GC shouldn't do object distancing
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 3 Apr 2018 23:52:09 +0000 (23:52 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 3 Apr 2018 23:52:09 +0000 (23:52 +0000)
https://bugs.webkit.org/show_bug.cgi?id=184195

Reviewed by Saam Barati.
Source/JavaScriptCore:

This rolls out SecurityKind/SecurityOriginToken, but keeps the TLC infrastructure. It seems
to be a small speed-up.

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Sources.txt:
* heap/BlockDirectory.cpp:
(JSC::BlockDirectory::findBlockForAllocation):
(JSC::BlockDirectory::addBlock):
* heap/BlockDirectory.h:
* heap/CellAttributes.cpp:
(JSC::CellAttributes::dump const):
* heap/CellAttributes.h:
(JSC::CellAttributes::CellAttributes):
* heap/LocalAllocator.cpp:
(JSC::LocalAllocator::allocateSlowCase):
(JSC::LocalAllocator::tryAllocateWithoutCollecting):
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::Handle::didAddToDirectory):
* heap/MarkedBlock.h:
(JSC::MarkedBlock::Handle::securityOriginToken const): Deleted.
* heap/SecurityKind.cpp: Removed.
* heap/SecurityKind.h: Removed.
* heap/SecurityOriginToken.cpp: Removed.
* heap/SecurityOriginToken.h: Removed.
* heap/ThreadLocalCache.cpp:
(JSC::ThreadLocalCache::create):
(JSC::ThreadLocalCache::ThreadLocalCache):
* heap/ThreadLocalCache.h:
(JSC::ThreadLocalCache::securityOriginToken const): Deleted.
* runtime/JSDestructibleObjectHeapCellType.cpp:
(JSC::JSDestructibleObjectHeapCellType::JSDestructibleObjectHeapCellType):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::JSGlobalObject):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::threadLocalCache const): Deleted.
* runtime/JSSegmentedVariableObjectHeapCellType.cpp:
(JSC::JSSegmentedVariableObjectHeapCellType::JSSegmentedVariableObjectHeapCellType):
* runtime/JSStringHeapCellType.cpp:
(JSC::JSStringHeapCellType::JSStringHeapCellType):
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:
* runtime/VMEntryScope.cpp:
(JSC::VMEntryScope::VMEntryScope):
* wasm/js/JSWebAssemblyCodeBlockHeapCellType.cpp:
(JSC::JSWebAssemblyCodeBlockHeapCellType::JSWebAssemblyCodeBlockHeapCellType):

Source/WebCore:

No new tests because no change in behavior.

* Sources.txt:
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/JSDOMGlobalObject.cpp:
(WebCore::JSDOMGlobalObject::JSDOMGlobalObject):
* bindings/js/JSDOMGlobalObject.h:
* bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::JSDOMWindowBase):
* dom/Document.cpp:
(WebCore::Document::threadLocalCache): Deleted.
* dom/Document.h:
* page/OriginThreadLocalCache.cpp: Removed.
* page/OriginThreadLocalCache.h: Removed.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230226 268f45cc-cd09-0410-ab3c-d52691b4dbfc

36 files changed:
Source/JavaScriptCore/CMakeLists.txt
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
Source/JavaScriptCore/Sources.txt
Source/JavaScriptCore/heap/BlockDirectory.cpp
Source/JavaScriptCore/heap/BlockDirectory.h
Source/JavaScriptCore/heap/CellAttributes.cpp
Source/JavaScriptCore/heap/CellAttributes.h
Source/JavaScriptCore/heap/LocalAllocator.cpp
Source/JavaScriptCore/heap/MarkedBlock.cpp
Source/JavaScriptCore/heap/MarkedBlock.h
Source/JavaScriptCore/heap/SecurityKind.cpp [deleted file]
Source/JavaScriptCore/heap/SecurityKind.h [deleted file]
Source/JavaScriptCore/heap/SecurityOriginToken.cpp [deleted file]
Source/JavaScriptCore/heap/SecurityOriginToken.h [deleted file]
Source/JavaScriptCore/heap/ThreadLocalCache.cpp
Source/JavaScriptCore/heap/ThreadLocalCache.h
Source/JavaScriptCore/runtime/JSDestructibleObjectHeapCellType.cpp
Source/JavaScriptCore/runtime/JSGlobalObject.cpp
Source/JavaScriptCore/runtime/JSGlobalObject.h
Source/JavaScriptCore/runtime/JSSegmentedVariableObjectHeapCellType.cpp
Source/JavaScriptCore/runtime/JSStringHeapCellType.cpp
Source/JavaScriptCore/runtime/VM.cpp
Source/JavaScriptCore/runtime/VM.h
Source/JavaScriptCore/runtime/VMEntryScope.cpp
Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlockHeapCellType.cpp
Source/WebCore/ChangeLog
Source/WebCore/Sources.txt
Source/WebCore/WebCore.xcodeproj/project.pbxproj
Source/WebCore/bindings/js/JSDOMGlobalObject.cpp
Source/WebCore/bindings/js/JSDOMGlobalObject.h
Source/WebCore/bindings/js/JSDOMWindowBase.cpp
Source/WebCore/dom/Document.cpp
Source/WebCore/dom/Document.h
Source/WebCore/page/OriginThreadLocalCache.cpp [deleted file]
Source/WebCore/page/OriginThreadLocalCache.h [deleted file]

index c607386..1610812 100644 (file)
@@ -546,8 +546,6 @@ set(JavaScriptCore_PRIVATE_FRAMEWORK_HEADERS
     heap/MutatorState.h
     heap/RegisterState.h
     heap/RunningScope.h
-    heap/SecurityKind.h
-    heap/SecurityOriginToken.h
     heap/SimpleMarkingConstraint.h
     heap/SlotVisitor.h
     heap/SlotVisitorInlines.h
index 36902c1..e05f5f0 100644 (file)
@@ -1,3 +1,58 @@
+2018-04-03  Filip Pizlo  <fpizlo@apple.com>
+
+        GC shouldn't do object distancing
+        https://bugs.webkit.org/show_bug.cgi?id=184195
+
+        Reviewed by Saam Barati.
+        
+        This rolls out SecurityKind/SecurityOriginToken, but keeps the TLC infrastructure. It seems
+        to be a small speed-up.
+
+        * CMakeLists.txt:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * Sources.txt:
+        * heap/BlockDirectory.cpp:
+        (JSC::BlockDirectory::findBlockForAllocation):
+        (JSC::BlockDirectory::addBlock):
+        * heap/BlockDirectory.h:
+        * heap/CellAttributes.cpp:
+        (JSC::CellAttributes::dump const):
+        * heap/CellAttributes.h:
+        (JSC::CellAttributes::CellAttributes):
+        * heap/LocalAllocator.cpp:
+        (JSC::LocalAllocator::allocateSlowCase):
+        (JSC::LocalAllocator::tryAllocateWithoutCollecting):
+        * heap/MarkedBlock.cpp:
+        (JSC::MarkedBlock::Handle::didAddToDirectory):
+        * heap/MarkedBlock.h:
+        (JSC::MarkedBlock::Handle::securityOriginToken const): Deleted.
+        * heap/SecurityKind.cpp: Removed.
+        * heap/SecurityKind.h: Removed.
+        * heap/SecurityOriginToken.cpp: Removed.
+        * heap/SecurityOriginToken.h: Removed.
+        * heap/ThreadLocalCache.cpp:
+        (JSC::ThreadLocalCache::create):
+        (JSC::ThreadLocalCache::ThreadLocalCache):
+        * heap/ThreadLocalCache.h:
+        (JSC::ThreadLocalCache::securityOriginToken const): Deleted.
+        * runtime/JSDestructibleObjectHeapCellType.cpp:
+        (JSC::JSDestructibleObjectHeapCellType::JSDestructibleObjectHeapCellType):
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::JSGlobalObject):
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::threadLocalCache const): Deleted.
+        * runtime/JSSegmentedVariableObjectHeapCellType.cpp:
+        (JSC::JSSegmentedVariableObjectHeapCellType::JSSegmentedVariableObjectHeapCellType):
+        * runtime/JSStringHeapCellType.cpp:
+        (JSC::JSStringHeapCellType::JSStringHeapCellType):
+        * runtime/VM.cpp:
+        (JSC::VM::VM):
+        * runtime/VM.h:
+        * runtime/VMEntryScope.cpp:
+        (JSC::VMEntryScope::VMEntryScope):
+        * wasm/js/JSWebAssemblyCodeBlockHeapCellType.cpp:
+        (JSC::JSWebAssemblyCodeBlockHeapCellType::JSWebAssemblyCodeBlockHeapCellType):
+
 2018-04-02  Saam Barati  <sbarati@apple.com>
 
         bmalloc should compute its own estimate of its footprint
index 7548bac..8f920ad 100644 (file)
                0F426A481460CBB300131F8F /* ValueRecovery.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F426A451460CBAB00131F8F /* ValueRecovery.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0F426A491460CBB700131F8F /* VirtualRegister.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F426A461460CBAB00131F8F /* VirtualRegister.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0F426A4B1460CD6E00131F8F /* DataFormat.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F426A4A1460CD6B00131F8F /* DataFormat.h */; settings = {ATTRIBUTES = (Private, ); }; };
-               0F42B3C3201EC9FF00357031 /* SecurityOriginToken.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F42B3C2201EC9FD00357031 /* SecurityOriginToken.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0F431738146BAC69007E3890 /* ListableHandler.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F431736146BAC65007E3890 /* ListableHandler.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0F4570391BE44C910062A629 /* AirEliminateDeadCode.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4570371BE44C910062A629 /* AirEliminateDeadCode.h */; };
                0F45703D1BE45F0A0062A629 /* AirReportUsedRegisters.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F45703B1BE45F0A0062A629 /* AirReportUsedRegisters.h */; };
                0F5A6284188C98D40072C9DF /* FTLValueRange.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5A6282188C98D40072C9DF /* FTLValueRange.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0F5AE2C41DF4F2800066EFE1 /* VMInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = FE90BB3A1B7CF64E006B3F03 /* VMInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0F5B4A331C84F0D600F1B17E /* SlowPathReturnType.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5B4A321C84F0D600F1B17E /* SlowPathReturnType.h */; settings = {ATTRIBUTES = (Private, ); }; };
-               0F5B6ED32036796B007AABF3 /* SecurityKind.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5B6ED120367968007AABF3 /* SecurityKind.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0F5BF1641F2317120029D91D /* B3HoistLoopInvariantValues.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5BF1621F2317120029D91D /* B3HoistLoopInvariantValues.h */; };
                0F5BF1671F23A0980029D91D /* B3BackwardsCFG.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5BF1661F23A0980029D91D /* B3BackwardsCFG.h */; };
                0F5BF1691F23A0AA0029D91D /* B3NaturalLoops.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5BF1681F23A0AA0029D91D /* B3NaturalLoops.h */; };
                0F426A461460CBAB00131F8F /* VirtualRegister.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = VirtualRegister.h; sourceTree = "<group>"; };
                0F426A4A1460CD6B00131F8F /* DataFormat.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DataFormat.h; sourceTree = "<group>"; };
                0F42B3C0201EB50900357031 /* Allocator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Allocator.cpp; sourceTree = "<group>"; };
-               0F42B3C2201EC9FD00357031 /* SecurityOriginToken.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecurityOriginToken.h; sourceTree = "<group>"; };
                0F431736146BAC65007E3890 /* ListableHandler.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ListableHandler.h; sourceTree = "<group>"; };
                0F4570361BE44C910062A629 /* AirEliminateDeadCode.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = AirEliminateDeadCode.cpp; path = b3/air/AirEliminateDeadCode.cpp; sourceTree = "<group>"; };
                0F4570371BE44C910062A629 /* AirEliminateDeadCode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AirEliminateDeadCode.h; path = b3/air/AirEliminateDeadCode.h; sourceTree = "<group>"; };
                0F5A6281188C98D40072C9DF /* FTLValueRange.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLValueRange.cpp; path = ftl/FTLValueRange.cpp; sourceTree = "<group>"; };
                0F5A6282188C98D40072C9DF /* FTLValueRange.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLValueRange.h; path = ftl/FTLValueRange.h; sourceTree = "<group>"; };
                0F5B4A321C84F0D600F1B17E /* SlowPathReturnType.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SlowPathReturnType.h; sourceTree = "<group>"; };
-               0F5B6ED120367968007AABF3 /* SecurityKind.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecurityKind.h; sourceTree = "<group>"; };
-               0F5B6ED220367968007AABF3 /* SecurityKind.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecurityKind.cpp; sourceTree = "<group>"; };
-               0F5B6ED42036799A007AABF3 /* SecurityOriginToken.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecurityOriginToken.cpp; sourceTree = "<group>"; };
                0F5BF1611F2317120029D91D /* B3HoistLoopInvariantValues.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; name = B3HoistLoopInvariantValues.cpp; path = b3/B3HoistLoopInvariantValues.cpp; sourceTree = "<group>"; };
                0F5BF1621F2317120029D91D /* B3HoistLoopInvariantValues.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = B3HoistLoopInvariantValues.h; path = b3/B3HoistLoopInvariantValues.h; sourceTree = "<group>"; };
                0F5BF1661F23A0980029D91D /* B3BackwardsCFG.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = B3BackwardsCFG.h; path = b3/B3BackwardsCFG.h; sourceTree = "<group>"; };
                                0FD0E5EF1E46BF230006AB08 /* RegisterState.h */,
                                0F7CF94E1DBEEE860098CC12 /* ReleaseHeapAccessScope.h */,
                                0F2C63A91E4FA42C00C13839 /* RunningScope.h */,
-                               0F5B6ED220367968007AABF3 /* SecurityKind.cpp */,
-                               0F5B6ED120367968007AABF3 /* SecurityKind.h */,
-                               0F5B6ED42036799A007AABF3 /* SecurityOriginToken.cpp */,
-                               0F42B3C2201EC9FD00357031 /* SecurityOriginToken.h */,
                                0F4D8C761FCA3CF2001D32AC /* SimpleMarkingConstraint.cpp */,
                                0F4D8C771FCA3CF3001D32AC /* SimpleMarkingConstraint.h */,
                                C225494215F7DBAA0065E898 /* SlotVisitor.cpp */,
                                A54CF2FA184EAEDA00237F19 /* ScriptObject.h in Headers */,
                                A55165D51BDF135A003B75C1 /* ScriptProfilingScope.h in Headers */,
                                A54CF2F6184EAB2400237F19 /* ScriptValue.h in Headers */,
-                               0F5B6ED32036796B007AABF3 /* SecurityKind.h in Headers */,
-                               0F42B3C3201EC9FF00357031 /* SecurityOriginToken.h in Headers */,
                                A7299DA617D12858005F5FF9 /* SetConstructor.h in Headers */,
                                A790DD6E182F499700588807 /* SetIteratorPrototype.h in Headers */,
                                A7299DA217D12848005F5FF9 /* SetPrototype.h in Headers */,
index aa963f5..1c88710 100644 (file)
@@ -514,8 +514,6 @@ heap/MarkingConstraintSet.cpp
 heap/MarkingConstraintSolver.cpp
 heap/MutatorScheduler.cpp
 heap/MutatorState.cpp
-heap/SecurityKind.cpp
-heap/SecurityOriginToken.cpp
 heap/SimpleMarkingConstraint.cpp
 heap/SlotVisitor.cpp
 heap/SpaceTimeMutatorScheduler.cpp
index c824cff..63e1344 100644 (file)
@@ -89,10 +89,8 @@ MarkedBlock::Handle* BlockDirectory::findBlockForAllocation(LocalAllocator& allo
         
         size_t blockIndex = allocator.m_allocationCursor++;
         MarkedBlock::Handle* result = m_blocks[blockIndex];
-        if (result->securityOriginToken() == allocator.tlc()->securityOriginToken()) {
-            setIsCanAllocateButNotEmpty(NoLockingNecessary, blockIndex, false);
-            return result;
-        }
+        setIsCanAllocateButNotEmpty(NoLockingNecessary, blockIndex, false);
+        return result;
     }
 }
 
@@ -109,7 +107,7 @@ MarkedBlock::Handle* BlockDirectory::tryAllocateBlock()
     return handle;
 }
 
-void BlockDirectory::addBlock(MarkedBlock::Handle* block, SecurityOriginToken securityOriginToken)
+void BlockDirectory::addBlock(MarkedBlock::Handle* block)
 {
     size_t index;
     if (m_freeBlockIndices.isEmpty()) {
@@ -147,7 +145,7 @@ void BlockDirectory::addBlock(MarkedBlock::Handle* block, SecurityOriginToken se
         });
 
     // This is the point at which the block learns of its cellSize() and attributes().
-    block->didAddToDirectory(this, index, securityOriginToken);
+    block->didAddToDirectory(this, index);
     
     setIsLive(NoLockingNecessary, index, true);
     setIsEmpty(NoLockingNecessary, index, true);
index 097953b..5960f53 100644 (file)
@@ -110,7 +110,7 @@ public:
     
     RefPtr<SharedTask<MarkedBlock::Handle*()>> parallelNotEmptyBlockSource();
     
-    void addBlock(MarkedBlock::Handle*, SecurityOriginToken);
+    void addBlock(MarkedBlock::Handle*);
     void removeBlock(MarkedBlock::Handle*);
 
     bool isPagedOut(MonotonicTime deadline);
index c3ecff0..9ce14c0 100644 (file)
@@ -32,7 +32,7 @@ namespace JSC {
 
 void CellAttributes::dump(PrintStream& out) const
 {
-    out.print("{", destruction, ", ", cellKind, ", ", securityKind, "}");
+    out.print("{", destruction, ", ", cellKind, "}");
 }
 
 } // namespace JSC
index f4dd414..a024760 100644 (file)
@@ -27,7 +27,6 @@
 
 #include "DestructionMode.h"
 #include "HeapCell.h"
-#include "SecurityKind.h"
 #include <wtf/PrintStream.h>
 
 namespace JSC {
@@ -35,10 +34,9 @@ namespace JSC {
 struct CellAttributes {
     CellAttributes() { }
     
-    CellAttributes(DestructionMode destruction, HeapCell::Kind cellKind, SecurityKind securityKind)
+    CellAttributes(DestructionMode destruction, HeapCell::Kind cellKind)
         : destruction(destruction)
         , cellKind(cellKind)
-        , securityKind(securityKind)
     {
     }
     
@@ -46,7 +44,6 @@ struct CellAttributes {
     
     DestructionMode destruction { DoesNotNeedDestruction };
     HeapCell::Kind cellKind { HeapCell::JSCell };
-    SecurityKind securityKind { SecurityKind::DangerousBits };
 };
 
 } // namespace JSC
index c35d16f..97c7c6e 100644 (file)
@@ -177,7 +177,7 @@ void* LocalAllocator::allocateSlowCase(GCDeferralContext* deferralContext, Alloc
         else
             return nullptr;
     }
-    m_directory->addBlock(block, m_tlc->securityOriginToken());
+    m_directory->addBlock(block);
     result = allocateIn(block);
     ASSERT(result);
     return result;
@@ -233,7 +233,7 @@ void* LocalAllocator::tryAllocateWithoutCollecting()
             // because there is a remote chance that a block may have both canAllocateButNotEmpty
             // and empty set at the same time.
             block->removeFromDirectory();
-            m_directory->addBlock(block, m_tlc->securityOriginToken());
+            m_directory->addBlock(block);
             return allocateIn(block);
         }
     }
index f6e91d5..c425344 100644 (file)
@@ -334,7 +334,7 @@ void MarkedBlock::Handle::removeFromDirectory()
     m_directory->removeBlock(this);
 }
 
-void MarkedBlock::Handle::didAddToDirectory(BlockDirectory* directory, size_t index, SecurityOriginToken securityOriginToken)
+void MarkedBlock::Handle::didAddToDirectory(BlockDirectory* directory, size_t index)
 {
     ASSERT(m_index == std::numeric_limits<size_t>::max());
     ASSERT(!m_directory);
@@ -349,20 +349,7 @@ void MarkedBlock::Handle::didAddToDirectory(BlockDirectory* directory, size_t in
     m_atomsPerCell = (cellSize + atomSize - 1) / atomSize;
     m_endAtom = endAtom - m_atomsPerCell + 1;
     
-    if (directory->attributes().securityKind == SecurityKind::JSValueOOB) {
-        // If we are going to be used for JSValueOOB allocations, then we may need to zero the block.
-        // We don't have to zero it if it was already used for JSValues in the same security origin.
-        // It's tempting to say that this means that we don't have to zero it if it's coming from
-        // JSValueStrict, but since JSValueStrict doesn't zero when converting from DangerousBits, that
-        // would not be sound.
-        
-        if (m_attributes.securityKind != SecurityKind::JSValueOOB
-            || m_securityOriginToken != securityOriginToken)
-            memset(&block(), 0, m_endAtom * atomSize);
-    }
-    
     m_attributes = directory->attributes();
-    m_securityOriginToken = securityOriginToken;
 
     if (m_attributes.cellKind != HeapCell::JSCell)
         RELEASE_ASSERT(m_attributes.destruction == DoesNotNeedDestruction);
index 55b5289..7d14eec 100644 (file)
@@ -25,7 +25,6 @@
 #include "DestructionMode.h"
 #include "HeapCell.h"
 #include "IterationStatus.h"
-#include "SecurityOriginToken.h"
 #include "WeakSet.h"
 #include <wtf/Atomics.h>
 #include <wtf/Bitmap.h>
@@ -190,13 +189,11 @@ public:
         
         void removeFromDirectory();
         
-        void didAddToDirectory(BlockDirectory*, size_t index, SecurityOriginToken);
+        void didAddToDirectory(BlockDirectory*, size_t index);
         void didRemoveFromDirectory();
         
         void dumpState(PrintStream&);
         
-        SecurityOriginToken securityOriginToken() const { return m_securityOriginToken; }
-        
     private:
         Handle(Heap&, AlignedMemoryAllocator*, void*);
         
@@ -232,8 +229,6 @@ public:
         WeakSet m_weakSet;
         
         MarkedBlock* m_block { nullptr };
-        
-        SecurityOriginToken m_securityOriginToken { 0 };
     };
 
 private:    
diff --git a/Source/JavaScriptCore/heap/SecurityKind.cpp b/Source/JavaScriptCore/heap/SecurityKind.cpp
deleted file mode 100644 (file)
index 8cb9482..0000000
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright (C) 2018 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#include "config.h"
-#include "SecurityKind.h"
-
-#include <wtf/Assertions.h>
-#include <wtf/PrintStream.h>
-
-namespace WTF {
-
-void printInternal(PrintStream& out, JSC::SecurityKind securityKind)
-{
-    switch (securityKind) {
-    case JSC::SecurityKind::JSValueOOB:
-        out.print("JSValueOOB");
-        return;
-    case JSC::SecurityKind::JSValueStrict:
-        out.print("JSValueStrict");
-        return;
-    case JSC::SecurityKind::DangerousBits:
-        out.print("DangerousBits");
-        return;
-    }
-    RELEASE_ASSERT_NOT_REACHED();
-}
-
-} // namespace WTF
-
diff --git a/Source/JavaScriptCore/heap/SecurityKind.h b/Source/JavaScriptCore/heap/SecurityKind.h
deleted file mode 100644 (file)
index def2e77..0000000
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright (C) 2018 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#pragma once
-
-namespace JSC {
-
-// NOTE: SecurityKind is for distancing. But caging implies distancing. So, things that have their own
-// cages (like typed arrays) don't need to worry about the security kind.
-enum class SecurityKind : uint8_t {
-    // The JSValueOOB security kind is for cells that contain JValues and can be accessed out-of-bounds
-    // up to minimumDistanceBetweenCellsFromDifferentOrigins.
-    //
-    // JSValues can reference cells in JSValueOOB. Therefore, JSValues can only reference cells in
-    // JSValueOOB - otherwise a Spectre OOB attack would be able to violate the rules of JSValueStrict
-    // and DangerousBits.
-    //
-    // The OOB space is the space that depends on the heap's distancing to do OOB protection.
-    JSValueOOB,
-    
-    // The JSValueStrict security kind is for cells that contain JSValues but cannot be accessed
-    // out-of-bounds. Currently, it's not essential to keep this separate from DangerousBits. We're
-    // using this to get some wiggle room for how we handle array elements. For example, we might want
-    // to allow OOB reads but not OOB writes, since JSValueStrict contains only JSValues and length fields.
-    // Using Spectre to read the length fields is not useful for attackers since they can read them anyway.
-    // So, they will only want to write to length fields, in order to confuse a subsequent bounds check.
-    // They can do that within a speculation window. However, we currently use precise index masking for
-    // this.
-    //
-    // It's illegal to use this for any subclass of JSObject, JSString, or Symbol, or any other cell
-    // that could be referenced from a JSValue. You must use poisoned pointers to point at these cells.
-    JSValueStrict,
-    
-    // The DangerousBits security kind is for cells that contain values that could be usefully type-
-    // confused with JSValue.
-    //
-    // It's illegal to use this for any subclass of JSObject, JSString, or Symbol, or any other cell
-    // that could be referenced from a JSValue. You must use poisoned pointers to point at these cells.
-    DangerousBits
-};
-
-} // namespace JSC
-
-namespace WTF {
-
-class PrintStream;
-
-void printInternal(PrintStream&, JSC::SecurityKind);
-
-} // namespace WTF
-
diff --git a/Source/JavaScriptCore/heap/SecurityOriginToken.cpp b/Source/JavaScriptCore/heap/SecurityOriginToken.cpp
deleted file mode 100644 (file)
index 28f4bef..0000000
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright (C) 2018 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#include "config.h"
-#include "SecurityOriginToken.h"
-
-#include <wtf/Atomics.h>
-
-namespace JSC {
-
-SecurityOriginToken uniqueSecurityOriginToken()
-{
-    static SecurityOriginToken counter;
-    return WTF::atomicExchangeAdd(&counter, 1) + 1;
-}
-
-} // namespace JSC
-
diff --git a/Source/JavaScriptCore/heap/SecurityOriginToken.h b/Source/JavaScriptCore/heap/SecurityOriginToken.h
deleted file mode 100644 (file)
index 34c1d9e..0000000
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Copyright (C) 2018 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#pragma once
-
-namespace JSC {
-
-typedef uint64_t SecurityOriginToken;
-
-JS_EXPORT_PRIVATE SecurityOriginToken uniqueSecurityOriginToken();
-
-} // namespace JSC
-
index 8b61905..6fde055 100644 (file)
 
 namespace JSC {
 
-RefPtr<ThreadLocalCache> ThreadLocalCache::create(Heap& heap, SecurityOriginToken securityOriginToken)
+RefPtr<ThreadLocalCache> ThreadLocalCache::create(Heap& heap)
 {
-    return adoptRef(new ThreadLocalCache(heap, securityOriginToken));
+    return adoptRef(new ThreadLocalCache(heap));
 }
 
-ThreadLocalCache::ThreadLocalCache(Heap& heap, SecurityOriginToken securityOriginToken)
+ThreadLocalCache::ThreadLocalCache(Heap& heap)
     : m_heap(heap)
-    , m_securityOriginToken(securityOriginToken)
 {
     m_data = allocateData();
 }
index 2d8d067..e8842ec 100644 (file)
@@ -27,7 +27,6 @@
 
 #include "AllocationFailureMode.h"
 #include "LocalAllocator.h"
-#include "SecurityOriginToken.h"
 #include <wtf/FastMalloc.h>
 #include <wtf/FastTLS.h>
 #include <wtf/ThreadSafeRefCounted.h>
@@ -43,7 +42,7 @@ class ThreadLocalCache : public ThreadSafeRefCounted<ThreadLocalCache> {
     WTF_MAKE_FAST_ALLOCATED;
     
 public:
-    JS_EXPORT_PRIVATE static RefPtr<ThreadLocalCache> create(Heap&, SecurityOriginToken = uniqueSecurityOriginToken());
+    JS_EXPORT_PRIVATE static RefPtr<ThreadLocalCache> create(Heap&);
     
     JS_EXPORT_PRIVATE virtual ~ThreadLocalCache();
 
@@ -63,10 +62,8 @@ public:
     static ptrdiff_t offsetOfSizeInData() { return OBJECT_OFFSETOF(Data, size); }
     static ptrdiff_t offsetOfFirstAllocatorInData() { return OBJECT_OFFSETOF(Data, allocator); }
     
-    SecurityOriginToken securityOriginToken() const { return m_securityOriginToken; }
-
 protected:    
-    JS_EXPORT_PRIVATE ThreadLocalCache(Heap&, SecurityOriginToken);
+    JS_EXPORT_PRIVATE ThreadLocalCache(Heap&);
     
 private:
     friend class VM;
@@ -99,8 +96,6 @@ private:
     Heap& m_heap;
     Data* m_data { nullptr };
     
-    SecurityOriginToken m_securityOriginToken;
-
 #if USE(FAST_TLS_FOR_TLC)
     static const pthread_key_t tlsKey = WTF_GC_TLC_KEY;
 #endif
index b2c0426..3972143 100644 (file)
@@ -39,7 +39,7 @@ struct JSDestructibleObjectDestroyFunc {
 };
 
 JSDestructibleObjectHeapCellType::JSDestructibleObjectHeapCellType()
-    : HeapCellType(CellAttributes(NeedsDestruction, HeapCell::JSCell, SecurityKind::JSValueOOB))
+    : HeapCellType(CellAttributes(NeedsDestruction, HeapCell::JSCell))
 {
 }
 
index 8f840cc..056a5cf 100644 (file)
@@ -339,7 +339,7 @@ static EncodedJSValue JSC_HOST_CALL enqueueJob(ExecState* exec)
     return JSValue::encode(jsUndefined());
 }
 
-JSGlobalObject::JSGlobalObject(VM& vm, Structure* structure, const GlobalObjectMethodTable* globalObjectMethodTable, RefPtr<ThreadLocalCache> threadLocalCache)
+JSGlobalObject::JSGlobalObject(VM& vm, Structure* structure, const GlobalObjectMethodTable* globalObjectMethodTable)
     : Base(vm, structure, 0)
     , m_vm(vm)
     , m_masqueradesAsUndefinedWatchpoint(adoptRef(new WatchpointSet(IsWatched)))
@@ -356,7 +356,6 @@ JSGlobalObject::JSGlobalObject(VM& vm, Structure* structure, const GlobalObjectM
     , m_numberToStringWatchpoint(IsWatched)
     , m_runtimeFlags()
     , m_globalObjectMethodTable(globalObjectMethodTable ? globalObjectMethodTable : &s_globalObjectMethodTable)
-    , m_threadLocalCache(threadLocalCache ? WTFMove(threadLocalCache) : vm.defaultThreadLocalCache)
 {
 }
 
index 574c60b..570e4b8 100644 (file)
@@ -496,7 +496,7 @@ public:
     const RuntimeFlags& runtimeFlags() const { return m_runtimeFlags; }
 
 protected:
-    JS_EXPORT_PRIVATE explicit JSGlobalObject(VM&, Structure*, const GlobalObjectMethodTable* = nullptr, RefPtr<ThreadLocalCache> = nullptr);
+    JS_EXPORT_PRIVATE explicit JSGlobalObject(VM&, Structure*, const GlobalObjectMethodTable* = nullptr);
 
     JS_EXPORT_PRIVATE void finishCreation(VM&);
 
@@ -905,8 +905,6 @@ public:
     void setWrapperMap(std::unique_ptr<WrapperMap>&&);
 #endif
 
-    ThreadLocalCache& threadLocalCache() const { return *m_threadLocalCache.get(); }
-
 protected:
     struct GlobalPropertyInfo {
         GlobalPropertyInfo(const Identifier& i, JSValue v, unsigned a)
@@ -940,7 +938,6 @@ private:
 #ifdef JSC_GLIB_API_ENABLED
     std::unique_ptr<WrapperMap> m_wrapperMap;
 #endif
-    RefPtr<ThreadLocalCache> m_threadLocalCache;
 };
 
 inline JSArray* constructEmptyArray(ExecState* exec, ArrayAllocationProfile* profile, JSGlobalObject* globalObject, unsigned initialLength = 0, JSValue newTarget = JSValue())
index 4c46ed0..e2065eb 100644 (file)
@@ -39,7 +39,7 @@ struct JSSegmentedVariableObjectDestroyFunc {
 };
 
 JSSegmentedVariableObjectHeapCellType::JSSegmentedVariableObjectHeapCellType()
-    : HeapCellType(CellAttributes(NeedsDestruction, HeapCell::JSCell, SecurityKind::JSValueOOB))
+    : HeapCellType(CellAttributes(NeedsDestruction, HeapCell::JSCell))
 {
 }
 
index dd4c70e..347521a 100644 (file)
@@ -39,7 +39,7 @@ struct JSStringDestroyFunc {
 };
 
 JSStringHeapCellType::JSStringHeapCellType()
-    : HeapCellType(CellAttributes(NeedsDestruction, HeapCell::JSCell, SecurityKind::JSValueOOB))
+    : HeapCellType(CellAttributes(NeedsDestruction, HeapCell::JSCell))
 {
 }
 
index da21bcb..d300e87 100644 (file)
@@ -233,19 +233,18 @@ VM::VM(VMType vmType, HeapType heapType)
     , fastMallocAllocator(std::make_unique<FastMallocAlignedMemoryAllocator>())
     , primitiveGigacageAllocator(std::make_unique<GigacageAlignedMemoryAllocator>(Gigacage::Primitive))
     , jsValueGigacageAllocator(std::make_unique<GigacageAlignedMemoryAllocator>(Gigacage::JSValue))
-    , auxiliaryJSValueStrictHeapCellType(std::make_unique<HeapCellType>(CellAttributes(DoesNotNeedDestruction, HeapCell::Auxiliary, SecurityKind::JSValueStrict)))
-    , auxiliaryDangerousBitsHeapCellType(std::make_unique<HeapCellType>(CellAttributes(DoesNotNeedDestruction, HeapCell::Auxiliary, SecurityKind::DangerousBits)))
-    , cellJSValueOOBHeapCellType(std::make_unique<HeapCellType>(CellAttributes(DoesNotNeedDestruction, HeapCell::JSCell, SecurityKind::JSValueOOB)))
-    , cellDangerousBitsHeapCellType(std::make_unique<HeapCellType>(CellAttributes(DoesNotNeedDestruction, HeapCell::JSCell, SecurityKind::JSValueOOB)))
-    , destructibleCellHeapCellType(std::make_unique<HeapCellType>(CellAttributes(NeedsDestruction, HeapCell::JSCell, SecurityKind::DangerousBits)))
+    , auxiliaryHeapCellType(std::make_unique<HeapCellType>(CellAttributes(DoesNotNeedDestruction, HeapCell::Auxiliary)))
+    , cellJSValueOOBHeapCellType(std::make_unique<HeapCellType>(CellAttributes(DoesNotNeedDestruction, HeapCell::JSCell)))
+    , cellDangerousBitsHeapCellType(std::make_unique<HeapCellType>(CellAttributes(DoesNotNeedDestruction, HeapCell::JSCell)))
+    , destructibleCellHeapCellType(std::make_unique<HeapCellType>(CellAttributes(NeedsDestruction, HeapCell::JSCell)))
     , stringHeapCellType(std::make_unique<JSStringHeapCellType>())
     , destructibleObjectHeapCellType(std::make_unique<JSDestructibleObjectHeapCellType>())
     , segmentedVariableObjectHeapCellType(std::make_unique<JSSegmentedVariableObjectHeapCellType>())
 #if ENABLE(WEBASSEMBLY)
     , webAssemblyCodeBlockHeapCellType(std::make_unique<JSWebAssemblyCodeBlockHeapCellType>())
 #endif
-    , primitiveGigacageAuxiliarySpace("Primitive Gigacage Auxiliary", heap, auxiliaryDangerousBitsHeapCellType.get(), primitiveGigacageAllocator.get())
-    , jsValueGigacageAuxiliarySpace("JSValue Gigacage Auxiliary", heap, auxiliaryJSValueStrictHeapCellType.get(), jsValueGigacageAllocator.get())
+    , primitiveGigacageAuxiliarySpace("Primitive Gigacage Auxiliary", heap, auxiliaryHeapCellType.get(), primitiveGigacageAllocator.get())
+    , jsValueGigacageAuxiliarySpace("JSValue Gigacage Auxiliary", heap, auxiliaryHeapCellType.get(), jsValueGigacageAllocator.get())
     , cellJSValueOOBSpace("JSCell JSValueOOB", heap, cellJSValueOOBHeapCellType.get(), fastMallocAllocator.get())
     , cellDangerousBitsSpace("JSCell DangerousBits", heap, cellDangerousBitsHeapCellType.get(), fastMallocAllocator.get())
     , jsValueGigacageCellSpace("JSValue Gigacage JSCell", heap, cellJSValueOOBHeapCellType.get(), jsValueGigacageAllocator.get())
index 0332cf3..f0020aa 100644 (file)
@@ -293,8 +293,7 @@ public:
     std::unique_ptr<GigacageAlignedMemoryAllocator> primitiveGigacageAllocator;
     std::unique_ptr<GigacageAlignedMemoryAllocator> jsValueGigacageAllocator;
 
-    std::unique_ptr<HeapCellType> auxiliaryJSValueStrictHeapCellType;
-    std::unique_ptr<HeapCellType> auxiliaryDangerousBitsHeapCellType;
+    std::unique_ptr<HeapCellType> auxiliaryHeapCellType;
     std::unique_ptr<HeapCellType> cellJSValueOOBHeapCellType;
     std::unique_ptr<HeapCellType> cellDangerousBitsHeapCellType;
     std::unique_ptr<HeapCellType> destructibleCellHeapCellType;
index d10915a..c2e0c1d 100644 (file)
@@ -30,7 +30,6 @@
 #include "JSGlobalObject.h"
 #include "Options.h"
 #include "SamplingProfiler.h"
-#include "ThreadLocalCacheInlines.h"
 #include "VM.h"
 #include "Watchdog.h"
 #include <wtf/StackBounds.h>
@@ -42,7 +41,6 @@ VMEntryScope::VMEntryScope(VM& vm, JSGlobalObject* globalObject)
     : m_vm(vm)
     , m_globalObject(globalObject)
 {
-    globalObject->threadLocalCache().install(vm, &m_previousTLC);
     ASSERT(!DisallowVMReentry::isInEffectOnCurrentThread());
     ASSERT(Thread::current().stack().isGrowingDownward());
     if (!vm.entryScope) {
index 058ea06..cf8198d 100644 (file)
@@ -43,7 +43,7 @@ struct JSWebAssemblyCodeBlockDestroyFunc {
 };
 
 JSWebAssemblyCodeBlockHeapCellType::JSWebAssemblyCodeBlockHeapCellType()
-    : HeapCellType(CellAttributes(NeedsDestruction, HeapCell::JSCell, SecurityKind::DangerousBits))
+    : HeapCellType(CellAttributes(NeedsDestruction, HeapCell::JSCell))
 {
 }
 
index 1b06505..096462b 100644 (file)
@@ -1,3 +1,25 @@
+2018-04-03  Filip Pizlo  <fpizlo@apple.com>
+
+        GC shouldn't do object distancing
+        https://bugs.webkit.org/show_bug.cgi?id=184195
+
+        Reviewed by Saam Barati.
+
+        No new tests because no change in behavior.
+
+        * Sources.txt:
+        * WebCore.xcodeproj/project.pbxproj:
+        * bindings/js/JSDOMGlobalObject.cpp:
+        (WebCore::JSDOMGlobalObject::JSDOMGlobalObject):
+        * bindings/js/JSDOMGlobalObject.h:
+        * bindings/js/JSDOMWindowBase.cpp:
+        (WebCore::JSDOMWindowBase::JSDOMWindowBase):
+        * dom/Document.cpp:
+        (WebCore::Document::threadLocalCache): Deleted.
+        * dom/Document.h:
+        * page/OriginThreadLocalCache.cpp: Removed.
+        * page/OriginThreadLocalCache.h: Removed.
+
 2018-04-03  Brent Fulgham  <bfulgham@apple.com>
 
         Guard against keychain/certificate access outside the network process
index d040ad8..ff942b3 100644 (file)
@@ -1347,7 +1347,6 @@ page/MouseEventWithHitTestResults.cpp
 page/Navigator.cpp
 page/NavigatorBase.cpp
 page/OriginAccessEntry.cpp
-page/OriginThreadLocalCache.cpp
 page/Page.cpp
 page/PageConfiguration.cpp
 page/PageConsoleClient.cpp
index 4ea8b63..84260c5 100644 (file)
                0F580CFF0F12DE9B0051D689 /* RenderLayerBacking.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F580CFB0F12DE9B0051D689 /* RenderLayerBacking.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0F580FA31496939100FB5BD8 /* WebTiledBackingLayer.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F580FA11496939100FB5BD8 /* WebTiledBackingLayer.h */; };
                0F580FAF149800D400FB5BD8 /* AnimationUtilities.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F580FAE149800D400FB5BD8 /* AnimationUtilities.h */; settings = {ATTRIBUTES = (Private, ); }; };
-               0F5B408A20212F770080F913 /* OriginThreadLocalCache.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5B408820212F730080F913 /* OriginThreadLocalCache.h */; };
                0F5B7A5510F65D7A00376302 /* RenderEmbeddedObject.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5B7A5310F65D7A00376302 /* RenderEmbeddedObject.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0F5E200618E771FC003EC3E5 /* PlatformCAAnimationCocoa.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5E200518E771FC003EC3E5 /* PlatformCAAnimationCocoa.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0F605AED15F94848004DF0C0 /* ScrollingConstraints.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F605AEB15F94848004DF0C0 /* ScrollingConstraints.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0F580FA11496939100FB5BD8 /* WebTiledBackingLayer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WebTiledBackingLayer.h; sourceTree = "<group>"; };
                0F580FA21496939100FB5BD8 /* WebTiledBackingLayer.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WebTiledBackingLayer.mm; sourceTree = "<group>"; };
                0F580FAE149800D400FB5BD8 /* AnimationUtilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AnimationUtilities.h; sourceTree = "<group>"; };
-               0F5B408820212F730080F913 /* OriginThreadLocalCache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OriginThreadLocalCache.h; sourceTree = "<group>"; };
-               0F5B408920212F730080F913 /* OriginThreadLocalCache.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = OriginThreadLocalCache.cpp; sourceTree = "<group>"; };
                0F5B7A5210F65D7A00376302 /* RenderEmbeddedObject.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RenderEmbeddedObject.cpp; sourceTree = "<group>"; };
                0F5B7A5310F65D7A00376302 /* RenderEmbeddedObject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RenderEmbeddedObject.h; sourceTree = "<group>"; };
                0F5E200518E771FC003EC3E5 /* PlatformCAAnimationCocoa.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PlatformCAAnimationCocoa.h; sourceTree = "<group>"; };
                                5182C24B1F313AE00059BA7C /* NavigatorServiceWorker.idl */,
                                00146288103CD1DE000B20DB /* OriginAccessEntry.cpp */,
                                00146289103CD1DE000B20DB /* OriginAccessEntry.h */,
-                               0F5B408920212F730080F913 /* OriginThreadLocalCache.cpp */,
-                               0F5B408820212F730080F913 /* OriginThreadLocalCache.h */,
                                65FEA86809833ADE00BED4AB /* Page.cpp */,
                                65A21467097A329100B9050A /* Page.h */,
                                CD5E5B601A15F156000C609E /* PageConfiguration.cpp */,
                                4184F5161EAF05A800F18BF0 /* OrientationNotifier.h in Headers */,
                                0014628B103CD1DE000B20DB /* OriginAccessEntry.h in Headers */,
                                FE9E89FC16E2DC0500A908F8 /* OriginLock.h in Headers */,
-                               0F5B408A20212F770080F913 /* OriginThreadLocalCache.h in Headers */,
                                FD581FAF1520F91F003A7A75 /* OscillatorNode.h in Headers */,
                                BC5EB5DD0E81B8DD00B25965 /* OutlineValue.h in Headers */,
                                7A29F57218C69514004D0F81 /* OutOfBandTextTrackPrivateAVF.h in Headers */,
index 7a35484..7150019 100644 (file)
@@ -56,8 +56,8 @@ EncodedJSValue JSC_HOST_CALL isReadableByteStreamAPIEnabled(ExecState*);
 
 const ClassInfo JSDOMGlobalObject::s_info = { "DOMGlobalObject", &JSGlobalObject::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSDOMGlobalObject) };
 
-JSDOMGlobalObject::JSDOMGlobalObject(VM& vm, Structure* structure, Ref<DOMWrapperWorld>&& world, const GlobalObjectMethodTable* globalObjectMethodTable, RefPtr<JSC::ThreadLocalCache>&& threadLocalCache)
-    : JSGlobalObject(vm, structure, globalObjectMethodTable, WTFMove(threadLocalCache))
+JSDOMGlobalObject::JSDOMGlobalObject(VM& vm, Structure* structure, Ref<DOMWrapperWorld>&& world, const GlobalObjectMethodTable* globalObjectMethodTable)
+    : JSGlobalObject(vm, structure, globalObjectMethodTable)
     , m_world(WTFMove(world))
     , m_worldIsNormal(m_world->isNormal())
     , m_builtinInternalFunctions(vm)
index ae1caee..93dc5a0 100644 (file)
@@ -31,7 +31,6 @@
 #include <JavaScriptCore/JSGlobalObject.h>
 #include <JavaScriptCore/LockDuringMarking.h>
 #include <JavaScriptCore/StructureInlines.h>
-#include <JavaScriptCore/ThreadLocalCache.h>
 
 namespace WebCore {
 
@@ -49,7 +48,7 @@ class WEBCORE_EXPORT JSDOMGlobalObject : public JSC::JSGlobalObject {
 protected:
     struct JSDOMGlobalObjectData;
 
-    JSDOMGlobalObject(JSC::VM&, JSC::Structure*, Ref<DOMWrapperWorld>&&, const JSC::GlobalObjectMethodTable* = nullptr, RefPtr<JSC::ThreadLocalCache>&& = nullptr);
+    JSDOMGlobalObject(JSC::VM&, JSC::Structure*, Ref<DOMWrapperWorld>&&, const JSC::GlobalObjectMethodTable* = nullptr);
     static void destroy(JSC::JSCell*);
     void finishCreation(JSC::VM&);
     void finishCreation(JSC::VM&, JSC::JSObject*);
index afa66ad..22bc435 100644 (file)
@@ -79,7 +79,7 @@ const GlobalObjectMethodTable JSDOMWindowBase::s_globalObjectMethodTable = {
 };
 
 JSDOMWindowBase::JSDOMWindowBase(VM& vm, Structure* structure, RefPtr<DOMWindow>&& window, JSDOMWindowProxy* proxy)
-    : JSDOMGlobalObject(vm, structure, proxy->world(), &s_globalObjectMethodTable, window ? &window->document()->threadLocalCache() : nullptr)
+    : JSDOMGlobalObject(vm, structure, proxy->world(), &s_globalObjectMethodTable)
     , m_windowCloseWatchpoints((window && window->frame()) ? IsWatched : IsInvalidated)
     , m_wrapped(WTFMove(window))
     , m_proxy(proxy)
index 085dfa8..ce1beaf 100644 (file)
 #include "NodeRareData.h"
 #include "NodeWithIndex.h"
 #include "OriginAccessEntry.h"
-#include "OriginThreadLocalCache.h"
 #include "OverflowEvent.h"
 #include "PageConsoleClient.h"
 #include "PageGroup.h"
@@ -7767,16 +7766,4 @@ void Document::setServiceWorkerConnection(SWClientConnection* serviceWorkerConne
 }
 #endif
 
-JSC::ThreadLocalCache& Document::threadLocalCache()
-{
-    if (!m_threadLocalCache) {
-        SecurityOrigin& origin = securityOrigin();
-        if (origin.isUnique() || (origin.isLocal() && origin.enforcesFilePathSeparation()))
-            m_threadLocalCache = JSC::ThreadLocalCache::create(commonVM().heap);
-        else
-            m_threadLocalCache = OriginThreadLocalCache::create(origin);
-    }
-    return *m_threadLocalCache;
-}
-
 } // namespace WebCore
index f004c89..bae9f2f 100644 (file)
@@ -52,7 +52,6 @@
 #include "UserActionElementSet.h"
 #include "ViewportArguments.h"
 #include "VisibilityState.h"
-#include <JavaScriptCore/ThreadLocalCache.h>
 #include <pal/SessionID.h>
 #include <wtf/Deque.h>
 #include <wtf/Forward.h>
@@ -1414,8 +1413,6 @@ public:
     bool handlingTouchEvent() const { return m_handlingTouchEvent; }
 #endif
 
-    JSC::ThreadLocalCache& threadLocalCache();
-
 #if HAVE(CFNETWORK_STORAGE_PARTITIONING)
     bool hasRequestedPageSpecificStorageAccessWithUserInteraction(const String& primaryDomain);
     void setHasRequestedPageSpecificStorageAccessWithUserInteraction(const String& primaryDomain);
@@ -1906,8 +1903,6 @@ private:
 
     HashSet<ApplicationStateChangeListener*> m_applicationStateChangeListeners;
     
-    RefPtr<JSC::ThreadLocalCache> m_threadLocalCache;
-
 #if HAVE(CFNETWORK_STORAGE_PARTITIONING)
     String m_primaryDomainRequestedPageSpecificStorageAccessWithUserInteraction { };
 #endif
diff --git a/Source/WebCore/page/OriginThreadLocalCache.cpp b/Source/WebCore/page/OriginThreadLocalCache.cpp
deleted file mode 100644 (file)
index c2775a0..0000000
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright (C) 2018 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#include "config.h"
-#include "OriginThreadLocalCache.h"
-
-#include "CommonVM.h"
-#include "SecurityOriginHash.h"
-#include <wtf/HashMap.h>
-#include <wtf/NeverDestroyed.h>
-
-namespace WebCore {
-
-typedef HashMap<RefPtr<SecurityOrigin>, OriginThreadLocalCache*> ThreadLocalCacheMap;
-
-static ThreadLocalCacheMap& threadLocalCacheMap()
-{
-    static NeverDestroyed<ThreadLocalCacheMap> map;
-    return map;
-}
-
-Ref<OriginThreadLocalCache> OriginThreadLocalCache::create(SecurityOrigin& key)
-{
-    auto iter = threadLocalCacheMap().find(&key);
-    if (iter != threadLocalCacheMap().end())
-        return *iter->value;
-    
-    return adoptRef(*new OriginThreadLocalCache(key));
-}
-
-OriginThreadLocalCache::~OriginThreadLocalCache()
-{
-    bool result = threadLocalCacheMap().remove(m_key);
-    RELEASE_ASSERT(result);
-}
-
-OriginThreadLocalCache::OriginThreadLocalCache(SecurityOrigin& key)
-    : ThreadLocalCache(commonVM().heap, JSC::uniqueSecurityOriginToken())
-    , m_key(&key)
-{
-    auto result = threadLocalCacheMap().add(&key, this);
-    RELEASE_ASSERT(result);
-}
-
-} // namespace WebCore
-
diff --git a/Source/WebCore/page/OriginThreadLocalCache.h b/Source/WebCore/page/OriginThreadLocalCache.h
deleted file mode 100644 (file)
index 8fbf1bf..0000000
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (C) 2018 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#pragma once
-
-#include "SecurityOrigin.h"
-#include <JavaScriptCore/ThreadLocalCache.h>
-
-namespace WebCore {
-
-class OriginThreadLocalCache final : public JSC::ThreadLocalCache {
-public:
-    static Ref<OriginThreadLocalCache> create(SecurityOrigin&);
-    
-    ~OriginThreadLocalCache() override;
-
-private:
-    explicit OriginThreadLocalCache(SecurityOrigin&);
-    
-    RefPtr<SecurityOrigin> m_key;
-};
-
-} // namespace WebCore
-