[JSC] Use finalizer in JSGlobalLexicalEnvironment and JSGlobalObject
authorysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 21 Mar 2019 07:00:24 +0000 (07:00 +0000)
committerysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 21 Mar 2019 07:00:24 +0000 (07:00 +0000)
https://bugs.webkit.org/show_bug.cgi?id=195992

Reviewed by Keith Miller and Mark Lam.

Source/JavaScriptCore:

JSGlobalLexicalEnvironment and JSGlobalObject have their own CompleteSubspace to call destructors while they are not inheriting JSDestructibleObject.
But it is too costly since (1) it requires CompleteSubspace in VM, (2) both objects allocate MarkedBlocks while # of them are really small.

Instead of using CompleteSubspace, we just set finalizers for them. Since these objects are rarely allocated, setting finalizers does not show
memory / performance problems (actually, previously we used finalizer for ArrayPrototype due to the same reason, and it does not show any problems).

And we also add following two changes to JSSegmentedVariableObject.

1. Remove one boolean used for debugging in Release build. It enlarges sizeof(JSSegmentedVariableObject) and allocates one more MarkedBlock.
2. Use cellLock() instead.

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Sources.txt:
* runtime/JSSegmentedVariableObject.cpp:
(JSC::JSSegmentedVariableObject::findVariableIndex):
(JSC::JSSegmentedVariableObject::addVariables):
(JSC::JSSegmentedVariableObject::visitChildren):
(JSC::JSSegmentedVariableObject::~JSSegmentedVariableObject):
(JSC::JSSegmentedVariableObject::finishCreation):
* runtime/JSSegmentedVariableObject.h:
(JSC::JSSegmentedVariableObject::subspaceFor): Deleted.
* runtime/JSSegmentedVariableObjectHeapCellType.cpp: Removed.
* runtime/JSSegmentedVariableObjectHeapCellType.h: Removed.
* runtime/StringIteratorPrototype.cpp:
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:

Source/WebCore:

Use cellHeapCellType since JSSegmentedVariableObject already set finalizer.

* bindings/js/WebCoreJSClientData.cpp:
(WebCore::JSVMClientData::JSVMClientData):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@243279 268f45cc-cd09-0410-ab3c-d52691b4dbfc

13 files changed:
Source/JavaScriptCore/CMakeLists.txt
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
Source/JavaScriptCore/Sources.txt
Source/JavaScriptCore/runtime/JSSegmentedVariableObject.cpp
Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h
Source/JavaScriptCore/runtime/JSSegmentedVariableObjectHeapCellType.cpp [deleted file]
Source/JavaScriptCore/runtime/JSSegmentedVariableObjectHeapCellType.h [deleted file]
Source/JavaScriptCore/runtime/StringIteratorPrototype.cpp
Source/JavaScriptCore/runtime/VM.cpp
Source/JavaScriptCore/runtime/VM.h
Source/WebCore/ChangeLog
Source/WebCore/bindings/js/WebCoreJSClientData.cpp

index 9b4e55e..67fdb70 100644 (file)
@@ -871,7 +871,6 @@ set(JavaScriptCore_PRIVATE_FRAMEWORK_HEADERS
     runtime/JSScriptFetchParameters.h
     runtime/JSScriptFetcher.h
     runtime/JSSegmentedVariableObject.h
-    runtime/JSSegmentedVariableObjectHeapCellType.h
     runtime/JSSet.h
     runtime/JSSetIterator.h
     runtime/JSSourceCode.h
index 03753e7..d5221a1 100644 (file)
@@ -1,3 +1,39 @@
+2019-03-20  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] Use finalizer in JSGlobalLexicalEnvironment and JSGlobalObject
+        https://bugs.webkit.org/show_bug.cgi?id=195992
+
+        Reviewed by Keith Miller and Mark Lam.
+
+        JSGlobalLexicalEnvironment and JSGlobalObject have their own CompleteSubspace to call destructors while they are not inheriting JSDestructibleObject.
+        But it is too costly since (1) it requires CompleteSubspace in VM, (2) both objects allocate MarkedBlocks while # of them are really small.
+
+        Instead of using CompleteSubspace, we just set finalizers for them. Since these objects are rarely allocated, setting finalizers does not show
+        memory / performance problems (actually, previously we used finalizer for ArrayPrototype due to the same reason, and it does not show any problems).
+
+        And we also add following two changes to JSSegmentedVariableObject.
+
+        1. Remove one boolean used for debugging in Release build. It enlarges sizeof(JSSegmentedVariableObject) and allocates one more MarkedBlock.
+        2. Use cellLock() instead.
+
+        * CMakeLists.txt:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * Sources.txt:
+        * runtime/JSSegmentedVariableObject.cpp:
+        (JSC::JSSegmentedVariableObject::findVariableIndex):
+        (JSC::JSSegmentedVariableObject::addVariables):
+        (JSC::JSSegmentedVariableObject::visitChildren):
+        (JSC::JSSegmentedVariableObject::~JSSegmentedVariableObject):
+        (JSC::JSSegmentedVariableObject::finishCreation):
+        * runtime/JSSegmentedVariableObject.h:
+        (JSC::JSSegmentedVariableObject::subspaceFor): Deleted.
+        * runtime/JSSegmentedVariableObjectHeapCellType.cpp: Removed.
+        * runtime/JSSegmentedVariableObjectHeapCellType.h: Removed.
+        * runtime/StringIteratorPrototype.cpp:
+        * runtime/VM.cpp:
+        (JSC::VM::VM):
+        * runtime/VM.h:
+
 2019-03-20  Saam Barati  <sbarati@apple.com>
 
         DFG::AbstractValue::validateOSREntry is wrong when isHeapTop and the incoming value is Empty
index 9e812fa..56f2e99 100644 (file)
                0F4F11E8209BCDAB00709654 /* CompilerTimingScope.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4F11E6209BCDA100709654 /* CompilerTimingScope.h */; };
                0F4F11EB209D426600709654 /* DFGAbstractValueClobberEpoch.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4F11EA209D426300709654 /* DFGAbstractValueClobberEpoch.h */; };
                0F4F29E018B6AD1C0057BC15 /* DFGStaticExecutionCountEstimationPhase.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4F29DE18B6AD1C0057BC15 /* DFGStaticExecutionCountEstimationPhase.h */; };
-               0F4F82881E2FFDE00075184C /* JSSegmentedVariableObjectHeapCellType.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4F82861E2FFDDB0075184C /* JSSegmentedVariableObjectHeapCellType.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0F4F828C1E31B9760075184C /* StochasticSpaceTimeMutatorScheduler.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4F828A1E31B9710075184C /* StochasticSpaceTimeMutatorScheduler.h */; };
                0F50AF3C193E8B3900674EE8 /* DFGStructureClobberState.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F50AF3B193E8B3900674EE8 /* DFGStructureClobberState.h */; };
                0F5513A61D5A682C00C32BD8 /* FreeList.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5513A51D5A682A00C32BD8 /* FreeList.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0F4F11EA209D426300709654 /* DFGAbstractValueClobberEpoch.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGAbstractValueClobberEpoch.h; path = dfg/DFGAbstractValueClobberEpoch.h; sourceTree = "<group>"; };
                0F4F29DD18B6AD1C0057BC15 /* DFGStaticExecutionCountEstimationPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGStaticExecutionCountEstimationPhase.cpp; path = dfg/DFGStaticExecutionCountEstimationPhase.cpp; sourceTree = "<group>"; };
                0F4F29DE18B6AD1C0057BC15 /* DFGStaticExecutionCountEstimationPhase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGStaticExecutionCountEstimationPhase.h; path = dfg/DFGStaticExecutionCountEstimationPhase.h; sourceTree = "<group>"; };
-               0F4F82851E2FFDDB0075184C /* JSSegmentedVariableObjectHeapCellType.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSSegmentedVariableObjectHeapCellType.cpp; sourceTree = "<group>"; };
-               0F4F82861E2FFDDB0075184C /* JSSegmentedVariableObjectHeapCellType.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSSegmentedVariableObjectHeapCellType.h; sourceTree = "<group>"; };
                0F4F82891E31B9710075184C /* StochasticSpaceTimeMutatorScheduler.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = StochasticSpaceTimeMutatorScheduler.cpp; sourceTree = "<group>"; };
                0F4F828A1E31B9710075184C /* StochasticSpaceTimeMutatorScheduler.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StochasticSpaceTimeMutatorScheduler.h; sourceTree = "<group>"; };
                0F50AF3B193E8B3900674EE8 /* DFGStructureClobberState.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGStructureClobberState.h; path = dfg/DFGStructureClobberState.h; sourceTree = "<group>"; };
                                E38D060B1F8E814100649CF2 /* JSScriptFetchParameters.h */,
                                0F919D0E157F3327004A4E7D /* JSSegmentedVariableObject.cpp */,
                                0F919D0F157F3327004A4E7D /* JSSegmentedVariableObject.h */,
-                               0F4F82851E2FFDDB0075184C /* JSSegmentedVariableObjectHeapCellType.cpp */,
-                               0F4F82861E2FFDDB0075184C /* JSSegmentedVariableObjectHeapCellType.h */,
                                A7299D9B17D12837005F5FF9 /* JSSet.cpp */,
                                A7299D9C17D12837005F5FF9 /* JSSet.h */,
                                A790DD69182F499700588807 /* JSSetIterator.cpp */,
                                79A228361D35D71F00D8E067 /* ArithProfile.h in Headers */,
                                0F6B1CB91861244C00845D97 /* ArityCheckMode.h in Headers */,
                                A1A009C11831A26E00CF8711 /* ARM64Assembler.h in Headers */,
+                               FE1E2C402240DD6200F6B729 /* ARM64EAssembler.h in Headers */,
                                86ADD1450FDDEA980006EEC2 /* ARMv7Assembler.h in Headers */,
                                0F8335B81639C1EA001443B5 /* ArrayAllocationProfile.h in Headers */,
                                A7A8AF3517ADB5F3005AB174 /* ArrayBuffer.h in Headers */,
                                0F2C63B01E60AE4300C13839 /* B3Bank.h in Headers */,
                                0FEC85011BDACDAC0080FF74 /* B3BasicBlock.h in Headers */,
                                0FEC85021BDACDAC0080FF74 /* B3BasicBlockInlines.h in Headers */,
-                               FE1E2C3F2240DD5800F6B729 /* MacroAssemblerARM64E.h in Headers */,
                                0FEC85031BDACDAC0080FF74 /* B3BasicBlockUtils.h in Headers */,
                                0F338E1C1BF286EA0013C88F /* B3BlockInsertionSet.h in Headers */,
                                0FEC85041BDACDAC0080FF74 /* B3BlockWorklist.h in Headers */,
                                0FEC853A1BDACDAC0080FF74 /* B3SwitchValue.h in Headers */,
                                0F4570411BE584CA0062A629 /* B3TimingScope.h in Headers */,
                                0FEC853C1BDACDAC0080FF74 /* B3Type.h in Headers */,
-                               FE1E2C402240DD6200F6B729 /* ARM64EAssembler.h in Headers */,
                                DCFDFBDA1D1F5D9E00FE3D72 /* B3TypeMap.h in Headers */,
                                0FEC853E1BDACDAC0080FF74 /* B3UpsilonValue.h in Headers */,
                                0FEC85401BDACDAC0080FF74 /* B3UseCounts.h in Headers */,
                                A7C0C4AC168103020017011D /* JSScriptRefPrivate.h in Headers */,
                                14D01A7721FB351F00BC54E9 /* JSScriptSourceProvider.h in Headers */,
                                0F919D11157F332C004A4E7D /* JSSegmentedVariableObject.h in Headers */,
-                               0F4F82881E2FFDE00075184C /* JSSegmentedVariableObjectHeapCellType.h in Headers */,
                                A7299D9E17D12837005F5FF9 /* JSSet.h in Headers */,
                                A790DD70182F499700588807 /* JSSetIterator.h in Headers */,
                                BDFCB2BBE90F41349E1B0BED /* JSSourceCode.h in Headers */,
                                14B723B812D7DA6F003BD5ED /* MachineStackMarker.h in Headers */,
                                86C36EEA0EE1289D00B3DF59 /* MacroAssembler.h in Headers */,
                                A1A009C01831A22D00CF8711 /* MacroAssemblerARM64.h in Headers */,
+                               FE1E2C3F2240DD5800F6B729 /* MacroAssemblerARM64E.h in Headers */,
                                86ADD1460FDDEA980006EEC2 /* MacroAssemblerARMv7.h in Headers */,
                                863B23E00FC6118900703AA4 /* MacroAssemblerCodeRef.h in Headers */,
                                E32AB2441DCD75F400D7533A /* MacroAssemblerHelpers.h in Headers */,
index c8f8860..8b3dd5e 100644 (file)
@@ -846,7 +846,6 @@ runtime/JSScope.cpp
 runtime/JSScriptFetcher.cpp
 runtime/JSScriptFetchParameters.cpp
 runtime/JSSegmentedVariableObject.cpp
-runtime/JSSegmentedVariableObjectHeapCellType.cpp
 runtime/JSSet.cpp
 runtime/JSSetIterator.cpp
 runtime/JSSourceCode.cpp
index e560369..3107a41 100644 (file)
@@ -38,7 +38,7 @@ const ClassInfo JSSegmentedVariableObject::s_info = { "SegmentedVariableObject",
 
 ScopeOffset JSSegmentedVariableObject::findVariableIndex(void* variableAddress)
 {
-    ConcurrentJSLocker locker(m_lock);
+    auto locker = holdLock(cellLock());
     
     for (unsigned i = m_variables.size(); i--;) {
         if (&m_variables[i] != variableAddress)
@@ -51,7 +51,7 @@ ScopeOffset JSSegmentedVariableObject::findVariableIndex(void* variableAddress)
 
 ScopeOffset JSSegmentedVariableObject::addVariables(unsigned numberOfVariablesToAdd, JSValue initialValue)
 {
-    ConcurrentJSLocker locker(m_lock);
+    auto locker = holdLock(cellLock());
     
     size_t oldSize = m_variables.size();
     m_variables.grow(oldSize + numberOfVariablesToAdd);
@@ -70,7 +70,7 @@ void JSSegmentedVariableObject::visitChildren(JSCell* cell, SlotVisitor& slotVis
     
     // FIXME: We could avoid locking here if SegmentedVector was lock-free. It could be made lock-free
     // relatively easily.
-    auto locker = holdLock(thisObject->m_lock);
+    auto locker = holdLock(thisObject->cellLock());
     for (unsigned i = thisObject->m_variables.size(); i--;)
         slotVisitor.appendHidden(thisObject->m_variables[i]);
 }
@@ -108,14 +108,19 @@ JSSegmentedVariableObject::JSSegmentedVariableObject(VM& vm, Structure* structur
 
 JSSegmentedVariableObject::~JSSegmentedVariableObject()
 {
-    RELEASE_ASSERT(!m_alreadyDestroyed);
+#ifndef NDEBUG
+    ASSERT(!m_alreadyDestroyed);
     m_alreadyDestroyed = true;
+#endif
 }
 
 void JSSegmentedVariableObject::finishCreation(VM& vm)
 {
     Base::finishCreation(vm);
     setSymbolTable(vm, SymbolTable::create(vm));
+    vm.heap.addFinalizer(this, [] (JSCell* cell) {
+        static_cast<JSSegmentedVariableObject*>(cell)->classInfo()->methodTable.destroy(cell);
+    });
 }
 
 } // namespace JSC
index 50aa493..bce8eab 100644 (file)
@@ -47,8 +47,6 @@ class LLIntOffsetsExtractor;
 // JSSegmentedVariableObject has its own GC tracing functionality, since it knows the
 // exact dimensions of the variables array at all times.
 
-// Except for JSGlobalObject, subclasses of this don't call the destructor and leak memory.
-
 class JSSegmentedVariableObject : public JSSymbolTableObject {
     friend class JIT;
     friend class LLIntOffsetsExtractor;
@@ -58,6 +56,14 @@ public:
 
     DECLARE_INFO;
 
+    static const bool needsDestruction = true;
+
+    template<typename CellType, SubspaceAccess>
+    static CompleteSubspace* subspaceFor(VM& vm)
+    {
+        return &vm.cellSpace;
+    }
+
     bool isValidScopeOffset(ScopeOffset offset)
     {
         return !!offset && offset.offset() < m_variables.size();
@@ -90,12 +96,6 @@ public:
     
     static void destroy(JSCell*);
     
-    template<typename, SubspaceAccess>
-    static CompleteSubspace* subspaceFor(VM& vm)
-    {
-        return &vm.segmentedVariableObjectSpace;
-    }
-    
     const ClassInfo* classInfo() const { return m_classInfo; }
     
 protected:
@@ -108,8 +108,9 @@ protected:
 private:
     SegmentedVector<WriteBarrier<Unknown>, 16> m_variables;
     const ClassInfo* m_classInfo;
-    ConcurrentJSLock m_lock;
+#ifndef NDEBUG
     bool m_alreadyDestroyed { false }; // We use these assertions to check that we aren't doing ancient hacks that result in this being destroyed more than once.
+#endif
 };
 
 } // namespace JSC
diff --git a/Source/JavaScriptCore/runtime/JSSegmentedVariableObjectHeapCellType.cpp b/Source/JavaScriptCore/runtime/JSSegmentedVariableObjectHeapCellType.cpp
deleted file mode 100644 (file)
index e2065eb..0000000
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (C) 2017-2018 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#include "config.h"
-#include "JSSegmentedVariableObjectHeapCellType.h"
-
-#include "JSCInlines.h"
-#include "MarkedBlockInlines.h"
-
-namespace JSC {
-
-struct JSSegmentedVariableObjectDestroyFunc {
-    ALWAYS_INLINE void operator()(VM&, JSCell* cell) const
-    {
-        static_cast<JSSegmentedVariableObject*>(cell)->classInfo()->methodTable.destroy(cell);
-    }
-};
-
-JSSegmentedVariableObjectHeapCellType::JSSegmentedVariableObjectHeapCellType()
-    : HeapCellType(CellAttributes(NeedsDestruction, HeapCell::JSCell))
-{
-}
-
-JSSegmentedVariableObjectHeapCellType::~JSSegmentedVariableObjectHeapCellType()
-{
-}
-
-void JSSegmentedVariableObjectHeapCellType::finishSweep(MarkedBlock::Handle& handle, FreeList* freeList)
-{
-    handle.finishSweepKnowingHeapCellType(freeList, JSSegmentedVariableObjectDestroyFunc());
-}
-
-void JSSegmentedVariableObjectHeapCellType::destroy(VM& vm, JSCell* cell)
-{
-    JSSegmentedVariableObjectDestroyFunc()(vm, cell);
-}
-
-} // namespace JSC
-
diff --git a/Source/JavaScriptCore/runtime/JSSegmentedVariableObjectHeapCellType.h b/Source/JavaScriptCore/runtime/JSSegmentedVariableObjectHeapCellType.h
deleted file mode 100644 (file)
index f8bac6b..0000000
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2017 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#pragma once
-
-#include "HeapCellType.h"
-
-namespace JSC {
-
-class JSSegmentedVariableObjectHeapCellType : public HeapCellType {
-public:
-    JS_EXPORT_PRIVATE JSSegmentedVariableObjectHeapCellType();
-    JS_EXPORT_PRIVATE virtual ~JSSegmentedVariableObjectHeapCellType();
-    
-    void finishSweep(MarkedBlock::Handle&, FreeList*) override;
-    void destroy(VM&, JSCell*) override;
-};
-
-} // namespace JSC
-
index ce71299..a5e1ac4 100644 (file)
@@ -27,6 +27,7 @@
 #include "config.h"
 #include "StringIteratorPrototype.h"
 
+#include "JSCBuiltins.h"
 #include "JSCInlines.h"
 #include "JSGlobalObject.h"
 #include "JSStringIterator.h"
index e778045..f404299 100644 (file)
@@ -91,7 +91,6 @@
 #include "JSMapIterator.h"
 #include "JSPromiseDeferred.h"
 #include "JSPropertyNameEnumerator.h"
-#include "JSSegmentedVariableObjectHeapCellType.h"
 #include "JSScriptFetchParameters.h"
 #include "JSScriptFetcher.h"
 #include "JSSet.h"
@@ -274,7 +273,6 @@ VM::VM(VMType vmType, HeapType heapType)
     , destructibleCellHeapCellType(std::make_unique<HeapCellType>(CellAttributes(NeedsDestruction, HeapCell::JSCell)))
     , stringHeapCellType(std::make_unique<JSStringHeapCellType>())
     , destructibleObjectHeapCellType(std::make_unique<JSDestructibleObjectHeapCellType>())
-    , segmentedVariableObjectHeapCellType(std::make_unique<JSSegmentedVariableObjectHeapCellType>())
 #if ENABLE(WEBASSEMBLY)
     , webAssemblyCodeBlockHeapCellType(std::make_unique<JSWebAssemblyCodeBlockHeapCellType>())
 #endif
@@ -287,7 +285,6 @@ VM::VM(VMType vmType, HeapType heapType)
     , stringSpace("JSString", heap, stringHeapCellType.get(), fastMallocAllocator.get())
     , destructibleObjectSpace("JSDestructibleObject", heap, destructibleObjectHeapCellType.get(), fastMallocAllocator.get())
     , eagerlySweptDestructibleObjectSpace("Eagerly Swept JSDestructibleObject", heap, destructibleObjectHeapCellType.get(), fastMallocAllocator.get())
-    , segmentedVariableObjectSpace("JSSegmentedVariableObjectSpace", heap, segmentedVariableObjectHeapCellType.get(), fastMallocAllocator.get())
     , executableToCodeBlockEdgeSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), ExecutableToCodeBlockEdge)
     , functionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSFunction)
     , internalFunctionSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), InternalFunction)
index 377d315..939466e 100644 (file)
@@ -123,7 +123,6 @@ class JSDestructibleObjectHeapCellType;
 class JSGlobalObject;
 class JSObject;
 class JSRunLoopTimer;
-class JSSegmentedVariableObjectHeapCellType;
 class JSStringHeapCellType;
 class JSWebAssemblyCodeBlockHeapCellType;
 class JSWebAssemblyInstance;
@@ -329,7 +328,6 @@ public:
     std::unique_ptr<HeapCellType> destructibleCellHeapCellType;
     std::unique_ptr<JSStringHeapCellType> stringHeapCellType;
     std::unique_ptr<JSDestructibleObjectHeapCellType> destructibleObjectHeapCellType;
-    std::unique_ptr<JSSegmentedVariableObjectHeapCellType> segmentedVariableObjectHeapCellType;
 #if ENABLE(WEBASSEMBLY)
     std::unique_ptr<JSWebAssemblyCodeBlockHeapCellType> webAssemblyCodeBlockHeapCellType;
 #endif
@@ -365,7 +363,6 @@ public:
     CompleteSubspace stringSpace;
     CompleteSubspace destructibleObjectSpace;
     CompleteSubspace eagerlySweptDestructibleObjectSpace;
-    CompleteSubspace segmentedVariableObjectSpace;
     
     IsoSubspace executableToCodeBlockEdgeSpace;
     IsoSubspace functionSpace;
index 9f0b533..1091d14 100644 (file)
@@ -1,3 +1,15 @@
+2019-03-20  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] Use finalizer in JSGlobalLexicalEnvironment and JSGlobalObject
+        https://bugs.webkit.org/show_bug.cgi?id=195992
+
+        Reviewed by Keith Miller and Mark Lam.
+
+        Use cellHeapCellType since JSSegmentedVariableObject already set finalizer.
+
+        * bindings/js/WebCoreJSClientData.cpp:
+        (WebCore::JSVMClientData::JSVMClientData):
+
 2019-03-20  Youenn Fablet  <youenn@apple.com>
 
         Compute quota after network process restart based on default quota and space used
index 2e7fe5b..bc1b8c2 100644 (file)
@@ -31,7 +31,6 @@
 #include <JavaScriptCore/FastMallocAlignedMemoryAllocator.h>
 #include <JavaScriptCore/HeapInlines.h>
 #include <JavaScriptCore/JSDestructibleObjectHeapCellType.h>
-#include <JavaScriptCore/JSSegmentedVariableObjectHeapCellType.h>
 #include <JavaScriptCore/MarkingConstraint.h>
 #include <JavaScriptCore/SubspaceInlines.h>
 #include <JavaScriptCore/VM.h>
@@ -46,7 +45,7 @@ JSVMClientData::JSVMClientData(VM& vm)
     , m_builtinNames(&vm)
     , m_runtimeMethodSpace ISO_SUBSPACE_INIT(vm.heap, vm.destructibleObjectHeapCellType.get(), RuntimeMethod)
     , m_outputConstraintSpace("WebCore Wrapper w/ Output Constraint", vm.heap, vm.destructibleObjectHeapCellType.get(), vm.fastMallocAllocator.get())
-    , m_globalObjectOutputConstraintSpace("WebCore Global Object w/ Output Constraint", vm.heap, vm.segmentedVariableObjectHeapCellType.get(), vm.fastMallocAllocator.get())
+    , m_globalObjectOutputConstraintSpace("WebCore Global Object w/ Output Constraint", vm.heap, vm.cellHeapCellType.get(), vm.fastMallocAllocator.get())
 {
 }