First step toward incremental Weak<T> finalization
authorggaren@apple.com <ggaren@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 4 Apr 2012 05:28:13 +0000 (05:28 +0000)
committerggaren@apple.com <ggaren@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 4 Apr 2012 05:28:13 +0000 (05:28 +0000)
commit8b756c2a0010804b1f2ea87d1078e2faeb9a2749
tree3d470bc52dcc1d25bf5e4b3cbb8c6fcd3cf3fb70
parent383fac31d11d2b9abccc239ff9c5aae5d3c1f916
First step toward incremental Weak<T> finalization
https://bugs.webkit.org/show_bug.cgi?id=82670

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch implements a Weak<T> heap that is compatible with incremental
finalization, while making as few behavior changes as possible. The behavior
changes it makes are:

(*) Weak<T>'s raw JSValue no longer reverts to JSValue() automatically --
instead, a separate flag indicates that the JSValue is no longer valid.
(This is required so that the JSValue can be preserved for later finalization.)
Objects dealing with WeakImpls directly must change to check the flag.

(*) Weak<T> is no longer a subclass of Handle<T>.

(*) DOM GC performance is different -- 9% faster in the geometric mean,
but 15% slower in one specific case:
        gc-dom1.html: 6%  faster
        gc-dom2.html: 23% faster
        gc-dom3.html: 17% faster
        gc-dom4.html: 15% *slower*

The key features of this new heap are:

(*) Each block knows its own state, independent of any other blocks.

(*) Each block caches its own sweep result.

(*) The heap visits dead Weak<T>s at the end of GC. (It doesn't
mark them yet, since that would be a behavior change.)

* API/JSCallbackObject.cpp:
(JSC::JSCallbackObjectData::finalize):
* API/JSCallbackObjectFunctions.h:
(JSC::::init): Updated to use the new WeakHeap API.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri: Paid the build system tax since I added some new files.

* heap/Handle.h: Made WeakBlock a friend and exposed slot() as public,
so we can keep passing a Handle<T> to finalizers, to avoid more surface
area change in this patch. A follow-up patch should change the type we
pass to finalizers.

* heap/HandleHeap.cpp:
(JSC):
(JSC::HandleHeap::writeBarrier):
(JSC::HandleHeap::isLiveNode):
* heap/HandleHeap.h:
(JSC):
(HandleHeap):
(Node):
(JSC::HandleHeap::Node::Node): Removed all code related to Weak<T>, since
we have a separate WeakHeap now.

* heap/Heap.cpp:
(JSC::Heap::Heap): Removed m_extraCost because extra cost is accounted
for through our watermark now. Removed m_waterMark because it was unused.

(JSC::Heap::destroy): Updated for addition of WeakHeap.

(JSC::Heap::reportExtraMemoryCostSlowCase): Changed from using its own
variable to participating in the watermark strategy. I wanted to standardize
WeakHeap and all other Heap clients on this strategy, to make sure it's
accurate.

(JSC::Heap::markRoots): Updated for addition of WeakHeap. Added WeakHeap
dead visit pass, as explained above.

(JSC::Heap::collect):
(JSC::Heap::resetAllocators): Updated for addition of WeakHeap.

(JSC::Heap::addFinalizer):
(JSC::Heap::FinalizerOwner::finalize): Updated for new Weak<T> API.

* heap/Heap.h:
(JSC::Heap::weakHeap):
(Heap):
(JSC::Heap::addToWaterMark): Added a way to participate in the watermarking
strategy, since this is the best way for WeakHeap to report its memory
cost. (I plan to update this in a follow-up patch to make it more accurate,
but for now it is not less accurate than it used to be.)

* heap/MarkedSpace.cpp:
(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::resetAllocators):
* heap/MarkedSpace.h:
(MarkedSpace):
(JSC::MarkedSpace::addToWaterMark):
(JSC::MarkedSpace::didConsumeFreeList): Removed m_nurseryWaterMark because
it was unused, and I didn't want to update WeakHeap to keep an usused
variable working. Added API for above.

* heap/PassWeak.h:
(JSC):
(WeakImplAccessor):
(PassWeak):
(JSC::::operator):
(JSC::::get):
(JSC::::was):
(JSC::::PassWeak):
(JSC::::~PassWeak):
(JSC::UnspecifiedBoolType):
(JSC::::leakImpl):
(JSC::adoptWeak):
* heap/Strong.h:
(JSC::Strong::operator!):
(Strong):
(JSC::Strong::operator UnspecifiedBoolType*):
(JSC::Strong::get):
* heap/Weak.h:
(Weak):
(JSC::::Weak):
(JSC):
(JSC::::isHashTableDeletedValue):
(JSC::::~Weak):
(JSC::::swap):
(JSC::=):
(JSC::::operator):
(JSC::UnspecifiedBoolType):
(JSC::::release):
(JSC::::clear):
(JSC::::hashTableDeletedValue): Lots of code changes here, but they boil
down to two things:

(*) Allocate WeakImpls from the WeakHeap instead of Handles from the HandleHeap.

(*) Explicitly check WeakImpl::state() for non-liveness before returning
a value (explained above).

These files implement the new Weak<T> heap behavior described above:

* heap/WeakBlock.cpp: Added.
* heap/WeakBlock.h: Added.
* heap/WeakHandleOwner.cpp: Added.
* heap/WeakHandleOwner.h: Added.
* heap/WeakHeap.cpp: Added.
* heap/WeakHeap.h: Added.
* heap/WeakImpl.h: Added.

One interesting difference from the old heap is that we don't allow
clients to overwrite a WeakImpl after allocating it, and we don't recycle
WeakImpls prior to garbage collection. This is required for lazy finalization,
but it will also help us esablish a useful invariant in the future: allocating
a WeakImpl will be a binding contract to run a finalizer at some point in the
future, even if the WeakImpl is later deallocated.

* jit/JITStubs.cpp:
(JSC::JITThunks::hostFunctionStub): Check the Weak<T> for ! instead of
its JSValue, since that's our API contract now, and the JSValue might
be stale.

* runtime/JSCell.h:
(JSC::jsCast): Allow casting NULL pointers because it's useful and harmless.

* runtime/Structure.cpp:
(JSC::StructureTransitionTable::add): I can't remember why I did this.

* runtime/StructureTransitionTable.h:
* runtime/WeakGCMap.h: I had to update these classes because they allocate
and deallocate weak pointers manually. They should probably stop doing that.

Source/WebCore:

Updated WebCore for Weak<T> API changes.

* bindings/js/DOMWrapperWorld.cpp:
(WebCore::JSStringOwner::finalize): We're not allowed to get() a dead Weak<T>
anymore, so use the debug-only was() helper function instead.

* bindings/js/JSDOMBinding.h:
(WebCore::uncacheWrapper): Ditto.

* bindings/js/JSNodeCustom.h:
(WebCore::setInlineCachedWrapper):
(WebCore::clearInlineCachedWrapper): We're not allowed to get() a dead
Weak<T>, so I had to push down these ASSERTs into ScriptWrappable.

* bindings/js/JSNodeFilterCondition.cpp:
(WebCore::JSNodeFilterCondition::acceptNode): Updated for non-Handle-ness
of Weak<T>.

* bindings/js/ScriptWrappable.h:
(WebCore::ScriptWrappable::setWrapper):
(WebCore::ScriptWrappable::clearWrapper): Use was(), as above.

Source/WebKit2:

Updated for API change.

* WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
(WebKit::NPRuntimeObjectMap::finalize):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@113141 268f45cc-cd09-0410-ab3c-d52691b4dbfc
42 files changed:
Source/JavaScriptCore/API/JSCallbackObject.cpp
Source/JavaScriptCore/API/JSCallbackObjectFunctions.h
Source/JavaScriptCore/CMakeLists.txt
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/GNUmakefile.list.am
Source/JavaScriptCore/JavaScriptCore.gypi
Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def
Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
Source/JavaScriptCore/Target.pri
Source/JavaScriptCore/heap/Handle.h
Source/JavaScriptCore/heap/HandleHeap.cpp
Source/JavaScriptCore/heap/HandleHeap.h
Source/JavaScriptCore/heap/Heap.cpp
Source/JavaScriptCore/heap/Heap.h
Source/JavaScriptCore/heap/MarkedSpace.cpp
Source/JavaScriptCore/heap/MarkedSpace.h
Source/JavaScriptCore/heap/PassWeak.h
Source/JavaScriptCore/heap/Strong.h
Source/JavaScriptCore/heap/Weak.h
Source/JavaScriptCore/heap/WeakBlock.cpp [new file with mode: 0644]
Source/JavaScriptCore/heap/WeakBlock.h [new file with mode: 0644]
Source/JavaScriptCore/heap/WeakHandleOwner.cpp [new file with mode: 0644]
Source/JavaScriptCore/heap/WeakHandleOwner.h [new file with mode: 0644]
Source/JavaScriptCore/heap/WeakHeap.cpp [new file with mode: 0644]
Source/JavaScriptCore/heap/WeakHeap.h [new file with mode: 0644]
Source/JavaScriptCore/heap/WeakImpl.h [new file with mode: 0644]
Source/JavaScriptCore/jit/JITStubs.cpp
Source/JavaScriptCore/runtime/JSCell.h
Source/JavaScriptCore/runtime/Structure.cpp
Source/JavaScriptCore/runtime/StructureTransitionTable.h
Source/JavaScriptCore/runtime/WeakGCMap.h
Source/WebCore/ChangeLog
Source/WebCore/bindings/js/DOMWrapperWorld.cpp
Source/WebCore/bindings/js/JSDOMBinding.h
Source/WebCore/bindings/js/JSNodeCustom.h
Source/WebCore/bindings/js/JSNodeFilterCondition.cpp
Source/WebCore/bindings/js/ScriptWrappable.h
Source/WebKit2/ChangeLog
Source/WebKit2/WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp
Source/WebKit2/WebProcess/Plugins/Netscape/NetscapePlugin.cpp
Source/WebKit2/WebProcess/Plugins/PluginProcessConnection.cpp