<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[205508] trunk/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/205508">205508</a></dd>
<dt>Author</dt> <dd>ryanhaddad@apple.com</dd>
<dt>Date</dt> <dd>2016-09-06 14:43:08 -0700 (Tue, 06 Sep 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Unreviewed, rolling out <a href="http://trac.webkit.org/projects/webkit/changeset/205494">r205494</a>.
https://bugs.webkit.org/show_bug.cgi?id=161646
This change broke the Windows build (Requested by ryanhaddad
on #webkit).
Reverted changeset:
"Typed arrays should use MarkedSpace instead of CopiedSpace"
https://bugs.webkit.org/show_bug.cgi?id=161100
http://trac.webkit.org/changeset/205494
Patch by Commit Queue <commit-queue@webkit.org> on 2016-09-06</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGOperationscpp">trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGOperationsh">trunk/Source/JavaScriptCore/dfg/DFGOperations.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJITcpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJITh">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLLowerDFGToB3cpp">trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapCopyTokenh">trunk/Source/JavaScriptCore/heap/CopyToken.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapSlotVisitorcpp">trunk/Source/JavaScriptCore/heap/SlotVisitor.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITOperationsh">trunk/Source/JavaScriptCore/jit/JITOperations.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSArrayBufferViewcpp">trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSArrayBufferViewh">trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSGenericTypedArrayViewh">trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayView.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSGenericTypedArrayViewInlinesh">trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (205507 => 205508)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2016-09-06 21:35:24 UTC (rev 205507)
+++ trunk/Source/JavaScriptCore/ChangeLog 2016-09-06 21:43:08 UTC (rev 205508)
</span><span class="lines">@@ -1,5 +1,19 @@
</span><span class="cx"> 2016-09-06 Commit Queue <commit-queue@webkit.org>
</span><span class="cx">
</span><ins>+ Unreviewed, rolling out r205494.
+ https://bugs.webkit.org/show_bug.cgi?id=161646
+
+ This change broke the Windows build (Requested by ryanhaddad
+ on #webkit).
+
+ Reverted changeset:
+
+ "Typed arrays should use MarkedSpace instead of CopiedSpace"
+ https://bugs.webkit.org/show_bug.cgi?id=161100
+ http://trac.webkit.org/changeset/205494
+
+2016-09-06 Commit Queue <commit-queue@webkit.org>
+
</ins><span class="cx"> Unreviewed, rolling out r205504.
</span><span class="cx"> https://bugs.webkit.org/show_bug.cgi?id=161645
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGOperationscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp (205507 => 205508)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp 2016-09-06 21:35:24 UTC (rev 205507)
+++ trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp 2016-09-06 21:43:08 UTC (rev 205508)
</span><span class="lines">@@ -134,7 +134,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename ViewClass>
</span><del>-char* newTypedArrayWithSize(ExecState* exec, Structure* structure, int32_t size, char* vector)
</del><ins>+char* newTypedArrayWithSize(ExecState* exec, Structure* structure, int32_t size)
</ins><span class="cx"> {
</span><span class="cx"> VM& vm = exec->vm();
</span><span class="cx"> NativeCallFrameTracer tracer(&vm, exec);
</span><span class="lines">@@ -144,10 +144,6 @@
</span><span class="cx"> throwException(exec, scope, createRangeError(exec, ASCIILiteral("Requested length is negative")));
</span><span class="cx"> return 0;
</span><span class="cx"> }
</span><del>-
- if (vector)
- return bitwise_cast<char*>(ViewClass::createWithFastVector(exec, structure, size, vector));
-
</del><span class="cx"> return bitwise_cast<char*>(ViewClass::create(exec, structure, size));
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -962,9 +958,9 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewInt8ArrayWithSize(
</span><del>- ExecState* exec, Structure* structure, int32_t length, char* vector)
</del><ins>+ ExecState* exec, Structure* structure, int32_t length)
</ins><span class="cx"> {
</span><del>- return newTypedArrayWithSize<JSInt8Array>(exec, structure, length, vector);
</del><ins>+ return newTypedArrayWithSize<JSInt8Array>(exec, structure, length);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewInt8ArrayWithOneArgument(
</span><span class="lines">@@ -976,9 +972,9 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewInt16ArrayWithSize(
</span><del>- ExecState* exec, Structure* structure, int32_t length, char* vector)
</del><ins>+ ExecState* exec, Structure* structure, int32_t length)
</ins><span class="cx"> {
</span><del>- return newTypedArrayWithSize<JSInt16Array>(exec, structure, length, vector);
</del><ins>+ return newTypedArrayWithSize<JSInt16Array>(exec, structure, length);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewInt16ArrayWithOneArgument(
</span><span class="lines">@@ -990,9 +986,9 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewInt32ArrayWithSize(
</span><del>- ExecState* exec, Structure* structure, int32_t length, char* vector)
</del><ins>+ ExecState* exec, Structure* structure, int32_t length)
</ins><span class="cx"> {
</span><del>- return newTypedArrayWithSize<JSInt32Array>(exec, structure, length, vector);
</del><ins>+ return newTypedArrayWithSize<JSInt32Array>(exec, structure, length);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewInt32ArrayWithOneArgument(
</span><span class="lines">@@ -1004,9 +1000,9 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewUint8ArrayWithSize(
</span><del>- ExecState* exec, Structure* structure, int32_t length, char* vector)
</del><ins>+ ExecState* exec, Structure* structure, int32_t length)
</ins><span class="cx"> {
</span><del>- return newTypedArrayWithSize<JSUint8Array>(exec, structure, length, vector);
</del><ins>+ return newTypedArrayWithSize<JSUint8Array>(exec, structure, length);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewUint8ArrayWithOneArgument(
</span><span class="lines">@@ -1018,9 +1014,9 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewUint8ClampedArrayWithSize(
</span><del>- ExecState* exec, Structure* structure, int32_t length, char* vector)
</del><ins>+ ExecState* exec, Structure* structure, int32_t length)
</ins><span class="cx"> {
</span><del>- return newTypedArrayWithSize<JSUint8ClampedArray>(exec, structure, length, vector);
</del><ins>+ return newTypedArrayWithSize<JSUint8ClampedArray>(exec, structure, length);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewUint8ClampedArrayWithOneArgument(
</span><span class="lines">@@ -1032,9 +1028,9 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewUint16ArrayWithSize(
</span><del>- ExecState* exec, Structure* structure, int32_t length, char* vector)
</del><ins>+ ExecState* exec, Structure* structure, int32_t length)
</ins><span class="cx"> {
</span><del>- return newTypedArrayWithSize<JSUint16Array>(exec, structure, length, vector);
</del><ins>+ return newTypedArrayWithSize<JSUint16Array>(exec, structure, length);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewUint16ArrayWithOneArgument(
</span><span class="lines">@@ -1046,9 +1042,9 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewUint32ArrayWithSize(
</span><del>- ExecState* exec, Structure* structure, int32_t length, char* vector)
</del><ins>+ ExecState* exec, Structure* structure, int32_t length)
</ins><span class="cx"> {
</span><del>- return newTypedArrayWithSize<JSUint32Array>(exec, structure, length, vector);
</del><ins>+ return newTypedArrayWithSize<JSUint32Array>(exec, structure, length);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewUint32ArrayWithOneArgument(
</span><span class="lines">@@ -1060,9 +1056,9 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewFloat32ArrayWithSize(
</span><del>- ExecState* exec, Structure* structure, int32_t length, char* vector)
</del><ins>+ ExecState* exec, Structure* structure, int32_t length)
</ins><span class="cx"> {
</span><del>- return newTypedArrayWithSize<JSFloat32Array>(exec, structure, length, vector);
</del><ins>+ return newTypedArrayWithSize<JSFloat32Array>(exec, structure, length);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewFloat32ArrayWithOneArgument(
</span><span class="lines">@@ -1074,9 +1070,9 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewFloat64ArrayWithSize(
</span><del>- ExecState* exec, Structure* structure, int32_t length, char* vector)
</del><ins>+ ExecState* exec, Structure* structure, int32_t length)
</ins><span class="cx"> {
</span><del>- return newTypedArrayWithSize<JSFloat64Array>(exec, structure, length, vector);
</del><ins>+ return newTypedArrayWithSize<JSFloat64Array>(exec, structure, length);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> char* JIT_OPERATION operationNewFloat64ArrayWithOneArgument(
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGOperationsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGOperations.h (205507 => 205508)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGOperations.h 2016-09-06 21:35:24 UTC (rev 205507)
+++ trunk/Source/JavaScriptCore/dfg/DFGOperations.h 2016-09-06 21:43:08 UTC (rev 205508)
</span><span class="lines">@@ -71,23 +71,23 @@
</span><span class="cx"> char* JIT_OPERATION operationNewArrayBuffer(ExecState*, Structure*, size_t, size_t) WTF_INTERNAL;
</span><span class="cx"> char* JIT_OPERATION operationNewEmptyArray(ExecState*, Structure*) WTF_INTERNAL;
</span><span class="cx"> char* JIT_OPERATION operationNewArrayWithSize(ExecState*, Structure*, int32_t, Butterfly*) WTF_INTERNAL;
</span><del>-char* JIT_OPERATION operationNewInt8ArrayWithSize(ExecState*, Structure*, int32_t, char*) WTF_INTERNAL;
</del><ins>+char* JIT_OPERATION operationNewInt8ArrayWithSize(ExecState*, Structure*, int32_t) WTF_INTERNAL;
</ins><span class="cx"> char* JIT_OPERATION operationNewInt8ArrayWithOneArgument(ExecState*, Structure*, EncodedJSValue) WTF_INTERNAL;
</span><del>-char* JIT_OPERATION operationNewInt16ArrayWithSize(ExecState*, Structure*, int32_t, char*) WTF_INTERNAL;
</del><ins>+char* JIT_OPERATION operationNewInt16ArrayWithSize(ExecState*, Structure*, int32_t) WTF_INTERNAL;
</ins><span class="cx"> char* JIT_OPERATION operationNewInt16ArrayWithOneArgument(ExecState*, Structure*, EncodedJSValue) WTF_INTERNAL;
</span><del>-char* JIT_OPERATION operationNewInt32ArrayWithSize(ExecState*, Structure*, int32_t, char*) WTF_INTERNAL;
</del><ins>+char* JIT_OPERATION operationNewInt32ArrayWithSize(ExecState*, Structure*, int32_t) WTF_INTERNAL;
</ins><span class="cx"> char* JIT_OPERATION operationNewInt32ArrayWithOneArgument(ExecState*, Structure*, EncodedJSValue) WTF_INTERNAL;
</span><del>-char* JIT_OPERATION operationNewUint8ArrayWithSize(ExecState*, Structure*, int32_t, char*) WTF_INTERNAL;
</del><ins>+char* JIT_OPERATION operationNewUint8ArrayWithSize(ExecState*, Structure*, int32_t) WTF_INTERNAL;
</ins><span class="cx"> char* JIT_OPERATION operationNewUint8ArrayWithOneArgument(ExecState*, Structure*, EncodedJSValue) WTF_INTERNAL;
</span><del>-char* JIT_OPERATION operationNewUint8ClampedArrayWithSize(ExecState*, Structure*, int32_t, char*) WTF_INTERNAL;
</del><ins>+char* JIT_OPERATION operationNewUint8ClampedArrayWithSize(ExecState*, Structure*, int32_t) WTF_INTERNAL;
</ins><span class="cx"> char* JIT_OPERATION operationNewUint8ClampedArrayWithOneArgument(ExecState*, Structure*, EncodedJSValue) WTF_INTERNAL;
</span><del>-char* JIT_OPERATION operationNewUint16ArrayWithSize(ExecState*, Structure*, int32_t, char*) WTF_INTERNAL;
</del><ins>+char* JIT_OPERATION operationNewUint16ArrayWithSize(ExecState*, Structure*, int32_t) WTF_INTERNAL;
</ins><span class="cx"> char* JIT_OPERATION operationNewUint16ArrayWithOneArgument(ExecState*, Structure*, EncodedJSValue) WTF_INTERNAL;
</span><del>-char* JIT_OPERATION operationNewUint32ArrayWithSize(ExecState*, Structure*, int32_t, char*) WTF_INTERNAL;
</del><ins>+char* JIT_OPERATION operationNewUint32ArrayWithSize(ExecState*, Structure*, int32_t) WTF_INTERNAL;
</ins><span class="cx"> char* JIT_OPERATION operationNewUint32ArrayWithOneArgument(ExecState*, Structure*, EncodedJSValue) WTF_INTERNAL;
</span><del>-char* JIT_OPERATION operationNewFloat32ArrayWithSize(ExecState*, Structure*, int32_t, char*) WTF_INTERNAL;
</del><ins>+char* JIT_OPERATION operationNewFloat32ArrayWithSize(ExecState*, Structure*, int32_t) WTF_INTERNAL;
</ins><span class="cx"> char* JIT_OPERATION operationNewFloat32ArrayWithOneArgument(ExecState*, Structure*, EncodedJSValue) WTF_INTERNAL;
</span><del>-char* JIT_OPERATION operationNewFloat64ArrayWithSize(ExecState*, Structure*, int32_t, char*) WTF_INTERNAL;
</del><ins>+char* JIT_OPERATION operationNewFloat64ArrayWithSize(ExecState*, Structure*, int32_t) WTF_INTERNAL;
</ins><span class="cx"> char* JIT_OPERATION operationNewFloat64ArrayWithOneArgument(ExecState*, Structure*, EncodedJSValue) WTF_INTERNAL;
</span><span class="cx"> void JIT_OPERATION operationPutByValStrict(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedProperty, EncodedJSValue encodedValue) WTF_INTERNAL;
</span><span class="cx"> void JIT_OPERATION operationPutByValNonStrict(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedProperty, EncodedJSValue encodedValue) WTF_INTERNAL;
</span><span class="lines">@@ -198,7 +198,7 @@
</span><span class="cx">
</span><span class="cx"> } // extern "C"
</span><span class="cx">
</span><del>-inline P_JITOperation_EStZP operationNewTypedArrayWithSizeForType(TypedArrayType type)
</del><ins>+inline P_JITOperation_EStZ operationNewTypedArrayWithSizeForType(TypedArrayType type)
</ins><span class="cx"> {
</span><span class="cx"> switch (type) {
</span><span class="cx"> case TypeInt8:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJITcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (205507 => 205508)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp 2016-09-06 21:35:24 UTC (rev 205507)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp 2016-09-06 21:43:08 UTC (rev 205508)
</span><span class="lines">@@ -7180,8 +7180,6 @@
</span><span class="cx"> GPRReg scratchGPR2 = scratch2.gpr();
</span><span class="cx">
</span><span class="cx"> JITCompiler::JumpList slowCases;
</span><del>-
- m_jit.move(TrustedImmPtr(0), storageGPR);
</del><span class="cx">
</span><span class="cx"> slowCases.append(m_jit.branch32(
</span><span class="cx"> MacroAssembler::Above, sizeGPR, TrustedImm32(JSArrayBufferView::fastSizeLimit)));
</span><span class="lines">@@ -7193,10 +7191,26 @@
</span><span class="cx"> m_jit.add32(TrustedImm32(7), scratchGPR);
</span><span class="cx"> m_jit.and32(TrustedImm32(~7), scratchGPR);
</span><span class="cx"> }
</span><del>- m_jit.emitAllocateVariableSized(
- storageGPR, m_jit.vm()->heap.subspaceForAuxiliaryData(), scratchGPR, scratchGPR,
- scratchGPR2, slowCases);
</del><ins>+ slowCases.append(
+ emitAllocateBasicStorage(scratchGPR, storageGPR));
</ins><span class="cx">
</span><ins>+ m_jit.subPtr(scratchGPR, storageGPR);
+
+ emitAllocateJSObject<JSArrayBufferView>(
+ resultGPR, TrustedImmPtr(structure), TrustedImmPtr(0), scratchGPR, scratchGPR2,
+ slowCases);
+
+ m_jit.storePtr(
+ storageGPR,
+ MacroAssembler::Address(resultGPR, JSArrayBufferView::offsetOfVector()));
+ m_jit.store32(
+ sizeGPR,
+ MacroAssembler::Address(resultGPR, JSArrayBufferView::offsetOfLength()));
+ m_jit.store32(
+ TrustedImm32(FastTypedArray),
+ MacroAssembler::Address(resultGPR, JSArrayBufferView::offsetOfMode()));
+
+#if USE(JSVALUE32_64)
</ins><span class="cx"> MacroAssembler::Jump done = m_jit.branchTest32(MacroAssembler::Zero, sizeGPR);
</span><span class="cx"> m_jit.move(sizeGPR, scratchGPR);
</span><span class="cx"> if (elementSize(type) != 4) {
</span><span class="lines">@@ -7216,24 +7230,11 @@
</span><span class="cx"> MacroAssembler::BaseIndex(storageGPR, scratchGPR, MacroAssembler::TimesFour));
</span><span class="cx"> m_jit.branchTest32(MacroAssembler::NonZero, scratchGPR).linkTo(loop, &m_jit);
</span><span class="cx"> done.link(&m_jit);
</span><ins>+#endif // USE(JSVALUE32_64)
</ins><span class="cx">
</span><del>- emitAllocateJSObject<JSArrayBufferView>(
- resultGPR, TrustedImmPtr(structure), TrustedImmPtr(0), scratchGPR, scratchGPR2,
- slowCases);
-
- m_jit.storePtr(
- storageGPR,
- MacroAssembler::Address(resultGPR, JSArrayBufferView::offsetOfVector()));
- m_jit.store32(
- sizeGPR,
- MacroAssembler::Address(resultGPR, JSArrayBufferView::offsetOfLength()));
- m_jit.store32(
- TrustedImm32(FastTypedArray),
- MacroAssembler::Address(resultGPR, JSArrayBufferView::offsetOfMode()));
-
</del><span class="cx"> addSlowPathGenerator(slowPathCall(
</span><span class="cx"> slowCases, this, operationNewTypedArrayWithSizeForType(type),
</span><del>- resultGPR, structure, sizeGPR, storageGPR));
</del><ins>+ resultGPR, structure, sizeGPR));
</ins><span class="cx">
</span><span class="cx"> cellResult(resultGPR, node);
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJITh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h (205507 => 205508)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h 2016-09-06 21:35:24 UTC (rev 205507)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h 2016-09-06 21:43:08 UTC (rev 205508)
</span><span class="lines">@@ -988,19 +988,19 @@
</span><span class="cx"> m_jit.setupArgumentsWithExecState(TrustedImmPtr(structure));
</span><span class="cx"> return appendCallSetResult(operation, result);
</span><span class="cx"> }
</span><del>- JITCompiler::Call callOperation(P_JITOperation_EStZP operation, GPRReg result, Structure* structure, GPRReg arg2, GPRReg arg3)
</del><ins>+ JITCompiler::Call callOperation(P_JITOperation_EStZ operation, GPRReg result, Structure* structure, GPRReg arg2)
</ins><span class="cx"> {
</span><del>- m_jit.setupArgumentsWithExecState(TrustedImmPtr(structure), arg2, arg3);
</del><ins>+ m_jit.setupArgumentsWithExecState(TrustedImmPtr(structure), arg2);
</ins><span class="cx"> return appendCallSetResult(operation, result);
</span><span class="cx"> }
</span><del>- JITCompiler::Call callOperation(P_JITOperation_EStZP operation, GPRReg result, Structure* structure, size_t arg2, GPRReg arg3)
</del><ins>+ JITCompiler::Call callOperation(P_JITOperation_EStZ operation, GPRReg result, Structure* structure, size_t arg2)
</ins><span class="cx"> {
</span><del>- m_jit.setupArgumentsWithExecState(TrustedImmPtr(structure), TrustedImm32(arg2), arg3);
</del><ins>+ m_jit.setupArgumentsWithExecState(TrustedImmPtr(structure), TrustedImm32(arg2));
</ins><span class="cx"> return appendCallSetResult(operation, result);
</span><span class="cx"> }
</span><del>- JITCompiler::Call callOperation(P_JITOperation_EStZP operation, GPRReg result, GPRReg arg1, GPRReg arg2, GPRReg arg3)
</del><ins>+ JITCompiler::Call callOperation(P_JITOperation_EStZ operation, GPRReg result, GPRReg arg1, GPRReg arg2)
</ins><span class="cx"> {
</span><del>- m_jit.setupArgumentsWithExecState(arg1, arg2, arg3);
</del><ins>+ m_jit.setupArgumentsWithExecState(arg1, arg2);
</ins><span class="cx"> return appendCallSetResult(operation, result);
</span><span class="cx"> }
</span><span class="cx"> JITCompiler::Call callOperation(P_JITOperation_EStZB operation, GPRReg result, Structure* structure, GPRReg arg2, GPRReg butterfly)
</span><span class="lines">@@ -2550,6 +2550,31 @@
</span><span class="cx"> void moveFalseTo(GPRReg);
</span><span class="cx"> void blessBoolean(GPRReg);
</span><span class="cx">
</span><ins>+ // size can be an immediate or a register, and must be in bytes. If size is a register,
+ // it must be a different register than resultGPR. Emits code that place a pointer to
+ // the end of the allocation. The returned jump is the jump to the slow path.
+ template<typename SizeType>
+ MacroAssembler::Jump emitAllocateBasicStorage(SizeType size, GPRReg resultGPR)
+ {
+ CopiedAllocator* copiedAllocator = &m_jit.vm()->heap.storageAllocator();
+
+ // It's invalid to allocate zero bytes in CopiedSpace.
+#ifndef NDEBUG
+ m_jit.move(size, resultGPR);
+ MacroAssembler::Jump nonZeroSize = m_jit.branchTest32(MacroAssembler::NonZero, resultGPR);
+ m_jit.abortWithReason(DFGBasicStorageAllocatorZeroSize);
+ nonZeroSize.link(&m_jit);
+#endif
+
+ m_jit.loadPtr(&copiedAllocator->m_currentRemaining, resultGPR);
+ MacroAssembler::Jump slowPath = m_jit.branchSubPtr(JITCompiler::Signed, size, resultGPR);
+ m_jit.storePtr(resultGPR, &copiedAllocator->m_currentRemaining);
+ m_jit.negPtr(resultGPR);
+ m_jit.addPtr(JITCompiler::AbsoluteAddress(&copiedAllocator->m_currentPayloadEnd), resultGPR);
+
+ return slowPath;
+ }
+
</ins><span class="cx"> // Allocator for a cell of a specific size.
</span><span class="cx"> template <typename StructureType> // StructureType can be GPR or ImmPtr.
</span><span class="cx"> void emitAllocateJSCell(
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLLowerDFGToB3cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp (205507 => 205508)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp 2016-09-06 21:35:24 UTC (rev 205507)
+++ trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp 2016-09-06 21:43:08 UTC (rev 205508)
</span><span class="lines">@@ -4132,8 +4132,6 @@
</span><span class="cx"> LBasicBlock nonZeroCase = m_out.newBlock();
</span><span class="cx"> LBasicBlock slowCase = m_out.newBlock();
</span><span class="cx"> LBasicBlock continuation = m_out.newBlock();
</span><del>-
- ValueFromBlock noStorage = m_out.anchor(m_out.intPtrZero);
</del><span class="cx">
</span><span class="cx"> m_out.branch(
</span><span class="cx"> m_out.above(size, m_out.constInt32(JSArrayBufferView::fastSizeLimit)),
</span><span class="lines">@@ -4153,19 +4151,8 @@
</span><span class="cx"> m_out.constIntPtr(~static_cast<intptr_t>(7)));
</span><span class="cx"> }
</span><span class="cx">
</span><del>- LValue allocator = allocatorForSize(
- vm().heap.subspaceForAuxiliaryData(), byteSize, slowCase);
- LValue storage = allocateHeapCell(allocator, slowCase);
-
- splatWords(
- storage,
- m_out.int32Zero,
- m_out.castToInt32(m_out.lShr(byteSize, m_out.constIntPtr(3))),
- m_out.int64Zero,
- m_heaps.typedArrayProperties);
</del><ins>+ LValue storage = allocateBasicStorage(byteSize, slowCase);
</ins><span class="cx">
</span><del>- ValueFromBlock haveStorage = m_out.anchor(storage);
-
</del><span class="cx"> LValue fastResultValue =
</span><span class="cx"> allocateObject<JSArrayBufferView>(structure, m_out.intPtrZero, slowCase);
</span><span class="cx">
</span><span class="lines">@@ -4172,21 +4159,19 @@
</span><span class="cx"> m_out.storePtr(storage, fastResultValue, m_heaps.JSArrayBufferView_vector);
</span><span class="cx"> m_out.store32(size, fastResultValue, m_heaps.JSArrayBufferView_length);
</span><span class="cx"> m_out.store32(m_out.constInt32(FastTypedArray), fastResultValue, m_heaps.JSArrayBufferView_mode);
</span><del>-
</del><ins>+
</ins><span class="cx"> ValueFromBlock fastResult = m_out.anchor(fastResultValue);
</span><span class="cx"> m_out.jump(continuation);
</span><span class="cx">
</span><span class="cx"> m_out.appendTo(slowCase, continuation);
</span><del>- LValue storageValue = m_out.phi(pointerType(), noStorage, haveStorage);
</del><span class="cx">
</span><span class="cx"> LValue slowResultValue = lazySlowPath(
</span><span class="cx"> [=] (const Vector<Location>& locations) -> RefPtr<LazySlowPath::Generator> {
</span><span class="cx"> return createLazyCallGenerator(
</span><span class="cx"> operationNewTypedArrayWithSizeForType(type), locations[0].directGPR(),
</span><del>- CCallHelpers::TrustedImmPtr(structure), locations[1].directGPR(),
- locations[2].directGPR());
</del><ins>+ CCallHelpers::TrustedImmPtr(structure), locations[1].directGPR());
</ins><span class="cx"> },
</span><del>- size, storageValue);
</del><ins>+ size);
</ins><span class="cx"> ValueFromBlock slowResult = m_out.anchor(slowResultValue);
</span><span class="cx"> m_out.jump(continuation);
</span><span class="cx">
</span><span class="lines">@@ -7800,11 +7785,6 @@
</span><span class="cx"> else
</span><span class="cx"> hole = m_out.constInt64(JSValue::encode(JSValue()));
</span><span class="cx">
</span><del>- splatWords(butterfly, begin, end, hole, heap->atAnyIndex());
- }
-
- void splatWords(LValue base, LValue begin, LValue end, LValue value, const AbstractHeap& heap)
- {
</del><span class="cx"> const uint64_t unrollingLimit = 10;
</span><span class="cx"> if (begin->hasInt() && end->hasInt()) {
</span><span class="cx"> uint64_t beginConst = static_cast<uint64_t>(begin->asInt());
</span><span class="lines">@@ -7811,28 +7791,25 @@
</span><span class="cx"> uint64_t endConst = static_cast<uint64_t>(end->asInt());
</span><span class="cx">
</span><span class="cx"> if (endConst - beginConst <= unrollingLimit) {
</span><del>- for (uint64_t i = beginConst; i < endConst; ++i) {
- LValue pointer = m_out.add(base, m_out.constIntPtr(i * sizeof(uint64_t)));
- m_out.store64(value, TypedPointer(heap, pointer));
- }
</del><ins>+ for (uint64_t i = beginConst; i < endConst; ++i)
+ m_out.store64(hole, butterfly, heap->at(i));
</ins><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ // Doubles must be initialized to PNaN.
</ins><span class="cx"> LBasicBlock initLoop = m_out.newBlock();
</span><span class="cx"> LBasicBlock initDone = m_out.newBlock();
</span><span class="cx">
</span><del>- LBasicBlock lastNext = m_out.insertNewBlocksBefore(initLoop);
-
</del><span class="cx"> ValueFromBlock originalIndex = m_out.anchor(end);
</span><del>- ValueFromBlock originalPointer = m_out.anchor(base);
</del><ins>+ ValueFromBlock originalPointer = m_out.anchor(butterfly);
</ins><span class="cx"> m_out.branch(m_out.notEqual(end, begin), unsure(initLoop), unsure(initDone));
</span><span class="cx">
</span><del>- m_out.appendTo(initLoop, initDone);
</del><ins>+ LBasicBlock initLastNext = m_out.appendTo(initLoop, initDone);
</ins><span class="cx"> LValue index = m_out.phi(Int32, originalIndex);
</span><span class="cx"> LValue pointer = m_out.phi(pointerType(), originalPointer);
</span><span class="cx">
</span><del>- m_out.store64(value, TypedPointer(heap, pointer));
</del><ins>+ m_out.store64(hole, TypedPointer(heap->atAnyIndex(), pointer));
</ins><span class="cx">
</span><span class="cx"> LValue nextIndex = m_out.sub(index, m_out.int32One);
</span><span class="cx"> m_out.addIncomingToPhi(index, m_out.anchor(nextIndex));
</span><span class="lines">@@ -7840,7 +7817,7 @@
</span><span class="cx"> m_out.branch(
</span><span class="cx"> m_out.notEqual(nextIndex, begin), unsure(initLoop), unsure(initDone));
</span><span class="cx">
</span><del>- m_out.appendTo(initDone, lastNext);
</del><ins>+ m_out.appendTo(initDone, initLastNext);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> LValue allocatePropertyStorage(LValue object, Structure* previousStructure)
</span><span class="lines">@@ -8618,6 +8595,32 @@
</span><span class="cx"> return allocateObject(allocator, structure, butterfly, slowPath);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ // Returns a pointer to the end of the allocation.
+ LValue allocateBasicStorageAndGetEnd(LValue size, LBasicBlock slowPath)
+ {
+ CopiedAllocator& allocator = vm().heap.storageAllocator();
+
+ LBasicBlock success = m_out.newBlock();
+
+ LValue remaining = m_out.loadPtr(m_out.absolute(&allocator.m_currentRemaining));
+ LValue newRemaining = m_out.sub(remaining, size);
+
+ m_out.branch(
+ m_out.lessThan(newRemaining, m_out.intPtrZero),
+ rarely(slowPath), usually(success));
+
+ m_out.appendTo(success);
+
+ m_out.storePtr(newRemaining, m_out.absolute(&allocator.m_currentRemaining));
+ return m_out.sub(
+ m_out.loadPtr(m_out.absolute(&allocator.m_currentPayloadEnd)), newRemaining);
+ }
+
+ LValue allocateBasicStorage(LValue size, LBasicBlock slowPath)
+ {
+ return m_out.sub(allocateBasicStorageAndGetEnd(size, slowPath), size);
+ }
+
</ins><span class="cx"> LValue allocateObject(Structure* structure)
</span><span class="cx"> {
</span><span class="cx"> size_t allocationSize = JSFinalObject::allocationSize(structure->inlineCapacity());
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapCopyTokenh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/CopyToken.h (205507 => 205508)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/CopyToken.h 2016-09-06 21:35:24 UTC (rev 205507)
+++ trunk/Source/JavaScriptCore/heap/CopyToken.h 2016-09-06 21:43:08 UTC (rev 205508)
</span><span class="lines">@@ -29,6 +29,7 @@
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="cx"> enum CopyToken {
</span><ins>+ TypedArrayVectorCopyToken,
</ins><span class="cx"> MapBackingStoreCopyToken,
</span><span class="cx"> DirectArgumentsOverridesCopyToken
</span><span class="cx"> };
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapSlotVisitorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/SlotVisitor.cpp (205507 => 205508)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/SlotVisitor.cpp 2016-09-06 21:35:24 UTC (rev 205507)
+++ trunk/Source/JavaScriptCore/heap/SlotVisitor.cpp 2016-09-06 21:43:08 UTC (rev 205508)
</span><span class="lines">@@ -247,8 +247,6 @@
</span><span class="cx"> {
</span><span class="cx"> HeapCell* cell = bitwise_cast<HeapCell*>(base);
</span><span class="cx">
</span><del>- ASSERT(cell->heap() == heap());
-
</del><span class="cx"> if (Heap::testAndSetMarked(m_version, cell)) {
</span><span class="cx"> RELEASE_ASSERT(Heap::isMarked(cell));
</span><span class="cx"> return;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITOperationsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITOperations.h (205507 => 205508)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITOperations.h 2016-09-06 21:35:24 UTC (rev 205507)
+++ trunk/Source/JavaScriptCore/jit/JITOperations.h 2016-09-06 21:43:08 UTC (rev 205508)
</span><span class="lines">@@ -291,7 +291,6 @@
</span><span class="cx"> typedef char* (JIT_OPERATION *P_JITOperation_EStSS)(ExecState*, Structure*, size_t, size_t);
</span><span class="cx"> typedef char* (JIT_OPERATION *P_JITOperation_EStZ)(ExecState*, Structure*, int32_t);
</span><span class="cx"> typedef char* (JIT_OPERATION *P_JITOperation_EStZB)(ExecState*, Structure*, int32_t, Butterfly*);
</span><del>-typedef char* (JIT_OPERATION *P_JITOperation_EStZP)(ExecState*, Structure*, int32_t, char*);
</del><span class="cx"> typedef char* (JIT_OPERATION *P_JITOperation_EZZ)(ExecState*, int32_t, int32_t);
</span><span class="cx"> typedef SlowPathReturnType (JIT_OPERATION *Sprt_JITOperation_ECli)(ExecState*, CallLinkInfo*);
</span><span class="cx"> typedef StringImpl* (JIT_OPERATION *T_JITOperation_EJss)(ExecState*, JSString*);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSArrayBufferViewcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.cpp (205507 => 205508)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.cpp 2016-09-06 21:35:24 UTC (rev 205507)
+++ trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.cpp 2016-09-06 21:43:08 UTC (rev 205508)
</span><span class="lines">@@ -42,17 +42,6 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> JSArrayBufferView::ConstructionContext::ConstructionContext(
</span><del>- Structure* structure, uint32_t length, void* vector)
- : m_structure(structure)
- , m_vector(vector)
- , m_length(length)
- , m_mode(FastTypedArray)
- , m_butterfly(nullptr)
-{
- RELEASE_ASSERT(length <= fastSizeLimit);
-}
-
-JSArrayBufferView::ConstructionContext::ConstructionContext(
</del><span class="cx"> VM& vm, Structure* structure, uint32_t length, uint32_t elementSize,
</span><span class="cx"> InitializationMode mode)
</span><span class="cx"> : m_structure(0)
</span><span class="lines">@@ -61,24 +50,23 @@
</span><span class="cx"> {
</span><span class="cx"> if (length <= fastSizeLimit) {
</span><span class="cx"> // Attempt GC allocation.
</span><del>- void* temp;
</del><ins>+ void* temp = 0;
</ins><span class="cx"> size_t size = sizeOf(length, elementSize);
</span><del>- if (size) {
- temp = vm.heap.tryAllocateAuxiliary(nullptr, size);
- if (!temp)
- return;
- } else
- temp = nullptr;
</del><ins>+ // CopiedSpace only allows non-zero size allocations.
+ if (size && !vm.heap.tryAllocateStorage(0, size, &temp))
+ return;
</ins><span class="cx">
</span><span class="cx"> m_structure = structure;
</span><span class="cx"> m_vector = temp;
</span><span class="cx"> m_mode = FastTypedArray;
</span><span class="cx">
</span><ins>+#if USE(JSVALUE32_64)
</ins><span class="cx"> if (mode == ZeroFill) {
</span><span class="cx"> uint64_t* asWords = static_cast<uint64_t*>(m_vector);
</span><span class="cx"> for (unsigned i = size / sizeof(uint64_t); i--;)
</span><span class="cx"> asWords[i] = 0;
</span><span class="cx"> }
</span><ins>+#endif // USE(JSVALUE32_64)
</ins><span class="cx">
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="lines">@@ -130,7 +118,7 @@
</span><span class="cx"> , m_length(context.length())
</span><span class="cx"> , m_mode(context.mode())
</span><span class="cx"> {
</span><del>- m_vector.setWithoutBarrier(context.vector());
</del><ins>+ m_vector.setWithoutBarrier(static_cast<char*>(context.vector()));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void JSArrayBufferView::finishCreation(VM& vm)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSArrayBufferViewh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.h (205507 => 205508)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.h 2016-09-06 21:35:24 UTC (rev 205507)
+++ trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.h 2016-09-06 21:43:08 UTC (rev 205508)
</span><span class="lines">@@ -26,7 +26,7 @@
</span><span class="cx"> #ifndef JSArrayBufferView_h
</span><span class="cx"> #define JSArrayBufferView_h
</span><span class="cx">
</span><del>-#include "AuxiliaryBarrier.h"
</del><ins>+#include "CopyBarrier.h"
</ins><span class="cx"> #include "JSObject.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="lines">@@ -119,9 +119,6 @@
</span><span class="cx">
</span><span class="cx"> JS_EXPORT_PRIVATE ConstructionContext(VM&, Structure*, uint32_t length, uint32_t elementSize, InitializationMode = ZeroFill);
</span><span class="cx">
</span><del>- // This is only for constructing fast typed arrays. It's used by the JIT's slow path.
- ConstructionContext(Structure*, uint32_t length, void* vector);
-
</del><span class="cx"> JS_EXPORT_PRIVATE ConstructionContext(
</span><span class="cx"> VM&, Structure*, PassRefPtr<ArrayBuffer>,
</span><span class="cx"> unsigned byteOffset, unsigned length);
</span><span class="lines">@@ -185,7 +182,7 @@
</span><span class="cx">
</span><span class="cx"> static String toStringName(const JSObject*, ExecState*);
</span><span class="cx">
</span><del>- AuxiliaryBarrier<void*> m_vector;
</del><ins>+ CopyBarrier<char> m_vector; // this is really a void*, but void would not work here.
</ins><span class="cx"> uint32_t m_length;
</span><span class="cx"> TypedArrayMode m_mode;
</span><span class="cx"> };
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSGenericTypedArrayViewh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayView.h (205507 => 205508)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayView.h 2016-09-06 21:35:24 UTC (rev 205507)
+++ trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayView.h 2016-09-06 21:43:08 UTC (rev 205508)
</span><span class="lines">@@ -106,7 +106,6 @@
</span><span class="cx">
</span><span class="cx"> public:
</span><span class="cx"> static JSGenericTypedArrayView* create(ExecState*, Structure*, unsigned length);
</span><del>- static JSGenericTypedArrayView* createWithFastVector(ExecState*, Structure*, unsigned length, void* vector);
</del><span class="cx"> static JSGenericTypedArrayView* createUninitialized(ExecState*, Structure*, unsigned length);
</span><span class="cx"> static JSGenericTypedArrayView* create(ExecState*, Structure*, PassRefPtr<ArrayBuffer>, unsigned byteOffset, unsigned length);
</span><span class="cx"> static JSGenericTypedArrayView* create(VM&, Structure*, PassRefPtr<typename Adaptor::ViewType> impl);
</span><span class="lines">@@ -288,6 +287,7 @@
</span><span class="cx">
</span><span class="cx"> static size_t estimatedSize(JSCell*);
</span><span class="cx"> static void visitChildren(JSCell*, SlotVisitor&);
</span><ins>+ static void copyBackingStore(JSCell*, CopyVisitor&, CopyToken);
</ins><span class="cx">
</span><span class="cx"> // Allocates the full-on native buffer and moves data into the C heap if
</span><span class="cx"> // necessary. Note that this never allocates in the GC heap.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSGenericTypedArrayViewInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h (205507 => 205508)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h 2016-09-06 21:35:24 UTC (rev 205507)
+++ trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h 2016-09-06 21:43:08 UTC (rev 205508)
</span><span class="lines">@@ -63,20 +63,6 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename Adaptor>
</span><del>-JSGenericTypedArrayView<Adaptor>* JSGenericTypedArrayView<Adaptor>::createWithFastVector(
- ExecState* exec, Structure* structure, unsigned length, void* vector)
-{
- VM& vm = exec->vm();
- ConstructionContext context(structure, length, vector);
- RELEASE_ASSERT(context);
- JSGenericTypedArrayView* result =
- new (NotNull, allocateCell<JSGenericTypedArrayView>(vm.heap))
- JSGenericTypedArrayView(vm, context);
- result->finishCreation(vm);
- return result;
-}
-
-template<typename Adaptor>
</del><span class="cx"> JSGenericTypedArrayView<Adaptor>* JSGenericTypedArrayView<Adaptor>::createUninitialized(
</span><span class="cx"> ExecState* exec, Structure* structure, unsigned length)
</span><span class="cx"> {
</span><span class="lines">@@ -477,7 +463,7 @@
</span><span class="cx"> switch (thisObject->m_mode) {
</span><span class="cx"> case FastTypedArray: {
</span><span class="cx"> if (thisObject->m_vector)
</span><del>- visitor.markAuxiliary(thisObject->m_vector.get());
</del><ins>+ visitor.copyLater(thisObject, TypedArrayVectorCopyToken, thisObject->m_vector.get(), thisObject->byteSize());
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -498,6 +484,25 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename Adaptor>
</span><ins>+void JSGenericTypedArrayView<Adaptor>::copyBackingStore(
+ JSCell* cell, CopyVisitor& visitor, CopyToken token)
+{
+ JSGenericTypedArrayView* thisObject = jsCast<JSGenericTypedArrayView*>(cell);
+
+ if (token == TypedArrayVectorCopyToken
+ && visitor.checkIfShouldCopy(thisObject->m_vector.get())) {
+ ASSERT(thisObject->m_vector);
+ void* oldVector = thisObject->vector();
+ void* newVector = visitor.allocateNewSpace(thisObject->byteSize());
+ memcpy(newVector, oldVector, thisObject->byteSize());
+ thisObject->m_vector.setWithoutBarrier(static_cast<char*>(newVector));
+ visitor.didCopy(oldVector, thisObject->byteSize());
+ }
+
+ Base::copyBackingStore(thisObject, visitor, token);
+}
+
+template<typename Adaptor>
</ins><span class="cx"> ArrayBuffer* JSGenericTypedArrayView<Adaptor>::slowDownAndWasteMemory(JSArrayBufferView* object)
</span><span class="cx"> {
</span><span class="cx"> JSGenericTypedArrayView* thisObject = jsCast<JSGenericTypedArrayView*>(object);
</span><span class="lines">@@ -545,7 +550,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> thisObject->butterfly()->indexingHeader()->setArrayBuffer(buffer.get());
</span><del>- thisObject->m_vector.setWithoutBarrier(buffer->data());
</del><ins>+ thisObject->m_vector.setWithoutBarrier(static_cast<char*>(buffer->data()));
</ins><span class="cx"> thisObject->m_mode = WastefulTypedArray;
</span><span class="cx"> heap->addReference(thisObject, buffer.get());
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>