<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[208209] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/208209">208209</a></dd>
<dt>Author</dt> <dd>fpizlo@apple.com</dd>
<dt>Date</dt> <dd>2016-10-31 20:10:00 -0700 (Mon, 31 Oct 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>JSC should support SharedArrayBuffer
https://bugs.webkit.org/show_bug.cgi?id=163986
Reviewed by Keith Miller.
JSTests:
This adds our own test for the various corner cases of SharedArrayBuffer. This test is meant to
check all of the things that don't require concurrency.
* stress/SharedArrayBuffer.js: Added.
(checkAtomics):
(shouldFail):
(Symbol):
(runAtomic):
Source/JavaScriptCore:
This implements https://tc39.github.io/ecmascript_sharedmem/shmem.html.
There is now a new SharedArrayBuffer type. In the JS runtime, which includes typed array
types, the SharedArrayBuffer is a drop-in replacement for ArrayBuffer, even though they are
distinct types (new SharedArrayBuffer() instanceof ArrayBuffer == false and vice versa). The
DOM will not recognize SharedArrayBuffer, or any typed array that wraps it, to ensure safety.
This matches what other browsers intend to do, see
https://github.com/tc39/ecmascript_sharedmem/issues/38. API is provided for the DOM to opt
into SharedArrayBuffer. One notable place is postMessage, which will share the
SharedArrayBuffer's underlying data storage with other workers. This creates a pool of shared
memory that the workers can use to talk to each other.
There is also an Atomics object in global scope, which exposes sequentially consistent atomic
operations: add, and, compareExchange, exchange, load, or, store, sub, and xor. Additionally
it exposes a Atomics.isLockFree utility, which takes a byte amount and returns true or false.
Also there is Atomics.wake/wait, which neatly map to ParkingLot.
Accesses to typed arrays that wrap SharedArrayBuffer are optimized by JSC the same way as
always. I believe that DFG and B3 already obey the following memory model, which I believe is
a bit weaker than Cambridge and a bit stronger than what is being proposed for
SharedArrayBuffer. To predict a program's behavior under the B3 memory model, imagine the
space of all possible programs that would result from running an optimizer that adversarially
follows B3's transformation rules. B3 transformations are correct if the newly created
program is equivalent to the old one, assuming that any opaque effect in IR (like the reads
and writes of a patchpoint/call/fence) could perform any load/store that satisfies the
B3::Effects summary. Opaque effects are a way of describing an infinite set of programs: any
program that only does the effects summarized in B3::Effects belongs to the set. For example,
this prevents motion of operations across fences since fences are summarized as opaque
effects that could read or write memory. This rule alone is not enough, because it leaves the
door open for turning an atomic operation (like a load) into a non-atomic one (like a load
followed by a store of the same value back to the same location or multiple loads). This is
not an optimization that either our compiler or the CPU would want to do. One way to think of
what exactly is forbidden is that B3 transformations that mess with memory accesses can only
reorder them or remove them. This means that for any execution of the untransformed program,
the corresponding execution of the transformed program (i.e. with the same input arguments
and the same programs filled in for the opaque effects) must have the same loads and stores,
with some removed and some reordered. This is a fairly simple mental model that B3 and DFG
already follow and it's based on existing abstractions for the infinite set of programs
inside an opaque effect (DFG's AbstractHeaps and B3's Effects).
This patch makes all atomics operations intrinsic, but the DFG doesn't know about any of them
yet. That's covered by bug 164108.
This ought to be perf-neutral, but I am still running tests to confirm this. I'm also still
writing new tests to cover all of the Atomics functionality and the behavior of SAB objects.
* API/JSTypedArray.cpp:
(JSObjectGetTypedArrayBytesPtr):
(JSObjectGetTypedArrayBuffer):
(JSObjectMakeArrayBufferWithBytesNoCopy):
* API/tests/CompareAndSwapTest.cpp:
(Bitmap::concurrentTestAndSet):
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGDesiredWatchpoints.cpp:
(JSC::DFG::ArrayBufferViewWatchpointAdaptor::add):
* heap/Heap.cpp:
(JSC::Heap::reportExtraMemoryVisited):
(JSC::Heap::reportExternalMemoryVisited):
* jsc.cpp:
(functionTransferArrayBuffer):
* runtime/ArrayBuffer.cpp:
(JSC::SharedArrayBufferContents::SharedArrayBufferContents):
(JSC::SharedArrayBufferContents::~SharedArrayBufferContents):
(JSC::ArrayBufferContents::ArrayBufferContents):
(JSC::ArrayBufferContents::operator=):
(JSC::ArrayBufferContents::~ArrayBufferContents):
(JSC::ArrayBufferContents::clear):
(JSC::ArrayBufferContents::destroy):
(JSC::ArrayBufferContents::reset):
(JSC::ArrayBufferContents::tryAllocate):
(JSC::ArrayBufferContents::makeShared):
(JSC::ArrayBufferContents::transferTo):
(JSC::ArrayBufferContents::copyTo):
(JSC::ArrayBufferContents::shareWith):
(JSC::ArrayBuffer::create):
(JSC::ArrayBuffer::createAdopted):
(JSC::ArrayBuffer::createFromBytes):
(JSC::ArrayBuffer::tryCreate):
(JSC::ArrayBuffer::createUninitialized):
(JSC::ArrayBuffer::tryCreateUninitialized):
(JSC::ArrayBuffer::createInternal):
(JSC::ArrayBuffer::ArrayBuffer):
(JSC::ArrayBuffer::slice):
(JSC::ArrayBuffer::sliceImpl):
(JSC::ArrayBuffer::makeShared):
(JSC::ArrayBuffer::setSharingMode):
(JSC::ArrayBuffer::transferTo):
(JSC::ArrayBuffer::transfer): Deleted.
* runtime/ArrayBuffer.h:
(JSC::arrayBufferSharingModeName):
(JSC::SharedArrayBufferContents::data):
(JSC::ArrayBufferContents::data):
(JSC::ArrayBufferContents::sizeInBytes):
(JSC::ArrayBufferContents::isShared):
(JSC::ArrayBuffer::sharingMode):
(JSC::ArrayBuffer::isShared):
(JSC::ArrayBuffer::gcSizeEstimateInBytes):
(JSC::arrayBufferDestructorNull): Deleted.
(JSC::arrayBufferDestructorDefault): Deleted.
(JSC::ArrayBufferContents::ArrayBufferContents): Deleted.
(JSC::ArrayBufferContents::transfer): Deleted.
(JSC::ArrayBufferContents::copyTo): Deleted.
(JSC::ArrayBuffer::create): Deleted.
(JSC::ArrayBuffer::createAdopted): Deleted.
(JSC::ArrayBuffer::createFromBytes): Deleted.
(JSC::ArrayBuffer::tryCreate): Deleted.
(JSC::ArrayBuffer::createUninitialized): Deleted.
(JSC::ArrayBuffer::tryCreateUninitialized): Deleted.
(JSC::ArrayBuffer::createInternal): Deleted.
(JSC::ArrayBuffer::ArrayBuffer): Deleted.
(JSC::ArrayBuffer::slice): Deleted.
(JSC::ArrayBuffer::sliceImpl): Deleted.
(JSC::ArrayBufferContents::tryAllocate): Deleted.
(JSC::ArrayBufferContents::~ArrayBufferContents): Deleted.
* runtime/ArrayBufferSharingMode.h: Added.
* runtime/ArrayBufferView.h:
(JSC::ArrayBufferView::possiblySharedBuffer):
(JSC::ArrayBufferView::unsharedBuffer):
(JSC::ArrayBufferView::isShared):
(JSC::ArrayBufferView::buffer): Deleted.
* runtime/AtomicsObject.cpp: Added.
(JSC::AtomicsObject::AtomicsObject):
(JSC::AtomicsObject::create):
(JSC::AtomicsObject::createStructure):
(JSC::AtomicsObject::finishCreation):
(JSC::atomicsFuncAdd):
(JSC::atomicsFuncAnd):
(JSC::atomicsFuncCompareExchange):
(JSC::atomicsFuncExchange):
(JSC::atomicsFuncIsLockFree):
(JSC::atomicsFuncLoad):
(JSC::atomicsFuncOr):
(JSC::atomicsFuncStore):
(JSC::atomicsFuncSub):
(JSC::atomicsFuncWait):
(JSC::atomicsFuncWake):
(JSC::atomicsFuncXor):
* runtime/AtomicsObject.h: Added.
* runtime/CommonIdentifiers.h:
* runtime/DataView.cpp:
(JSC::DataView::wrap):
* runtime/GenericTypedArrayViewInlines.h:
(JSC::GenericTypedArrayView<Adaptor>::subarray):
* runtime/Intrinsic.h:
* runtime/JSArrayBuffer.cpp:
(JSC::JSArrayBuffer::finishCreation):
(JSC::JSArrayBuffer::isShared):
(JSC::JSArrayBuffer::sharingMode):
* runtime/JSArrayBuffer.h:
(JSC::toPossiblySharedArrayBuffer):
(JSC::toUnsharedArrayBuffer):
(JSC::JSArrayBuffer::toWrapped):
(JSC::toArrayBuffer): Deleted.
* runtime/JSArrayBufferConstructor.cpp:
(JSC::JSArrayBufferConstructor::JSArrayBufferConstructor):
(JSC::JSArrayBufferConstructor::finishCreation):
(JSC::JSArrayBufferConstructor::create):
(JSC::constructArrayBuffer):
* runtime/JSArrayBufferConstructor.h:
(JSC::JSArrayBufferConstructor::sharingMode):
* runtime/JSArrayBufferPrototype.cpp:
(JSC::arrayBufferProtoFuncSlice):
(JSC::JSArrayBufferPrototype::JSArrayBufferPrototype):
(JSC::JSArrayBufferPrototype::finishCreation):
(JSC::JSArrayBufferPrototype::create):
* runtime/JSArrayBufferPrototype.h:
* runtime/JSArrayBufferView.cpp:
(JSC::JSArrayBufferView::finishCreation):
(JSC::JSArrayBufferView::visitChildren):
(JSC::JSArrayBufferView::unsharedBuffer):
(JSC::JSArrayBufferView::unsharedJSBuffer):
(JSC::JSArrayBufferView::possiblySharedJSBuffer):
(JSC::JSArrayBufferView::neuter):
(JSC::JSArrayBufferView::toWrapped): Deleted.
* runtime/JSArrayBufferView.h:
(JSC::JSArrayBufferView::jsBuffer): Deleted.
* runtime/JSArrayBufferViewInlines.h:
(JSC::JSArrayBufferView::isShared):
(JSC::JSArrayBufferView::possiblySharedBuffer):
(JSC::JSArrayBufferView::possiblySharedImpl):
(JSC::JSArrayBufferView::unsharedImpl):
(JSC::JSArrayBufferView::byteOffset):
(JSC::JSArrayBufferView::toWrapped):
(JSC::JSArrayBufferView::buffer): Deleted.
(JSC::JSArrayBufferView::impl): Deleted.
(JSC::JSArrayBufferView::neuter): Deleted.
* runtime/JSDataView.cpp:
(JSC::JSDataView::possiblySharedTypedImpl):
(JSC::JSDataView::unsharedTypedImpl):
(JSC::JSDataView::getTypedArrayImpl):
(JSC::JSDataView::typedImpl): Deleted.
* runtime/JSDataView.h:
(JSC::JSDataView::possiblySharedBuffer):
(JSC::JSDataView::unsharedBuffer):
(JSC::JSDataView::buffer): Deleted.
* runtime/JSDataViewPrototype.cpp:
(JSC::dataViewProtoGetterBuffer):
* runtime/JSGenericTypedArrayView.h:
(JSC::toPossiblySharedNativeTypedView):
(JSC::toUnsharedNativeTypedView):
(JSC::JSGenericTypedArrayView<Adaptor>::toWrapped):
(JSC::JSGenericTypedArrayView::typedImpl): Deleted.
(JSC::toNativeTypedView): Deleted.
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::JSGenericTypedArrayView<Adaptor>::create):
(JSC::JSGenericTypedArrayView<Adaptor>::possiblySharedTypedImpl):
(JSC::JSGenericTypedArrayView<Adaptor>::unsharedTypedImpl):
(JSC::JSGenericTypedArrayView<Adaptor>::getTypedArrayImpl):
* runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
(JSC::genericTypedArrayViewProtoGetterFuncBuffer):
(JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
* runtime/JSGlobalObject.cpp:
(JSC::createAtomicsProperty):
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::arrayBufferPrototype):
(JSC::JSGlobalObject::arrayBufferStructure):
* runtime/MathObject.cpp:
* runtime/RuntimeFlags.h:
* runtime/SimpleTypedArrayController.cpp:
(JSC::SimpleTypedArrayController::toJS):
* runtime/TypedArrayType.h:
(JSC::typedArrayTypeForType):
Source/WebCore:
New tests added in the LayoutTests/workers/sab directory.
This teaches WebCore that a typed array could be shared or not. By default, WebCore will
reject shared typed arrays as if they were not typed arrays. This ensures that we don't get
race conditions in code that can't handle it.
If you postMessage a SharedArrayBuffer or something that wraps it, you will send the shared
memory to the other worker.
* Modules/encryptedmedia/CDMSessionClearKey.cpp:
(WebCore::CDMSessionClearKey::cachedKeyForKeyID):
* Modules/fetch/FetchBody.cpp:
(WebCore::FetchBody::extract):
* Modules/mediastream/RTCDataChannel.cpp:
(WebCore::RTCDataChannel::send):
* Modules/webaudio/AudioBuffer.cpp:
(WebCore::AudioBuffer::getChannelData):
* Modules/websockets/WebSocket.cpp:
(WebCore::WebSocket::send):
* bindings/js/JSBlobCustom.cpp:
(WebCore::constructJSBlob):
* bindings/js/JSCryptoAlgorithmDictionary.cpp:
(WebCore::createRsaKeyGenParams):
* bindings/js/JSCryptoCustom.cpp:
(WebCore::JSCrypto::getRandomValues):
* bindings/js/JSCryptoOperationData.cpp:
(WebCore::cryptoOperationDataFromJSValue):
* bindings/js/JSDOMBinding.h:
(WebCore::toJS):
(WebCore::toPossiblySharedArrayBufferView):
(WebCore::toUnsharedArrayBufferView):
(WebCore::toPossiblySharedInt8Array):
(WebCore::toPossiblySharedInt16Array):
(WebCore::toPossiblySharedInt32Array):
(WebCore::toPossiblySharedUint8Array):
(WebCore::toPossiblySharedUint8ClampedArray):
(WebCore::toPossiblySharedUint16Array):
(WebCore::toPossiblySharedUint32Array):
(WebCore::toPossiblySharedFloat32Array):
(WebCore::toPossiblySharedFloat64Array):
(WebCore::toUnsharedInt8Array):
(WebCore::toUnsharedInt16Array):
(WebCore::toUnsharedInt32Array):
(WebCore::toUnsharedUint8Array):
(WebCore::toUnsharedUint8ClampedArray):
(WebCore::toUnsharedUint16Array):
(WebCore::toUnsharedUint32Array):
(WebCore::toUnsharedFloat32Array):
(WebCore::toUnsharedFloat64Array):
(WebCore::toArrayBufferView): Deleted.
(WebCore::toInt8Array): Deleted.
(WebCore::toInt16Array): Deleted.
(WebCore::toInt32Array): Deleted.
(WebCore::toUint8Array): Deleted.
(WebCore::toUint8ClampedArray): Deleted.
(WebCore::toUint16Array): Deleted.
(WebCore::toUint32Array): Deleted.
(WebCore::toFloat32Array): Deleted.
(WebCore::toFloat64Array): Deleted.
* bindings/js/JSDataCueCustom.cpp:
(WebCore::constructJSDataCue):
* bindings/js/JSDictionary.cpp:
(WebCore::JSDictionary::convertValue):
* bindings/js/JSFileCustom.cpp:
(WebCore::constructJSFile):
* bindings/js/JSMessagePortCustom.cpp:
(WebCore::extractTransferables):
* bindings/js/JSWebGLRenderingContextBaseCustom.cpp:
(WebCore::dataFunctionf):
(WebCore::dataFunctioni):
(WebCore::dataFunctionMatrix):
* bindings/js/JSXMLHttpRequestCustom.cpp:
(WebCore::JSXMLHttpRequest::send):
* bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneSerializer::dumpArrayBufferView):
(WebCore::CloneSerializer::dumpIfTerminal):
(WebCore::CloneDeserializer::readArrayBufferView):
(WebCore::CloneDeserializer::readTerminal):
(WebCore::SerializedScriptValue::transferArrayBuffers):
* bindings/js/StructuredClone.cpp:
(WebCore::structuredCloneArrayBuffer):
(WebCore::structuredCloneArrayBufferView):
* bindings/scripts/CodeGeneratorJS.pm:
(JSValueToNative):
* css/FontFace.cpp:
(WebCore::FontFace::create):
* html/canvas/WebGL2RenderingContext.cpp:
(WebCore::WebGL2RenderingContext::bufferData):
(WebCore::WebGL2RenderingContext::bufferSubData):
* platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
(WebCore::MediaPlayerPrivateAVFoundation::extractKeyURIKeyIDAndCertificateFromInitData):
Source/WebKit/mac:
Support the RuntimeFlag.
* WebView/WebPreferencesPrivate.h:
Source/WebKit/win:
Support the RuntimeFlag.
* Interfaces/IWebPreferencesPrivate.idl:
Source/WebKit2:
Adds some small things we need for SharedArrayBuffer.
* UIProcess/API/C/WKPreferencesRefPrivate.h:
* UIProcess/API/Cocoa/WKPreferencesPrivate.h:
* WebProcess/InjectedBundle/InjectedBundle.cpp:
(WebKit::InjectedBundle::createWebDataFromUint8Array):
Source/WTF:
Adds some small things we need for SharedArrayBuffer.
* wtf/Atomics.h:
(WTF::Atomic::compareExchangeWeakRelaxed):
(WTF::Atomic::exchangeAdd):
(WTF::Atomic::exchangeAnd):
(WTF::Atomic::exchangeOr):
(WTF::Atomic::exchangeSub):
(WTF::Atomic::exchangeXor):
(WTF::atomicLoad):
(WTF::atomicStore):
(WTF::atomicCompareExchangeWeak):
(WTF::atomicCompareExchangeWeakRelaxed):
(WTF::atomicCompareExchangeStrong):
(WTF::atomicExchangeAdd):
(WTF::atomicExchangeAnd):
(WTF::atomicExchangeOr):
(WTF::atomicExchangeSub):
(WTF::atomicExchangeXor):
(WTF::atomicExchange):
(WTF::Atomic::exchangeAndAdd): Deleted.
(WTF::weakCompareAndSwap): Deleted.
We need to be able to do atomics operations on naked pointers. We also need to be able to do
all of the things that std::atomic does. This adds those things and renames
weakCompareAndSwap to atomicCompareExchangeWeakRelaxed so that we're using consistent
terminology.
* wtf/Bitmap.h:
(WTF::WordType>::concurrentTestAndSet): Renamed weakCompareAndSwap.
(WTF::WordType>::concurrentTestAndClear): Renamed weakCompareAndSwap.
* wtf/FastBitVector.h:
(WTF::FastBitVector::atomicSetAndCheck): Renamed weakCompareAndSwap.
* wtf/ParkingLot.cpp:
(WTF::ParkingLot::unparkOne):
(WTF::ParkingLot::unparkCount):
* wtf/ParkingLot.h:
Added unparkCount(), which lets you unpark some bounded number of threads and returns the
number of threads unparked. This is just a modest extension of unparkAll(). unparkAll() now
just calls unparkCount(ptr, UINT_MAX).
Tools:
Use the right kind of typed array API.
* DumpRenderTree/TestRunner.cpp:
(setAudioResultCallback):
LayoutTests:
Adding tests. This is a work in progress.
* workers/sab: Added.
* workers/sab/simple-worker-1.js: Added.
(onmessage):
* workers/sab/simple-worker-2.js: Added.
(onmessage):
* workers/sab/simple.html: Added.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkJSTestsChangeLog">trunk/JSTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsjsdomglobalconstructorsattributesdedicatedworkerexpectedtxt">trunk/LayoutTests/js/dom/global-constructors-attributes-dedicated-worker-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformmacjsdomglobalconstructorsattributesexpectedtxt">trunk/LayoutTests/platform/mac/js/dom/global-constructors-attributes-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformmacwk1jsdomglobalconstructorsattributesexpectedtxt">trunk/LayoutTests/platform/mac-wk1/js/dom/global-constructors-attributes-expected.txt</a></li>
<li><a href="#trunkLayoutTestsplatformmacyosemitejsdomglobalconstructorsattributesexpectedtxt">trunk/LayoutTests/platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt</a></li>
<li><a href="#trunkSourceJavaScriptCoreAPIJSTypedArraycpp">trunk/Source/JavaScriptCore/API/JSTypedArray.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreAPItestsCompareAndSwapTestcpp">trunk/Source/JavaScriptCore/API/tests/CompareAndSwapTest.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreCMakeListstxt">trunk/Source/JavaScriptCore/CMakeLists.txt</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj">trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeCodeBlockcpp">trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGDesiredWatchpointscpp">trunk/Source/JavaScriptCore/dfg/DFGDesiredWatchpoints.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapHeapcpp">trunk/Source/JavaScriptCore/heap/Heap.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapLargeAllocationh">trunk/Source/JavaScriptCore/heap/LargeAllocation.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejsccpp">trunk/Source/JavaScriptCore/jsc.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeArrayBuffercpp">trunk/Source/JavaScriptCore/runtime/ArrayBuffer.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeArrayBufferh">trunk/Source/JavaScriptCore/runtime/ArrayBuffer.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeArrayBufferViewh">trunk/Source/JavaScriptCore/runtime/ArrayBufferView.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeCommonIdentifiersh">trunk/Source/JavaScriptCore/runtime/CommonIdentifiers.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeDataViewcpp">trunk/Source/JavaScriptCore/runtime/DataView.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeGenericTypedArrayViewInlinesh">trunk/Source/JavaScriptCore/runtime/GenericTypedArrayViewInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeIntrinsich">trunk/Source/JavaScriptCore/runtime/Intrinsic.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSArrayBuffercpp">trunk/Source/JavaScriptCore/runtime/JSArrayBuffer.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSArrayBufferh">trunk/Source/JavaScriptCore/runtime/JSArrayBuffer.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSArrayBufferConstructorcpp">trunk/Source/JavaScriptCore/runtime/JSArrayBufferConstructor.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSArrayBufferConstructorh">trunk/Source/JavaScriptCore/runtime/JSArrayBufferConstructor.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSArrayBufferPrototypecpp">trunk/Source/JavaScriptCore/runtime/JSArrayBufferPrototype.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSArrayBufferPrototypeh">trunk/Source/JavaScriptCore/runtime/JSArrayBufferPrototype.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSArrayBufferViewcpp">trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSArrayBufferViewh">trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSArrayBufferViewInlinesh">trunk/Source/JavaScriptCore/runtime/JSArrayBufferViewInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSDataViewcpp">trunk/Source/JavaScriptCore/runtime/JSDataView.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSDataViewh">trunk/Source/JavaScriptCore/runtime/JSDataView.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSDataViewPrototypecpp">trunk/Source/JavaScriptCore/runtime/JSDataViewPrototype.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSGenericTypedArrayViewh">trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayView.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSGenericTypedArrayViewInlinesh">trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSGenericTypedArrayViewPrototypeFunctionsh">trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSGlobalObjectcpp">trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSGlobalObjecth">trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeMathObjectcpp">trunk/Source/JavaScriptCore/runtime/MathObject.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeRuntimeFlagsh">trunk/Source/JavaScriptCore/runtime/RuntimeFlags.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeSimpleTypedArrayControllercpp">trunk/Source/JavaScriptCore/runtime/SimpleTypedArrayController.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeSimpleTypedArrayControllerh">trunk/Source/JavaScriptCore/runtime/SimpleTypedArrayController.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeTypedArrayControllerh">trunk/Source/JavaScriptCore/runtime/TypedArrayController.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeTypedArrayTypeh">trunk/Source/JavaScriptCore/runtime/TypedArrayType.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeVMh">trunk/Source/JavaScriptCore/runtime/VM.h</a></li>
<li><a href="#trunkSourceWTFChangeLog">trunk/Source/WTF/ChangeLog</a></li>
<li><a href="#trunkSourceWTFwtfAtomicsh">trunk/Source/WTF/wtf/Atomics.h</a></li>
<li><a href="#trunkSourceWTFwtfBitmaph">trunk/Source/WTF/wtf/Bitmap.h</a></li>
<li><a href="#trunkSourceWTFwtfFastBitVectorh">trunk/Source/WTF/wtf/FastBitVector.h</a></li>
<li><a href="#trunkSourceWTFwtfParkingLotcpp">trunk/Source/WTF/wtf/ParkingLot.cpp</a></li>
<li><a href="#trunkSourceWTFwtfParkingLoth">trunk/Source/WTF/wtf/ParkingLot.h</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreModulesencryptedmediaCDMSessionClearKeycpp">trunk/Source/WebCore/Modules/encryptedmedia/CDMSessionClearKey.cpp</a></li>
<li><a href="#trunkSourceWebCoreModulesfetchFetchBodycpp">trunk/Source/WebCore/Modules/fetch/FetchBody.cpp</a></li>
<li><a href="#trunkSourceWebCoreModulesmediastreamRTCDataChannelcpp">trunk/Source/WebCore/Modules/mediastream/RTCDataChannel.cpp</a></li>
<li><a href="#trunkSourceWebCoreModuleswebaudioAudioBuffercpp">trunk/Source/WebCore/Modules/webaudio/AudioBuffer.cpp</a></li>
<li><a href="#trunkSourceWebCoreModuleswebsocketsWebSocketcpp">trunk/Source/WebCore/Modules/websockets/WebSocket.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSBlobCustomcpp">trunk/Source/WebCore/bindings/js/JSBlobCustom.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSCryptoAlgorithmDictionarycpp">trunk/Source/WebCore/bindings/js/JSCryptoAlgorithmDictionary.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSCryptoCustomcpp">trunk/Source/WebCore/bindings/js/JSCryptoCustom.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSCryptoOperationDatacpp">trunk/Source/WebCore/bindings/js/JSCryptoOperationData.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSDOMBindingh">trunk/Source/WebCore/bindings/js/JSDOMBinding.h</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSDataCueCustomcpp">trunk/Source/WebCore/bindings/js/JSDataCueCustom.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSDictionarycpp">trunk/Source/WebCore/bindings/js/JSDictionary.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSFileCustomcpp">trunk/Source/WebCore/bindings/js/JSFileCustom.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSMessagePortCustomcpp">trunk/Source/WebCore/bindings/js/JSMessagePortCustom.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSWebGLRenderingContextBaseCustomcpp">trunk/Source/WebCore/bindings/js/JSWebGLRenderingContextBaseCustom.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSWorkerCustomcpp">trunk/Source/WebCore/bindings/js/JSWorkerCustom.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSWorkerGlobalScopeBasecpp">trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSXMLHttpRequestCustomcpp">trunk/Source/WebCore/bindings/js/JSXMLHttpRequestCustom.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsSerializedScriptValuecpp">trunk/Source/WebCore/bindings/js/SerializedScriptValue.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsStructuredClonecpp">trunk/Source/WebCore/bindings/js/StructuredClone.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsWebCoreTypedArrayControllercpp">trunk/Source/WebCore/bindings/js/WebCoreTypedArrayController.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsWebCoreTypedArrayControllerh">trunk/Source/WebCore/bindings/js/WebCoreTypedArrayController.h</a></li>
<li><a href="#trunkSourceWebCorebindingsscriptsCodeGeneratorJSpm">trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm</a></li>
<li><a href="#trunkSourceWebCorecssFontFacecpp">trunk/Source/WebCore/css/FontFace.cpp</a></li>
<li><a href="#trunkSourceWebCorehtmlcanvasWebGL2RenderingContextcpp">trunk/Source/WebCore/html/canvas/WebGL2RenderingContext.cpp</a></li>
<li><a href="#trunkSourceWebCoreplatformgraphicsavfoundationMediaPlayerPrivateAVFoundationcpp">trunk/Source/WebCore/platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp</a></li>
<li><a href="#trunkSourceWebCoreworkersDedicatedWorkerThreadcpp">trunk/Source/WebCore/workers/DedicatedWorkerThread.cpp</a></li>
<li><a href="#trunkSourceWebCoreworkersDedicatedWorkerThreadh">trunk/Source/WebCore/workers/DedicatedWorkerThread.h</a></li>
<li><a href="#trunkSourceWebCoreworkersWorkercpp">trunk/Source/WebCore/workers/Worker.cpp</a></li>
<li><a href="#trunkSourceWebCoreworkersWorkerh">trunk/Source/WebCore/workers/Worker.h</a></li>
<li><a href="#trunkSourceWebCoreworkersWorkerGlobalScopeProxyh">trunk/Source/WebCore/workers/WorkerGlobalScopeProxy.h</a></li>
<li><a href="#trunkSourceWebCoreworkersWorkerMessagingProxycpp">trunk/Source/WebCore/workers/WorkerMessagingProxy.cpp</a></li>
<li><a href="#trunkSourceWebCoreworkersWorkerMessagingProxyh">trunk/Source/WebCore/workers/WorkerMessagingProxy.h</a></li>
<li><a href="#trunkSourceWebCoreworkersWorkerThreadcpp">trunk/Source/WebCore/workers/WorkerThread.cpp</a></li>
<li><a href="#trunkSourceWebCoreworkersWorkerThreadh">trunk/Source/WebCore/workers/WorkerThread.h</a></li>
<li><a href="#trunkSourceWebKitmacChangeLog">trunk/Source/WebKit/mac/ChangeLog</a></li>
<li><a href="#trunkSourceWebKitmacWebViewWebPreferencesPrivateh">trunk/Source/WebKit/mac/WebView/WebPreferencesPrivate.h</a></li>
<li><a href="#trunkSourceWebKitwinChangeLog">trunk/Source/WebKit/win/ChangeLog</a></li>
<li><a href="#trunkSourceWebKitwinInterfacesIWebPreferencesPrivateidl">trunk/Source/WebKit/win/Interfaces/IWebPreferencesPrivate.idl</a></li>
<li><a href="#trunkSourceWebKit2ChangeLog">trunk/Source/WebKit2/ChangeLog</a></li>
<li><a href="#trunkSourceWebKit2UIProcessAPICWKPreferencesRefPrivateh">trunk/Source/WebKit2/UIProcess/API/C/WKPreferencesRefPrivate.h</a></li>
<li><a href="#trunkSourceWebKit2UIProcessAPICocoaWKPreferencesPrivateh">trunk/Source/WebKit2/UIProcess/API/Cocoa/WKPreferencesPrivate.h</a></li>
<li><a href="#trunkSourceWebKit2WebProcessInjectedBundleInjectedBundlecpp">trunk/Source/WebKit2/WebProcess/InjectedBundle/InjectedBundle.cpp</a></li>
<li><a href="#trunkToolsChangeLog">trunk/Tools/ChangeLog</a></li>
<li><a href="#trunkToolsDumpRenderTreeTestRunnercpp">trunk/Tools/DumpRenderTree/TestRunner.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkJSTestsstressSharedArrayBufferjs">trunk/JSTests/stress/SharedArrayBuffer.js</a></li>
<li>trunk/LayoutTests/workers/sab/</li>
<li><a href="#trunkLayoutTestsworkerssabsimpleexpectedtxt">trunk/LayoutTests/workers/sab/simple-expected.txt</a></li>
<li><a href="#trunkLayoutTestsworkerssabsimpleworker1js">trunk/LayoutTests/workers/sab/simple-worker-1.js</a></li>
<li><a href="#trunkLayoutTestsworkerssabsimpleworker2js">trunk/LayoutTests/workers/sab/simple-worker-2.js</a></li>
<li><a href="#trunkLayoutTestsworkerssabsimplehtml">trunk/LayoutTests/workers/sab/simple.html</a></li>
<li><a href="#trunkLayoutTestsworkerssabworkerresourcesjs">trunk/LayoutTests/workers/sab/worker-resources.js</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeArrayBufferSharingModeh">trunk/Source/JavaScriptCore/runtime/ArrayBufferSharingMode.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeAtomicsObjectcpp">trunk/Source/JavaScriptCore/runtime/AtomicsObject.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeAtomicsObjecth">trunk/Source/JavaScriptCore/runtime/AtomicsObject.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkJSTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/JSTests/ChangeLog (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/ChangeLog 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/JSTests/ChangeLog 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,3 +1,19 @@
</span><ins>+2016-10-31 Filip Pizlo <fpizlo@apple.com>
+
+ JSC should support SharedArrayBuffer
+ https://bugs.webkit.org/show_bug.cgi?id=163986
+
+ Reviewed by Keith Miller.
+
+ This adds our own test for the various corner cases of SharedArrayBuffer. This test is meant to
+ check all of the things that don't require concurrency.
+
+ * stress/SharedArrayBuffer.js: Added.
+ (checkAtomics):
+ (shouldFail):
+ (Symbol):
+ (runAtomic):
+
</ins><span class="cx"> 2016-10-31 Saam Barati <sbarati@apple.com>
</span><span class="cx">
</span><span class="cx"> We should be able to eliminate rest parameter allocations
</span></span></pre></div>
<a id="trunkJSTestsstressSharedArrayBufferjs"></a>
<div class="addfile"><h4>Added: trunk/JSTests/stress/SharedArrayBuffer.js (0 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/stress/SharedArrayBuffer.js (rev 0)
+++ trunk/JSTests/stress/SharedArrayBuffer.js 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -0,0 +1,133 @@
</span><ins>+// This is a basic test of SharedArrayBuffer API as we understand it.
+
+if (SharedArrayBuffer == ArrayBuffer)
+ throw new Error("SharedArrayBuffer and ArrayBuffer should be distinct");
+
+if (SharedArrayBuffer.prototype == ArrayBuffer.prototype)
+ throw new Error("SharedArrayBuffer.prototype and ArrayBuffer.prototype should be distinct");
+
+if (SharedArrayBuffer.prototype.__proto__ != Object.prototype)
+ throw new Error("SharedArrayBuffer.prototype.__proto__ should be Object.prototype");
+
+if (!(new SharedArrayBuffer(100) instanceof SharedArrayBuffer))
+ throw new Error("SharedArrayBuffer should be an instance of SharedArrayBuffer");
+
+if (!(new ArrayBuffer(100) instanceof ArrayBuffer))
+ throw new Error("ArrayBuffer should be an instance of ArrayBuffer");
+
+if (new SharedArrayBuffer(100) instanceof ArrayBuffer)
+ throw new Error("SharedArrayBuffer should not be an instance of ArrayBuffer");
+
+if (new ArrayBuffer(100) instanceof SharedArrayBuffer)
+ throw new Error("ArrayBuffer should not be an instance of SharedArrayBuffer");
+
+function checkAtomics(name, count)
+{
+ if (!Atomics[name])
+ throw new Error("Missing Atomics." + name);
+ if (Atomics[name].length != count)
+ throw new Error("Atomics." + name + " should have length " + count + " but has length " + Atomics[name].length);
+}
+checkAtomics("add", 3);
+checkAtomics("and", 3);
+checkAtomics("compareExchange", 4);
+checkAtomics("exchange", 3);
+checkAtomics("isLockFree", 1);
+checkAtomics("load", 2);
+checkAtomics("or", 3);
+checkAtomics("store", 3);
+checkAtomics("sub", 3);
+checkAtomics("wait", 4);
+checkAtomics("wake", 3);
+checkAtomics("xor", 3);
+
+// These should all succeed.
+var dv = new DataView(new SharedArrayBuffer(128));
+var i8a = new Int8Array(new SharedArrayBuffer(128));
+var i16a = new Int16Array(new SharedArrayBuffer(128));
+var i32a = new Int32Array(new SharedArrayBuffer(128));
+var u8a = new Uint8Array(new SharedArrayBuffer(128));
+var u8ca = new Uint8ClampedArray(new SharedArrayBuffer(128));
+var u16a = new Uint16Array(new SharedArrayBuffer(128));
+var u32a = new Uint32Array(new SharedArrayBuffer(128));
+var f32a = new Float32Array(new SharedArrayBuffer(128));
+var f64a = new Float64Array(new SharedArrayBuffer(128));
+
+function shouldFail(f, name)
+{
+ try {
+ f();
+ } catch (e) {
+ if (e.name == name.name)
+ return;
+ throw new Error(f + " threw the wrong error: " + e);
+ }
+ throw new Error(f + " succeeded!");
+}
+
+for (bad of [void 0, null, false, true, 1, 0.5, Symbol(), {}, "hello", dv, u8ca, f32a, f64a]) {
+ shouldFail(() => Atomics.add(bad, 0, 0), TypeError);
+ shouldFail(() => Atomics.and(bad, 0, 0), TypeError);
+ shouldFail(() => Atomics.compareExchange(bad, 0, 0, 0), TypeError);
+ shouldFail(() => Atomics.exchange(bad, 0, 0), TypeError);
+ shouldFail(() => Atomics.load(bad, 0), TypeError);
+ shouldFail(() => Atomics.or(bad, 0, 0), TypeError);
+ shouldFail(() => Atomics.store(bad, 0, 0), TypeError);
+ shouldFail(() => Atomics.sub(bad, 0, 0), TypeError);
+ shouldFail(() => Atomics.xor(bad, 0, 0), TypeError);
+}
+
+for (bad of [void 0, null, false, true, 1, 0.5, Symbol(), {}, "hello", dv, i8a, i16a, u8a, u8ca, u16a, u32a, f32a, f64a]) {
+ shouldFail(() => Atomics.wait(bad, 0, 0), TypeError);
+ shouldFail(() => Atomics.wake(bad, 0, 0), TypeError);
+}
+
+for (idx of [-1, -1000000000000, 10000, 10000000000000, "hello"]) {
+ for (a of [i8a, i16a, i32a, u8a, u16a, u32a]) {
+ shouldFail(() => Atomics.add(a, idx, 0), RangeError);
+ shouldFail(() => Atomics.add(a, idx, 0), RangeError);
+ shouldFail(() => Atomics.compareExchange(a, idx, 0, 0), RangeError);
+ shouldFail(() => Atomics.exchange(a, idx, 0), RangeError);
+ shouldFail(() => Atomics.load(a, idx), RangeError);
+ shouldFail(() => Atomics.or(a, idx, 0), RangeError);
+ shouldFail(() => Atomics.store(a, idx, 0), RangeError);
+ shouldFail(() => Atomics.sub(a, idx, 0), RangeError);
+ shouldFail(() => Atomics.xor(a, idx, 0), RangeError);
+ }
+ shouldFail(() => Atomics.wait(i32a, idx, 0), RangeError);
+ shouldFail(() => Atomics.wake(i32a, idx, 0), RangeError);
+}
+
+function runAtomic(array, index, init, name, args, expectedResult, expectedOutcome)
+{
+ array[index] = init;
+ var result = Atomics[name](array, index, ...args);
+ if (result != expectedResult)
+ throw new Error("Expected Atomics." + name + "(array, " + index + ", " + args.join(", ") + ") to return " + expectedResult + " but returned " + result + " for " + Object.prototype.toString.apply(array));
+ if (array[index] !== expectedOutcome)
+ throw new Error("Expected Atomics." + name + "(array, " + index + ", " + args.join(", ") + ") to result in array[" + index + "] = " + expectedOutcome + " but got " + array[index] + " for " + Object.prototype.toString.apply(array));
+}
+
+for (a of [i8a, i16a, i32a, u8a, u16a, u32a]) {
+ runAtomic(a, 0, 13, "add", [42], 13, 55);
+ runAtomic(a, 0, 13, "and", [42], 13, 8);
+ runAtomic(a, 0, 13, "compareExchange", [25, 42], 13, 13);
+ runAtomic(a, 0, 13, "compareExchange", [13, 42], 13, 42);
+ runAtomic(a, 0, 13, "exchange", [42], 13, 42);
+ runAtomic(a, 0, 13, "load", [], 13, 13);
+ runAtomic(a, 0, 13, "or", [42], 13, 47);
+ runAtomic(a, 0, 13, "store", [42], 42, 42);
+ runAtomic(a, 0, 42, "sub", [13], 42, 29);
+ runAtomic(a, 0, 13, "xor", [42], 13, 39);
+}
+
+i32a[0] = 0;
+var result = Atomics.wait(i32a, 0, 1);
+if (result != "not-equal")
+ throw "Error: bad result from Atomics.wait: " + result;
+for (timeout of [0, 1, 10]) {
+ var result = Atomics.wait(i32a, 0, 0, timeout);
+ if (result != "timed-out")
+ throw "Error: bad result from Atomics.wait: " + result;
+}
+
</ins></span></pre></div>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/LayoutTests/ChangeLog 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,3 +1,19 @@
</span><ins>+2016-10-29 Filip Pizlo <fpizlo@apple.com>
+
+ JSC should support SharedArrayBuffer
+ https://bugs.webkit.org/show_bug.cgi?id=163986
+
+ Reviewed by Keith Miller.
+
+ Adding tests. This is a work in progress.
+
+ * workers/sab: Added.
+ * workers/sab/simple-worker-1.js: Added.
+ (onmessage):
+ * workers/sab/simple-worker-2.js: Added.
+ (onmessage):
+ * workers/sab/simple.html: Added.
+
</ins><span class="cx"> 2016-10-31 Simon Fraser <simon.fraser@apple.com>
</span><span class="cx">
</span><span class="cx"> Make UIScriptController::zoomToScale() work on Mac WK1 and WK2
</span></span></pre></div>
<a id="trunkLayoutTestsjsdomglobalconstructorsattributesdedicatedworkerexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/js/dom/global-constructors-attributes-dedicated-worker-expected.txt (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/dom/global-constructors-attributes-dedicated-worker-expected.txt 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/LayoutTests/js/dom/global-constructors-attributes-dedicated-worker-expected.txt 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -239,6 +239,11 @@
</span><span class="cx"> PASS [Worker] Object.getOwnPropertyDescriptor(global, 'Set').hasOwnProperty('set') is false
</span><span class="cx"> PASS [Worker] Object.getOwnPropertyDescriptor(global, 'Set').enumerable is false
</span><span class="cx"> PASS [Worker] Object.getOwnPropertyDescriptor(global, 'Set').configurable is true
</span><ins>+PASS [Worker] Object.getOwnPropertyDescriptor(global, 'SharedArrayBuffer').value is SharedArrayBuffer
+PASS [Worker] Object.getOwnPropertyDescriptor(global, 'SharedArrayBuffer').hasOwnProperty('get') is false
+PASS [Worker] Object.getOwnPropertyDescriptor(global, 'SharedArrayBuffer').hasOwnProperty('set') is false
+PASS [Worker] Object.getOwnPropertyDescriptor(global, 'SharedArrayBuffer').enumerable is false
+PASS [Worker] Object.getOwnPropertyDescriptor(global, 'SharedArrayBuffer').configurable is true
</ins><span class="cx"> PASS [Worker] Object.getOwnPropertyDescriptor(global, 'String').value is String
</span><span class="cx"> PASS [Worker] Object.getOwnPropertyDescriptor(global, 'String').hasOwnProperty('get') is false
</span><span class="cx"> PASS [Worker] Object.getOwnPropertyDescriptor(global, 'String').hasOwnProperty('set') is false
</span></span></pre></div>
<a id="trunkLayoutTestsplatformmacjsdomglobalconstructorsattributesexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/mac/js/dom/global-constructors-attributes-expected.txt (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/mac/js/dom/global-constructors-attributes-expected.txt 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/LayoutTests/platform/mac/js/dom/global-constructors-attributes-expected.txt 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -2058,6 +2058,11 @@
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ShadowRoot').hasOwnProperty('set') is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ShadowRoot').enumerable is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ShadowRoot').configurable is true
</span><ins>+PASS Object.getOwnPropertyDescriptor(global, 'SharedArrayBuffer').value is SharedArrayBuffer
+PASS Object.getOwnPropertyDescriptor(global, 'SharedArrayBuffer').hasOwnProperty('get') is false
+PASS Object.getOwnPropertyDescriptor(global, 'SharedArrayBuffer').hasOwnProperty('set') is false
+PASS Object.getOwnPropertyDescriptor(global, 'SharedArrayBuffer').enumerable is false
+PASS Object.getOwnPropertyDescriptor(global, 'SharedArrayBuffer').configurable is true
</ins><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'SourceBuffer').value is SourceBuffer
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'SourceBuffer').hasOwnProperty('get') is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'SourceBuffer').hasOwnProperty('set') is false
</span></span></pre></div>
<a id="trunkLayoutTestsplatformmacwk1jsdomglobalconstructorsattributesexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/mac-wk1/js/dom/global-constructors-attributes-expected.txt (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/mac-wk1/js/dom/global-constructors-attributes-expected.txt 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/LayoutTests/platform/mac-wk1/js/dom/global-constructors-attributes-expected.txt 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -2038,6 +2038,11 @@
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ShadowRoot').hasOwnProperty('set') is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ShadowRoot').enumerable is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ShadowRoot').configurable is true
</span><ins>+PASS Object.getOwnPropertyDescriptor(global, 'SharedArrayBuffer').value is SharedArrayBuffer
+PASS Object.getOwnPropertyDescriptor(global, 'SharedArrayBuffer').hasOwnProperty('get') is false
+PASS Object.getOwnPropertyDescriptor(global, 'SharedArrayBuffer').hasOwnProperty('set') is false
+PASS Object.getOwnPropertyDescriptor(global, 'SharedArrayBuffer').enumerable is false
+PASS Object.getOwnPropertyDescriptor(global, 'SharedArrayBuffer').configurable is true
</ins><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'SourceBuffer').value is SourceBuffer
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'SourceBuffer').hasOwnProperty('get') is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'SourceBuffer').hasOwnProperty('set') is false
</span></span></pre></div>
<a id="trunkLayoutTestsplatformmacyosemitejsdomglobalconstructorsattributesexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/LayoutTests/platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -2058,6 +2058,11 @@
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ShadowRoot').hasOwnProperty('set') is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ShadowRoot').enumerable is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'ShadowRoot').configurable is true
</span><ins>+PASS Object.getOwnPropertyDescriptor(global, 'SharedArrayBuffer').value is SharedArrayBuffer
+PASS Object.getOwnPropertyDescriptor(global, 'SharedArrayBuffer').hasOwnProperty('get') is false
+PASS Object.getOwnPropertyDescriptor(global, 'SharedArrayBuffer').hasOwnProperty('set') is false
+PASS Object.getOwnPropertyDescriptor(global, 'SharedArrayBuffer').enumerable is false
+PASS Object.getOwnPropertyDescriptor(global, 'SharedArrayBuffer').configurable is true
</ins><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'SourceBuffer').value is SourceBuffer
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'SourceBuffer').hasOwnProperty('get') is false
</span><span class="cx"> PASS Object.getOwnPropertyDescriptor(global, 'SourceBuffer').hasOwnProperty('set') is false
</span></span></pre></div>
<a id="trunkLayoutTestsworkerssabsimpleexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/workers/sab/simple-expected.txt (0 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/workers/sab/simple-expected.txt (rev 0)
+++ trunk/LayoutTests/workers/sab/simple-expected.txt 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -0,0 +1,3 @@
</span><ins>+All workers done!
+Test passed!
+
</ins></span></pre></div>
<a id="trunkLayoutTestsworkerssabsimpleworker1js"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/workers/sab/simple-worker-1.js (0 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/workers/sab/simple-worker-1.js (rev 0)
+++ trunk/LayoutTests/workers/sab/simple-worker-1.js 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -0,0 +1,24 @@
</span><ins>+importScripts("worker-resources.js");
+
+onmessage = function (event) {
+ var memory = event.data;
+ var didStartIdx = 0;
+ var shouldGoIdx = 1;
+ var didEndIdx = 2;
+
+ postMessage("Started!");
+ postMessage("Memory: " + memory);
+
+ wait(memory, didStartIdx, 0, 1);
+
+ postMessage("It started!");
+
+ memory[shouldGoIdx] = 1;
+ wake(memory, shouldGoIdx);
+
+ wait(memory, didEndIdx, 0, 1);
+
+ postMessage("All done!");
+ postMessage("Memory: " + memory);
+ postMessage("done");
+}
</ins></span></pre></div>
<a id="trunkLayoutTestsworkerssabsimpleworker2js"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/workers/sab/simple-worker-2.js (0 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/workers/sab/simple-worker-2.js (rev 0)
+++ trunk/LayoutTests/workers/sab/simple-worker-2.js 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -0,0 +1,22 @@
</span><ins>+importScripts("worker-resources.js");
+
+onmessage = function(event) {
+ var memory = event.data;
+ var didStartIdx = 0;
+ var shouldGoIdx = 1;
+ var didEndIdx = 2;
+
+ postMessage("Started!");
+ postMessage("Memory: " + memory);
+
+ Atomics.store(memory, didStartIdx, 1);
+ wake(memory, didStartIdx);
+
+ wait(memory, shouldGoIdx, 0, 1);
+
+ Atomics.store(memory, didEndIdx, 1);
+ wake(memory, didEndIdx, 1);
+
+ postMessage("Memory: " + memory);
+ postMessage("done");
+}
</ins></span></pre></div>
<a id="trunkLayoutTestsworkerssabsimplehtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/workers/sab/simple.html (0 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/workers/sab/simple.html (rev 0)
+++ trunk/LayoutTests/workers/sab/simple.html 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -0,0 +1,90 @@
</span><ins>+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+</head>
+<body>
+<script>
+function getOrCreate(id, tagName)
+{
+ var element = document.getElementById(id);
+ if (element)
+ return element;
+
+ element = document.createElement(tagName);
+ element.id = id;
+ var parent = document.body || document.documentElement;
+ var refNode = parent.firstChild;
+
+ parent.insertBefore(element, refNode);
+ return element;
+}
+
+function debug(msg)
+{
+ var span = document.createElement("span");
+ getOrCreate("console", "div").appendChild(span); // insert it first so XHTML knows the namespace
+ span.innerHTML = msg + '<br />';
+}
+
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+var verbose = false;
+
+var sab = new SharedArrayBuffer(100 * 4);
+
+var memory = new Int32Array(sab);
+
+var numWorkers = 0;
+function startWorker(file)
+{
+ if (verbose)
+ debug("Starting worker: " + file);
+ numWorkers++;
+ var worker = new Worker(file);
+ worker.onmessage = function(event) {
+ if (event.data == "done") {
+ if (verbose)
+ debug("Finished worker: " + file);
+ if (--numWorkers)
+ return;
+ debug("All workers done!");
+ done();
+ return;
+ }
+ if (event.data.indexOf("Error") == 0) {
+ debug("Test failed: "+ event.data);
+ if (window.testRunner)
+ testRunner.notifyDone();
+ }
+
+ if (verbose)
+ debug("Event from " + file + ": " + event.data);
+ };
+ worker.postMessage(memory, [sab]);
+}
+
+function done()
+{
+ for (var i = 0; i < 3; ++i) {
+ if (memory[i] != 1)
+ throw "Error: Bad value at memory[" + i + "]: " + memory[i];
+ }
+ for (var i = 3; i < memory.length; ++i) {
+ if (memory[i] != 0)
+ throw "Error: Bad value at memory[" + i + "]: " + memory[i];
+ }
+ debug("Test passed!");
+
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+startWorker("simple-worker-1.js");
+startWorker("simple-worker-2.js");
+
+</script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsworkerssabworkerresourcesjs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/workers/sab/worker-resources.js (0 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/workers/sab/worker-resources.js (rev 0)
+++ trunk/LayoutTests/workers/sab/worker-resources.js 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+function wait(memory, index, waitCondition, wakeCondition)
+{
+ while (memory[index] == waitCondition) {
+ var result = Atomics.wait(memory, index, waitCondition);
+ switch (result) {
+ case "not-equal":
+ case "ok":
+ break;
+ default:
+ postMessage("Error: bad result from wait: " + result);
+ postMessage("error");
+ break;
+ }
+ var value = memory[index];
+ if (value != wakeCondition) {
+ postMessage("Error: wait returned not-equal but the memory has a bad value: " + value);
+ postMessage("error");
+ }
+ }
+ var value = memory[index];
+ if (value != wakeCondition) {
+ postMessage("Error: done waiting but the memory has a bad value: " + value);
+ postMessage("error");
+ }
+}
+
+function wake(memory, index)
+{
+ var result = Atomics.wake(memory, index, 1);
+ if (result != 0 && result != 1) {
+ postMessage("Error: bad result from wake: " + result);
+ postMessage("error");
+ }
+}
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreAPIJSTypedArraycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/API/JSTypedArray.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/API/JSTypedArray.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/API/JSTypedArray.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -36,6 +36,7 @@
</span><span class="cx"> #include "JSDataView.h"
</span><span class="cx"> #include "JSGenericTypedArrayViewInlines.h"
</span><span class="cx"> #include "JSTypedArrays.h"
</span><ins>+#include "TypedArrayController.h"
</ins><span class="cx"> #include <wtf/RefPtr.h>
</span><span class="cx">
</span><span class="cx"> using namespace JSC;
</span><span class="lines">@@ -239,7 +240,7 @@
</span><span class="cx"> JSObject* object = toJS(objectRef);
</span><span class="cx">
</span><span class="cx"> if (JSArrayBufferView* typedArray = jsDynamicCast<JSArrayBufferView*>(object)) {
</span><del>- ArrayBuffer* buffer = typedArray->buffer();
</del><ins>+ ArrayBuffer* buffer = typedArray->possiblySharedBuffer();
</ins><span class="cx"> buffer->pinAndLock();
</span><span class="cx"> return buffer->data();
</span><span class="cx"> }
</span><span class="lines">@@ -283,7 +284,7 @@
</span><span class="cx"> JSObject* object = toJS(objectRef);
</span><span class="cx">
</span><span class="cx"> if (JSArrayBufferView* typedArray = jsDynamicCast<JSArrayBufferView*>(object))
</span><del>- return toRef(exec->vm().m_typedArrayController->toJS(exec, typedArray->globalObject(), typedArray->buffer()));
</del><ins>+ return toRef(exec->vm().m_typedArrayController->toJS(exec, typedArray->globalObject(), typedArray->possiblySharedBuffer()));
</ins><span class="cx">
</span><span class="cx"> return nullptr;
</span><span class="cx"> }
</span><span class="lines">@@ -298,7 +299,7 @@
</span><span class="cx"> bytesDeallocator(p, deallocatorContext);
</span><span class="cx"> });
</span><span class="cx">
</span><del>- JSArrayBuffer* jsBuffer = JSArrayBuffer::create(exec->vm(), exec->lexicalGlobalObject()->arrayBufferStructure(), WTFMove(buffer));
</del><ins>+ JSArrayBuffer* jsBuffer = JSArrayBuffer::create(exec->vm(), exec->lexicalGlobalObject()->arrayBufferStructure(ArrayBufferSharingMode::Default), WTFMove(buffer));
</ins><span class="cx"> if (handleExceptionIfNeeded(exec, exception) == ExceptionStatus::DidThrow)
</span><span class="cx"> return nullptr;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreAPItestsCompareAndSwapTestcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/API/tests/CompareAndSwapTest.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/API/tests/CompareAndSwapTest.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/API/tests/CompareAndSwapTest.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -63,7 +63,7 @@
</span><span class="cx"> oldValue = *wordPtr;
</span><span class="cx"> if (oldValue & mask)
</span><span class="cx"> return true;
</span><del>- } while (!WTF::weakCompareAndSwap(wordPtr, oldValue, static_cast<uint8_t>(oldValue | mask)));
</del><ins>+ } while (!WTF::atomicCompareExchangeWeakRelaxed(wordPtr, oldValue, static_cast<uint8_t>(oldValue | mask)));
</ins><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreCMakeListstxt"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/CMakeLists.txt (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/CMakeLists.txt 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/CMakeLists.txt 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -639,6 +639,7 @@
</span><span class="cx"> runtime/ArrayConventions.cpp
</span><span class="cx"> runtime/ArrayIteratorPrototype.cpp
</span><span class="cx"> runtime/ArrayPrototype.cpp
</span><ins>+ runtime/AtomicsObject.cpp
</ins><span class="cx"> runtime/AsyncFunctionConstructor.cpp
</span><span class="cx"> runtime/AsyncFunctionPrototype.cpp
</span><span class="cx"> runtime/BasicBlockLocation.cpp
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/ChangeLog 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,3 +1,236 @@
</span><ins>+2016-10-29 Filip Pizlo <fpizlo@apple.com>
+
+ JSC should support SharedArrayBuffer
+ https://bugs.webkit.org/show_bug.cgi?id=163986
+
+ Reviewed by Keith Miller.
+
+ This implements https://tc39.github.io/ecmascript_sharedmem/shmem.html.
+
+ There is now a new SharedArrayBuffer type. In the JS runtime, which includes typed array
+ types, the SharedArrayBuffer is a drop-in replacement for ArrayBuffer, even though they are
+ distinct types (new SharedArrayBuffer() instanceof ArrayBuffer == false and vice versa). The
+ DOM will not recognize SharedArrayBuffer, or any typed array that wraps it, to ensure safety.
+ This matches what other browsers intend to do, see
+ https://github.com/tc39/ecmascript_sharedmem/issues/38. API is provided for the DOM to opt
+ into SharedArrayBuffer. One notable place is postMessage, which will share the
+ SharedArrayBuffer's underlying data storage with other workers. This creates a pool of shared
+ memory that the workers can use to talk to each other.
+
+ There is also an Atomics object in global scope, which exposes sequentially consistent atomic
+ operations: add, and, compareExchange, exchange, load, or, store, sub, and xor. Additionally
+ it exposes a Atomics.isLockFree utility, which takes a byte amount and returns true or false.
+ Also there is Atomics.wake/wait, which neatly map to ParkingLot.
+
+ Accesses to typed arrays that wrap SharedArrayBuffer are optimized by JSC the same way as
+ always. I believe that DFG and B3 already obey the following memory model, which I believe is
+ a bit weaker than Cambridge and a bit stronger than what is being proposed for
+ SharedArrayBuffer. To predict a program's behavior under the B3 memory model, imagine the
+ space of all possible programs that would result from running an optimizer that adversarially
+ follows B3's transformation rules. B3 transformations are correct if the newly created
+ program is equivalent to the old one, assuming that any opaque effect in IR (like the reads
+ and writes of a patchpoint/call/fence) could perform any load/store that satisfies the
+ B3::Effects summary. Opaque effects are a way of describing an infinite set of programs: any
+ program that only does the effects summarized in B3::Effects belongs to the set. For example,
+ this prevents motion of operations across fences since fences are summarized as opaque
+ effects that could read or write memory. This rule alone is not enough, because it leaves the
+ door open for turning an atomic operation (like a load) into a non-atomic one (like a load
+ followed by a store of the same value back to the same location or multiple loads). This is
+ not an optimization that either our compiler or the CPU would want to do. One way to think of
+ what exactly is forbidden is that B3 transformations that mess with memory accesses can only
+ reorder them or remove them. This means that for any execution of the untransformed program,
+ the corresponding execution of the transformed program (i.e. with the same input arguments
+ and the same programs filled in for the opaque effects) must have the same loads and stores,
+ with some removed and some reordered. This is a fairly simple mental model that B3 and DFG
+ already follow and it's based on existing abstractions for the infinite set of programs
+ inside an opaque effect (DFG's AbstractHeaps and B3's Effects).
+
+ This patch makes all atomics operations intrinsic, but the DFG doesn't know about any of them
+ yet. That's covered by bug 164108.
+
+ This ought to be perf-neutral, but I am still running tests to confirm this. I'm also still
+ writing new tests to cover all of the Atomics functionality and the behavior of SAB objects.
+
+ * API/JSTypedArray.cpp:
+ (JSObjectGetTypedArrayBytesPtr):
+ (JSObjectGetTypedArrayBuffer):
+ (JSObjectMakeArrayBufferWithBytesNoCopy):
+ * API/tests/CompareAndSwapTest.cpp:
+ (Bitmap::concurrentTestAndSet):
+ * CMakeLists.txt:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGDesiredWatchpoints.cpp:
+ (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add):
+ * heap/Heap.cpp:
+ (JSC::Heap::reportExtraMemoryVisited):
+ (JSC::Heap::reportExternalMemoryVisited):
+ * jsc.cpp:
+ (functionTransferArrayBuffer):
+ * runtime/ArrayBuffer.cpp:
+ (JSC::SharedArrayBufferContents::SharedArrayBufferContents):
+ (JSC::SharedArrayBufferContents::~SharedArrayBufferContents):
+ (JSC::ArrayBufferContents::ArrayBufferContents):
+ (JSC::ArrayBufferContents::operator=):
+ (JSC::ArrayBufferContents::~ArrayBufferContents):
+ (JSC::ArrayBufferContents::clear):
+ (JSC::ArrayBufferContents::destroy):
+ (JSC::ArrayBufferContents::reset):
+ (JSC::ArrayBufferContents::tryAllocate):
+ (JSC::ArrayBufferContents::makeShared):
+ (JSC::ArrayBufferContents::transferTo):
+ (JSC::ArrayBufferContents::copyTo):
+ (JSC::ArrayBufferContents::shareWith):
+ (JSC::ArrayBuffer::create):
+ (JSC::ArrayBuffer::createAdopted):
+ (JSC::ArrayBuffer::createFromBytes):
+ (JSC::ArrayBuffer::tryCreate):
+ (JSC::ArrayBuffer::createUninitialized):
+ (JSC::ArrayBuffer::tryCreateUninitialized):
+ (JSC::ArrayBuffer::createInternal):
+ (JSC::ArrayBuffer::ArrayBuffer):
+ (JSC::ArrayBuffer::slice):
+ (JSC::ArrayBuffer::sliceImpl):
+ (JSC::ArrayBuffer::makeShared):
+ (JSC::ArrayBuffer::setSharingMode):
+ (JSC::ArrayBuffer::transferTo):
+ (JSC::ArrayBuffer::transfer): Deleted.
+ * runtime/ArrayBuffer.h:
+ (JSC::arrayBufferSharingModeName):
+ (JSC::SharedArrayBufferContents::data):
+ (JSC::ArrayBufferContents::data):
+ (JSC::ArrayBufferContents::sizeInBytes):
+ (JSC::ArrayBufferContents::isShared):
+ (JSC::ArrayBuffer::sharingMode):
+ (JSC::ArrayBuffer::isShared):
+ (JSC::ArrayBuffer::gcSizeEstimateInBytes):
+ (JSC::arrayBufferDestructorNull): Deleted.
+ (JSC::arrayBufferDestructorDefault): Deleted.
+ (JSC::ArrayBufferContents::ArrayBufferContents): Deleted.
+ (JSC::ArrayBufferContents::transfer): Deleted.
+ (JSC::ArrayBufferContents::copyTo): Deleted.
+ (JSC::ArrayBuffer::create): Deleted.
+ (JSC::ArrayBuffer::createAdopted): Deleted.
+ (JSC::ArrayBuffer::createFromBytes): Deleted.
+ (JSC::ArrayBuffer::tryCreate): Deleted.
+ (JSC::ArrayBuffer::createUninitialized): Deleted.
+ (JSC::ArrayBuffer::tryCreateUninitialized): Deleted.
+ (JSC::ArrayBuffer::createInternal): Deleted.
+ (JSC::ArrayBuffer::ArrayBuffer): Deleted.
+ (JSC::ArrayBuffer::slice): Deleted.
+ (JSC::ArrayBuffer::sliceImpl): Deleted.
+ (JSC::ArrayBufferContents::tryAllocate): Deleted.
+ (JSC::ArrayBufferContents::~ArrayBufferContents): Deleted.
+ * runtime/ArrayBufferSharingMode.h: Added.
+ * runtime/ArrayBufferView.h:
+ (JSC::ArrayBufferView::possiblySharedBuffer):
+ (JSC::ArrayBufferView::unsharedBuffer):
+ (JSC::ArrayBufferView::isShared):
+ (JSC::ArrayBufferView::buffer): Deleted.
+ * runtime/AtomicsObject.cpp: Added.
+ (JSC::AtomicsObject::AtomicsObject):
+ (JSC::AtomicsObject::create):
+ (JSC::AtomicsObject::createStructure):
+ (JSC::AtomicsObject::finishCreation):
+ (JSC::atomicsFuncAdd):
+ (JSC::atomicsFuncAnd):
+ (JSC::atomicsFuncCompareExchange):
+ (JSC::atomicsFuncExchange):
+ (JSC::atomicsFuncIsLockFree):
+ (JSC::atomicsFuncLoad):
+ (JSC::atomicsFuncOr):
+ (JSC::atomicsFuncStore):
+ (JSC::atomicsFuncSub):
+ (JSC::atomicsFuncWait):
+ (JSC::atomicsFuncWake):
+ (JSC::atomicsFuncXor):
+ * runtime/AtomicsObject.h: Added.
+ * runtime/CommonIdentifiers.h:
+ * runtime/DataView.cpp:
+ (JSC::DataView::wrap):
+ * runtime/GenericTypedArrayViewInlines.h:
+ (JSC::GenericTypedArrayView<Adaptor>::subarray):
+ * runtime/Intrinsic.h:
+ * runtime/JSArrayBuffer.cpp:
+ (JSC::JSArrayBuffer::finishCreation):
+ (JSC::JSArrayBuffer::isShared):
+ (JSC::JSArrayBuffer::sharingMode):
+ * runtime/JSArrayBuffer.h:
+ (JSC::toPossiblySharedArrayBuffer):
+ (JSC::toUnsharedArrayBuffer):
+ (JSC::JSArrayBuffer::toWrapped):
+ (JSC::toArrayBuffer): Deleted.
+ * runtime/JSArrayBufferConstructor.cpp:
+ (JSC::JSArrayBufferConstructor::JSArrayBufferConstructor):
+ (JSC::JSArrayBufferConstructor::finishCreation):
+ (JSC::JSArrayBufferConstructor::create):
+ (JSC::constructArrayBuffer):
+ * runtime/JSArrayBufferConstructor.h:
+ (JSC::JSArrayBufferConstructor::sharingMode):
+ * runtime/JSArrayBufferPrototype.cpp:
+ (JSC::arrayBufferProtoFuncSlice):
+ (JSC::JSArrayBufferPrototype::JSArrayBufferPrototype):
+ (JSC::JSArrayBufferPrototype::finishCreation):
+ (JSC::JSArrayBufferPrototype::create):
+ * runtime/JSArrayBufferPrototype.h:
+ * runtime/JSArrayBufferView.cpp:
+ (JSC::JSArrayBufferView::finishCreation):
+ (JSC::JSArrayBufferView::visitChildren):
+ (JSC::JSArrayBufferView::unsharedBuffer):
+ (JSC::JSArrayBufferView::unsharedJSBuffer):
+ (JSC::JSArrayBufferView::possiblySharedJSBuffer):
+ (JSC::JSArrayBufferView::neuter):
+ (JSC::JSArrayBufferView::toWrapped): Deleted.
+ * runtime/JSArrayBufferView.h:
+ (JSC::JSArrayBufferView::jsBuffer): Deleted.
+ * runtime/JSArrayBufferViewInlines.h:
+ (JSC::JSArrayBufferView::isShared):
+ (JSC::JSArrayBufferView::possiblySharedBuffer):
+ (JSC::JSArrayBufferView::possiblySharedImpl):
+ (JSC::JSArrayBufferView::unsharedImpl):
+ (JSC::JSArrayBufferView::byteOffset):
+ (JSC::JSArrayBufferView::toWrapped):
+ (JSC::JSArrayBufferView::buffer): Deleted.
+ (JSC::JSArrayBufferView::impl): Deleted.
+ (JSC::JSArrayBufferView::neuter): Deleted.
+ * runtime/JSDataView.cpp:
+ (JSC::JSDataView::possiblySharedTypedImpl):
+ (JSC::JSDataView::unsharedTypedImpl):
+ (JSC::JSDataView::getTypedArrayImpl):
+ (JSC::JSDataView::typedImpl): Deleted.
+ * runtime/JSDataView.h:
+ (JSC::JSDataView::possiblySharedBuffer):
+ (JSC::JSDataView::unsharedBuffer):
+ (JSC::JSDataView::buffer): Deleted.
+ * runtime/JSDataViewPrototype.cpp:
+ (JSC::dataViewProtoGetterBuffer):
+ * runtime/JSGenericTypedArrayView.h:
+ (JSC::toPossiblySharedNativeTypedView):
+ (JSC::toUnsharedNativeTypedView):
+ (JSC::JSGenericTypedArrayView<Adaptor>::toWrapped):
+ (JSC::JSGenericTypedArrayView::typedImpl): Deleted.
+ (JSC::toNativeTypedView): Deleted.
+ * runtime/JSGenericTypedArrayViewInlines.h:
+ (JSC::JSGenericTypedArrayView<Adaptor>::create):
+ (JSC::JSGenericTypedArrayView<Adaptor>::possiblySharedTypedImpl):
+ (JSC::JSGenericTypedArrayView<Adaptor>::unsharedTypedImpl):
+ (JSC::JSGenericTypedArrayView<Adaptor>::getTypedArrayImpl):
+ * runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
+ (JSC::genericTypedArrayViewProtoGetterFuncBuffer):
+ (JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::createAtomicsProperty):
+ (JSC::JSGlobalObject::init):
+ (JSC::JSGlobalObject::visitChildren):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::arrayBufferPrototype):
+ (JSC::JSGlobalObject::arrayBufferStructure):
+ * runtime/MathObject.cpp:
+ * runtime/RuntimeFlags.h:
+ * runtime/SimpleTypedArrayController.cpp:
+ (JSC::SimpleTypedArrayController::toJS):
+ * runtime/TypedArrayType.h:
+ (JSC::typedArrayTypeForType):
+
</ins><span class="cx"> 2016-10-31 Saam Barati <sbarati@apple.com>
</span><span class="cx">
</span><span class="cx"> We should be able to eliminate rest parameter allocations
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -285,6 +285,7 @@
</span><span class="cx"> 0F300B7B18AB1B1400A6D72E /* DFGIntegerCheckCombiningPhase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F300B7918AB1B1400A6D72E /* DFGIntegerCheckCombiningPhase.cpp */; };
</span><span class="cx"> 0F300B7C18AB1B1400A6D72E /* DFGIntegerCheckCombiningPhase.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F300B7A18AB1B1400A6D72E /* DFGIntegerCheckCombiningPhase.h */; };
</span><span class="cx"> 0F30D7C01D95D6320053089D /* CPU.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F30D7BF1D95D62F0053089D /* CPU.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><ins>+ 0F30FB611DC2DE99003124F2 /* ArrayBufferSharingMode.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F30FB601DC2DE96003124F2 /* ArrayBufferSharingMode.h */; settings = {ATTRIBUTES = (Private, ); }; };
</ins><span class="cx"> 0F32BD101BB34F190093A57F /* HeapHelperPool.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F32BD0E1BB34F190093A57F /* HeapHelperPool.cpp */; };
</span><span class="cx"> 0F32BD111BB34F190093A57F /* HeapHelperPool.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F32BD0F1BB34F190093A57F /* HeapHelperPool.h */; };
</span><span class="cx"> 0F338DF11BE93AD10013C88F /* B3StackmapValue.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F338DEF1BE93AD10013C88F /* B3StackmapValue.cpp */; };
</span><span class="lines">@@ -504,6 +505,8 @@
</span><span class="cx"> 0F7C39FF1C90C55B00480151 /* DFGOpInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F7C39FE1C90C55B00480151 /* DFGOpInfo.h */; };
</span><span class="cx"> 0F7C5FB81D888A0C0044F5E2 /* MarkedBlockInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F7C5FB71D888A010044F5E2 /* MarkedBlockInlines.h */; };
</span><span class="cx"> 0F7C5FBA1D8895070044F5E2 /* MarkedSpaceInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F7C5FB91D8895050044F5E2 /* MarkedSpaceInlines.h */; };
</span><ins>+ 0F7CF9561DC1258D0098CC12 /* AtomicsObject.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F7CF9541DC1258B0098CC12 /* AtomicsObject.cpp */; };
+ 0F7CF9571DC125900098CC12 /* AtomicsObject.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F7CF9551DC1258B0098CC12 /* AtomicsObject.h */; };
</ins><span class="cx"> 0F7F988B1D9596C500F4F12E /* DFGStoreBarrierClusteringPhase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F7F98891D9596C300F4F12E /* DFGStoreBarrierClusteringPhase.cpp */; };
</span><span class="cx"> 0F7F988C1D9596C800F4F12E /* DFGStoreBarrierClusteringPhase.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F7F988A1D9596C300F4F12E /* DFGStoreBarrierClusteringPhase.h */; };
</span><span class="cx"> 0F8023EA1613832B00A0BA45 /* ByValInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F8023E91613832300A0BA45 /* ByValInfo.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="lines">@@ -2640,6 +2643,7 @@
</span><span class="cx"> 0F300B7918AB1B1400A6D72E /* DFGIntegerCheckCombiningPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGIntegerCheckCombiningPhase.cpp; path = dfg/DFGIntegerCheckCombiningPhase.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0F300B7A18AB1B1400A6D72E /* DFGIntegerCheckCombiningPhase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGIntegerCheckCombiningPhase.h; path = dfg/DFGIntegerCheckCombiningPhase.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F30D7BF1D95D62F0053089D /* CPU.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CPU.h; sourceTree = "<group>"; };
</span><ins>+ 0F30FB601DC2DE96003124F2 /* ArrayBufferSharingMode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ArrayBufferSharingMode.h; sourceTree = "<group>"; };
</ins><span class="cx"> 0F32BD0E1BB34F190093A57F /* HeapHelperPool.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = HeapHelperPool.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0F32BD0F1BB34F190093A57F /* HeapHelperPool.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = HeapHelperPool.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F338DEF1BE93AD10013C88F /* B3StackmapValue.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = B3StackmapValue.cpp; path = b3/B3StackmapValue.cpp; sourceTree = "<group>"; };
</span><span class="lines">@@ -2857,6 +2861,8 @@
</span><span class="cx"> 0F7C39FE1C90C55B00480151 /* DFGOpInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGOpInfo.h; path = dfg/DFGOpInfo.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F7C5FB71D888A010044F5E2 /* MarkedBlockInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MarkedBlockInlines.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F7C5FB91D8895050044F5E2 /* MarkedSpaceInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MarkedSpaceInlines.h; sourceTree = "<group>"; };
</span><ins>+ 0F7CF9541DC1258B0098CC12 /* AtomicsObject.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AtomicsObject.cpp; sourceTree = "<group>"; };
+ 0F7CF9551DC1258B0098CC12 /* AtomicsObject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AtomicsObject.h; sourceTree = "<group>"; };
</ins><span class="cx"> 0F7F98891D9596C300F4F12E /* DFGStoreBarrierClusteringPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGStoreBarrierClusteringPhase.cpp; path = dfg/DFGStoreBarrierClusteringPhase.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0F7F988A1D9596C300F4F12E /* DFGStoreBarrierClusteringPhase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGStoreBarrierClusteringPhase.h; path = dfg/DFGStoreBarrierClusteringPhase.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F8023E91613832300A0BA45 /* ByValInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ByValInfo.h; sourceTree = "<group>"; };
</span><span class="lines">@@ -5954,6 +5960,7 @@
</span><span class="cx"> A7A8AF2617ADB5F3005AB174 /* ArrayBuffer.h */,
</span><span class="cx"> 0FFC99D2184EE318009C10AB /* ArrayBufferNeuteringWatchpoint.cpp */,
</span><span class="cx"> 0FFC99D3184EE318009C10AB /* ArrayBufferNeuteringWatchpoint.h */,
</span><ins>+ 0F30FB601DC2DE96003124F2 /* ArrayBufferSharingMode.h */,
</ins><span class="cx"> A7A8AF2717ADB5F3005AB174 /* ArrayBufferView.cpp */,
</span><span class="cx"> A7A8AF2817ADB5F3005AB174 /* ArrayBufferView.h */,
</span><span class="cx"> BC7952060E15E8A800A898AB /* ArrayConstructor.cpp */,
</span><span class="lines">@@ -5965,6 +5972,8 @@
</span><span class="cx"> F692A84D0255597D01FF60F7 /* ArrayPrototype.cpp */,
</span><span class="cx"> F692A84E0255597D01FF60F7 /* ArrayPrototype.h */,
</span><span class="cx"> 0FB7F38A15ED8E3800F167B2 /* ArrayStorage.h */,
</span><ins>+ 0F7CF9541DC1258B0098CC12 /* AtomicsObject.cpp */,
+ 0F7CF9551DC1258B0098CC12 /* AtomicsObject.h */,
</ins><span class="cx"> 5B70CFDD1DB69E5C00EC23F9 /* AsyncFunctionConstructor.cpp */,
</span><span class="cx"> 5B70CFDC1DB69E5C00EC23F9 /* AsyncFunctionConstructor.h */,
</span><span class="cx"> 5B70CFDB1DB69E5C00EC23F9 /* AsyncFunctionPrototype.cpp */,
</span><span class="lines">@@ -6402,7 +6411,6 @@
</span><span class="cx"> 0F7C39FC1C8F659500480151 /* RegExpObjectInlines.h */,
</span><span class="cx"> BCD202BF0E1706A7002C7E82 /* RegExpPrototype.cpp */,
</span><span class="cx"> BCD202C00E1706A7002C7E82 /* RegExpPrototype.h */,
</span><del>- 0FB7F39115ED8E3800F167B2 /* TypeError.h */,
</del><span class="cx"> 70B0A9D01A9B66200001306A /* RuntimeFlags.h */,
</span><span class="cx"> 527773DD1AAF83AC00BDE7E8 /* RuntimeType.cpp */,
</span><span class="cx"> 52C0611D1AA51E1B00B4ADBA /* RuntimeType.h */,
</span><span class="lines">@@ -6483,6 +6491,7 @@
</span><span class="cx"> 0F2B66DB17B6B5AB00A7AE3F /* TypedArrays.h */,
</span><span class="cx"> 0F2B66DC17B6B5AB00A7AE3F /* TypedArrayType.cpp */,
</span><span class="cx"> 0F2B66DD17B6B5AB00A7AE3F /* TypedArrayType.h */,
</span><ins>+ 0FB7F39115ED8E3800F167B2 /* TypeError.h */,
</ins><span class="cx"> 52B310FE1975B4240080857C /* TypeLocationCache.cpp */,
</span><span class="cx"> 52B311001975B4670080857C /* TypeLocationCache.h */,
</span><span class="cx"> 0FFB6C361AF48DDC00DB1BF7 /* TypeofType.cpp */,
</span><span class="lines">@@ -7574,6 +7583,7 @@
</span><span class="cx"> 0FB7F39515ED8E4600F167B2 /* ArrayConventions.h in Headers */,
</span><span class="cx"> A5311C361C77CEC500E6B1B6 /* HeapSnapshotBuilder.h in Headers */,
</span><span class="cx"> A7BDAEC917F4EA1400F6140C /* ArrayIteratorPrototype.h in Headers */,
</span><ins>+ 0F7CF9571DC125900098CC12 /* AtomicsObject.h in Headers */,
</ins><span class="cx"> 996B73181BDA068000331B84 /* ArrayIteratorPrototype.lut.h in Headers */,
</span><span class="cx"> 0F63945515D07057006A597C /* ArrayProfile.h in Headers */,
</span><span class="cx"> BC18C3E70E16F5CD00B34460 /* ArrayPrototype.h in Headers */,
</span><span class="lines">@@ -8630,6 +8640,7 @@
</span><span class="cx"> A5FD0068189AFE9C00633231 /* ScriptArguments.h in Headers */,
</span><span class="cx"> A503FA21188EFF6800110F14 /* ScriptBreakpoint.h in Headers */,
</span><span class="cx"> A5FD006E189B00AA00633231 /* ScriptCallFrame.h in Headers */,
</span><ins>+ 0F30FB611DC2DE99003124F2 /* ArrayBufferSharingMode.h in Headers */,
</ins><span class="cx"> A5FD0070189B00AA00633231 /* ScriptCallStack.h in Headers */,
</span><span class="cx"> A5FD007E189B0B4C00633231 /* ScriptCallStackFactory.h in Headers */,
</span><span class="cx"> A503FA22188EFF6800110F14 /* ScriptDebugListener.h in Headers */,
</span><span class="lines">@@ -10115,6 +10126,7 @@
</span><span class="cx"> 147341E71DC2CE9600AA29BA /* ScriptExecutable.cpp in Sources */,
</span><span class="cx"> 0F2B670717B6B5AB00A7AE3F /* TypedArrayController.cpp in Sources */,
</span><span class="cx"> 0F2B670A17B6B5AB00A7AE3F /* TypedArrayType.cpp in Sources */,
</span><ins>+ 0F7CF9561DC1258D0098CC12 /* AtomicsObject.cpp in Sources */,
</ins><span class="cx"> 52B310FF1975B4240080857C /* TypeLocationCache.cpp in Sources */,
</span><span class="cx"> 0FFB6C381AF48DDC00DB1BF7 /* TypeofType.cpp in Sources */,
</span><span class="cx"> 52C952B919A28A1C0069B386 /* TypeProfiler.cpp in Sources */,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -2529,7 +2529,7 @@
</span><span class="cx">
</span><span class="cx"> void CodeBlock::visitWeakly(SlotVisitor& visitor)
</span><span class="cx"> {
</span><del>- bool setByMe = m_visitWeaklyHasBeenCalled.compareExchangeStrong(false, true);
</del><ins>+ bool setByMe = !m_visitWeaklyHasBeenCalled.compareExchangeStrong(false, true);
</ins><span class="cx"> if (!setByMe)
</span><span class="cx"> return;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGDesiredWatchpointscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGDesiredWatchpoints.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGDesiredWatchpoints.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/dfg/DFGDesiredWatchpoints.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013-2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -42,7 +42,9 @@
</span><span class="cx"> ArrayBufferNeuteringWatchpoint::create(*codeBlock->vm());
</span><span class="cx"> neuteringWatchpoint->set()->add(watchpoint);
</span><span class="cx"> codeBlock->addConstant(neuteringWatchpoint);
</span><del>- codeBlock->vm()->heap.addReference(neuteringWatchpoint, view->buffer());
</del><ins>+ // FIXME: We don't need to set this watchpoint at all for shared buffers.
+ // https://bugs.webkit.org/show_bug.cgi?id=164108
+ codeBlock->vm()->heap.addReference(neuteringWatchpoint, view->possiblySharedBuffer());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void InferredValueAdaptor::add(
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapHeapcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/Heap.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/Heap.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/heap/Heap.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1574,7 +1574,7 @@
</span><span class="cx">
</span><span class="cx"> for (;;) {
</span><span class="cx"> size_t oldSize = *counter;
</span><del>- if (WTF::weakCompareAndSwap(counter, oldSize, oldSize + size))
</del><ins>+ if (WTF::atomicCompareExchangeWeakRelaxed(counter, oldSize, oldSize + size))
</ins><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="lines">@@ -1590,7 +1590,7 @@
</span><span class="cx">
</span><span class="cx"> for (;;) {
</span><span class="cx"> size_t oldSize = *counter;
</span><del>- if (WTF::weakCompareAndSwap(counter, oldSize, oldSize + size))
</del><ins>+ if (WTF::atomicCompareExchangeWeakRelaxed(counter, oldSize, oldSize + size))
</ins><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapLargeAllocationh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/LargeAllocation.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/LargeAllocation.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/heap/LargeAllocation.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -114,7 +114,7 @@
</span><span class="cx"> // traffic.
</span><span class="cx"> if (isMarked())
</span><span class="cx"> return true;
</span><del>- return !m_isMarked.compareExchangeStrong(false, true);
</del><ins>+ return m_isMarked.compareExchangeStrong(false, true);
</ins><span class="cx"> }
</span><span class="cx"> ALWAYS_INLINE bool testAndSetMarked(HeapCell*) { return testAndSetMarked(); }
</span><span class="cx"> void clearMarked() { m_isMarked.store(false); }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejsccpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jsc.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jsc.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/jsc.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -2056,7 +2056,7 @@
</span><span class="cx"> return JSValue::encode(throwException(exec, scope, createError(exec, ASCIILiteral("Expected an array buffer"))));
</span><span class="cx">
</span><span class="cx"> ArrayBufferContents dummyContents;
</span><del>- buffer->impl()->transfer(dummyContents);
</del><ins>+ buffer->impl()->transferTo(dummyContents);
</ins><span class="cx">
</span><span class="cx"> return JSValue::encode(jsUndefined());
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeArrayBuffercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ArrayBuffer.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ArrayBuffer.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/ArrayBuffer.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2009, 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2009, 2013, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -32,8 +32,260 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><del>-bool ArrayBuffer::transfer(ArrayBufferContents& result)
</del><ins>+SharedArrayBufferContents::SharedArrayBufferContents(void* data, ArrayBufferDestructorFunction&& destructor)
+ : m_data(data)
+ , m_destructor(WTFMove(destructor))
</ins><span class="cx"> {
</span><ins>+}
+
+SharedArrayBufferContents::~SharedArrayBufferContents()
+{
+ m_destructor(m_data);
+}
+
+ArrayBufferContents::ArrayBufferContents()
+{
+ reset();
+}
+
+ArrayBufferContents::ArrayBufferContents(ArrayBufferContents&& other)
+{
+ reset();
+ other.transferTo(*this);
+}
+
+ArrayBufferContents::ArrayBufferContents(void* data, unsigned sizeInBytes, ArrayBufferDestructorFunction&& destructor)
+ : m_data(data)
+ , m_sizeInBytes(sizeInBytes)
+{
+ m_destructor = WTFMove(destructor);
+}
+
+ArrayBufferContents& ArrayBufferContents::operator=(ArrayBufferContents&& other)
+{
+ other.transferTo(*this);
+ return *this;
+}
+
+ArrayBufferContents::~ArrayBufferContents()
+{
+ destroy();
+}
+
+void ArrayBufferContents::clear()
+{
+ destroy();
+ reset();
+}
+
+void ArrayBufferContents::destroy()
+{
+ m_destructor(m_data);
+}
+
+void ArrayBufferContents::reset()
+{
+ m_destructor = [] (void*) { };
+ m_shared = nullptr;
+ m_data = nullptr;
+ m_sizeInBytes = 0;
+}
+
+void ArrayBufferContents::tryAllocate(unsigned numElements, unsigned elementByteSize, InitializationPolicy policy)
+{
+ // Do not allow 31-bit overflow of the total size.
+ if (numElements) {
+ unsigned totalSize = numElements * elementByteSize;
+ if (totalSize / numElements != elementByteSize
+ || totalSize > static_cast<unsigned>(std::numeric_limits<int32_t>::max())) {
+ reset();
+ return;
+ }
+ }
+ bool allocationSucceeded = false;
+ if (policy == ZeroInitialize)
+ allocationSucceeded = WTF::tryFastCalloc(numElements, elementByteSize).getValue(m_data);
+ else {
+ ASSERT(policy == DontInitialize);
+ allocationSucceeded = WTF::tryFastMalloc(numElements * elementByteSize).getValue(m_data);
+ }
+
+ if (allocationSucceeded) {
+ m_sizeInBytes = numElements * elementByteSize;
+ m_destructor = [] (void* p) { fastFree(p); };
+ return;
+ }
+ reset();
+}
+
+void ArrayBufferContents::makeShared()
+{
+ m_shared = adoptRef(new SharedArrayBufferContents(m_data, WTFMove(m_destructor)));
+ m_destructor = [] (void*) { };
+}
+
+void ArrayBufferContents::transferTo(ArrayBufferContents& other)
+{
+ other.clear();
+ other.m_data = m_data;
+ other.m_sizeInBytes = m_sizeInBytes;
+ other.m_destructor = WTFMove(m_destructor);
+ other.m_shared = m_shared;
+ clear();
+}
+
+void ArrayBufferContents::copyTo(ArrayBufferContents& other)
+{
+ ASSERT(!other.m_data);
+ other.tryAllocate(m_sizeInBytes, sizeof(char), ArrayBufferContents::DontInitialize);
+ if (!other.m_data)
+ return;
+ memcpy(other.m_data, m_data, m_sizeInBytes);
+ other.m_sizeInBytes = m_sizeInBytes;
+}
+
+void ArrayBufferContents::shareWith(ArrayBufferContents& other)
+{
+ ASSERT(!other.m_data);
+ ASSERT(m_shared);
+ other.m_destructor = [] (void*) { };
+ other.m_shared = m_shared;
+ other.m_data = m_data;
+ other.m_sizeInBytes = m_sizeInBytes;
+}
+
+Ref<ArrayBuffer> ArrayBuffer::create(unsigned numElements, unsigned elementByteSize)
+{
+ auto buffer = tryCreate(numElements, elementByteSize);
+ if (!buffer)
+ CRASH();
+ return buffer.releaseNonNull();
+}
+
+Ref<ArrayBuffer> ArrayBuffer::create(ArrayBuffer& other)
+{
+ return ArrayBuffer::create(other.data(), other.byteLength());
+}
+
+Ref<ArrayBuffer> ArrayBuffer::create(const void* source, unsigned byteLength)
+{
+ auto buffer = tryCreate(source, byteLength);
+ if (!buffer)
+ CRASH();
+ return buffer.releaseNonNull();
+}
+
+Ref<ArrayBuffer> ArrayBuffer::create(ArrayBufferContents&& contents)
+{
+ return adoptRef(*new ArrayBuffer(WTFMove(contents)));
+}
+
+Ref<ArrayBuffer> ArrayBuffer::createAdopted(const void* data, unsigned byteLength)
+{
+ return createFromBytes(data, byteLength, [] (void* p) { fastFree(p); });
+}
+
+Ref<ArrayBuffer> ArrayBuffer::createFromBytes(const void* data, unsigned byteLength, ArrayBufferDestructorFunction&& destructor)
+{
+ ArrayBufferContents contents(const_cast<void*>(data), byteLength, WTFMove(destructor));
+ return create(WTFMove(contents));
+}
+
+RefPtr<ArrayBuffer> ArrayBuffer::tryCreate(unsigned numElements, unsigned elementByteSize)
+{
+ return tryCreate(numElements, elementByteSize, ArrayBufferContents::ZeroInitialize);
+}
+
+RefPtr<ArrayBuffer> ArrayBuffer::tryCreate(ArrayBuffer& other)
+{
+ return tryCreate(other.data(), other.byteLength());
+}
+
+RefPtr<ArrayBuffer> ArrayBuffer::tryCreate(const void* source, unsigned byteLength)
+{
+ ArrayBufferContents contents;
+ contents.tryAllocate(byteLength, 1, ArrayBufferContents::ZeroInitialize);
+ if (!contents.m_data)
+ return nullptr;
+ return createInternal(WTFMove(contents), source, byteLength);
+}
+
+Ref<ArrayBuffer> ArrayBuffer::createUninitialized(unsigned numElements, unsigned elementByteSize)
+{
+ return create(numElements, elementByteSize, ArrayBufferContents::DontInitialize);
+}
+
+RefPtr<ArrayBuffer> ArrayBuffer::tryCreateUninitialized(unsigned numElements, unsigned elementByteSize)
+{
+ return tryCreate(numElements, elementByteSize, ArrayBufferContents::DontInitialize);
+}
+
+Ref<ArrayBuffer> ArrayBuffer::create(unsigned numElements, unsigned elementByteSize, ArrayBufferContents::InitializationPolicy policy)
+{
+ auto buffer = tryCreate(numElements, elementByteSize, policy);
+ if (!buffer)
+ CRASH();
+ return buffer.releaseNonNull();
+}
+
+Ref<ArrayBuffer> ArrayBuffer::createInternal(ArrayBufferContents&& contents, const void* source, unsigned byteLength)
+{
+ ASSERT(!byteLength || source);
+ auto buffer = adoptRef(*new ArrayBuffer(WTFMove(contents)));
+ memcpy(buffer->data(), source, byteLength);
+ return buffer;
+}
+
+RefPtr<ArrayBuffer> ArrayBuffer::tryCreate(unsigned numElements, unsigned elementByteSize, ArrayBufferContents::InitializationPolicy policy)
+{
+ ArrayBufferContents contents;
+ contents.tryAllocate(numElements, elementByteSize, policy);
+ if (!contents.m_data)
+ return nullptr;
+ return adoptRef(*new ArrayBuffer(WTFMove(contents)));
+}
+
+ArrayBuffer::ArrayBuffer(ArrayBufferContents&& contents)
+ : m_contents(WTFMove(contents))
+ , m_pinCount(0)
+ , m_locked(false)
+{
+}
+
+RefPtr<ArrayBuffer> ArrayBuffer::slice(int begin, int end) const
+{
+ return sliceImpl(clampIndex(begin), clampIndex(end));
+}
+
+RefPtr<ArrayBuffer> ArrayBuffer::slice(int begin) const
+{
+ return sliceImpl(clampIndex(begin), byteLength());
+}
+
+RefPtr<ArrayBuffer> ArrayBuffer::sliceImpl(unsigned begin, unsigned end) const
+{
+ unsigned size = begin <= end ? end - begin : 0;
+ RefPtr<ArrayBuffer> result = ArrayBuffer::create(static_cast<const char*>(data()) + begin, size);
+ result->setSharingMode(sharingMode());
+ return result;
+}
+
+void ArrayBuffer::makeShared()
+{
+ m_contents.makeShared();
+}
+
+void ArrayBuffer::setSharingMode(ArrayBufferSharingMode newSharingMode)
+{
+ if (newSharingMode == sharingMode())
+ return;
+ RELEASE_ASSERT(!isShared()); // Cannot revert sharing.
+ RELEASE_ASSERT(newSharingMode == ArrayBufferSharingMode::Shared);
+ makeShared();
+}
+
+bool ArrayBuffer::transferTo(ArrayBufferContents& result)
+{
</ins><span class="cx"> Ref<ArrayBuffer> protect(*this);
</span><span class="cx">
</span><span class="cx"> if (!m_contents.m_data) {
</span><span class="lines">@@ -40,6 +292,11 @@
</span><span class="cx"> result.m_data = 0;
</span><span class="cx"> return false;
</span><span class="cx"> }
</span><ins>+
+ if (isShared()) {
+ m_contents.shareWith(result);
+ return true;
+ }
</ins><span class="cx">
</span><span class="cx"> bool isNeuterable = !m_pinCount && !m_locked;
</span><span class="cx">
</span><span class="lines">@@ -50,7 +307,7 @@
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- m_contents.transfer(result);
</del><ins>+ m_contents.transferTo(result);
</ins><span class="cx"> for (size_t i = numberOfIncomingReferences(); i--;) {
</span><span class="cx"> JSCell* cell = incomingReferenceAt(i);
</span><span class="cx"> if (JSArrayBufferView* view = jsDynamicCast<JSArrayBufferView*>(cell))
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeArrayBufferh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ArrayBuffer.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ArrayBuffer.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/ArrayBuffer.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -25,10 +25,12 @@
</span><span class="cx">
</span><span class="cx"> #pragma once
</span><span class="cx">
</span><ins>+#include "ArrayBufferSharingMode.h"
</ins><span class="cx"> #include "GCIncomingRefCounted.h"
</span><span class="cx"> #include "Weak.h"
</span><del>-#include <functional>
</del><ins>+#include <wtf/Function.h>
</ins><span class="cx"> #include <wtf/StdLibExtras.h>
</span><ins>+#include <wtf/ThreadSafeRefCounted.h>
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="lines">@@ -36,31 +38,42 @@
</span><span class="cx"> class ArrayBufferView;
</span><span class="cx"> class JSArrayBuffer;
</span><span class="cx">
</span><del>-typedef std::function<void(void*)> ArrayBufferDestructorFunction;
-static void arrayBufferDestructorNull(void*) { }
-static void arrayBufferDestructorDefault(void* p) { fastFree(p); }
</del><ins>+typedef Function<void(void*)> ArrayBufferDestructorFunction;
</ins><span class="cx">
</span><ins>+class SharedArrayBufferContents : public ThreadSafeRefCounted<SharedArrayBufferContents> {
+public:
+ SharedArrayBufferContents(void* data, ArrayBufferDestructorFunction&&);
+ ~SharedArrayBufferContents();
+
+ void* data() const { return m_data; }
+
+private:
+ void* m_data;
+ ArrayBufferDestructorFunction m_destructor;
+};
+
</ins><span class="cx"> class ArrayBufferContents {
</span><span class="cx"> WTF_MAKE_NONCOPYABLE(ArrayBufferContents);
</span><span class="cx"> public:
</span><del>- ArrayBufferContents()
- : m_destructor(arrayBufferDestructorNull)
- , m_data(nullptr)
- , m_sizeInBytes(0)
- { }
</del><ins>+ JS_EXPORT_PRIVATE ArrayBufferContents();
+
+ JS_EXPORT_PRIVATE ArrayBufferContents(ArrayBufferContents&&);
+ JS_EXPORT_PRIVATE ArrayBufferContents& operator=(ArrayBufferContents&&);
</ins><span class="cx">
</span><del>- inline ~ArrayBufferContents();
</del><ins>+ JS_EXPORT_PRIVATE ~ArrayBufferContents();
</ins><span class="cx">
</span><del>- void* data() { return m_data; }
- unsigned sizeInBytes() { return m_sizeInBytes; }
</del><ins>+ JS_EXPORT_PRIVATE void clear();
+
+ void* data() const { return m_data; }
+ unsigned sizeInBytes() const { return m_sizeInBytes; }
+
+ bool isShared() const { return m_shared; }
</ins><span class="cx">
</span><span class="cx"> private:
</span><del>- ArrayBufferContents(void* data, unsigned sizeInBytes, ArrayBufferDestructorFunction&& destructor)
- : m_data(data)
- , m_sizeInBytes(sizeInBytes)
- {
- m_destructor = WTFMove(destructor);
- }
</del><ins>+ ArrayBufferContents(void* data, unsigned sizeInBytes, ArrayBufferDestructorFunction&&);
+
+ void destroy();
+ void reset();
</ins><span class="cx">
</span><span class="cx"> friend class ArrayBuffer;
</span><span class="cx">
</span><span class="lines">@@ -69,26 +82,15 @@
</span><span class="cx"> DontInitialize
</span><span class="cx"> };
</span><span class="cx">
</span><del>- static inline void tryAllocate(unsigned numElements, unsigned elementByteSize, InitializationPolicy, ArrayBufferContents&);
- void transfer(ArrayBufferContents& other)
- {
- ASSERT(!other.m_data);
- std::swap(m_data, other.m_data);
- std::swap(m_sizeInBytes, other.m_sizeInBytes);
- std::swap(m_destructor, other.m_destructor);
- }
</del><ins>+ void tryAllocate(unsigned numElements, unsigned elementByteSize, InitializationPolicy);
+
+ void makeShared();
+ void transferTo(ArrayBufferContents&);
+ void copyTo(ArrayBufferContents&);
+ void shareWith(ArrayBufferContents&);
</ins><span class="cx">
</span><del>- void copyTo(ArrayBufferContents& other)
- {
- ASSERT(!other.m_data);
- ArrayBufferContents::tryAllocate(m_sizeInBytes, sizeof(char), ArrayBufferContents::DontInitialize, other);
- if (!other.m_data)
- return;
- memcpy(other.m_data, m_data, m_sizeInBytes);
- other.m_sizeInBytes = m_sizeInBytes;
- }
-
</del><span class="cx"> ArrayBufferDestructorFunction m_destructor;
</span><ins>+ RefPtr<SharedArrayBufferContents> m_shared;
</ins><span class="cx"> void* m_data;
</span><span class="cx"> unsigned m_sizeInBytes;
</span><span class="cx"> };
</span><span class="lines">@@ -95,34 +97,39 @@
</span><span class="cx">
</span><span class="cx"> class ArrayBuffer : public GCIncomingRefCounted<ArrayBuffer> {
</span><span class="cx"> public:
</span><del>- static inline Ref<ArrayBuffer> create(unsigned numElements, unsigned elementByteSize);
- static inline Ref<ArrayBuffer> create(ArrayBuffer&);
- static inline Ref<ArrayBuffer> create(const void* source, unsigned byteLength);
- static inline Ref<ArrayBuffer> create(ArrayBufferContents&);
- static inline Ref<ArrayBuffer> createAdopted(const void* data, unsigned byteLength);
- static inline Ref<ArrayBuffer> createFromBytes(const void* data, unsigned byteLength, ArrayBufferDestructorFunction&&);
- static inline RefPtr<ArrayBuffer> tryCreate(unsigned numElements, unsigned elementByteSize);
- static inline RefPtr<ArrayBuffer> tryCreate(ArrayBuffer&);
- static inline RefPtr<ArrayBuffer> tryCreate(const void* source, unsigned byteLength);
</del><ins>+ JS_EXPORT_PRIVATE static Ref<ArrayBuffer> create(unsigned numElements, unsigned elementByteSize);
+ JS_EXPORT_PRIVATE static Ref<ArrayBuffer> create(ArrayBuffer&);
+ JS_EXPORT_PRIVATE static Ref<ArrayBuffer> create(const void* source, unsigned byteLength);
+ JS_EXPORT_PRIVATE static Ref<ArrayBuffer> create(ArrayBufferContents&&);
+ JS_EXPORT_PRIVATE static Ref<ArrayBuffer> createAdopted(const void* data, unsigned byteLength);
+ JS_EXPORT_PRIVATE static Ref<ArrayBuffer> createFromBytes(const void* data, unsigned byteLength, ArrayBufferDestructorFunction&&);
+ JS_EXPORT_PRIVATE static RefPtr<ArrayBuffer> tryCreate(unsigned numElements, unsigned elementByteSize);
+ JS_EXPORT_PRIVATE static RefPtr<ArrayBuffer> tryCreate(ArrayBuffer&);
+ JS_EXPORT_PRIVATE static RefPtr<ArrayBuffer> tryCreate(const void* source, unsigned byteLength);
</ins><span class="cx">
</span><span class="cx"> // Only for use by Uint8ClampedArray::createUninitialized and SharedBuffer::createArrayBuffer.
</span><del>- static inline Ref<ArrayBuffer> createUninitialized(unsigned numElements, unsigned elementByteSize);
- static inline RefPtr<ArrayBuffer> tryCreateUninitialized(unsigned numElements, unsigned elementByteSize);
</del><ins>+ JS_EXPORT_PRIVATE static Ref<ArrayBuffer> createUninitialized(unsigned numElements, unsigned elementByteSize);
+ JS_EXPORT_PRIVATE static RefPtr<ArrayBuffer> tryCreateUninitialized(unsigned numElements, unsigned elementByteSize);
</ins><span class="cx">
</span><span class="cx"> inline void* data();
</span><span class="cx"> inline const void* data() const;
</span><span class="cx"> inline unsigned byteLength() const;
</span><span class="cx">
</span><ins>+ void makeShared();
+ void setSharingMode(ArrayBufferSharingMode);
+ inline bool isShared() const;
+ inline ArrayBufferSharingMode sharingMode() const { return isShared() ? ArrayBufferSharingMode::Shared : ArrayBufferSharingMode::Default; }
+
</ins><span class="cx"> inline size_t gcSizeEstimateInBytes() const;
</span><span class="cx">
</span><del>- inline RefPtr<ArrayBuffer> slice(int begin, int end) const;
- inline RefPtr<ArrayBuffer> slice(int begin) const;
</del><ins>+ JS_EXPORT_PRIVATE RefPtr<ArrayBuffer> slice(int begin, int end) const;
+ JS_EXPORT_PRIVATE RefPtr<ArrayBuffer> slice(int begin) const;
</ins><span class="cx">
</span><span class="cx"> inline void pin();
</span><span class="cx"> inline void unpin();
</span><span class="cx"> inline void pinAndLock();
</span><span class="cx">
</span><del>- JS_EXPORT_PRIVATE bool transfer(ArrayBufferContents&);
</del><ins>+ JS_EXPORT_PRIVATE bool transferTo(ArrayBufferContents&);
</ins><span class="cx"> bool isNeutered() { return !m_contents.m_data; }
</span><span class="cx">
</span><span class="cx"> static ptrdiff_t offsetOfData() { return OBJECT_OFFSETOF(ArrayBuffer, m_contents) + OBJECT_OFFSETOF(ArrayBufferContents, m_data); }
</span><span class="lines">@@ -130,11 +137,11 @@
</span><span class="cx"> ~ArrayBuffer() { }
</span><span class="cx">
</span><span class="cx"> private:
</span><del>- static inline Ref<ArrayBuffer> create(unsigned numElements, unsigned elementByteSize, ArrayBufferContents::InitializationPolicy);
- static inline Ref<ArrayBuffer> createInternal(ArrayBufferContents&, const void*, unsigned);
- static inline RefPtr<ArrayBuffer> tryCreate(unsigned numElements, unsigned elementByteSize, ArrayBufferContents::InitializationPolicy);
- inline ArrayBuffer(ArrayBufferContents&);
- inline RefPtr<ArrayBuffer> sliceImpl(unsigned begin, unsigned end) const;
</del><ins>+ static Ref<ArrayBuffer> create(unsigned numElements, unsigned elementByteSize, ArrayBufferContents::InitializationPolicy);
+ static Ref<ArrayBuffer> createInternal(ArrayBufferContents&&, const void*, unsigned);
+ static RefPtr<ArrayBuffer> tryCreate(unsigned numElements, unsigned elementByteSize, ArrayBufferContents::InitializationPolicy);
+ ArrayBuffer(ArrayBufferContents&&);
+ RefPtr<ArrayBuffer> sliceImpl(unsigned begin, unsigned end) const;
</ins><span class="cx"> inline unsigned clampIndex(int index) const;
</span><span class="cx"> static inline int clampValue(int x, int left, int right);
</span><span class="cx">
</span><span class="lines">@@ -156,104 +163,6 @@
</span><span class="cx"> return x;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-Ref<ArrayBuffer> ArrayBuffer::create(unsigned numElements, unsigned elementByteSize)
-{
- auto buffer = tryCreate(numElements, elementByteSize);
- if (!buffer)
- CRASH();
- return buffer.releaseNonNull();
-}
-
-Ref<ArrayBuffer> ArrayBuffer::create(ArrayBuffer& other)
-{
- return ArrayBuffer::create(other.data(), other.byteLength());
-}
-
-Ref<ArrayBuffer> ArrayBuffer::create(const void* source, unsigned byteLength)
-{
- auto buffer = tryCreate(source, byteLength);
- if (!buffer)
- CRASH();
- return buffer.releaseNonNull();
-}
-
-Ref<ArrayBuffer> ArrayBuffer::create(ArrayBufferContents& contents)
-{
- return adoptRef(*new ArrayBuffer(contents));
-}
-
-Ref<ArrayBuffer> ArrayBuffer::createAdopted(const void* data, unsigned byteLength)
-{
- return createFromBytes(data, byteLength, WTFMove(arrayBufferDestructorDefault));
-}
-
-Ref<ArrayBuffer> ArrayBuffer::createFromBytes(const void* data, unsigned byteLength, ArrayBufferDestructorFunction&& destructor)
-{
- ArrayBufferContents contents(const_cast<void*>(data), byteLength, WTFMove(destructor));
- return create(contents);
-}
-
-RefPtr<ArrayBuffer> ArrayBuffer::tryCreate(unsigned numElements, unsigned elementByteSize)
-{
- return tryCreate(numElements, elementByteSize, ArrayBufferContents::ZeroInitialize);
-}
-
-RefPtr<ArrayBuffer> ArrayBuffer::tryCreate(ArrayBuffer& other)
-{
- return tryCreate(other.data(), other.byteLength());
-}
-
-RefPtr<ArrayBuffer> ArrayBuffer::tryCreate(const void* source, unsigned byteLength)
-{
- ArrayBufferContents contents;
- ArrayBufferContents::tryAllocate(byteLength, 1, ArrayBufferContents::ZeroInitialize, contents);
- if (!contents.m_data)
- return nullptr;
- return createInternal(contents, source, byteLength);
-}
-
-Ref<ArrayBuffer> ArrayBuffer::createUninitialized(unsigned numElements, unsigned elementByteSize)
-{
- return create(numElements, elementByteSize, ArrayBufferContents::DontInitialize);
-}
-
-RefPtr<ArrayBuffer> ArrayBuffer::tryCreateUninitialized(unsigned numElements, unsigned elementByteSize)
-{
- return tryCreate(numElements, elementByteSize, ArrayBufferContents::DontInitialize);
-}
-
-Ref<ArrayBuffer> ArrayBuffer::create(unsigned numElements, unsigned elementByteSize, ArrayBufferContents::InitializationPolicy policy)
-{
- auto buffer = tryCreate(numElements, elementByteSize, policy);
- if (!buffer)
- CRASH();
- return buffer.releaseNonNull();
-}
-
-Ref<ArrayBuffer> ArrayBuffer::createInternal(ArrayBufferContents& contents, const void* source, unsigned byteLength)
-{
- ASSERT(!byteLength || source);
- auto buffer = adoptRef(*new ArrayBuffer(contents));
- memcpy(buffer->data(), source, byteLength);
- return buffer;
-}
-
-RefPtr<ArrayBuffer> ArrayBuffer::tryCreate(unsigned numElements, unsigned elementByteSize, ArrayBufferContents::InitializationPolicy policy)
-{
- ArrayBufferContents contents;
- ArrayBufferContents::tryAllocate(numElements, elementByteSize, policy, contents);
- if (!contents.m_data)
- return nullptr;
- return adoptRef(*new ArrayBuffer(contents));
-}
-
-ArrayBuffer::ArrayBuffer(ArrayBufferContents& contents)
- : m_pinCount(0)
- , m_locked(false)
-{
- contents.transfer(m_contents);
-}
-
</del><span class="cx"> void* ArrayBuffer::data()
</span><span class="cx"> {
</span><span class="cx"> return m_contents.m_data;
</span><span class="lines">@@ -269,27 +178,17 @@
</span><span class="cx"> return m_contents.m_sizeInBytes;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-size_t ArrayBuffer::gcSizeEstimateInBytes() const
</del><ins>+bool ArrayBuffer::isShared() const
</ins><span class="cx"> {
</span><del>- return sizeof(ArrayBuffer) + static_cast<size_t>(byteLength());
</del><ins>+ return m_contents.isShared();
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-RefPtr<ArrayBuffer> ArrayBuffer::slice(int begin, int end) const
</del><ins>+size_t ArrayBuffer::gcSizeEstimateInBytes() const
</ins><span class="cx"> {
</span><del>- return sliceImpl(clampIndex(begin), clampIndex(end));
</del><ins>+ // FIXME: We probably want to scale this by the shared ref count or something.
+ return sizeof(ArrayBuffer) + static_cast<size_t>(byteLength());
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-RefPtr<ArrayBuffer> ArrayBuffer::slice(int begin) const
-{
- return sliceImpl(clampIndex(begin), byteLength());
-}
-
-RefPtr<ArrayBuffer> ArrayBuffer::sliceImpl(unsigned begin, unsigned end) const
-{
- unsigned size = begin <= end ? end - begin : 0;
- return ArrayBuffer::create(static_cast<const char*>(data()) + begin, size);
-}
-
</del><span class="cx"> unsigned ArrayBuffer::clampIndex(int index) const
</span><span class="cx"> {
</span><span class="cx"> unsigned currentLength = byteLength();
</span><span class="lines">@@ -313,38 +212,6 @@
</span><span class="cx"> m_locked = true;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void ArrayBufferContents::tryAllocate(unsigned numElements, unsigned elementByteSize, ArrayBufferContents::InitializationPolicy policy, ArrayBufferContents& result)
-{
- // Do not allow 31-bit overflow of the total size.
- if (numElements) {
- unsigned totalSize = numElements * elementByteSize;
- if (totalSize / numElements != elementByteSize
- || totalSize > static_cast<unsigned>(std::numeric_limits<int32_t>::max())) {
- result.m_data = 0;
- return;
- }
- }
- bool allocationSucceeded = false;
- if (policy == ZeroInitialize)
- allocationSucceeded = WTF::tryFastCalloc(numElements, elementByteSize).getValue(result.m_data);
- else {
- ASSERT(policy == DontInitialize);
- allocationSucceeded = WTF::tryFastMalloc(numElements * elementByteSize).getValue(result.m_data);
- }
-
- if (allocationSucceeded) {
- result.m_sizeInBytes = numElements * elementByteSize;
- result.m_destructor = arrayBufferDestructorDefault;
- return;
- }
- result.m_data = 0;
-}
-
-ArrayBufferContents::~ArrayBufferContents()
-{
- m_destructor(m_data);
-}
-
</del><span class="cx"> } // namespace JSC
</span><span class="cx">
</span><span class="cx"> using JSC::ArrayBuffer;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeArrayBufferSharingModeh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/ArrayBufferSharingMode.h (0 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ArrayBufferSharingMode.h (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/ArrayBufferSharingMode.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -0,0 +1,59 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include <wtf/PrintStream.h>
+
+namespace JSC {
+
+enum class ArrayBufferSharingMode {
+ Default,
+ Shared
+};
+
+inline const char* arrayBufferSharingModeName(ArrayBufferSharingMode sharingMode)
+{
+ switch (sharingMode) {
+ case ArrayBufferSharingMode::Default:
+ return "ArrayBuffer";
+ case ArrayBufferSharingMode::Shared:
+ return "SharedArrayBuffer";
+ }
+ RELEASE_ASSERT_NOT_REACHED();
+ return nullptr;
+}
+
+} // namespace JSC
+
+namespace WTF {
+
+inline void printInternal(PrintStream& out, JSC::ArrayBufferSharingMode mode)
+{
+ out.print(JSC::arrayBufferSharingModeName(mode));
+}
+
+} // namespace WTF
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeArrayBufferViewh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ArrayBufferView.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ArrayBufferView.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/ArrayBufferView.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2009, 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2009, 2013, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -48,12 +48,26 @@
</span><span class="cx"> return !m_buffer || m_buffer->isNeutered();
</span><span class="cx"> }
</span><span class="cx">
</span><del>- PassRefPtr<ArrayBuffer> buffer() const
</del><ins>+ PassRefPtr<ArrayBuffer> possiblySharedBuffer() const
</ins><span class="cx"> {
</span><span class="cx"> if (isNeutered())
</span><span class="cx"> return 0;
</span><span class="cx"> return m_buffer;
</span><span class="cx"> }
</span><ins>+
+ PassRefPtr<ArrayBuffer> unsharedBuffer() const
+ {
+ PassRefPtr<ArrayBuffer> result = possiblySharedBuffer();
+ RELEASE_ASSERT(!result->isShared());
+ return result;
+ }
+
+ bool isShared() const
+ {
+ if (isNeutered())
+ return false;
+ return m_buffer->isShared();
+ }
</ins><span class="cx">
</span><span class="cx"> void* baseAddress() const
</span><span class="cx"> {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeAtomicsObjectcpp"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/AtomicsObject.cpp (0 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/AtomicsObject.cpp (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/AtomicsObject.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -0,0 +1,402 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "AtomicsObject.h"
+
+#include "JSCInlines.h"
+#include "JSTypedArrays.h"
+#include "ObjectPrototype.h"
+#include "TypedArrayController.h"
+
+namespace JSC {
+
+STATIC_ASSERT_IS_TRIVIALLY_DESTRUCTIBLE(AtomicsObject);
+
+#define FOR_EACH_ATOMICS_FUNC(macro) \
+ macro(add, Add, 3) \
+ macro(and, And, 3) \
+ macro(compareExchange, CompareExchange, 4) \
+ macro(exchange, Exchange, 3) \
+ macro(isLockFree, IsLockFree, 1) \
+ macro(load, Load, 2) \
+ macro(or, Or, 3) \
+ macro(store, Store, 3) \
+ macro(sub, Sub, 3) \
+ macro(wait, Wait, 4) \
+ macro(wake, Wake, 3) \
+ macro(xor, Xor, 3)
+
+#define DECLARE_FUNC_PROTO(lowerName, upperName, count) \
+ EncodedJSValue JSC_HOST_CALL atomicsFunc ## upperName(ExecState*);
+FOR_EACH_ATOMICS_FUNC(DECLARE_FUNC_PROTO)
+#undef DECLARE_FUNC_PROTO
+
+const ClassInfo AtomicsObject::s_info = { "Atomics", &Base::s_info, 0, CREATE_METHOD_TABLE(AtomicsObject) };
+
+AtomicsObject::AtomicsObject(VM& vm, Structure* structure)
+ : JSNonFinalObject(vm, structure)
+{
+}
+
+AtomicsObject* AtomicsObject::create(VM& vm, JSGlobalObject* globalObject, Structure* structure)
+{
+ AtomicsObject* object = new (NotNull, allocateCell<AtomicsObject>(vm.heap)) AtomicsObject(vm, structure);
+ object->finishCreation(vm, globalObject);
+ return object;
+}
+
+Structure* AtomicsObject::createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
+{
+ return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
+}
+
+void AtomicsObject::finishCreation(VM& vm, JSGlobalObject* globalObject)
+{
+ Base::finishCreation(vm);
+ ASSERT(inherits(info()));
+
+#define PUT_DIRECT_NATIVE_FUNC(lowerName, upperName, count) \
+ putDirectNativeFunctionWithoutTransition(vm, globalObject, Identifier::fromString(&vm, #lowerName), count, atomicsFunc ## upperName, Atomics ## upperName ## Intrinsic, DontEnum);
+ FOR_EACH_ATOMICS_FUNC(PUT_DIRECT_NATIVE_FUNC)
+#undef PUT_DIRECT_NATIVE_FUNC
+}
+
+namespace {
+
+template<unsigned numExtraArgs, typename Adaptor, typename Func>
+EncodedJSValue atomicOperationWithArgsCase(ExecState* exec, ThrowScope& scope, JSArrayBufferView* typedArrayView, unsigned accessIndex, const Func& func)
+{
+ JSGenericTypedArrayView<Adaptor>* typedArray = jsCast<JSGenericTypedArrayView<Adaptor>*>(typedArrayView);
+
+ typename Adaptor::Type extraArgs[numExtraArgs + 1]; // Add 1 to avoid 0 size array error in VS.
+ for (unsigned i = 0; i < numExtraArgs; ++i) {
+ int32_t value = exec->argument(2 + i).toInt32(exec);
+ RETURN_IF_EXCEPTION(scope, JSValue::encode(jsUndefined()));
+ extraArgs[i] = Adaptor::toNativeFromInt32(value);
+ }
+
+ typename Adaptor::Type result = func(typedArray->typedVector() + accessIndex, extraArgs);
+ return JSValue::encode(Adaptor::toJSValue(result));
+}
+
+unsigned validatedAccessIndex(VM& vm, ExecState* exec, JSArrayBufferView* typedArrayView)
+{
+ auto scope = DECLARE_THROW_SCOPE(vm);
+ JSValue accessIndexValue = exec->argument(1);
+ if (UNLIKELY(!accessIndexValue.isInt32())) {
+ accessIndexValue = jsNumber(accessIndexValue.toNumber(exec));
+ RETURN_IF_EXCEPTION(scope, 0);
+ if (!accessIndexValue.isInt32()) {
+ throwRangeError(exec, scope, ASCIILiteral("Access index is not an integer."));
+ return 0;
+ }
+ }
+ int32_t accessIndex = accessIndexValue.asInt32();
+
+ ASSERT(typedArrayView->length() <= static_cast<unsigned>(INT_MAX));
+ if (static_cast<unsigned>(accessIndex) >= typedArrayView->length()) {
+ throwRangeError(exec, scope, ASCIILiteral("Access index out of bounds for atomic access."));
+ return 0;
+ }
+
+ return accessIndex;
+}
+
+template<unsigned numExtraArgs, typename Func>
+EncodedJSValue atomicOperationWithArgs(ExecState* exec, const Func& func)
+{
+ VM& vm = exec->vm();
+ auto scope = DECLARE_THROW_SCOPE(vm);
+
+ JSValue typedArrayValue = exec->argument(0);
+ if (!typedArrayValue.isCell()) {
+ throwTypeError(exec, scope, ASCIILiteral("Typed array argument must be a cell."));
+ return JSValue::encode(jsUndefined());
+ }
+
+ JSCell* typedArrayCell = typedArrayValue.asCell();
+
+ JSType type = typedArrayCell->type();
+ switch (type) {
+ case Int8ArrayType:
+ case Int16ArrayType:
+ case Int32ArrayType:
+ case Uint8ArrayType:
+ case Uint16ArrayType:
+ case Uint32ArrayType:
+ break;
+ default:
+ throwTypeError(exec, scope, ASCIILiteral("Typed array argument must be an Int8Array, Int16Array, Int32Array, Uint8Array, Uint16Array, or Uint32Array."));
+ return JSValue::encode(jsUndefined());
+ }
+
+ JSArrayBufferView* typedArrayView = jsCast<JSArrayBufferView*>(typedArrayCell);
+ if (!typedArrayView->isShared()) {
+ throwTypeError(exec, scope, ASCIILiteral("Typed array argument must wrap a SharedArrayBuffer."));
+ return JSValue::encode(jsUndefined());
+ }
+
+ unsigned accessIndex = validatedAccessIndex(vm, exec, typedArrayView);
+ RETURN_IF_EXCEPTION(scope, JSValue::encode(jsUndefined()));
+
+ switch (type) {
+ case Int8ArrayType:
+ return atomicOperationWithArgsCase<numExtraArgs, Int8Adaptor>(exec, scope, typedArrayView, accessIndex, func);
+ case Int16ArrayType:
+ return atomicOperationWithArgsCase<numExtraArgs, Int16Adaptor>(exec, scope, typedArrayView, accessIndex, func);
+ case Int32ArrayType:
+ return atomicOperationWithArgsCase<numExtraArgs, Int32Adaptor>(exec, scope, typedArrayView, accessIndex, func);
+ case Uint8ArrayType:
+ return atomicOperationWithArgsCase<numExtraArgs, Uint8Adaptor>(exec, scope, typedArrayView, accessIndex, func);
+ case Uint16ArrayType:
+ return atomicOperationWithArgsCase<numExtraArgs, Uint16Adaptor>(exec, scope, typedArrayView, accessIndex, func);
+ case Uint32ArrayType:
+ return atomicOperationWithArgsCase<numExtraArgs, Uint32Adaptor>(exec, scope, typedArrayView, accessIndex, func);
+ default:
+ RELEASE_ASSERT_NOT_REACHED();
+ return JSValue::encode(jsUndefined());
+ }
+}
+
+} // anonymous namespace
+
+EncodedJSValue JSC_HOST_CALL atomicsFuncAdd(ExecState* exec)
+{
+ return atomicOperationWithArgs<1>(
+ exec, [&] (auto* ptr, const auto* args) {
+ return WTF::atomicExchangeAdd(ptr, args[0]);
+ });
+}
+
+EncodedJSValue JSC_HOST_CALL atomicsFuncAnd(ExecState* exec)
+{
+ return atomicOperationWithArgs<1>(
+ exec, [&] (auto* ptr, const auto* args) {
+ return WTF::atomicExchangeAnd(ptr, args[0]);
+ });
+}
+
+EncodedJSValue JSC_HOST_CALL atomicsFuncCompareExchange(ExecState* exec)
+{
+ return atomicOperationWithArgs<2>(
+ exec, [&] (auto* ptr, const auto* args) {
+ return WTF::atomicCompareExchangeStrong(ptr, args[0], args[1]);
+ });
+}
+
+EncodedJSValue JSC_HOST_CALL atomicsFuncExchange(ExecState* exec)
+{
+ return atomicOperationWithArgs<1>(
+ exec, [&] (auto* ptr, const auto* args) {
+ return WTF::atomicExchange(ptr, args[0]);
+ });
+}
+
+EncodedJSValue JSC_HOST_CALL atomicsFuncIsLockFree(ExecState* exec)
+{
+ VM& vm = exec->vm();
+ auto scope = DECLARE_THROW_SCOPE(vm);
+
+ int32_t size = exec->argument(0).toInt32(exec);
+ RETURN_IF_EXCEPTION(scope, JSValue::encode(jsUndefined()));
+
+ bool result;
+ switch (size) {
+ case 1:
+ case 2:
+ case 4:
+ result = true;
+ break;
+ default:
+ result = false;
+ break;
+ }
+ return JSValue::encode(jsBoolean(result));
+}
+
+EncodedJSValue JSC_HOST_CALL atomicsFuncLoad(ExecState* exec)
+{
+ return atomicOperationWithArgs<0>(
+ exec, [&] (auto* ptr, const auto*) {
+ return WTF::atomicLoad(ptr);
+ });
+}
+
+EncodedJSValue JSC_HOST_CALL atomicsFuncOr(ExecState* exec)
+{
+ return atomicOperationWithArgs<1>(
+ exec, [&] (auto* ptr, const auto* args) {
+ return WTF::atomicExchangeOr(ptr, args[0]);
+ });
+}
+
+EncodedJSValue JSC_HOST_CALL atomicsFuncStore(ExecState* exec)
+{
+ return atomicOperationWithArgs<1>(
+ exec, [&] (auto* ptr, const auto* args) {
+ auto value = args[0];
+ WTF::atomicStore(ptr, value);
+ return value;
+ });
+}
+
+EncodedJSValue JSC_HOST_CALL atomicsFuncSub(ExecState* exec)
+{
+ return atomicOperationWithArgs<1>(
+ exec, [&] (auto* ptr, const auto* args) {
+ return WTF::atomicExchangeSub(ptr, args[0]);
+ });
+}
+
+EncodedJSValue JSC_HOST_CALL atomicsFuncWait(ExecState* exec)
+{
+ VM& vm = exec->vm();
+ auto scope = DECLARE_THROW_SCOPE(vm);
+
+ JSInt32Array* typedArray = jsDynamicCast<JSInt32Array*>(exec->argument(0));
+ if (!typedArray) {
+ throwTypeError(exec, scope, ASCIILiteral("Typed array for wait/wake must be an Int32Array."));
+ return JSValue::encode(jsUndefined());
+ }
+
+ if (!typedArray->isShared()) {
+ throwTypeError(exec, scope, ASCIILiteral("Typed array for wait/wake must wrap a SharedArrayBuffer."));
+ return JSValue::encode(jsUndefined());
+ }
+
+ unsigned accessIndex = validatedAccessIndex(vm, exec, typedArray);
+ RETURN_IF_EXCEPTION(scope, JSValue::encode(jsUndefined()));
+
+ int32_t* ptr = typedArray->typedVector() + accessIndex;
+
+ int32_t expectedValue = exec->argument(2).toInt32(exec);
+ RETURN_IF_EXCEPTION(scope, JSValue::encode(jsUndefined()));
+
+ double timeoutInMilliseconds = exec->argument(3).toNumber(exec);
+ RETURN_IF_EXCEPTION(scope, JSValue::encode(jsUndefined()));
+
+ if (!vm.m_typedArrayController->isAtomicsWaitAllowedOnCurrentThread()) {
+ throwTypeError(exec, scope, ASCIILiteral("Atomics.wait cannot be called from the current thread."));
+ return JSValue::encode(jsUndefined());
+ }
+
+ double timeoutInNanoseconds = timeoutInMilliseconds * 1000 * 1000;
+
+ // This covers the proposed rule:
+ //
+ // 4. If timeout is not provided or is undefined then let t be +inf. Otherwise:
+ // a. Let q be ? ToNumber(timeout).
+ // b. If q is NaN then let t be +inf, otherwise let t be max(0, q).
+ //
+ // exec->argument(3) returns undefined if it's not provided and ToNumber(undefined) returns NaN,
+ // so NaN is the only special case.
+ if (timeoutInNanoseconds == timeoutInNanoseconds)
+ timeoutInNanoseconds = std::max(0., timeoutInNanoseconds);
+ else
+ timeoutInNanoseconds = std::numeric_limits<double>::infinity();
+
+ // What happens next is a pile of nonsense, but it's all needed because of corner cases
+ // inside std::chrono.
+ // FIXME: Stop using std::chrono.
+
+ ParkingLot::Clock::time_point timeout;
+ if (timeoutInNanoseconds > static_cast<double>(std::numeric_limits<int64_t>::max()))
+ timeout = ParkingLot::Clock::time_point::max();
+ else {
+ std::chrono::nanoseconds relativeTimeout =
+ std::chrono::nanoseconds(static_cast<int64_t>(timeoutInNanoseconds));
+ if (relativeTimeout < std::chrono::nanoseconds::zero())
+ timeout = ParkingLot::Clock::now();
+ else if (relativeTimeout > ParkingLot::Clock::duration::max())
+ timeout = ParkingLot::Clock::time_point::max();
+ else {
+ ParkingLot::Clock::duration myRelativeTimeout =
+ std::chrono::duration_cast<ParkingLot::Clock::duration>(relativeTimeout);
+ timeout = ParkingLot::Clock::now() + myRelativeTimeout;
+ }
+ }
+
+ bool didPassValidation = false;
+ ParkingLot::ParkResult result = ParkingLot::parkConditionally(
+ ptr,
+ [&] () -> bool {
+ didPassValidation = WTF::atomicLoad(ptr) == expectedValue;
+ return didPassValidation;
+ },
+ [] () { },
+ timeout);
+ const char* resultString;
+ if (!didPassValidation)
+ resultString = "not-equal";
+ else if (!result.wasUnparked)
+ resultString = "timed-out";
+ else
+ resultString = "ok";
+ return JSValue::encode(jsString(exec, ASCIILiteral(resultString)));
+}
+
+EncodedJSValue JSC_HOST_CALL atomicsFuncWake(ExecState* exec)
+{
+ VM& vm = exec->vm();
+ auto scope = DECLARE_THROW_SCOPE(vm);
+
+ JSInt32Array* typedArray = jsDynamicCast<JSInt32Array*>(exec->argument(0));
+ if (!typedArray) {
+ throwTypeError(exec, scope, ASCIILiteral("Typed array for wait/wake must be an Int32Array."));
+ return JSValue::encode(jsUndefined());
+ }
+
+ if (!typedArray->isShared()) {
+ throwTypeError(exec, scope, ASCIILiteral("Typed array for wait/wake must wrap a SharedArrayBuffer."));
+ return JSValue::encode(jsUndefined());
+ }
+
+ unsigned accessIndex = validatedAccessIndex(vm, exec, typedArray);
+ RETURN_IF_EXCEPTION(scope, JSValue::encode(jsUndefined()));
+
+ int32_t* ptr = typedArray->typedVector() + accessIndex;
+
+ JSValue countValue = exec->argument(2);
+ unsigned count = UINT_MAX;
+ if (!countValue.isUndefined()) {
+ int32_t countInt = countValue.toInt32(exec);
+ RETURN_IF_EXCEPTION(scope, JSValue::encode(jsUndefined()));
+ count = std::max(0, countInt);
+ }
+
+ return JSValue::encode(jsNumber(ParkingLot::unparkCount(ptr, count)));
+}
+
+EncodedJSValue JSC_HOST_CALL atomicsFuncXor(ExecState* exec)
+{
+ return atomicOperationWithArgs<1>(
+ exec, [&] (auto* ptr, const auto* args) {
+ return WTF::atomicExchangeXor(ptr, args[0]);
+ });
+}
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeAtomicsObjecth"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/runtime/AtomicsObject.h (0 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/AtomicsObject.h (rev 0)
+++ trunk/Source/JavaScriptCore/runtime/AtomicsObject.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -0,0 +1,50 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "JSObject.h"
+
+namespace JSC {
+
+class AtomicsObject : public JSNonFinalObject {
+private:
+ AtomicsObject(VM&, Structure*);
+
+public:
+ typedef JSNonFinalObject Base;
+
+ static AtomicsObject* create(VM&, JSGlobalObject*, Structure*);
+
+ DECLARE_INFO;
+
+ static Structure* createStructure(VM&, JSGlobalObject*, JSValue);
+
+protected:
+ void finishCreation(VM&, JSGlobalObject*);
+};
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeCommonIdentifiersh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/CommonIdentifiers.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/CommonIdentifiers.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/CommonIdentifiers.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -89,6 +89,7 @@
</span><span class="cx"> macro(Set)\
</span><span class="cx"> macro(SetIterator)\
</span><span class="cx"> macro(ShadowRoot) \
</span><ins>+ macro(SharedArrayBuffer) \
</ins><span class="cx"> macro(StaticRange) \
</span><span class="cx"> macro(String) \
</span><span class="cx"> macro(Symbol) \
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeDataViewcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/DataView.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/DataView.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/DataView.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -53,7 +53,7 @@
</span><span class="cx"> JSArrayBufferView* DataView::wrap(ExecState* exec, JSGlobalObject* globalObject)
</span><span class="cx"> {
</span><span class="cx"> return JSDataView::create(
</span><del>- exec, globalObject->typedArrayStructure(TypeDataView), buffer(), byteOffset(),
</del><ins>+ exec, globalObject->typedArrayStructure(TypeDataView), possiblySharedBuffer(), byteOffset(),
</ins><span class="cx"> byteLength());
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeGenericTypedArrayViewInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/GenericTypedArrayViewInlines.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/GenericTypedArrayViewInlines.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/GenericTypedArrayViewInlines.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -93,8 +93,9 @@
</span><span class="cx"> {
</span><span class="cx"> unsigned offset, length;
</span><span class="cx"> calculateOffsetAndLength(start, end, this->length(), &offset, &length);
</span><del>- clampOffsetAndNumElements<Adaptor::Type>(buffer(), byteOffset(), &offset, &length);
- return create(buffer(), offset, length);
</del><ins>+ ArrayBuffer* buffer = possiblySharedBuffer();
+ clampOffsetAndNumElements<Adaptor::Type>(buffer, byteOffset(), &offset, &length);
+ return create(buffer, offset, length);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename Adaptor>
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeIntrinsich"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/Intrinsic.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/Intrinsic.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/Intrinsic.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -65,6 +65,18 @@
</span><span class="cx"> JSMapHasIntrinsic,
</span><span class="cx"> JSSetHasIntrinsic,
</span><span class="cx"> HasOwnPropertyIntrinsic,
</span><ins>+ AtomicsAddIntrinsic,
+ AtomicsAndIntrinsic,
+ AtomicsCompareExchangeIntrinsic,
+ AtomicsExchangeIntrinsic,
+ AtomicsIsLockFreeIntrinsic,
+ AtomicsLoadIntrinsic,
+ AtomicsOrIntrinsic,
+ AtomicsStoreIntrinsic,
+ AtomicsSubIntrinsic,
+ AtomicsWaitIntrinsic,
+ AtomicsWakeIntrinsic,
+ AtomicsXorIntrinsic,
</ins><span class="cx"> ToLowerCaseIntrinsic,
</span><span class="cx">
</span><span class="cx"> // Getter intrinsics.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSArrayBuffercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSArrayBuffer.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSArrayBuffer.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/JSArrayBuffer.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -28,6 +28,7 @@
</span><span class="cx">
</span><span class="cx"> #include "JSCInlines.h"
</span><span class="cx"> #include "TypeError.h"
</span><ins>+#include "TypedArrayController.h"
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="lines">@@ -43,6 +44,7 @@
</span><span class="cx"> void JSArrayBuffer::finishCreation(VM& vm, JSGlobalObject* globalObject)
</span><span class="cx"> {
</span><span class="cx"> Base::finishCreation(vm);
</span><ins>+ // This probably causes GCs in the various VMs to overcount the impact of the array buffer.
</ins><span class="cx"> vm.heap.addReference(this, m_impl);
</span><span class="cx"> vm.m_typedArrayController->registerWrapper(globalObject, m_impl, this);
</span><span class="cx"> }
</span><span class="lines">@@ -66,6 +68,16 @@
</span><span class="cx"> NonArray);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+bool JSArrayBuffer::isShared() const
+{
+ return m_impl->isShared();
+}
+
+ArrayBufferSharingMode JSArrayBuffer::sharingMode() const
+{
+ return m_impl->sharingMode();
+}
+
</ins><span class="cx"> size_t JSArrayBuffer::estimatedSize(JSCell* cell)
</span><span class="cx"> {
</span><span class="cx"> JSArrayBuffer* thisObject = jsCast<JSArrayBuffer*>(cell);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSArrayBufferh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSArrayBuffer.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSArrayBuffer.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/JSArrayBuffer.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -47,10 +47,14 @@
</span><span class="cx">
</span><span class="cx"> static Structure* createStructure(VM&, JSGlobalObject*, JSValue prototype);
</span><span class="cx">
</span><del>- static ArrayBuffer* toWrapped(JSValue);
</del><ins>+ bool isShared() const;
+ ArrayBufferSharingMode sharingMode() const;
</ins><span class="cx">
</span><span class="cx"> DECLARE_EXPORT_INFO;
</span><span class="cx">
</span><ins>+ // This is the default DOM unwrapping. It calls toUnsharedArrayBuffer().
+ static RefPtr<ArrayBuffer> toWrapped(JSValue);
+
</ins><span class="cx"> protected:
</span><span class="cx">
</span><span class="cx"> static size_t estimatedSize(JSCell*);
</span><span class="lines">@@ -65,7 +69,7 @@
</span><span class="cx"> ArrayBuffer* m_impl;
</span><span class="cx"> };
</span><span class="cx">
</span><del>-inline ArrayBuffer* toArrayBuffer(JSValue value)
</del><ins>+inline ArrayBuffer* toPossiblySharedArrayBuffer(JSValue value)
</ins><span class="cx"> {
</span><span class="cx"> JSArrayBuffer* wrapper = jsDynamicCast<JSArrayBuffer*>(value);
</span><span class="cx"> if (!wrapper)
</span><span class="lines">@@ -73,9 +77,17 @@
</span><span class="cx"> return wrapper->impl();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline ArrayBuffer* JSArrayBuffer::toWrapped(JSValue value)
</del><ins>+inline ArrayBuffer* toUnsharedArrayBuffer(JSValue value)
</ins><span class="cx"> {
</span><del>- return toArrayBuffer(value);
</del><ins>+ ArrayBuffer* result = toPossiblySharedArrayBuffer(value);
+ if (!result || result->isShared())
+ return nullptr;
+ return result;
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+inline RefPtr<ArrayBuffer> JSArrayBuffer::toWrapped(JSValue value)
+{
+ return toUnsharedArrayBuffer(value);
+}
+
</ins><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSArrayBufferConstructorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSArrayBufferConstructor.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSArrayBufferConstructor.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/JSArrayBufferConstructor.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -44,28 +44,31 @@
</span><span class="cx"> CREATE_METHOD_TABLE(JSArrayBufferConstructor)
</span><span class="cx"> };
</span><span class="cx">
</span><del>-JSArrayBufferConstructor::JSArrayBufferConstructor(VM& vm, Structure* structure)
</del><ins>+JSArrayBufferConstructor::JSArrayBufferConstructor(VM& vm, Structure* structure, ArrayBufferSharingMode sharingMode)
</ins><span class="cx"> : Base(vm, structure)
</span><ins>+ , m_sharingMode(sharingMode)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void JSArrayBufferConstructor::finishCreation(VM& vm, JSArrayBufferPrototype* prototype, GetterSetter* speciesSymbol)
</span><span class="cx"> {
</span><del>- Base::finishCreation(vm, ASCIILiteral("ArrayBuffer"));
</del><ins>+ Base::finishCreation(vm, ASCIILiteral(arrayBufferSharingModeName(m_sharingMode)));
</ins><span class="cx"> putDirectWithoutTransition(vm, vm.propertyNames->prototype, prototype, DontEnum | DontDelete | ReadOnly);
</span><span class="cx"> putDirectWithoutTransition(vm, vm.propertyNames->length, jsNumber(1), DontEnum | DontDelete | ReadOnly);
</span><span class="cx"> putDirectNonIndexAccessor(vm, vm.propertyNames->speciesSymbol, speciesSymbol, Accessor | ReadOnly | DontEnum);
</span><span class="cx">
</span><del>- JSGlobalObject* globalObject = this->globalObject();
- JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->isView, arrayBufferFuncIsView, DontEnum, 1);
- JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().isViewPrivateName(), arrayBufferFuncIsView, DontEnum, 1);
</del><ins>+ if (m_sharingMode == ArrayBufferSharingMode::Default) {
+ JSGlobalObject* globalObject = this->globalObject();
+ JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->isView, arrayBufferFuncIsView, DontEnum, 1);
+ JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->builtinNames().isViewPrivateName(), arrayBufferFuncIsView, DontEnum, 1);
+ }
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-JSArrayBufferConstructor* JSArrayBufferConstructor::create(VM& vm, Structure* structure, JSArrayBufferPrototype* prototype, GetterSetter* speciesSymbol)
</del><ins>+JSArrayBufferConstructor* JSArrayBufferConstructor::create(VM& vm, Structure* structure, JSArrayBufferPrototype* prototype, GetterSetter* speciesSymbol, ArrayBufferSharingMode sharingMode)
</ins><span class="cx"> {
</span><span class="cx"> JSArrayBufferConstructor* result =
</span><span class="cx"> new (NotNull, allocateCell<JSArrayBufferConstructor>(vm.heap))
</span><del>- JSArrayBufferConstructor(vm, structure);
</del><ins>+ JSArrayBufferConstructor(vm, structure, sharingMode);
</ins><span class="cx"> result->finishCreation(vm, prototype, speciesSymbol);
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="lines">@@ -99,8 +102,13 @@
</span><span class="cx"> auto buffer = ArrayBuffer::tryCreate(length, 1);
</span><span class="cx"> if (!buffer)
</span><span class="cx"> return JSValue::encode(throwOutOfMemoryError(exec, scope));
</span><del>-
- Structure* arrayBufferStructure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), constructor->globalObject()->arrayBufferStructure());
</del><ins>+
+ if (constructor->sharingMode() == ArrayBufferSharingMode::Shared)
+ buffer->makeShared();
+
+ ASSERT(constructor->sharingMode() == buffer->sharingMode());
+
+ Structure* arrayBufferStructure = InternalFunction::createSubclassStructure(exec, exec->newTarget(), constructor->globalObject()->arrayBufferStructure(constructor->sharingMode()));
</ins><span class="cx"> RETURN_IF_EXCEPTION(scope, encodedJSValue());
</span><span class="cx"> JSArrayBuffer* result = JSArrayBuffer::create(vm, arrayBufferStructure, WTFMove(buffer));
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSArrayBufferConstructorh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSArrayBufferConstructor.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSArrayBufferConstructor.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/JSArrayBufferConstructor.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -25,6 +25,7 @@
</span><span class="cx">
</span><span class="cx"> #pragma once
</span><span class="cx">
</span><ins>+#include "ArrayBuffer.h"
</ins><span class="cx"> #include "InternalFunction.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="lines">@@ -37,19 +38,24 @@
</span><span class="cx"> typedef InternalFunction Base;
</span><span class="cx">
</span><span class="cx"> protected:
</span><del>- JSArrayBufferConstructor(VM&, Structure*);
</del><ins>+ JSArrayBufferConstructor(VM&, Structure*, ArrayBufferSharingMode);
</ins><span class="cx"> void finishCreation(VM&, JSArrayBufferPrototype*, GetterSetter* speciesSymbol);
</span><span class="cx">
</span><span class="cx"> public:
</span><del>- static JSArrayBufferConstructor* create(VM&, Structure*, JSArrayBufferPrototype*, GetterSetter* speciesSymbol);
</del><ins>+ static JSArrayBufferConstructor* create(VM&, Structure*, JSArrayBufferPrototype*, GetterSetter* speciesSymbol, ArrayBufferSharingMode);
</ins><span class="cx">
</span><span class="cx"> DECLARE_INFO;
</span><span class="cx">
</span><span class="cx"> static Structure* createStructure(VM&, JSGlobalObject*, JSValue prototype);
</span><ins>+
+ ArrayBufferSharingMode sharingMode() const { return m_sharingMode; }
</ins><span class="cx">
</span><span class="cx"> protected:
</span><span class="cx"> static ConstructType getConstructData(JSCell*, ConstructData&);
</span><span class="cx"> static CallType getCallData(JSCell*, CallData&);
</span><ins>+
+private:
+ ArrayBufferSharingMode m_sharingMode;
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSArrayBufferPrototypecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSArrayBufferPrototype.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSArrayBufferPrototype.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/JSArrayBufferPrototype.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -63,7 +63,7 @@
</span><span class="cx"> if (!newBuffer)
</span><span class="cx"> return JSValue::encode(throwOutOfMemoryError(exec, scope));
</span><span class="cx">
</span><del>- Structure* structure = callee->globalObject()->arrayBufferStructure();
</del><ins>+ Structure* structure = callee->globalObject()->arrayBufferStructure(newBuffer->sharingMode());
</ins><span class="cx">
</span><span class="cx"> JSArrayBuffer* result = JSArrayBuffer::create(vm, structure, newBuffer);
</span><span class="cx">
</span><span class="lines">@@ -74,8 +74,9 @@
</span><span class="cx"> "ArrayBufferPrototype", &Base::s_info, 0, CREATE_METHOD_TABLE(JSArrayBufferPrototype)
</span><span class="cx"> };
</span><span class="cx">
</span><del>-JSArrayBufferPrototype::JSArrayBufferPrototype(VM& vm, Structure* structure)
</del><ins>+JSArrayBufferPrototype::JSArrayBufferPrototype(VM& vm, Structure* structure, ArrayBufferSharingMode sharingMode)
</ins><span class="cx"> : Base(vm, structure)
</span><ins>+ , m_sharingMode(sharingMode)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -84,14 +85,14 @@
</span><span class="cx"> Base::finishCreation(vm);
</span><span class="cx">
</span><span class="cx"> JSC_NATIVE_FUNCTION_WITHOUT_TRANSITION(vm.propertyNames->slice, arrayBufferProtoFuncSlice, DontEnum, 2);
</span><del>- putDirectWithoutTransition(vm, vm.propertyNames->toStringTagSymbol, jsString(&vm, "ArrayBuffer"), DontEnum | ReadOnly);
</del><ins>+ putDirectWithoutTransition(vm, vm.propertyNames->toStringTagSymbol, jsString(&vm, arrayBufferSharingModeName(m_sharingMode)), DontEnum | ReadOnly);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-JSArrayBufferPrototype* JSArrayBufferPrototype::create(VM& vm, JSGlobalObject* globalObject, Structure* structure)
</del><ins>+JSArrayBufferPrototype* JSArrayBufferPrototype::create(VM& vm, JSGlobalObject* globalObject, Structure* structure, ArrayBufferSharingMode sharingMode)
</ins><span class="cx"> {
</span><span class="cx"> JSArrayBufferPrototype* prototype =
</span><span class="cx"> new (NotNull, allocateCell<JSArrayBufferPrototype>(vm.heap))
</span><del>- JSArrayBufferPrototype(vm, structure);
</del><ins>+ JSArrayBufferPrototype(vm, structure, sharingMode);
</ins><span class="cx"> prototype->finishCreation(vm, globalObject);
</span><span class="cx"> return prototype;
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSArrayBufferPrototypeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSArrayBufferPrototype.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSArrayBufferPrototype.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/JSArrayBufferPrototype.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -25,6 +25,7 @@
</span><span class="cx">
</span><span class="cx"> #pragma once
</span><span class="cx">
</span><ins>+#include "ArrayBuffer.h"
</ins><span class="cx"> #include "JSObject.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="lines">@@ -34,15 +35,18 @@
</span><span class="cx"> typedef JSNonFinalObject Base;
</span><span class="cx">
</span><span class="cx"> protected:
</span><del>- JSArrayBufferPrototype(VM&, Structure*);
</del><ins>+ JSArrayBufferPrototype(VM&, Structure*, ArrayBufferSharingMode);
</ins><span class="cx"> void finishCreation(VM&, JSGlobalObject*);
</span><span class="cx">
</span><span class="cx"> public:
</span><del>- static JSArrayBufferPrototype* create(VM&, JSGlobalObject*, Structure*);
</del><ins>+ static JSArrayBufferPrototype* create(VM&, JSGlobalObject*, Structure*, ArrayBufferSharingMode);
</ins><span class="cx">
</span><span class="cx"> DECLARE_INFO;
</span><span class="cx">
</span><span class="cx"> static Structure* createStructure(VM&, JSGlobalObject*, JSValue prototype);
</span><ins>+
+private:
+ ArrayBufferSharingMode m_sharingMode;
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSArrayBufferViewcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -29,6 +29,7 @@
</span><span class="cx"> #include "JSArrayBuffer.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><span class="cx"> #include "TypeError.h"
</span><ins>+#include "TypedArrayController.h"
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="lines">@@ -147,7 +148,7 @@
</span><span class="cx"> return;
</span><span class="cx"> case DataViewMode:
</span><span class="cx"> ASSERT(!butterfly());
</span><del>- vm.heap.addReference(this, jsCast<JSDataView*>(this)->buffer());
</del><ins>+ vm.heap.addReference(this, jsCast<JSDataView*>(this)->possiblySharedBuffer());
</ins><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx"> RELEASE_ASSERT_NOT_REACHED();
</span><span class="lines">@@ -158,7 +159,7 @@
</span><span class="cx"> JSArrayBufferView* thisObject = jsCast<JSArrayBufferView*>(cell);
</span><span class="cx">
</span><span class="cx"> if (thisObject->hasArrayBuffer()) {
</span><del>- ArrayBuffer* buffer = thisObject->buffer();
</del><ins>+ ArrayBuffer* buffer = thisObject->possiblySharedBuffer();
</ins><span class="cx"> RELEASE_ASSERT(buffer);
</span><span class="cx"> visitor.addOpaqueRoot(buffer);
</span><span class="cx"> }
</span><span class="lines">@@ -177,6 +178,13 @@
</span><span class="cx">
</span><span class="cx"> return Base::put(thisObject, exec, propertyName, value, slot);
</span><span class="cx"> }
</span><ins>+
+ArrayBuffer* JSArrayBufferView::unsharedBuffer()
+{
+ ArrayBuffer* result = possiblySharedBuffer();
+ RELEASE_ASSERT(!result->isShared());
+ return result;
+}
</ins><span class="cx">
</span><span class="cx"> void JSArrayBufferView::finalize(JSCell* cell)
</span><span class="cx"> {
</span><span class="lines">@@ -186,14 +194,24 @@
</span><span class="cx"> fastFree(thisObject->m_vector.get());
</span><span class="cx"> }
</span><span class="cx">
</span><del>-RefPtr<ArrayBufferView> JSArrayBufferView::toWrapped(JSValue value)
</del><ins>+JSArrayBuffer* JSArrayBufferView::unsharedJSBuffer(ExecState* exec)
</ins><span class="cx"> {
</span><del>- auto* wrapper = jsDynamicCast<JSArrayBufferView*>(value);
- if (!wrapper)
- return nullptr;
- return wrapper->impl();
</del><ins>+ return exec->vm().m_typedArrayController->toJS(exec, globalObject(), unsharedBuffer());
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+JSArrayBuffer* JSArrayBufferView::possiblySharedJSBuffer(ExecState* exec)
+{
+ return exec->vm().m_typedArrayController->toJS(exec, globalObject(), possiblySharedBuffer());
+}
+
+void JSArrayBufferView::neuter()
+{
+ RELEASE_ASSERT(hasArrayBuffer());
+ RELEASE_ASSERT(!isShared());
+ m_length = 0;
+ m_vector.clear();
+}
+
</ins><span class="cx"> } // namespace JSC
</span><span class="cx">
</span><span class="cx"> namespace WTF {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSArrayBufferViewh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/JSArrayBufferView.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -157,9 +157,13 @@
</span><span class="cx"> TypedArrayMode mode() const { return m_mode; }
</span><span class="cx"> bool hasArrayBuffer() const { return JSC::hasArrayBuffer(mode()); }
</span><span class="cx">
</span><del>- ArrayBuffer* buffer();
- JSArrayBuffer* jsBuffer(ExecState* exec) { return exec->vm().m_typedArrayController->toJS(exec, globalObject(), buffer()); }
- PassRefPtr<ArrayBufferView> impl();
</del><ins>+ bool isShared();
+ JS_EXPORT_PRIVATE ArrayBuffer* unsharedBuffer();
+ ArrayBuffer* possiblySharedBuffer();
+ JSArrayBuffer* unsharedJSBuffer(ExecState* exec);
+ JSArrayBuffer* possiblySharedJSBuffer(ExecState* exec);
+ PassRefPtr<ArrayBufferView> unsharedImpl();
+ PassRefPtr<ArrayBufferView> possiblySharedImpl();
</ins><span class="cx"> bool isNeutered() { return hasArrayBuffer() && !vector(); }
</span><span class="cx"> void neuter();
</span><span class="cx">
</span><span class="lines">@@ -173,9 +177,9 @@
</span><span class="cx"> static ptrdiff_t offsetOfVector() { return OBJECT_OFFSETOF(JSArrayBufferView, m_vector); }
</span><span class="cx"> static ptrdiff_t offsetOfLength() { return OBJECT_OFFSETOF(JSArrayBufferView, m_length); }
</span><span class="cx"> static ptrdiff_t offsetOfMode() { return OBJECT_OFFSETOF(JSArrayBufferView, m_mode); }
</span><ins>+
+ static RefPtr<ArrayBufferView> toWrapped(JSValue);
</ins><span class="cx">
</span><del>- JS_EXPORT_PRIVATE static RefPtr<ArrayBufferView> toWrapped(JSValue);
-
</del><span class="cx"> private:
</span><span class="cx"> static void finalize(JSCell*);
</span><span class="cx">
</span><span class="lines">@@ -195,6 +199,6 @@
</span><span class="cx">
</span><span class="cx"> namespace WTF {
</span><span class="cx">
</span><del>-void printInternal(PrintStream&, JSC::TypedArrayMode);
</del><ins>+JS_EXPORT_PRIVATE void printInternal(PrintStream&, JSC::TypedArrayMode);
</ins><span class="cx">
</span><span class="cx"> } // namespace WTF
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSArrayBufferViewInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSArrayBufferViewInlines.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSArrayBufferViewInlines.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/JSArrayBufferViewInlines.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -31,13 +31,25 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><del>-inline ArrayBuffer* JSArrayBufferView::buffer()
</del><ins>+inline bool JSArrayBufferView::isShared()
</ins><span class="cx"> {
</span><span class="cx"> switch (m_mode) {
</span><span class="cx"> case WastefulTypedArray:
</span><ins>+ return existingBufferInButterfly()->isShared();
+ case DataViewMode:
+ return jsCast<JSDataView*>(this)->possiblySharedBuffer()->isShared();
+ default:
+ return false;
+ }
+}
+
+inline ArrayBuffer* JSArrayBufferView::possiblySharedBuffer()
+{
+ switch (m_mode) {
+ case WastefulTypedArray:
</ins><span class="cx"> return existingBufferInButterfly();
</span><span class="cx"> case DataViewMode:
</span><del>- return jsCast<JSDataView*>(this)->buffer();
</del><ins>+ return jsCast<JSDataView*>(this)->possiblySharedBuffer();
</ins><span class="cx"> default:
</span><span class="cx"> return methodTable()->slowDownAndWasteMemory(this);
</span><span class="cx"> }
</span><span class="lines">@@ -49,16 +61,16 @@
</span><span class="cx"> return butterfly()->indexingHeader()->arrayBuffer();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline PassRefPtr<ArrayBufferView> JSArrayBufferView::impl()
</del><ins>+inline PassRefPtr<ArrayBufferView> JSArrayBufferView::possiblySharedImpl()
</ins><span class="cx"> {
</span><span class="cx"> return methodTable()->getTypedArrayImpl(this);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline void JSArrayBufferView::neuter()
</del><ins>+inline PassRefPtr<ArrayBufferView> JSArrayBufferView::unsharedImpl()
</ins><span class="cx"> {
</span><del>- ASSERT(hasArrayBuffer());
- m_length = 0;
- m_vector.clear();
</del><ins>+ PassRefPtr<ArrayBufferView> result = possiblySharedImpl();
+ RELEASE_ASSERT(!result->isShared());
+ return result;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> inline unsigned JSArrayBufferView::byteOffset()
</span><span class="lines">@@ -65,11 +77,12 @@
</span><span class="cx"> {
</span><span class="cx"> if (!hasArrayBuffer())
</span><span class="cx"> return 0;
</span><del>-
- ASSERT(!vector() == !buffer()->data());
-
</del><ins>+
+ ArrayBuffer* buffer = possiblySharedBuffer();
+ ASSERT(!vector() == !buffer->data());
+
</ins><span class="cx"> ptrdiff_t delta =
</span><del>- bitwise_cast<uint8_t*>(vector()) - static_cast<uint8_t*>(buffer()->data());
</del><ins>+ bitwise_cast<uint8_t*>(vector()) - static_cast<uint8_t*>(buffer->data());
</ins><span class="cx">
</span><span class="cx"> unsigned result = static_cast<unsigned>(delta);
</span><span class="cx"> ASSERT(static_cast<ptrdiff_t>(result) == delta);
</span><span class="lines">@@ -76,4 +89,11 @@
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+inline RefPtr<ArrayBufferView> JSArrayBufferView::toWrapped(JSValue value)
+{
+ if (JSArrayBufferView* view = jsDynamicCast<JSArrayBufferView*>(value))
+ return view->unsharedImpl();
+ return nullptr;
+}
+
</ins><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSDataViewcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSDataView.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSDataView.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/JSDataView.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -92,11 +92,16 @@
</span><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-PassRefPtr<DataView> JSDataView::typedImpl()
</del><ins>+PassRefPtr<DataView> JSDataView::possiblySharedTypedImpl()
</ins><span class="cx"> {
</span><del>- return DataView::create(buffer(), byteOffset(), length());
</del><ins>+ return DataView::create(possiblySharedBuffer(), byteOffset(), length());
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+PassRefPtr<DataView> JSDataView::unsharedTypedImpl()
+{
+ return DataView::create(unsharedBuffer(), byteOffset(), length());
+}
+
</ins><span class="cx"> bool JSDataView::getOwnPropertySlot(
</span><span class="cx"> JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
</span><span class="cx"> {
</span><span class="lines">@@ -178,7 +183,7 @@
</span><span class="cx"> PassRefPtr<ArrayBufferView> JSDataView::getTypedArrayImpl(JSArrayBufferView* object)
</span><span class="cx"> {
</span><span class="cx"> JSDataView* thisObject = jsCast<JSDataView*>(object);
</span><del>- return thisObject->typedImpl();
</del><ins>+ return thisObject->possiblySharedTypedImpl();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> Structure* JSDataView::createStructure(
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSDataViewh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSDataView.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSDataView.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/JSDataView.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013-2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -50,9 +50,15 @@
</span><span class="cx"> bool set(ExecState*, unsigned, JSObject*, unsigned, unsigned length);
</span><span class="cx"> bool setIndex(ExecState*, unsigned, JSValue);
</span><span class="cx">
</span><del>- ArrayBuffer* buffer() const { return m_buffer; }
</del><ins>+ ArrayBuffer* possiblySharedBuffer() const { return m_buffer; }
+ ArrayBuffer* unsharedBuffer() const
+ {
+ RELEASE_ASSERT(!m_buffer->isShared());
+ return m_buffer;
+ }
</ins><span class="cx">
</span><del>- PassRefPtr<DataView> typedImpl();
</del><ins>+ PassRefPtr<DataView> possiblySharedTypedImpl();
+ PassRefPtr<DataView> unsharedTypedImpl();
</ins><span class="cx">
</span><span class="cx"> static const TypedArrayType TypedArrayStorageType = TypeDataView;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSDataViewPrototypecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSDataViewPrototype.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSDataViewPrototype.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/JSDataViewPrototype.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -228,7 +228,7 @@
</span><span class="cx"> if (!view)
</span><span class="cx"> return throwVMTypeError(exec, scope, "DataView.prototype.buffer expects |this| to be a DataView object");
</span><span class="cx">
</span><del>- return JSValue::encode(view->jsBuffer(exec));
</del><ins>+ return JSValue::encode(view->possiblySharedJSBuffer(exec));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> EncodedJSValue JSC_HOST_CALL dataViewProtoGetterByteLength(ExecState* exec)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSGenericTypedArrayViewh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayView.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayView.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayView.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -225,13 +225,9 @@
</span><span class="cx"> // then it will have thrown an exception.
</span><span class="cx"> bool set(ExecState*, unsigned offset, JSObject*, unsigned objectOffset, unsigned length, CopyType type = CopyType::Unobservable);
</span><span class="cx">
</span><del>- RefPtr<typename Adaptor::ViewType> typedImpl()
- {
- return Adaptor::ViewType::create(buffer(), byteOffset(), length());
- }
</del><ins>+ PassRefPtr<typename Adaptor::ViewType> possiblySharedTypedImpl();
+ PassRefPtr<typename Adaptor::ViewType> unsharedTypedImpl();
</ins><span class="cx">
</span><del>- static RefPtr<typename Adaptor::ViewType> toWrapped(JSValue);
-
</del><span class="cx"> static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
</span><span class="cx"> {
</span><span class="cx"> return Structure::create(vm, globalObject, prototype, TypeInfo(typeForTypedArrayType(Adaptor::typeValue), StructureFlags), info(), NonArray);
</span><span class="lines">@@ -270,6 +266,9 @@
</span><span class="cx">
</span><span class="cx"> static const TypedArrayType TypedArrayStorageType = Adaptor::typeValue;
</span><span class="cx">
</span><ins>+ // This is the default DOM unwrapping. It calls toUnsharedNativeTypedView().
+ static RefPtr<typename Adaptor::ViewType> toWrapped(JSValue);
+
</ins><span class="cx"> protected:
</span><span class="cx"> friend struct TypedArrayClassInfos;
</span><span class="cx">
</span><span class="lines">@@ -361,18 +360,27 @@
</span><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> template<typename Adaptor>
</span><del>-inline RefPtr<typename Adaptor::ViewType> toNativeTypedView(JSValue value)
</del><ins>+inline RefPtr<typename Adaptor::ViewType> toPossiblySharedNativeTypedView(JSValue value)
</ins><span class="cx"> {
</span><span class="cx"> typename Adaptor::JSViewType* wrapper = jsDynamicCast<typename Adaptor::JSViewType*>(value);
</span><span class="cx"> if (!wrapper)
</span><span class="cx"> return nullptr;
</span><del>- return wrapper->typedImpl();
</del><ins>+ return wrapper->possiblySharedTypedImpl();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename Adaptor>
</span><ins>+inline RefPtr<typename Adaptor::ViewType> toUnsharedNativeTypedView(JSValue value)
+{
+ RefPtr<typename Adaptor::ViewType> result = toPossiblySharedNativeTypedView<Adaptor>(value);
+ if (!result || result->isShared())
+ return nullptr;
+ return result;
+}
+
+template<typename Adaptor>
</ins><span class="cx"> RefPtr<typename Adaptor::ViewType> JSGenericTypedArrayView<Adaptor>::toWrapped(JSValue value)
</span><span class="cx"> {
</span><del>- return JSC::toNativeTypedView<Adaptor>(value);
</del><ins>+ return JSC::toUnsharedNativeTypedView<Adaptor>(value);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSGenericTypedArrayViewInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -125,7 +125,7 @@
</span><span class="cx"> JSGenericTypedArrayView<Adaptor>* JSGenericTypedArrayView<Adaptor>::create(
</span><span class="cx"> VM& vm, Structure* structure, PassRefPtr<typename Adaptor::ViewType> impl)
</span><span class="cx"> {
</span><del>- RefPtr<ArrayBuffer> buffer = impl->buffer();
</del><ins>+ RefPtr<ArrayBuffer> buffer = impl->possiblySharedBuffer();
</ins><span class="cx"> ConstructionContext context(vm, structure, buffer, impl->byteOffset(), impl->length());
</span><span class="cx"> ASSERT(context);
</span><span class="cx"> JSGenericTypedArrayView* result =
</span><span class="lines">@@ -313,6 +313,18 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename Adaptor>
</span><ins>+PassRefPtr<typename Adaptor::ViewType> JSGenericTypedArrayView<Adaptor>::possiblySharedTypedImpl()
+{
+ return Adaptor::ViewType::create(possiblySharedBuffer(), byteOffset(), length());
+}
+
+template<typename Adaptor>
+PassRefPtr<typename Adaptor::ViewType> JSGenericTypedArrayView<Adaptor>::unsharedTypedImpl()
+{
+ return Adaptor::ViewType::create(unsharedBuffer(), byteOffset(), length());
+}
+
+template<typename Adaptor>
</ins><span class="cx"> ArrayBuffer* JSGenericTypedArrayView<Adaptor>::existingBuffer()
</span><span class="cx"> {
</span><span class="cx"> return existingBufferInButterfly();
</span><span class="lines">@@ -532,7 +544,7 @@
</span><span class="cx"> DeferGCForAWhile deferGC(*heap);
</span><span class="cx">
</span><span class="cx"> ASSERT(!thisObject->hasIndexingHeader());
</span><del>-
</del><ins>+
</ins><span class="cx"> RELEASE_ASSERT(!thisObject->hasIndexingHeader());
</span><span class="cx"> thisObject->m_butterfly.set(vm, thisObject, Butterfly::createOrGrowArrayRight(
</span><span class="cx"> thisObject->butterfly(), vm, thisObject, thisObject->structure(),
</span><span class="lines">@@ -570,7 +582,7 @@
</span><span class="cx"> JSGenericTypedArrayView<Adaptor>::getTypedArrayImpl(JSArrayBufferView* object)
</span><span class="cx"> {
</span><span class="cx"> JSGenericTypedArrayView* thisObject = jsCast<JSGenericTypedArrayView*>(object);
</span><del>- return thisObject->typedImpl();
</del><ins>+ return thisObject->possiblySharedTypedImpl();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSGenericTypedArrayViewPrototypeFunctionsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -37,6 +37,7 @@
</span><span class="cx"> #include "JSStringJoiner.h"
</span><span class="cx"> #include "StructureInlines.h"
</span><span class="cx"> #include "TypedArrayAdaptors.h"
</span><ins>+#include "TypedArrayController.h"
</ins><span class="cx"> #include <wtf/StdLibExtras.h>
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="lines">@@ -346,7 +347,7 @@
</span><span class="cx"> // 22.2.3.3
</span><span class="cx"> ViewClass* thisObject = jsCast<ViewClass*>(exec->thisValue());
</span><span class="cx">
</span><del>- return JSValue::encode(thisObject->jsBuffer(exec));
</del><ins>+ return JSValue::encode(thisObject->possiblySharedJSBuffer(exec));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename ViewClass>
</span><span class="lines">@@ -525,7 +526,7 @@
</span><span class="cx"> unsigned offset = begin;
</span><span class="cx"> unsigned length = end - begin;
</span><span class="cx">
</span><del>- RefPtr<ArrayBuffer> arrayBuffer = thisObject->buffer();
</del><ins>+ RefPtr<ArrayBuffer> arrayBuffer = thisObject->possiblySharedBuffer();
</ins><span class="cx"> RELEASE_ASSERT(thisLength == thisObject->length());
</span><span class="cx">
</span><span class="cx"> unsigned newByteOffset = thisObject->byteOffset() + offset * ViewClass::elementSize;
</span><span class="lines">@@ -542,7 +543,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> MarkedArgumentBuffer args;
</span><del>- args.append(vm.m_typedArrayController->toJS(exec, thisObject->globalObject(), thisObject->buffer()));
</del><ins>+ args.append(vm.m_typedArrayController->toJS(exec, thisObject->globalObject(), arrayBuffer.get()));
</ins><span class="cx"> args.append(jsNumber(newByteOffset));
</span><span class="cx"> args.append(jsNumber(length));
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSGlobalObjectcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -33,6 +33,7 @@
</span><span class="cx"> #include "ArrayConstructor.h"
</span><span class="cx"> #include "ArrayIteratorPrototype.h"
</span><span class="cx"> #include "ArrayPrototype.h"
</span><ins>+#include "AtomicsObject.h"
</ins><span class="cx"> #include "AsyncFunctionConstructor.h"
</span><span class="cx"> #include "AsyncFunctionPrototype.h"
</span><span class="cx"> #include "BooleanConstructor.h"
</span><span class="lines">@@ -203,6 +204,12 @@
</span><span class="cx"> return ConsoleObject::create(vm, global, ConsoleObject::createStructure(vm, global, constructEmptyObject(global->globalExec())));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+static JSValue createAtomicsProperty(VM& vm, JSObject* object)
+{
+ JSGlobalObject* global = jsCast<JSGlobalObject*>(object);
+ return AtomicsObject::create(vm, global, AtomicsObject::createStructure(vm, global, global->objectPrototype()));
+}
+
</ins><span class="cx"> static EncodedJSValue JSC_HOST_CALL makeBoundFunction(ExecState* exec)
</span><span class="cx"> {
</span><span class="cx"> VM& vm = exec->vm();
</span><span class="lines">@@ -253,6 +260,7 @@
</span><span class="cx"> Proxy createProxyProperty DontEnum|PropertyCallback
</span><span class="cx"> JSON createJSONProperty DontEnum|PropertyCallback
</span><span class="cx"> Math createMathProperty DontEnum|PropertyCallback
</span><ins>+ Atomics createAtomicsProperty DontEnum|PropertyCallback
</ins><span class="cx"> console createConsoleProperty DontEnum|PropertyCallback
</span><span class="cx"> Int8Array JSGlobalObject::m_typedArrayInt8 DontEnum|ClassStructure
</span><span class="cx"> Int16Array JSGlobalObject::m_typedArrayInt16 DontEnum|ClassStructure
</span><span class="lines">@@ -543,6 +551,13 @@
</span><span class="cx">
</span><span class="cx"> m_parseIntFunction.set(vm, this, JSFunction::create(vm, this, 2, vm.propertyNames->parseInt.string(), globalFuncParseInt, NoIntrinsic));
</span><span class="cx"> putDirectWithoutTransition(vm, vm.propertyNames->parseInt, m_parseIntFunction.get(), DontEnum);
</span><ins>+
+ m_arrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, this, JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), ArrayBufferSharingMode::Default));
+ m_arrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, this, m_arrayBufferPrototype.get()));
+ if (m_runtimeFlags.isSharedArrayBufferEnabled()) {
+ m_sharedArrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, this, JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), ArrayBufferSharingMode::Shared));
+ m_sharedArrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, this, m_sharedArrayBufferPrototype.get()));
+ }
</ins><span class="cx">
</span><span class="cx"> #define CREATE_PROTOTYPE_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
</span><span class="cx"> m_ ## lowerName ## Prototype.set(vm, this, capitalName##Prototype::create(vm, this, capitalName##Prototype::createStructure(vm, this, m_ ## prototypeBase ## Prototype.get()))); \
</span><span class="lines">@@ -595,6 +610,14 @@
</span><span class="cx">
</span><span class="cx"> m_regExpConstructor.set(vm, this, RegExpConstructor::create(vm, RegExpConstructor::createStructure(vm, this, m_functionPrototype.get()), m_regExpPrototype.get(), m_speciesGetterSetter.get()));
</span><span class="cx">
</span><ins>+ JSArrayBufferConstructor* arrayBufferConstructor = JSArrayBufferConstructor::create(vm, JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), m_arrayBufferPrototype.get(), m_speciesGetterSetter.get(), ArrayBufferSharingMode::Default);
+ m_arrayBufferPrototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, arrayBufferConstructor, DontEnum);
+ JSArrayBufferConstructor* sharedArrayBufferConstructor = nullptr;
+ if (m_runtimeFlags.isSharedArrayBufferEnabled()) {
+ sharedArrayBufferConstructor = JSArrayBufferConstructor::create(vm, JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), m_sharedArrayBufferPrototype.get(), m_speciesGetterSetter.get(), ArrayBufferSharingMode::Shared);
+ m_sharedArrayBufferPrototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, sharedArrayBufferConstructor, DontEnum);
+ }
+
</ins><span class="cx"> #define CREATE_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
</span><span class="cx"> capitalName ## Constructor* lowerName ## Constructor = capitalName ## Constructor::create(vm, capitalName ## Constructor::createStructure(vm, this, m_functionPrototype.get()), m_ ## lowerName ## Prototype.get(), m_speciesGetterSetter.get()); \
</span><span class="cx"> m_ ## lowerName ## Prototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, lowerName ## Constructor, DontEnum); \
</span><span class="lines">@@ -661,6 +684,10 @@
</span><span class="cx"> putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().ObjectPrivateName(), objectConstructor, DontEnum | DontDelete | ReadOnly);
</span><span class="cx"> putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().ArrayPrivateName(), arrayConstructor, DontEnum | DontDelete | ReadOnly);
</span><span class="cx">
</span><ins>+ putDirectWithoutTransition(vm, vm.propertyNames->ArrayBuffer, arrayBufferConstructor, DontEnum);
+ if (m_runtimeFlags.isSharedArrayBufferEnabled())
+ putDirectWithoutTransition(vm, vm.propertyNames->SharedArrayBuffer, sharedArrayBufferConstructor, DontEnum);
+
</ins><span class="cx"> #define PUT_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
</span><span class="cx"> putDirectWithoutTransition(vm, vm.propertyNames-> jsName, lowerName ## Constructor, DontEnum); \
</span><span class="cx">
</span><span class="lines">@@ -1172,6 +1199,11 @@
</span><span class="cx"> visitor.append(&thisObject->m_callableProxyObjectStructure);
</span><span class="cx"> visitor.append(&thisObject->m_proxyRevokeStructure);
</span><span class="cx"> visitor.append(&thisObject->m_moduleLoaderStructure);
</span><ins>+
+ visitor.append(&thisObject->m_arrayBufferPrototype);
+ visitor.append(&thisObject->m_arrayBufferStructure);
+ visitor.append(&thisObject->m_sharedArrayBufferPrototype);
+ visitor.append(&thisObject->m_sharedArrayBufferStructure);
</ins><span class="cx">
</span><span class="cx"> #define VISIT_SIMPLE_TYPE(CapitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
</span><span class="cx"> visitor.append(&thisObject->m_ ## lowerName ## Prototype); \
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSGlobalObjecth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -22,6 +22,7 @@
</span><span class="cx"> #pragma once
</span><span class="cx">
</span><span class="cx"> #include "ArrayAllocationProfile.h"
</span><ins>+#include "ArrayBufferSharingMode.h"
</ins><span class="cx"> #include "InternalFunction.h"
</span><span class="cx"> #include "JSArray.h"
</span><span class="cx"> #include "JSArrayBufferPrototype.h"
</span><span class="lines">@@ -71,6 +72,9 @@
</span><span class="cx"> class GetterSetter;
</span><span class="cx"> class GlobalCodeBlock;
</span><span class="cx"> class InputCursor;
</span><ins>+class JSArrayBuffer;
+class JSArrayBufferConstructor;
+class JSArrayBufferPrototype;
</ins><span class="cx"> class JSGlobalObjectDebuggable;
</span><span class="cx"> class JSInternalPromise;
</span><span class="cx"> class JSModuleLoader;
</span><span class="lines">@@ -77,6 +81,9 @@
</span><span class="cx"> class JSPromise;
</span><span class="cx"> class JSPromiseConstructor;
</span><span class="cx"> class JSPromisePrototype;
</span><ins>+class JSSharedArrayBuffer;
+class JSSharedArrayBufferConstructor;
+class JSSharedArrayBufferPrototype;
</ins><span class="cx"> class JSTypedArrayViewConstructor;
</span><span class="cx"> class JSTypedArrayViewPrototype;
</span><span class="cx"> class LLIntOffsetsExtractor;
</span><span class="lines">@@ -105,8 +112,7 @@
</span><span class="cx"> macro(Number, number, numberObject, NumberObject, Number, object) \
</span><span class="cx"> macro(Error, error, error, ErrorInstance, Error, object) \
</span><span class="cx"> macro(Map, map, map, JSMap, Map, object) \
</span><del>- macro(JSPromise, promise, promise, JSPromise, Promise, object) \
- macro(JSArrayBuffer, arrayBuffer, arrayBuffer, JSArrayBuffer, ArrayBuffer, object) \
</del><ins>+ macro(JSPromise, promise, promise, JSPromise, Promise, object)
</ins><span class="cx">
</span><span class="cx"> #define FOR_EACH_BUILTIN_DERIVED_ITERATOR_TYPE(macro) \
</span><span class="cx"> DEFINE_STANDARD_BUILTIN(macro, MapIterator, mapIterator) \
</span><span class="lines">@@ -321,6 +327,10 @@
</span><span class="cx"> WriteBarrier<Structure> m_callableProxyObjectStructure;
</span><span class="cx"> WriteBarrier<Structure> m_proxyRevokeStructure;
</span><span class="cx"> WriteBarrier<Structure> m_moduleLoaderStructure;
</span><ins>+ WriteBarrier<JSArrayBufferPrototype> m_arrayBufferPrototype;
+ WriteBarrier<Structure> m_arrayBufferStructure;
+ WriteBarrier<JSArrayBufferPrototype> m_sharedArrayBufferPrototype;
+ WriteBarrier<Structure> m_sharedArrayBufferStructure;
</ins><span class="cx">
</span><span class="cx"> #define DEFINE_STORAGE_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
</span><span class="cx"> WriteBarrier<capitalName ## Prototype> m_ ## lowerName ## Prototype; \
</span><span class="lines">@@ -640,7 +650,26 @@
</span><span class="cx"> void setName(const String&);
</span><span class="cx"> const String& name() const { return m_name; }
</span><span class="cx">
</span><del>- JSArrayBufferPrototype* arrayBufferPrototype() const { return m_arrayBufferPrototype.get(); }
</del><ins>+ JSArrayBufferPrototype* arrayBufferPrototype(ArrayBufferSharingMode sharingMode) const
+ {
+ switch (sharingMode) {
+ case ArrayBufferSharingMode::Default:
+ return m_arrayBufferPrototype.get();
+ case ArrayBufferSharingMode::Shared:
+ return m_sharedArrayBufferPrototype.get();
+ }
+ }
+ Structure* arrayBufferStructure(ArrayBufferSharingMode sharingMode) const
+ {
+ switch (sharingMode) {
+ case ArrayBufferSharingMode::Default:
+ return m_arrayBufferStructure.get();
+ case ArrayBufferSharingMode::Shared:
+ return m_sharedArrayBufferStructure.get();
+ }
+ RELEASE_ASSERT_NOT_REACHED();
+ return nullptr;
+ }
</ins><span class="cx">
</span><span class="cx"> #define DEFINE_ACCESSORS_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
</span><span class="cx"> Structure* properName ## Structure() { return m_ ## properName ## Structure.get(); }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeMathObjectcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/MathObject.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/MathObject.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/MathObject.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -21,10 +21,9 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "MathObject.h"
</span><span class="cx">
</span><del>-#include "Lookup.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "MathCommon.h"
</span><span class="cx"> #include "ObjectPrototype.h"
</span><del>-#include "JSCInlines.h"
</del><span class="cx"> #include <time.h>
</span><span class="cx"> #include <wtf/Assertions.h>
</span><span class="cx"> #include <wtf/MathExtras.h>
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeRuntimeFlagsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/RuntimeFlags.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/RuntimeFlags.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/RuntimeFlags.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,5 +1,6 @@
</span><span class="cx"> /*
</span><span class="cx"> * Copyright (C) 2015 Yusuke Suzuki <utatane.tea@gmail.com>.
</span><ins>+ * Copyright (C) 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -30,7 +31,8 @@
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="cx"> // macro(name, isEnabledFlag)
</span><del>-#define JSC_RUNTIME_FLAG(macro)
</del><ins>+#define JSC_RUNTIME_FLAG(macro) \
+ macro(SharedArrayBufferEnabled, true)
</ins><span class="cx">
</span><span class="cx"> class RuntimeFlags {
</span><span class="cx"> private:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeSimpleTypedArrayControllercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/SimpleTypedArrayController.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/SimpleTypedArrayController.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/SimpleTypedArrayController.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -43,7 +43,7 @@
</span><span class="cx">
</span><span class="cx"> // The JSArrayBuffer::create function will register the wrapper in finishCreation.
</span><span class="cx"> JSArrayBuffer* result = JSArrayBuffer::create(
</span><del>- exec->vm(), globalObject->arrayBufferStructure(), native);
</del><ins>+ exec->vm(), globalObject->arrayBufferStructure(native->sharingMode()), native);
</ins><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -53,6 +53,11 @@
</span><span class="cx"> native->m_wrapper = Weak<JSArrayBuffer>(wrapper, &m_owner);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+bool SimpleTypedArrayController::isAtomicsWaitAllowedOnCurrentThread()
+{
+ return true;
+}
+
</ins><span class="cx"> bool SimpleTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, JSC::SlotVisitor& visitor)
</span><span class="cx"> {
</span><span class="cx"> auto& wrapper = *JSC::jsCast<JSC::JSArrayBuffer*>(handle.slot()->asCell());
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeSimpleTypedArrayControllerh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/SimpleTypedArrayController.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/SimpleTypedArrayController.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/SimpleTypedArrayController.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -53,6 +53,7 @@
</span><span class="cx">
</span><span class="cx"> JSArrayBuffer* toJS(ExecState*, JSGlobalObject*, ArrayBuffer*) override;
</span><span class="cx"> void registerWrapper(JSGlobalObject*, ArrayBuffer*, JSArrayBuffer*) override;
</span><ins>+ bool isAtomicsWaitAllowedOnCurrentThread() override;
</ins><span class="cx">
</span><span class="cx"> private:
</span><span class="cx"> class JSArrayBufferOwner : public WeakHandleOwner {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeTypedArrayControllerh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/TypedArrayController.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/TypedArrayController.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/TypedArrayController.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -41,6 +41,7 @@
</span><span class="cx">
</span><span class="cx"> virtual JSArrayBuffer* toJS(ExecState*, JSGlobalObject*, ArrayBuffer*) = 0;
</span><span class="cx"> virtual void registerWrapper(JSGlobalObject*, ArrayBuffer*, JSArrayBuffer*) = 0;
</span><ins>+ virtual bool isAtomicsWaitAllowedOnCurrentThread() = 0;
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeTypedArrayTypeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/TypedArrayType.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/TypedArrayType.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/TypedArrayType.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -26,6 +26,7 @@
</span><span class="cx"> #pragma once
</span><span class="cx">
</span><span class="cx"> #include "JSType.h"
</span><ins>+#include <wtf/Optional.h>
</ins><span class="cx"> #include <wtf/PrintStream.h>
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="lines">@@ -119,6 +120,32 @@
</span><span class="cx"> const ClassInfo* constructorClassInfoForType(TypedArrayType);
</span><span class="cx"> JSType typeForTypedArrayType(TypedArrayType);
</span><span class="cx">
</span><ins>+inline TypedArrayType typedArrayTypeForType(JSType type)
+{
+ switch (type) {
+ case Int8ArrayType:
+ return TypeInt8;
+ case Int16ArrayType:
+ return TypeInt16;
+ case Int32ArrayType:
+ return TypeInt32;
+ case Uint8ArrayType:
+ return TypeUint8;
+ case Uint8ClampedArrayType:
+ return TypeUint8Clamped;
+ case Uint16ArrayType:
+ return TypeUint16;
+ case Uint32ArrayType:
+ return TypeUint32;
+ case Float32ArrayType:
+ return TypeFloat32;
+ case Float64ArrayType:
+ return TypeFloat64;
+ default:
+ return NotTypedArray;
+ }
+}
+
</ins><span class="cx"> inline bool isInt(TypedArrayType type)
</span><span class="cx"> {
</span><span class="cx"> switch (type) {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeVMh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/VM.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/VM.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/JavaScriptCore/runtime/VM.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -49,7 +49,6 @@
</span><span class="cx"> #include "SourceCode.h"
</span><span class="cx"> #include "Strong.h"
</span><span class="cx"> #include "ThunkGenerators.h"
</span><del>-#include "TypedArrayController.h"
</del><span class="cx"> #include "VMEntryRecord.h"
</span><span class="cx"> #include "Watchpoint.h"
</span><span class="cx"> #include <wtf/Bag.h>
</span><span class="lines">@@ -114,6 +113,7 @@
</span><span class="cx"> class RegExp;
</span><span class="cx"> #endif
</span><span class="cx"> class Symbol;
</span><ins>+class TypedArrayController;
</ins><span class="cx"> class UnlinkedCodeBlock;
</span><span class="cx"> class UnlinkedEvalCodeBlock;
</span><span class="cx"> class UnlinkedFunctionExecutable;
</span></span></pre></div>
<a id="trunkSourceWTFChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WTF/ChangeLog (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WTF/ChangeLog 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WTF/ChangeLog 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,3 +1,50 @@
</span><ins>+2016-10-29 Filip Pizlo <fpizlo@apple.com>
+
+ JSC should support SharedArrayBuffer
+ https://bugs.webkit.org/show_bug.cgi?id=163986
+
+ Reviewed by Keith Miller.
+
+ Adds some small things we need for SharedArrayBuffer.
+
+ * wtf/Atomics.h:
+ (WTF::Atomic::compareExchangeWeakRelaxed):
+ (WTF::Atomic::exchangeAdd):
+ (WTF::Atomic::exchangeAnd):
+ (WTF::Atomic::exchangeOr):
+ (WTF::Atomic::exchangeSub):
+ (WTF::Atomic::exchangeXor):
+ (WTF::atomicLoad):
+ (WTF::atomicStore):
+ (WTF::atomicCompareExchangeWeak):
+ (WTF::atomicCompareExchangeWeakRelaxed):
+ (WTF::atomicCompareExchangeStrong):
+ (WTF::atomicExchangeAdd):
+ (WTF::atomicExchangeAnd):
+ (WTF::atomicExchangeOr):
+ (WTF::atomicExchangeSub):
+ (WTF::atomicExchangeXor):
+ (WTF::atomicExchange):
+ (WTF::Atomic::exchangeAndAdd): Deleted.
+ (WTF::weakCompareAndSwap): Deleted.
+ We need to be able to do atomics operations on naked pointers. We also need to be able to do
+ all of the things that std::atomic does. This adds those things and renames
+ weakCompareAndSwap to atomicCompareExchangeWeakRelaxed so that we're using consistent
+ terminology.
+
+ * wtf/Bitmap.h:
+ (WTF::WordType>::concurrentTestAndSet): Renamed weakCompareAndSwap.
+ (WTF::WordType>::concurrentTestAndClear): Renamed weakCompareAndSwap.
+ * wtf/FastBitVector.h:
+ (WTF::FastBitVector::atomicSetAndCheck): Renamed weakCompareAndSwap.
+ * wtf/ParkingLot.cpp:
+ (WTF::ParkingLot::unparkOne):
+ (WTF::ParkingLot::unparkCount):
+ * wtf/ParkingLot.h:
+ Added unparkCount(), which lets you unpark some bounded number of threads and returns the
+ number of threads unparked. This is just a modest extension of unparkAll(). unparkAll() now
+ just calls unparkCount(ptr, UINT_MAX).
+
</ins><span class="cx"> 2016-10-30 Frederic Wang <fwang@igalia.com>
</span><span class="cx">
</span><span class="cx"> Use HarfBuzz ot-math API to parse the OpenType MATH table
</span></span></pre></div>
<a id="trunkSourceWTFwtfAtomicsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WTF/wtf/Atomics.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WTF/wtf/Atomics.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WTF/wtf/Atomics.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2007-2008, 2010, 2012-2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2007-2008, 2010, 2012-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> * Copyright (C) 2007 Justin Haygood (jhaygood@reaktix.com)
</span><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="lines">@@ -62,6 +62,11 @@
</span><span class="cx"> return value.compare_exchange_weak(expectedOrActual, desired, order);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ ALWAYS_INLINE bool compareExchangeWeakRelaxed(T expected, T desired)
+ {
+ return compareExchangeWeak(expected, desired, std::memory_order_relaxed);
+ }
+
</ins><span class="cx"> ALWAYS_INLINE bool compareExchangeWeak(T expected, T desired, std::memory_order order_success, std::memory_order order_failure)
</span><span class="cx"> {
</span><span class="cx"> T expectedOrActual = expected;
</span><span class="lines">@@ -68,35 +73,106 @@
</span><span class="cx"> return value.compare_exchange_weak(expectedOrActual, desired, order_success, order_failure);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- ALWAYS_INLINE bool compareExchangeStrong(T expected, T desired, std::memory_order order = std::memory_order_seq_cst)
</del><ins>+ ALWAYS_INLINE T compareExchangeStrong(T expected, T desired, std::memory_order order = std::memory_order_seq_cst)
</ins><span class="cx"> {
</span><span class="cx"> T expectedOrActual = expected;
</span><del>- return value.compare_exchange_strong(expectedOrActual, desired, order);
</del><ins>+ value.compare_exchange_strong(expectedOrActual, desired, order);
+ return expectedOrActual;
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- ALWAYS_INLINE bool compareExchangeStrong(T expected, T desired, std::memory_order order_success, std::memory_order order_failure)
</del><ins>+ ALWAYS_INLINE T compareExchangeStrong(T expected, T desired, std::memory_order order_success, std::memory_order order_failure)
</ins><span class="cx"> {
</span><span class="cx"> T expectedOrActual = expected;
</span><del>- return value.compare_exchange_strong(expectedOrActual, desired, order_success, order_failure);
</del><ins>+ value.compare_exchange_strong(expectedOrActual, desired, order_success, order_failure);
+ return expectedOrActual;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename U>
</span><del>- ALWAYS_INLINE T exchangeAndAdd(U addend, std::memory_order order = std::memory_order_seq_cst) { return value.fetch_add(addend, order); }
</del><ins>+ ALWAYS_INLINE T exchangeAdd(U operand, std::memory_order order = std::memory_order_seq_cst) { return value.fetch_add(operand, order); }
</ins><span class="cx">
</span><ins>+ template<typename U>
+ ALWAYS_INLINE T exchangeAnd(U operand, std::memory_order order = std::memory_order_seq_cst) { return value.fetch_and(operand, order); }
+
+ template<typename U>
+ ALWAYS_INLINE T exchangeOr(U operand, std::memory_order order = std::memory_order_seq_cst) { return value.fetch_or(operand, order); }
+
+ template<typename U>
+ ALWAYS_INLINE T exchangeSub(U operand, std::memory_order order = std::memory_order_seq_cst) { return value.fetch_sub(operand, order); }
+
+ template<typename U>
+ ALWAYS_INLINE T exchangeXor(U operand, std::memory_order order = std::memory_order_seq_cst) { return value.fetch_xor(operand, order); }
+
</ins><span class="cx"> ALWAYS_INLINE T exchange(T newValue, std::memory_order order = std::memory_order_seq_cst) { return value.exchange(newValue, order); }
</span><span class="cx">
</span><span class="cx"> std::atomic<T> value;
</span><span class="cx"> };
</span><span class="cx">
</span><del>-// This is a weak CAS function that takes a direct pointer and has no portable fencing guarantees.
</del><span class="cx"> template<typename T>
</span><del>-inline bool weakCompareAndSwap(volatile T* location, T expected, T newValue)
</del><ins>+inline T atomicLoad(T* location, std::memory_order order = std::memory_order_seq_cst)
</ins><span class="cx"> {
</span><del>- ASSERT(isPointerTypeAlignmentOkay(location) && "natural alignment required");
- ASSERT(bitwise_cast<std::atomic<T>*>(location)->is_lock_free() && "expected lock-free type");
- return bitwise_cast<Atomic<T>*>(location)->compareExchangeWeak(expected, newValue, std::memory_order_relaxed);
</del><ins>+ return bitwise_cast<Atomic<T>*>(location)->load(order);
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+template<typename T>
+inline void atomicStore(T* location, T newValue, std::memory_order order = std::memory_order_seq_cst)
+{
+ bitwise_cast<Atomic<T>*>(location)->store(newValue, order);
+}
+
+template<typename T>
+inline bool atomicCompareExchangeWeak(T* location, T expected, T newValue, std::memory_order order = std::memory_order_seq_cst)
+{
+ return bitwise_cast<Atomic<T>*>(location)->compareExchangeWeak(expected, newValue, order);
+}
+
+template<typename T>
+inline bool atomicCompareExchangeWeakRelaxed(T* location, T expected, T newValue)
+{
+ return bitwise_cast<Atomic<T>*>(location)->compareExchangeWeakRelaxed(expected, newValue);
+}
+
+template<typename T>
+inline T atomicCompareExchangeStrong(T* location, T expected, T newValue, std::memory_order order = std::memory_order_seq_cst)
+{
+ return bitwise_cast<Atomic<T>*>(location)->compareExchangeStrong(expected, newValue, order);
+}
+
+template<typename T, typename U>
+inline T atomicExchangeAdd(T* location, U operand, std::memory_order order = std::memory_order_seq_cst)
+{
+ return bitwise_cast<Atomic<T>*>(location)->exchangeAdd(operand, order);
+}
+
+template<typename T, typename U>
+inline T atomicExchangeAnd(T* location, U operand, std::memory_order order = std::memory_order_seq_cst)
+{
+ return bitwise_cast<Atomic<T>*>(location)->exchangeAnd(operand, order);
+}
+
+template<typename T, typename U>
+inline T atomicExchangeOr(T* location, U operand, std::memory_order order = std::memory_order_seq_cst)
+{
+ return bitwise_cast<Atomic<T>*>(location)->exchangeOr(operand, order);
+}
+
+template<typename T, typename U>
+inline T atomicExchangeSub(T* location, U operand, std::memory_order order = std::memory_order_seq_cst)
+{
+ return bitwise_cast<Atomic<T>*>(location)->exchangeSub(operand, order);
+}
+
+template<typename T, typename U>
+inline T atomicExchangeXor(T* location, U operand, std::memory_order order = std::memory_order_seq_cst)
+{
+ return bitwise_cast<Atomic<T>*>(location)->exchangeXor(operand, order);
+}
+
+template<typename T>
+inline T atomicExchange(T* location, T newValue, std::memory_order order = std::memory_order_seq_cst)
+{
+ return bitwise_cast<Atomic<T>*>(location)->exchange(newValue, order);
+}
+
</ins><span class="cx"> // Just a compiler fence. Has no effect on the hardware, but tells the compiler
</span><span class="cx"> // not to move things around this call. Should not affect the compiler's ability
</span><span class="cx"> // to do things like register allocation and code motion over pure operations.
</span></span></pre></div>
<a id="trunkSourceWTFwtfBitmaph"></a>
<div class="modfile"><h4>Modified: trunk/Source/WTF/wtf/Bitmap.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WTF/wtf/Bitmap.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WTF/wtf/Bitmap.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -142,7 +142,7 @@
</span><span class="cx"> oldValue = *wordPtr;
</span><span class="cx"> if (oldValue & mask)
</span><span class="cx"> return true;
</span><del>- } while (!weakCompareAndSwap(wordPtr, oldValue, static_cast<WordType>(oldValue | mask)));
</del><ins>+ } while (!atomicCompareExchangeWeakRelaxed(wordPtr, oldValue, static_cast<WordType>(oldValue | mask)));
</ins><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -157,7 +157,7 @@
</span><span class="cx"> oldValue = *wordPtr;
</span><span class="cx"> if (!(oldValue & mask))
</span><span class="cx"> return false;
</span><del>- } while (!weakCompareAndSwap(wordPtr, oldValue, static_cast<WordType>(oldValue & ~mask)));
</del><ins>+ } while (!atomicCompareExchangeWeakRelaxed(wordPtr, oldValue, static_cast<WordType>(oldValue & ~mask)));
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWTFwtfFastBitVectorh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WTF/wtf/FastBitVector.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WTF/wtf/FastBitVector.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WTF/wtf/FastBitVector.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -569,7 +569,7 @@
</span><span class="cx"> return false;
</span><span class="cx"> newValue = oldValue & ~mask;
</span><span class="cx"> }
</span><del>- if (weakCompareAndSwap(pointer, oldValue, newValue))
</del><ins>+ if (atomicCompareExchangeWeakRelaxed(pointer, oldValue, newValue))
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceWTFwtfParkingLotcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WTF/wtf/ParkingLot.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WTF/wtf/ParkingLot.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WTF/wtf/ParkingLot.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -416,7 +416,7 @@
</span><span class="cx"> // OK, right now the old hashtable is locked up and the new hashtable is ready to rock and
</span><span class="cx"> // roll. After we install the new hashtable, we can release all bucket locks.
</span><span class="cx">
</span><del>- bool result = hashtable.compareExchangeStrong(oldHashtable, newHashtable);
</del><ins>+ bool result = hashtable.compareExchangeStrong(oldHashtable, newHashtable) == oldHashtable;
</ins><span class="cx"> RELEASE_ASSERT(result);
</span><span class="cx">
</span><span class="cx"> unlockHashtable(bucketsToUnlock);
</span><span class="lines">@@ -671,6 +671,11 @@
</span><span class="cx"> RefPtr<ThreadData> threadData;
</span><span class="cx"> result.mayHaveMoreThreads = dequeue(
</span><span class="cx"> address,
</span><ins>+ // Why is this here?
+ // FIXME: It seems like this could be IgnoreEmpty, but I switched this to EnsureNonEmpty
+ // without explanation in r199760. We need it to use EnsureNonEmpty if we need to perform
+ // some operation while holding the bucket lock, which usually goes into the finish func.
+ // But if that operation is a no-op, then it's not clear why we need this.
</ins><span class="cx"> BucketMode::EnsureNonEmpty,
</span><span class="cx"> [&] (ThreadData* element, bool) {
</span><span class="cx"> if (element->address != address)
</span><span class="lines">@@ -743,14 +748,19 @@
</span><span class="cx"> threadData->parkingCondition.notify_one();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-NEVER_INLINE void ParkingLot::unparkAll(const void* address)
</del><ins>+NEVER_INLINE unsigned ParkingLot::unparkCount(const void* address, unsigned count)
</ins><span class="cx"> {
</span><ins>+ if (!count)
+ return 0;
+
</ins><span class="cx"> if (verbose)
</span><del>- dataLog(toString(currentThread(), ": unparking all from ", RawPointer(address), ".\n"));
</del><ins>+ dataLog(toString(currentThread(), ": unparking count = ", count, " from ", RawPointer(address), ".\n"));
</ins><span class="cx">
</span><span class="cx"> Vector<RefPtr<ThreadData>, 8> threadDatas;
</span><span class="cx"> dequeue(
</span><span class="cx"> address,
</span><ins>+ // FIXME: It seems like this ought to be EnsureNonEmpty if we follow what unparkOne() does,
+ // but that seems wrong.
</ins><span class="cx"> BucketMode::IgnoreEmpty,
</span><span class="cx"> [&] (ThreadData* element, bool) {
</span><span class="cx"> if (verbose)
</span><span class="lines">@@ -758,6 +768,8 @@
</span><span class="cx"> if (element->address != address)
</span><span class="cx"> return DequeueResult::Ignore;
</span><span class="cx"> threadDatas.append(element);
</span><ins>+ if (threadDatas.size() == count)
+ return DequeueResult::RemoveAndStop;
</ins><span class="cx"> return DequeueResult::RemoveAndContinue;
</span><span class="cx"> },
</span><span class="cx"> [] (bool) { });
</span><span class="lines">@@ -775,8 +787,15 @@
</span><span class="cx">
</span><span class="cx"> if (verbose)
</span><span class="cx"> dataLog(toString(currentThread(), ": done unparking.\n"));
</span><ins>+
+ return threadDatas.size();
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+NEVER_INLINE void ParkingLot::unparkAll(const void* address)
+{
+ unparkCount(address, UINT_MAX);
+}
+
</ins><span class="cx"> NEVER_INLINE void ParkingLot::forEachImpl(const ScopedLambda<void(ThreadIdentifier, const void*)>& callback)
</span><span class="cx"> {
</span><span class="cx"> Vector<Bucket*> bucketsToUnlock = lockHashtable();
</span></span></pre></div>
<a id="trunkSourceWTFwtfParkingLoth"></a>
<div class="modfile"><h4>Modified: trunk/Source/WTF/wtf/ParkingLot.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WTF/wtf/ParkingLot.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WTF/wtf/ParkingLot.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -128,6 +128,8 @@
</span><span class="cx"> {
</span><span class="cx"> unparkOneImpl(address, scopedLambdaRef<intptr_t(UnparkResult)>(callback));
</span><span class="cx"> }
</span><ins>+
+ WTF_EXPORT_PRIVATE static unsigned unparkCount(const void* address, unsigned count);
</ins><span class="cx">
</span><span class="cx"> // Unparks every thread from the queue associated with the given address, which cannot be null.
</span><span class="cx"> WTF_EXPORT_PRIVATE static void unparkAll(const void* address);
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/ChangeLog 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,3 +1,102 @@
</span><ins>+2016-10-29 Filip Pizlo <fpizlo@apple.com>
+
+ JSC should support SharedArrayBuffer
+ https://bugs.webkit.org/show_bug.cgi?id=163986
+
+ Reviewed by Keith Miller.
+
+ New tests added in the LayoutTests/workers/sab directory.
+
+ This teaches WebCore that a typed array could be shared or not. By default, WebCore will
+ reject shared typed arrays as if they were not typed arrays. This ensures that we don't get
+ race conditions in code that can't handle it.
+
+ If you postMessage a SharedArrayBuffer or something that wraps it, you will send the shared
+ memory to the other worker.
+
+ * Modules/encryptedmedia/CDMSessionClearKey.cpp:
+ (WebCore::CDMSessionClearKey::cachedKeyForKeyID):
+ * Modules/fetch/FetchBody.cpp:
+ (WebCore::FetchBody::extract):
+ * Modules/mediastream/RTCDataChannel.cpp:
+ (WebCore::RTCDataChannel::send):
+ * Modules/webaudio/AudioBuffer.cpp:
+ (WebCore::AudioBuffer::getChannelData):
+ * Modules/websockets/WebSocket.cpp:
+ (WebCore::WebSocket::send):
+ * bindings/js/JSBlobCustom.cpp:
+ (WebCore::constructJSBlob):
+ * bindings/js/JSCryptoAlgorithmDictionary.cpp:
+ (WebCore::createRsaKeyGenParams):
+ * bindings/js/JSCryptoCustom.cpp:
+ (WebCore::JSCrypto::getRandomValues):
+ * bindings/js/JSCryptoOperationData.cpp:
+ (WebCore::cryptoOperationDataFromJSValue):
+ * bindings/js/JSDOMBinding.h:
+ (WebCore::toJS):
+ (WebCore::toPossiblySharedArrayBufferView):
+ (WebCore::toUnsharedArrayBufferView):
+ (WebCore::toPossiblySharedInt8Array):
+ (WebCore::toPossiblySharedInt16Array):
+ (WebCore::toPossiblySharedInt32Array):
+ (WebCore::toPossiblySharedUint8Array):
+ (WebCore::toPossiblySharedUint8ClampedArray):
+ (WebCore::toPossiblySharedUint16Array):
+ (WebCore::toPossiblySharedUint32Array):
+ (WebCore::toPossiblySharedFloat32Array):
+ (WebCore::toPossiblySharedFloat64Array):
+ (WebCore::toUnsharedInt8Array):
+ (WebCore::toUnsharedInt16Array):
+ (WebCore::toUnsharedInt32Array):
+ (WebCore::toUnsharedUint8Array):
+ (WebCore::toUnsharedUint8ClampedArray):
+ (WebCore::toUnsharedUint16Array):
+ (WebCore::toUnsharedUint32Array):
+ (WebCore::toUnsharedFloat32Array):
+ (WebCore::toUnsharedFloat64Array):
+ (WebCore::toArrayBufferView): Deleted.
+ (WebCore::toInt8Array): Deleted.
+ (WebCore::toInt16Array): Deleted.
+ (WebCore::toInt32Array): Deleted.
+ (WebCore::toUint8Array): Deleted.
+ (WebCore::toUint8ClampedArray): Deleted.
+ (WebCore::toUint16Array): Deleted.
+ (WebCore::toUint32Array): Deleted.
+ (WebCore::toFloat32Array): Deleted.
+ (WebCore::toFloat64Array): Deleted.
+ * bindings/js/JSDataCueCustom.cpp:
+ (WebCore::constructJSDataCue):
+ * bindings/js/JSDictionary.cpp:
+ (WebCore::JSDictionary::convertValue):
+ * bindings/js/JSFileCustom.cpp:
+ (WebCore::constructJSFile):
+ * bindings/js/JSMessagePortCustom.cpp:
+ (WebCore::extractTransferables):
+ * bindings/js/JSWebGLRenderingContextBaseCustom.cpp:
+ (WebCore::dataFunctionf):
+ (WebCore::dataFunctioni):
+ (WebCore::dataFunctionMatrix):
+ * bindings/js/JSXMLHttpRequestCustom.cpp:
+ (WebCore::JSXMLHttpRequest::send):
+ * bindings/js/SerializedScriptValue.cpp:
+ (WebCore::CloneSerializer::dumpArrayBufferView):
+ (WebCore::CloneSerializer::dumpIfTerminal):
+ (WebCore::CloneDeserializer::readArrayBufferView):
+ (WebCore::CloneDeserializer::readTerminal):
+ (WebCore::SerializedScriptValue::transferArrayBuffers):
+ * bindings/js/StructuredClone.cpp:
+ (WebCore::structuredCloneArrayBuffer):
+ (WebCore::structuredCloneArrayBufferView):
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (JSValueToNative):
+ * css/FontFace.cpp:
+ (WebCore::FontFace::create):
+ * html/canvas/WebGL2RenderingContext.cpp:
+ (WebCore::WebGL2RenderingContext::bufferData):
+ (WebCore::WebGL2RenderingContext::bufferSubData):
+ * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
+ (WebCore::MediaPlayerPrivateAVFoundation::extractKeyURIKeyIDAndCertificateFromInitData):
+
</ins><span class="cx"> 2016-10-31 Simon Fraser <simon.fraser@apple.com>
</span><span class="cx">
</span><span class="cx"> Make UIScriptController::zoomToScale() work on Mac WK1 and WK2
</span></span></pre></div>
<a id="trunkSourceWebCoreModulesencryptedmediaCDMSessionClearKeycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/Modules/encryptedmedia/CDMSessionClearKey.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/Modules/encryptedmedia/CDMSessionClearKey.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/Modules/encryptedmedia/CDMSessionClearKey.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -183,7 +183,7 @@
</span><span class="cx">
</span><span class="cx"> auto keyData = m_cachedKeys.get(keyId);
</span><span class="cx"> RefPtr<Uint8Array> keyDataArray = Uint8Array::create(keyData.data(), keyData.size());
</span><del>- return keyDataArray->buffer();
</del><ins>+ return keyDataArray->unsharedBuffer();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceWebCoreModulesfetchFetchBodycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/Modules/fetch/FetchBody.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/Modules/fetch/FetchBody.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/Modules/fetch/FetchBody.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -73,12 +73,12 @@
</span><span class="cx"> if (value.inherits(JSReadableStream::info()))
</span><span class="cx"> return FetchBody();
</span><span class="cx"> if (value.inherits(JSC::JSArrayBuffer::info())) {
</span><del>- ArrayBuffer* data = toArrayBuffer(value);
</del><ins>+ ArrayBuffer* data = toUnsharedArrayBuffer(value);
</ins><span class="cx"> ASSERT(data);
</span><span class="cx"> return FetchBody(*data);
</span><span class="cx"> }
</span><span class="cx"> if (value.inherits(JSC::JSArrayBufferView::info()))
</span><del>- return FetchBody(toArrayBufferView(value).releaseConstNonNull());
</del><ins>+ return FetchBody(toUnsharedArrayBufferView(value).releaseConstNonNull());
</ins><span class="cx">
</span><span class="cx"> return Nullopt;
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceWebCoreModulesmediastreamRTCDataChannelcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/Modules/mediastream/RTCDataChannel.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/Modules/mediastream/RTCDataChannel.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/Modules/mediastream/RTCDataChannel.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -219,7 +219,7 @@
</span><span class="cx">
</span><span class="cx"> ExceptionOr<void> RTCDataChannel::send(ArrayBufferView& data)
</span><span class="cx"> {
</span><del>- return send(*data.buffer());
</del><ins>+ return send(*data.unsharedBuffer());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> ExceptionOr<void> RTCDataChannel::send(Blob&)
</span></span></pre></div>
<a id="trunkSourceWebCoreModuleswebaudioAudioBuffercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/Modules/webaudio/AudioBuffer.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/Modules/webaudio/AudioBuffer.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/Modules/webaudio/AudioBuffer.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -92,7 +92,7 @@
</span><span class="cx"> if (channelIndex >= m_channels.size())
</span><span class="cx"> return Exception { SYNTAX_ERR };
</span><span class="cx"> auto& channelData = *m_channels[channelIndex];
</span><del>- auto array = Float32Array::create(channelData.buffer(), channelData.byteOffset(), channelData.length());
</del><ins>+ auto array = Float32Array::create(channelData.unsharedBuffer(), channelData.byteOffset(), channelData.length());
</ins><span class="cx"> RELEASE_ASSERT(array);
</span><span class="cx"> return array.releaseNonNull();
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceWebCoreModuleswebsocketsWebSocketcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/Modules/websockets/WebSocket.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/Modules/websockets/WebSocket.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/Modules/websockets/WebSocket.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -358,7 +358,7 @@
</span><span class="cx"> return { };
</span><span class="cx"> }
</span><span class="cx"> ASSERT(m_channel);
</span><del>- m_channel->send(*arrayBufferView.buffer(), arrayBufferView.byteOffset(), arrayBufferView.byteLength());
</del><ins>+ m_channel->send(*arrayBufferView.unsharedBuffer(), arrayBufferView.byteOffset(), arrayBufferView.byteLength());
</ins><span class="cx"> return { };
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSBlobCustomcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSBlobCustom.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSBlobCustom.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/bindings/js/JSBlobCustom.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -120,9 +120,9 @@
</span><span class="cx"> JSValue item = blobParts->get(&exec, i);
</span><span class="cx"> RETURN_IF_EXCEPTION(scope, encodedJSValue());
</span><span class="cx">
</span><del>- if (ArrayBuffer* arrayBuffer = toArrayBuffer(item))
</del><ins>+ if (ArrayBuffer* arrayBuffer = toUnsharedArrayBuffer(item))
</ins><span class="cx"> blobBuilder.append(arrayBuffer);
</span><del>- else if (auto arrayBufferView = toArrayBufferView(item))
</del><ins>+ else if (auto arrayBufferView = toUnsharedArrayBufferView(item))
</ins><span class="cx"> blobBuilder.append(WTFMove(arrayBufferView));
</span><span class="cx"> else if (Blob* blob = JSBlob::toWrapped(item))
</span><span class="cx"> blobBuilder.append(blob);
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSCryptoAlgorithmDictionarycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSCryptoAlgorithmDictionary.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSCryptoAlgorithmDictionary.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/bindings/js/JSCryptoAlgorithmDictionary.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -242,7 +242,7 @@
</span><span class="cx"> JSValue publicExponentValue = getProperty(&state, value.getObject(), "publicExponent");
</span><span class="cx"> RETURN_IF_EXCEPTION(scope, nullptr);
</span><span class="cx">
</span><del>- RefPtr<Uint8Array> publicExponentArray = toUint8Array(publicExponentValue);
</del><ins>+ RefPtr<Uint8Array> publicExponentArray = toUnsharedUint8Array(publicExponentValue);
</ins><span class="cx"> if (!publicExponentArray) {
</span><span class="cx"> throwTypeError(&state, scope, ASCIILiteral("Expected a Uint8Array in publicExponent"));
</span><span class="cx"> return nullptr;
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSCryptoCustomcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSCryptoCustom.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSCryptoCustom.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/bindings/js/JSCryptoCustom.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -45,7 +45,7 @@
</span><span class="cx"> return throwException(&state, scope, createNotEnoughArgumentsError(&state));
</span><span class="cx">
</span><span class="cx"> JSValue buffer = state.argument(0);
</span><del>- auto arrayBufferView = toArrayBufferView(buffer);
</del><ins>+ auto arrayBufferView = toUnsharedArrayBufferView(buffer);
</ins><span class="cx"> if (!arrayBufferView)
</span><span class="cx"> return throwTypeError(&state, scope);
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSCryptoOperationDatacpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSCryptoOperationData.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSCryptoOperationData.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/bindings/js/JSCryptoOperationData.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -39,9 +39,9 @@
</span><span class="cx"> VM& vm = exec->vm();
</span><span class="cx"> auto scope = DECLARE_THROW_SCOPE(vm);
</span><span class="cx">
</span><del>- if (ArrayBuffer* buffer = toArrayBuffer(value))
</del><ins>+ if (ArrayBuffer* buffer = toUnsharedArrayBuffer(value))
</ins><span class="cx"> result = std::make_pair(static_cast<uint8_t*>(buffer->data()), buffer->byteLength());
</span><del>- else if (RefPtr<ArrayBufferView> bufferView = toArrayBufferView(value))
</del><ins>+ else if (RefPtr<ArrayBufferView> bufferView = toUnsharedArrayBufferView(value))
</ins><span class="cx"> result = std::make_pair(static_cast<uint8_t*>(bufferView->baseAddress()), bufferView->byteLength());
</span><span class="cx"> else {
</span><span class="cx"> throwTypeError(exec, scope, ASCIILiteral("Only ArrayBuffer and ArrayBufferView objects can be passed as CryptoOperationData"));
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSDOMBindingh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSDOMBinding.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSDOMBinding.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/bindings/js/JSDOMBinding.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -269,17 +269,28 @@
</span><span class="cx"> template<typename T> JSC::JSValue toJSIterator(JSC::ExecState&, JSDOMGlobalObject&, const T&);
</span><span class="cx"> JSC::JSValue toJSIteratorEnd(JSC::ExecState&);
</span><span class="cx">
</span><del>-RefPtr<JSC::ArrayBufferView> toArrayBufferView(JSC::JSValue);
-RefPtr<JSC::Int8Array> toInt8Array(JSC::JSValue);
-RefPtr<JSC::Int16Array> toInt16Array(JSC::JSValue);
-RefPtr<JSC::Int32Array> toInt32Array(JSC::JSValue);
-RefPtr<JSC::Uint8Array> toUint8Array(JSC::JSValue);
-RefPtr<JSC::Uint8ClampedArray> toUint8ClampedArray(JSC::JSValue);
-RefPtr<JSC::Uint16Array> toUint16Array(JSC::JSValue);
-RefPtr<JSC::Uint32Array> toUint32Array(JSC::JSValue);
-RefPtr<JSC::Float32Array> toFloat32Array(JSC::JSValue);
-RefPtr<JSC::Float64Array> toFloat64Array(JSC::JSValue);
</del><ins>+RefPtr<JSC::ArrayBufferView> toPossiblySharedArrayBufferView(JSC::JSValue);
+RefPtr<JSC::Int8Array> toPossiblySharedInt8Array(JSC::JSValue);
+RefPtr<JSC::Int16Array> toPossiblySharedInt16Array(JSC::JSValue);
+RefPtr<JSC::Int32Array> toPossiblySharedInt32Array(JSC::JSValue);
+RefPtr<JSC::Uint8Array> toPossiblySharedUint8Array(JSC::JSValue);
+RefPtr<JSC::Uint8ClampedArray> toPossiblySharedUint8ClampedArray(JSC::JSValue);
+RefPtr<JSC::Uint16Array> toPossiblySharedUint16Array(JSC::JSValue);
+RefPtr<JSC::Uint32Array> toPossiblySharedUint32Array(JSC::JSValue);
+RefPtr<JSC::Float32Array> toPossiblySharedFloat32Array(JSC::JSValue);
+RefPtr<JSC::Float64Array> toPossiblySharedFloat64Array(JSC::JSValue);
</ins><span class="cx">
</span><ins>+RefPtr<JSC::ArrayBufferView> toUnsharedArrayBufferView(JSC::JSValue);
+RefPtr<JSC::Int8Array> toUnsharedInt8Array(JSC::JSValue);
+RefPtr<JSC::Int16Array> toUnsharedInt16Array(JSC::JSValue);
+RefPtr<JSC::Int32Array> toUnsharedInt32Array(JSC::JSValue);
+RefPtr<JSC::Uint8Array> toUnsharedUint8Array(JSC::JSValue);
+RefPtr<JSC::Uint8ClampedArray> toUnsharedUint8ClampedArray(JSC::JSValue);
+RefPtr<JSC::Uint16Array> toUnsharedUint16Array(JSC::JSValue);
+RefPtr<JSC::Uint32Array> toUnsharedUint32Array(JSC::JSValue);
+RefPtr<JSC::Float32Array> toUnsharedFloat32Array(JSC::JSValue);
+RefPtr<JSC::Float64Array> toUnsharedFloat64Array(JSC::JSValue);
+
</ins><span class="cx"> template<typename T, typename JSType> Vector<Ref<T>> toRefNativeArray(JSC::ExecState&, JSC::JSValue);
</span><span class="cx"> WEBCORE_EXPORT bool hasIteratorMethod(JSC::ExecState&, JSC::JSValue);
</span><span class="cx">
</span><span class="lines">@@ -604,7 +615,7 @@
</span><span class="cx"> return result;
</span><span class="cx">
</span><span class="cx"> // The JSArrayBuffer::create function will register the wrapper in finishCreation.
</span><del>- return JSC::JSArrayBuffer::create(state->vm(), globalObject->arrayBufferStructure(), &buffer);
</del><ins>+ return JSC::JSArrayBuffer::create(state->vm(), globalObject->arrayBufferStructure(buffer.sharingMode()), &buffer);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> inline JSC::JSValue toJS(JSC::ExecState* state, JSC::JSGlobalObject* globalObject, JSC::ArrayBufferView& view)
</span><span class="lines">@@ -680,24 +691,42 @@
</span><span class="cx"> return createIteratorResultObject(&state, JSC::jsUndefined(), true);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline RefPtr<JSC::ArrayBufferView> toArrayBufferView(JSC::JSValue value)
</del><ins>+inline RefPtr<JSC::ArrayBufferView> toPossiblySharedArrayBufferView(JSC::JSValue value)
</ins><span class="cx"> {
</span><span class="cx"> auto* wrapper = jsDynamicDowncast<JSC::JSArrayBufferView*>(value);
</span><span class="cx"> if (!wrapper)
</span><span class="cx"> return nullptr;
</span><del>- return wrapper->impl();
</del><ins>+ return wrapper->possiblySharedImpl();
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-inline RefPtr<JSC::Int8Array> toInt8Array(JSC::JSValue value) { return JSC::toNativeTypedView<JSC::Int8Adaptor>(value); }
-inline RefPtr<JSC::Int16Array> toInt16Array(JSC::JSValue value) { return JSC::toNativeTypedView<JSC::Int16Adaptor>(value); }
-inline RefPtr<JSC::Int32Array> toInt32Array(JSC::JSValue value) { return JSC::toNativeTypedView<JSC::Int32Adaptor>(value); }
-inline RefPtr<JSC::Uint8Array> toUint8Array(JSC::JSValue value) { return JSC::toNativeTypedView<JSC::Uint8Adaptor>(value); }
-inline RefPtr<JSC::Uint8ClampedArray> toUint8ClampedArray(JSC::JSValue value) { return JSC::toNativeTypedView<JSC::Uint8ClampedAdaptor>(value); }
-inline RefPtr<JSC::Uint16Array> toUint16Array(JSC::JSValue value) { return JSC::toNativeTypedView<JSC::Uint16Adaptor>(value); }
-inline RefPtr<JSC::Uint32Array> toUint32Array(JSC::JSValue value) { return JSC::toNativeTypedView<JSC::Uint32Adaptor>(value); }
-inline RefPtr<JSC::Float32Array> toFloat32Array(JSC::JSValue value) { return JSC::toNativeTypedView<JSC::Float32Adaptor>(value); }
-inline RefPtr<JSC::Float64Array> toFloat64Array(JSC::JSValue value) { return JSC::toNativeTypedView<JSC::Float64Adaptor>(value); }
</del><ins>+inline RefPtr<JSC::ArrayBufferView> toUnsharedArrayBufferView(JSC::JSValue value)
+{
+ auto result = toPossiblySharedArrayBufferView(value);
+ if (!result || result->isShared())
+ return nullptr;
+ return result;
+}
</ins><span class="cx">
</span><ins>+inline RefPtr<JSC::Int8Array> toPossiblySharedInt8Array(JSC::JSValue value) { return JSC::toPossiblySharedNativeTypedView<JSC::Int8Adaptor>(value); }
+inline RefPtr<JSC::Int16Array> toPossiblySharedInt16Array(JSC::JSValue value) { return JSC::toPossiblySharedNativeTypedView<JSC::Int16Adaptor>(value); }
+inline RefPtr<JSC::Int32Array> toPossiblySharedInt32Array(JSC::JSValue value) { return JSC::toPossiblySharedNativeTypedView<JSC::Int32Adaptor>(value); }
+inline RefPtr<JSC::Uint8Array> toPossiblySharedUint8Array(JSC::JSValue value) { return JSC::toPossiblySharedNativeTypedView<JSC::Uint8Adaptor>(value); }
+inline RefPtr<JSC::Uint8ClampedArray> toPossiblySharedUint8ClampedArray(JSC::JSValue value) { return JSC::toPossiblySharedNativeTypedView<JSC::Uint8ClampedAdaptor>(value); }
+inline RefPtr<JSC::Uint16Array> toPossiblySharedUint16Array(JSC::JSValue value) { return JSC::toPossiblySharedNativeTypedView<JSC::Uint16Adaptor>(value); }
+inline RefPtr<JSC::Uint32Array> toPossiblySharedUint32Array(JSC::JSValue value) { return JSC::toPossiblySharedNativeTypedView<JSC::Uint32Adaptor>(value); }
+inline RefPtr<JSC::Float32Array> toPossiblySharedFloat32Array(JSC::JSValue value) { return JSC::toPossiblySharedNativeTypedView<JSC::Float32Adaptor>(value); }
+inline RefPtr<JSC::Float64Array> toPossiblySharedFloat64Array(JSC::JSValue value) { return JSC::toPossiblySharedNativeTypedView<JSC::Float64Adaptor>(value); }
+
+inline RefPtr<JSC::Int8Array> toUnsharedInt8Array(JSC::JSValue value) { return JSC::toUnsharedNativeTypedView<JSC::Int8Adaptor>(value); }
+inline RefPtr<JSC::Int16Array> toUnsharedInt16Array(JSC::JSValue value) { return JSC::toUnsharedNativeTypedView<JSC::Int16Adaptor>(value); }
+inline RefPtr<JSC::Int32Array> toUnsharedInt32Array(JSC::JSValue value) { return JSC::toUnsharedNativeTypedView<JSC::Int32Adaptor>(value); }
+inline RefPtr<JSC::Uint8Array> toUnsharedUint8Array(JSC::JSValue value) { return JSC::toUnsharedNativeTypedView<JSC::Uint8Adaptor>(value); }
+inline RefPtr<JSC::Uint8ClampedArray> toUnsharedUint8ClampedArray(JSC::JSValue value) { return JSC::toUnsharedNativeTypedView<JSC::Uint8ClampedAdaptor>(value); }
+inline RefPtr<JSC::Uint16Array> toUnsharedUint16Array(JSC::JSValue value) { return JSC::toUnsharedNativeTypedView<JSC::Uint16Adaptor>(value); }
+inline RefPtr<JSC::Uint32Array> toUnsharedUint32Array(JSC::JSValue value) { return JSC::toUnsharedNativeTypedView<JSC::Uint32Adaptor>(value); }
+inline RefPtr<JSC::Float32Array> toUnsharedFloat32Array(JSC::JSValue value) { return JSC::toUnsharedNativeTypedView<JSC::Float32Adaptor>(value); }
+inline RefPtr<JSC::Float64Array> toUnsharedFloat64Array(JSC::JSValue value) { return JSC::toUnsharedNativeTypedView<JSC::Float64Adaptor>(value); }
+
</ins><span class="cx"> template<typename T, typename JST> inline Vector<Ref<T>> toRefNativeArray(JSC::ExecState& state, JSC::JSValue value)
</span><span class="cx"> {
</span><span class="cx"> JSC::VM& vm = state.vm();
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSDataCueCustomcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSDataCueCustom.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSDataCueCustom.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/bindings/js/JSDataCueCustom.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -84,7 +84,7 @@
</span><span class="cx">
</span><span class="cx"> if (valueArgument.isCell() && valueArgument.asCell()->inherits(std::remove_pointer<JSArrayBuffer*>::type::info())) {
</span><span class="cx">
</span><del>- ArrayBuffer* data = toArrayBuffer(valueArgument);
</del><ins>+ ArrayBuffer* data = toUnsharedArrayBuffer(valueArgument);
</ins><span class="cx"> RETURN_IF_EXCEPTION(scope, encodedJSValue());
</span><span class="cx">
</span><span class="cx"> if (UNLIKELY(!data)) {
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSDictionarycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSDictionary.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSDictionary.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/bindings/js/JSDictionary.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -253,7 +253,7 @@
</span><span class="cx">
</span><span class="cx"> void JSDictionary::convertValue(JSC::ExecState*, JSC::JSValue value, RefPtr<Uint8Array>& result)
</span><span class="cx"> {
</span><del>- result = toUint8Array(value);
</del><ins>+ result = toUnsharedUint8Array(value);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> #if ENABLE(LEGACY_ENCRYPTED_MEDIA)
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSFileCustomcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSFileCustom.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSFileCustom.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/bindings/js/JSFileCustom.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -105,9 +105,9 @@
</span><span class="cx"> JSValue item = blobParts->get(&exec, i);
</span><span class="cx"> RETURN_IF_EXCEPTION(scope, encodedJSValue());
</span><span class="cx">
</span><del>- if (ArrayBuffer* arrayBuffer = toArrayBuffer(item))
</del><ins>+ if (ArrayBuffer* arrayBuffer = toUnsharedArrayBuffer(item))
</ins><span class="cx"> blobBuilder.append(arrayBuffer);
</span><del>- else if (RefPtr<ArrayBufferView> arrayBufferView = toArrayBufferView(item))
</del><ins>+ else if (RefPtr<ArrayBufferView> arrayBufferView = toUnsharedArrayBufferView(item))
</ins><span class="cx"> blobBuilder.append(WTFMove(arrayBufferView));
</span><span class="cx"> else if (Blob* blob = JSBlob::toWrapped(item))
</span><span class="cx"> blobBuilder.append(blob);
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSMessagePortCustomcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSMessagePortCustom.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSMessagePortCustom.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/bindings/js/JSMessagePortCustom.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -91,7 +91,7 @@
</span><span class="cx"> }
</span><span class="cx"> portArray.append(WTFMove(port));
</span><span class="cx"> } else {
</span><del>- if (RefPtr<ArrayBuffer> arrayBuffer = toArrayBuffer(value))
</del><ins>+ if (RefPtr<ArrayBuffer> arrayBuffer = toPossiblySharedArrayBuffer(value))
</ins><span class="cx"> arrayBuffers.append(WTFMove(arrayBuffer));
</span><span class="cx"> else {
</span><span class="cx"> throwTypeError(&state, scope);
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSWebGLRenderingContextBaseCustomcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSWebGLRenderingContextBaseCustom.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSWebGLRenderingContextBaseCustom.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/bindings/js/JSWebGLRenderingContextBaseCustom.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -513,7 +513,7 @@
</span><span class="cx">
</span><span class="cx"> RETURN_IF_EXCEPTION(scope, JSValue());
</span><span class="cx">
</span><del>- RefPtr<Float32Array> webGLArray = toFloat32Array(state.uncheckedArgument(1));
</del><ins>+ RefPtr<Float32Array> webGLArray = toUnsharedFloat32Array(state.uncheckedArgument(1));
</ins><span class="cx"> RETURN_IF_EXCEPTION(scope, JSValue());
</span><span class="cx">
</span><span class="cx"> ExceptionCode ec = 0;
</span><span class="lines">@@ -596,7 +596,7 @@
</span><span class="cx"> if (!location && !state.uncheckedArgument(0).isUndefinedOrNull())
</span><span class="cx"> return throwTypeError(&state, scope);
</span><span class="cx">
</span><del>- RefPtr<Int32Array> webGLArray = toInt32Array(state.uncheckedArgument(1));
</del><ins>+ RefPtr<Int32Array> webGLArray = toUnsharedInt32Array(state.uncheckedArgument(1));
</ins><span class="cx">
</span><span class="cx"> ExceptionCode ec = 0;
</span><span class="cx"> if (webGLArray) {
</span><span class="lines">@@ -662,7 +662,7 @@
</span><span class="cx"> bool transpose = state.uncheckedArgument(1).toBoolean(&state);
</span><span class="cx"> RETURN_IF_EXCEPTION(scope, JSValue());
</span><span class="cx">
</span><del>- RefPtr<Float32Array> webGLArray = toFloat32Array(state.uncheckedArgument(2));
</del><ins>+ RefPtr<Float32Array> webGLArray = toUnsharedFloat32Array(state.uncheckedArgument(2));
</ins><span class="cx">
</span><span class="cx"> if (webGLArray) {
</span><span class="cx"> switch (f) {
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSWorkerCustomcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSWorkerCustom.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSWorkerCustom.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/bindings/js/JSWorkerCustom.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -63,7 +63,7 @@
</span><span class="cx"> auto& window = asJSDOMWindow(state.lexicalGlobalObject())->wrapped();
</span><span class="cx">
</span><span class="cx"> ASSERT(window.document());
</span><del>- return JSValue::encode(toJSNewlyCreated(state, globalObject, scope, Worker::create(*window.document(), scriptURL)));
</del><ins>+ return JSValue::encode(toJSNewlyCreated(state, globalObject, scope, Worker::create(*window.document(), scriptURL, globalObject.runtimeFlags())));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace WebCore
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSWorkerGlobalScopeBasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2008, 2009 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2008, 2009, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> * Copyright (C) 2009 Google Inc. All Rights Reserved.
</span><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="lines">@@ -36,6 +36,7 @@
</span><span class="cx"> #include "JSWorkerGlobalScope.h"
</span><span class="cx"> #include "Language.h"
</span><span class="cx"> #include "WorkerGlobalScope.h"
</span><ins>+#include "WorkerThread.h"
</ins><span class="cx"> #include <runtime/JSCInlines.h>
</span><span class="cx"> #include <runtime/JSCJSValueInlines.h>
</span><span class="cx"> #include <runtime/Microtask.h>
</span><span class="lines">@@ -97,7 +98,8 @@
</span><span class="cx">
</span><span class="cx"> RuntimeFlags JSWorkerGlobalScopeBase::javaScriptRuntimeFlags(const JSGlobalObject* object)
</span><span class="cx"> {
</span><del>- return JSGlobalObject::javaScriptRuntimeFlags(object);
</del><ins>+ const JSWorkerGlobalScopeBase *thisObject = jsCast<const JSWorkerGlobalScopeBase*>(object);
+ return thisObject->m_wrapped->thread().runtimeFlags();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void JSWorkerGlobalScopeBase::queueTaskToEventLoop(const JSGlobalObject* object, Ref<JSC::Microtask>&& task)
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSXMLHttpRequestCustomcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSXMLHttpRequestCustom.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSXMLHttpRequestCustom.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/bindings/js/JSXMLHttpRequestCustom.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -115,10 +115,10 @@
</span><span class="cx"> result = wrapped().send(*JSBlob::toWrapped(value));
</span><span class="cx"> else if (value.inherits(JSDOMFormData::info()))
</span><span class="cx"> result = wrapped().send(*JSDOMFormData::toWrapped(value));
</span><del>- else if (value.inherits(JSArrayBuffer::info()))
- result = wrapped().send(*toArrayBuffer(value));
- else if (value.inherits(JSArrayBufferView::info()))
- result = wrapped().send(*toArrayBufferView(value).get());
</del><ins>+ else if (RefPtr<ArrayBuffer> arrayBuffer = toUnsharedArrayBuffer(value))
+ result = wrapped().send(*arrayBuffer);
+ else if (RefPtr<ArrayBufferView> arrayBufferView = toUnsharedArrayBufferView(value))
+ result = wrapped().send(*arrayBufferView);
</ins><span class="cx"> else {
</span><span class="cx"> // FIXME: If toString raises an exception, should we exit before calling willSendXMLHttpRequest?
</span><span class="cx"> // FIXME: If toString raises an exception, should we exit before calling send?
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsSerializedScriptValuecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/SerializedScriptValue.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/SerializedScriptValue.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/bindings/js/SerializedScriptValue.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -727,10 +727,10 @@
</span><span class="cx"> else
</span><span class="cx"> return false;
</span><span class="cx">
</span><del>- RefPtr<ArrayBufferView> arrayBufferView = toArrayBufferView(obj);
</del><ins>+ RefPtr<ArrayBufferView> arrayBufferView = toPossiblySharedArrayBufferView(obj);
</ins><span class="cx"> write(static_cast<uint32_t>(arrayBufferView->byteOffset()));
</span><span class="cx"> write(static_cast<uint32_t>(arrayBufferView->byteLength()));
</span><del>- RefPtr<ArrayBuffer> arrayBuffer = arrayBufferView->buffer();
</del><ins>+ RefPtr<ArrayBuffer> arrayBuffer = arrayBufferView->possiblySharedBuffer();
</ins><span class="cx"> if (!arrayBuffer) {
</span><span class="cx"> code = ValidationError;
</span><span class="cx"> return true;
</span><span class="lines">@@ -845,7 +845,7 @@
</span><span class="cx"> code = ValidationError;
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><del>- if (ArrayBuffer* arrayBuffer = toArrayBuffer(obj)) {
</del><ins>+ if (ArrayBuffer* arrayBuffer = toPossiblySharedArrayBuffer(obj)) {
</ins><span class="cx"> if (arrayBuffer->isNeutered()) {
</span><span class="cx"> code = ValidationError;
</span><span class="cx"> return true;
</span><span class="lines">@@ -1838,7 +1838,7 @@
</span><span class="cx"> if (length * elementSize != byteLength)
</span><span class="cx"> return false;
</span><span class="cx">
</span><del>- RefPtr<ArrayBuffer> arrayBuffer = toArrayBuffer(arrayBufferObj);
</del><ins>+ RefPtr<ArrayBuffer> arrayBuffer = toPossiblySharedArrayBuffer(arrayBufferObj);
</ins><span class="cx"> switch (arrayBufferViewSubtag) {
</span><span class="cx"> case DataViewTag:
</span><span class="cx"> arrayBufferView = getJSValue(DataView::create(arrayBuffer, byteOffset, length).get());
</span><span class="lines">@@ -2359,7 +2359,14 @@
</span><span class="cx"> fail();
</span><span class="cx"> return JSValue();
</span><span class="cx"> }
</span><del>- JSValue result = JSArrayBuffer::create(m_exec->vm(), m_globalObject->arrayBufferStructure(), WTFMove(arrayBuffer));
</del><ins>+ Structure* structure = m_globalObject->arrayBufferStructure(arrayBuffer->sharingMode());
+ // A crazy RuntimeFlags mismatch could mean that we are not equipped to handle shared
+ // array buffers while the sender is. In that case, we would see a null structure here.
+ if (!structure) {
+ fail();
+ return JSValue();
+ }
+ JSValue result = JSArrayBuffer::create(m_exec->vm(), structure, WTFMove(arrayBuffer));
</ins><span class="cx"> m_gcBuffer.append(result);
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="lines">@@ -2372,7 +2379,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (!m_arrayBuffers[index])
</span><del>- m_arrayBuffers[index] = ArrayBuffer::create(m_arrayBufferContents->at(index));
</del><ins>+ m_arrayBuffers[index] = ArrayBuffer::create(WTFMove(m_arrayBufferContents->at(index)));
</ins><span class="cx">
</span><span class="cx"> return getJSValue(m_arrayBuffers[index].get());
</span><span class="cx"> }
</span><span class="lines">@@ -2674,7 +2681,7 @@
</span><span class="cx"> continue;
</span><span class="cx"> visited.add(arrayBuffers[arrayBufferIndex].get());
</span><span class="cx">
</span><del>- bool result = arrayBuffers[arrayBufferIndex]->transfer(contents->at(arrayBufferIndex));
</del><ins>+ bool result = arrayBuffers[arrayBufferIndex]->transferTo(contents->at(arrayBufferIndex));
</ins><span class="cx"> if (!result) {
</span><span class="cx"> code = ValidationError;
</span><span class="cx"> return nullptr;
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsStructuredClonecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/StructuredClone.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/StructuredClone.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/bindings/js/StructuredClone.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -41,13 +41,13 @@
</span><span class="cx"> ASSERT(execState->argumentCount());
</span><span class="cx"> ASSERT(execState->lexicalGlobalObject());
</span><span class="cx">
</span><del>- ArrayBuffer* buffer = toArrayBuffer(execState->uncheckedArgument(0));
</del><ins>+ ArrayBuffer* buffer = toUnsharedArrayBuffer(execState->uncheckedArgument(0));
</ins><span class="cx"> if (!buffer) {
</span><span class="cx"> setDOMException(execState, DATA_CLONE_ERR);
</span><span class="cx"> return JSValue::encode(jsUndefined());
</span><span class="cx"> }
</span><span class="cx">
</span><del>- return JSValue::encode(JSArrayBuffer::create(execState->vm(), execState->lexicalGlobalObject()->arrayBufferStructure(), ArrayBuffer::tryCreate(buffer->data(), buffer->byteLength())));
</del><ins>+ return JSValue::encode(JSArrayBuffer::create(execState->vm(), execState->lexicalGlobalObject()->arrayBufferStructure(ArrayBufferSharingMode::Default), ArrayBuffer::tryCreate(buffer->data(), buffer->byteLength())));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> EncodedJSValue JSC_HOST_CALL structuredCloneArrayBufferView(ExecState* execState)
</span><span class="lines">@@ -59,7 +59,7 @@
</span><span class="cx"> auto* bufferView = jsDynamicDowncast<JSArrayBufferView*>(value);
</span><span class="cx"> ASSERT(bufferView);
</span><span class="cx">
</span><del>- auto* buffer = bufferView->buffer();
</del><ins>+ auto* buffer = bufferView->unsharedBuffer();
</ins><span class="cx"> if (!buffer) {
</span><span class="cx"> setDOMException(execState, DATA_CLONE_ERR);
</span><span class="cx"> return JSValue::encode(jsUndefined());
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsWebCoreTypedArrayControllercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/WebCoreTypedArrayController.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/WebCoreTypedArrayController.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/bindings/js/WebCoreTypedArrayController.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -52,6 +52,11 @@
</span><span class="cx"> cacheWrapper(JSC::jsCast<JSDOMGlobalObject*>(globalObject)->world(), native, wrapper);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+bool WebCoreTypedArrayController::isAtomicsWaitAllowedOnCurrentThread()
+{
+ return !isMainThread();
+}
+
</ins><span class="cx"> bool WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown> handle, void*, JSC::SlotVisitor& visitor)
</span><span class="cx"> {
</span><span class="cx"> auto& wrapper = *JSC::jsCast<JSC::JSArrayBuffer*>(handle.slot()->asCell());
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsWebCoreTypedArrayControllerh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/WebCoreTypedArrayController.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/WebCoreTypedArrayController.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/bindings/js/WebCoreTypedArrayController.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -41,6 +41,7 @@
</span><span class="cx">
</span><span class="cx"> JSC::JSArrayBuffer* toJS(JSC::ExecState*, JSC::JSGlobalObject*, JSC::ArrayBuffer*) override;
</span><span class="cx"> void registerWrapper(JSC::JSGlobalObject*, ArrayBuffer*, JSC::JSArrayBuffer*) override;
</span><ins>+ bool isAtomicsWaitAllowedOnCurrentThread() override;
</ins><span class="cx">
</span><span class="cx"> JSC::WeakHandleOwner* wrapperOwner() { return &m_owner; }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsscriptsCodeGeneratorJSpm"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -5314,7 +5314,7 @@
</span><span class="cx">
</span><span class="cx"> AddToImplIncludesForIDLType($type, $conditional);
</span><span class="cx">
</span><del>- return ("to@{[$type->name]}($value)", 1) if $codeGenerator->IsTypedArrayType($type);
</del><ins>+ return ("toUnshared@{[$type->name]}($value)", 1) if $codeGenerator->IsTypedArrayType($type);
</ins><span class="cx"> return ("parseEnumeration<" . GetEnumerationClassName($type, $interface) . ">($stateReference, $value)", 1) if $codeGenerator->IsEnumType($type);
</span><span class="cx">
</span><span class="cx"> # FIXME: EventListener should be a callback interface.
</span></span></pre></div>
<a id="trunkSourceWebCorecssFontFacecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/css/FontFace.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/css/FontFace.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/css/FontFace.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -60,9 +60,9 @@
</span><span class="cx"> if (!is<CSSValueList>(value.get()))
</span><span class="cx"> return Exception { SYNTAX_ERR };
</span><span class="cx"> CSSFontFace::appendSources(result->backing(), downcast<CSSValueList>(*value), &document, false);
</span><del>- } else if (auto arrayBufferView = toArrayBufferView(source))
</del><ins>+ } else if (auto arrayBufferView = toUnsharedArrayBufferView(source))
</ins><span class="cx"> dataRequiresAsynchronousLoading = populateFontFaceWithArrayBuffer(result->backing(), arrayBufferView.releaseNonNull());
</span><del>- else if (auto arrayBuffer = toArrayBuffer(source)) {
</del><ins>+ else if (auto arrayBuffer = toUnsharedArrayBuffer(source)) {
</ins><span class="cx"> auto arrayBufferView = JSC::Uint8Array::create(arrayBuffer, 0, arrayBuffer->byteLength());
</span><span class="cx"> dataRequiresAsynchronousLoading = populateFontFaceWithArrayBuffer(result->backing(), arrayBufferView.releaseNonNull());
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceWebCorehtmlcanvasWebGL2RenderingContextcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/html/canvas/WebGL2RenderingContext.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/html/canvas/WebGL2RenderingContext.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/html/canvas/WebGL2RenderingContext.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -94,7 +94,7 @@
</span><span class="cx"> synthesizeGLError(GraphicsContext3D::INVALID_VALUE, "bufferData", "srcOffset or length is out of bounds");
</span><span class="cx"> return;
</span><span class="cx"> }
</span><del>- auto slice = Uint8Array::create(data.buffer(), data.byteOffset() + srcOffset, length);
</del><ins>+ auto slice = Uint8Array::create(data.unsharedBuffer(), data.byteOffset() + srcOffset, length);
</ins><span class="cx"> if (!slice) {
</span><span class="cx"> synthesizeGLError(GraphicsContext3D::OUT_OF_MEMORY, "bufferData", "Could not create intermediate ArrayBufferView");
</span><span class="cx"> return;
</span><span class="lines">@@ -108,7 +108,7 @@
</span><span class="cx"> synthesizeGLError(GraphicsContext3D::INVALID_VALUE, "bufferData", "srcOffset or length is out of bounds");
</span><span class="cx"> return;
</span><span class="cx"> }
</span><del>- auto slice = Uint8Array::create(data.buffer(), data.byteOffset() + srcOffset, length);
</del><ins>+ auto slice = Uint8Array::create(data.unsharedBuffer(), data.byteOffset() + srcOffset, length);
</ins><span class="cx"> if (!slice) {
</span><span class="cx"> synthesizeGLError(GraphicsContext3D::OUT_OF_MEMORY, "bufferData", "Could not create intermediate ArrayBufferView");
</span><span class="cx"> return;
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformgraphicsavfoundationMediaPlayerPrivateAVFoundationcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1025,7 +1025,7 @@
</span><span class="cx"> if (initData->byteLength() < 4)
</span><span class="cx"> return false;
</span><span class="cx">
</span><del>- RefPtr<ArrayBuffer> initDataBuffer = initData->buffer();
</del><ins>+ RefPtr<ArrayBuffer> initDataBuffer = initData->unsharedBuffer();
</ins><span class="cx">
</span><span class="cx"> // Use a DataView to read uint32 values from the buffer, as Uint32Array requires the reads be aligned on 4-byte boundaries.
</span><span class="cx"> RefPtr<JSC::DataView> initDataView = JSC::DataView::create(initDataBuffer, 0, initDataBuffer->byteLength());
</span></span></pre></div>
<a id="trunkSourceWebCoreworkersDedicatedWorkerThreadcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/workers/DedicatedWorkerThread.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/workers/DedicatedWorkerThread.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/workers/DedicatedWorkerThread.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -38,8 +38,8 @@
</span><span class="cx">
</span><span class="cx"> namespace WebCore {
</span><span class="cx">
</span><del>-DedicatedWorkerThread::DedicatedWorkerThread(const URL& url, const String& userAgent, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerObjectProxy& workerObjectProxy, WorkerThreadStartMode startMode, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, bool shouldBypassMainWorldContentSecurityPolicy, const SecurityOrigin* topOrigin, IDBClient::IDBConnectionProxy* connectionProxy, SocketProvider* socketProvider)
- : WorkerThread(url, userAgent, sourceCode, workerLoaderProxy, workerObjectProxy, startMode, contentSecurityPolicyResponseHeaders, shouldBypassMainWorldContentSecurityPolicy, topOrigin, connectionProxy, socketProvider)
</del><ins>+DedicatedWorkerThread::DedicatedWorkerThread(const URL& url, const String& userAgent, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerObjectProxy& workerObjectProxy, WorkerThreadStartMode startMode, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, bool shouldBypassMainWorldContentSecurityPolicy, const SecurityOrigin* topOrigin, IDBClient::IDBConnectionProxy* connectionProxy, SocketProvider* socketProvider, JSC::RuntimeFlags runtimeFlags)
+ : WorkerThread(url, userAgent, sourceCode, workerLoaderProxy, workerObjectProxy, startMode, contentSecurityPolicyResponseHeaders, shouldBypassMainWorldContentSecurityPolicy, topOrigin, connectionProxy, socketProvider, runtimeFlags)
</ins><span class="cx"> , m_workerObjectProxy(workerObjectProxy)
</span><span class="cx"> {
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceWebCoreworkersDedicatedWorkerThreadh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/workers/DedicatedWorkerThread.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/workers/DedicatedWorkerThread.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/workers/DedicatedWorkerThread.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -53,7 +53,7 @@
</span><span class="cx"> void runEventLoop() override;
</span><span class="cx">
</span><span class="cx"> private:
</span><del>- DedicatedWorkerThread(const URL&, const String& userAgent, const String& sourceCode, WorkerLoaderProxy&, WorkerObjectProxy&, WorkerThreadStartMode, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy, const SecurityOrigin* topOrigin, IDBClient::IDBConnectionProxy*, SocketProvider*);
</del><ins>+ DedicatedWorkerThread(const URL&, const String& userAgent, const String& sourceCode, WorkerLoaderProxy&, WorkerObjectProxy&, WorkerThreadStartMode, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy, const SecurityOrigin* topOrigin, IDBClient::IDBConnectionProxy*, SocketProvider*, JSC::RuntimeFlags);
</ins><span class="cx">
</span><span class="cx"> WorkerObjectProxy& m_workerObjectProxy;
</span><span class="cx"> };
</span></span></pre></div>
<a id="trunkSourceWebCoreworkersWorkercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/workers/Worker.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/workers/Worker.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/workers/Worker.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -51,9 +51,10 @@
</span><span class="cx"> worker->notifyNetworkStateChange(isOnLine);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline Worker::Worker(ScriptExecutionContext& context)
</del><ins>+inline Worker::Worker(ScriptExecutionContext& context, JSC::RuntimeFlags runtimeFlags)
</ins><span class="cx"> : ActiveDOMObject(&context)
</span><span class="cx"> , m_contextProxy(WorkerGlobalScopeProxy::create(this))
</span><ins>+ , m_runtimeFlags(runtimeFlags)
</ins><span class="cx"> {
</span><span class="cx"> if (!allWorkers) {
</span><span class="cx"> allWorkers = new HashSet<Worker*>;
</span><span class="lines">@@ -64,7 +65,7 @@
</span><span class="cx"> ASSERT_UNUSED(addResult, addResult.isNewEntry);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-ExceptionOr<Ref<Worker>> Worker::create(ScriptExecutionContext& context, const String& url)
</del><ins>+ExceptionOr<Ref<Worker>> Worker::create(ScriptExecutionContext& context, const String& url, JSC::RuntimeFlags runtimeFlags)
</ins><span class="cx"> {
</span><span class="cx"> ASSERT(isMainThread());
</span><span class="cx">
</span><span class="lines">@@ -71,7 +72,7 @@
</span><span class="cx"> // We don't currently support nested workers, so workers can only be created from documents.
</span><span class="cx"> ASSERT_WITH_SECURITY_IMPLICATION(context.isDocument());
</span><span class="cx">
</span><del>- auto worker = adoptRef(*new Worker(context));
</del><ins>+ auto worker = adoptRef(*new Worker(context, runtimeFlags));
</ins><span class="cx">
</span><span class="cx"> worker->suspendIfNeeded();
</span><span class="cx">
</span><span class="lines">@@ -154,7 +155,7 @@
</span><span class="cx"> dispatchEvent(Event::create(eventNames().errorEvent, false, true));
</span><span class="cx"> else {
</span><span class="cx"> const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders = m_contentSecurityPolicyResponseHeaders ? m_contentSecurityPolicyResponseHeaders.value() : scriptExecutionContext()->contentSecurityPolicy()->responseHeaders();
</span><del>- m_contextProxy->startWorkerGlobalScope(m_scriptLoader->url(), scriptExecutionContext()->userAgent(m_scriptLoader->url()), m_scriptLoader->script(), contentSecurityPolicyResponseHeaders, m_shouldBypassMainWorldContentSecurityPolicy);
</del><ins>+ m_contextProxy->startWorkerGlobalScope(m_scriptLoader->url(), scriptExecutionContext()->userAgent(m_scriptLoader->url()), m_scriptLoader->script(), contentSecurityPolicyResponseHeaders, m_shouldBypassMainWorldContentSecurityPolicy, m_runtimeFlags);
</ins><span class="cx"> InspectorInstrumentation::scriptImported(scriptExecutionContext(), m_scriptLoader->identifier(), m_scriptLoader->script());
</span><span class="cx"> }
</span><span class="cx"> m_scriptLoader = nullptr;
</span></span></pre></div>
<a id="trunkSourceWebCoreworkersWorkerh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/workers/Worker.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/workers/Worker.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/workers/Worker.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2008, 2010 Apple Inc. All Rights Reserved.
</del><ins>+ * Copyright (C) 2008, 2010, 2016 Apple Inc. All Rights Reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -31,6 +31,7 @@
</span><span class="cx"> #include "EventTarget.h"
</span><span class="cx"> #include "MessagePort.h"
</span><span class="cx"> #include "WorkerScriptLoaderClient.h"
</span><ins>+#include <runtime/RuntimeFlags.h>
</ins><span class="cx"> #include <wtf/Optional.h>
</span><span class="cx"> #include <wtf/text/AtomicStringHash.h>
</span><span class="cx">
</span><span class="lines">@@ -42,7 +43,7 @@
</span><span class="cx">
</span><span class="cx"> class Worker final : public AbstractWorker, public ActiveDOMObject, private WorkerScriptLoaderClient {
</span><span class="cx"> public:
</span><del>- static ExceptionOr<Ref<Worker>> create(ScriptExecutionContext&, const String& url);
</del><ins>+ static ExceptionOr<Ref<Worker>> create(ScriptExecutionContext&, const String& url, JSC::RuntimeFlags);
</ins><span class="cx"> virtual ~Worker();
</span><span class="cx">
</span><span class="cx"> ExceptionOr<void> postMessage(RefPtr<SerializedScriptValue>&& message, Vector<RefPtr<MessagePort>>&&);
</span><span class="lines">@@ -54,7 +55,7 @@
</span><span class="cx"> ScriptExecutionContext* scriptExecutionContext() const final { return ActiveDOMObject::scriptExecutionContext(); }
</span><span class="cx">
</span><span class="cx"> private:
</span><del>- explicit Worker(ScriptExecutionContext&);
</del><ins>+ explicit Worker(ScriptExecutionContext&, JSC::RuntimeFlags);
</ins><span class="cx">
</span><span class="cx"> EventTargetInterface eventTargetInterface() const final { return WorkerEventTargetInterfaceType; }
</span><span class="cx">
</span><span class="lines">@@ -73,6 +74,7 @@
</span><span class="cx"> WorkerGlobalScopeProxy* m_contextProxy; // The proxy outlives the worker to perform thread shutdown.
</span><span class="cx"> Optional<ContentSecurityPolicyResponseHeaders> m_contentSecurityPolicyResponseHeaders;
</span><span class="cx"> bool m_shouldBypassMainWorldContentSecurityPolicy { false };
</span><ins>+ JSC::RuntimeFlags m_runtimeFlags;
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace WebCore
</span></span></pre></div>
<a id="trunkSourceWebCoreworkersWorkerGlobalScopeProxyh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/workers/WorkerGlobalScopeProxy.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/workers/WorkerGlobalScopeProxy.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/workers/WorkerGlobalScopeProxy.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -48,7 +48,7 @@
</span><span class="cx">
</span><span class="cx"> virtual ~WorkerGlobalScopeProxy() { }
</span><span class="cx">
</span><del>- virtual void startWorkerGlobalScope(const URL& scriptURL, const String& userAgent, const String& sourceCode, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy) = 0;
</del><ins>+ virtual void startWorkerGlobalScope(const URL& scriptURL, const String& userAgent, const String& sourceCode, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy, JSC::RuntimeFlags) = 0;
</ins><span class="cx">
</span><span class="cx"> virtual void terminateWorkerGlobalScope() = 0;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCoreworkersWorkerMessagingProxycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/workers/WorkerMessagingProxy.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/workers/WorkerMessagingProxy.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/workers/WorkerMessagingProxy.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -74,7 +74,7 @@
</span><span class="cx"> || (is<WorkerGlobalScope>(*m_scriptExecutionContext) && currentThread() == downcast<WorkerGlobalScope>(*m_scriptExecutionContext).thread().threadID()));
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void WorkerMessagingProxy::startWorkerGlobalScope(const URL& scriptURL, const String& userAgent, const String& sourceCode, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, bool shouldBypassMainWorldContentSecurityPolicy)
</del><ins>+void WorkerMessagingProxy::startWorkerGlobalScope(const URL& scriptURL, const String& userAgent, const String& sourceCode, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, bool shouldBypassMainWorldContentSecurityPolicy, JSC::RuntimeFlags runtimeFlags)
</ins><span class="cx"> {
</span><span class="cx"> // FIXME: This need to be revisited when we support nested worker one day
</span><span class="cx"> ASSERT(m_scriptExecutionContext);
</span><span class="lines">@@ -93,7 +93,7 @@
</span><span class="cx"> SocketProvider* socketProvider = nullptr;
</span><span class="cx"> #endif
</span><span class="cx">
</span><del>- RefPtr<DedicatedWorkerThread> thread = DedicatedWorkerThread::create(scriptURL, userAgent, sourceCode, *this, *this, startMode, contentSecurityPolicyResponseHeaders, shouldBypassMainWorldContentSecurityPolicy, document.topOrigin(), proxy, socketProvider);
</del><ins>+ RefPtr<DedicatedWorkerThread> thread = DedicatedWorkerThread::create(scriptURL, userAgent, sourceCode, *this, *this, startMode, contentSecurityPolicyResponseHeaders, shouldBypassMainWorldContentSecurityPolicy, document.topOrigin(), proxy, socketProvider, runtimeFlags);
</ins><span class="cx">
</span><span class="cx"> workerThreadCreated(thread);
</span><span class="cx"> thread->start();
</span></span></pre></div>
<a id="trunkSourceWebCoreworkersWorkerMessagingProxyh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/workers/WorkerMessagingProxy.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/workers/WorkerMessagingProxy.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/workers/WorkerMessagingProxy.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -50,7 +50,7 @@
</span><span class="cx">
</span><span class="cx"> // Implementations of WorkerGlobalScopeProxy.
</span><span class="cx"> // (Only use these methods in the worker object thread.)
</span><del>- void startWorkerGlobalScope(const URL& scriptURL, const String& userAgent, const String& sourceCode, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy) override;
</del><ins>+ void startWorkerGlobalScope(const URL& scriptURL, const String& userAgent, const String& sourceCode, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy, JSC::RuntimeFlags) override;
</ins><span class="cx"> void terminateWorkerGlobalScope() override;
</span><span class="cx"> void postMessageToWorkerGlobalScope(RefPtr<SerializedScriptValue>&&, std::unique_ptr<MessagePortChannelArray>) override;
</span><span class="cx"> bool hasPendingActivity() const override;
</span></span></pre></div>
<a id="trunkSourceWebCoreworkersWorkerThreadcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/workers/WorkerThread.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/workers/WorkerThread.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/workers/WorkerThread.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -94,10 +94,11 @@
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><del>-WorkerThread::WorkerThread(const URL& scriptURL, const String& userAgent, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerReportingProxy& workerReportingProxy, WorkerThreadStartMode startMode, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, bool shouldBypassMainWorldContentSecurityPolicy, const SecurityOrigin* topOrigin, IDBClient::IDBConnectionProxy* connectionProxy, SocketProvider* socketProvider)
</del><ins>+WorkerThread::WorkerThread(const URL& scriptURL, const String& userAgent, const String& sourceCode, WorkerLoaderProxy& workerLoaderProxy, WorkerReportingProxy& workerReportingProxy, WorkerThreadStartMode startMode, const ContentSecurityPolicyResponseHeaders& contentSecurityPolicyResponseHeaders, bool shouldBypassMainWorldContentSecurityPolicy, const SecurityOrigin* topOrigin, IDBClient::IDBConnectionProxy* connectionProxy, SocketProvider* socketProvider, JSC::RuntimeFlags runtimeFlags)
</ins><span class="cx"> : m_threadID(0)
</span><span class="cx"> , m_workerLoaderProxy(workerLoaderProxy)
</span><span class="cx"> , m_workerReportingProxy(workerReportingProxy)
</span><ins>+ , m_runtimeFlags(runtimeFlags)
</ins><span class="cx"> , m_startupData(std::make_unique<WorkerThreadStartupData>(scriptURL, userAgent, sourceCode, startMode, contentSecurityPolicyResponseHeaders, shouldBypassMainWorldContentSecurityPolicy, topOrigin))
</span><span class="cx"> #if ENABLE(INDEXED_DATABASE)
</span><span class="cx"> , m_idbConnectionProxy(connectionProxy)
</span></span></pre></div>
<a id="trunkSourceWebCoreworkersWorkerThreadh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/workers/WorkerThread.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/workers/WorkerThread.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebCore/workers/WorkerThread.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -27,6 +27,7 @@
</span><span class="cx">
</span><span class="cx"> #include "WorkerRunLoop.h"
</span><span class="cx"> #include <memory>
</span><ins>+#include <runtime/RuntimeFlags.h>
</ins><span class="cx"> #include <wtf/Forward.h>
</span><span class="cx"> #include <wtf/PassRefPtr.h>
</span><span class="cx"> #include <wtf/RefCounted.h>
</span><span class="lines">@@ -76,9 +77,11 @@
</span><span class="cx">
</span><span class="cx"> void startRunningDebuggerTasks();
</span><span class="cx"> void stopRunningDebuggerTasks();
</span><ins>+
+ JSC::RuntimeFlags runtimeFlags() const { return m_runtimeFlags; }
</ins><span class="cx">
</span><span class="cx"> protected:
</span><del>- WorkerThread(const URL&, const String& userAgent, const String& sourceCode, WorkerLoaderProxy&, WorkerReportingProxy&, WorkerThreadStartMode, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy, const SecurityOrigin* topOrigin, IDBClient::IDBConnectionProxy*, SocketProvider*);
</del><ins>+ WorkerThread(const URL&, const String& userAgent, const String& sourceCode, WorkerLoaderProxy&, WorkerReportingProxy&, WorkerThreadStartMode, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy, const SecurityOrigin* topOrigin, IDBClient::IDBConnectionProxy*, SocketProvider*, JSC::RuntimeFlags);
</ins><span class="cx">
</span><span class="cx"> // Factory method for creating a new worker context for the thread.
</span><span class="cx"> virtual Ref<WorkerGlobalScope> createWorkerGlobalScope(const URL&, const String& userAgent, const ContentSecurityPolicyResponseHeaders&, bool shouldBypassMainWorldContentSecurityPolicy, PassRefPtr<SecurityOrigin> topOrigin) = 0;
</span><span class="lines">@@ -100,6 +103,7 @@
</span><span class="cx"> WorkerRunLoop m_runLoop;
</span><span class="cx"> WorkerLoaderProxy& m_workerLoaderProxy;
</span><span class="cx"> WorkerReportingProxy& m_workerReportingProxy;
</span><ins>+ JSC::RuntimeFlags m_runtimeFlags;
</ins><span class="cx"> bool m_pausedForDebugger { false };
</span><span class="cx">
</span><span class="cx"> RefPtr<WorkerGlobalScope> m_workerGlobalScope;
</span></span></pre></div>
<a id="trunkSourceWebKitmacChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/mac/ChangeLog (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/mac/ChangeLog 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebKit/mac/ChangeLog 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,3 +1,14 @@
</span><ins>+2016-10-29 Filip Pizlo <fpizlo@apple.com>
+
+ JSC should support SharedArrayBuffer
+ https://bugs.webkit.org/show_bug.cgi?id=163986
+
+ Reviewed by Keith Miller.
+
+ Support the RuntimeFlag.
+
+ * WebView/WebPreferencesPrivate.h:
+
</ins><span class="cx"> 2016-10-31 Wenson Hsieh <wenson_hsieh@apple.com>
</span><span class="cx">
</span><span class="cx"> [WK1] Candidate visibility should not update as a result of selection during a dictionary lookup
</span></span></pre></div>
<a id="trunkSourceWebKitmacWebViewWebPreferencesPrivateh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/mac/WebView/WebPreferencesPrivate.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/mac/WebView/WebPreferencesPrivate.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebKit/mac/WebView/WebPreferencesPrivate.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -53,7 +53,8 @@
</span><span class="cx"> } WebStorageBlockingPolicy;
</span><span class="cx">
</span><span class="cx"> typedef enum {
</span><del>- WebKitJavaScriptRuntimeFlagsAllEnabled = 0
</del><ins>+ WebKitJavaScriptRuntimeFlagsSharedArrayBufferEnabled = 1u << 0,
+ WebKitJavaScriptRuntimeFlagsAllEnabled = WebKitJavaScriptRuntimeFlagsSharedArrayBufferEnabled
</ins><span class="cx"> } WebKitJavaScriptRuntimeFlags;
</span><span class="cx">
</span><span class="cx"> extern NSString *WebPreferencesChangedNotification;
</span></span></pre></div>
<a id="trunkSourceWebKitwinChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/win/ChangeLog (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/win/ChangeLog 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebKit/win/ChangeLog 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,3 +1,14 @@
</span><ins>+2016-10-29 Filip Pizlo <fpizlo@apple.com>
+
+ JSC should support SharedArrayBuffer
+ https://bugs.webkit.org/show_bug.cgi?id=163986
+
+ Reviewed by Keith Miller.
+
+ Support the RuntimeFlag.
+
+ * Interfaces/IWebPreferencesPrivate.idl:
+
</ins><span class="cx"> 2016-10-31 Joseph Pecoraro <pecoraro@apple.com>
</span><span class="cx">
</span><span class="cx"> Use #pragma once in WebCore
</span></span></pre></div>
<a id="trunkSourceWebKitwinInterfacesIWebPreferencesPrivateidl"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/win/Interfaces/IWebPreferencesPrivate.idl (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/win/Interfaces/IWebPreferencesPrivate.idl 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebKit/win/Interfaces/IWebPreferencesPrivate.idl 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -32,7 +32,8 @@
</span><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> typedef enum WebKitJavaScriptRuntimeFlags {
</span><del>- WebKitJavaScriptRuntimeFlagsAllEnabled = 0
</del><ins>+ WebKitJavaScriptRuntimeFlagsSharedArrayBufferEnabled = 1,
+ WebKitJavaScriptRuntimeFlagsAllEnabled = 1
</ins><span class="cx"> } WebKitJavaScriptRuntimeFlags;
</span><span class="cx">
</span><span class="cx"> [
</span><span class="lines">@@ -191,4 +192,4 @@
</span><span class="cx"> interface IWebPreferencesPrivate4 : IWebPreferencesPrivate3
</span><span class="cx"> {
</span><span class="cx"> HRESULT setApplicationId([in] BSTR applicationId);
</span><del>-}
</del><span class="cx">\ No newline at end of file
</span><ins>+}
</ins></span></pre></div>
<a id="trunkSourceWebKit2ChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/ChangeLog (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/ChangeLog 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebKit2/ChangeLog 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,3 +1,17 @@
</span><ins>+2016-10-29 Filip Pizlo <fpizlo@apple.com>
+
+ JSC should support SharedArrayBuffer
+ https://bugs.webkit.org/show_bug.cgi?id=163986
+
+ Reviewed by Keith Miller.
+
+ Adds some small things we need for SharedArrayBuffer.
+
+ * UIProcess/API/C/WKPreferencesRefPrivate.h:
+ * UIProcess/API/Cocoa/WKPreferencesPrivate.h:
+ * WebProcess/InjectedBundle/InjectedBundle.cpp:
+ (WebKit::InjectedBundle::createWebDataFromUint8Array):
+
</ins><span class="cx"> 2016-10-31 Brady Eidson <beidson@apple.com>
</span><span class="cx">
</span><span class="cx"> IndexedDB 2.0: Support IDBObjectStore getAll/getAllKeys.
</span></span></pre></div>
<a id="trunkSourceWebKit2UIProcessAPICWKPreferencesRefPrivateh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/UIProcess/API/C/WKPreferencesRefPrivate.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/UIProcess/API/C/WKPreferencesRefPrivate.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebKit2/UIProcess/API/C/WKPreferencesRefPrivate.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -50,7 +50,8 @@
</span><span class="cx"> typedef enum WKEditableLinkBehavior WKEditableLinkBehavior;
</span><span class="cx">
</span><span class="cx"> enum WKJavaScriptRuntimeFlags {
</span><del>- kWKJavaScriptRuntimeFlagsAllEnabled = 0
</del><ins>+ kWKJavaScriptRuntimeFlagsSharedArrayBufferEnabled = 1 << 0,
+ kWKJavaScriptRuntimeFlagsAllEnabled = kWKJavaScriptRuntimeFlagsSharedArrayBufferEnabled
</ins><span class="cx"> };
</span><span class="cx"> typedef unsigned WKJavaScriptRuntimeFlagSet;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebKit2UIProcessAPICocoaWKPreferencesPrivateh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/UIProcess/API/Cocoa/WKPreferencesPrivate.h (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/UIProcess/API/Cocoa/WKPreferencesPrivate.h 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebKit2/UIProcess/API/Cocoa/WKPreferencesPrivate.h 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -43,7 +43,8 @@
</span><span class="cx"> } WK_API_AVAILABLE(macosx(10.11), ios(9.0));
</span><span class="cx">
</span><span class="cx"> typedef NS_OPTIONS(NSUInteger, _WKJavaScriptRuntimeFlags) {
</span><del>- _WKJavaScriptRuntimeFlagsAllEnabled = 0
</del><ins>+ _WKJavaScriptRuntimeFlagsSharedArrayBufferEnabled = 1 << 0,
+ _WKJavaScriptRuntimeFlagsAllEnabled = _WKJavaScriptRuntimeFlagsSharedArrayBufferEnabled
</ins><span class="cx"> } WK_API_AVAILABLE(macosx(10.11), ios(9.0));
</span><span class="cx">
</span><span class="cx"> @class _WKExperimentalFeature;
</span></span></pre></div>
<a id="trunkSourceWebKit2WebProcessInjectedBundleInjectedBundlecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/WebProcess/InjectedBundle/InjectedBundle.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/WebProcess/InjectedBundle/InjectedBundle.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Source/WebKit2/WebProcess/InjectedBundle/InjectedBundle.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -572,7 +572,7 @@
</span><span class="cx"> PassRefPtr<API::Data> InjectedBundle::createWebDataFromUint8Array(JSContextRef context, JSValueRef data)
</span><span class="cx"> {
</span><span class="cx"> JSC::ExecState* execState = toJS(context);
</span><del>- RefPtr<Uint8Array> arrayData = WebCore::toUint8Array(toJS(execState, data));
</del><ins>+ RefPtr<Uint8Array> arrayData = WebCore::toUnsharedUint8Array(toJS(execState, data));
</ins><span class="cx"> return API::Data::create(static_cast<unsigned char*>(arrayData->baseAddress()), arrayData->byteLength());
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkToolsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Tools/ChangeLog (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/ChangeLog 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Tools/ChangeLog 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -1,3 +1,15 @@
</span><ins>+2016-10-29 Filip Pizlo <fpizlo@apple.com>
+
+ JSC should support SharedArrayBuffer
+ https://bugs.webkit.org/show_bug.cgi?id=163986
+
+ Reviewed by Keith Miller.
+
+ Use the right kind of typed array API.
+
+ * DumpRenderTree/TestRunner.cpp:
+ (setAudioResultCallback):
+
</ins><span class="cx"> 2016-10-31 Simon Fraser <simon.fraser@apple.com>
</span><span class="cx">
</span><span class="cx"> Make UIScriptController::zoomToScale() work on Mac WK1 and WK2
</span></span></pre></div>
<a id="trunkToolsDumpRenderTreeTestRunnercpp"></a>
<div class="modfile"><h4>Modified: trunk/Tools/DumpRenderTree/TestRunner.cpp (208208 => 208209)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/DumpRenderTree/TestRunner.cpp 2016-11-01 02:56:30 UTC (rev 208208)
+++ trunk/Tools/DumpRenderTree/TestRunner.cpp 2016-11-01 03:10:00 UTC (rev 208209)
</span><span class="lines">@@ -340,7 +340,7 @@
</span><span class="cx"> // FIXME (123058): Use a JSC API to get buffer contents once such is exposed.
</span><span class="cx"> JSC::JSArrayBufferView* jsBufferView = JSC::jsDynamicCast<JSC::JSArrayBufferView*>(toJS(toJS(context), arguments[0]));
</span><span class="cx"> ASSERT(jsBufferView);
</span><del>- RefPtr<JSC::ArrayBufferView> bufferView = jsBufferView->impl();
</del><ins>+ RefPtr<JSC::ArrayBufferView> bufferView = jsBufferView->unsharedImpl();
</ins><span class="cx"> const char* buffer = static_cast<const char*>(bufferView->baseAddress());
</span><span class="cx"> std::vector<char> audioData(buffer, buffer + bufferView->byteLength());
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>