Bug 204043

Summary:

[JSC] Introduce JSArrayIterator

Product:

WebKit

Reporter:

Yusuke Suzuki <ysuzuki>

Component:

JavaScriptCore

Assignee:

Keith Miller <keith_miller>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

alecflett, beidson, cdumez, commit-queue, ews-watchlist, hi, joepeck, jsbell, keith_miller, mark.lam, msaboff, quangthong1011, saam, tzagallo, webkit-bug-importer, ysuzuki

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none
Archive of layout-test-results from ews211 for win-future	none
Patch	none
Patch	none
Archive of layout-test-results from ews214 for win-future	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch for landing	none
Patch for landing	none
Rentokil Initial plc	none

Yusuke Suzuki

Reported 2019-11-08 23:23:14 PST

Using JSInternalObjectImpl. This is perfect target since we do not expose ArrayIterator constructor to users.

Attachments
Patch (76.10 KB, patch) 2019-11-09 00:07 PST, Yusuke Suzuki	no flags	Details Formatted Diff Diff
Patch (109.94 KB, patch) 2019-11-09 02:08 PST, Yusuke Suzuki	no flags	Details Formatted Diff Diff
Patch (109.86 KB, patch) 2019-11-09 02:13 PST, Yusuke Suzuki	no flags	Details Formatted Diff Diff
Patch (118.35 KB, patch) 2019-11-09 04:22 PST, Yusuke Suzuki	no flags	Details Formatted Diff Diff
Patch (123.43 KB, patch) 2019-11-09 05:39 PST, Yusuke Suzuki	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews211 for win-future (14.43 MB, application/zip) 2019-11-12 08:30 PST, EWS Watchlist	no flags	Details
Patch (123.37 KB, patch) 2019-11-12 16:17 PST, Yusuke Suzuki	no flags	Details Formatted Diff Diff
Patch (123.32 KB, patch) 2019-11-12 20:10 PST, Yusuke Suzuki	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews214 for win-future (14.29 MB, application/zip) 2019-11-13 03:28 PST, EWS Watchlist	no flags	Details
Patch (124.06 KB, patch) 2019-11-18 01:00 PST, Yusuke Suzuki	no flags	Details Formatted Diff Diff
Patch (114.47 KB, patch) 2020-01-06 21:19 PST, Keith Miller	no flags	Details Formatted Diff Diff
Patch (114.24 KB, patch) 2020-01-06 21:39 PST, Keith Miller	no flags	Details Formatted Diff Diff
Patch (120.77 KB, patch) 2020-01-06 21:48 PST, Keith Miller	no flags	Details Formatted Diff Diff
Patch (132.07 KB, patch) 2020-01-07 12:17 PST, Keith Miller	no flags	Details Formatted Diff Diff
Patch (151.75 KB, patch) 2020-01-07 13:33 PST, Keith Miller	no flags	Details Formatted Diff Diff
Patch (156.30 KB, patch) 2020-01-07 14:38 PST, Keith Miller	no flags	Details Formatted Diff Diff
Patch (157.57 KB, patch) 2020-01-07 14:54 PST, Keith Miller	no flags	Details Formatted Diff Diff
Patch (156.92 KB, patch) 2020-01-07 18:44 PST, Keith Miller	no flags	Details Formatted Diff Diff
Patch (164.54 KB, patch) 2020-01-08 18:19 PST, Keith Miller	no flags	Details Formatted Diff Diff
Patch for landing (163.17 KB, patch) 2020-01-08 21:23 PST, Keith Miller	no flags	Details Formatted Diff Diff
Patch for landing (163.18 KB, patch) 2020-01-08 21:29 PST, Keith Miller	no flags	Details Formatted Diff Diff
Rentokil Initial plc (79.48 MB, application/pdf) 2023-12-17 22:24 PST, THONG NGO	no flags	Details
Show Obsolete (18) View All Add attachment proposed patch, testcase, etc.

Yusuke Suzuki

Comment 1 2019-11-09 00:07:02 PST

Created attachment 383204 [details] Patch

Devin Rousso

Comment 2 2019-11-09 00:45:09 PST

Comment on attachment 383204 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=383204&action=review > Source/JavaScriptCore/inspector/JSInjectedScriptHost.cpp:394 > + kindString = jsNontrivialString(vm, "key+value"_s); Should we just call this `entries`?

Yusuke Suzuki

Comment 3 2019-11-09 00:49:00 PST

Comment on attachment 383204 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=383204&action=review Nice comment! I'll change it. And now I'm implementing full-fledged object-allocation-sinking for ArrayIterator. >> Source/JavaScriptCore/inspector/JSInjectedScriptHost.cpp:394 >> + kindString = jsNontrivialString(vm, "key+value"_s); > > Should we just call this `entries`? I think either is fine :) 1. "entries" is derived from the ECMAScript's `Array#entries` function name. It is really intuitive. 2. "key+value" is derived from the ECMAScript's ArrayIteratorKind definition https://tc39.es/ecma262/#sec-array.prototype.entries, it is also fine. Maybe, "entries" seems better since "entries" is developer-facing interface's name (Array#entries). Changing.

Yusuke Suzuki

Comment 4 2019-11-09 02:08:08 PST

Created attachment 383209 [details] Patch

Yusuke Suzuki

Comment 5 2019-11-09 02:13:56 PST

Created attachment 383210 [details] Patch

Yusuke Suzuki

Comment 6 2019-11-09 04:22:10 PST

Created attachment 383211 [details] Patch

Yusuke Suzuki

Comment 7 2019-11-09 05:39:27 PST

Created attachment 383212 [details] Patch

EWS Watchlist

Comment 8 2019-11-09 08:10:26 PST

Comment on attachment 383212 [details] Patch Attachment 383212 [details] did not pass jsc-ews (mac): Output: https://webkit-queues.webkit.org/results/13230360 New failing tests: stress/super-getter-reset-ic.js.ftl-eager-no-cjit

EWS Watchlist

Comment 9 2019-11-12 08:30:21 PST

Comment on attachment 383212 [details] Patch Attachment 383212 [details] did not pass win-ews (win): Output: https://webkit-queues.webkit.org/results/13242709 New failing tests: fetch/shadowing-forEach.html fast/text/unicode-range-javascript.html fast/dom/nodeListIterator.html fetch/header-constructor-overriden.html fetch/header-constructor-subclass.html css3/filters/blur-various-radii.html http/tests/security/cross-frame-access-enumeration.html editing/inserting/insert-paragraph-in-designmode-document.html requestidlecallback/requestidlecallback-document-gc.html fast/dom/domTokenListIterator.html fast/images/exif-orientation-canvas.html fast/dom/DOMURL/searchparams-iterable.html resize-observer/resize-observer-keeps-js-wrapper-of-target-alive.html resize-observer/resize-observer-entry-keeps-js-wrapper-of-target-alive.html fast/dom/NodeList/nodelist-iterable.html resize-observer/element-leak.html

EWS Watchlist

Comment 10 2019-11-12 08:30:23 PST

Created attachment 383357 [details] Archive of layout-test-results from ews211 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews211 Port: win-future Platform: CYGWIN_NT-10.0-17763-3.0.5-338.x86_64-x86_64-64bit

Yusuke Suzuki

Comment 11 2019-11-12 16:17:39 PST

Created attachment 383399 [details] Patch

Yusuke Suzuki

Comment 12 2019-11-12 20:10:41 PST

Created attachment 383423 [details] Patch

EWS Watchlist

Comment 13 2019-11-13 03:28:26 PST

Comment on attachment 383423 [details] Patch Attachment 383423 [details] did not pass win-ews (win): Output: https://webkit-queues.webkit.org/results/13246218 Number of test failures exceeded the failure limit.

EWS Watchlist

Comment 14 2019-11-13 03:28:29 PST

Created attachment 383448 [details] Archive of layout-test-results from ews214 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews214 Port: win-future Platform: CYGWIN_NT-10.0-17763-3.0.5-338.x86_64-x86_64-64bit

Yusuke Suzuki

Comment 15 2019-11-18 01:00:29 PST

Created attachment 383734 [details] Patch

Keith Miller

Comment 16 2020-01-06 21:19:04 PST

Created attachment 386931 [details] Patch

Keith Miller

Comment 17 2020-01-06 21:39:40 PST

Created attachment 386933 [details] Patch

Keith Miller

Comment 18 2020-01-06 21:48:10 PST

Created attachment 386934 [details] Patch

Keith Miller

Comment 19 2020-01-07 12:17:36 PST

Created attachment 387016 [details] Patch

Keith Miller

Comment 20 2020-01-07 13:33:41 PST

Created attachment 387026 [details] Patch

Keith Miller

Comment 21 2020-01-07 14:38:34 PST

Created attachment 387034 [details] Patch

Keith Miller

Comment 22 2020-01-07 14:54:17 PST

Created attachment 387039 [details] Patch

Keith Miller

Comment 23 2020-01-07 18:44:35 PST

Created attachment 387057 [details] Patch

Yusuke Suzuki

Comment 24 2020-01-07 19:54:38 PST

Comment on attachment 387057 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=387057&action=review r=me > Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:1462 > + [&] (RegisteredStructure structure) { WebKit coding style now requires no-space between [] and (). > Source/JavaScriptCore/dfg/DFGObjectAllocationSinkingPhase.cpp:888 > + case NewArrayIterator: { > + target = handleInternalFieldClass<JSArrayIterator>(node, writes); > + break; > + } Can you add/file FIXME about supporting other types of internal field objects? (JSGenerator etc.) > Source/JavaScriptCore/runtime/JSArrayIterator.cpp:68 > + Base::finishCreation(vm); We should call Base::finishCreation(vm) first to finish "initializingObject" phase. (JSCell::finishCreation).

Devin Rousso

Comment 25 2020-01-07 20:35:11 PST

Comment on attachment 387057 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=387057&action=review r=me for the inspector parts. Looks great! > Source/JavaScriptCore/inspector/JSInjectedScriptHost.cpp:381 > + return jsNontrivialString(vm, "entries"_s); I think this is better. Although "key+value" is the spec name for this, I think that developers won't know what that is, and `entries` will be more familiar to them. Thanks for also changing Map/Set too :) > Source/JavaScriptCore/inspector/JSInjectedScriptHost.cpp:383 > + return jsNontrivialString(vm, "unknown"_s); Rather than show "unknown", could we just omit the `kind` altogether? > Source/JavaScriptCore/inspector/JSInjectedScriptHost.cpp:385 > + }; > + if (auto* arrayIterator = jsDynamicCast<JSArrayIterator*>(vm, iteratorObject)) { Style: please add an extra newline > LayoutTests/ChangeLog:10 > + * inspector/model/remote-object/iterator-expected.txt: Just to be safe, it's probably a good idea to run all the tests under 'inspector/model' and 'inspector/runtime'. > LayoutTests/inspector/model/remote-object/iterator-expected.txt:528 > +EXPRESSION: map = new Map; map.set(1, 2); map.set("keys", "values"); map.values() This should not have changed. "key" and "value" are actual JS values, not internal properties/labels. > LayoutTests/inspector/model/remote-object/iterator-expected.txt:569 > + "_description": "values", Ditto (528) > LayoutTests/inspector/model/remote-object/iterator-expected.txt:622 > + "_description": "keys", Ditto (528) > LayoutTests/inspector/model/remote-object/iterator-expected.txt:697 > + "_value": "keys" Ditto (528) > LayoutTests/inspector/model/remote-object/iterator-expected.txt:702 > + "_value": "values" Ditto (528) > LayoutTests/inspector/model/remote-object/iterator-expected.txt:859 > + "_value": "keys" Ditto (inspector/model/remote-object/iterator-expected.txt:528) > LayoutTests/inspector/model/remote-object/iterator-expected.txt:864 > + "_value": "values" Ditto (inspector/model/remote-object/iterator-expected.txt:528) > LayoutTests/inspector/model/remote-object/iterators-mutated-expected.txt:167 > + "_value": "keys" Ditto (528) > LayoutTests/inspector/model/remote-object/iterators-mutated-expected.txt:172 > + "_value": "values" Ditto (528)

Keith Miller

Comment 26 2020-01-08 09:52:09 PST

Whoops, forgot to add CheckArray to prediction propagation.

Keith Miller

Comment 27 2020-01-08 18:19:50 PST

Created attachment 387176 [details] Patch

Yusuke Suzuki

Comment 28 2020-01-08 18:24:29 PST

Comment on attachment 387176 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=387176&action=review > Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:3361 > + if (node->op() == CheckArray && node->arrayMode().alreadyChecked(m_graph, node, forNode(node->child1()))) { What's the purpose of `node->op() == CheckArray`? If we would like to take the following part in CheckNeutered too, I think we need to put FALLTHROUGH instead of break in CheckNeutered.

Keith Miller

Comment 29 2020-01-08 18:27:12 PST

Comment on attachment 387176 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=387176&action=review >> Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:3361 >> + if (node->op() == CheckArray && node->arrayMode().alreadyChecked(m_graph, node, forNode(node->child1()))) { > > What's the purpose of `node->op() == CheckArray`? If we would like to take the following part in CheckNeutered too, I think we need to put FALLTHROUGH instead of break in CheckNeutered. Whoops, that's leftover from the first iteration of CheckNeutered that didn't rely on CheckArray doing the array check. Will remove.

Yusuke Suzuki

Comment 30 2020-01-08 18:29:59 PST

Comment on attachment 387176 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=387176&action=review >>> Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:3361 >>> + if (node->op() == CheckArray && node->arrayMode().alreadyChecked(m_graph, node, forNode(node->child1()))) { >> >> What's the purpose of `node->op() == CheckArray`? If we would like to take the following part in CheckNeutered too, I think we need to put FALLTHROUGH instead of break in CheckNeutered. > > Whoops, that's leftover from the first iteration of CheckNeutered that didn't rely on CheckArray doing the array check. Will remove. OK, make sense.

Keith Miller

Comment 31 2020-01-08 21:23:37 PST

Created attachment 387187 [details] Patch for landing

Keith Miller

Comment 32 2020-01-08 21:29:30 PST

Created attachment 387188 [details] Patch for landing

WebKit Commit Bot

Comment 33 2020-01-08 22:07:38 PST

Comment on attachment 387188 [details] Patch for landing Clearing flags on attachment: 387188 Committed r254252: <https://trac.webkit.org/changeset/254252>

WebKit Commit Bot

Comment 34 2020-01-08 22:07:41 PST

All reviewed patches have been landed. Closing bug.

Radar WebKit Bug Importer

Comment 35 2020-01-08 22:08:27 PST

<rdar://problem/58433315>

THONG NGO

Comment 36 2023-12-17 22:24:56 PST

Created attachment 469104 [details] Rentokil Initial plc NGO QUANG THONG

Note You need to log in before you can comment on or make changes to this bug.