JSArrayBuffers should be collected less aggressively
authorkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 4 Mar 2016 03:19:11 +0000 (03:19 +0000)
committerkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 4 Mar 2016 03:19:11 +0000 (03:19 +0000)
commit76ccb7cdabe26c5e69341c5caffb86360327e7e8
treec32e1eccabe1be85d32298a89be252dc58f9ff15
parent2a41daea6b8505f8b953245b168da0e35a36f960
JSArrayBuffers should be collected less aggressively
https://bugs.webkit.org/show_bug.cgi?id=154982

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

We are currently too aggressive in our collection of ArrayBuffer wrappers.
There are three cases where we need to avoid collecting ArrayBuffer wrappers.
1. If the wrapper has custom properties.
2. If the wrapper is a subclass of ArrayBuffer.
3. If the wrapper is in a WeakMap/WeakSet.

Currently, we only pass the first case in WebCore and none in the jsc CLI.
This patch removes some optimizations that cause us to collect when we
should not. Namely, always skipping the object unless it has custom
properties. Additionally, in the case of subclassing, we also need a way
for custom JSArrayBuffer objects to register themselves as the wrapper for
an ArrayBuffer class.

Finally, this patch fixes an issue where views would not mark their ArrayBuffer
as an opaque root. This patch also moves an associated ASSERT that the
ArrayBuffer held by a view is not null in JSGenericTypedArrayView::visitChildren
into JSArrayBufferView::visitChildren, where we add the opaque root.

* runtime/JSArrayBuffer.cpp:
(JSC::JSArrayBuffer::finishCreation):
(JSC::JSArrayBuffer::create):
(JSC::JSArrayBuffer::createWithoutWrapping):
* runtime/JSArrayBuffer.h:
* runtime/JSArrayBufferView.cpp:
(JSC::JSArrayBufferView::visitChildren):
* runtime/JSArrayBufferView.h:
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::JSGenericTypedArrayView<Adaptor>::visitChildren): Deleted.
* runtime/SimpleTypedArrayController.cpp:
(JSC::SimpleTypedArrayController::toJS):
(JSC::SimpleTypedArrayController::registerWrapper):
(JSC::SimpleTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots):
(JSC::SimpleTypedArrayController::JSArrayBufferOwner::finalize):
* runtime/SimpleTypedArrayController.h:
* runtime/TypedArrayController.h:

Source/WebCore:

We are currently too aggressive in our collection of ArrayBuffer wrappers.
There are three cases where we need to avoid collecting ArrayBuffer wrappers.
1. If the wrapper has custom properties.
2. If the wrapper is a subclass of ArrayBuffer.
3. If the wrapper is in a WeakMap/WeakSet.

Currently, we only pass the first case in WebCore and none in the jsc CLI.
This patch removes some optimizations that cause us to collect when we
should not. Namely, always skipping the object unless it has custom
properties. Additionally, in the case of subclassing, we also need a way
for custom JSArrayBuffer objects to register themselves as the wrapper for
an ArrayBuffer class.

Finally, this patch removes an unnecessary ref() and deref() of
ArrayBuffer objects during the creation/destruction of the wrapper.
Since an ArrayBuffer object's GC lifetime will be at least as long
as the lifetime of the wrapper we are creating for it we don't need
to ref() and deref() the ArrayBuffer object. This lifetime is
guaranteed because ArrayBuffer objects are both GCed and refcounted
and any new wrapper will visit the ArrayBuffer object as long as the
wrapper is still alive.

Test: js/arraybuffer-wrappers.html

* bindings/js/JSDOMBinding.h:
(WebCore::toJS):
* bindings/js/WebCoreTypedArrayController.cpp:
(WebCore::WebCoreTypedArrayController::registerWrapper):
(WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize):
(WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots): Deleted.
* bindings/js/WebCoreTypedArrayController.h:

LayoutTests:

* js/arraybuffer-wrappers-expected.txt: Added.
* js/arraybuffer-wrappers.html: Added.
* js/script-tests/arraybuffer-wrappers.js: Added.
(prototype.types.forEach):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@197543 268f45cc-cd09-0410-ab3c-d52691b4dbfc
17 files changed:
LayoutTests/ChangeLog
LayoutTests/js/arraybuffer-wrappers-expected.txt [new file with mode: 0644]
LayoutTests/js/arraybuffer-wrappers.html [new file with mode: 0644]
LayoutTests/js/script-tests/arraybuffer-wrappers.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/JSArrayBuffer.cpp
Source/JavaScriptCore/runtime/JSArrayBuffer.h
Source/JavaScriptCore/runtime/JSArrayBufferView.cpp
Source/JavaScriptCore/runtime/JSArrayBufferView.h
Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h
Source/JavaScriptCore/runtime/SimpleTypedArrayController.cpp
Source/JavaScriptCore/runtime/SimpleTypedArrayController.h
Source/JavaScriptCore/runtime/TypedArrayController.h
Source/WebCore/ChangeLog
Source/WebCore/bindings/js/JSDOMBinding.h
Source/WebCore/bindings/js/WebCoreTypedArrayController.cpp
Source/WebCore/bindings/js/WebCoreTypedArrayController.h