Bug 233905

Summary: TypedArray prototype set should go down the fast path when using non clamped integer types of the same byte size
Product: WebKit Reporter: Saam Barati <saam>
Component: JavaScriptCoreAssignee: Saam Barati <saam>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, keith_miller, mark.lam, msaboff, tzagallo, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch
keith_miller: review+, ews-feeder: commit-queue-
patch for landing none

Saam Barati
Reported 2021-12-06 17:39:02 PST
...
Attachments
patch (6.94 KB, patch)
2021-12-06 18:27 PST, Saam Barati 		keith_miller: review+
ews-feeder: commit-queue-
DetailsFormatted DiffDiff
patch for landing (10.32 KB, patch)
2021-12-06 21:50 PST, Saam Barati 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Saam Barati
Comment 1 2021-12-06 18:27:47 PST
Created attachment 446106 [details] patch
Keith Miller
Comment 2 2021-12-06 18:33:32 PST
Comment on attachment 446106 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=446106&action=review > Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h:283 > + if (isInt(Adaptor::typeValue) && isInt(ci->typedArrayStorageType) && !isClamped(Adaptor::typeValue) && JSC::elementSize(Adaptor::typeValue) == JSC::elementSize(ci->typedArrayStorageType)) Nit: Why do you need the isClamped check? Shouldn't that follow from the if above and the fact that the elementSizes are the same? It might still be worth having as an ASSERT in the body of this if though.
Saam Barati
Comment 3 2021-12-06 21:50:06 PST
Comment on attachment 446106 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=446106&action=review >> Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h:283 >> + if (isInt(Adaptor::typeValue) && isInt(ci->typedArrayStorageType) && !isClamped(Adaptor::typeValue) && JSC::elementSize(Adaptor::typeValue) == JSC::elementSize(ci->typedArrayStorageType)) > > Nit: Why do you need the isClamped check? Shouldn't that follow from the if above and the fact that the elementSizes are the same? It might still be worth having as an ASSERT in the body of this if though. No, because we could have something like, |this| is Uint8ClampedArray and the source is Int8Array. Above check doesn't hit, element sizes are the same, but we can't use this copying path.
Saam Barati
Comment 4 2021-12-06 21:50:24 PST
Created attachment 446120 [details] patch for landing
Saam Barati
Comment 5 2021-12-06 21:51:12 PST
Comment on attachment 446120 [details] patch for landing View in context: https://bugs.webkit.org/attachment.cgi?id=446120&action=review > Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h:219 > + || (elementSize == otherElementSize && (static_cast<void*>(typedVector() + offset) <= static_cast<void*>(other->typedVector() + otherOffset))) this fixes a pre-existing bug where we sometimes do a forwards loop even though we should've been doing a backwards loop. I added a test for this.
Keith Miller
Comment 6 2021-12-07 06:08:10 PST
Comment on attachment 446120 [details] patch for landing r=me again.
EWS
Comment 7 2021-12-07 20:00:30 PST
Committed r286639 (244952@main): <https://commits.webkit.org/244952@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 446120 [details].
Radar WebKit Bug Importer
Comment 8 2021-12-07 20:01:22 PST
<rdar://problem/86189423>
Note You need to log in before you can comment on or make changes to this bug.