Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 7a292520f6b12e8d4d9001d1480474b5c83cb0f8
https://github.com/WebKit/WebKit/commit/7a292520f6b12e8d4d9001d1480474b5c83cb0f8
Author: Yusuke Suzuki <ysuz...@apple.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M JSTests/test262/config.yaml
M JSTests/test262/expectations.yaml
M Source/JavaScriptCore/CMakeLists.txt
M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M Source/JavaScriptCore/Sources.txt
M Source/JavaScriptCore/bytecode/AccessCase.cpp
M Source/JavaScriptCore/bytecode/ExitKind.cpp
M Source/JavaScriptCore/bytecode/ExitKind.h
M Source/JavaScriptCore/dfg/DFGOperations.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
M Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
M Source/JavaScriptCore/heap/StructureAlignedMemoryAllocator.cpp
M Source/JavaScriptCore/jit/AssemblyHelpers.cpp
M Source/JavaScriptCore/jit/IntrinsicEmitter.cpp
M Source/JavaScriptCore/jsc.cpp
M Source/JavaScriptCore/llint/LowLevelInterpreter.asm
M Source/JavaScriptCore/llint/WebAssembly.asm
M Source/JavaScriptCore/runtime/ArrayBuffer.cpp
M Source/JavaScriptCore/runtime/ArrayBuffer.h
A Source/JavaScriptCore/runtime/BufferMemoryHandle.cpp
A Source/JavaScriptCore/runtime/BufferMemoryHandle.h
M Source/JavaScriptCore/runtime/CommonIdentifiers.h
M Source/JavaScriptCore/runtime/JSArrayBufferConstructor.cpp
M Source/JavaScriptCore/runtime/JSArrayBufferPrototype.cpp
M Source/JavaScriptCore/runtime/JSArrayBufferView.cpp
M Source/JavaScriptCore/runtime/JSArrayBufferView.h
M Source/JavaScriptCore/runtime/JSArrayBufferViewInlines.h
M Source/JavaScriptCore/runtime/JSCJSValue.h
M Source/JavaScriptCore/runtime/JSCJSValueInlines.h
M Source/JavaScriptCore/runtime/JSGenericTypedArrayView.h
M Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructorInlines.h
M Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h
A Source/JavaScriptCore/runtime/MemoryMode.cpp
A Source/JavaScriptCore/runtime/MemoryMode.h
M Source/JavaScriptCore/runtime/OptionsList.h
A Source/JavaScriptCore/runtime/PageCount.cpp
A Source/JavaScriptCore/runtime/PageCount.h
M Source/JavaScriptCore/runtime/StructureInlines.h
M Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp
M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp
M Source/JavaScriptCore/wasm/WasmCallee.h
M Source/JavaScriptCore/wasm/WasmCalleeGroup.cpp
M Source/JavaScriptCore/wasm/WasmCalleeGroup.h
M Source/JavaScriptCore/wasm/WasmFormat.h
M Source/JavaScriptCore/wasm/WasmMemory.cpp
M Source/JavaScriptCore/wasm/WasmMemory.h
M Source/JavaScriptCore/wasm/WasmMemoryInformation.h
R Source/JavaScriptCore/wasm/WasmMemoryMode.cpp
R Source/JavaScriptCore/wasm/WasmMemoryMode.h
M Source/JavaScriptCore/wasm/WasmModule.cpp
M Source/JavaScriptCore/wasm/WasmModule.h
M Source/JavaScriptCore/wasm/WasmOperations.cpp
R Source/JavaScriptCore/wasm/WasmPageCount.cpp
R Source/JavaScriptCore/wasm/WasmPageCount.h
M Source/JavaScriptCore/wasm/js/JSToWasm.cpp
M Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp
M Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h
M Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.cpp
M Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.h
M Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h
M Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp
M Source/JavaScriptCore/wasm/js/WebAssemblyMemoryConstructor.cpp
M Source/JavaScriptCore/wasm/js/WebAssemblyMemoryPrototype.cpp
M Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp
M Source/WTF/wtf/OSAllocator.h
M Source/WTF/wtf/posix/OSAllocatorPOSIX.cpp
M Source/WTF/wtf/win/OSAllocatorWin.cpp
M Source/WebCore/bindings/js/SerializedScriptValue.cpp
M Source/WebCore/bindings/js/SerializedScriptValue.h
Log Message:
-----------
[JSC] Implement growable SharedArrayBuffer part 1
https://bugs.webkit.org/show_bug.cgi?id=247541
rdar://102006760
Reviewed by Mark Lam.
This patch adds first patch for growable SharedArrayBuffer. This patch does
not add TypedArray's length tracking (when backing ArrayBuffer is resized,
then TypedArray's length needs to be changed too).
1. We extract Wasm::MemoryHandle to runtime to use it for non wasm. This offers
growable memory infrastructure since it was used for growable shared
Wasm::Memory.
This also requires moving MemoryMode, MemorySharingMode, and PageCount from
wasm to runtime.
2. We add resizable TypedArrayTypes, and currently DFG does OSR exit when we
encounter it.
We also change it from uint32_t to uint8_t to make room in TypedArray to
have more information.
3. This patch adds growable SharedArrayBuffer's methods.
4. We add OSAllocator::protect to make (1) work on Windows too.
* JSTests/test262/config.yaml:
* JSTests/test262/expectations.yaml:
* JSTests/wasm/stress/shared-wasm-memory-buffer.js:
* Source/JavaScriptCore/CMakeLists.txt:
* Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
* Source/JavaScriptCore/Sources.txt:
* Source/JavaScriptCore/bytecode/AccessCase.cpp:
(JSC::AccessCase::generateWithGuard):
* Source/JavaScriptCore/bytecode/ExitKind.cpp:
(JSC::exitKindToString):
* Source/JavaScriptCore/bytecode/ExitKind.h:
* Source/JavaScriptCore/dfg/DFGOperations.cpp:
(JSC::DFG::newTypedArrayWithSize):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::jumpForTypedArrayOutOfBounds):
(JSC::DFG::SpeculativeJIT::jumpForTypedArrayIsDetachedIfOutOfBounds):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compileGetTypedArrayLengthAsInt52):
(JSC::DFG::SpeculativeJIT::compileGetTypedArrayByteOffsetAsInt52):
(JSC::DFG::SpeculativeJIT::compile):
* Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h:
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::emitGetTypedArrayByteOffsetExceptSettingResult):
(JSC::FTL::DFG::LowerDFGToB3::compileGetArrayLength):
(JSC::FTL::DFG::LowerDFGToB3::compileGetTypedArrayLengthAsInt52):
(JSC::FTL::DFG::LowerDFGToB3::emitNewTypedArrayWithSize):
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* Source/JavaScriptCore/heap/StructureAlignedMemoryAllocator.cpp:
(JSC::StructureMemoryManager::commitBlock):
(JSC::StructureMemoryManager::decommitBlock):
* Source/JavaScriptCore/jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::branchIfFastTypedArray):
(JSC::AssemblyHelpers::branchIfNotFastTypedArray):
* Source/JavaScriptCore/jit/IntrinsicEmitter.cpp:
(JSC::IntrinsicGetterAccessCase::emitIntrinsicGetter):
* Source/JavaScriptCore/jsc.cpp:
(JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/llint/LowLevelInterpreter.asm:
* Source/JavaScriptCore/llint/WebAssembly.asm:
* Source/JavaScriptCore/runtime/ArrayBuffer.cpp:
(JSC::ArrayBufferContents::tryAllocate):
(JSC::ArrayBufferContents::makeShared):
(JSC::ArrayBufferContents::copyTo):
(JSC::ArrayBufferContents::shareWith):
(JSC::ArrayBuffer::createFromBytes):
(JSC::ArrayBuffer::createShared):
(JSC::ArrayBuffer::tryCreate):
(JSC::ArrayBuffer::grow):
(JSC::tryAllocate):
(JSC::ArrayBuffer::tryCreateShared):
(JSC::SharedArrayBufferContents::grow):
* Source/JavaScriptCore/runtime/ArrayBuffer.h:
(JSC::ArrayBuffer::byteLength const):
(JSC::ArrayBuffer::maxByteLength const):
(JSC::IdempotentArrayBufferByteLengthGetter::IdempotentArrayBufferByteLengthGetter):
(JSC::IdempotentArrayBufferByteLengthGetter::operator()):
* Source/JavaScriptCore/runtime/BufferMemoryHandle.cpp: Added.
(JSC::BufferMemoryHandle::fastMappedRedzoneBytes):
(JSC::BufferMemoryHandle::fastMappedBytes):
(JSC::BufferMemoryResult::toString):
(JSC::BufferMemoryResult::dump const):
(JSC::BufferMemoryManager::tryAllocateFastMemory):
(JSC::BufferMemoryManager::freeFastMemory):
(JSC::BufferMemoryManager::tryAllocateGrowableBoundsCheckingMemory):
(JSC::BufferMemoryManager::freeGrowableBoundsCheckingMemory):
(JSC::BufferMemoryManager::isInGrowableOrFastMemory):
(JSC::BufferMemoryManager::tryAllocatePhysicalBytes):
(JSC::BufferMemoryManager::freePhysicalBytes):
(JSC::BufferMemoryManager::dump const):
(JSC::BufferMemoryManager::singleton):
(JSC::BufferMemoryHandle::BufferMemoryHandle):
(JSC::BufferMemoryHandle::~BufferMemoryHandle):
(JSC::BufferMemoryHandle::memory const):
* Source/JavaScriptCore/runtime/BufferMemoryHandle.h: Added.
(JSC::BufferMemoryResult::BufferMemoryResult):
(JSC::BufferMemoryManager::memoryLimit const):
* Source/JavaScriptCore/runtime/CommonIdentifiers.h:
* Source/JavaScriptCore/runtime/JSArrayBufferConstructor.cpp:
(JSC::JSGenericArrayBufferConstructor<sharingMode>::constructImpl):
* Source/JavaScriptCore/runtime/JSArrayBufferPrototype.cpp:
(JSC::arrayBufferSlice):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSArrayBufferPrototype::finishCreation):
* Source/JavaScriptCore/runtime/JSArrayBufferView.cpp:
(JSC::JSArrayBufferView::ConstructionContext::ConstructionContext):
(JSC::JSArrayBufferView::JSArrayBufferView):
(JSC::JSArrayBufferView::finishCreation):
(JSC::JSArrayBufferView::detach):
(JSC::JSArrayBufferView::slowDownAndWasteMemory):
(JSC::isIntegerIndexedObjectOutOfBounds):
(JSC::integerIndexedObjectLength):
(JSC::integerIndexedObjectByteLength):
(WTF::printInternal):
* Source/JavaScriptCore/runtime/JSArrayBufferView.h:
(JSC::hasArrayBuffer):
(JSC::isResizable):
(JSC::JSArrayBufferView::ConstructionContext::vector const):
(JSC::JSArrayBufferView::ConstructionContext::maxByteLength const):
(JSC::JSArrayBufferView::ConstructionContext::maxByteLengthUnsafe const):
(JSC::JSArrayBufferView::vector const):
(JSC::JSArrayBufferView::maxByteLength const):
(JSC::JSArrayBufferView::offsetOfMaxByteLength):
* Source/JavaScriptCore/runtime/JSArrayBufferViewInlines.h:
(JSC::JSArrayBufferView::isShared):
(JSC::JSArrayBufferView::possiblySharedBufferImpl):
(JSC::JSArrayBufferView::existingBufferInButterfly):
* Source/JavaScriptCore/runtime/JSCJSValue.h:
* Source/JavaScriptCore/runtime/JSCJSValueInlines.h:
(JSC::JSValue::toTypedArrayIndex const):
* Source/JavaScriptCore/runtime/JSGenericTypedArrayView.h:
* Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructorInlines.h:
(JSC::constructGenericTypedArrayViewWithArguments):
(JSC::constructGenericTypedArrayViewImpl):
* Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h:
(JSC::JSGenericTypedArrayView<Adaptor>::deletePropertyByIndex):
(JSC::JSGenericTypedArrayView<Adaptor>::visitChildrenImpl):
* Source/JavaScriptCore/runtime/MemoryMode.cpp: Renamed from
Source/JavaScriptCore/wasm/WasmMemoryMode.cpp.
(WTF::printInternal):
* Source/JavaScriptCore/runtime/MemoryMode.h: Renamed from
Source/JavaScriptCore/wasm/WasmMemoryMode.h.
* Source/JavaScriptCore/runtime/OptionsList.h:
* Source/JavaScriptCore/runtime/PageCount.cpp: Renamed from
Source/JavaScriptCore/wasm/WasmPageCount.cpp.
(JSC::PageCount::dump const):
* Source/JavaScriptCore/runtime/PageCount.h: Renamed from
Source/JavaScriptCore/wasm/WasmPageCount.h.
(JSC::PageCount::PageCount):
(JSC::PageCount::bytes const):
(JSC::PageCount::pageCount const):
(JSC::PageCount::isValid):
(JSC::PageCount::isValid const):
(JSC::PageCount::fromBytes):
(JSC::PageCount::fromBytesWithRoundUp):
(JSC::PageCount::max):
(JSC::PageCount::operator bool const):
(JSC::PageCount::operator< const):
(JSC::PageCount::operator> const):
(JSC::PageCount::operator>= const):
(JSC::PageCount::operator== const):
(JSC::PageCount::operator!= const):
(JSC::PageCount::operator+ const):
* Source/JavaScriptCore/runtime/StructureInlines.h:
(JSC::Structure::hasIndexingHeader const):
* Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp:
(JSC::Wasm::AirIRGenerator::addCurrentMemory):
* Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::B3IRGenerator::addCurrentMemory):
* Source/JavaScriptCore/wasm/WasmCallee.h:
* Source/JavaScriptCore/wasm/WasmCalleeGroup.cpp:
(JSC::Wasm::CalleeGroup::isSafeToRun):
* Source/JavaScriptCore/wasm/WasmCalleeGroup.h:
* Source/JavaScriptCore/wasm/WasmFormat.h:
* Source/JavaScriptCore/wasm/WasmMemory.cpp:
(JSC::Wasm::Memory::Memory):
(JSC::Wasm::Memory::create):
(JSC::Wasm::Memory::createZeroSized):
(JSC::Wasm::Memory::tryCreate):
(JSC::Wasm::Memory::addressIsInGrowableOrFastMemory):
(JSC::Wasm::Memory::growShared):
(JSC::Wasm::Memory::grow):
(JSC::Wasm::Memory::dump const):
(JSC::Wasm::MemoryHandle::MemoryHandle): Deleted.
(JSC::Wasm::MemoryHandle::~MemoryHandle): Deleted.
(JSC::Wasm::MemoryHandle::memory const): Deleted.
(JSC::Wasm::Memory::fastMappedRedzoneBytes): Deleted.
(JSC::Wasm::Memory::fastMappedBytes): Deleted.
* Source/JavaScriptCore/wasm/WasmMemory.h:
(JSC::Wasm::Memory::maxFastMemoryCount): Deleted.
* Source/JavaScriptCore/wasm/WasmMemoryInformation.h:
* Source/JavaScriptCore/wasm/WasmModule.cpp:
(JSC::Wasm::Module::copyInitialCalleeGroupToAllMemoryModes):
* Source/JavaScriptCore/wasm/WasmModule.h:
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/wasm/js/JSToWasm.cpp:
(JSC::Wasm::createJSToWasmWrapper):
* Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp:
(JSC::JSWebAssemblyInstance::tryCreate):
* Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h:
* Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.cpp:
(JSC::JSWebAssemblyMemory::buffer):
(JSC::JSWebAssemblyMemory::grow):
(JSC::JSWebAssemblyMemory::type):
(JSC::JSWebAssemblyMemory::growSuccessCallback):
* Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.h:
* Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h:
* Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp:
(JSC::WebAssemblyFunction::calleeSaves const):
(JSC::WebAssemblyFunction::jsCallEntrypointSlow):
* Source/JavaScriptCore/wasm/js/WebAssemblyMemoryConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/wasm/js/WebAssemblyMemoryPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp:
(JSC::WebAssemblyModuleRecord::initializeImports):
* Source/WTF/wtf/OSAllocator.h:
* Source/WTF/wtf/posix/OSAllocatorPOSIX.cpp:
(WTF::OSAllocator::protect):
* Source/WTF/wtf/win/OSAllocatorWin.cpp:
(WTF::OSAllocator::protect):
* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneSerializer::dumpIfTerminal):
(WebCore::CloneDeserializer::readTerminal):
* Source/WebCore/bindings/js/SerializedScriptValue.h:
Canonical link: https://commits.webkit.org/256524@main
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
