Bug 176449

My plan is 1. Making JSArrayBuffer thing like JSArrayBufferView 2. TypedArray has a mode pointing JSArrayBuffer.

I'll add JSArrayBufferBase, which is the current JSArrayBufferView. And JSArrayBufferView will inherit this JSArrayBufferBase. And JSArrayBuffer will use JSArrayBufferBase for its implementation. And it may have fast allocation. And We also add a new mode to JSArrayBufferBase, which holds JSArrayBuffer's reference.

(In reply to Yusuke Suzuki from comment #2) > I'll add JSArrayBufferBase, which is the current JSArrayBufferView. > And JSArrayBufferView will inherit this JSArrayBufferBase. > > And JSArrayBuffer will use JSArrayBufferBase for its implementation. And it > may have fast allocation. > > And We also add a new mode to JSArrayBufferBase, which holds JSArrayBuffer's > reference. Hmm, once ArrayBuffer is shared between multiple views, we need to materialize it...

(In reply to Yusuke Suzuki from comment #1) > My plan is > > 1. Making JSArrayBuffer thing like JSArrayBufferView > 2. TypedArray has a mode pointing JSArrayBuffer. How do you plan to support neutering? How do you plan to support some of the other weird stuff the DOM can do?

It might be useful to identify exactly what about the current array buffer creation is slow. Is it malloc? Is it then GC? Just that it’s not inlined?

Following is rough sketch. I'm still considering the possible design. (In reply to Filip Pizlo from comment #4) > (In reply to Yusuke Suzuki from comment #1) > > My plan is > > > > 1. Making JSArrayBuffer thing like JSArrayBufferView > > 2. TypedArray has a mode pointing JSArrayBuffer. > > How do you plan to support neutering? JSArrayBuffer knows about neutering state. (pointer may become nullptr). And typed arrays using this buffer also know this state since they holds the reference to this JSArrayBuffer*. > > How do you plan to support some of the other weird stuff the DOM can do? Now I'm exploring the possible designs right now :D One thing I come up with is that ArrayBuffer holds strong ref to AuxiliarySpace for fast ArrayBuffer allocation. Since ArrayBuffer's auxiliary space just holds byte sequence, no cyclic reference occurs. And now auxiliary space is not moved, holding the pointer to this space in the other typed arrays is safe. var buffer = new ArrayBuffer(...); var a = new Uint8Array(buffer); var b = new Uint8Array(buffer); // a and b just points to JSArrayBuffer's buffer with usual WriteBarrier<>. a and b has void* vector to buffer's underlying data. But this pointer will not be changed. // a and b can know whether the underlying buffer is neutered since a and b have reference to buffer. And buffer knows it. // Some DOM ops. We get Ref<ArrayBuffer> from buffer. At that time, Ref<ArrayBuffer> can hold strong ref to auxiliary buffer allocated for JS buffer.

(In reply to Filip Pizlo from comment #5) > It might be useful to identify exactly what about the current array buffer > creation is slow. Is it malloc? Is it then GC? Just that it’s not inlined? Yeah, good point. I'm seeing that ArrayBuffer construction is frequently shown in sampling profiler result for zlib. I need to look into it more carefully to see what is costly. Possibly I think redesign of ArrayBuffer can reduce the several cost. 1. Inlining ArrayBuffer allocation If we can just use NewTypedArray like thing, we can allocate it inlinely. 2. Do fast allocation for ArrayBuffer We can allocate ArrayBuffer in a fast way by using auxiliary allocation if the buffer size is small. Currently, zlib uses `new ArrayBuffer`. It always allocates JSArrayBuffer with C++ ArrayBuffer. 3. Introducing NewTypedArray(ArrayBufferUse) with complete inlining allocation If typed array can just hold the ref to JSArrayBuffer (and setup vector pointer etc.), we can inline this pattern too. (and the actual operation also becomes very cheap).