Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
[JSC] Implement growable SharedArrayBuffer part 1
https://bugs.webkit.org/show_bug.cgi?id=247541 rdar://102006760 Reviewed by Mark Lam. This patch adds first patch for growable SharedArrayBuffer. This patch does not add TypedArray's length tracking (when backing ArrayBuffer is resized, then TypedArray's length needs to be changed too). 1. We extract Wasm::MemoryHandle to runtime to use it for non wasm. This offers growable memory infrastructure since it was used for growable shared Wasm::Memory. This also requires moving MemoryMode, MemorySharingMode, and PageCount from wasm to runtime. 2. We add resizable TypedArrayTypes, and currently DFG does OSR exit when we encounter it. We also change it from uint32_t to uint8_t to make room in TypedArray to have more information. 3. This patch adds growable SharedArrayBuffer's methods. 4. We add OSAllocator::protect to make (1) work on Windows too. * JSTests/test262/config.yaml: * JSTests/test262/expectations.yaml: * JSTests/wasm/stress/shared-wasm-memory-buffer.js: * Source/JavaScriptCore/CMakeLists.txt: * Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj: * Source/JavaScriptCore/Sources.txt: * Source/JavaScriptCore/bytecode/AccessCase.cpp: (JSC::AccessCase::generateWithGuard): * Source/JavaScriptCore/bytecode/ExitKind.cpp: (JSC::exitKindToString): * Source/JavaScriptCore/bytecode/ExitKind.h: * Source/JavaScriptCore/dfg/DFGOperations.cpp: (JSC::DFG::newTypedArrayWithSize): * Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::jumpForTypedArrayOutOfBounds): (JSC::DFG::SpeculativeJIT::jumpForTypedArrayIsDetachedIfOutOfBounds): * Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compileGetTypedArrayLengthAsInt52): (JSC::DFG::SpeculativeJIT::compileGetTypedArrayByteOffsetAsInt52): (JSC::DFG::SpeculativeJIT::compile): * Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h: * Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::emitGetTypedArrayByteOffsetExceptSettingResult): (JSC::FTL::DFG::LowerDFGToB3::compileGetArrayLength): (JSC::FTL::DFG::LowerDFGToB3::compileGetTypedArrayLengthAsInt52): (JSC::FTL::DFG::LowerDFGToB3::emitNewTypedArrayWithSize): (JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq): * Source/JavaScriptCore/heap/StructureAlignedMemoryAllocator.cpp: (JSC::StructureMemoryManager::commitBlock): (JSC::StructureMemoryManager::decommitBlock): * Source/JavaScriptCore/jit/AssemblyHelpers.cpp: (JSC::AssemblyHelpers::branchIfFastTypedArray): (JSC::AssemblyHelpers::branchIfNotFastTypedArray): * Source/JavaScriptCore/jit/IntrinsicEmitter.cpp: (JSC::IntrinsicGetterAccessCase::emitIntrinsicGetter): * Source/JavaScriptCore/jsc.cpp: (JSC_DEFINE_HOST_FUNCTION): * Source/JavaScriptCore/llint/LowLevelInterpreter.asm: * Source/JavaScriptCore/llint/WebAssembly.asm: * Source/JavaScriptCore/runtime/ArrayBuffer.cpp: (JSC::ArrayBufferContents::tryAllocate): (JSC::ArrayBufferContents::makeShared): (JSC::ArrayBufferContents::copyTo): (JSC::ArrayBufferContents::shareWith): (JSC::ArrayBuffer::createFromBytes): (JSC::ArrayBuffer::createShared): (JSC::ArrayBuffer::tryCreate): (JSC::ArrayBuffer::grow): (JSC::tryAllocate): (JSC::ArrayBuffer::tryCreateShared): (JSC::SharedArrayBufferContents::grow): * Source/JavaScriptCore/runtime/ArrayBuffer.h: (JSC::ArrayBuffer::byteLength const): (JSC::ArrayBuffer::maxByteLength const): (JSC::IdempotentArrayBufferByteLengthGetter::IdempotentArrayBufferByteLengthGetter): (JSC::IdempotentArrayBufferByteLengthGetter::operator()): * Source/JavaScriptCore/runtime/BufferMemoryHandle.cpp: Added. (JSC::BufferMemoryHandle::fastMappedRedzoneBytes): (JSC::BufferMemoryHandle::fastMappedBytes): (JSC::BufferMemoryResult::toString): (JSC::BufferMemoryResult::dump const): (JSC::BufferMemoryManager::tryAllocateFastMemory): (JSC::BufferMemoryManager::freeFastMemory): (JSC::BufferMemoryManager::tryAllocateGrowableBoundsCheckingMemory): (JSC::BufferMemoryManager::freeGrowableBoundsCheckingMemory): (JSC::BufferMemoryManager::isInGrowableOrFastMemory): (JSC::BufferMemoryManager::tryAllocatePhysicalBytes): (JSC::BufferMemoryManager::freePhysicalBytes): (JSC::BufferMemoryManager::dump const): (JSC::BufferMemoryManager::singleton): (JSC::BufferMemoryHandle::BufferMemoryHandle): (JSC::BufferMemoryHandle::~BufferMemoryHandle): (JSC::BufferMemoryHandle::memory const): * Source/JavaScriptCore/runtime/BufferMemoryHandle.h: Added. (JSC::BufferMemoryResult::BufferMemoryResult): (JSC::BufferMemoryManager::memoryLimit const): * Source/JavaScriptCore/runtime/CommonIdentifiers.h: * Source/JavaScriptCore/runtime/JSArrayBufferConstructor.cpp: (JSC::JSGenericArrayBufferConstructor<sharingMode>::constructImpl): * Source/JavaScriptCore/runtime/JSArrayBufferPrototype.cpp: (JSC::arrayBufferSlice): (JSC::JSC_DEFINE_HOST_FUNCTION): (JSC::JSArrayBufferPrototype::finishCreation): * Source/JavaScriptCore/runtime/JSArrayBufferView.cpp: (JSC::JSArrayBufferView::ConstructionContext::ConstructionContext): (JSC::JSArrayBufferView::JSArrayBufferView): (JSC::JSArrayBufferView::finishCreation): (JSC::JSArrayBufferView::detach): (JSC::JSArrayBufferView::slowDownAndWasteMemory): (JSC::isIntegerIndexedObjectOutOfBounds): (JSC::integerIndexedObjectLength): (JSC::integerIndexedObjectByteLength): (WTF::printInternal): * Source/JavaScriptCore/runtime/JSArrayBufferView.h: (JSC::hasArrayBuffer): (JSC::isResizable): (JSC::JSArrayBufferView::ConstructionContext::vector const): (JSC::JSArrayBufferView::ConstructionContext::maxByteLength const): (JSC::JSArrayBufferView::ConstructionContext::maxByteLengthUnsafe const): (JSC::JSArrayBufferView::vector const): (JSC::JSArrayBufferView::maxByteLength const): (JSC::JSArrayBufferView::offsetOfMaxByteLength): * Source/JavaScriptCore/runtime/JSArrayBufferViewInlines.h: (JSC::JSArrayBufferView::isShared): (JSC::JSArrayBufferView::possiblySharedBufferImpl): (JSC::JSArrayBufferView::existingBufferInButterfly): * Source/JavaScriptCore/runtime/JSCJSValue.h: * Source/JavaScriptCore/runtime/JSCJSValueInlines.h: (JSC::JSValue::toTypedArrayIndex const): * Source/JavaScriptCore/runtime/JSGenericTypedArrayView.h: * Source/JavaScriptCore/runtime/JSGenericTypedArrayViewConstructorInlines.h: (JSC::constructGenericTypedArrayViewWithArguments): (JSC::constructGenericTypedArrayViewImpl): * Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h: (JSC::JSGenericTypedArrayView<Adaptor>::deletePropertyByIndex): (JSC::JSGenericTypedArrayView<Adaptor>::visitChildrenImpl): * Source/JavaScriptCore/runtime/MemoryMode.cpp: Renamed from Source/JavaScriptCore/wasm/WasmMemoryMode.cpp. (WTF::printInternal): * Source/JavaScriptCore/runtime/MemoryMode.h: Renamed from Source/JavaScriptCore/wasm/WasmMemoryMode.h. * Source/JavaScriptCore/runtime/OptionsList.h: * Source/JavaScriptCore/runtime/PageCount.cpp: Renamed from Source/JavaScriptCore/wasm/WasmPageCount.cpp. (JSC::PageCount::dump const): * Source/JavaScriptCore/runtime/PageCount.h: Renamed from Source/JavaScriptCore/wasm/WasmPageCount.h. (JSC::PageCount::PageCount): (JSC::PageCount::bytes const): (JSC::PageCount::pageCount const): (JSC::PageCount::isValid): (JSC::PageCount::isValid const): (JSC::PageCount::fromBytes): (JSC::PageCount::fromBytesWithRoundUp): (JSC::PageCount::max): (JSC::PageCount::operator bool const): (JSC::PageCount::operator< const): (JSC::PageCount::operator> const): (JSC::PageCount::operator>= const): (JSC::PageCount::operator== const): (JSC::PageCount::operator!= const): (JSC::PageCount::operator+ const): * Source/JavaScriptCore/runtime/StructureInlines.h: (JSC::Structure::hasIndexingHeader const): * Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp: (JSC::Wasm::AirIRGenerator::addCurrentMemory): * Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::addCurrentMemory): * Source/JavaScriptCore/wasm/WasmCallee.h: * Source/JavaScriptCore/wasm/WasmCalleeGroup.cpp: (JSC::Wasm::CalleeGroup::isSafeToRun): * Source/JavaScriptCore/wasm/WasmCalleeGroup.h: * Source/JavaScriptCore/wasm/WasmFormat.h: * Source/JavaScriptCore/wasm/WasmMemory.cpp: (JSC::Wasm::Memory::Memory): (JSC::Wasm::Memory::create): (JSC::Wasm::Memory::createZeroSized): (JSC::Wasm::Memory::tryCreate): (JSC::Wasm::Memory::addressIsInGrowableOrFastMemory): (JSC::Wasm::Memory::growShared): (JSC::Wasm::Memory::grow): (JSC::Wasm::Memory::dump const): (JSC::Wasm::MemoryHandle::MemoryHandle): Deleted. (JSC::Wasm::MemoryHandle::~MemoryHandle): Deleted. (JSC::Wasm::MemoryHandle::memory const): Deleted. (JSC::Wasm::Memory::fastMappedRedzoneBytes): Deleted. (JSC::Wasm::Memory::fastMappedBytes): Deleted. * Source/JavaScriptCore/wasm/WasmMemory.h: (JSC::Wasm::Memory::maxFastMemoryCount): Deleted. * Source/JavaScriptCore/wasm/WasmMemoryInformation.h: * Source/JavaScriptCore/wasm/WasmModule.cpp: (JSC::Wasm::Module::copyInitialCalleeGroupToAllMemoryModes): * Source/JavaScriptCore/wasm/WasmModule.h: * Source/JavaScriptCore/wasm/WasmOperations.cpp: (JSC::Wasm::JSC_DEFINE_JIT_OPERATION): * Source/JavaScriptCore/wasm/js/JSToWasm.cpp: (JSC::Wasm::createJSToWasmWrapper): * Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp: (JSC::JSWebAssemblyInstance::tryCreate): * Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h: * Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.cpp: (JSC::JSWebAssemblyMemory::buffer): (JSC::JSWebAssemblyMemory::grow): (JSC::JSWebAssemblyMemory::type): (JSC::JSWebAssemblyMemory::growSuccessCallback): * Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.h: * Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h: * Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp: (JSC::WebAssemblyFunction::calleeSaves const): (JSC::WebAssemblyFunction::jsCallEntrypointSlow): * Source/JavaScriptCore/wasm/js/WebAssemblyMemoryConstructor.cpp: (JSC::JSC_DEFINE_HOST_FUNCTION): * Source/JavaScriptCore/wasm/js/WebAssemblyMemoryPrototype.cpp: (JSC::JSC_DEFINE_HOST_FUNCTION): * Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp: (JSC::WebAssemblyModuleRecord::initializeImports): * Source/WTF/wtf/OSAllocator.h: * Source/WTF/wtf/posix/OSAllocatorPOSIX.cpp: (WTF::OSAllocator::protect): * Source/WTF/wtf/win/OSAllocatorWin.cpp: (WTF::OSAllocator::protect): * Source/WebCore/bindings/js/SerializedScriptValue.cpp: (WebCore::CloneSerializer::dumpIfTerminal): (WebCore::CloneDeserializer::readTerminal): * Source/WebCore/bindings/js/SerializedScriptValue.h: Canonical link: https://commits.webkit.org/256524@main
- Loading branch information
1 parent
7c870a9
commit 7a29252