RESOLVED FIXED 180084
[JSC] Use JSFixedArray for op_new_array_buffer 
https://bugs.webkit.org/show_bug.cgi?id=180084
Summary [JSC] Use JSFixedArray for op_new_array_buffer
Yusuke Suzuki
Reported 2017-11-28 08:58:25 PST
[JSC] Use JSFixedArray for op_new_array_buffer
Attachments
Patch (56.46 KB, patch)
2017-11-28 09:06 PST, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (57.86 KB, patch)
2017-11-28 09:24 PST, Yusuke Suzuki 		saam: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2017-11-28 09:06:14 PST
Created attachment 327754 [details] Patch
Yusuke Suzuki
Comment 2 2017-11-28 09:24:09 PST
Created attachment 327757 [details] Patch
Saam Barati
Comment 3 2017-11-30 22:32:38 PST
Comment on attachment 327757 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=327757&action=review r=me. This is a nice cleanup! > Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:3958 > + m_jit.store32(Imm32(u.halves[0]), MacroAssembler::Address(storageGPR, sizeof(JSValue) * index)); > + m_jit.store32(Imm32(u.halves[1]), MacroAssembler::Address(storageGPR, sizeof(JSValue) * index + sizeof(int32_t))); I know this is old code you're modifying, but it feels outdated. Why not just use EncodedJSValue, and do this in terms of JSValue::tag()/JSValue::payload() and their offsets? > Source/JavaScriptCore/runtime/JSFixedArray.h:65 > + static JSFixedArray* create(VM& vm, unsigned length) > + { > + auto* array = tryCreate(vm, vm.fixedArrayStructure.get(), length); > + RELEASE_ASSERT(array); > + return array; > + } It's unfortunate that this might make the bytecode generator crash. Maybe you can use tryCreate, and if it fails, you can just emit throwing an OOM exception in bytecode? Or if the bytecode generator itself has a way of throwing an exception? Maybe it's not worth it though. I'll let you decide if you think we should do it. Or we can make it a FIXME
Yusuke Suzuki
Comment 4 2017-12-01 00:00:30 PST
Comment on attachment 327757 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=327757&action=review >> Source/JavaScriptCore/runtime/JSFixedArray.h:65 >> + } > > It's unfortunate that this might make the bytecode generator crash. Maybe you can use tryCreate, and if it fails, you can just emit throwing an OOM exception in bytecode? Or if the bytecode generator itself has a way of throwing an exception? > > Maybe it's not worth it though. I'll let you decide if you think we should do it. Or we can make it a FIXME Currently we do not have consistent mechanism to throw an OOM error for bytecode generation. I think we should have this. But I think this should be done in a separate patch.
Yusuke Suzuki
Comment 5 2017-12-01 00:12:48 PST
Comment on attachment 327757 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=327757&action=review >> Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:3958 >> + m_jit.store32(Imm32(u.halves[1]), MacroAssembler::Address(storageGPR, sizeof(JSValue) * index + sizeof(int32_t))); > > I know this is old code you're modifying, but it feels outdated. Why not just use EncodedJSValue, and do this in terms of JSValue::tag()/JSValue::payload() and their offsets? In the case of ArrayWithDouble, we would like to store double value (as int64_t) instead of EncodedJSValue. That's why we use this style.
Yusuke Suzuki
Comment 6 2017-12-01 00:18:45 PST
Committed r225385: <https://trac.webkit.org/changeset/225385>
Radar WebKit Bug Importer
Comment 7 2017-12-01 00:20:36 PST
<rdar://problem/35792563>
Note You need to log in before you can comment on or make changes to this bug.