The DOM should have an advancing wavefront opaque root barrier
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 11 Dec 2016 18:19:22 +0000 (18:19 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 11 Dec 2016 18:19:22 +0000 (18:19 +0000)
https://bugs.webkit.org/show_bug.cgi?id=165712

Reviewed by Yusuke Suzuki.
Source/JavaScriptCore:

This exposes the ability to fire an advancing wavefront barrier on opaque roots. It also
gives clients the ability to maintain their own cache of whether that barrier needs to
be enabled.

The DOM uses this to enable a very cheap barrier on the DOM. This is neutral on
Speedometer and fixes another concurrent GC crash.

* heap/Heap.cpp:
(JSC::Heap::beginMarking):
(JSC::Heap::endMarking):
(JSC::Heap::writeBarrierOpaqueRootSlow):
(JSC::Heap::addMutatorShouldBeFencedCache):
(JSC::Heap::setMutatorShouldBeFenced):
* heap/Heap.h:
* heap/HeapInlines.h:
(JSC::writeBarrierOpaqueRoot):

Source/WebCore:

No new tests because this was covered by crashing tests.

Consider these two cases:

   Removal:
   1) DOM at start: D->X->Y
   2) Mark X, X->visitChildren, addOpaqueRoot(D)
   3) remove X
   4) Y thinks it's not reachable (its opaque root, X, is not in the set).

   Insertion:
   1) DOM at start: D, X->Y
   2) Mark X, X->visitChildren, addOpaqueRoot(X)
   3) insert X into D
   4) Y thinks it's not reachable (its opaque root, D, is not in the set).

We can fix this with two barriers:

   Removal: add X (the removed child) to the opaque root set.
   Insertion: add D (the insertion point) to the opaque root set.

Thanks Rysosuke for coming up with this idea!

Both barriers advance the wavefront. We could consider retreating wavefront barriers in
the future (where we cause visitChildren to be called again on wrappers that belonged to
roots that got affected by insertion/removal) but those would probably require more
bookkeeping.

To make this barrier very fast, the WebCore caches the JSC VM's barrier state in
its own global variable for very fast access. This variable will be false most of the
time. It's false when there is no VM, so triggering the barrier won't cause the VM to be
created. It's only true when GC is running, which is rare by design.

To make that caching more sensible, I finally gave WebCore a central header for
the common VM (CommonVM.h).

* CMakeLists.txt:
* Modules/mediastream/SDPProcessor.cpp:
(WebCore::SDPProcessor::callScript):
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/CommonVM.cpp: Added.
(WebCore::commonVMSlow):
(WebCore::writeBarrierOpaqueRootSlow):
* bindings/js/CommonVM.h: Added.
(WebCore::commonVM):
(WebCore::writeBarrierOpaqueRoot):
* bindings/js/DOMWrapperWorld.cpp:
(WebCore::mainThreadNormalWorld):
* bindings/js/GCController.cpp:
(WebCore::collect):
(WebCore::GCController::garbageCollectSoon):
(WebCore::GCController::garbageCollectNow):
(WebCore::GCController::garbageCollectNowIfNotDoneRecently):
(WebCore::GCController::setJavaScriptGarbageCollectorTimerEnabled):
(WebCore::GCController::deleteAllCode):
(WebCore::GCController::deleteAllLinkedCode):
* bindings/js/JSCustomXPathNSResolver.cpp:
(WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
* bindings/js/JSDOMBinding.cpp:
(WebCore::addImpureProperty):
* bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::fireFrameClearedWatchpointsForWindow):
(WebCore::JSDOMWindowBase::commonVM): Deleted.
* bindings/js/JSDOMWindowBase.h:
* bindings/js/JSDOMWindowShell.cpp:
(WebCore::JSDOMWindowShell::setWindow):
* bindings/js/JSNodeCustom.h:
(WebCore::root):
* bindings/js/ScriptCachedFrameData.cpp:
(WebCore::ScriptCachedFrameData::ScriptCachedFrameData):
(WebCore::ScriptCachedFrameData::restore):
(WebCore::ScriptCachedFrameData::clear):
* bindings/js/ScriptController.cpp:
(WebCore::ScriptController::~ScriptController):
(WebCore::ScriptController::createWorld):
(WebCore::ScriptController::getAllWorlds):
(WebCore::ScriptController::clearWindowShell):
(WebCore::ScriptController::cacheableBindingRootObject):
(WebCore::ScriptController::bindingRootObject):
(WebCore::ScriptController::windowScriptNPObject):
(WebCore::ScriptController::jsObjectForPluginElement):
(WebCore::ScriptController::clearScriptObjects):
* dom/CollectionIndexCache.cpp:
(WebCore::reportExtraMemoryAllocatedForCollectionIndexCache):
* dom/ContainerNode.cpp:
* dom/ContainerNodeAlgorithms.cpp:
(WebCore::notifyChildNodeInserted):
(WebCore::notifyChildNodeRemoved):
* dom/Document.cpp:
(WebCore::Document::shouldBypassMainWorldContentSecurityPolicy):
* dom/Node.h:
(WebCore::Node::opaqueRoot):
* dom/ScriptExecutionContext.cpp:
(WebCore::ScriptExecutionContext::vm):
* html/HTMLImageLoader.cpp:
(WebCore::HTMLImageLoader::notifyFinished):
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::pauseAfterDetachedTask):
(WebCore::HTMLMediaElement::ensureIsolatedWorld):
* html/HTMLPlugInImageElement.cpp:
(WebCore::plugInImageElementIsolatedWorld):
* inspector/InspectorController.cpp:
(WebCore::InspectorController::vm):
* inspector/PageScriptDebugServer.cpp:
(WebCore::PageScriptDebugServer::PageScriptDebugServer):
* page/PerformanceLogging.cpp:
(WebCore::PerformanceLogging::memoryUsageStatistics):
(WebCore::PerformanceLogging::javaScriptObjectCounts):
* page/ResourceUsageThread.cpp:
(WebCore::ResourceUsageThread::createThreadIfNeeded):
* svg/graphics/SVGImage.cpp:
(WebCore::SVGImage::reportApproximateMemoryCost):
* testing/MemoryInfo.h:
(WebCore::MemoryInfo::MemoryInfo):

Source/WebKit/mac:

Propagate the JSDOMWindowBase::commonVM() -> commonVM() change.

* Misc/WebCoreStatistics.mm:
(+[WebCoreStatistics javaScriptObjectsCount]):
(+[WebCoreStatistics javaScriptGlobalObjectsCount]):
(+[WebCoreStatistics javaScriptProtectedObjectsCount]):
(+[WebCoreStatistics javaScriptProtectedGlobalObjectsCount]):
(+[WebCoreStatistics javaScriptProtectedObjectTypeCounts]):
(+[WebCoreStatistics javaScriptObjectTypeCounts]):
(+[WebCoreStatistics shouldPrintExceptions]):
(+[WebCoreStatistics setShouldPrintExceptions:]):
(+[WebCoreStatistics memoryStatistics]):
(+[WebCoreStatistics javaScriptReferencedObjectsCount]):
* Plugins/Hosted/NetscapePluginHostProxy.mm:
(identifierFromIdentifierRep):
* Plugins/Hosted/ProxyInstance.mm:
(WebKit::ProxyInstance::getPropertyNames):
* Plugins/WebNetscapePluginStream.mm:
(WebNetscapePluginStream::wantsAllStreams):
* Plugins/WebNetscapePluginView.mm:
(-[WebNetscapePluginView sendEvent:isDrawRect:]):
(-[WebNetscapePluginView privateBrowsingModeDidChange]):
(-[WebNetscapePluginView setWindowIfNecessary]):
(-[WebNetscapePluginView createPluginScriptableObject]):
(-[WebNetscapePluginView getFormValue:]):
(-[WebNetscapePluginView evaluateJavaScriptPluginRequest:]):
(-[WebNetscapePluginView webFrame:didFinishLoadWithReason:]):
(-[WebNetscapePluginView loadPluginRequest:]):
(-[WebNetscapePluginView _printedPluginBitmap]):
* Plugins/WebPluginController.mm:
(-[WebPluginController plugInViewWithArguments:fromPluginPackage:]):
(-[WebPluginController stopOnePlugin:]):
(-[WebPluginController stopOnePluginForPageCache:]):
(-[WebPluginController destroyOnePlugin:]):
(-[WebPluginController startAllPlugins]):
(-[WebPluginController addPlugin:]):

Source/WebKit/win:

Propagate the JSDOMWindowBase::commonVM() -> commonVM() change.

* Plugins/PluginView.cpp:
(WebCore::PluginView::start):
(WebCore::PluginView::stop):
(WebCore::PluginView::performRequest):
(WebCore::PluginView::npObject):
(WebCore::PluginView::privateBrowsingStateChanged):
* Plugins/PluginViewWin.cpp:
(WebCore::PluginView::dispatchNPEvent):
(WebCore::PluginView::handleKeyboardEvent):
(WebCore::PluginView::handleMouseEvent):
(WebCore::PluginView::setNPWindowRect):
* WebCoreStatistics.cpp:
(WebCoreStatistics::javaScriptObjectsCount):
(WebCoreStatistics::javaScriptGlobalObjectsCount):
(WebCoreStatistics::javaScriptProtectedObjectsCount):
(WebCoreStatistics::javaScriptProtectedGlobalObjectsCount):
(WebCoreStatistics::javaScriptProtectedObjectTypeCounts):
(WebCoreStatistics::javaScriptObjectTypeCounts):
(WebCoreStatistics::shouldPrintExceptions):
(WebCoreStatistics::setShouldPrintExceptions):
(WebCoreStatistics::memoryStatistics):
* WebJavaScriptCollector.cpp:
(WebJavaScriptCollector::objectCount):

Source/WebKit2:

Propagate the JSDOMWindowBase::commonVM() -> commonVM() change.

* Shared/linux/WebMemorySamplerLinux.cpp:
(WebKit::WebMemorySampler::sampleWebKit):
* Shared/mac/WebMemorySampler.mac.mm:
(WebKit::WebMemorySampler::sampleWebKit):
* WebProcess/InjectedBundle/InjectedBundle.cpp:
(WebKit::InjectedBundle::javaScriptObjectsCount):
* WebProcess/Plugins/Netscape/JSNPObject.cpp:
(WebKit::JSNPObject::callMethod):
(WebKit::JSNPObject::callObject):
(WebKit::JSNPObject::callConstructor):
(WebKit::JSNPObject::put):
(WebKit::JSNPObject::deleteProperty):
(WebKit::JSNPObject::getOwnPropertyNames):
(WebKit::JSNPObject::propertyGetter):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::runJavaScriptInMainFrame):
(WebKit::WebPage::getBytecodeProfile):
(WebKit::WebPage::getSamplingProfilerOutput):
* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::getWebCoreStatistics):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@209683 268f45cc-cd09-0410-ab3c-d52691b4dbfc

60 files changed:
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/heap/Heap.cpp
Source/JavaScriptCore/heap/Heap.h
Source/JavaScriptCore/heap/HeapInlines.h
Source/WebCore/CMakeLists.txt
Source/WebCore/ChangeLog
Source/WebCore/Modules/mediastream/SDPProcessor.cpp
Source/WebCore/Modules/plugins/QuickTimePluginReplacement.mm
Source/WebCore/WebCore.xcodeproj/project.pbxproj
Source/WebCore/bindings/js/CommonVM.cpp [new file with mode: 0644]
Source/WebCore/bindings/js/CommonVM.h [new file with mode: 0644]
Source/WebCore/bindings/js/DOMWrapperWorld.cpp
Source/WebCore/bindings/js/GCController.cpp
Source/WebCore/bindings/js/JSCustomXPathNSResolver.cpp
Source/WebCore/bindings/js/JSDOMBinding.cpp
Source/WebCore/bindings/js/JSDOMWindowBase.cpp
Source/WebCore/bindings/js/JSDOMWindowBase.h
Source/WebCore/bindings/js/JSDOMWindowShell.cpp
Source/WebCore/bindings/js/JSNodeCustom.h
Source/WebCore/bindings/js/ScriptCachedFrameData.cpp
Source/WebCore/bindings/js/ScriptController.cpp
Source/WebCore/bindings/js/ScriptControllerMac.mm
Source/WebCore/dom/CollectionIndexCache.cpp
Source/WebCore/dom/ContainerNode.cpp
Source/WebCore/dom/ContainerNodeAlgorithms.cpp
Source/WebCore/dom/Document.cpp
Source/WebCore/dom/Node.cpp
Source/WebCore/dom/Node.h
Source/WebCore/dom/ScriptExecutionContext.cpp
Source/WebCore/html/HTMLImageLoader.cpp
Source/WebCore/html/HTMLMediaElement.cpp
Source/WebCore/html/HTMLPlugInImageElement.cpp
Source/WebCore/inspector/InspectorController.cpp
Source/WebCore/inspector/PageScriptDebugServer.cpp
Source/WebCore/page/PerformanceLogging.cpp
Source/WebCore/page/ResourceUsageThread.cpp
Source/WebCore/page/cocoa/ResourceUsageOverlayCocoa.mm
Source/WebCore/page/ios/FrameIOS.mm
Source/WebCore/platform/ios/wak/WebCoreThread.mm
Source/WebCore/svg/graphics/SVGImage.cpp
Source/WebCore/testing/MemoryInfo.h
Source/WebKit/mac/ChangeLog
Source/WebKit/mac/Misc/WebCoreStatistics.mm
Source/WebKit/mac/Plugins/Hosted/NetscapePluginHostProxy.mm
Source/WebKit/mac/Plugins/Hosted/ProxyInstance.mm
Source/WebKit/mac/Plugins/WebNetscapePluginStream.mm
Source/WebKit/mac/Plugins/WebNetscapePluginView.mm
Source/WebKit/mac/Plugins/WebPluginController.mm
Source/WebKit/win/ChangeLog
Source/WebKit/win/Plugins/PluginView.cpp
Source/WebKit/win/Plugins/PluginViewWin.cpp
Source/WebKit/win/WebCoreStatistics.cpp
Source/WebKit/win/WebJavaScriptCollector.cpp
Source/WebKit2/ChangeLog
Source/WebKit2/Shared/linux/WebMemorySamplerLinux.cpp
Source/WebKit2/Shared/mac/WebMemorySampler.mac.mm
Source/WebKit2/WebProcess/InjectedBundle/InjectedBundle.cpp
Source/WebKit2/WebProcess/Plugins/Netscape/JSNPObject.cpp
Source/WebKit2/WebProcess/WebPage/WebPage.cpp
Source/WebKit2/WebProcess/WebProcess.cpp

index d1ad040..a786d3e 100644 (file)
@@ -1,3 +1,27 @@
+2016-12-10  Filip Pizlo  <fpizlo@apple.com>
+
+        The DOM should have an advancing wavefront opaque root barrier
+        https://bugs.webkit.org/show_bug.cgi?id=165712
+
+        Reviewed by Yusuke Suzuki.
+        
+        This exposes the ability to fire an advancing wavefront barrier on opaque roots. It also
+        gives clients the ability to maintain their own cache of whether that barrier needs to
+        be enabled.
+        
+        The DOM uses this to enable a very cheap barrier on the DOM. This is neutral on
+        Speedometer and fixes another concurrent GC crash.
+
+        * heap/Heap.cpp:
+        (JSC::Heap::beginMarking):
+        (JSC::Heap::endMarking):
+        (JSC::Heap::writeBarrierOpaqueRootSlow):
+        (JSC::Heap::addMutatorShouldBeFencedCache):
+        (JSC::Heap::setMutatorShouldBeFenced):
+        * heap/Heap.h:
+        * heap/HeapInlines.h:
+        (JSC::writeBarrierOpaqueRoot):
+
 2016-12-10  Commit Queue  <commit-queue@webkit.org>
 
         Unreviewed, rolling out r209653, r209654, r209663, and
index f9f2021..c35a18f 100644 (file)
@@ -815,8 +815,7 @@ void Heap::beginMarking()
         m_codeBlocks->clearMarksForFullCollection();
     m_jitStubRoutines->clearMarks();
     m_objectSpace.beginMarking();
-    m_mutatorShouldBeFenced = true;
-    m_barrierThreshold = tautologicalThreshold;
+    setMutatorShouldBeFenced(true);
     m_barriersExecuted = 0;
 }
 
@@ -943,8 +942,7 @@ void Heap::endMarking()
     m_weakReferenceHarvesters.removeAll();
     
     m_objectSpace.endMarking();
-    m_mutatorShouldBeFenced = Options::forceFencedBarrier();
-    m_barrierThreshold = Options::forceFencedBarrier() ? tautologicalThreshold : blackThreshold;
+    setMutatorShouldBeFenced(Options::forceFencedBarrier());
 }
 
 size_t Heap::objectCount()
@@ -2313,4 +2311,27 @@ void Heap::forEachSlotVisitor(const Func& func)
         func(*slotVisitor);
 }
 
+void Heap::writeBarrierOpaqueRootSlow(void* root)
+{
+    ASSERT(mutatorShouldBeFenced());
+    
+    auto locker = holdLock(m_opaqueRootsMutex);
+    m_opaqueRoots.add(root);
+}
+
+void Heap::addMutatorShouldBeFencedCache(bool& cache)
+{
+    ASSERT(hasHeapAccess());
+    cache = m_mutatorShouldBeFenced;
+    m_mutatorShouldBeFencedCaches.append(&cache);
+}
+
+void Heap::setMutatorShouldBeFenced(bool value)
+{
+    m_mutatorShouldBeFenced = value;
+    m_barrierThreshold = value ? tautologicalThreshold : blackThreshold;
+    for (bool* cache : m_mutatorShouldBeFencedCaches)
+        *cache = value;
+}
+    
 } // namespace JSC
index 4ddfee3..e0624ff 100644 (file)
@@ -125,6 +125,8 @@ public:
 
     WriteBarrierBuffer& writeBarrierBuffer() { return m_writeBarrierBuffer; }
     void flushWriteBarrierBuffer(JSCell*);
+    
+    void writeBarrierOpaqueRoot(void*);
 
     Heap(VM*, HeapType);
     ~Heap();
@@ -349,6 +351,8 @@ public:
     void preventCollection();
     void allowCollection();
     
+    JS_EXPORT_PRIVATE void addMutatorShouldBeFencedCache(bool&);
+    
 #if USE(CF)
     CFRunLoopRef runLoop() const { return m_runLoop.get(); }
     JS_EXPORT_PRIVATE void setRunLoop(CFRunLoopRef);
@@ -490,6 +494,10 @@ private:
     size_t threadBytesVisited();
     
     void forEachCodeBlockImpl(const ScopedLambda<bool(CodeBlock*)>&);
+    
+    JS_EXPORT_PRIVATE void writeBarrierOpaqueRootSlow(void*);
+    
+    void setMutatorShouldBeFenced(bool value);
 
     const HeapType m_heapType;
     const size_t m_ramSize;
@@ -549,6 +557,7 @@ private:
     WriteBarrierBuffer m_writeBarrierBuffer;
     bool m_mutatorShouldBeFenced { Options::forceFencedBarrier() };
     unsigned m_barrierThreshold { Options::forceFencedBarrier() ? tautologicalThreshold : blackThreshold };
+    Vector<bool*> m_mutatorShouldBeFencedCaches;
 
     VM* m_vm;
     double m_lastFullGCLength;
index 430a90e..55589ff 100644 (file)
@@ -370,4 +370,10 @@ inline void Heap::stopIfNecessary()
     stopIfNecessarySlow();
 }
 
+inline void Heap::writeBarrierOpaqueRoot(void* root)
+{
+    if (mutatorShouldBeFenced())
+        writeBarrierOpaqueRootSlow(root);
+}
+
 } // namespace JSC
index 0a07e9a..34381f2 100644 (file)
@@ -1075,6 +1075,7 @@ set(WebCore_SOURCES
     bindings/js/CachedModuleScript.cpp
     bindings/js/CachedModuleScriptLoader.cpp
     bindings/js/CallbackFunction.cpp
+    bindings/js/CommonVM.cpp
     bindings/js/DOMWrapperWorld.cpp
     bindings/js/Dictionary.cpp
     bindings/js/GCController.cpp
index c6a4b3d..3c8066a 100644 (file)
@@ -1,3 +1,125 @@
+2016-12-09  Filip Pizlo  <fpizlo@apple.com>
+
+        The DOM should have an advancing wavefront opaque root barrier
+        https://bugs.webkit.org/show_bug.cgi?id=165712
+
+        Reviewed by Yusuke Suzuki.
+
+        No new tests because this was covered by crashing tests.
+        
+        Consider these two cases:
+        
+           Removal:
+           1) DOM at start: D->X->Y
+           2) Mark X, X->visitChildren, addOpaqueRoot(D)
+           3) remove X
+           4) Y thinks it's not reachable (its opaque root, X, is not in the set).
+           
+           Insertion:
+           1) DOM at start: D, X->Y
+           2) Mark X, X->visitChildren, addOpaqueRoot(X)
+           3) insert X into D
+           4) Y thinks it's not reachable (its opaque root, D, is not in the set).
+        
+        We can fix this with two barriers:
+        
+           Removal: add X (the removed child) to the opaque root set.
+           Insertion: add D (the insertion point) to the opaque root set.
+        
+        Thanks Rysosuke for coming up with this idea!
+        
+        Both barriers advance the wavefront. We could consider retreating wavefront barriers in
+        the future (where we cause visitChildren to be called again on wrappers that belonged to
+        roots that got affected by insertion/removal) but those would probably require more
+        bookkeeping.
+        
+        To make this barrier very fast, the WebCore caches the JSC VM's barrier state in
+        its own global variable for very fast access. This variable will be false most of the
+        time. It's false when there is no VM, so triggering the barrier won't cause the VM to be
+        created. It's only true when GC is running, which is rare by design.
+        
+        To make that caching more sensible, I finally gave WebCore a central header for
+        the common VM (CommonVM.h).
+
+        * CMakeLists.txt:
+        * Modules/mediastream/SDPProcessor.cpp:
+        (WebCore::SDPProcessor::callScript):
+        * WebCore.xcodeproj/project.pbxproj:
+        * bindings/js/CommonVM.cpp: Added.
+        (WebCore::commonVMSlow):
+        (WebCore::writeBarrierOpaqueRootSlow):
+        * bindings/js/CommonVM.h: Added.
+        (WebCore::commonVM):
+        (WebCore::writeBarrierOpaqueRoot):
+        * bindings/js/DOMWrapperWorld.cpp:
+        (WebCore::mainThreadNormalWorld):
+        * bindings/js/GCController.cpp:
+        (WebCore::collect):
+        (WebCore::GCController::garbageCollectSoon):
+        (WebCore::GCController::garbageCollectNow):
+        (WebCore::GCController::garbageCollectNowIfNotDoneRecently):
+        (WebCore::GCController::setJavaScriptGarbageCollectorTimerEnabled):
+        (WebCore::GCController::deleteAllCode):
+        (WebCore::GCController::deleteAllLinkedCode):
+        * bindings/js/JSCustomXPathNSResolver.cpp:
+        (WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
+        * bindings/js/JSDOMBinding.cpp:
+        (WebCore::addImpureProperty):
+        * bindings/js/JSDOMWindowBase.cpp:
+        (WebCore::JSDOMWindowBase::fireFrameClearedWatchpointsForWindow):
+        (WebCore::JSDOMWindowBase::commonVM): Deleted.
+        * bindings/js/JSDOMWindowBase.h:
+        * bindings/js/JSDOMWindowShell.cpp:
+        (WebCore::JSDOMWindowShell::setWindow):
+        * bindings/js/JSNodeCustom.h:
+        (WebCore::root):
+        * bindings/js/ScriptCachedFrameData.cpp:
+        (WebCore::ScriptCachedFrameData::ScriptCachedFrameData):
+        (WebCore::ScriptCachedFrameData::restore):
+        (WebCore::ScriptCachedFrameData::clear):
+        * bindings/js/ScriptController.cpp:
+        (WebCore::ScriptController::~ScriptController):
+        (WebCore::ScriptController::createWorld):
+        (WebCore::ScriptController::getAllWorlds):
+        (WebCore::ScriptController::clearWindowShell):
+        (WebCore::ScriptController::cacheableBindingRootObject):
+        (WebCore::ScriptController::bindingRootObject):
+        (WebCore::ScriptController::windowScriptNPObject):
+        (WebCore::ScriptController::jsObjectForPluginElement):
+        (WebCore::ScriptController::clearScriptObjects):
+        * dom/CollectionIndexCache.cpp:
+        (WebCore::reportExtraMemoryAllocatedForCollectionIndexCache):
+        * dom/ContainerNode.cpp:
+        * dom/ContainerNodeAlgorithms.cpp:
+        (WebCore::notifyChildNodeInserted):
+        (WebCore::notifyChildNodeRemoved):
+        * dom/Document.cpp:
+        (WebCore::Document::shouldBypassMainWorldContentSecurityPolicy):
+        * dom/Node.h:
+        (WebCore::Node::opaqueRoot):
+        * dom/ScriptExecutionContext.cpp:
+        (WebCore::ScriptExecutionContext::vm):
+        * html/HTMLImageLoader.cpp:
+        (WebCore::HTMLImageLoader::notifyFinished):
+        * html/HTMLMediaElement.cpp:
+        (WebCore::HTMLMediaElement::pauseAfterDetachedTask):
+        (WebCore::HTMLMediaElement::ensureIsolatedWorld):
+        * html/HTMLPlugInImageElement.cpp:
+        (WebCore::plugInImageElementIsolatedWorld):
+        * inspector/InspectorController.cpp:
+        (WebCore::InspectorController::vm):
+        * inspector/PageScriptDebugServer.cpp:
+        (WebCore::PageScriptDebugServer::PageScriptDebugServer):
+        * page/PerformanceLogging.cpp:
+        (WebCore::PerformanceLogging::memoryUsageStatistics):
+        (WebCore::PerformanceLogging::javaScriptObjectCounts):
+        * page/ResourceUsageThread.cpp:
+        (WebCore::ResourceUsageThread::createThreadIfNeeded):
+        * svg/graphics/SVGImage.cpp:
+        (WebCore::SVGImage::reportApproximateMemoryCost):
+        * testing/MemoryInfo.h:
+        (WebCore::MemoryInfo::MemoryInfo):
+
 2016-12-11  Dan Bernstein  <mitz@apple.com>
 
         [Cocoa] NSAttributedString representation of text copied from -webkit-nbsp-mode:space element contains non-breaking space characters, but shouldn’t
index 145d411..61d11b6 100644 (file)
@@ -34,6 +34,7 @@
 #if ENABLE(WEB_RTC)
 #include "SDPProcessor.h"
 
+#include "CommonVM.h"
 #include "Document.h"
 #include "Frame.h"
 #include "SDPProcessorScriptResource.h"
@@ -495,7 +496,7 @@ bool SDPProcessor::callScript(const String& functionName, const String& argument
         return false;
 
     if (!m_isolatedWorld)
-        m_isolatedWorld = DOMWrapperWorld::create(JSDOMWindow::commonVM());
+        m_isolatedWorld = DOMWrapperWorld::create(commonVM());
 
     ScriptController& scriptController = document->frame()->script();
     JSDOMGlobalObject* globalObject = JSC::jsCast<JSDOMGlobalObject*>(scriptController.globalObject(*m_isolatedWorld));
index 535eb6a..3ad4748 100644 (file)
@@ -29,6 +29,7 @@
 
 #import "QuickTimePluginReplacement.h"
 
+#import "CommonVM.h"
 #import "Event.h"
 #import "HTMLPlugInElement.h"
 #import "HTMLVideoElement.h"
@@ -148,7 +149,7 @@ RenderPtr<RenderElement> QuickTimePluginReplacement::createElementRenderer(HTMLP
 
 DOMWrapperWorld& QuickTimePluginReplacement::isolatedWorld()
 {
-    static DOMWrapperWorld& isolatedWorld = DOMWrapperWorld::create(JSDOMWindow::commonVM()).leakRef();
+    static DOMWrapperWorld& isolatedWorld = DOMWrapperWorld::create(commonVM()).leakRef();
     return isolatedWorld;
 }
 
index a581b0b..d705e73 100644 (file)
                0F5E200618E771FC003EC3E5 /* PlatformCAAnimationCocoa.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5E200518E771FC003EC3E5 /* PlatformCAAnimationCocoa.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0F605AEC15F94848004DF0C0 /* ScrollingConstraints.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F605AEA15F94848004DF0C0 /* ScrollingConstraints.cpp */; };
                0F605AED15F94848004DF0C0 /* ScrollingConstraints.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F605AEB15F94848004DF0C0 /* ScrollingConstraints.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0F60F32B1DFBB10700416D6C /* CommonVM.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F60F32A1DFBB10400416D6C /* CommonVM.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               0F60F32C1DFBB10B00416D6C /* CommonVM.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F60F3291DFBB10400416D6C /* CommonVM.cpp */; };
                0F6383DD18615B29003E5DB5 /* ThreadedScrollingTree.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F6383DB18615B29003E5DB5 /* ThreadedScrollingTree.cpp */; };
                0F6383DE18615B29003E5DB5 /* ThreadedScrollingTree.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F6383DC18615B29003E5DB5 /* ThreadedScrollingTree.h */; settings = {ATTRIBUTES = (Private, ); }; };
                0F6A12BD1A00923700C6DE72 /* DebugPageOverlays.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F6A12BB1A00923700C6DE72 /* DebugPageOverlays.cpp */; };
                0F5E200518E771FC003EC3E5 /* PlatformCAAnimationCocoa.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PlatformCAAnimationCocoa.h; sourceTree = "<group>"; };
                0F605AEA15F94848004DF0C0 /* ScrollingConstraints.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ScrollingConstraints.cpp; sourceTree = "<group>"; };
                0F605AEB15F94848004DF0C0 /* ScrollingConstraints.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ScrollingConstraints.h; sourceTree = "<group>"; };
+               0F60F3291DFBB10400416D6C /* CommonVM.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CommonVM.cpp; sourceTree = "<group>"; };
+               0F60F32A1DFBB10400416D6C /* CommonVM.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CommonVM.h; sourceTree = "<group>"; };
                0F6383DB18615B29003E5DB5 /* ThreadedScrollingTree.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ThreadedScrollingTree.cpp; sourceTree = "<group>"; };
                0F6383DC18615B29003E5DB5 /* ThreadedScrollingTree.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ThreadedScrollingTree.h; sourceTree = "<group>"; };
                0F6A12BB1A00923700C6DE72 /* DebugPageOverlays.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DebugPageOverlays.cpp; sourceTree = "<group>"; };
                                E307DEC81D81E44800141CAF /* CachedModuleScriptLoaderClient.h */,
                                BCD533630ED6848900887468 /* CachedScriptSourceProvider.h */,
                                93F8B3060A300FEA00F61AB8 /* CodeGeneratorJS.pm */,
+                               0F60F3291DFBB10400416D6C /* CommonVM.cpp */,
+                               0F60F32A1DFBB10400416D6C /* CommonVM.h */,
                                312D67B01535691F00563D0D /* Dictionary.cpp */,
                                316023EF1532C40C00D50FF4 /* Dictionary.h */,
                                B56576E717DA94E200A56BDC /* DOMConstructorWithDocument.h */,
                                FD45A95B175D41EE00C21EC8 /* ShapeInterval.h in Headers */,
                                FD45A952175D3F3E00C21EC8 /* ShapeOutsideInfo.h in Headers */,
                                FD1AF1501656F15100C6D4F7 /* ShapeValue.h in Headers */,
+                               0F60F32B1DFBB10700416D6C /* CommonVM.h in Headers */,
                                1A4A954E0B4EDCCB002D8C3C /* SharedBuffer.h in Headers */,
                                97B1F02F13B025D200F5103F /* SharedBufferChunkReader.h in Headers */,
                                93309EA3099EB78C0056E581 /* SharedTimer.h in Headers */,
                                A14832B3187F629100DA63A6 /* WAKClipView.m in Sources */,
                                A14832B5187F62FC00DA63A6 /* WAKResponder.m in Sources */,
                                A14832B7187F636C00DA63A6 /* WAKScrollView.mm in Sources */,
+                               0F60F32C1DFBB10B00416D6C /* CommonVM.cpp in Sources */,
                                A14832B9187F63D500DA63A6 /* WAKView.mm in Sources */,
                                A14832BC187F648E00DA63A6 /* WAKWindow.mm in Sources */,
                                FD7F299113D4C0CB00AD9535 /* WaveShaperDSPKernel.cpp in Sources */,
diff --git a/Source/WebCore/bindings/js/CommonVM.cpp b/Source/WebCore/bindings/js/CommonVM.cpp
new file mode 100644 (file)
index 0000000..86f7060
--- /dev/null
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#include "config.h"
+#include "CommonVM.h"
+
+#include "ScriptController.h"
+#include "Settings.h"
+#include "WebCoreJSClientData.h"
+#include <heap/HeapInlines.h>
+#include <runtime/VM.h>
+#include <wtf/MainThread.h>
+
+using namespace JSC;
+
+namespace WebCore {
+
+VM* g_commonVMOrNull;
+bool g_opaqueRootWriteBarrierEnabled;
+
+VM& commonVMSlow()
+{
+    ASSERT(isMainThread());
+    ASSERT(!g_commonVMOrNull);
+    
+    ScriptController::initializeThreading();
+    g_commonVMOrNull = &VM::createLeaked(LargeHeap).leakRef();
+    g_commonVMOrNull->heap.acquireAccess(); // At any time, we may do things that affect the GC.
+#if !PLATFORM(IOS)
+    g_commonVMOrNull->setExclusiveThread(std::this_thread::get_id());
+#else
+    g_commonVMOrNull->heap.setRunLoop(WebThreadRunLoop());
+    g_commonVMOrNull->heap.machineThreads().addCurrentThread();
+#endif
+    
+    g_commonVMOrNull->setGlobalConstRedeclarationShouldThrow(Settings::globalConstRedeclarationShouldThrow());
+    g_commonVMOrNull->heap.addMutatorShouldBeFencedCache(g_opaqueRootWriteBarrierEnabled);
+    
+    initNormalWorldClientData(g_commonVMOrNull);
+    
+    return *g_commonVMOrNull;
+}
+
+void writeBarrierOpaqueRootSlow(void* root)
+{
+    if (VM* vm = g_commonVMOrNull)
+        vm->heap.writeBarrierOpaqueRoot(root);
+}
+
+} // namespace WebCore
+
diff --git a/Source/WebCore/bindings/js/CommonVM.h b/Source/WebCore/bindings/js/CommonVM.h
new file mode 100644 (file)
index 0000000..244ccdd
--- /dev/null
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ */
+
+#pragma once
+
+namespace JSC {
+class VM;
+}
+
+namespace WebCore {
+
+WEBCORE_EXPORT extern JSC::VM* g_commonVMOrNull;
+WEBCORE_EXPORT extern bool g_opaqueRootWriteBarrierEnabled;
+
+WEBCORE_EXPORT JSC::VM& commonVMSlow();
+WEBCORE_EXPORT void writeBarrierOpaqueRootSlow(void*);
+
+inline JSC::VM& commonVM()
+{
+    if (JSC::VM* result = g_commonVMOrNull)
+        return *result;
+    return commonVMSlow();
+}
+
+template<typename Func>
+void writeBarrierOpaqueRoot(const Func& rootThunk)
+{
+    if (g_opaqueRootWriteBarrierEnabled)
+        writeBarrierOpaqueRootSlow(rootThunk());
+}
+
+} // namespace WebCore
+
index 6657d2f..1187bc1 100644 (file)
@@ -21,6 +21,7 @@
 #include "config.h"
 #include "DOMWrapperWorld.h"
 
+#include "CommonVM.h"
 #include "JSDOMWindow.h"
 #include "ScriptController.h"
 #include "WebCoreJSClientData.h"
@@ -69,7 +70,7 @@ DOMWrapperWorld& normalWorld(JSC::VM& vm)
 DOMWrapperWorld& mainThreadNormalWorld()
 {
     ASSERT(isMainThread());
-    static DOMWrapperWorld& cachedNormalWorld = normalWorld(JSDOMWindow::commonVM());
+    static DOMWrapperWorld& cachedNormalWorld = normalWorld(commonVM());
     return cachedNormalWorld;
 }
 
index e430332..6f9fca6 100644 (file)
@@ -26,7 +26,7 @@
 #include "config.h"
 #include "GCController.h"
 
-#include "JSDOMWindow.h"
+#include "CommonVM.h"
 #include <runtime/VM.h>
 #include <runtime/JSLock.h>
 #include <heap/Heap.h>
@@ -40,8 +40,8 @@ namespace WebCore {
 
 static void collect(void*)
 {
-    JSLockHolder lock(JSDOMWindow::commonVM());
-    JSDOMWindow::commonVM().heap.collectAllGarbage();
+    JSLockHolder lock(commonVM());
+    commonVM().heap.collectAllGarbage();
 }
 
 GCController& GCController::singleton()
@@ -61,8 +61,8 @@ void GCController::garbageCollectSoon()
     // of the garbage collector timers in JavaScriptCore. We wouldn't need this if JavaScriptCore
     // used a timer implementation from WTF like RunLoop::Timer.
 #if USE(CF) || USE(GLIB)
-    JSLockHolder lock(JSDOMWindow::commonVM());
-    JSDOMWindow::commonVM().heap.reportAbandonedObjectGraph();
+    JSLockHolder lock(commonVM());
+    commonVM().heap.reportAbandonedObjectGraph();
 #else
     garbageCollectOnNextRunLoop();
 #endif
@@ -81,9 +81,9 @@ void GCController::gcTimerFired()
 
 void GCController::garbageCollectNow()
 {
-    JSLockHolder lock(JSDOMWindow::commonVM());
-    if (!JSDOMWindow::commonVM().heap.isCurrentThreadBusy()) {
-        JSDOMWindow::commonVM().heap.collectAllGarbage();
+    JSLockHolder lock(commonVM());
+    if (!commonVM().heap.isCurrentThreadBusy()) {
+        commonVM().heap.collectAllGarbage();
         WTF::releaseFastMallocFreeMemory();
     }
 }
@@ -91,9 +91,9 @@ void GCController::garbageCollectNow()
 void GCController::garbageCollectNowIfNotDoneRecently()
 {
 #if USE(CF) || USE(GLIB)
-    JSLockHolder lock(JSDOMWindow::commonVM());
-    if (!JSDOMWindow::commonVM().heap.isCurrentThreadBusy())
-        JSDOMWindow::commonVM().heap.collectAllGarbageIfNotDoneRecently();
+    JSLockHolder lock(commonVM());
+    if (!commonVM().heap.isCurrentThreadBusy())
+        commonVM().heap.collectAllGarbageIfNotDoneRecently();
 #else
     garbageCollectSoon();
 #endif
@@ -113,19 +113,19 @@ void GCController::garbageCollectOnAlternateThreadForDebugging(bool waitUntilDon
 
 void GCController::setJavaScriptGarbageCollectorTimerEnabled(bool enable)
 {
-    JSDOMWindow::commonVM().heap.setGarbageCollectionTimerEnabled(enable);
+    commonVM().heap.setGarbageCollectionTimerEnabled(enable);
 }
 
 void GCController::deleteAllCode(DeleteAllCodeEffort effort)
 {
-    JSLockHolder lock(JSDOMWindow::commonVM());
-    JSDOMWindow::commonVM().deleteAllCode(effort);
+    JSLockHolder lock(commonVM());
+    commonVM().deleteAllCode(effort);
 }
 
 void GCController::deleteAllLinkedCode(DeleteAllCodeEffort effort)
 {
-    JSLockHolder lock(JSDOMWindow::commonVM());
-    JSDOMWindow::commonVM().deleteAllLinkedCode(effort);
+    JSLockHolder lock(commonVM());
+    commonVM().deleteAllLinkedCode(effort);
 }
 
 } // namespace WebCore
index 6e5eecb..8038977 100644 (file)
@@ -26,6 +26,7 @@
 #include "config.h"
 #include "JSCustomXPathNSResolver.h"
 
+#include "CommonVM.h"
 #include "Document.h"
 #include "ExceptionCode.h"
 #include "Frame.h"
@@ -69,7 +70,7 @@ String JSCustomXPathNSResolver::lookupNamespaceURI(const String& prefix)
 {
     ASSERT(m_customResolver);
 
-    JSLockHolder lock(JSDOMWindowBase::commonVM());
+    JSLockHolder lock(commonVM());
 
     ExecState* exec = m_globalObject->globalExec();
         
index ea0b10f..c8ff77f 100644 (file)
@@ -23,6 +23,7 @@
 #include "JSDOMBinding.h"
 
 #include "CachedScript.h"
+#include "CommonVM.h"
 #include "DOMConstructorWithDocument.h"
 #include "ExceptionCode.h"
 #include "ExceptionCodeDescription.h"
@@ -61,7 +62,7 @@ STATIC_ASSERT_IS_TRIVIALLY_DESTRUCTIBLE(DOMConstructorWithDocument);
 
 void addImpureProperty(const AtomicString& propertyName)
 {
-    JSDOMWindow::commonVM().addImpureProperty(propertyName);
+    commonVM().addImpureProperty(propertyName);
 }
 
 JSValue jsOwnedStringOrNull(ExecState* exec, const String& s)
index ad9d38c..fa8c52d 100644 (file)
@@ -26,6 +26,7 @@
 
 #include "ActiveDOMCallbackMicrotask.h"
 #include "Chrome.h"
+#include "CommonVM.h"
 #include "DOMWindow.h"
 #include "Frame.h"
 #include "InspectorController.h"
@@ -245,30 +246,6 @@ JSDOMWindowShell* JSDOMWindowBase::shell() const
     return m_shell;
 }
 
-VM& JSDOMWindowBase::commonVM()
-{
-    ASSERT(isMainThread());
-
-    static VM* vm = nullptr;
-    if (!vm) {
-        ScriptController::initializeThreading();
-        vm = &VM::createLeaked(LargeHeap).leakRef();
-        vm->heap.acquireAccess(); // At any time, we may do things that affect the GC.
-#if !PLATFORM(IOS)
-        vm->setExclusiveThread(std::this_thread::get_id());
-#else
-        vm->heap.setRunLoop(WebThreadRunLoop());
-        vm->heap.machineThreads().addCurrentThread();
-#endif
-
-        vm->setGlobalConstRedeclarationShouldThrow(Settings::globalConstRedeclarationShouldThrow());
-
-        initNormalWorldClientData(vm);
-    }
-
-    return *vm;
-}
-
 // JSDOMGlobalObject* is ignored, accessing a window in any context will
 // use that DOMWindow's prototype chain.
 JSValue toJS(ExecState* exec, JSDOMGlobalObject*, DOMWindow& domWindow)
@@ -309,7 +286,7 @@ JSDOMWindow* toJSDOMWindow(JSValue value)
 
 void JSDOMWindowBase::fireFrameClearedWatchpointsForWindow(DOMWindow* window)
 {
-    JSC::VM& vm = JSDOMWindowBase::commonVM();
+    JSC::VM& vm = commonVM();
     JSVMClientData* clientData = static_cast<JSVMClientData*>(vm.clientData);
     Vector<Ref<DOMWrapperWorld>> wrapperWorlds;
     clientData->getAllWorlds(wrapperWorlds);
index c5917c3..4a9bc4e 100644 (file)
@@ -69,7 +69,6 @@ namespace WebCore {
 
         JSDOMWindowShell* shell() const;
 
-        static JSC::VM& commonVM();
         static void fireFrameClearedWatchpointsForWindow(DOMWindow*);
         static void visitChildren(JSC::JSCell*, JSC::SlotVisitor&);
 
index 7ac85ec..e9bee20 100644 (file)
@@ -29,6 +29,7 @@
 #include "config.h"
 #include "JSDOMWindowShell.h"
 
+#include "CommonVM.h"
 #include "Frame.h"
 #include "GCController.h"
 #include "JSDOMWindow.h"
@@ -79,7 +80,7 @@ void JSDOMWindowShell::setWindow(RefPtr<DOMWindow>&& domWindow)
     // when we allocate the global object. (Once the global object is fully
     // constructed, it can mark its own prototype.)
     
-    VM& vm = JSDOMWindow::commonVM();
+    VM& vm = commonVM();
     Structure* prototypeStructure = JSDOMWindowPrototype::createStructure(vm, 0, jsNull());
     Strong<JSDOMWindowPrototype> prototype(vm, JSDOMWindowPrototype::create(vm, 0, prototypeStructure));
 
index 2224d71..6779dad 100644 (file)
@@ -65,12 +65,7 @@ inline void willCreatePossiblyOrphanedTreeByRemoval(Node* root)
 
 inline void* root(Node* node)
 {
-    if (node->inDocument())
-        return &node->document();
-
-    while (node->parentOrShadowHostNode())
-        node = node->parentOrShadowHostNode();
-    return node;
+    return node->opaqueRoot();
 }
 
 inline void* root(Node& node)
index 5616b3d..1196db7 100644 (file)
@@ -32,6 +32,7 @@
 #include "config.h"
 #include "ScriptCachedFrameData.h"
 
+#include "CommonVM.h"
 #include "Document.h"
 #include "Frame.h"
 #include "GCController.h"
@@ -49,7 +50,7 @@ namespace WebCore {
 
 ScriptCachedFrameData::ScriptCachedFrameData(Frame& frame)
 {
-    JSLockHolder lock(JSDOMWindowBase::commonVM());
+    JSLockHolder lock(commonVM());
 
     ScriptController& scriptController = frame.script();
     Vector<JSC::Strong<JSDOMWindowShell>> windowShells = scriptController.windowShells();
@@ -71,7 +72,7 @@ ScriptCachedFrameData::~ScriptCachedFrameData()
 
 void ScriptCachedFrameData::restore(Frame& frame)
 {
-    JSLockHolder lock(JSDOMWindowBase::commonVM());
+    JSLockHolder lock(commonVM());
 
     Page* page = frame.page();
     ScriptController& scriptController = frame.script();
@@ -106,7 +107,7 @@ void ScriptCachedFrameData::clear()
     if (m_windows.isEmpty())
         return;
 
-    JSLockHolder lock(JSDOMWindowBase::commonVM());
+    JSLockHolder lock(commonVM());
     m_windows.clear();
     GCController::singleton().garbageCollectSoon();
 }
index 1a77825..90510e8 100644 (file)
@@ -23,6 +23,7 @@
 
 #include "BridgeJSC.h"
 #include "CachedModuleScript.h"
+#include "CommonVM.h"
 #include "ContentSecurityPolicy.h"
 #include "DocumentLoader.h"
 #include "Event.h"
@@ -105,7 +106,7 @@ ScriptController::~ScriptController()
     disconnectPlatformScriptObjects();
 
     if (m_cacheableBindingRootObject) {
-        JSLockHolder lock(JSDOMWindowBase::commonVM());
+        JSLockHolder lock(commonVM());
         m_cacheableBindingRootObject->invalidate();
         m_cacheableBindingRootObject = nullptr;
     }
@@ -271,7 +272,7 @@ JSC::JSValue ScriptController::evaluateModule(const URL& sourceURL, JSModuleReco
 
 Ref<DOMWrapperWorld> ScriptController::createWorld()
 {
-    return DOMWrapperWorld::create(JSDOMWindow::commonVM());
+    return DOMWrapperWorld::create(commonVM());
 }
 
 Vector<JSC::Strong<JSDOMWindowShell>> ScriptController::windowShells()
@@ -283,7 +284,7 @@ Vector<JSC::Strong<JSDOMWindowShell>> ScriptController::windowShells()
 
 void ScriptController::getAllWorlds(Vector<Ref<DOMWrapperWorld>>& worlds)
 {
-    static_cast<JSVMClientData*>(JSDOMWindow::commonVM().clientData)->getAllWorlds(worlds);
+    static_cast<JSVMClientData*>(commonVM().clientData)->getAllWorlds(worlds);
 }
 
 void ScriptController::clearWindowShell(DOMWindow* newDOMWindow, bool goingIntoPageCache)
@@ -291,7 +292,7 @@ void ScriptController::clearWindowShell(DOMWindow* newDOMWindow, bool goingIntoP
     if (m_windowShells.isEmpty())
         return;
 
-    JSLockHolder lock(JSDOMWindowBase::commonVM());
+    JSLockHolder lock(commonVM());
 
     Vector<JSC::Strong<JSDOMWindowShell>> windowShells = this->windowShells();
     for (size_t i = 0; i < windowShells.size(); ++i) {
@@ -496,7 +497,7 @@ Bindings::RootObject* ScriptController::cacheableBindingRootObject()
         return 0;
 
     if (!m_cacheableBindingRootObject) {
-        JSLockHolder lock(JSDOMWindowBase::commonVM());
+        JSLockHolder lock(commonVM());
         m_cacheableBindingRootObject = Bindings::RootObject::create(0, globalObject(pluginWorld()));
     }
     return m_cacheableBindingRootObject.get();
@@ -508,7 +509,7 @@ Bindings::RootObject* ScriptController::bindingRootObject()
         return 0;
 
     if (!m_bindingRootObject) {
-        JSLockHolder lock(JSDOMWindowBase::commonVM());
+        JSLockHolder lock(commonVM());
         m_bindingRootObject = Bindings::RootObject::create(0, globalObject(pluginWorld()));
     }
     return m_bindingRootObject.get();
@@ -539,7 +540,7 @@ void ScriptController::collectIsolatedContexts(Vector<std::pair<JSC::ExecState*,
 NPObject* ScriptController::windowScriptNPObject()
 {
     if (!m_windowScriptNPObject) {
-        JSLockHolder lock(JSDOMWindowBase::commonVM());
+        JSLockHolder lock(commonVM());
         if (canExecuteScripts(NotAboutToExecuteScript)) {
             // JavaScript is enabled, so there is a JavaScript window object.
             // Return an NPObject bound to the window object.
@@ -574,7 +575,7 @@ JSObject* ScriptController::jsObjectForPluginElement(HTMLPlugInElement* plugin)
     if (!canExecuteScripts(NotAboutToExecuteScript))
         return 0;
 
-    JSLockHolder lock(JSDOMWindowBase::commonVM());
+    JSLockHolder lock(commonVM());
 
     // Create a JSObject bound to this element
     JSDOMWindow* globalObj = globalObject(pluginWorld());
@@ -611,7 +612,7 @@ void ScriptController::cleanupScriptObjectsForPlugin(void* nativeHandle)
 
 void ScriptController::clearScriptObjects()
 {
-    JSLockHolder lock(JSDOMWindowBase::commonVM());
+    JSLockHolder lock(commonVM());
 
     RootObjectMap::const_iterator end = m_rootObjects.end();
     for (RootObjectMap::const_iterator it = m_rootObjects.begin(); it != end; ++it)
index 84aad8c..964ae0e 100644 (file)
@@ -30,6 +30,7 @@
 #import "ScriptController.h"
 
 #import "BridgeJSC.h"
+#import "CommonVM.h"
 #import "DOMWindow.h"
 #import "Frame.h"
 #import "FrameLoader.h"
@@ -100,7 +101,7 @@ WebScriptObject *ScriptController::windowScriptObject()
         return nil;
 
     if (!m_windowScriptObject) {
-        JSC::JSLockHolder lock(JSDOMWindowBase::commonVM());
+        JSC::JSLockHolder lock(commonVM());
         JSC::Bindings::RootObject* root = bindingRootObject();
         m_windowScriptObject = [WebScriptObject scriptObjectForJSObject:toRef(windowShell(pluginWorld())) originRootObject:root rootObject:root];
     }
index dd9d656..65bea69 100644 (file)
 #include "config.h"
 #include "CollectionIndexCache.h"
 
+#include "CommonVM.h"
 #include "DOMWindow.h"
-#include "JSDOMWindowBase.h"
+#include "JSDOMBinding.h"
 
 namespace WebCore {
 
 void reportExtraMemoryAllocatedForCollectionIndexCache(size_t cost)
 {
-    JSC::VM& vm = JSDOMWindowBase::commonVM();
+    JSC::VM& vm = commonVM();
     JSC::JSLockHolder lock(vm);
     // FIXME: Adopt reportExtraMemoryVisited, and switch to reportExtraMemoryAllocated.
     // https://bugs.webkit.org/show_bug.cgi?id=142595
index de70bec..4e1ee24 100644 (file)
@@ -2,7 +2,7 @@
  * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
  *           (C) 1999 Antti Koivisto (koivisto@kde.org)
  *           (C) 2001 Dirk Mueller (mueller@kde.org)
- * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2016 Apple Inc. All rights reserved.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Library General Public
@@ -29,6 +29,7 @@
 #include "Chrome.h"
 #include "ChromeClient.h"
 #include "ClassCollection.h"
+#include "CommonVM.h"
 #include "ContainerNodeAlgorithms.h"
 #include "Editor.h"
 #include "EventNames.h"
index 4e30679..ed53793 100644 (file)
@@ -26,6 +26,7 @@
 #include "config.h"
 #include "ContainerNodeAlgorithms.h"
 
+#include "CommonVM.h"
 #include "HTMLFrameOwnerElement.h"
 #include "InspectorInstrumentation.h"
 #include "NoEventDispatchAssertion.h"
 
 namespace WebCore {
 
-void notifyNodeInsertedIntoTree(ContainerNode& insertionPoint, ContainerNode&, NodeVector& postInsertionNotificationTargets);
-void notifyNodeInsertedIntoDocument(ContainerNode& insertionPoint, Node&, NodeVector& postInsertionNotificationTargets);
-void notifyNodeRemovedFromTree(ContainerNode& insertionPoint, ContainerNode&);
-void notifyNodeRemovedFromDocument(ContainerNode& insertionPoint, Node&);
+static void notifyNodeInsertedIntoTree(ContainerNode& insertionPoint, ContainerNode&, NodeVector& postInsertionNotificationTargets);
+static void notifyNodeInsertedIntoDocument(ContainerNode& insertionPoint, Node&, NodeVector& postInsertionNotificationTargets);
+static void notifyNodeRemovedFromTree(ContainerNode& insertionPoint, ContainerNode&);
+static void notifyNodeRemovedFromDocument(ContainerNode& insertionPoint, Node&);
 
 static void notifyDescendantInsertedIntoDocument(ContainerNode& insertionPoint, ContainerNode& node, NodeVector& postInsertionNotificationTargets)
 {
@@ -101,6 +102,8 @@ void notifyChildNodeInserted(ContainerNode& insertionPoint, Node& node, NodeVect
         notifyNodeInsertedIntoDocument(insertionPoint, node, postInsertionNotificationTargets);
     else if (is<ContainerNode>(node))
         notifyNodeInsertedIntoTree(insertionPoint, downcast<ContainerNode>(node), postInsertionNotificationTargets);
+
+    writeBarrierOpaqueRoot([&insertionPoint] () -> void* { return insertionPoint.opaqueRoot(); });
 }
 
 void notifyNodeRemovedFromDocument(ContainerNode& insertionPoint, Node& node)
@@ -152,6 +155,8 @@ void notifyNodeRemovedFromTree(ContainerNode& insertionPoint, ContainerNode& nod
 
 void notifyChildNodeRemoved(ContainerNode& insertionPoint, Node& child)
 {
+    writeBarrierOpaqueRoot([&child] () -> void* { return &child; });
+
     if (!child.inDocument()) {
         if (is<ContainerNode>(child))
             notifyNodeRemovedFromTree(insertionPoint, downcast<ContainerNode>(child));
index 958f2a0..50e81a6 100644 (file)
@@ -40,6 +40,7 @@
 #include "Chrome.h"
 #include "ChromeClient.h"
 #include "Comment.h"
+#include "CommonVM.h"
 #include "CompositionEvent.h"
 #include "ContentSecurityPolicy.h"
 #include "CookieJar.h"
@@ -2365,7 +2366,7 @@ void Document::resumeDeviceMotionAndOrientationUpdates()
 
 bool Document::shouldBypassMainWorldContentSecurityPolicy() const
 {
-    JSC::CallFrame* callFrame = JSDOMWindow::commonVM().topCallFrame;
+    JSC::CallFrame* callFrame = commonVM().topCallFrame;
     if (callFrame == JSC::CallFrame::noCaller())
         return false;
     DOMWrapperWorld& domWrapperWorld = currentWorld(callFrame);
index 45af7cb..ebf8200 100644 (file)
@@ -2399,6 +2399,18 @@ bool Node::inRenderedDocument() const
     return inDocument() && document().hasLivingRenderTree();
 }
 
+void* Node::opaqueRootSlow() const
+{
+    const Node* node = this;
+    for (;;) {
+        const Node* nextNode = node->parentOrShadowHostNode();
+        if (!nextNode)
+            break;
+        node = nextNode;
+    }
+    return const_cast<void*>(static_cast<const void*>(node));
+}
+
 } // namespace WebCore
 
 #if ENABLE(TREE_DEBUGGING)
index 8e0f123..a5d1640 100644 (file)
@@ -266,6 +266,8 @@ public:
         bool composed;
     };
     Node& getRootNode(const GetRootNodeOptions&) const;
+    
+    void* opaqueRoot() const;
 
     // Use when it's guaranteed to that shadowHost is null.
     ContainerNode* parentNodeGuaranteedHostFree() const;
@@ -671,6 +673,8 @@ private:
     HashSet<MutationObserverRegistration*>* transientMutationObserverRegistry();
 
     void adjustStyleValidity(Style::Validity, Style::InvalidationMode);
+    
+    void* opaqueRootSlow() const;
 
     int m_refCount;
     mutable uint32_t m_nodeFlags;
@@ -757,6 +761,15 @@ inline ContainerNode* Node::parentNode() const
     return m_parentNode;
 }
 
+inline void* Node::opaqueRoot() const
+{
+    // FIXME: Possible race?
+    // https://bugs.webkit.org/show_bug.cgi?id=165713
+    if (inDocument())
+        return &document();
+    return opaqueRootSlow();
+}
+
 inline ContainerNode* Node::parentNodeGuaranteedHostFree() const
 {
     ASSERT(!isShadowRoot());
index 937f1c2..9fc112d 100644 (file)
@@ -29,6 +29,7 @@
 #include "ScriptExecutionContext.h"
 
 #include "CachedScript.h"
+#include "CommonVM.h"
 #include "DOMTimer.h"
 #include "DatabaseContext.h"
 #include "Document.h"
@@ -477,7 +478,7 @@ std::chrono::milliseconds ScriptExecutionContext::timerAlignmentInterval(bool) c
 JSC::VM& ScriptExecutionContext::vm()
 {
     if (is<Document>(*this))
-        return JSDOMWindow::commonVM();
+        return commonVM();
 
     return downcast<WorkerGlobalScope>(*this).script()->vm();
 }
index e7f9fec..4bafd48 100644 (file)
@@ -23,6 +23,7 @@
 #include "HTMLImageLoader.h"
 
 #include "CachedImage.h"
+#include "CommonVM.h"
 #include "DOMWindow.h"
 #include "Element.h"
 #include "Event.h"
@@ -84,7 +85,7 @@ void HTMLImageLoader::notifyFinished(CachedResource&)
     bool loadError = cachedImage.errorOccurred() || cachedImage.response().httpStatusCode() >= 400;
     if (!loadError) {
         if (!element().inDocument()) {
-            JSC::VM& vm = JSDOMWindowBase::commonVM();
+            JSC::VM& vm = commonVM();
             JSC::JSLockHolder lock(vm);
             // FIXME: Adopt reportExtraMemoryVisited, and switch to reportExtraMemoryAllocated.
             // https://bugs.webkit.org/show_bug.cgi?id=142595
index e465bfc..5d1739c 100644 (file)
@@ -37,6 +37,7 @@
 #include "ChromeClient.h"
 #include "ClientRect.h"
 #include "ClientRectList.h"
+#include "CommonVM.h"
 #include "ContentSecurityPolicy.h"
 #include "ContentType.h"
 #include "CookieJar.h"
@@ -849,7 +850,7 @@ void HTMLMediaElement::pauseAfterDetachedTask()
 
     size_t extraMemoryCost = m_player->extraMemoryCost();
     if (extraMemoryCost > m_reportedExtraMemoryCost) {
-        JSC::VM& vm = JSDOMWindowBase::commonVM();
+        JSC::VM& vm = commonVM();
         JSC::JSLockHolder lock(vm);
 
         size_t extraMemoryCostDelta = extraMemoryCost - m_reportedExtraMemoryCost;
@@ -6496,7 +6497,7 @@ RefPtr<VideoPlaybackQuality> HTMLMediaElement::getVideoPlaybackQuality()
 DOMWrapperWorld& HTMLMediaElement::ensureIsolatedWorld()
 {
     if (!m_isolatedWorld)
-        m_isolatedWorld = DOMWrapperWorld::create(JSDOMWindow::commonVM());
+        m_isolatedWorld = DOMWrapperWorld::create(commonVM());
     return *m_isolatedWorld;
 }
 
index b96e3ce..a5667e8 100644 (file)
@@ -23,6 +23,7 @@
 
 #include "Chrome.h"
 #include "ChromeClient.h"
+#include "CommonVM.h"
 #include "ContentSecurityPolicy.h"
 #include "Event.h"
 #include "EventHandler.h"
@@ -365,7 +366,7 @@ void HTMLPlugInImageElement::updateSnapshot(PassRefPtr<Image> image)
 
 static DOMWrapperWorld& plugInImageElementIsolatedWorld()
 {
-    static DOMWrapperWorld& isolatedWorld = DOMWrapperWorld::create(JSDOMWindow::commonVM()).leakRef();
+    static DOMWrapperWorld& isolatedWorld = DOMWrapperWorld::create(commonVM()).leakRef();
     return isolatedWorld;
 }
 
index 7098b28..3a5d0bf 100644 (file)
@@ -33,6 +33,7 @@
 #include "InspectorController.h"
 
 #include "CommandLineAPIHost.h"
+#include "CommonVM.h"
 #include "DOMWrapperWorld.h"
 #include "GraphicsContext.h"
 #include "InspectorApplicationCacheAgent.h"
@@ -470,7 +471,7 @@ PageScriptDebugServer& InspectorController::scriptDebugServer()
 
 JSC::VM& InspectorController::vm()
 {
-    return JSDOMWindowBase::commonVM();
+    return commonVM();
 }
 
 void InspectorController::didComposite(Frame& frame)
index c77ad1d..3ac2870 100644 (file)
@@ -27,6 +27,7 @@
 #include "config.h"
 #include "PageScriptDebugServer.h"
 
+#include "CommonVM.h"
 #include "Document.h"
 #include "EventLoop.h"
 #include "FrameView.h"
@@ -54,7 +55,7 @@ using namespace Inspector;
 namespace WebCore {
 
 PageScriptDebugServer::PageScriptDebugServer(Page& page)
-    : ScriptDebugServer(WebCore::JSDOMWindowBase::commonVM())
+    : ScriptDebugServer(WebCore::commonVM())
     , m_page(page)
 {
 }
index c6b445e..a403c98 100644 (file)
@@ -26,6 +26,7 @@
 #include "config.h"
 #include "PerformanceLogging.h"
 
+#include "CommonVM.h"
 #include "DOMWindow.h"
 #include "Document.h"
 #include "FrameLoaderClient.h"
@@ -52,7 +53,7 @@ HashMap<const char*, size_t> PerformanceLogging::memoryUsageStatistics(ShouldInc
 {
     HashMap<const char*, size_t> stats;
 
-    auto& vm = JSDOMWindow::commonVM();
+    auto& vm = commonVM();
     stats.add("javascript_gc_heap_capacity", vm.heap.capacity());
     stats.add("javascript_gc_heap_extra_memory_size", vm.heap.extraMemorySize());
 
@@ -74,7 +75,7 @@ HashMap<const char*, size_t> PerformanceLogging::memoryUsageStatistics(ShouldInc
 
 HashCountedSet<const char*> PerformanceLogging::javaScriptObjectCounts()
 {
-    return WTFMove(*JSDOMWindow::commonVM().heap.objectTypeCounts());
+    return WTFMove(*commonVM().heap.objectTypeCounts());
 }
 
 PerformanceLogging::PerformanceLogging(MainFrame& mainFrame)
index f93e516..91200c3 100644 (file)
@@ -28,6 +28,7 @@
 
 #if ENABLE(RESOURCE_USAGE)
 
+#include "CommonVM.h"
 #include "JSDOMWindow.h"
 #include <thread>
 #include <wtf/MainThread.h>
@@ -98,7 +99,7 @@ void ResourceUsageThread::createThreadIfNeeded()
     if (m_threadIdentifier)
         return;
 
-    m_vm = &JSDOMWindow::commonVM();
+    m_vm = &commonVM();
     m_threadIdentifier = createThread(threadCallback, this, "WebCore: ResourceUsage");
 }
 
index 0fba881..366601e 100644 (file)
@@ -30,6 +30,7 @@
 
 #include <CoreText/CoreText.h>
 
+#include "CommonVM.h"
 #include "JSDOMWindow.h"
 #include "PlatformCALayer.h"
 #include "ResourceUsageThread.h"
@@ -204,7 +205,7 @@ static void appendDataToHistory(const ResourceUsageData& data)
 
     // FIXME: Find a way to add this to ResourceUsageData and calculate it on the resource usage sampler thread.
     {
-        JSC::VM* vm = &JSDOMWindow::commonVM();
+        JSC::VM* vm = &commonVM();
         JSC::JSLockHolder lock(vm);
         historicData.gcHeapSize.append(vm->heap.size() - vm->heap.extraMemorySize());
     }
index c3a4586..62a5dc4 100644 (file)
@@ -28,6 +28,7 @@
 #if PLATFORM(IOS)
 
 #import "AnimationController.h"
+#import "CommonVM.h"
 #import "DOMWindow.h"
 #import "Document.h"
 #import "DocumentMarkerController.h"
@@ -46,7 +47,6 @@
 #import "HTMLObjectElement.h"
 #import "HitTestRequest.h"
 #import "HitTestResult.h"
-#import "JSDOMWindowBase.h"
 #import "MainFrame.h"
 #import "NodeRenderStyle.h"
 #import "NodeTraversal.h"
@@ -544,7 +544,7 @@ void Frame::setTimersPaused(bool paused)
 {
     if (!m_page)
         return;
-    JSLockHolder lock(JSDOMWindowBase::commonVM());
+    JSLockHolder lock(commonVM());
     if (paused)
         m_page->suspendActiveDOMObjectsAndAnimations();
     else
index a92f613..6bb62d0 100644 (file)
@@ -28,8 +28,8 @@
 
 #if PLATFORM(IOS)
 
+#import "CommonVM.h"
 #import "FloatingPointEnvironment.h"
-#import "JSDOMWindowBase.h"
 #import "RuntimeApplicationChecks.h"
 #import "ThreadGlobalData.h"
 #import "WebCoreThreadInternal.h"
@@ -210,7 +210,7 @@ static void SendDelegateMessage(NSInvocation *invocation)
 
         {
             // Code block created to scope JSC::JSLock::DropAllLocks outside of WebThreadLock()
-            JSC::JSLock::DropAllLocks dropAllLocks(WebCore::JSDOMWindowBase::commonVM());
+            JSC::JSLock::DropAllLocks dropAllLocks(WebCore::commonVM());
             _WebThreadUnlock();
 
             CFRunLoopSourceSignal(delegateSource);
@@ -248,7 +248,7 @@ void WebThreadRunOnMainThread(void(^delegateBlock)())
         return;
     }
 
-    JSC::JSLock::DropAllLocks dropAllLocks(WebCore::JSDOMWindowBase::commonVM());
+    JSC::JSLock::DropAllLocks dropAllLocks(WebCore::commonVM());
     _WebThreadUnlock();
 
     void (^delegateBlockCopy)() = Block_copy(delegateBlock);
index ef93442..b341d6c 100644 (file)
@@ -29,6 +29,7 @@
 #include "SVGImage.h"
 
 #include "Chrome.h"
+#include "CommonVM.h"
 #include "DOMWindow.h"
 #include "DocumentLoader.h"
 #include "ElementIterator.h"
@@ -397,7 +398,7 @@ void SVGImage::reportApproximateMemoryCost() const
     for (Node* node = document; node; node = NodeTraversal::next(*node))
         decodedImageMemoryCost += node->approximateMemoryCost();
 
-    JSC::VM& vm = JSDOMWindowBase::commonVM();
+    JSC::VM& vm = commonVM();
     JSC::JSLockHolder lock(vm);
     // FIXME: Adopt reportExtraMemoryVisited, and switch to reportExtraMemoryAllocated.
     // https://bugs.webkit.org/show_bug.cgi?id=142595
index 0237727..06084a8 100644 (file)
@@ -30,6 +30,7 @@
 
 #pragma once
 
+#include "CommonVM.h"
 #include "JSDOMWindow.h"
 #include <wtf/RefCounted.h>
 
@@ -44,8 +45,8 @@ public:
 
 private:
     MemoryInfo()
-        : m_usedJSHeapSize(JSDOMWindow::commonVM().heap.size())
-        , m_totalJSHeapSize(JSDOMWindow::commonVM().heap.capacity())
+        : m_usedJSHeapSize(commonVM().heap.size())
+        , m_totalJSHeapSize(commonVM().heap.capacity())
     {
     }
 
index 31808b5..8d4e55b 100644 (file)
@@ -1,3 +1,47 @@
+2016-12-10  Filip Pizlo  <fpizlo@apple.com>
+
+        The DOM should have an advancing wavefront opaque root barrier
+        https://bugs.webkit.org/show_bug.cgi?id=165712
+
+        Reviewed by Yusuke Suzuki.
+        
+        Propagate the JSDOMWindowBase::commonVM() -> commonVM() change.
+
+        * Misc/WebCoreStatistics.mm:
+        (+[WebCoreStatistics javaScriptObjectsCount]):
+        (+[WebCoreStatistics javaScriptGlobalObjectsCount]):
+        (+[WebCoreStatistics javaScriptProtectedObjectsCount]):
+        (+[WebCoreStatistics javaScriptProtectedGlobalObjectsCount]):
+        (+[WebCoreStatistics javaScriptProtectedObjectTypeCounts]):
+        (+[WebCoreStatistics javaScriptObjectTypeCounts]):
+        (+[WebCoreStatistics shouldPrintExceptions]):
+        (+[WebCoreStatistics setShouldPrintExceptions:]):
+        (+[WebCoreStatistics memoryStatistics]):
+        (+[WebCoreStatistics javaScriptReferencedObjectsCount]):
+        * Plugins/Hosted/NetscapePluginHostProxy.mm:
+        (identifierFromIdentifierRep):
+        * Plugins/Hosted/ProxyInstance.mm:
+        (WebKit::ProxyInstance::getPropertyNames):
+        * Plugins/WebNetscapePluginStream.mm:
+        (WebNetscapePluginStream::wantsAllStreams):
+        * Plugins/WebNetscapePluginView.mm:
+        (-[WebNetscapePluginView sendEvent:isDrawRect:]):
+        (-[WebNetscapePluginView privateBrowsingModeDidChange]):
+        (-[WebNetscapePluginView setWindowIfNecessary]):
+        (-[WebNetscapePluginView createPluginScriptableObject]):
+        (-[WebNetscapePluginView getFormValue:]):
+        (-[WebNetscapePluginView evaluateJavaScriptPluginRequest:]):
+        (-[WebNetscapePluginView webFrame:didFinishLoadWithReason:]):
+        (-[WebNetscapePluginView loadPluginRequest:]):
+        (-[WebNetscapePluginView _printedPluginBitmap]):
+        * Plugins/WebPluginController.mm:
+        (-[WebPluginController plugInViewWithArguments:fromPluginPackage:]):
+        (-[WebPluginController stopOnePlugin:]):
+        (-[WebPluginController stopOnePluginForPageCache:]):
+        (-[WebPluginController destroyOnePlugin:]):
+        (-[WebPluginController startAllPlugins]):
+        (-[WebPluginController addPlugin:]):
+
 2016-12-09  Dave Hyatt  <hyatt@apple.com>
 
         [CSS Parser] Remove the old CSS Parser
index c0cafed..8b289d1 100644 (file)
@@ -33,6 +33,7 @@
 #import "WebFrameInternal.h"
 #import <JavaScriptCore/JSLock.h>
 #import <JavaScriptCore/MemoryStatistics.h>
+#import <WebCore/CommonVM.h>
 #import <WebCore/FontCache.h>
 #import <WebCore/Frame.h>
 #import <WebCore/GCController.h>
@@ -58,35 +59,35 @@ using namespace WebCore;
 
 + (size_t)javaScriptObjectsCount
 {
-    JSLockHolder lock(JSDOMWindow::commonVM());
-    return JSDOMWindow::commonVM().heap.objectCount();
+    JSLockHolder lock(commonVM());
+    return commonVM().heap.objectCount();
 }
 
 + (size_t)javaScriptGlobalObjectsCount
 {
-    JSLockHolder lock(JSDOMWindow::commonVM());
-    return JSDOMWindow::commonVM().heap.globalObjectCount();
+    JSLockHolder lock(commonVM());
+    return commonVM().heap.globalObjectCount();
 }
 
 + (size_t)javaScriptProtectedObjectsCount
 {
-    JSLockHolder lock(JSDOMWindow::commonVM());
-    return JSDOMWindow::commonVM().heap.protectedObjectCount();
+    JSLockHolder lock(commonVM());
+    return commonVM().heap.protectedObjectCount();
 }
 
 + (size_t)javaScriptProtectedGlobalObjectsCount
 {
-    JSLockHolder lock(JSDOMWindow::commonVM());
-    return JSDOMWindow::commonVM().heap.protectedGlobalObjectCount();
+    JSLockHolder lock(commonVM());
+    return commonVM().heap.protectedGlobalObjectCount();
 }
 
 + (NSCountedSet *)javaScriptProtectedObjectTypeCounts
 {
-    JSLockHolder lock(JSDOMWindow::commonVM());
+    JSLockHolder lock(commonVM());
     
     NSCountedSet *result = [NSCountedSet set];
 
-    std::unique_ptr<TypeCountSet> counts(JSDOMWindow::commonVM().heap.protectedObjectTypeCounts());
+    std::unique_ptr<TypeCountSet> counts(commonVM().heap.protectedObjectTypeCounts());
     HashCountedSet<const char*>::iterator end = counts->end();
     for (HashCountedSet<const char*>::iterator it = counts->begin(); it != end; ++it)
         for (unsigned i = 0; i < it->value; ++i)
@@ -97,11 +98,11 @@ using namespace WebCore;
 
 + (NSCountedSet *)javaScriptObjectTypeCounts
 {
-    JSLockHolder lock(JSDOMWindow::commonVM());
+    JSLockHolder lock(commonVM());
     
     NSCountedSet *result = [NSCountedSet set];
 
-    std::unique_ptr<TypeCountSet> counts(JSDOMWindow::commonVM().heap.objectTypeCounts());
+    std::unique_ptr<TypeCountSet> counts(commonVM().heap.objectTypeCounts());
     HashCountedSet<const char*>::iterator end = counts->end();
     for (HashCountedSet<const char*>::iterator it = counts->begin(); it != end; ++it)
         for (unsigned i = 0; i < it->value; ++i)
@@ -167,13 +168,13 @@ using namespace WebCore;
 
 + (BOOL)shouldPrintExceptions
 {
-    JSLockHolder lock(JSDOMWindow::commonVM());
+    JSLockHolder lock(commonVM());
     return PageConsoleClient::shouldPrintExceptions();
 }
 
 + (void)setShouldPrintExceptions:(BOOL)print
 {
-    JSLockHolder lock(JSDOMWindow::commonVM());
+    JSLockHolder lock(commonVM());
     PageConsoleClient::setShouldPrintExceptions(print);
 }
 
@@ -201,9 +202,9 @@ using namespace WebCore;
 {
     WTF::FastMallocStatistics fastMallocStatistics = WTF::fastMallocStatistics();
     
-    JSLockHolder lock(JSDOMWindow::commonVM());
-    size_t heapSize = JSDOMWindow::commonVM().heap.size();
-    size_t heapFree = JSDOMWindow::commonVM().heap.capacity() - heapSize;
+    JSLockHolder lock(commonVM());
+    size_t heapSize = commonVM().heap.size();
+    size_t heapFree = commonVM().heap.capacity() - heapSize;
     GlobalMemoryStatistics globalMemoryStats = globalMemoryStatistics();
     
     return [NSDictionary dictionaryWithObjectsAndKeys:
@@ -246,8 +247,8 @@ using namespace WebCore;
 
 + (size_t)javaScriptReferencedObjectsCount
 {
-    JSLockHolder lock(JSDOMWindow::commonVM());
-    return JSDOMWindow::commonVM().heap.protectedObjectCount();
+    JSLockHolder lock(commonVM());
+    return commonVM().heap.protectedObjectCount();
 }
 
 + (NSSet *)javaScriptRootObjectClasses
index 2a42c73..19b38ae 100644 (file)
@@ -37,6 +37,7 @@
 #import "WebHostedNetscapePluginView.h"
 #import "WebKitSystemInterface.h"
 #import <JavaScriptCore/IdentifierInlines.h>
+#import <WebCore/CommonVM.h>
 #import <WebCore/Frame.h>
 #import <WebCore/IdentifierRep.h>
 #import <WebCore/ScriptController.h>
@@ -627,7 +628,7 @@ static Identifier identifierFromIdentifierRep(IdentifierRep* identifier)
     ASSERT(identifier->isString());
   
     const char* str = identifier->string();    
-    return Identifier::fromString(&JSDOMWindow::commonVM(), String::fromUTF8WithLatin1Fallback(str, strlen(str)));
+    return Identifier::fromString(&commonVM(), String::fromUTF8WithLatin1Fallback(str, strlen(str)));
 }
 
 kern_return_t WKPCInvoke(mach_port_t clientPort, uint32_t pluginID, uint32_t requestID, uint32_t objectID, uint64_t serverIdentifier,
index 089cc4f..17a5452 100644 (file)
@@ -29,6 +29,7 @@
 
 #import "NetscapePluginHostProxy.h"
 #import "ProxyRuntimeObject.h"
+#import <WebCore/CommonVM.h>
 #import <WebCore/IdentifierRep.h>
 #import <WebCore/JSDOMWindow.h>
 #import <WebCore/npruntime_impl.h>
@@ -325,7 +326,7 @@ void ProxyInstance::getPropertyNames(ExecState* exec, PropertyNameArray& nameArr
 
         if (identifier->isString()) {
             const char* str = identifier->string();
-            nameArray.add(Identifier::fromString(&JSDOMWindow::commonVM(), String::fromUTF8WithLatin1Fallback(str, strlen(str))));
+            nameArray.add(Identifier::fromString(&commonVM(), String::fromUTF8WithLatin1Fallback(str, strlen(str))));
         } else
             nameArray.add(Identifier::from(exec, identifier->number()));
     }
index 05cc4d4..3832178 100644 (file)
@@ -40,6 +40,7 @@
 #import "WebResourceLoadScheduler.h"
 #import <Foundation/NSURLResponse.h>
 #import <WebCore/CFNetworkSPI.h>
+#import <WebCore/CommonVM.h>
 #import <WebCore/Document.h>
 #import <WebCore/DocumentLoader.h>
 #import <WebCore/Frame.h>
@@ -377,7 +378,7 @@ bool WebNetscapePluginStream::wantsAllStreams() const
     NPError error;
     {
         PluginStopDeferrer deferrer(m_pluginView.get());
-        JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
         error = m_pluginFuncs->getvalue(m_plugin, NPPVpluginWantsAllNetworkStreams, &value);
     }
     if (error != NPERR_NO_ERROR)
index d9e58e3..7dca5f5 100644 (file)
@@ -53,6 +53,7 @@
 #import "WebUIDelegatePrivate.h"
 #import "WebViewInternal.h"
 #import <Carbon/Carbon.h>
+#import <WebCore/CommonVM.h>
 #import <WebCore/CookieJar.h>
 #import <WebCore/DocumentLoader.h>
 #import <WebCore/Element.h>
@@ -665,7 +666,7 @@ static inline void getNPRect(const NSRect& nr, NPRect& npr)
     // Set the pluginAllowPopup flag.
     ASSERT(_eventHandler);
     {
-        JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
         UserGestureIndicator gestureIndicator(_eventHandler->currentEventIsUserGesture() ? std::optional<ProcessingUserGestureState>(ProcessingUserGesture) : std::nullopt);
         acceptedEvent = [_pluginPackage.get() pluginFuncs]->event(plugin, event);
     }
@@ -841,7 +842,7 @@ static inline void getNPRect(const NSRect& nr, NPRect& npr)
 
     [self willCallPlugInFunction];
     {
-        JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
         if ([_pluginPackage.get() pluginFuncs]->setvalue)
             [_pluginPackage.get() pluginFuncs]->setvalue(plugin, NPNVprivateModeBool, &value);
     }
@@ -982,7 +983,7 @@ static inline void getNPRect(const NSRect& nr, NPRect& npr)
         inSetWindow = YES;        
         [self willCallPlugInFunction];
         {
-            JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+            JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
             npErr = [_pluginPackage.get() pluginFuncs]->setwindow(plugin, &window);
         }
         [self didCallPlugInFunction];
@@ -1352,7 +1353,7 @@ static inline void getNPRect(const NSRect& nr, NPRect& npr)
     NPError error;
     [self willCallPlugInFunction];
     {
-        JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
         error = [_pluginPackage.get() pluginFuncs]->getvalue(plugin, NPPVpluginScriptableNPObject, &value);
     }
     [self didCallPlugInFunction];
@@ -1371,7 +1372,7 @@ static inline void getNPRect(const NSRect& nr, NPRect& npr)
     NPError error;
     [self willCallPlugInFunction];
     {
-        JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
         error = [_pluginPackage.get() pluginFuncs]->getvalue(plugin, NPPVformValue, &buffer);
     }
     [self didCallPlugInFunction];
@@ -1503,7 +1504,7 @@ static inline void getNPRect(const NSRect& nr, NPRect& npr)
         if ([JSPluginRequest sendNotification]) {
             [self willCallPlugInFunction];
             {
-                JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+                JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
                 [_pluginPackage.get() pluginFuncs]->urlnotify(plugin, [URL _web_URLCString], NPRES_DONE, [JSPluginRequest notifyData]);
             }
             [self didCallPlugInFunction];
@@ -1535,7 +1536,7 @@ static inline void getNPRect(const NSRect& nr, NPRect& npr)
         
     [self willCallPlugInFunction];
     {
-        JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
         [_pluginPackage.get() pluginFuncs]->urlnotify(plugin, [[[pluginRequest request] URL] _web_URLCString], reason, [pluginRequest notifyData]);
     }
     [self didCallPlugInFunction];
@@ -1579,7 +1580,7 @@ static inline void getNPRect(const NSRect& nr, NPRect& npr)
                 if ([pluginRequest sendNotification]) {
                     [self willCallPlugInFunction];
                     {
-                        JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+                        JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
                         [_pluginPackage.get() pluginFuncs]->urlnotify(plugin, [[[pluginRequest request] URL] _web_URLCString], NPERR_GENERIC_ERROR, [pluginRequest notifyData]);
                     }
                     [self didCallPlugInFunction];
@@ -2369,7 +2370,7 @@ static inline void getNPRect(const NSRect& nr, NPRect& npr)
     // Tell the plugin to print into the GWorld
     [self willCallPlugInFunction];
     {
-        JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
         [_pluginPackage.get() pluginFuncs]->print(plugin, &npPrint);
     }
     [self didCallPlugInFunction];
index 8406c15..6c3b96f 100644 (file)
@@ -48,6 +48,7 @@
 #import "WebUIDelegate.h"
 #import "WebViewInternal.h"
 #import <Foundation/NSURLRequest.h>
+#import <WebCore/CommonVM.h>
 #import <WebCore/DocumentLoader.h>
 #import <WebCore/Frame.h>
 #import <WebCore/FrameLoadRequest.h>
@@ -132,16 +133,16 @@ static void initializeAudioSession()
 #if PLATFORM(IOS)
     {
         WebView *webView = [_documentView _webView];
-        JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
         view = [[webView _UIKitDelegateForwarder] webView:webView plugInViewWithArguments:arguments fromPlugInPackage:pluginPackage];
     }
 #else
     Class viewFactory = [pluginPackage viewFactory];
     if ([viewFactory respondsToSelector:@selector(plugInViewWithArguments:)]) {
-        JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
         view = [viewFactory plugInViewWithArguments:arguments];
     } else if ([viewFactory respondsToSelector:@selector(pluginViewWithArguments:)]) {
-        JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
         view = [viewFactory pluginViewWithArguments:arguments];
     }
 #endif
@@ -224,10 +225,10 @@ static void initializeAudioSession()
 - (void)stopOnePlugin:(NSView *)view
 {
     if ([view respondsToSelector:@selector(webPlugInStop)]) {
-        JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
         [view webPlugInStop];
     } else if ([view respondsToSelector:@selector(pluginStop)]) {
-        JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
         [view pluginStop];
     }
 }
@@ -236,7 +237,7 @@ static void initializeAudioSession()
 - (void)stopOnePluginForPageCache:(NSView *)view
 {
     if ([view respondsToSelector:@selector(webPlugInStopForPageCache)]) {
-        JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
         [view webPlugInStopForPageCache];
     } else
         [self stopOnePlugin:view];
@@ -246,10 +247,10 @@ static void initializeAudioSession()
 - (void)destroyOnePlugin:(NSView *)view
 {
     if ([view respondsToSelector:@selector(webPlugInDestroy)]) {
-        JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
         [view webPlugInDestroy];
     } else if ([view respondsToSelector:@selector(pluginDestroy)]) {
-        JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
         [view pluginDestroy];
     }
 }
@@ -266,10 +267,10 @@ static void initializeAudioSession()
     for (int i = 0; i < count; i++) {
         id aView = [_views objectAtIndex:i];
         if ([aView respondsToSelector:@selector(webPlugInStart)]) {
-            JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+            JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
             [aView webPlugInStart];
         } else if ([aView respondsToSelector:@selector(pluginStart)]) {
-            JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+            JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
             [aView pluginStart];
         }
     }
@@ -345,10 +346,10 @@ static void initializeAudioSession()
 
         LOG(Plugins, "initializing plug-in %@", view);
         if ([view respondsToSelector:@selector(webPlugInInitialize)]) {
-            JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+            JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
             [view webPlugInInitialize];
         } else if ([view respondsToSelector:@selector(pluginInitialize)]) {
-            JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+            JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
             [view pluginInitialize];
         }
 
@@ -360,15 +361,15 @@ static void initializeAudioSession()
         if (_started) {
             LOG(Plugins, "starting plug-in %@", view);
             if ([view respondsToSelector:@selector(webPlugInStart)]) {
-                JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+                JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
                 [view webPlugInStart];
             } else if ([view respondsToSelector:@selector(pluginStart)]) {
-                JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+                JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
                 [view pluginStart];
             }
             
             if ([view respondsToSelector:@selector(setContainingWindow:)]) {
-                JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+                JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
                 [view setContainingWindow:[_documentView window]];
             }
         }
index 9149fb9..130f4a5 100644 (file)
@@ -1,3 +1,36 @@
+2016-12-10  Filip Pizlo  <fpizlo@apple.com>
+
+        The DOM should have an advancing wavefront opaque root barrier
+        https://bugs.webkit.org/show_bug.cgi?id=165712
+
+        Reviewed by Yusuke Suzuki.
+        
+        Propagate the JSDOMWindowBase::commonVM() -> commonVM() change.
+
+        * Plugins/PluginView.cpp:
+        (WebCore::PluginView::start):
+        (WebCore::PluginView::stop):
+        (WebCore::PluginView::performRequest):
+        (WebCore::PluginView::npObject):
+        (WebCore::PluginView::privateBrowsingStateChanged):
+        * Plugins/PluginViewWin.cpp:
+        (WebCore::PluginView::dispatchNPEvent):
+        (WebCore::PluginView::handleKeyboardEvent):
+        (WebCore::PluginView::handleMouseEvent):
+        (WebCore::PluginView::setNPWindowRect):
+        * WebCoreStatistics.cpp:
+        (WebCoreStatistics::javaScriptObjectsCount):
+        (WebCoreStatistics::javaScriptGlobalObjectsCount):
+        (WebCoreStatistics::javaScriptProtectedObjectsCount):
+        (WebCoreStatistics::javaScriptProtectedGlobalObjectsCount):
+        (WebCoreStatistics::javaScriptProtectedObjectTypeCounts):
+        (WebCoreStatistics::javaScriptObjectTypeCounts):
+        (WebCoreStatistics::shouldPrintExceptions):
+        (WebCoreStatistics::setShouldPrintExceptions):
+        (WebCoreStatistics::memoryStatistics):
+        * WebJavaScriptCollector.cpp:
+        (WebJavaScriptCollector::objectCount):
+
 2016-12-09  Geoffrey Garen  <ggaren@apple.com>
 
         TextPosition and OrdinalNumber should be more like idiomatic numbers
index 207a961..583d191 100644 (file)
@@ -33,6 +33,7 @@
 #include "PluginPackage.h"
 #include <WebCore/BridgeJSC.h>
 #include <WebCore/Chrome.h>
+#include <WebCore/CommonVM.h>
 #include <WebCore/CookieJar.h>
 #include <WebCore/Document.h>
 #include <WebCore/DocumentLoader.h>
@@ -236,7 +237,7 @@ bool PluginView::start()
     NPError npErr;
     {
         PluginView::setCurrentPluginView(this);
-        JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
         setCallingPlugin(true);
         npErr = m_plugin->pluginFuncs()->newp((NPMIMEType)m_mimeType.utf8().data(), m_instance, m_mode, m_paramCount, m_paramNames, m_paramValues, NULL);
         setCallingPlugin(false);
@@ -325,7 +326,7 @@ void PluginView::stop()
 
     m_isStarted = false;
 
-    JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+    JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
 
 #if ENABLE(NETSCAPE_PLUGIN_API)
     // Unsubclass the window
@@ -428,7 +429,7 @@ void PluginView::performRequest(PluginRequest* request)
             // FIXME: <rdar://problem/4807469> This should be sent when the document has finished loading
             if (request->sendNotification()) {
                 PluginView::setCurrentPluginView(this);
-                JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+                JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
                 setCallingPlugin(true);
                 m_plugin->pluginFuncs()->urlnotify(m_instance, requestURL.string().utf8().data(), NPRES_DONE, request->notifyData());
                 setCallingPlugin(false);
@@ -665,7 +666,7 @@ NPObject* PluginView::npObject()
     NPError npErr;
     {
         PluginView::setCurrentPluginView(this);
-        JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
         setCallingPlugin(true);
         npErr = m_plugin->pluginFuncs()->getvalue(m_instance, NPPVpluginScriptableNPObject, &object);
         setCallingPlugin(false);
@@ -1382,7 +1383,7 @@ void PluginView::privateBrowsingStateChanged(bool privateBrowsingEnabled)
         return;
 
     PluginView::setCurrentPluginView(this);
-    JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+    JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
     setCallingPlugin(true);
     NPBool value = privateBrowsingEnabled;
     setValue(m_instance, NPNVprivateModeBool, &value);
index 2fca9f3..73c4abc 100644 (file)
@@ -33,6 +33,7 @@
 #include <WebCore/BridgeJSC.h>
 #include <WebCore/Chrome.h>
 #include <WebCore/ChromeClient.h>
+#include <WebCore/CommonVM.h>
 #include <WebCore/Document.h>
 #include <WebCore/DocumentLoader.h>
 #include <WebCore/Element.h>
@@ -452,7 +453,7 @@ bool PluginView::dispatchNPEvent(NPEvent& npEvent)
         shouldPop = true;
     }
 
-    JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+    JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
     setCallingPlugin(true);
     bool accepted = !m_plugin->pluginFuncs()->event(m_instance, &npEvent);
     setCallingPlugin(false);
@@ -595,7 +596,7 @@ void PluginView::handleKeyboardEvent(KeyboardEvent* event)
     } else
         return;
 
-    JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+    JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
     if (dispatchNPEvent(npEvent))
         event->setDefaultHandled();
 }
@@ -662,7 +663,7 @@ void PluginView::handleMouseEvent(MouseEvent* event)
     } else
         return;
 
-    JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+    JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
     // FIXME: Consider back porting the http://webkit.org/b/58108 fix here.
     if (dispatchNPEvent(npEvent))
         event->setDefaultHandled();
@@ -733,7 +734,7 @@ void PluginView::setNPWindowRect(const IntRect& rect)
     m_npWindow.clipRect.top = 0;
 
     if (m_plugin->pluginFuncs()->setwindow) {
-        JSC::JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSC::JSLock::DropAllLocks dropAllLocks(commonVM());
         setCallingPlugin(true);
         m_plugin->pluginFuncs()->setwindow(m_instance, &m_npWindow);
         setCallingPlugin(false);
index 94ae3d8..edb46b2 100644 (file)
@@ -29,6 +29,7 @@
 #include "COMPropertyBag.h"
 #include <JavaScriptCore/JSLock.h>
 #include <JavaScriptCore/MemoryStatistics.h>
+#include <WebCore/CommonVM.h>
 #include <WebCore/DOMWindow.h>
 #include <WebCore/FontCache.h>
 #include <WebCore/GCController.h>
@@ -103,8 +104,8 @@ HRESULT WebCoreStatistics::javaScriptObjectsCount(_Out_ UINT* count)
     if (!count)
         return E_POINTER;
 
-    JSLockHolder lock(JSDOMWindow::commonVM());
-    *count = (UINT)JSDOMWindow::commonVM().heap.objectCount();
+    JSLockHolder lock(commonVM());
+    *count = (UINT)commonVM().heap.objectCount();
     return S_OK;
 }
 
@@ -113,8 +114,8 @@ HRESULT WebCoreStatistics::javaScriptGlobalObjectsCount(_Out_ UINT* count)
     if (!count)
         return E_POINTER;
 
-    JSLockHolder lock(JSDOMWindow::commonVM());
-    *count = (UINT)JSDOMWindow::commonVM().heap.globalObjectCount();
+    JSLockHolder lock(commonVM());
+    *count = (UINT)commonVM().heap.globalObjectCount();
     return S_OK;
 }
 
@@ -123,8 +124,8 @@ HRESULT WebCoreStatistics::javaScriptProtectedObjectsCount(_Out_ UINT* count)
     if (!count)
         return E_POINTER;
 
-    JSLockHolder lock(JSDOMWindow::commonVM());
-    *count = (UINT)JSDOMWindow::commonVM().heap.protectedObjectCount();
+    JSLockHolder lock(commonVM());
+    *count = (UINT)commonVM().heap.protectedObjectCount();
     return S_OK;
 }
 
@@ -133,8 +134,8 @@ HRESULT WebCoreStatistics::javaScriptProtectedGlobalObjectsCount(_Out_ UINT* cou
     if (!count)
         return E_POINTER;
 
-    JSLockHolder lock(JSDOMWindow::commonVM());
-    *count = (UINT)JSDOMWindow::commonVM().heap.protectedGlobalObjectCount();
+    JSLockHolder lock(commonVM());
+    *count = (UINT)commonVM().heap.protectedGlobalObjectCount();
     return S_OK;
 }
 
@@ -143,8 +144,8 @@ HRESULT WebCoreStatistics::javaScriptProtectedObjectTypeCounts(_COM_Outptr_opt_
     if (!typeNamesAndCounts)
         return E_POINTER;
 
-    JSLockHolder lock(JSDOMWindow::commonVM());
-    std::unique_ptr<TypeCountSet> jsObjectTypeNames(JSDOMWindow::commonVM().heap.protectedObjectTypeCounts());
+    JSLockHolder lock(commonVM());
+    std::unique_ptr<TypeCountSet> jsObjectTypeNames(commonVM().heap.protectedObjectTypeCounts());
     typedef TypeCountSet::const_iterator Iterator;
     Iterator end = jsObjectTypeNames->end();
     HashMap<String, int> typeCountMap;
@@ -161,8 +162,8 @@ HRESULT WebCoreStatistics::javaScriptObjectTypeCounts(_COM_Outptr_opt_ IProperty
     if (!typeNamesAndCounts)
         return E_POINTER;
 
-    JSLockHolder lock(JSDOMWindow::commonVM());
-    std::unique_ptr<TypeCountSet> jsObjectTypeNames(JSDOMWindow::commonVM().heap.objectTypeCounts());
+    JSLockHolder lock(commonVM());
+    std::unique_ptr<TypeCountSet> jsObjectTypeNames(commonVM().heap.objectTypeCounts());
     typedef TypeCountSet::const_iterator Iterator;
     Iterator end = jsObjectTypeNames->end();
     HashMap<String, int> typeCountMap;
@@ -259,14 +260,14 @@ HRESULT WebCoreStatistics::shouldPrintExceptions(_Out_ BOOL* shouldPrint)
     if (!shouldPrint)
         return E_POINTER;
 
-    JSLockHolder lock(JSDOMWindow::commonVM());
+    JSLockHolder lock(commonVM());
     *shouldPrint = PageConsoleClient::shouldPrintExceptions();
     return S_OK;
 }
 
 HRESULT WebCoreStatistics::setShouldPrintExceptions(BOOL print)
 {
-    JSLockHolder lock(JSDOMWindow::commonVM());
+    JSLockHolder lock(commonVM());
     PageConsoleClient::setShouldPrintExceptions(print);
     return S_OK;
 }
@@ -290,9 +291,9 @@ HRESULT WebCoreStatistics::memoryStatistics(_COM_Outptr_opt_ IPropertyBag** stat
 
     WTF::FastMallocStatistics fastMallocStatistics = WTF::fastMallocStatistics();
 
-    JSLockHolder lock(JSDOMWindow::commonVM());
-    unsigned long long heapSize = JSDOMWindow::commonVM().heap.size();
-    unsigned long long heapFree = JSDOMWindow::commonVM().heap.capacity() - heapSize;
+    JSLockHolder lock(commonVM());
+    unsigned long long heapSize = commonVM().heap.size();
+    unsigned long long heapFree = commonVM().heap.capacity() - heapSize;
     GlobalMemoryStatistics globalMemoryStats = globalMemoryStatistics();
 
     HashMap<String, unsigned long long, ASCIICaseInsensitiveHash> fields;
index 4800dff..414c69c 100644 (file)
@@ -28,6 +28,7 @@
 
 #include <JavaScriptCore/Heap.h>
 #include <JavaScriptCore/VM.h>
+#include <WebCore/CommonVM.h>
 #include <WebCore/DOMWindow.h>
 #include <WebCore/GCController.h>
 #include <WebCore/JSDOMWindow.h>
@@ -110,7 +111,7 @@ HRESULT WebJavaScriptCollector::objectCount(_Out_ UINT* count)
         return E_POINTER;
     }
 
-    JSLockHolder lock(JSDOMWindow::commonVM());
-    *count = (UINT)JSDOMWindow::commonVM().heap.objectCount();
+    JSLockHolder lock(commonVM());
+    *count = (UINT)commonVM().heap.objectCount();
     return S_OK;
 }
index 80d7611..346d913 100644 (file)
@@ -1,3 +1,33 @@
+2016-12-10  Filip Pizlo  <fpizlo@apple.com>
+
+        The DOM should have an advancing wavefront opaque root barrier
+        https://bugs.webkit.org/show_bug.cgi?id=165712
+
+        Reviewed by Yusuke Suzuki.
+        
+        Propagate the JSDOMWindowBase::commonVM() -> commonVM() change.
+
+        * Shared/linux/WebMemorySamplerLinux.cpp:
+        (WebKit::WebMemorySampler::sampleWebKit):
+        * Shared/mac/WebMemorySampler.mac.mm:
+        (WebKit::WebMemorySampler::sampleWebKit):
+        * WebProcess/InjectedBundle/InjectedBundle.cpp:
+        (WebKit::InjectedBundle::javaScriptObjectsCount):
+        * WebProcess/Plugins/Netscape/JSNPObject.cpp:
+        (WebKit::JSNPObject::callMethod):
+        (WebKit::JSNPObject::callObject):
+        (WebKit::JSNPObject::callConstructor):
+        (WebKit::JSNPObject::put):
+        (WebKit::JSNPObject::deleteProperty):
+        (WebKit::JSNPObject::getOwnPropertyNames):
+        (WebKit::JSNPObject::propertyGetter):
+        * WebProcess/WebPage/WebPage.cpp:
+        (WebKit::WebPage::runJavaScriptInMainFrame):
+        (WebKit::WebPage::getBytecodeProfile):
+        (WebKit::WebPage::getSamplingProfilerOutput):
+        * WebProcess/WebProcess.cpp:
+        (WebKit::WebProcess::getWebCoreStatistics):
+
 2016-12-11  Konstantin Tokarev  <annulen@yandex.ru>
 
         Unreviewed build fix for EFL after r209665
index e437f47..40c5e39 100644 (file)
@@ -29,6 +29,7 @@
 #if ENABLE(MEMORY_SAMPLER)
 
 #include <JavaScriptCore/MemoryStatistics.h>
+#include <WebCore/CommonVM.h>
 #include <WebCore/CurrentProcessMemoryStatus.h>
 #include <WebCore/JSDOMWindow.h>
 #include <WebCore/NotImplemented.h>
@@ -122,8 +123,8 @@ WebMemoryStatistics WebMemorySampler::sampleWebKit() const
     appendKeyValuePair(webKitMemoryStats, ASCIILiteral("Fast Malloc In Use"), fastMallocBytesInUse);
     appendKeyValuePair(webKitMemoryStats, ASCIILiteral("Fast Malloc Committed Memory"), fastMallocBytesCommitted);
 
-    size_t jscHeapBytesInUse = JSDOMWindow::commonVM().heap.size();
-    size_t jscHeapBytesCommitted = JSDOMWindow::commonVM().heap.capacity();
+    size_t jscHeapBytesInUse = commonVM().heap.size();
+    size_t jscHeapBytesCommitted = commonVM().heap.capacity();
     totalBytesInUse += jscHeapBytesInUse;
     totalBytesCommitted += jscHeapBytesCommitted;
 
index 15287f2..ec5508b 100644 (file)
 #if ENABLE(MEMORY_SAMPLER)  
 
 #import <JavaScriptCore/MemoryStatistics.h>
+#import <JavaScriptCore/VM.h>
 #import <mach/mach.h>
 #import <mach/task.h>
 #import <mach/mach_types.h>
 #import <malloc/malloc.h>
 #import <notify.h>
 #import <runtime/JSLock.h>
-#import <WebCore/JSDOMWindow.h>
+#import <WebCore/CommonVM.h>
 #import <wtf/CurrentTime.h>
 
 using namespace WebCore;
@@ -116,9 +117,9 @@ WebMemoryStatistics WebMemorySampler::sampleWebKit() const
     totalBytesInUse += fastMallocBytesInUse;
     totalBytesCommitted += fastMallocBytesCommitted;
     
-    JSLockHolder lock(JSDOMWindow::commonVM());
-    size_t jscHeapBytesInUse = JSDOMWindow::commonVM().heap.size();
-    size_t jscHeapBytesCommitted = JSDOMWindow::commonVM().heap.capacity();
+    JSLockHolder lock(commonVM());
+    size_t jscHeapBytesInUse = commonVM().heap.size();
+    size_t jscHeapBytesCommitted = commonVM().heap.capacity();
     totalBytesInUse += jscHeapBytesInUse;
     totalBytesCommitted += jscHeapBytesCommitted;
     
index 46441c2..6775e82 100644 (file)
@@ -53,6 +53,7 @@
 #include <JavaScriptCore/JSLock.h>
 #include <WebCore/ApplicationCache.h>
 #include <WebCore/ApplicationCacheStorage.h>
+#include <WebCore/CommonVM.h>
 #include <WebCore/FrameLoader.h>
 #include <WebCore/FrameView.h>
 #include <WebCore/GCController.h>
@@ -493,8 +494,8 @@ void InjectedBundle::garbageCollectJavaScriptObjectsOnAlternateThreadForDebuggin
 
 size_t InjectedBundle::javaScriptObjectsCount()
 {
-    JSLockHolder lock(JSDOMWindow::commonVM());
-    return JSDOMWindow::commonVM().heap.objectCount();
+    JSLockHolder lock(commonVM());
+    return commonVM().heap.objectCount();
 }
 
 void InjectedBundle::reportException(JSContextRef context, JSValueRef exception)
index 39bd3c7..6bf3b8b 100644 (file)
@@ -38,6 +38,7 @@
 #include <JavaScriptCore/JSGlobalObject.h>
 #include <JavaScriptCore/JSLock.h>
 #include <JavaScriptCore/ObjectPrototype.h>
+#include <WebCore/CommonVM.h>
 #include <WebCore/IdentifierRep.h>
 #include <WebCore/JSDOMWindowBase.h>
 #include <wtf/Assertions.h>
@@ -136,7 +137,7 @@ JSValue JSNPObject::callMethod(ExecState* exec, NPIdentifier methodName)
     VOID_TO_NPVARIANT(result);
     
     {
-        JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSLock::DropAllLocks dropAllLocks(commonVM());
         returnValue = m_npObject->_class->invoke(m_npObject, methodName, arguments.data(), argumentCount, &result);
         NPRuntimeObjectMap::moveGlobalExceptionToExecState(exec);
     }
@@ -179,7 +180,7 @@ JSC::JSValue JSNPObject::callObject(JSC::ExecState* exec)
     VOID_TO_NPVARIANT(result);
 
     {
-        JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSLock::DropAllLocks dropAllLocks(commonVM());
         returnValue = m_npObject->_class->invokeDefault(m_npObject, arguments.data(), argumentCount, &result);
         NPRuntimeObjectMap::moveGlobalExceptionToExecState(exec);
     }
@@ -222,7 +223,7 @@ JSValue JSNPObject::callConstructor(ExecState* exec)
     VOID_TO_NPVARIANT(result);
     
     {
-        JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSLock::DropAllLocks dropAllLocks(commonVM());
         returnValue = m_npObject->_class->construct(m_npObject, arguments.data(), argumentCount, &result);
         NPRuntimeObjectMap::moveGlobalExceptionToExecState(exec);
     }
@@ -345,7 +346,7 @@ bool JSNPObject::put(JSCell* cell, ExecState* exec, PropertyName propertyName, J
 
     bool result = false;
     {
-        JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSLock::DropAllLocks dropAllLocks(commonVM());
         result = thisObject->m_npObject->_class->setProperty(thisObject->m_npObject, npIdentifier, &variant);
 
         NPRuntimeObjectMap::moveGlobalExceptionToExecState(exec);
@@ -394,7 +395,7 @@ bool JSNPObject::deleteProperty(ExecState* exec, NPIdentifier propertyName)
     NPRuntimeObjectMap::PluginProtector protector(m_objectMap);
 
     {
-        JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSLock::DropAllLocks dropAllLocks(commonVM());
 
         // FIXME: Should we throw an exception if removeProperty returns false?
         if (!m_npObject->_class->removeProperty(m_npObject, propertyName))
@@ -430,7 +431,7 @@ void JSNPObject::getOwnPropertyNames(JSObject* object, ExecState* exec, Property
     NPRuntimeObjectMap::PluginProtector protector(thisObject->m_objectMap);
     
     {
-        JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSLock::DropAllLocks dropAllLocks(commonVM());
 
         // FIXME: Should we throw an exception if enumerate returns false?
         if (!thisObject->m_npObject->_class->enumerate(thisObject->m_npObject, &identifiers, &identifierCount))
@@ -481,7 +482,7 @@ EncodedJSValue JSNPObject::propertyGetter(ExecState* exec, EncodedJSValue thisVa
     
     bool returnValue;
     {
-        JSLock::DropAllLocks dropAllLocks(JSDOMWindowBase::commonVM());
+        JSLock::DropAllLocks dropAllLocks(commonVM());
         NPIdentifier npIdentifier = npIdentifierFromIdentifier(propertyName);
         // If the propertyName is symbol.
         if (!npIdentifier)
index 6717596..02774d0 100644 (file)
 #include <WebCore/ApplicationCacheStorage.h>
 #include <WebCore/ArchiveResource.h>
 #include <WebCore/Chrome.h>
+#include <WebCore/CommonVM.h>
 #include <WebCore/ContextMenuController.h>
 #include <WebCore/DataTransfer.h>
 #include <WebCore/DatabaseManager.h>
@@ -2711,7 +2712,7 @@ void WebPage::runJavaScriptInMainFrame(const String& script, uint64_t callbackID
     // disappear during script execution.
 
     RefPtr<SerializedScriptValue> serializedResultValue;
-    JSLockHolder lock(JSDOMWindow::commonVM());
+    JSLockHolder lock(commonVM());
     bool hadException = true;
     ExceptionDetails details;
     if (JSValue resultValue = m_mainFrame->coreFrame()->script().executeScript(script, true, &details)) {
@@ -5462,12 +5463,12 @@ void WebPage::updateCachedDocumentLoader(WebDocumentLoader& documentLoader, Fram
 
 void WebPage::getBytecodeProfile(uint64_t callbackID)
 {
-    if (!JSDOMWindow::commonVM().m_perBytecodeProfiler) {
+    if (!commonVM().m_perBytecodeProfiler) {
         send(Messages::WebPageProxy::StringCallback(String(), callbackID));
         return;
     }
 
-    String result = JSDOMWindow::commonVM().m_perBytecodeProfiler->toJSON();
+    String result = commonVM().m_perBytecodeProfiler->toJSON();
     ASSERT(result.length());
     send(Messages::WebPageProxy::StringCallback(result, callbackID));
 }
@@ -5475,7 +5476,7 @@ void WebPage::getBytecodeProfile(uint64_t callbackID)
 void WebPage::getSamplingProfilerOutput(uint64_t callbackID)
 {
 #if ENABLE(SAMPLING_PROFILER)
-    SamplingProfiler* samplingProfiler = JSDOMWindow::commonVM().samplingProfiler();
+    SamplingProfiler* samplingProfiler = commonVM().samplingProfiler();
     if (!samplingProfiler) {
         send(Messages::WebPageProxy::InvalidateStringCallback(callbackID));
         return;
index dd00a18..c32b4dc 100644 (file)
@@ -70,6 +70,7 @@
 #include <WebCore/AXObjectCache.h>
 #include <WebCore/ApplicationCacheStorage.h>
 #include <WebCore/AuthenticationChallenge.h>
+#include <WebCore/CommonVM.h>
 #include <WebCore/CrossOriginPreflightResultCache.h>
 #include <WebCore/DNS.h>
 #include <WebCore/DatabaseManager.h>
@@ -972,21 +973,21 @@ void WebProcess::getWebCoreStatistics(uint64_t callbackID)
     
     // Gather JavaScript statistics.
     {
-        JSLockHolder lock(JSDOMWindow::commonVM());
-        data.statisticsNumbers.set(ASCIILiteral("JavaScriptObjectsCount"), JSDOMWindow::commonVM().heap.objectCount());
-        data.statisticsNumbers.set(ASCIILiteral("JavaScriptGlobalObjectsCount"), JSDOMWindow::commonVM().heap.globalObjectCount());
-        data.statisticsNumbers.set(ASCIILiteral("JavaScriptProtectedObjectsCount"), JSDOMWindow::commonVM().heap.protectedObjectCount());
-        data.statisticsNumbers.set(ASCIILiteral("JavaScriptProtectedGlobalObjectsCount"), JSDOMWindow::commonVM().heap.protectedGlobalObjectCount());
+        JSLockHolder lock(commonVM());
+        data.statisticsNumbers.set(ASCIILiteral("JavaScriptObjectsCount"), commonVM().heap.objectCount());
+        data.statisticsNumbers.set(ASCIILiteral("JavaScriptGlobalObjectsCount"), commonVM().heap.globalObjectCount());
+        data.statisticsNumbers.set(ASCIILiteral("JavaScriptProtectedObjectsCount"), commonVM().heap.protectedObjectCount());
+        data.statisticsNumbers.set(ASCIILiteral("JavaScriptProtectedGlobalObjectsCount"), commonVM().heap.protectedGlobalObjectCount());
         
-        std::unique_ptr<TypeCountSet> protectedObjectTypeCounts(JSDOMWindow::commonVM().heap.protectedObjectTypeCounts());
+        std::unique_ptr<TypeCountSet> protectedObjectTypeCounts(commonVM().heap.protectedObjectTypeCounts());
         fromCountedSetToHashMap(protectedObjectTypeCounts.get(), data.javaScriptProtectedObjectTypeCounts);
         
-        std::unique_ptr<TypeCountSet> objectTypeCounts(JSDOMWindow::commonVM().heap.objectTypeCounts());
+        std::unique_ptr<TypeCountSet> objectTypeCounts(commonVM().heap.objectTypeCounts());
         fromCountedSetToHashMap(objectTypeCounts.get(), data.javaScriptObjectTypeCounts);
         
-        uint64_t javaScriptHeapSize = JSDOMWindow::commonVM().heap.size();
+        uint64_t javaScriptHeapSize = commonVM().heap.size();
         data.statisticsNumbers.set(ASCIILiteral("JavaScriptHeapSize"), javaScriptHeapSize);
-        data.statisticsNumbers.set(ASCIILiteral("JavaScriptFreeSize"), JSDOMWindow::commonVM().heap.capacity() - javaScriptHeapSize);
+        data.statisticsNumbers.set(ASCIILiteral("JavaScriptFreeSize"), commonVM().heap.capacity() - javaScriptHeapSize);
     }
 
     WTF::FastMallocStatistics fastMallocStatistics = WTF::fastMallocStatistics();