JSSegmentedVariableObject and its subclasses should have a sane destruction story
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 19 Jan 2017 05:13:21 +0000 (05:13 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 19 Jan 2017 05:13:21 +0000 (05:13 +0000)
commit3eac1e6cd38a9d6606eeaa5c2787b3698eefe36f
treee5c61a5d047337b764db6de6579515445f6cf839
parenta2c8b823b72bd71b198505b04aa1f127fd844dbe
JSSegmentedVariableObject and its subclasses should have a sane destruction story
https://bugs.webkit.org/show_bug.cgi?id=167193

Reviewed by Saam Barati.
Source/JavaScriptCore:

Prior to this change, JSSegmentedVariableObjects' subclasses install finalizers that call
destroy. They did this in random ways, which sometimes resulted in
JSSegmentedVariableObject::~JSSegmentedVariableObject executing more than once (which worked
because of the way that ~SegmentedVector is written). Maybe this works now, but it's a disaster
waiting to happen.

Fortunately we can now just give those things their own Subspace and teach it its own protocol of
destruction. This change introduces JSSegmentedVariableObjectSubspace and stashes a m_classInfo
in JSSegmentedVariableObject. Now, subclasses of JSSegmentedVariableObject are destructible in
much the same way as JSDestructibleObject without having to be subclasses of
JSDestructibleObject.

* API/JSCallbackObject.cpp:
(JSC::JSCallbackObject<JSGlobalObject>::create):
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* jsc.cpp:
(GlobalObject::create):
* runtime/JSGlobalLexicalEnvironment.h:
(JSC::JSGlobalLexicalEnvironment::create):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::create):
(JSC::JSGlobalObject::finishCreation):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::create): Deleted.
(JSC::JSGlobalObject::finishCreation): Deleted.
* runtime/JSSegmentedVariableObject.cpp:
(JSC::JSSegmentedVariableObject::destroy):
(JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
(JSC::JSSegmentedVariableObject::~JSSegmentedVariableObject):
(JSC::JSSegmentedVariableObject::finishCreation):
* runtime/JSSegmentedVariableObject.h:
(JSC::JSSegmentedVariableObject::subspaceFor):
(JSC::JSSegmentedVariableObject::classInfo):
(JSC::JSSegmentedVariableObject::JSSegmentedVariableObject): Deleted.
(JSC::JSSegmentedVariableObject::finishCreation): Deleted.
* runtime/JSSegmentedVariableObjectSubspace.cpp: Added.
(JSC::JSSegmentedVariableObjectSubspace::JSSegmentedVariableObjectSubspace):
(JSC::JSSegmentedVariableObjectSubspace::~JSSegmentedVariableObjectSubspace):
(JSC::JSSegmentedVariableObjectSubspace::finishSweep):
(JSC::JSSegmentedVariableObjectSubspace::destroy):
* runtime/JSSegmentedVariableObjectSubspace.h: Added.
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:
* testRegExp.cpp:
(GlobalObject::create):

Source/WebCore:

No new tests because no new behavior.

JSSegmentedVariableObjects now get to have a sane destruction story. This means switching
subspace types for the DOM's global object subspace.

* bindings/js/WebCoreJSClientData.cpp:
(WebCore::JSVMClientData::JSVMClientData):
* bindings/js/WebCoreJSClientData.h:
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@210912 268f45cc-cd09-0410-ab3c-d52691b4dbfc
19 files changed:
Source/JavaScriptCore/API/JSCallbackObject.cpp
Source/JavaScriptCore/CMakeLists.txt
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
Source/JavaScriptCore/jsc.cpp
Source/JavaScriptCore/runtime/JSGlobalLexicalEnvironment.h
Source/JavaScriptCore/runtime/JSGlobalObject.cpp
Source/JavaScriptCore/runtime/JSGlobalObject.h
Source/JavaScriptCore/runtime/JSSegmentedVariableObject.cpp
Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h
Source/JavaScriptCore/runtime/JSSegmentedVariableObjectSubspace.cpp [new file with mode: 0644]
Source/JavaScriptCore/runtime/JSSegmentedVariableObjectSubspace.h [new file with mode: 0644]
Source/JavaScriptCore/runtime/VM.cpp
Source/JavaScriptCore/runtime/VM.h
Source/JavaScriptCore/testRegExp.cpp
Source/WebCore/ChangeLog
Source/WebCore/bindings/js/WebCoreJSClientData.cpp
Source/WebCore/bindings/js/WebCoreJSClientData.h
Source/WebCore/bindings/scripts/CodeGeneratorJS.pm