Last Comment Bug 677743 - Store base of data directly in typed arrays
: Store base of data directly in typed arrays
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: All All
-- normal (vote)
: mozilla8
Assigned To: Brian Hackett (:bhackett)
: Jason Orendorff [:jorendorff]
: 677854 (view as bug list)
Depends on:
Blocks: 664249
  Show dependency treegraph
Reported: 2011-08-09 16:29 PDT by Brian Hackett (:bhackett)
Modified: 2011-08-11 14:58 PDT (History)
3 users (show)
mounir: in‑testsuite+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

patch (14.19 KB, patch)
2011-08-09 16:32 PDT, Brian Hackett (:bhackett)
mrbkap: review+
Details | Diff | Splinter Review

Description User image Brian Hackett (:bhackett) 2011-08-09 16:29:47 PDT
Per bug 664249 comment 34, handling of byte offsets in JM typed array ICs is incorrect, and slower than it needs to be.  Here is a testcase exposing the problem:

function f(x, y) {
  for (var i = 0; i < 100; i++)
    assertEq(x[0], y);
var a = ArrayBuffer(20);
var b = Int32Array(a, 12, 2);
var c = Int32Array(a, 0, 2);
b[0] = 10;
f(b, 10);
c[0] = 20;
f(c, 20);

> js test.js
> js -m test.js
test.js:3: Error: Assertion failed: got 10, expected 20

The base of the data in a typed array is split across two Values because it may be unaligned, and unaligned private pointers cannot be stored in Values on x64.  The .privateData of typed array JSObjects is unused, however, and can store unaligned pointers.  Using this instead allows fixing the ICs and faster accesses on the typed arrays.
Comment 1 User image Brian Hackett (:bhackett) 2011-08-09 16:32:47 PDT
Created attachment 551928 [details] [diff] [review]
Comment 2 User image Brian Hackett (:bhackett) 2011-08-09 17:14:41 PDT
Landing to JM for some post-merge greenification.
Comment 3 User image Brian Hackett (:bhackett) 2011-08-10 07:12:08 PDT
Comment 4 User image Mounir Lamouri (:mounir) 2011-08-11 04:33:38 PDT
Comment 5 User image Chris Jones [:cjones] inactive; ni?/f?/r? if you need me 2011-08-11 14:58:31 PDT
*** Bug 677854 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.