Allocate typed arrays uninitialized when constructing from array-like.

This is a fix for performance regression. For new Uint8Array(arrayLike)
and the likes, we allocate the backing store of typed array
uninitialized and then proceed to feel it in with elements of arrayLike.
If the loop over arrayLike runs to completion, we know that all elements
of typed arrays had been assigned to and there is no uninitialized
memory. If the loop does not run to completion, we propagate the
exception to constructor caller, therefore the typed array is not
exposed to user program.

BUG=270507
R=yangguo@chromium.org

Review URL: https://codereview.chromium.org/23463050

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16914 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This commit is contained in:
dslomov@chromium.org 2013-09-24 10:50:14 +00:00
parent 6d8f4d52bf
commit afdabcfd0b
2 changed files with 14 additions and 5 deletions

View File

@ -933,17 +933,24 @@ RUNTIME_FUNCTION(MaybeObject*, Runtime_TypedArrayInitializeFromArrayLike) {
HandleVector<Object>(NULL, 0))); HandleVector<Object>(NULL, 0)));
} }
// NOTE: not initializing backing store.
// We assume that the caller of this function will initialize holder // We assume that the caller of this function will initialize holder
// with the loop // with the loop
// for(i = 0; i < length; i++) { holder[i] = source[i]; } // for(i = 0; i < length; i++) { holder[i] = source[i]; }
// We assume that the caller of this function is always a typed array
// constructor.
// If source is a typed array, this loop will always run to completion, // If source is a typed array, this loop will always run to completion,
// so we are sure that the backing store will be initialized. // so we are sure that the backing store will be initialized.
// Otherwise, we do not know (the indexing operation might throw). // Otherwise, the indexing operation might throw, so the loop will not
// Hence we require zero initialization unless our source is a typed array. // run to completion and the typed array might remain partly initialized.
bool should_zero_initialize = !source->IsJSTypedArray(); // However we further assume that the caller of this function is a typed array
// constructor, and the exception will propagate out of the constructor,
// therefore uninitialized memory will not be accessible by a user program.
//
// TODO(dslomov): revise this once we support subclassing.
if (!Runtime::SetupArrayBufferAllocatingData( if (!Runtime::SetupArrayBufferAllocatingData(
isolate, buffer, byte_length, should_zero_initialize)) { isolate, buffer, byte_length, false)) {
return isolate->Throw(*isolate->factory()-> return isolate->Throw(*isolate->factory()->
NewRangeError("invalid_array_buffer_length", NewRangeError("invalid_array_buffer_length",
HandleVector<Object>(NULL, 0))); HandleVector<Object>(NULL, 0)));

View File

@ -79,6 +79,8 @@ function CreateTypedArrayConstructor(name, elementSize, arrayId, constructor) {
var l = ToPositiveInteger(length, "invalid_typed_array_length"); var l = ToPositiveInteger(length, "invalid_typed_array_length");
if(!%TypedArrayInitializeFromArrayLike(obj, arrayId, arrayLike, l)) { if(!%TypedArrayInitializeFromArrayLike(obj, arrayId, arrayLike, l)) {
for (var i = 0; i < l; i++) { for (var i = 0; i < l; i++) {
// It is crucial that we let any execptions from arrayLike[i]
// propagate outside the function.
obj[i] = arrayLike[i]; obj[i] = arrayLike[i];
} }
} }