Skip to content

Commit 41e47bc

Browse files
phoboslabphoboslab
committed
Fix TypedArray prototype caching issues. Close phoboslab#6 
1 parent 2a7b2b5 commit 41e47bc

15 files changed

+54
-28
lines changed

JavaScriptCore/runtime/JSGlobalObject.cpp

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -425,6 +425,20 @@ void JSGlobalObject::visitChildren(JSCell* cell, SlotVisitor& visitor)
425425
visitIfNeeded(visitor, &thisObject->m_regExpStructure);
426426
visitIfNeeded(visitor, &thisObject->m_stringObjectStructure);
427427
visitIfNeeded(visitor, &thisObject->m_internalFunctionStructure);
428+
429+
430+
// PL: Visit Typed Array Constructors
431+
JSObjectMap::iterator cEnd = thisObject->typedArrayConstructorMap.end();
432+
for( JSObjectMap::iterator it = thisObject->typedArrayConstructorMap.begin(); it != cEnd; ++it ) {
433+
visitIfNeeded(visitor, &it->second);
434+
}
435+
436+
// PL: Visit Typed Array Structures
437+
JSStructureMap::iterator sEnd = thisObject->typedArrayStructureMap.end();
438+
for( JSStructureMap::iterator it = thisObject->typedArrayStructureMap.begin(); it != sEnd; ++it ) {
439+
visitIfNeeded(visitor, &it->second);
440+
}
441+
428442

429443
if (thisObject->m_registerArray) {
430444
// Outside the execution of global code, when our variables are torn off,

JavaScriptCore/runtime/JSGlobalObject.h

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -169,9 +169,12 @@ namespace JSC {
169169
}
170170

171171
static JS_EXPORTDATA const ClassInfo s_info;
172-
173-
HashMap<const JSC::ClassInfo*, JSC::WriteBarrier<JSC::JSObject> > typedArrayConstructorMap;
174-
HashMap<const JSC::ClassInfo*, JSC::WriteBarrier<JSC::JSObject> > typedArrayPrototypeMap;
172+
173+
typedef HashMap<const JSC::ClassInfo*, JSC::WriteBarrier<JSC::JSObject> > JSObjectMap;
174+
typedef HashMap<const JSC::ClassInfo*, JSC::WriteBarrier<JSC::Structure> > JSStructureMap;
175+
176+
JSObjectMap typedArrayConstructorMap;
177+
JSStructureMap typedArrayStructureMap;
175178

176179
protected:
177180
explicit JSGlobalObject(JSGlobalData& globalData, Structure* structure, const GlobalObjectMethodTable* globalObjectMethodTable = 0)

JavaScriptCore/runtime/TypedArrays/GlobalDataHelper.h

Lines changed: 20 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -40,19 +40,28 @@ inline JSC::JSObject* getDOMConstructor(JSC::ExecState* exec, JSC::JSGlobalObjec
4040
return constructor;
4141
}
4242

43-
template<class PrototypeClass>
44-
inline JSC::JSObject* getDOMPrototype(JSC::ExecState* exec, JSC::JSGlobalObject* globalObject)
43+
template<class TypeClass>
44+
inline JSC::Structure* getDOMStructure(JSC::ExecState* exec, JSC::JSGlobalObject* globalObject)
4545
{
46-
if (JSC::JSObject* prototype = globalObject->typedArrayPrototypeMap.get(&PrototypeClass::s_info).get())
47-
return prototype;
48-
49-
JSC::JSObject* prototype = PrototypeClass::create(exec->globalData(), globalObject,
50-
PrototypeClass::createStructure(exec->globalData(), globalObject, globalObject->objectPrototype()));
46+
if (JSC::Structure* structure = globalObject->typedArrayStructureMap.get(&TypeClass::s_info).get()) {
47+
return structure;
48+
}
5149

52-
ASSERT(!globalObject->typedArrayPrototypeMap.contains(&PrototypeClass::s_info));
53-
JSC::WriteBarrier<JSC::JSObject> temp;
54-
globalObject->typedArrayPrototypeMap.add(&PrototypeClass::s_info, temp).iterator->second.set(exec->globalData(), globalObject, prototype);
55-
return prototype;
50+
51+
JSC::JSObject * proto = TypeClass::createPrototype(exec, globalObject);
52+
JSC::Structure *structure = TypeClass::createStructure(exec->globalData(), globalObject, proto);
53+
54+
globalObject->typedArrayStructureMap.set(
55+
&TypeClass::s_info,
56+
JSC::WriteBarrier<JSC::Structure>(globalObject->globalData(), globalObject, structure)
57+
);
58+
return structure;
59+
}
60+
61+
template<class TypeClass>
62+
inline JSC::JSObject* getDOMPrototype(JSC::ExecState* exec, JSC::JSGlobalObject* globalObject)
63+
{
64+
return JSC::jsCast<JSC::JSObject*>(asObject(getDOMStructure<TypeClass>(exec, globalObject)->storedPrototype()));
5665
}
5766

5867
}

JavaScriptCore/runtime/TypedArrays/JSArrayBuffer.cpp

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -104,7 +104,7 @@ const ClassInfo JSArrayBufferPrototype::s_info = { "ArrayBufferPrototype", &Base
104104
static JSObject * globalProto = NULL;
105105
JSObject* JSArrayBufferPrototype::self(ExecState* exec, JSGlobalObject* globalObject)
106106
{
107-
return getDOMPrototype<JSArrayBufferPrototype>(exec, globalObject);
107+
return getDOMPrototype<JSArrayBuffer>(exec, globalObject);
108108
}
109109

110110
bool JSArrayBufferPrototype::getOwnPropertySlot(JSCell* cell, ExecState* exec, const Identifier& propertyName, PropertySlot& slot)
@@ -244,7 +244,7 @@ void JSArrayBufferOwner::finalize(JSC::Handle<JSC::Unknown> handle, void* contex
244244

245245
JSC::JSValue toJS(JSC::ExecState* exec, JSGlobalObject* globalObject, ArrayBuffer* impl)
246246
{
247-
JSArrayBuffer * buf = JSArrayBuffer::create( JSArrayBuffer::createStructure(exec->globalData(), globalObject, JSArrayBufferPrototype::self(exec, globalObject)), globalObject, impl);
247+
JSArrayBuffer * buf = JSArrayBuffer::create( getDOMStructure<JSArrayBuffer>(exec, globalObject), globalObject, impl);
248248
JSC::JSCell* jsCell = reinterpret_cast<JSC::JSCell*>(buf);
249249
return jsCell;
250250
}

JavaScriptCore/runtime/TypedArrays/JSArrayBufferView.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ const ClassInfo JSArrayBufferViewPrototype::s_info = { "ArrayBufferViewPrototype
6363

6464
JSObject* JSArrayBufferViewPrototype::self(ExecState* exec, JSGlobalObject* globalObject)
6565
{
66-
return getDOMPrototype<JSArrayBufferViewPrototype>(exec, globalObject);
66+
return getDOMPrototype<JSArrayBufferView>(exec, globalObject);
6767
}
6868

6969
static const HashTable* getJSArrayBufferViewTable(ExecState* exec)

JavaScriptCore/runtime/TypedArrays/JSArrayBufferViewHelper.h

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@
3434
#include <runtime/JSObject.h>
3535
#include <runtime/JSValue.h>
3636
#include <wtf/ArrayBufferView.h>
37+
#include "GlobalDataHelper.h"
3738

3839
namespace WebCore {
3940

@@ -167,8 +168,7 @@ static JSC::JSValue toJSArrayBufferView(JSC::ExecState* exec, JSC::JSGlobalObjec
167168
return JSC::jsNull();
168169

169170
exec->heap()->reportExtraMemoryCost(object->byteLength());
170-
JSC::JSCell * jsCell = JSType::create(JSType::createStructure(exec->globalData(), globalObject,JSType::createPrototype(exec, globalObject)), globalObject, object);
171-
return jsCell;
171+
return JSType::create(getDOMStructure<JSType>(exec, globalObject), globalObject, object);
172172
}
173173

174174
} // namespace WebCore

JavaScriptCore/runtime/TypedArrays/JSFloat32Array.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@ const ClassInfo JSFloat32ArrayPrototype::s_info = { "Float32ArrayPrototype", &Ba
106106

107107
JSObject* JSFloat32ArrayPrototype::self(ExecState* exec, JSGlobalObject* globalObject)
108108
{
109-
return getDOMPrototype<JSFloat32ArrayPrototype>(exec, globalObject);
109+
return getDOMPrototype<JSFloat32Array>(exec, globalObject);
110110
}
111111

112112
bool JSFloat32ArrayPrototype::getOwnPropertySlot(JSCell* cell, ExecState* exec, const Identifier& propertyName, PropertySlot& slot)

JavaScriptCore/runtime/TypedArrays/JSFloat64Array.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@ const ClassInfo JSFloat64ArrayPrototype::s_info = { "Float64ArrayPrototype", &Ba
106106

107107
JSObject* JSFloat64ArrayPrototype::self(ExecState* exec, JSGlobalObject* globalObject)
108108
{
109-
return getDOMPrototype<JSFloat64ArrayPrototype>(exec, globalObject);
109+
return getDOMPrototype<JSFloat64Array>(exec, globalObject);
110110
}
111111

112112
bool JSFloat64ArrayPrototype::getOwnPropertySlot(JSCell* cell, ExecState* exec, const Identifier& propertyName, PropertySlot& slot)

JavaScriptCore/runtime/TypedArrays/JSInt16Array.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@ const ClassInfo JSInt16ArrayPrototype::s_info = { "Int16ArrayPrototype", &Base::
106106

107107
JSObject* JSInt16ArrayPrototype::self(ExecState* exec, JSGlobalObject* globalObject)
108108
{
109-
return getDOMPrototype<JSInt16ArrayPrototype>(exec, globalObject);
109+
return getDOMPrototype<JSInt16Array>(exec, globalObject);
110110
}
111111

112112
bool JSInt16ArrayPrototype::getOwnPropertySlot(JSCell* cell, ExecState* exec, const Identifier& propertyName, PropertySlot& slot)

JavaScriptCore/runtime/TypedArrays/JSInt32Array.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@ const ClassInfo JSInt32ArrayPrototype::s_info = { "Int32ArrayPrototype", &Base::
106106

107107
JSObject* JSInt32ArrayPrototype::self(ExecState* exec, JSGlobalObject* globalObject)
108108
{
109-
return getDOMPrototype<JSInt32ArrayPrototype>(exec, globalObject);
109+
return getDOMPrototype<JSInt32Array>(exec, globalObject);
110110
}
111111

112112
bool JSInt32ArrayPrototype::getOwnPropertySlot(JSCell* cell, ExecState* exec, const Identifier& propertyName, PropertySlot& slot)

0 commit comments

Comments
 (0)