JSTypedArrays.cpp. Those hacks are fairly
low-impact compared to code duplication.
Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>.
* CMakeLists.txt:
* DerivedSources.make:
* GNUmakefile.list.am:
* JSCTypedArrayStubs.h: Removed.
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* bytecode/ByValInfo.h:
(JSC::hasOptimizableIndexingForClassInfo):
(JSC::jitArrayModeForClassInfo):
(JSC::typedArrayTypeForJITArrayMode):
* bytecode/SpeculatedType.cpp:
(JSC::speculationFromClassInfo):
* dfg/DFGArrayMode.cpp:
(JSC::DFG::toTypedArrayType):
* dfg/DFGArrayMode.h:
(JSC::DFG::ArrayMode::typedArrayType):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::checkArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
(JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
(JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
(JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
(JSC::DFG::SpeculativeJIT::compileGetArrayLength):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* heap/CopyToken.h:
* heap/DeferGC.h:
(JSC::DeferGCForAWhile::DeferGCForAWhile):
(JSC::DeferGCForAWhile::~DeferGCForAWhile):
* heap/GCIncomingRefCounted.h: Added.
(JSC::GCIncomingRefCounted::GCIncomingRefCounted):
(JSC::GCIncomingRefCounted::~GCIncomingRefCounted):
(JSC::GCIncomingRefCounted::numberOfIncomingReferences):
(JSC::GCIncomingRefCounted::incomingReferenceAt):
(JSC::GCIncomingRefCounted::singletonFlag):
(JSC::GCIncomingRefCounted::hasVectorOfCells):
(JSC::GCIncomingRefCounted::hasAnyIncoming):
(JSC::GCIncomingRefCounted::hasSingleton):
(JSC::GCIncomingRefCounted::singleton):
(JSC::GCIncomingRefCounted::vectorOfCells):
* heap/GCIncomingRefCountedInlines.h: Added.
(JSC::::addIncomingReference):
(JSC::::filterIncomingReferences):
* heap/GCIncomingRefCountedSet.h: Added.
(JSC::GCIncomingRefCountedSet::size):
* heap/GCIncomingRefCountedSetInlines.h: Added.
(JSC::::GCIncomingRefCountedSet):
(JSC::::~GCIncomingRefCountedSet):
(JSC::::addReference):
(JSC::::sweep):
(JSC::::removeAll):
(JSC::::removeDead):
* heap/Heap.cpp:
(JSC::Heap::addReference):
(JSC::Heap::extraSize):
(JSC::Heap::size):
(JSC::Heap::capacity):
(JSC::Heap::collect):
(JSC::Heap::decrementDeferralDepth):
(JSC::Heap::decrementDeferralDepthAndGCIfNeeded):
* heap/Heap.h:
* interpreter/CallFrame.h:
(JSC::ExecState::dataViewTable):
* jit/JIT.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::privateCompileGetByVal):
(JSC::JIT::privateCompilePutByVal):
(JSC::JIT::emitIntTypedArrayGetByVal):
(JSC::JIT::emitFloatTypedArrayGetByVal):
(JSC::JIT::emitIntTypedArrayPutByVal):
(JSC::JIT::emitFloatTypedArrayPutByVal):
* jsc.cpp:
(GlobalObject::finishCreation):
* runtime/ArrayBuffer.cpp:
(JSC::ArrayBuffer::transfer):
* runtime/ArrayBuffer.h:
(JSC::ArrayBuffer::createAdopted):
(JSC::ArrayBuffer::ArrayBuffer):
(JSC::ArrayBuffer::gcSizeEstimateInBytes):
(JSC::ArrayBuffer::pin):
(JSC::ArrayBuffer::unpin):
(JSC::ArrayBufferContents::tryAllocate):
* runtime/ArrayBufferView.cpp:
(JSC::ArrayBufferView::ArrayBufferView):
(JSC::ArrayBufferView::~ArrayBufferView):
(JSC::ArrayBufferView::setNeuterable):
* runtime/ArrayBufferView.h:
(JSC::ArrayBufferView::isNeutered):
(JSC::ArrayBufferView::buffer):
(JSC::ArrayBufferView::baseAddress):
(JSC::ArrayBufferView::byteOffset):
(JSC::ArrayBufferView::verifySubRange):
(JSC::ArrayBufferView::clampOffsetAndNumElements):
(JSC::ArrayBufferView::calculateOffsetAndLength):
* runtime/ClassInfo.h:
* runtime/CommonIdentifiers.h:
* runtime/DataView.cpp: Added.
(JSC::DataView::DataView):
(JSC::DataView::create):
(JSC::DataView::wrap):
* runtime/DataView.h: Added.
(JSC::DataView::byteLength):
(JSC::DataView::getType):
(JSC::DataView::get):
(JSC::DataView::set):
* runtime/Float32Array.h:
* runtime/Float64Array.h:
* runtime/GenericTypedArrayView.h: Added.
(JSC::GenericTypedArrayView::data):
(JSC::GenericTypedArrayView::set):
(JSC::GenericTypedArrayView::setRange):
(JSC::GenericTypedArrayView::zeroRange):
(JSC::GenericTypedArrayView::zeroFill):
(JSC::GenericTypedArrayView::length):
(JSC::GenericTypedArrayView::byteLength):
(JSC::GenericTypedArrayView::item):
(JSC::GenericTypedArrayView::checkInboundData):
(JSC::GenericTypedArrayView::getType):
* runtime/GenericTypedArrayViewInlines.h: Added.
(JSC::::GenericTypedArrayView):
(JSC::::create):
(JSC::::createUninitialized):
(JSC::::subarray):
(JSC::::wrap):
* runtime/IndexingHeader.h:
(JSC::IndexingHeader::arrayBuffer):
(JSC::IndexingHeader::setArrayBuffer):
* runtime/Int16Array.h:
* runtime/Int32Array.h:
* runtime/Int8Array.h:
* runtime/JSArrayBuffer.cpp: Added.
(JSC::JSArrayBuffer::JSArrayBuffer):
(JSC::JSArrayBuffer::finishCreation):
(JSC::JSArrayBuffer::create):
(JSC::JSArrayBuffer::createStructure):
(JSC::JSArrayBuffer::getOwnPropertySlot):
(JSC::JSArrayBuffer::getOwnPropertyDescriptor):
(JSC::JSArrayBuffer::put):
(JSC::JSArrayBuffer::defineOwnProperty):
(JSC::JSArrayBuffer::deleteProperty):
(JSC::JSArrayBuffer::getOwnNonIndexPropertyNames):
* runtime/JSArrayBuffer.h: Added.
(JSC::JSArrayBuffer::impl):
(JSC::toArrayBuffer):
* runtime/JSArrayBufferConstructor.cpp: Added.
(JSC::JSArrayBufferConstructor::JSArrayBufferConstructor):
(JSC::JSArrayBufferConstructor::finishCreation):
(JSC::JSArrayBufferConstructor::create):
(JSC::JSArrayBufferConstructor::createStructure):
(JSC::constructArrayBuffer):
(JSC::JSArrayBufferConstructor::getConstructData):
(JSC::JSArrayBufferConstructor::getCallData):
* runtime/JSArrayBufferConstructor.h: Added.
* runtime/JSArrayBufferPrototype.cpp: Added.
(JSC::arrayBufferProtoFuncSlice):
(JSC::JSArrayBufferPrototype::JSArrayBufferPrototype):
(JSC::JSArrayBufferPrototype::finishCreation):
(JSC::JSArrayBufferPrototype::create):
(JSC::JSArrayBufferPrototype::createStructure):
* runtime/JSArrayBufferPrototype.h: Added.
* runtime/JSArrayBufferView.cpp: Added.
(JSC::JSArrayBufferView::ConstructionContext::ConstructionContext):
(JSC::JSArrayBufferView::JSArrayBufferView):
(JSC::JSArrayBufferView::finishCreation):
(JSC::JSArrayBufferView::getOwnPropertySlot):
(JSC::JSArrayBufferView::getOwnPropertyDescriptor):
(JSC::JSArrayBufferView::put):
(JSC::JSArrayBufferView::defineOwnProperty):
(JSC::JSArrayBufferView::deleteProperty):
(JSC::JSArrayBufferView::getOwnNonIndexPropertyNames):
(JSC::JSArrayBufferView::finalize):
* runtime/JSArrayBufferView.h: Added.
(JSC::JSArrayBufferView::sizeOf):
(JSC::JSArrayBufferView::ConstructionContext::operator!):
(JSC::JSArrayBufferView::ConstructionContext::structure):
(JSC::JSArrayBufferView::ConstructionContext::vector):
(JSC::JSArrayBufferView::ConstructionContext::length):
(JSC::JSArrayBufferView::ConstructionContext::mode):
(JSC::JSArrayBufferView::ConstructionContext::butterfly):
(JSC::JSArrayBufferView::mode):
(JSC::JSArrayBufferView::vector):
(JSC::JSArrayBufferView::length):
(JSC::JSArrayBufferView::offsetOfVector):
(JSC::JSArrayBufferView::offsetOfLength):
(JSC::JSArrayBufferView::offsetOfMode):
* runtime/JSArrayBufferViewInlines.h: Added.
(JSC::JSArrayBufferView::slowDownAndWasteMemoryIfNecessary):
(JSC::JSArrayBufferView::buffer):
(JSC::JSArrayBufferView::impl):
(JSC::JSArrayBufferView::neuter):
(JSC::JSArrayBufferView::byteOffset):
* runtime/JSCell.cpp:
(JSC::JSCell::slowDownAndWasteMemory):
(JSC::JSCell::getTypedArrayImpl):
* runtime/JSCell.h:
* runtime/JSDataView.cpp: Added.
(JSC::JSDataView::JSDataView):
(JSC::JSDataView::create):
(JSC::JSDataView::createUninitialized):
(JSC::JSDataView::set):
(JSC::JSDataView::typedImpl):
(JSC::JSDataView::getOwnPropertySlot):
(JSC::JSDataView::getOwnPropertyDescriptor):
(JSC::JSDataView::slowDownAndWasteMemory):
(JSC::JSDataView::getTypedArrayImpl):
(JSC::JSDataView::createStructure):
* runtime/JSDataView.h: Added.
* runtime/JSDataViewPrototype.cpp: Added.
(JSC::JSDataViewPrototype::JSDataViewPrototype):
(JSC::JSDataViewPrototype::create):
(JSC::JSDataViewPrototype::createStructure):
(JSC::JSDataViewPrototype::getOwnPropertySlot):
(JSC::JSDataViewPrototype::getOwnPropertyDescriptor):
(JSC::getData):
(JSC::setData):
(JSC::dataViewProtoFuncGetInt8):
(JSC::dataViewProtoFuncGetInt16):
(JSC::dataViewProtoFuncGetInt32):
(JSC::dataViewProtoFuncGetUint8):
(JSC::dataViewProtoFuncGetUint16):
(JSC::dataViewProtoFuncGetUint32):
(JSC::dataViewProtoFuncGetFloat32):
(JSC::dataViewProtoFuncGetFloat64):
(JSC::dataViewProtoFuncSetInt8):
(JSC::dataViewProtoFuncSetInt16):
(JSC::dataViewProtoFuncSetInt32):
(JSC::dataViewProtoFuncSetUint8):
(JSC::dataViewProtoFuncSetUint16):
(JSC::dataViewProtoFuncSetUint32):
(JSC::dataViewProtoFuncSetFloat32):
(JSC::dataViewProtoFuncSetFloat64):
* runtime/JSDataViewPrototype.h: Added.
* runtime/JSFloat32Array.h: Added.
* runtime/JSFloat64Array.h: Added.
* runtime/JSGenericTypedArrayView.h: Added.
(JSC::JSGenericTypedArrayView::byteLength):
(JSC::JSGenericTypedArrayView::byteSize):
(JSC::JSGenericTypedArrayView::typedVector):
(JSC::JSGenericTypedArrayView::canGetIndexQuickly):
(JSC::JSGenericTypedArrayView::canSetIndexQuickly):
(JSC::JSGenericTypedArrayView::getIndexQuicklyAsNativeValue):
(JSC::JSGenericTypedArrayView::getIndexQuicklyAsDouble):
(JSC::JSGenericTypedArrayView::getIndexQuickly):
(JSC::JSGenericTypedArrayView::setIndexQuicklyToNativeValue):
(JSC::JSGenericTypedArrayView::setIndexQuicklyToDouble):
(JSC::JSGenericTypedArrayView::setIndexQuickly):
(JSC::JSGenericTypedArrayView::canAccessRangeQuickly):
(JSC::JSGenericTypedArrayView::typedImpl):
(JSC::JSGenericTypedArrayView::createStructure):
(JSC::JSGenericTypedArrayView::info):
(JSC::toNativeTypedView):
* runtime/JSGenericTypedArrayViewConstructor.h: Added.
* runtime/JSGenericTypedArrayViewConstructorInlines.h: Added.
(JSC::::JSGenericTypedArrayViewConstructor):
(JSC::::finishCreation):
(JSC::::create):
(JSC::::createStructure):
(JSC::constructGenericTypedArrayView):
(JSC::::getConstructData):
(JSC::::getCallData):
* runtime/JSGenericTypedArrayViewInlines.h: Added.
(JSC::::JSGenericTypedArrayView):
(JSC::::create):
(JSC::::createUninitialized):
(JSC::::validateRange):
(JSC::::setWithSpecificType):
(JSC::::set):
(JSC::::getOwnPropertySlot):
(JSC::::getOwnPropertyDescriptor):
(JSC::::put):
(JSC::::defineOwnProperty):
(JSC::::deleteProperty):
(JSC::::getOwnPropertySlotByIndex):
(JSC::::putByIndex):
(JSC::::deletePropertyByIndex):
(JSC::::getOwnNonIndexPropertyNames):
(JSC::::getOwnPropertyNames):
(JSC::::visitChildren):
(JSC::::copyBackingStore):
(JSC::::slowDownAndWasteMemory):
(JSC::::getTypedArrayImpl):
* runtime/JSGenericTypedArrayViewPrototype.h: Added.
* runtime/JSGenericTypedArrayViewPrototypeInlines.h: Added.
(JSC::genericTypedArrayViewProtoFuncSet):
(JSC::genericTypedArrayViewProtoFuncSubarray):
(JSC::::JSGenericTypedArrayViewPrototype):
(JSC::::finishCreation):
(JSC::::create):
(JSC::::createStructure):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
(JSC::JSGlobalObject::visitChildren):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::arrayBufferPrototype):
(JSC::JSGlobalObject::arrayBufferStructure):
(JSC::JSGlobalObject::typedArrayStructure):
* runtime/JSInt16Array.h: Added.
* runtime/JSInt32Array.h: Added.
* runtime/JSInt8Array.h: Added.
* runtime/JSTypedArrayConstructors.cpp: Added.
* runtime/JSTypedArrayConstructors.h: Added.
* runtime/JSTypedArrayPrototypes.cpp: Added.
* runtime/JSTypedArrayPrototypes.h: Added.
* runtime/JSTypedArrays.cpp: Added.
* runtime/JSTypedArrays.h: Added.
* runtime/JSUint16Array.h: Added.
* runtime/JSUint32Array.h: Added.
* runtime/JSUint8Array.h: Added.
* runtime/JSUint8ClampedArray.h: Added.
* runtime/Operations.h:
* runtime/Options.h:
* runtime/SimpleTypedArrayController.cpp: Added.
(JSC::SimpleTypedArrayController::SimpleTypedArrayController):
(JSC::SimpleTypedArrayController::~SimpleTypedArrayController):
(JSC::SimpleTypedArrayController::toJS):
* runtime/SimpleTypedArrayController.h: Added.
* runtime/Structure.h:
(JSC::Structure::couldHaveIndexingHeader):
* runtime/StructureInlines.h:
(JSC::Structure::hasIndexingHeader):
* runtime/TypedArrayAdaptors.h: Added.
(JSC::IntegralTypedArrayAdaptor::toNative):
(JSC::IntegralTypedArrayAdaptor::toJSValue):
(JSC::IntegralTypedArrayAdaptor::toDouble):
(JSC::FloatTypedArrayAdaptor::toNative):
(JSC::FloatTypedArrayAdaptor::toJSValue):
(JSC::FloatTypedArrayAdaptor::toDouble):
(JSC::Uint8ClampedAdaptor::toNative):
(JSC::Uint8ClampedAdaptor::toJSValue):
(JSC::Uint8ClampedAdaptor::toDouble):
(JSC::Uint8ClampedAdaptor::clamp):
* runtime/TypedArrayController.cpp: Added.
(JSC::TypedArrayController::TypedArrayController):
(JSC::TypedArrayController::~TypedArrayController):
* runtime/TypedArrayController.h: Added.
* runtime/TypedArrayDescriptor.h: Removed.
* runtime/TypedArrayInlines.h: Added.
* runtime/TypedArrayType.cpp: Added.
(JSC::classInfoForType):
(WTF::printInternal):
* runtime/TypedArrayType.h: Added.
(JSC::toIndex):
(JSC::isTypedView):
(JSC::elementSize):
(JSC::isInt):
(JSC::isFloat):
(JSC::isSigned):
(JSC::isClamped):
* runtime/TypedArrays.h: Added.
* runtime/Uint16Array.h:
* runtime/Uint32Array.h:
* runtime/Uint8Array.h:
* runtime/Uint8ClampedArray.h:
* runtime/VM.cpp:
(JSC::VM::VM):
(JSC::VM::~VM):
* runtime/VM.h:
Source/WebCore:
Reviewed by Oliver Hunt.
Typed arrays are now implemented in JavaScriptCore, and WebCore is merely a
client of them. There is only one layering violation: WebCore installs a
WebCoreTypedArrayController on VM, which makes the
ArrayBuffer<->JSArrayBuffer relationship resemble DOM wrappers. By default,
JSC makes the ownership go one way; the JSArrayBuffer keeps the ArrayBuffer
alive but if ArrayBuffer is kept alive from native code then the
JSArrayByffer may die. WebCoreTypedArrayController will keep the
JSArrayBuffer alive if the ArrayBuffer is in the opaque root set.
To make non-JSDOMWrappers behave like DOM wrappers, a bunch of code is
changed to make most references to wrappers refer to JSObject* rather than
JSDOMWrapper*.
Array buffer views are now transient; the JS array buffer view wrappers
don't own them or keep them alive. This required a bunch of changes to make
bindings code use RefPtr<ArrayBufferView> to hold onto their views.
Also there is a bunch of new code to make JSC-provided array buffers and
views obey the toJS/to<ClassName> idiom for wrapping and unwrapping.
Finally, the DataView API is now completely different: the JSDataView
provides the same user-visible JS API but using its own internal magic; the
C++ code that uses DataView now uses a rather different API that is not
aware of usual DOM semantics, since it's in JSC and not WebCore. It's
equally useful for all of WebCore's purposes, but some code had to change
to adapt the new conventions.
Some tests have been changed or rebased due to changes in behavior, that
bring us into conformance with where the standards are going and allow us to
match Firefox behavior.
Automake work and some additional GTK changes courtesy of
Zan Dobersek <zdobersek@igalia.com>.
Additional Qt changes courtesy of Arunprasad Rajkumar <arurajku@cisco.com>.
* CMakeLists.txt:
* DerivedSources.make:
* ForwardingHeaders/runtime/DataView.h: Added.
* ForwardingHeaders/runtime/JSArrayBuffer.h: Added.
* ForwardingHeaders/runtime/JSArrayBufferView.h: Added.
* ForwardingHeaders/runtime/JSDataView.h: Added.
* ForwardingHeaders/runtime/JSTypedArrays.h: Added.
* ForwardingHeaders/runtime/TypedArrayController.h: Added.
* ForwardingHeaders/runtime/TypedArrayInlines.h: Added.
* ForwardingHeaders/runtime/TypedArrays.h: Added.
* GNUmakefile.list.am:
* Modules/webaudio/RealtimeAnalyser.h:
* Target.pri:
* UseJSC.cmake:
* WebCore.exp.in:
* WebCore.vcxproj/WebCore.vcxproj:
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/DOMWrapperWorld.h:
* bindings/js/JSArrayBufferCustom.cpp: Removed.
* bindings/js/JSArrayBufferViewHelper.h: Removed.
* bindings/js/JSAudioContextCustom.cpp:
* bindings/js/JSBindingsAllInOne.cpp:
* bindings/js/JSBlobCustom.cpp:
* bindings/js/JSCSSRuleCustom.cpp:
(WebCore::toJS):
* bindings/js/JSCSSValueCustom.cpp:
(WebCore::toJS):
* bindings/js/JSCryptoCustom.cpp:
(WebCore::JSCrypto::getRandomValues):
* bindings/js/JSDOMBinding.h:
(WebCore::wrapperOwner):
(WebCore::wrapperContext):
(WebCore::getInlineCachedWrapper):
(WebCore::setInlineCachedWrapper):
(WebCore::clearInlineCachedWrapper):
(WebCore::getCachedWrapper):
(WebCore::cacheWrapper):
(WebCore::uncacheWrapper):
(WebCore::wrap):
(WebCore::toJS):
(WebCore::toArrayBufferView):
(WebCore::toInt8Array):
(WebCore::toInt16Array):
(WebCore::toInt32Array):
(WebCore::toUint8Array):
(WebCore::toUint8ClampedArray):
(WebCore::toUint16Array):
(WebCore::toUint32Array):
(WebCore::toFloat32Array):
(WebCore::toFloat64Array):
(WebCore::toDataView):
* bindings/js/JSDataViewCustom.cpp: Removed.
* bindings/js/JSDictionary.cpp:
* bindings/js/JSDictionary.h:
* bindings/js/JSDocumentCustom.cpp:
(WebCore::JSDocument::location):
(WebCore::toJS):
* bindings/js/JSEventCustom.cpp:
(WebCore::toJS):
* bindings/js/JSFileReaderCustom.cpp:
* bindings/js/JSHTMLCollectionCustom.cpp:
(WebCore::toJS):
* bindings/js/JSHTMLTemplateElementCustom.cpp:
(WebCore::JSHTMLTemplateElement::content):
* bindings/js/JSImageDataCustom.cpp:
(WebCore::toJS):
* bindings/js/JSInjectedScriptHostCustom.cpp:
* bindings/js/JSMessageEventCustom.cpp:
* bindings/js/JSMessagePortCustom.cpp:
* bindings/js/JSSVGPathSegCustom.cpp:
(WebCore::toJS):
* bindings/js/JSStyleSheetCustom.cpp:
(WebCore::toJS):
* bindings/js/JSTrackCustom.cpp:
(WebCore::toJS):
* bindings/js/JSWebGLRenderingContextCustom.cpp:
* bindings/js/JSXMLHttpRequestCustom.cpp:
(WebCore::JSXMLHttpRequest::send):
* bindings/js/SerializedScriptValue.cpp:
(WebCore::SerializedScriptValue::transferArrayBuffers):
* bindings/js/WebCoreJSClientData.h:
(WebCore::initNormalWorldClientData):
* bindings/js/WebCoreTypedArrayController.cpp: Added.
(WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController):
(WebCore::WebCoreTypedArrayController::~WebCoreTypedArrayController):
(WebCore::WebCoreTypedArrayController::toJS):
(WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots):
(WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize):
* bindings/js/WebCoreTypedArrayController.h: Added.
(WebCore::WebCoreTypedArrayController::wrapperOwner):
* bindings/scripts/CodeGenerator.pm:
(ForAllParents):
(ParseInterface):
(SkipIncludeHeader):
(IsTypedArrayType):
(IsWrapperType):
* bindings/scripts/CodeGeneratorJS.pm:
(AddIncludesForType):
(GenerateHeader):
(GenerateImplementation):
(GenerateParametersCheck):
(GetNativeType):
(JSValueToNative):
(NativeToJSValue):
(GenerateConstructorDefinition):
(GenerateConstructorHelperMethods):
* fileapi/WebKitBlobBuilder.cpp:
(WebCore::BlobBuilder::append):
* fileapi/WebKitBlobBuilder.h:
* html/canvas/ArrayBuffer.idl: Removed.
* html/canvas/ArrayBufferView.idl: Removed.
* html/canvas/DataView.cpp: Removed.
* html/canvas/DataView.h: Removed.
* html/canvas/DataView.idl: Removed.
* html/canvas/Float32Array.idl: Removed.
* html/canvas/Float64Array.idl: Removed.
* html/canvas/Int16Array.idl: Removed.
* html/canvas/Int32Array.idl: Removed.
* html/canvas/Int8Array.idl: Removed.
* html/canvas/Uint16Array.idl: Removed.
* html/canvas/Uint32Array.idl: Removed.
* html/canvas/Uint8Array.idl: Removed.
* html/canvas/Uint8ClampedArray.idl: Removed.
* html/canvas/WebGLRenderingContext.cpp:
(WebCore::WebGLRenderingContext::readPixels):
(WebCore::WebGLRenderingContext::validateTexFuncData):
* page/Crypto.cpp:
* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
(WebCore::MediaPlayerPrivateAVFoundationObjC::shouldWaitForLoadingOfResource):
(WebCore::MediaPlayerPrivateAVFoundationObjC::extractKeyURIKeyIDAndCertificateFromInitData):
* platform/graphics/filters/FECustomFilter.h:
* platform/graphics/filters/FEGaussianBlur.cpp:
* platform/graphics/filters/FilterEffect.cpp:
* testing/MockCDM.cpp:
Source/WebKit2:
Reviewed by Oliver Hunt.
You don't need to include JSUint8Array anymore if you just want to
unwrap one; JSDOMBinding gives you all of the things you need.
* WebProcess/InjectedBundle/InjectedBundle.cpp:
Source/WTF:
Reviewed by Oliver Hunt.
- Added the notion of a reference counted object that can be marked Deferred,
which is like a special-purpose upref.
- Added a common byte flipper.
Automake work courtesy of Zan Dobersek <zdobersek@igalia.com>.
* GNUmakefile.list.am:
* WTF.xcodeproj/project.pbxproj:
* wtf/DeferrableRefCounted.h: Added.
(WTF::DeferrableRefCountedBase::ref):
(WTF::DeferrableRefCountedBase::hasOneRef):
(WTF::DeferrableRefCountedBase::refCount):
(WTF::DeferrableRefCountedBase::isDeferred):
(WTF::DeferrableRefCountedBase::DeferrableRefCountedBase):
(WTF::DeferrableRefCountedBase::~DeferrableRefCountedBase):
(WTF::DeferrableRefCountedBase::derefBase):
(WTF::DeferrableRefCountedBase::setIsDeferredBase):
(WTF::DeferrableRefCounted::deref):
(WTF::DeferrableRefCounted::setIsDeferred):
(WTF::DeferrableRefCounted::DeferrableRefCounted):
(WTF::DeferrableRefCounted::~DeferrableRefCounted):
* wtf/FlipBytes.h: Added.
(WTF::needToFlipBytesIfLittleEndian):
(WTF::flipBytes):
(WTF::flipBytesIfLittleEndian):
LayoutTests:
Reviewed by Oliver Hunt.
* fast/canvas/webgl/array-set-invalid-arguments-expected.txt:
* fast/canvas/webgl/array-set-out-of-bounds-expected.txt:
* fast/canvas/webgl/array-unit-tests-expected.txt:
* fast/canvas/webgl/array-unit-tests.html:
* fast/canvas/webgl/data-view-crash-expected.txt:
* fast/canvas/webgl/script-tests/arraybuffer-transfer-of-control.js:
(checkView):
* fast/dom/call-a-constructor-as-a-function-expected.txt:
* fast/dom/call-a-constructor-as-a-function.html:
* fast/js/constructor-length.html:
* fast/js/global-constructors-attributes-dedicated-worker-expected.txt:
* fast/js/global-constructors-attributes-expected.txt:
* fast/js/global-constructors-attributes-shared-worker-expected.txt:
* fast/js/regress/ArrayBuffer-Int8Array-alloc-expected.txt: Added.
* fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived-expected.txt: Added.
* fast/js/regress/ArrayBuffer-Int8Array-alloc-huge-long-lived.html: Added.
* fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived-expected.txt: Added.
* fast/js/regress/ArrayBuffer-Int8Array-alloc-large-long-lived.html: Added.
* fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer-expected.txt: Added.
* fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-buffer.html: Added.
* fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived-expected.txt: Added.
* fast/js/regress/ArrayBuffer-Int8Array-alloc-long-lived.html: Added.
* fast/js/regress/ArrayBuffer-Int8Array-alloc.html: Added.
* fast/js/regress/Int32Array-Int8Array-view-alloc-expected.txt: Added.
* fast/js/regress/Int32Array-Int8Array-view-alloc.html: Added.
* fast/js/regress/Int32Array-alloc-expected.txt: Added.
* fast/js/regress/Int32Array-alloc-huge-expected.txt: Added.
* fast/js/regress/Int32Array-alloc-huge-long-lived-expected.txt: Added.
* fast/js/regress/Int32Array-alloc-huge-long-lived.html: Added.
* fast/js/regress/Int32Array-alloc-huge.html: Added.
* fast/js/regress/Int32Array-alloc-large-expected.txt: Added.
* fast/js/regress/Int32Array-alloc-large-long-lived-expected.txt: Added.
* fast/js/regress/Int32Array-alloc-large-long-lived.html: Added.
* fast/js/regress/Int32Array-alloc-large.html: Added.
* fast/js/regress/Int32Array-alloc-long-lived-expected.txt: Added.
* fast/js/regress/Int32Array-alloc-long-lived.html: Added.
* fast/js/regress/Int32Array-alloc.html: Added.
* fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-huge-long-lived.js: Added.
* fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-large-long-lived.js: Added.
* fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived-buffer.js: Added.
* fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc-long-lived.js: Added.
* fast/js/regress/script-tests/ArrayBuffer-Int8Array-alloc.js: Added.
* fast/js/regress/script-tests/Int32Array-Int8Array-view-alloc.js: Added.
* fast/js/regress/script-tests/Int32Array-alloc-huge-long-lived.js: Added.
* fast/js/regress/script-tests/Int32Array-alloc-huge.js: Added.
* fast/js/regress/script-tests/Int32Array-alloc-large-long-lived.js: Added.
* fast/js/regress/script-tests/Int32Array-alloc-large.js: Added.
* fast/js/regress/script-tests/Int32Array-alloc-long-lived.js: Added.
* fast/js/regress/script-tests/Int32Array-alloc.js: Added.
* platform/mac/fast/js/constructor-length-expected.txt:
* webgl/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html:
* webgl/resources/webgl_test_files/conformance/typedarrays/data-view-test.html:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/JavaScriptCore/runtime/Structure.h b/Source/JavaScriptCore/runtime/Structure.h
index b396dd8..7ff7974 100644
--- a/Source/JavaScriptCore/runtime/Structure.h
+++ b/Source/JavaScriptCore/runtime/Structure.h
@@ -230,13 +230,11 @@
bool couldHaveIndexingHeader() const
{
- return hasIndexedProperties(indexingType());
+ return hasIndexedProperties(indexingType())
+ || isTypedView(m_classInfo->typedArrayStorageType);
}
- bool hasIndexingHeader(const JSCell*) const
- {
- return hasIndexedProperties(indexingType());
- }
+ bool hasIndexingHeader(const JSCell*) const;
bool masqueradesAsUndefined(JSGlobalObject* lexicalGlobalObject);
