Put more WebCore/WebKit JS objects into IsoSubspace
authorysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 3 Jan 2020 20:04:47 +0000 (20:04 +0000)
committerysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 3 Jan 2020 20:04:47 +0000 (20:04 +0000)
https://bugs.webkit.org/show_bug.cgi?id=205711

Reviewed by Keith Miller.

Source/WebCore:

This patch puts more JS objects into IsoSubspace, mainly focusing on JS objects defined manually (not using CodeGeneratorJS.pm).

No behavior change.

* bindings/js/JSDOMBuiltinConstructor.h:
(WebCore::JSDOMBuiltinConstructor::JSDOMBuiltinConstructor): Deleted.
(WebCore::JSDOMBuiltinConstructor::initializeProperties): Deleted.
* bindings/js/JSDOMBuiltinConstructorBase.cpp:
(WebCore::JSDOMBuiltinConstructorBase::subspaceForImpl):
* bindings/js/JSDOMBuiltinConstructorBase.h:
(WebCore::JSDOMBuiltinConstructorBase::subspaceFor):
* bindings/js/JSDOMConstructor.h:
(WebCore::JSDOMConstructor::JSDOMConstructor): Deleted.
(WebCore::JSDOMConstructor::initializeProperties): Deleted.
* bindings/js/JSDOMConstructorBase.cpp:
(WebCore::JSDOMConstructorBase::subspaceForImpl):
* bindings/js/JSDOMConstructorBase.h:
(WebCore::JSDOMConstructorBase::subspaceFor):
* bindings/js/JSDOMConstructorNotConstructable.h:
(WebCore::JSDOMConstructorNotConstructable::JSDOMConstructorNotConstructable): Deleted.
(WebCore::JSDOMConstructorNotConstructable::initializeProperties): Deleted.
(WebCore::JSDOMConstructorNotConstructable::callThrowTypeError): Deleted.
(WebCore::JSDOMConstructorNotConstructable::getCallData): Deleted.
* bindings/js/JSDOMIterator.h:
(WebCore::JSDOMIteratorPrototype::create): Deleted.
(WebCore::JSDOMIteratorPrototype::createStructure): Deleted.
(WebCore::JSDOMIteratorPrototype::JSDOMIteratorPrototype): Deleted.
* bindings/js/JSDOMNamedConstructor.h:
(WebCore::JSDOMNamedConstructor::JSDOMNamedConstructor): Deleted.
(WebCore::JSDOMNamedConstructor::initializeProperties): Deleted.
* bindings/js/JSDOMWindowProperties.cpp:
(WebCore::JSDOMWindowProperties::subspaceForImpl):
* bindings/js/JSDOMWindowProperties.h:
(WebCore::JSDOMWindowProperties::create): Deleted.
(WebCore::JSDOMWindowProperties::createStructure): Deleted.
(WebCore::JSDOMWindowProperties::JSDOMWindowProperties): Deleted.
* bindings/js/JSWindowProxy.cpp:
(WebCore::JSWindowProxy::subspaceForImpl):
* bindings/js/JSWindowProxy.h:
* bindings/js/WebCoreJSClientData.cpp:
(WebCore::JSVMClientData::JSVMClientData):
* bindings/js/WebCoreJSClientData.h:
(WebCore::JSVMClientData::domBuiltinConstructorSpace):
(WebCore::JSVMClientData::domConstructorSpace):
(WebCore::JSVMClientData::domWindowPropertiesSpace):
(WebCore::JSVMClientData::runtimeArraySpace):
(WebCore::JSVMClientData::runtimeObjectSpace):
(WebCore::JSVMClientData::windowProxySpace):
* bridge/c/CRuntimeObject.h:
(JSC::Bindings::CRuntimeObject::create): Deleted.
(JSC::Bindings::CRuntimeObject::createStructure): Deleted.
* bridge/c/c_instance.cpp:
(JSC::Bindings::CInstance::getMethod):
(JSC::Bindings::CRuntimeMethod::create): Deleted.
(JSC::Bindings::CRuntimeMethod::createStructure): Deleted.
(JSC::Bindings::CRuntimeMethod::CRuntimeMethod): Deleted.
(JSC::Bindings::CRuntimeMethod::finishCreation): Deleted.
* bridge/objc/ObjCRuntimeObject.h:
(JSC::Bindings::ObjCRuntimeObject::create): Deleted.
(JSC::Bindings::ObjCRuntimeObject::createStructure): Deleted.
* bridge/objc/objc_instance.mm:
(ObjCRuntimeMethod::create): Deleted.
(ObjCRuntimeMethod::createStructure): Deleted.
(ObjCRuntimeMethod::ObjCRuntimeMethod): Deleted.
(ObjCRuntimeMethod::finishCreation): Deleted.
* bridge/objc/objc_runtime.h:
(JSC::Bindings::ObjcFallbackObjectImp::create): Deleted.
(JSC::Bindings::ObjcFallbackObjectImp::propertyName const): Deleted.
(JSC::Bindings::ObjcFallbackObjectImp::createPrototype): Deleted.
(JSC::Bindings::ObjcFallbackObjectImp::createStructure): Deleted.
* bridge/objc/objc_runtime.mm:
(JSC::Bindings::ObjcFallbackObjectImp::subspaceForImpl):
* bridge/runtime_array.cpp:
(JSC::RuntimeArray::RuntimeArray):
(JSC::RuntimeArray::subspaceForImpl):
* bridge/runtime_array.h:
(JSC::RuntimeArray::create): Deleted.
(JSC::RuntimeArray::getLength const): Deleted.
(JSC::RuntimeArray::getConcreteArray const): Deleted.
(JSC::RuntimeArray::createPrototype): Deleted.
(JSC::RuntimeArray::createStructure): Deleted.
* bridge/runtime_method.cpp:
(JSC::RuntimeMethod::RuntimeMethod):
* bridge/runtime_method.h:
* bridge/runtime_object.cpp:
(JSC::Bindings::RuntimeObject::RuntimeObject):
(JSC::Bindings::RuntimeObject::subspaceForImpl):
* bridge/runtime_object.h:

Source/WebKit:

* WebProcess/Plugins/Netscape/JSNPMethod.h:
* WebProcess/Plugins/Netscape/JSNPObject.h:

Source/WebKitLegacy/mac:

* Plugins/Hosted/ProxyInstance.mm:
(WebKit::ProxyInstance::getMethod):
(WebKit::ProxyRuntimeMethod::create): Deleted.
(WebKit::ProxyRuntimeMethod::createStructure): Deleted.
(WebKit::ProxyRuntimeMethod::ProxyRuntimeMethod): Deleted.
(WebKit::ProxyRuntimeMethod::finishCreation): Deleted.
* Plugins/Hosted/ProxyRuntimeObject.h:
(WebKit::ProxyRuntimeObject::create): Deleted.
(WebKit::ProxyRuntimeObject::createStructure): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254010 268f45cc-cd09-0410-ab3c-d52691b4dbfc

34 files changed:
Source/WebCore/ChangeLog
Source/WebCore/bindings/js/JSDOMBuiltinConstructor.h
Source/WebCore/bindings/js/JSDOMBuiltinConstructorBase.cpp
Source/WebCore/bindings/js/JSDOMBuiltinConstructorBase.h
Source/WebCore/bindings/js/JSDOMConstructor.h
Source/WebCore/bindings/js/JSDOMConstructorBase.cpp
Source/WebCore/bindings/js/JSDOMConstructorBase.h
Source/WebCore/bindings/js/JSDOMConstructorNotConstructable.h
Source/WebCore/bindings/js/JSDOMIterator.h
Source/WebCore/bindings/js/JSDOMNamedConstructor.h
Source/WebCore/bindings/js/JSDOMWindowProperties.cpp
Source/WebCore/bindings/js/JSDOMWindowProperties.h
Source/WebCore/bindings/js/JSWindowProxy.cpp
Source/WebCore/bindings/js/JSWindowProxy.h
Source/WebCore/bindings/js/WebCoreJSClientData.cpp
Source/WebCore/bindings/js/WebCoreJSClientData.h
Source/WebCore/bridge/c/CRuntimeObject.h
Source/WebCore/bridge/c/c_instance.cpp
Source/WebCore/bridge/objc/ObjCRuntimeObject.h
Source/WebCore/bridge/objc/objc_instance.mm
Source/WebCore/bridge/objc/objc_runtime.h
Source/WebCore/bridge/objc/objc_runtime.mm
Source/WebCore/bridge/runtime_array.cpp
Source/WebCore/bridge/runtime_array.h
Source/WebCore/bridge/runtime_method.cpp
Source/WebCore/bridge/runtime_method.h
Source/WebCore/bridge/runtime_object.cpp
Source/WebCore/bridge/runtime_object.h
Source/WebKit/ChangeLog
Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.h
Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h
Source/WebKitLegacy/mac/ChangeLog
Source/WebKitLegacy/mac/Plugins/Hosted/ProxyInstance.mm
Source/WebKitLegacy/mac/Plugins/Hosted/ProxyRuntimeObject.h

index d66d087..6a3d2b4 100644 (file)
@@ -1,3 +1,99 @@
+2020-01-03  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        Put more WebCore/WebKit JS objects into IsoSubspace
+        https://bugs.webkit.org/show_bug.cgi?id=205711
+
+        Reviewed by Keith Miller.
+
+        This patch puts more JS objects into IsoSubspace, mainly focusing on JS objects defined manually (not using CodeGeneratorJS.pm).
+
+        No behavior change.
+
+        * bindings/js/JSDOMBuiltinConstructor.h:
+        (WebCore::JSDOMBuiltinConstructor::JSDOMBuiltinConstructor): Deleted.
+        (WebCore::JSDOMBuiltinConstructor::initializeProperties): Deleted.
+        * bindings/js/JSDOMBuiltinConstructorBase.cpp:
+        (WebCore::JSDOMBuiltinConstructorBase::subspaceForImpl):
+        * bindings/js/JSDOMBuiltinConstructorBase.h:
+        (WebCore::JSDOMBuiltinConstructorBase::subspaceFor):
+        * bindings/js/JSDOMConstructor.h:
+        (WebCore::JSDOMConstructor::JSDOMConstructor): Deleted.
+        (WebCore::JSDOMConstructor::initializeProperties): Deleted.
+        * bindings/js/JSDOMConstructorBase.cpp:
+        (WebCore::JSDOMConstructorBase::subspaceForImpl):
+        * bindings/js/JSDOMConstructorBase.h:
+        (WebCore::JSDOMConstructorBase::subspaceFor):
+        * bindings/js/JSDOMConstructorNotConstructable.h:
+        (WebCore::JSDOMConstructorNotConstructable::JSDOMConstructorNotConstructable): Deleted.
+        (WebCore::JSDOMConstructorNotConstructable::initializeProperties): Deleted.
+        (WebCore::JSDOMConstructorNotConstructable::callThrowTypeError): Deleted.
+        (WebCore::JSDOMConstructorNotConstructable::getCallData): Deleted.
+        * bindings/js/JSDOMIterator.h:
+        (WebCore::JSDOMIteratorPrototype::create): Deleted.
+        (WebCore::JSDOMIteratorPrototype::createStructure): Deleted.
+        (WebCore::JSDOMIteratorPrototype::JSDOMIteratorPrototype): Deleted.
+        * bindings/js/JSDOMNamedConstructor.h:
+        (WebCore::JSDOMNamedConstructor::JSDOMNamedConstructor): Deleted.
+        (WebCore::JSDOMNamedConstructor::initializeProperties): Deleted.
+        * bindings/js/JSDOMWindowProperties.cpp:
+        (WebCore::JSDOMWindowProperties::subspaceForImpl):
+        * bindings/js/JSDOMWindowProperties.h:
+        (WebCore::JSDOMWindowProperties::create): Deleted.
+        (WebCore::JSDOMWindowProperties::createStructure): Deleted.
+        (WebCore::JSDOMWindowProperties::JSDOMWindowProperties): Deleted.
+        * bindings/js/JSWindowProxy.cpp:
+        (WebCore::JSWindowProxy::subspaceForImpl):
+        * bindings/js/JSWindowProxy.h:
+        * bindings/js/WebCoreJSClientData.cpp:
+        (WebCore::JSVMClientData::JSVMClientData):
+        * bindings/js/WebCoreJSClientData.h:
+        (WebCore::JSVMClientData::domBuiltinConstructorSpace):
+        (WebCore::JSVMClientData::domConstructorSpace):
+        (WebCore::JSVMClientData::domWindowPropertiesSpace):
+        (WebCore::JSVMClientData::runtimeArraySpace):
+        (WebCore::JSVMClientData::runtimeObjectSpace):
+        (WebCore::JSVMClientData::windowProxySpace):
+        * bridge/c/CRuntimeObject.h:
+        (JSC::Bindings::CRuntimeObject::create): Deleted.
+        (JSC::Bindings::CRuntimeObject::createStructure): Deleted.
+        * bridge/c/c_instance.cpp:
+        (JSC::Bindings::CInstance::getMethod):
+        (JSC::Bindings::CRuntimeMethod::create): Deleted.
+        (JSC::Bindings::CRuntimeMethod::createStructure): Deleted.
+        (JSC::Bindings::CRuntimeMethod::CRuntimeMethod): Deleted.
+        (JSC::Bindings::CRuntimeMethod::finishCreation): Deleted.
+        * bridge/objc/ObjCRuntimeObject.h:
+        (JSC::Bindings::ObjCRuntimeObject::create): Deleted.
+        (JSC::Bindings::ObjCRuntimeObject::createStructure): Deleted.
+        * bridge/objc/objc_instance.mm:
+        (ObjCRuntimeMethod::create): Deleted.
+        (ObjCRuntimeMethod::createStructure): Deleted.
+        (ObjCRuntimeMethod::ObjCRuntimeMethod): Deleted.
+        (ObjCRuntimeMethod::finishCreation): Deleted.
+        * bridge/objc/objc_runtime.h:
+        (JSC::Bindings::ObjcFallbackObjectImp::create): Deleted.
+        (JSC::Bindings::ObjcFallbackObjectImp::propertyName const): Deleted.
+        (JSC::Bindings::ObjcFallbackObjectImp::createPrototype): Deleted.
+        (JSC::Bindings::ObjcFallbackObjectImp::createStructure): Deleted.
+        * bridge/objc/objc_runtime.mm:
+        (JSC::Bindings::ObjcFallbackObjectImp::subspaceForImpl):
+        * bridge/runtime_array.cpp:
+        (JSC::RuntimeArray::RuntimeArray):
+        (JSC::RuntimeArray::subspaceForImpl):
+        * bridge/runtime_array.h:
+        (JSC::RuntimeArray::create): Deleted.
+        (JSC::RuntimeArray::getLength const): Deleted.
+        (JSC::RuntimeArray::getConcreteArray const): Deleted.
+        (JSC::RuntimeArray::createPrototype): Deleted.
+        (JSC::RuntimeArray::createStructure): Deleted.
+        * bridge/runtime_method.cpp:
+        (JSC::RuntimeMethod::RuntimeMethod):
+        * bridge/runtime_method.h:
+        * bridge/runtime_object.cpp:
+        (JSC::Bindings::RuntimeObject::RuntimeObject):
+        (JSC::Bindings::RuntimeObject::subspaceForImpl):
+        * bridge/runtime_object.h:
+
 2020-01-03  Simon Fraser  <simon.fraser@apple.com>
 
         Add some shared schemes to the WebKit.xcworkspace
index f894f7d..95ad06e 100644 (file)
@@ -25,7 +25,7 @@
 
 namespace WebCore {
 
-template<typename JSClass> class JSDOMBuiltinConstructor : public JSDOMBuiltinConstructorBase {
+template<typename JSClass> class JSDOMBuiltinConstructor final : public JSDOMBuiltinConstructorBase {
 public:
     using Base = JSDOMBuiltinConstructorBase;
 
index d9eb1ff..8f3ff4b 100644 (file)
@@ -22,6 +22,7 @@
 #include "config.h"
 #include "JSDOMBuiltinConstructorBase.h"
 
+#include "WebCoreJSClientData.h"
 #include <JavaScriptCore/JSCInlines.h>
 
 namespace WebCore {
@@ -53,4 +54,9 @@ void JSDOMBuiltinConstructorBase::visitChildren(JSC::JSCell* cell, JSC::SlotVisi
     visitor.append(thisObject->m_initializeFunction);
 }
 
+JSC::IsoSubspace* JSDOMBuiltinConstructorBase::subspaceForImpl(JSC::VM& vm)
+{
+    return &static_cast<JSVMClientData*>(vm.clientData)->domBuiltinConstructorSpace();
+}
+
 } // namespace WebCore
index bd240a0..d2228fa 100644 (file)
@@ -27,6 +27,15 @@ class JSDOMBuiltinConstructorBase : public JSDOMConstructorBase {
 public:
     using Base = JSDOMConstructorBase;
 
+    template<typename CellType, JSC::SubspaceAccess>
+    static JSC::IsoSubspace* subspaceFor(JSC::VM& vm)
+    {
+        static_assert(sizeof(CellType) == sizeof(JSDOMBuiltinConstructorBase));
+        STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(CellType, JSDOMBuiltinConstructorBase);
+        static_assert(CellType::destroy == JSC::JSCell::destroy, "JSDOMBuiltinConstructor<JSClass> is not destructible actually");
+        return subspaceForImpl(vm);
+    }
+
 protected:
     JSDOMBuiltinConstructorBase(JSC::Structure* structure, JSDOMGlobalObject& globalObject)
         : JSDOMConstructorBase(structure, globalObject)
@@ -41,6 +50,8 @@ protected:
     static void callFunctionWithCurrentArguments(JSC::JSGlobalObject&, JSC::CallFrame&, JSC::JSObject& thisObject, JSC::JSFunction&);
 
 private:
+    static JSC::IsoSubspace* subspaceForImpl(JSC::VM&);
+
     JSC::WriteBarrier<JSC::JSFunction> m_initializeFunction;
 };
 
index 965636a..393dceb 100644 (file)
@@ -23,7 +23,7 @@
 
 namespace WebCore {
 
-template<typename JSClass> class JSDOMConstructor : public JSDOMConstructorBase {
+template<typename JSClass> class JSDOMConstructor final : public JSDOMConstructorBase {
 public:
     using Base = JSDOMConstructorBase;
 
index 20f4069..40003dd 100644 (file)
@@ -22,6 +22,7 @@
 #include "config.h"
 #include "JSDOMConstructor.h"
 
+#include "WebCoreJSClientData.h"
 #include <JavaScriptCore/JSCInlines.h>
 
 namespace WebCore {
@@ -56,4 +57,9 @@ String JSDOMConstructorBase::toStringName(const JSObject* object, JSC::JSGlobalO
     return info->methodTable.className(object, vm);
 }
 
+JSC::IsoSubspace* JSDOMConstructorBase::subspaceForImpl(JSC::VM& vm)
+{
+    return &static_cast<JSVMClientData*>(vm.clientData)->domConstructorSpace();
+}
+
 } // namespace WebCore
index 8156c08..c528b09 100644 (file)
@@ -29,8 +29,20 @@ public:
     using Base = JSDOMObject;
 
     static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::ImplementsHasInstance | JSC::ImplementsDefaultHasInstance | JSC::OverridesGetCallData;
+    static constexpr bool needsDestruction = false;
     static JSC::Structure* createStructure(JSC::VM&, JSC::JSGlobalObject*, JSC::JSValue);
 
+    template<typename CellType, JSC::SubspaceAccess>
+    static JSC::IsoSubspace* subspaceFor(JSC::VM& vm)
+    {
+        static_assert(sizeof(CellType) == sizeof(JSDOMConstructorBase));
+        STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(CellType, JSDOMConstructorBase);
+        static_assert(CellType::destroy == JSC::JSCell::destroy, "JSDOMConstructor<JSClass> is not destructible actually");
+        return subspaceForImpl(vm);
+    }
+
+    static JSC::IsoSubspace* subspaceForImpl(JSC::VM&);
+
 protected:
     JSDOMConstructorBase(JSC::Structure* structure, JSDOMGlobalObject& globalObject)
         : JSDOMObject(structure, globalObject)
index d44e67b..330c592 100644 (file)
@@ -23,7 +23,7 @@
 
 namespace WebCore {
 
-template<typename JSClass> class JSDOMConstructorNotConstructable : public JSDOMConstructorBase {
+template<typename JSClass> class JSDOMConstructorNotConstructable final : public JSDOMConstructorBase {
 public:
     using Base = JSDOMConstructorBase;
 
index 1186bb9..9003599 100644 (file)
@@ -46,13 +46,14 @@ enum class JSDOMIteratorType { Set, Map };
 template<typename T, typename U = void> using EnableIfMap = typename std::enable_if<T::type == JSDOMIteratorType::Map, U>::type;
 template<typename T, typename U = void> using EnableIfSet = typename std::enable_if<T::type == JSDOMIteratorType::Set, U>::type;
 
-template<typename JSWrapper, typename IteratorTraits> class JSDOMIteratorPrototype : public JSC::JSNonFinalObject {
+template<typename JSWrapper, typename IteratorTraits> class JSDOMIteratorPrototype final : public JSC::JSNonFinalObject {
 public:
     using Base = JSC::JSNonFinalObject;
     using DOMWrapped = typename JSWrapper::DOMWrapped;
 
     static JSDOMIteratorPrototype* create(JSC::VM& vm, JSC::JSGlobalObject* globalObject, JSC::Structure* structure)
     {
+        STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSDOMIteratorPrototype, JSDOMIteratorPrototype::Base);
         JSDOMIteratorPrototype* prototype = new (NotNull, JSC::allocateCell<JSDOMIteratorPrototype>(vm.heap)) JSDOMIteratorPrototype(vm, structure);
         prototype->finishCreation(vm, globalObject);
         return prototype;
index d3c87ab..b03ca1d 100644 (file)
@@ -24,7 +24,7 @@
 namespace WebCore {
 
 // FIMXE: Why can't named constructors be used with workers?
-template<typename JSClass> class JSDOMNamedConstructor : public JSDOMConstructorWithDocument {
+template<typename JSClass> class JSDOMNamedConstructor final : public JSDOMConstructorWithDocument {
 public:
     using Base = JSDOMConstructorWithDocument;
 
index 8c8d251..c14d98c 100644 (file)
@@ -34,6 +34,7 @@
 #include "JSDOMWindowBase.h"
 #include "JSElement.h"
 #include "JSHTMLCollection.h"
+#include "WebCoreJSClientData.h"
 
 namespace WebCore {
 
@@ -108,4 +109,9 @@ bool JSDOMWindowProperties::getOwnPropertySlotByIndex(JSObject* object, JSGlobal
     return getOwnPropertySlot(object, lexicalGlobalObject, Identifier::from(vm, index), slot);
 }
 
+JSC::IsoSubspace* JSDOMWindowProperties::subspaceForImpl(JSC::VM& vm)
+{
+    return &static_cast<JSVMClientData*>(vm.clientData)->domWindowPropertiesSpace();
+}
+
 } // namespace WebCore
index 7c5bf08..ff186eb 100644 (file)
 
 namespace WebCore {
 
-class JSDOMWindowProperties : public JSDOMObject {
+class JSDOMWindowProperties final : public JSDOMObject {
 public:
+    static constexpr bool needsDestruction = false;
+    template<typename CellType, JSC::SubspaceAccess>
+    static JSC::IsoSubspace* subspaceFor(JSC::VM& vm)
+    {
+        static_assert(CellType::destroy == JSC::JSCell::destroy, "JSDOMWindowProperties is not destructible actually");
+        return subspaceForImpl(vm);
+    }
+
     static JSDOMWindowProperties* create(JSC::Structure* structure, JSC::JSGlobalObject& globalObject)
     {
         JSDOMWindowProperties* ptr = new (NotNull, JSC::allocateCell<JSDOMWindowProperties>(globalObject.vm().heap)) JSDOMWindowProperties(structure, globalObject);
@@ -51,11 +59,13 @@ public:
 
     static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::GetOwnPropertySlotIsImpureForPropertyAbsence | JSC::InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | JSC::OverridesGetOwnPropertySlot | JSC::IsImmutablePrototypeExoticObject;
 
-protected:
+private:
     JSDOMWindowProperties(JSC::Structure* structure, JSC::JSGlobalObject& globalObject)
         : JSDOMObject(structure, globalObject)
     {
     }
+
+    static JSC::IsoSubspace* subspaceForImpl(JSC::VM&);
 };
 
 } // namespace WebCore
index db7031a..d91e87b 100644 (file)
@@ -37,6 +37,7 @@
 #include "JSEventTarget.h"
 #include "JSRemoteDOMWindow.h"
 #include "ScriptController.h"
+#include "WebCoreJSClientData.h"
 #include <JavaScriptCore/Debugger.h>
 #include <JavaScriptCore/JSObject.h>
 #include <JavaScriptCore/StrongInlines.h>
@@ -166,4 +167,9 @@ WindowProxy* JSWindowProxy::toWrapped(VM& vm, JSValue value)
     return nullptr;
 }
 
+JSC::IsoSubspace* JSWindowProxy::subspaceForImpl(JSC::VM& vm)
+{
+    return &static_cast<JSVMClientData*>(vm.clientData)->windowProxySpace();
+}
+
 } // namespace WebCore
index 19c1ba7..113dccb 100644 (file)
@@ -45,8 +45,15 @@ class AbstractFrame;
 class JSWindowProxy final : public JSC::JSProxy {
 public:
     using Base = JSC::JSProxy;
+    static constexpr bool needsDestruction = true;
     static void destroy(JSCell*);
 
+    template<typename CellType, JSC::SubspaceAccess>
+    static JSC::IsoSubspace* subspaceFor(JSC::VM& vm)
+    {
+        return subspaceForImpl(vm);
+    }
+
     static JSWindowProxy& create(JSC::VM&, AbstractDOMWindow&, DOMWrapperWorld&);
 
     DECLARE_INFO;
@@ -67,6 +74,7 @@ public:
 private:
     JSWindowProxy(JSC::VM&, JSC::Structure&, DOMWrapperWorld&);
     void finishCreation(JSC::VM&, AbstractDOMWindow&);
+    static JSC::IsoSubspace* subspaceForImpl(JSC::VM&);
 
     Ref<DOMWrapperWorld> m_world;
 };
index 0520e0f..8de78a9 100644 (file)
 
 #include "DOMGCOutputConstraint.h"
 #include "JSDOMBinding.h"
+#include "JSDOMBuiltinConstructorBase.h"
 #include "JSDOMWindow.h"
+#include "JSDOMWindowProperties.h"
 #include "JSDedicatedWorkerGlobalScope.h"
 #include "JSPaintWorkletGlobalScope.h"
 #include "JSRemoteDOMWindow.h"
 #include "JSServiceWorkerGlobalScope.h"
+#include "JSWindowProxy.h"
 #include "JSWorkerGlobalScope.h"
 #include "JSWorkletGlobalScope.h"
 #include <JavaScriptCore/FastMallocAlignedMemoryAllocator.h>
@@ -42,7 +45,9 @@
 #include <JavaScriptCore/MarkingConstraint.h>
 #include <JavaScriptCore/SubspaceInlines.h>
 #include <JavaScriptCore/VM.h>
+#include "runtime_array.h"
 #include "runtime_method.h"
+#include "runtime_object.h"
 #include <wtf/MainThread.h>
 
 namespace WebCore {
@@ -51,6 +56,9 @@ using namespace JSC;
 JSVMClientData::JSVMClientData(VM& vm)
     : m_builtinFunctions(vm)
     , m_builtinNames(vm)
+    , m_runtimeArrayHeapCellType(JSC::IsoHeapCellType::create<RuntimeArray>())
+    , m_runtimeObjectHeapCellType(JSC::IsoHeapCellType::create<JSC::Bindings::RuntimeObject>())
+    , m_windowProxyHeapCellType(JSC::IsoHeapCellType::create<JSWindowProxy>())
     , m_heapCellTypeForJSDOMWindow(JSC::IsoHeapCellType::create<JSDOMWindow>())
     , m_heapCellTypeForJSDedicatedWorkerGlobalScope(JSC::IsoHeapCellType::create<JSDedicatedWorkerGlobalScope>())
     , m_heapCellTypeForJSRemoteDOMWindow(JSC::IsoHeapCellType::create<JSRemoteDOMWindow>())
@@ -62,7 +70,13 @@ JSVMClientData::JSVMClientData(VM& vm)
     , m_heapCellTypeForJSPaintWorkletGlobalScope(JSC::IsoHeapCellType::create<JSPaintWorkletGlobalScope>())
     , m_heapCellTypeForJSWorkletGlobalScope(JSC::IsoHeapCellType::create<JSWorkletGlobalScope>())
 #endif
+    , m_domBuiltinConstructorSpace ISO_SUBSPACE_INIT(vm.heap, vm.cellHeapCellType.get(), JSDOMBuiltinConstructorBase)
+    , m_domConstructorSpace ISO_SUBSPACE_INIT(vm.heap, vm.cellHeapCellType.get(), JSDOMConstructorBase)
+    , m_domWindowPropertiesSpace ISO_SUBSPACE_INIT(vm.heap, vm.cellHeapCellType.get(), JSDOMWindowProperties)
+    , m_runtimeArraySpace ISO_SUBSPACE_INIT(vm.heap, m_runtimeArrayHeapCellType.get(), RuntimeArray)
     , m_runtimeMethodSpace ISO_SUBSPACE_INIT(vm.heap, vm.cellHeapCellType.get(), RuntimeMethod) // Hash:0xf70c4a85
+    , m_runtimeObjectSpace ISO_SUBSPACE_INIT(vm.heap, m_runtimeObjectHeapCellType.get(), JSC::Bindings::RuntimeObject)
+    , m_windowProxySpace ISO_SUBSPACE_INIT(vm.heap, m_windowProxyHeapCellType.get(), JSWindowProxy)
     , m_subspaceForJSDOMWindow ISO_SUBSPACE_INIT(vm.heap, m_heapCellTypeForJSDOMWindow.get(), JSDOMWindow)
     , m_subspaceForJSDedicatedWorkerGlobalScope ISO_SUBSPACE_INIT(vm.heap, m_heapCellTypeForJSDedicatedWorkerGlobalScope.get(), JSDedicatedWorkerGlobalScope)
     , m_subspaceForJSRemoteDOMWindow ISO_SUBSPACE_INIT(vm.heap, m_heapCellTypeForJSRemoteDOMWindow.get(), JSRemoteDOMWindow)
index b5fa7fd..3ed21e4 100644 (file)
@@ -59,7 +59,13 @@ public:
     WebCoreBuiltinNames& builtinNames() { return m_builtinNames; }
     JSBuiltinFunctions& builtinFunctions() { return m_builtinFunctions; }
     
+    JSC::IsoSubspace& domBuiltinConstructorSpace() { return m_domBuiltinConstructorSpace; }
+    JSC::IsoSubspace& domConstructorSpace() { return m_domConstructorSpace; }
+    JSC::IsoSubspace& domWindowPropertiesSpace() { return m_domWindowPropertiesSpace; }
+    JSC::IsoSubspace& runtimeArraySpace() { return m_runtimeArraySpace; }
     JSC::IsoSubspace& runtimeMethodSpace() { return m_runtimeMethodSpace; }
+    JSC::IsoSubspace& runtimeObjectSpace() { return m_runtimeObjectSpace; }
+    JSC::IsoSubspace& windowProxySpace() { return m_windowProxySpace; }
     
     JSC::CompleteSubspace& outputConstraintSpace() { return m_outputConstraintSpace; }
 
@@ -99,6 +105,10 @@ private:
     JSBuiltinFunctions m_builtinFunctions;
     WebCoreBuiltinNames m_builtinNames;
 
+    std::unique_ptr<JSC::HeapCellType> m_runtimeArrayHeapCellType;
+    std::unique_ptr<JSC::HeapCellType> m_runtimeObjectHeapCellType;
+    std::unique_ptr<JSC::HeapCellType> m_windowProxyHeapCellType;
+
     std::unique_ptr<JSC::HeapCellType> m_heapCellTypeForJSDOMWindow;
     std::unique_ptr<JSC::HeapCellType> m_heapCellTypeForJSDedicatedWorkerGlobalScope;
     std::unique_ptr<JSC::HeapCellType> m_heapCellTypeForJSRemoteDOMWindow;
@@ -111,7 +121,13 @@ private:
     std::unique_ptr<JSC::HeapCellType> m_heapCellTypeForJSWorkletGlobalScope;
 #endif
 
+    JSC::IsoSubspace m_domBuiltinConstructorSpace;
+    JSC::IsoSubspace m_domConstructorSpace;
+    JSC::IsoSubspace m_domWindowPropertiesSpace;
+    JSC::IsoSubspace m_runtimeArraySpace;
     JSC::IsoSubspace m_runtimeMethodSpace;
+    JSC::IsoSubspace m_runtimeObjectSpace;
+    JSC::IsoSubspace m_windowProxySpace;
 
     JSC::IsoSubspace m_subspaceForJSDOMWindow;
     JSC::IsoSubspace m_subspaceForJSDedicatedWorkerGlobalScope;
index a0b4a24..11227ec 100644 (file)
@@ -40,9 +40,9 @@ namespace Bindings {
 
 class CInstance;
 
-class CRuntimeObject : public RuntimeObject {
+class CRuntimeObject final : public RuntimeObject {
 public:
-    typedef RuntimeObject Base;
+    using Base = RuntimeObject;
 
     static CRuntimeObject* create(VM& vm, Structure* structure, RefPtr<CInstance>&& instance)
     {
index 106804d..fa76e19 100644 (file)
@@ -110,9 +110,9 @@ bool CInstance::supportsInvokeDefaultMethod() const
     return _object->_class->invokeDefault;
 }
 
-class CRuntimeMethod : public RuntimeMethod {
+class CRuntimeMethod final : public RuntimeMethod {
 public:
-    typedef RuntimeMethod Base;
+    using Base = RuntimeMethod;
 
     static CRuntimeMethod* create(JSGlobalObject* lexicalGlobalObject, JSGlobalObject* globalObject, const String& name, Bindings::Method* method)
     {
@@ -120,7 +120,7 @@ public:
         // FIXME: deprecatedGetDOMStructure uses the prototype off of the wrong global object
         // We need to pass in the right global object for "i".
         Structure* domStructure = WebCore::deprecatedGetDOMStructure<CRuntimeMethod>(lexicalGlobalObject);
-        CRuntimeMethod* runtimeMethod = new (NotNull, allocateCell<CRuntimeMethod>(vm.heap)) CRuntimeMethod(globalObject, domStructure, method);
+        CRuntimeMethod* runtimeMethod = new (NotNull, allocateCell<CRuntimeMethod>(vm.heap)) CRuntimeMethod(vm, domStructure, method);
         runtimeMethod->finishCreation(vm, name);
         return runtimeMethod;
     }
@@ -133,8 +133,8 @@ public:
     DECLARE_INFO;
 
 private:
-    CRuntimeMethod(JSGlobalObject* globalObject, Structure* structure, Bindings::Method* method)
-        : RuntimeMethod(globalObject, structure, method)
+    CRuntimeMethod(VM& vm, Structure* structure, Bindings::Method* method)
+        : RuntimeMethod(vm, structure, method)
     {
     }
 
@@ -143,7 +143,6 @@ private:
         Base::finishCreation(vm, name);
         ASSERT(inherits(vm, info()));
     }
-
 };
 
 const ClassInfo CRuntimeMethod::s_info = { "CRuntimeMethod", &RuntimeMethod::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(CRuntimeMethod) };
index ec647cb..26fce3e 100644 (file)
@@ -33,9 +33,9 @@ namespace Bindings {
 
 class ObjcInstance;
 
-class ObjCRuntimeObject : public RuntimeObject {
+class ObjCRuntimeObject final : public RuntimeObject {
 public:
-    typedef RuntimeObject Base;
+    using Base = RuntimeObject;
 
     static ObjCRuntimeObject* create(VM& vm, Structure* structure, RefPtr<ObjcInstance>&& inst)
     {
index d2700a9..f7ff362 100644 (file)
@@ -163,7 +163,7 @@ bool ObjcInstance::supportsInvokeDefaultMethod() const
     return [_instance.get() respondsToSelector:@selector(invokeDefaultMethodWithArguments:)];
 }
 
-class ObjCRuntimeMethod : public RuntimeMethod {
+class ObjCRuntimeMethod final : public RuntimeMethod {
 public:
     static ObjCRuntimeMethod* create(JSGlobalObject* lexicalGlobalObject, JSGlobalObject* globalObject, const String& name, Bindings::Method* method)
     {
@@ -171,7 +171,7 @@ public:
         // FIXME: deprecatedGetDOMStructure uses the prototype off of the wrong global object
         // We need to pass in the right global object for "i".
         Structure* domStructure = WebCore::deprecatedGetDOMStructure<ObjCRuntimeMethod>(lexicalGlobalObject);
-        ObjCRuntimeMethod* runtimeMethod = new (NotNull, allocateCell<ObjCRuntimeMethod>(vm.heap)) ObjCRuntimeMethod(globalObject, domStructure, method);
+        ObjCRuntimeMethod* runtimeMethod = new (NotNull, allocateCell<ObjCRuntimeMethod>(vm.heap)) ObjCRuntimeMethod(vm, domStructure, method);
         runtimeMethod->finishCreation(vm, name);
         return runtimeMethod;
     }
@@ -184,10 +184,10 @@ public:
     DECLARE_INFO;
 
 private:
-    typedef RuntimeMethod Base;
+    using Base = RuntimeMethod;
 
-    ObjCRuntimeMethod(JSGlobalObject* globalObject, Structure* structure, Bindings::Method* method)
-        : RuntimeMethod(globalObject, structure, method)
+    ObjCRuntimeMethod(VM& vm, Structure* structure, Bindings::Method* method)
+        : Base(vm, structure, method)
     {
     }
 
index b47d6fe..5ed21f1 100644 (file)
@@ -88,10 +88,17 @@ private:
     RetainPtr<ObjectStructPtr> _array;
 };
 
-class ObjcFallbackObjectImp : public JSDestructibleObject {
+class ObjcFallbackObjectImp final : public JSDestructibleObject {
 public:
-    typedef JSDestructibleObject Base;
+    using Base = JSDestructibleObject;
     static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetCallData;
+    static constexpr bool needsDestruction = true;
+
+    template<typename CellType, JSC::SubspaceAccess>
+    static IsoSubspace* subspaceFor(JSC::VM& vm)
+    {
+        return subspaceForImpl(vm);
+    }
 
     static ObjcFallbackObjectImp* create(JSGlobalObject* exec, JSGlobalObject* globalObject, ObjcInstance* instance, const String& propertyName)
     {
@@ -131,6 +138,8 @@ private:
 
     bool toBoolean(JSGlobalObject*) const; // FIXME: Currently this is broken because none of the superclasses are marked virtual. We need to solve this in the longer term.
 
+    static IsoSubspace* subspaceForImpl(VM&);
+
     RefPtr<ObjcInstance> _instance;
     String m_item;
 };
index 86f4867..19ed19c 100644 (file)
@@ -34,6 +34,8 @@
 #import "runtime_array.h"
 #import "runtime_object.h"
 #import <JavaScriptCore/Error.h>
+#import <JavaScriptCore/IsoSubspacePerVM.h>
+#import <JavaScriptCore/JSDestructibleObjectHeapCellType.h>
 #import <JavaScriptCore/JSGlobalObject.h>
 #import <JavaScriptCore/JSLock.h>
 #import <wtf/RetainPtr.h>
@@ -310,5 +312,11 @@ bool ObjcFallbackObjectImp::toBoolean(JSGlobalObject*) const
     return false;
 }
 
+JSC::IsoSubspace* ObjcFallbackObjectImp::subspaceForImpl(JSC::VM& vm)
+{
+    static NeverDestroyed<JSC::IsoSubspacePerVM> perVM([] (JSC::VM& vm) { return ISO_SUBSPACE_PARAMETERS(vm.destructibleObjectHeapCellType.get(), ObjcFallbackObjectImp); });
+    return &perVM.get().forVM(vm);
+}
+
 }
 }
index 07179d0..4d297c7 100644 (file)
@@ -27,6 +27,7 @@
 #include "runtime_array.h"
 
 #include "JSDOMBinding.h"
+#include "WebCoreJSClientData.h"
 #include <JavaScriptCore/ArrayPrototype.h>
 #include <JavaScriptCore/Error.h>
 #include <JavaScriptCore/JSGlobalObjectInlines.h>
@@ -38,9 +39,9 @@ namespace JSC {
 
 const ClassInfo RuntimeArray::s_info = { "RuntimeArray", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(RuntimeArray) };
 
-RuntimeArray::RuntimeArray(JSGlobalObject* lexicalGlobalObject, Structure* structure)
-    : JSArray(lexicalGlobalObject->vm(), structure, 0)
-    , m_array(0)
+RuntimeArray::RuntimeArray(VM& vm, Structure* structure)
+    : JSArray(vm, structure, nullptr)
+    , m_array(nullptr)
 {
 }
 
@@ -158,4 +159,9 @@ bool RuntimeArray::deletePropertyByIndex(JSCell*, JSGlobalObject*, unsigned)
     return false;
 }
 
+JSC::IsoSubspace* RuntimeArray::subspaceForImpl(JSC::VM& vm)
+{
+    return &static_cast<JSVMClientData*>(vm.clientData)->runtimeArraySpace();
+}
+
 }
index aae5aa4..fcf5e33 100644 (file)
 
 namespace JSC {
     
-class RuntimeArray : public JSArray {
+class RuntimeArray final : public JSArray {
 public:
-    typedef JSArray Base;
+    using Base = JSArray;
     static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | OverridesGetPropertyNames;
+    static constexpr bool needsDestruction = true;
+
+    template<typename CellType, JSC::SubspaceAccess>
+    static JSC::IsoSubspace* subspaceFor(JSC::VM& vm)
+    {
+        return subspaceForImpl(vm);
+    }
 
     static RuntimeArray* create(JSGlobalObject* lexicalGlobalObject, Bindings::Array* array)
     {
@@ -43,16 +50,14 @@ public:
         // FIXME: deprecatedGetDOMStructure uses the prototype off of the wrong global object
         // We need to pass in the right global object for "array".
         Structure* domStructure = WebCore::deprecatedGetDOMStructure<RuntimeArray>(lexicalGlobalObject);
-        RuntimeArray* runtimeArray = new (NotNull, allocateCell<RuntimeArray>(vm.heap)) RuntimeArray(lexicalGlobalObject, domStructure);
+        RuntimeArray* runtimeArray = new (NotNull, allocateCell<RuntimeArray>(vm.heap)) RuntimeArray(vm, domStructure);
         runtimeArray->finishCreation(vm, array);
-        lexicalGlobalObject->vm().heap.addFinalizer(runtimeArray, destroy);
         return runtimeArray;
     }
 
     typedef Bindings::Array BindingsArray;
     ~RuntimeArray();
     static void destroy(JSCell*);
-    static const bool needsDestruction = false;
 
     static void getOwnPropertyNames(JSObject*, JSGlobalObject*, PropertyNameArray&, EnumerationMode);
     static bool getOwnPropertySlot(JSObject*, JSGlobalObject*, PropertyName, PropertySlot&);
@@ -83,8 +88,9 @@ protected:
     void finishCreation(VM&, Bindings::Array*);
 
 private:
-    RuntimeArray(JSGlobalObject*, Structure*);
+    RuntimeArray(VM&, Structure*);
     static EncodedJSValue lengthGetter(JSGlobalObject*, EncodedJSValue, PropertyName);
+    static JSC::IsoSubspace* subspaceForImpl(JSC::VM&);
 
     BindingsArray* m_array;
 };
index f199e0f..f5efb3a 100644 (file)
@@ -45,9 +45,9 @@ WEBCORE_EXPORT const ClassInfo RuntimeMethod::s_info = { "RuntimeMethod", &Inter
 
 static EncodedJSValue JSC_HOST_CALL callRuntimeMethod(JSGlobalObject*, CallFrame*);
 
-RuntimeMethod::RuntimeMethod(JSGlobalObject* globalObject, Structure* structure, Method* method)
+RuntimeMethod::RuntimeMethod(VM& vm, Structure* structure, Method* method)
     // Callers will need to pass in the right global object corresponding to this native object "method".
-    : InternalFunction(globalObject->vm(), structure, callRuntimeMethod, nullptr)
+    : InternalFunction(vm, structure, callRuntimeMethod, nullptr)
     , m_method(method)
 {
 }
index 053243e..6dc3668 100644 (file)
@@ -34,20 +34,21 @@ namespace JSC {
 
 class WEBCORE_EXPORT RuntimeMethod : public InternalFunction {
 public:
-    typedef InternalFunction Base;
+    using Base = InternalFunction;
     static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetCallData;
 
     template<typename CellType, JSC::SubspaceAccess>
     static IsoSubspace* subspaceFor(JSC::VM& vm)
     {
         static_assert(sizeof(CellType) == sizeof(RuntimeMethod), "RuntimeMethod subclasses that add fields need to override subspaceFor<>()");
+        static_assert(CellType::destroy == JSC::JSCell::destroy);
         return subspaceForImpl(vm);
     }
     
     static RuntimeMethod* create(JSGlobalObject*, JSGlobalObject* globalObject, Structure* structure, const String& name, Bindings::Method* method)
     {
         VM& vm = globalObject->vm();
-        RuntimeMethod* runtimeMethod = new (NotNull, allocateCell<RuntimeMethod>(vm.heap)) RuntimeMethod(globalObject, structure, method);
+        RuntimeMethod* runtimeMethod = new (NotNull, allocateCell<RuntimeMethod>(vm.heap)) RuntimeMethod(vm, structure, method);
         runtimeMethod->finishCreation(vm, name);
         return runtimeMethod;
     }
@@ -67,7 +68,7 @@ public:
     }
 
 protected:
-    RuntimeMethod(JSGlobalObject*, Structure*, Bindings::Method*);
+    RuntimeMethod(VM&, Structure*, Bindings::Method*);
     void finishCreation(VM&, const String&);
 
     static bool getOwnPropertySlot(JSObject*, JSGlobalObject*, PropertyName, PropertySlot&);
index 8a0ab43..a036b66 100644 (file)
@@ -27,6 +27,7 @@
 #include "runtime_object.h"
 
 #include "JSDOMBinding.h"
+#include "WebCoreJSClientData.h"
 #include "runtime_method.h"
 #include <JavaScriptCore/Error.h>
 
@@ -38,7 +39,7 @@ namespace Bindings {
 WEBCORE_EXPORT const ClassInfo RuntimeObject::s_info = { "RuntimeObject", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(RuntimeObject) };
 
 RuntimeObject::RuntimeObject(VM& vm, Structure* structure, RefPtr<Instance>&& instance)
-    : JSDestructibleObject(vm, structure)
+    : Base(vm, structure)
     , m_instance(WTFMove(instance))
 {
 }
@@ -297,5 +298,10 @@ Exception* RuntimeObject::throwInvalidAccessError(JSGlobalObject* lexicalGlobalO
     return throwException(lexicalGlobalObject, scope, createReferenceError(lexicalGlobalObject, "Trying to access object from destroyed plug-in."));
 }
 
+JSC::IsoSubspace* RuntimeObject::subspaceForImpl(JSC::VM& vm)
+{
+    return &static_cast<JSVMClientData*>(vm.clientData)->runtimeObjectSpace();
+}
+
 }
 }
index 552ce30..6cbf7bf 100644 (file)
 namespace JSC {
 namespace Bindings {
 
-class WEBCORE_EXPORT RuntimeObject : public JSDestructibleObject {
+class WEBCORE_EXPORT RuntimeObject : public JSNonFinalObject {
 public:
-    typedef JSDestructibleObject Base;
+    using Base = JSNonFinalObject;
     static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames | OverridesGetCallData;
+    static constexpr bool needsDestruction = true;
+
+    template<typename CellType, JSC::SubspaceAccess>
+    static IsoSubspace* subspaceFor(JSC::VM& vm)
+    {
+        static_assert(sizeof(CellType) == sizeof(RuntimeObject), "RuntimeObject subclasses that add fields need to override subspaceFor<>()");
+        static_assert(CellType::destroy == RuntimeObject::destroy);
+        return subspaceForImpl(vm);
+    }
 
     static RuntimeObject* create(VM& vm, Structure* structure, RefPtr<Instance>&& instance)
     {
@@ -82,6 +91,8 @@ private:
     static EncodedJSValue fieldGetter(JSGlobalObject*, EncodedJSValue, PropertyName);
     static EncodedJSValue methodGetter(JSGlobalObject*, EncodedJSValue, PropertyName);
 
+    static IsoSubspace* subspaceForImpl(VM&);
+
     RefPtr<Instance> m_instance;
 };
     
index 8aac218..d2ea158 100644 (file)
@@ -1,3 +1,13 @@
+2020-01-03  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        Put more WebCore/WebKit JS objects into IsoSubspace
+        https://bugs.webkit.org/show_bug.cgi?id=205711
+
+        Reviewed by Keith Miller.
+
+        * WebProcess/Plugins/Netscape/JSNPMethod.h:
+        * WebProcess/Plugins/Netscape/JSNPObject.h:
+
 2020-01-03  Simon Fraser  <simon.fraser@apple.com>
 
         Add some shared schemes to the WebKit.xcworkspace
index 559fa77..1130604 100644 (file)
@@ -39,7 +39,7 @@ namespace WebKit {
 // A JSObject that wraps an NPMethod.
 class JSNPMethod final : public JSC::InternalFunction {
 public:
-    typedef JSC::InternalFunction Base;
+    using Base = JSC::InternalFunction;
 
     template<typename CellType, JSC::SubspaceAccess>
     static JSC::IsoSubspace* subspaceFor(JSC::VM& vm)
index 3fac0d1..8558894 100644 (file)
@@ -43,7 +43,7 @@ class NPRuntimeObjectMap;
 
 class JSNPObject final : public JSC::JSDestructibleObject {
 public:
-    typedef JSC::JSDestructibleObject Base;
+    using Base = JSC::JSDestructibleObject;
     static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::OverridesGetCallData;
 
     template<typename CellType, JSC::SubspaceAccess>
index 1927510..45e0d19 100644 (file)
@@ -1,3 +1,20 @@
+2020-01-03  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        Put more WebCore/WebKit JS objects into IsoSubspace
+        https://bugs.webkit.org/show_bug.cgi?id=205711
+
+        Reviewed by Keith Miller.
+
+        * Plugins/Hosted/ProxyInstance.mm:
+        (WebKit::ProxyInstance::getMethod):
+        (WebKit::ProxyRuntimeMethod::create): Deleted.
+        (WebKit::ProxyRuntimeMethod::createStructure): Deleted.
+        (WebKit::ProxyRuntimeMethod::ProxyRuntimeMethod): Deleted.
+        (WebKit::ProxyRuntimeMethod::finishCreation): Deleted.
+        * Plugins/Hosted/ProxyRuntimeObject.h:
+        (WebKit::ProxyRuntimeObject::create): Deleted.
+        (WebKit::ProxyRuntimeObject::createStructure): Deleted.
+
 2020-01-03  Chris Dumez  <cdumez@apple.com>
 
         Align XPathEvaluator.createNSResolver() / XPathResult.snapshotItem() with the specification
index 49a348f..295ddbe 100644 (file)
@@ -176,9 +176,9 @@ JSValue ProxyInstance::invoke(JSC::JSGlobalObject* lexicalGlobalObject, JSC::Cal
     return m_instanceProxy->demarshalValue(lexicalGlobalObject, reinterpret_cast<char*>(const_cast<unsigned char*>(CFDataGetBytePtr(reply->m_result.get()))), CFDataGetLength(reply->m_result.get()));
 }
 
-class ProxyRuntimeMethod : public RuntimeMethod {
+class ProxyRuntimeMethod final : public RuntimeMethod {
 public:
-    typedef RuntimeMethod Base;
+    using Base = RuntimeMethod;
 
     static ProxyRuntimeMethod* create(JSGlobalObject* lexicalGlobalObject, JSGlobalObject* globalObject, const String& name, Bindings::Method* method)
     {
@@ -186,7 +186,7 @@ public:
         // FIXME: deprecatedGetDOMStructure uses the prototype off of the wrong global object
         // lexicalGlobalObject-vm() is also likely wrong.
         Structure* domStructure = deprecatedGetDOMStructure<ProxyRuntimeMethod>(lexicalGlobalObject);
-        ProxyRuntimeMethod* runtimeMethod = new (allocateCell<ProxyRuntimeMethod>(vm.heap)) ProxyRuntimeMethod(globalObject, domStructure, method);
+        ProxyRuntimeMethod* runtimeMethod = new (allocateCell<ProxyRuntimeMethod>(vm.heap)) ProxyRuntimeMethod(vm, domStructure, method);
         runtimeMethod->finishCreation(vm, name);
         return runtimeMethod;
     }
@@ -199,8 +199,8 @@ public:
     DECLARE_INFO;
 
 private:
-    ProxyRuntimeMethod(JSGlobalObject* globalObject, Structure* structure, Bindings::Method* method)
-        : RuntimeMethod(globalObject, structure, method)
+    ProxyRuntimeMethod(VM& vm, Structure* structure, Bindings::Method* method)
+        : RuntimeMethod(vm, structure, method)
     {
     }
 
index 6dd0885..bdcc859 100644 (file)
@@ -35,9 +35,9 @@ namespace WebKit {
 
 class ProxyInstance;
 
-class ProxyRuntimeObject : public JSC::Bindings::RuntimeObject {
+class ProxyRuntimeObject final : public JSC::Bindings::RuntimeObject {
 public:
-    typedef JSC::Bindings::RuntimeObject Base;
+    using Base = JSC::Bindings::RuntimeObject;
 
     static ProxyRuntimeObject* create(JSC::VM& vm, JSC::Structure* structure, Ref<ProxyInstance>&& instance)
     {