[JSC] Lock-down JSGlobalObject and derived classes in IsoSubspace
authorysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 12 Dec 2019 21:33:55 +0000 (21:33 +0000)
committerysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 12 Dec 2019 21:33:55 +0000 (21:33 +0000)
https://bugs.webkit.org/show_bug.cgi?id=205108

Reviewed by Mark Lam.

Source/JavaScriptCore:

This patch puts JSGlobalLexicalEnvironment and JSGlobalObject (and its derived classes including JSDOMWindow etc.) in IsoSubspace.
We were using `addFinalizer` feature to call destructors for these objects since they do not inherit JSDestructibleObject. But now
each derived classes has its IsoSubspace. So we do not need to use finalizer feature: just setting specialized HeapCellType works.

* API/JSAPIGlobalObject.h:
* API/JSCallbackObject.cpp:
* API/glib/JSAPIWrapperGlobalObject.cpp:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/SuperSampler.h:
* heap/CellAttributes.h:
* heap/FreeList.h:
* heap/IsoHeapCellType.cpp:
(JSC::IsoHeapCellType::IsoHeapCellType):
* heap/IsoHeapCellType.h:
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::Handle::setIsFreeListed): Deleted.
* heap/MarkedBlockInlines.h:
(JSC::MarkedBlock::Handle::setIsFreeListed):
* jsc.cpp:
(GlobalObject::create): Deleted.
(GlobalObject::createStructure): Deleted.
(GlobalObject::javaScriptRuntimeFlags): Deleted.
(GlobalObject::finishCreation): Deleted.
(GlobalObject::addFunction): Deleted.
* runtime/JSGlobalLexicalEnvironment.h:
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::subspaceFor):
* runtime/JSSegmentedVariableObject.cpp:
(JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
(JSC::JSSegmentedVariableObject::finishCreation):
(JSC::JSSegmentedVariableObject::destroy): Deleted.
* runtime/JSSegmentedVariableObject.h:
(JSC::JSSegmentedVariableObject::subspaceFor):
(JSC::JSSegmentedVariableObject::classInfo const): Deleted.
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:
* testRegExp.cpp:
(GlobalObject::create): Deleted.
(GlobalObject::createStructure): Deleted.
(GlobalObject::finishCreation): Deleted.

Source/WebCore:

We put derived classes of JSGlobalObject in IsoSubspace in WebCore side too.

* bindings/js/JSDOMGlobalObject.h:
* bindings/js/JSDOMWindowBase.h:
* bindings/js/JSDOMWrapper.cpp:
(WebCore::globalObjectOutputConstraintSubspaceFor): Deleted.
* bindings/js/JSDOMWrapper.h:
* bindings/js/JSRemoteDOMWindowBase.h:
* bindings/js/JSWindowProxy.h:
* bindings/js/JSWorkerGlobalScopeBase.h:
(WebCore::JSWorkerGlobalScopeBase::subspaceFor):
* bindings/js/JSWorkletGlobalScopeBase.h:
(WebCore::JSWorkletGlobalScopeBase::subspaceFor):
* bindings/js/WebCoreJSClientData.cpp:
(WebCore::JSVMClientData::JSVMClientData):
* bindings/js/WebCoreJSClientData.h:
(WebCore::JSVMClientData::subspaceForJSDOMWindow):
(WebCore::JSVMClientData::subspaceForJSDedicatedWorkerGlobalScope):
(WebCore::JSVMClientData::subspaceForJSRemoteDOMWindow):
(WebCore::JSVMClientData::subspaceForJSWorkerGlobalScope):
(WebCore::JSVMClientData::subspaceForJSServiceWorkerGlobalScope):
(WebCore::JSVMClientData::subspaceForJSPaintWorkletGlobalScope):
(WebCore::JSVMClientData::subspaceForJSWorkletGlobalScope):
(WebCore::JSVMClientData::forEachOutputConstraintSpace):
(WebCore::JSVMClientData::globalObjectOutputConstraintSpace): Deleted.
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):
(GenerateImplementation):
(GeneratePrototypeDeclaration):
* bindings/scripts/test/JS/JSInterfaceName.cpp:
* bindings/scripts/test/JS/JSMapLike.cpp:
* bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
* bindings/scripts/test/JS/JSReadOnlySetLike.cpp:
* bindings/scripts/test/JS/JSSetLike.cpp:
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
* bindings/scripts/test/JS/JSTestCEReactions.cpp:
* bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
* bindings/scripts/test/JS/JSTestCallTracer.cpp:
* bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
* bindings/scripts/test/JS/JSTestDOMJIT.cpp:
* bindings/scripts/test/JS/JSTestEnabledBySetting.cpp:
* bindings/scripts/test/JS/JSTestEnabledForContext.cpp:
* bindings/scripts/test/JS/JSTestEventConstructor.cpp:
* bindings/scripts/test/JS/JSTestEventTarget.cpp:
* bindings/scripts/test/JS/JSTestException.cpp:
* bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
* bindings/scripts/test/JS/JSTestGlobalObject.cpp:
(WebCore::JSTestGlobalObject::subspaceForImpl):
* bindings/scripts/test/JS/JSTestGlobalObject.h:
(WebCore::JSTestGlobalObject::subspaceFor):
* bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.cpp:
* bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.cpp:
* bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.cpp:
* bindings/scripts/test/JS/JSTestInterface.cpp:
* bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
* bindings/scripts/test/JS/JSTestIterable.cpp:
* bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
* bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
* bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.cpp:
* bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.cpp:
* bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.cpp:
* bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
* bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.cpp:
* bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.cpp:
* bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.cpp:
* bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.cpp:
* bindings/scripts/test/JS/JSTestNamedGetterCallWith.cpp:
* bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.cpp:
* bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.cpp:
* bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.cpp:
* bindings/scripts/test/JS/JSTestNamedSetterThrowingException.cpp:
* bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.cpp:
* bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.cpp:
* bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.cpp:
* bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.cpp:
* bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.cpp:
* bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.cpp:
* bindings/scripts/test/JS/JSTestNode.cpp:
* bindings/scripts/test/JS/JSTestObj.cpp:
* bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
* bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
* bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
* bindings/scripts/test/JS/JSTestPluginInterface.cpp:
* bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
* bindings/scripts/test/JS/JSTestSerialization.cpp:
* bindings/scripts/test/JS/JSTestSerializationIndirectInheritance.cpp:
* bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
* bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
* bindings/scripts/test/JS/JSTestStringifier.cpp:
* bindings/scripts/test/JS/JSTestStringifierAnonymousOperation.cpp:
* bindings/scripts/test/JS/JSTestStringifierNamedOperation.cpp:
* bindings/scripts/test/JS/JSTestStringifierOperationImplementedAs.cpp:
* bindings/scripts/test/JS/JSTestStringifierOperationNamedToString.cpp:
* bindings/scripts/test/JS/JSTestStringifierReadOnlyAttribute.cpp:
* bindings/scripts/test/JS/JSTestStringifierReadWriteAttribute.cpp:
* bindings/scripts/test/JS/JSTestTypedefs.cpp:
* bridge/runtime_method.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@253443 268f45cc-cd09-0410-ab3c-d52691b4dbfc

99 files changed:
Source/JavaScriptCore/API/JSAPIGlobalObject.h
Source/JavaScriptCore/API/JSCallbackObject.cpp
Source/JavaScriptCore/API/glib/JSAPIWrapperGlobalObject.cpp
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
Source/JavaScriptCore/bytecode/SuperSampler.h
Source/JavaScriptCore/heap/CellAttributes.h
Source/JavaScriptCore/heap/FreeList.h
Source/JavaScriptCore/heap/IsoHeapCellType.cpp
Source/JavaScriptCore/heap/IsoHeapCellType.h
Source/JavaScriptCore/heap/MarkedBlock.cpp
Source/JavaScriptCore/heap/MarkedBlockInlines.h
Source/JavaScriptCore/jsc.cpp
Source/JavaScriptCore/runtime/JSGlobalLexicalEnvironment.h
Source/JavaScriptCore/runtime/JSGlobalObject.h
Source/JavaScriptCore/runtime/JSSegmentedVariableObject.cpp
Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h
Source/JavaScriptCore/runtime/VM.cpp
Source/JavaScriptCore/runtime/VM.h
Source/JavaScriptCore/testRegExp.cpp
Source/WebCore/ChangeLog
Source/WebCore/bindings/js/JSDOMGlobalObject.h
Source/WebCore/bindings/js/JSDOMWindowBase.h
Source/WebCore/bindings/js/JSDOMWrapper.cpp
Source/WebCore/bindings/js/JSDOMWrapper.h
Source/WebCore/bindings/js/JSRemoteDOMWindowBase.h
Source/WebCore/bindings/js/JSWindowProxy.h
Source/WebCore/bindings/js/JSWorkerGlobalScopeBase.h
Source/WebCore/bindings/js/JSWorkletGlobalScopeBase.h
Source/WebCore/bindings/js/WebCoreJSClientData.cpp
Source/WebCore/bindings/js/WebCoreJSClientData.h
Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
Source/WebCore/bindings/scripts/test/JS/JSInterfaceName.cpp
Source/WebCore/bindings/scripts/test/JS/JSMapLike.cpp
Source/WebCore/bindings/scripts/test/JS/JSReadOnlyMapLike.cpp
Source/WebCore/bindings/scripts/test/JS/JSReadOnlySetLike.cpp
Source/WebCore/bindings/scripts/test/JS/JSSetLike.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestActiveDOMObject.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestCEReactions.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestCallTracer.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestDOMJIT.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestEnabledBySetting.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestEnabledForContext.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestEventConstructor.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestEventTarget.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestException.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestGlobalObject.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestGlobalObject.h
Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestInterface.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestIterable.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedConstructor.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterCallWith.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterThrowingException.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNode.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestPluginInterface.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestSerialization.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestSerializationIndirectInheritance.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestSerializationInherit.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestStringifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestStringifierAnonymousOperation.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestStringifierNamedOperation.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestStringifierOperationImplementedAs.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestStringifierOperationNamedToString.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestStringifierReadOnlyAttribute.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestStringifierReadWriteAttribute.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestTypedefs.cpp
Source/WebCore/bridge/runtime_method.h

index 60f6f66..aaee1c1 100644 (file)
@@ -38,6 +38,7 @@ public:
     DECLARE_EXPORT_INFO;
     static const GlobalObjectMethodTable s_globalObjectMethodTable;
 
+    static constexpr bool needsDestruction = true;
     template<typename CellType, SubspaceAccess mode>
     static IsoSubspace* subspaceFor(VM& vm)
     {
index 0b9e520..c88c62e 100644 (file)
@@ -39,7 +39,7 @@ template <> const ClassInfo JSCallbackObject<JSNonFinalObject>::s_info = { "Call
 template <> const ClassInfo JSCallbackObject<JSGlobalObject>::s_info = { "CallbackGlobalObject", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSCallbackObject) };
 
 template<> const bool JSCallbackObject<JSNonFinalObject>::needsDestruction = true;
-template<> const bool JSCallbackObject<JSGlobalObject>::needsDestruction = false;
+template<> const bool JSCallbackObject<JSGlobalObject>::needsDestruction = true;
 
 template<>
 JSCallbackObject<JSGlobalObject>* JSCallbackObject<JSGlobalObject>::create(VM& vm, JSClassRef classRef, Structure* structure)
index b286545..e2b6592 100644 (file)
@@ -56,7 +56,7 @@ namespace JSC {
 
 template <> const ClassInfo JSCallbackObject<JSAPIWrapperGlobalObject>::s_info = { "JSAPIWrapperGlobalObject", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSCallbackObject) };
 
-template<> const bool JSCallbackObject<JSAPIWrapperGlobalObject>::needsDestruction = false;
+template<> const bool JSCallbackObject<JSAPIWrapperGlobalObject>::needsDestruction = true;
 
 template <>
 IsoSubspace* JSCallbackObject<JSAPIWrapperGlobalObject>::subspaceForImpl(VM& vm, SubspaceAccess mode)
index 79d1e69..3e75eaf 100644 (file)
@@ -1,3 +1,52 @@
+2019-12-12  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] Lock-down JSGlobalObject and derived classes in IsoSubspace
+        https://bugs.webkit.org/show_bug.cgi?id=205108
+
+        Reviewed by Mark Lam.
+
+        This patch puts JSGlobalLexicalEnvironment and JSGlobalObject (and its derived classes including JSDOMWindow etc.) in IsoSubspace.
+        We were using `addFinalizer` feature to call destructors for these objects since they do not inherit JSDestructibleObject. But now
+        each derived classes has its IsoSubspace. So we do not need to use finalizer feature: just setting specialized HeapCellType works.
+
+        * API/JSAPIGlobalObject.h:
+        * API/JSCallbackObject.cpp:
+        * API/glib/JSAPIWrapperGlobalObject.cpp:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bytecode/SuperSampler.h:
+        * heap/CellAttributes.h:
+        * heap/FreeList.h:
+        * heap/IsoHeapCellType.cpp:
+        (JSC::IsoHeapCellType::IsoHeapCellType):
+        * heap/IsoHeapCellType.h:
+        * heap/MarkedBlock.cpp:
+        (JSC::MarkedBlock::Handle::setIsFreeListed): Deleted.
+        * heap/MarkedBlockInlines.h:
+        (JSC::MarkedBlock::Handle::setIsFreeListed):
+        * jsc.cpp:
+        (GlobalObject::create): Deleted.
+        (GlobalObject::createStructure): Deleted.
+        (GlobalObject::javaScriptRuntimeFlags): Deleted.
+        (GlobalObject::finishCreation): Deleted.
+        (GlobalObject::addFunction): Deleted.
+        * runtime/JSGlobalLexicalEnvironment.h:
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::subspaceFor):
+        * runtime/JSSegmentedVariableObject.cpp:
+        (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
+        (JSC::JSSegmentedVariableObject::finishCreation):
+        (JSC::JSSegmentedVariableObject::destroy): Deleted.
+        * runtime/JSSegmentedVariableObject.h:
+        (JSC::JSSegmentedVariableObject::subspaceFor):
+        (JSC::JSSegmentedVariableObject::classInfo const): Deleted.
+        * runtime/VM.cpp:
+        (JSC::VM::VM):
+        * runtime/VM.h:
+        * testRegExp.cpp:
+        (GlobalObject::create): Deleted.
+        (GlobalObject::createStructure): Deleted.
+        (GlobalObject::finishCreation): Deleted.
+
 2019-12-12  Mark Lam  <mark.lam@apple.com>
 
         Fix missing exception check in JSON Stringifier's gap function.
index 0a19cac..161d705 100644 (file)
                E3A421431D6F58930007C617 /* PreciseJumpTargetsInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = E3A421421D6F588F0007C617 /* PreciseJumpTargetsInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
                E3AC277721FDB4940024452C /* RegExpCachedResult.h in Headers */ = {isa = PBXBuildFile; fileRef = 86F75EFC151C062F007C9BA3 /* RegExpCachedResult.h */; settings = {ATTRIBUTES = (Private, ); }; };
                E3BD2B7622F275020011765C /* WasmCompilationMode.h in Headers */ = {isa = PBXBuildFile; fileRef = E3BD2B7522F275020011765C /* WasmCompilationMode.h */; settings = {ATTRIBUTES = (Private, ); }; };
-               E3BF1BAE238AAEDB003A1C2B /* IsoHeapCellType.h in Headers */ = {isa = PBXBuildFile; fileRef = E3BF1BAD238AAED1003A1C2B /* IsoHeapCellType.h */; };
+               E3BF1BAE238AAEDB003A1C2B /* IsoHeapCellType.h in Headers */ = {isa = PBXBuildFile; fileRef = E3BF1BAD238AAED1003A1C2B /* IsoHeapCellType.h */; settings = {ATTRIBUTES = (Private, ); }; };
                E3BF3C4D2390D1E8008BC752 /* JSWebAssemblyGlobal.h in Headers */ = {isa = PBXBuildFile; fileRef = E3BF3C4B2390D1E2008BC752 /* JSWebAssemblyGlobal.h */; };
                E3BF3C522390D202008BC752 /* WebAssemblyGlobalPrototype.h in Headers */ = {isa = PBXBuildFile; fileRef = E3BF3C502390D1FC008BC752 /* WebAssemblyGlobalPrototype.h */; };
                E3BF3C532390D205008BC752 /* WebAssemblyGlobalConstructor.h in Headers */ = {isa = PBXBuildFile; fileRef = E3BF3C512390D1FC008BC752 /* WebAssemblyGlobalConstructor.h */; };
index c90f6d4..9610dce 100644 (file)
@@ -29,7 +29,7 @@ namespace JSC {
 
 class MacroAssembler;
 
-extern volatile uint32_t g_superSamplerCount;
+extern JS_EXPORT_PRIVATE volatile uint32_t g_superSamplerCount;
 
 void initializeSuperSampler();
 
index a024760..51b5368 100644 (file)
@@ -40,7 +40,7 @@ struct CellAttributes {
     {
     }
     
-    void dump(PrintStream& out) const;
+    JS_EXPORT_PRIVATE void dump(PrintStream& out) const;
     
     DestructionMode destruction { DoesNotNeedDestruction };
     HeapCell::Kind cellKind { HeapCell::JSCell };
index a4bda5b..9d6dd4a 100644 (file)
@@ -66,8 +66,8 @@ public:
     
     void clear();
     
-    void initializeList(FreeCell* head, uintptr_t secret, unsigned bytes);
-    void initializeBump(char* payloadEnd, unsigned remaining);
+    JS_EXPORT_PRIVATE void initializeList(FreeCell* head, uintptr_t secret, unsigned bytes);
+    JS_EXPORT_PRIVATE void initializeBump(char* payloadEnd, unsigned remaining);
     
     bool allocationWillFail() const { return !head() && !m_remaining; }
     bool allocationWillSucceed() const { return !allocationWillFail(); }
@@ -89,7 +89,7 @@ public:
     static ptrdiff_t offsetOfOriginalSize() { return OBJECT_OFFSETOF(FreeList, m_originalSize); }
     static ptrdiff_t offsetOfCellSize() { return OBJECT_OFFSETOF(FreeList, m_cellSize); }
     
-    void dump(PrintStream&) const;
+    JS_EXPORT_PRIVATE void dump(PrintStream&) const;
 
     unsigned cellSize() const { return m_cellSize; }
     
index 68ecabd..ba51da2 100644 (file)
 
 namespace JSC {
 
+IsoHeapCellType::IsoHeapCellType(DestructionMode destructionMode, DestroyFunctionPtr destroyFunction)
+    : HeapCellType(CellAttributes(destructionMode, HeapCell::JSCell))
+    , m_destroy(destroyFunction)
+{
+}
+
 void IsoHeapCellType::finishSweep(MarkedBlock::Handle& handle, FreeList* freeList)
 {
     handle.finishSweepKnowingHeapCellType(freeList, *this);
index 144d595..091a91c 100644 (file)
@@ -32,11 +32,7 @@ class IsoHeapCellType final : public HeapCellType {
 public:
     using DestroyFunctionPtr = void (*)(JSCell*);
 
-    IsoHeapCellType(DestructionMode destructionMode, DestroyFunctionPtr destroyFunction)
-        : HeapCellType(CellAttributes(destructionMode, HeapCell::JSCell))
-        , m_destroy(destroyFunction)
-    {
-    }
+    JS_EXPORT_PRIVATE IsoHeapCellType(DestructionMode, DestroyFunctionPtr);
 
     template<typename CellType>
     static std::unique_ptr<IsoHeapCellType> create()
@@ -44,8 +40,8 @@ public:
         return makeUnique<IsoHeapCellType>(CellType::needsDestruction ? NeedsDestruction : DoesNotNeedDestruction, &CellType::destroy);
     }
 
-    void finishSweep(MarkedBlock::Handle&, FreeList*) override;
-    void destroy(VM&, JSCell*) override;
+    JS_EXPORT_PRIVATE void finishSweep(MarkedBlock::Handle&, FreeList*) override;
+    JS_EXPORT_PRIVATE void destroy(VM&, JSCell*) override;
 
     ALWAYS_INLINE void operator()(VM&, JSCell* cell) const
     {
index 42504a0..8e4f9bf 100644 (file)
@@ -113,12 +113,6 @@ void MarkedBlock::Handle::unsweepWithNoNewlyAllocated()
     m_isFreeListed = false;
 }
 
-void MarkedBlock::Handle::setIsFreeListed()
-{
-    m_directory->setIsEmpty(NoLockingNecessary, this, false);
-    m_isFreeListed = true;
-}
-
 void MarkedBlock::Handle::stopAllocating(const FreeList& freeList)
 {
     auto locker = holdLock(blockFooter().m_lock);
index f8bbcb4..99fa40e 100644 (file)
@@ -483,6 +483,12 @@ inline MarkedBlock::Handle::MarksMode MarkedBlock::Handle::marksMode()
     return marksAreUseful ? MarksNotStale : MarksStale;
 }
 
+inline void MarkedBlock::Handle::setIsFreeListed()
+{
+    m_directory->setIsEmpty(NoLockingNecessary, this, false);
+    m_isFreeListed = true;
+}
+
 template <typename Functor>
 inline IterationStatus MarkedBlock::Handle::forEachLiveCell(const Functor& functor)
 {
index b755688..fa48a35 100644 (file)
@@ -482,7 +482,7 @@ static inline String stringFromUTF(const Vector& utf8)
     return String::fromUTF8WithLatin1Fallback(utf8.data(), utf8.size());
 }
 
-class GlobalObject : public JSGlobalObject {
+class GlobalObject final : public JSGlobalObject {
 private:
     GlobalObject(VM&, Structure*);
 
@@ -496,8 +496,6 @@ public:
         return object;
     }
 
-    static constexpr bool needsDestruction = false;
-
     DECLARE_INFO;
     static const GlobalObjectMethodTable s_globalObjectMethodTable;
 
@@ -664,6 +662,7 @@ protected:
     static JSInternalPromise* moduleLoaderFetch(JSGlobalObject*, JSModuleLoader*, JSValue, JSValue, JSValue);
     static JSObject* moduleLoaderCreateImportMetaProperties(JSGlobalObject*, JSModuleLoader*, JSValue, JSModuleRecord*, JSValue);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(GlobalObject, JSGlobalObject);
 
 static bool supportsRichSourceInfo = true;
 static bool shellSupportsRichSourceInfo(const JSGlobalObject*)
index 3974963..36feb90 100644 (file)
 namespace JSC {
 
 class JSGlobalLexicalEnvironment final : public JSSegmentedVariableObject {
-
 public:
     using Base = JSSegmentedVariableObject;
 
     static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot;
 
+    template<typename CellType, SubspaceAccess mode>
+    static IsoSubspace* subspaceFor(VM& vm)
+    {
+        return &vm.globalLexicalEnvironmentSpace;
+    }
+
     static JSGlobalLexicalEnvironment* create(VM& vm, Structure* structure, JSScope* parentScope)
     {
         JSGlobalLexicalEnvironment* result =
@@ -49,8 +54,7 @@ public:
     static bool put(JSCell*, JSGlobalObject*, PropertyName, JSValue, PutPropertySlot&);
 
     static void destroy(JSCell*);
-    // We don't need a destructor because we use a finalizer instead.
-    static constexpr bool needsDestruction = false;
+    static constexpr bool needsDestruction = true;
 
     bool isEmpty() const { return !symbolTable()->size(); }
     bool isConstVariable(UniquedStringImpl*);
index 8a7ff96..f30b93c 100644 (file)
@@ -526,9 +526,16 @@ public:
     }
         
 public:
-    typedef JSSegmentedVariableObject Base;
+    using Base = JSSegmentedVariableObject;
     static constexpr unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable | OverridesGetOwnPropertySlot | OverridesGetPropertyNames | IsImmutablePrototypeExoticObject;
 
+    static constexpr bool needsDestruction = true;
+    template<typename CellType, SubspaceAccess mode>
+    static IsoSubspace* subspaceFor(VM& vm)
+    {
+        return vm.globalObjectSpace<mode>();
+    }
+
     JS_EXPORT_PRIVATE static JSGlobalObject* create(VM&, Structure*);
 
     DECLARE_EXPORT_INFO;
index faa7ed0..c85182a 100644 (file)
@@ -95,14 +95,8 @@ void JSSegmentedVariableObject::analyzeHeap(JSCell* cell, HeapAnalyzer& analyzer
     }
 }
 
-void JSSegmentedVariableObject::destroy(JSCell* cell)
-{
-    static_cast<JSSegmentedVariableObject*>(cell)->JSSegmentedVariableObject::~JSSegmentedVariableObject();
-}
-
 JSSegmentedVariableObject::JSSegmentedVariableObject(VM& vm, Structure* structure, JSScope* scope)
     : JSSymbolTableObject(vm, structure, scope)
-    , m_classInfo(structure->classInfo())
 {
 }
 
@@ -118,9 +112,6 @@ void JSSegmentedVariableObject::finishCreation(VM& vm)
 {
     Base::finishCreation(vm);
     setSymbolTable(vm, SymbolTable::create(vm));
-    vm.heap.addFinalizer(this, [] (JSCell* cell) {
-        static_cast<JSSegmentedVariableObject*>(cell)->m_classInfo->methodTable.destroy(cell);
-    });
 }
 
 } // namespace JSC
index 535fc34..4dcfd07 100644 (file)
@@ -50,19 +50,14 @@ class LLIntOffsetsExtractor;
 class JSSegmentedVariableObject : public JSSymbolTableObject {
     friend class JIT;
     friend class LLIntOffsetsExtractor;
-
 public:
     using Base = JSSymbolTableObject;
 
     DECLARE_INFO;
 
     static constexpr bool needsDestruction = true;
-
     template<typename CellType, SubspaceAccess>
-    static CompleteSubspace* subspaceFor(VM& vm)
-    {
-        return &vm.cellSpace;
-    }
+    static void subspaceFor(VM&) { RELEASE_ASSERT_NOT_REACHED(); }
 
     bool isValidScopeOffset(ScopeOffset offset)
     {
@@ -94,10 +89,6 @@ public:
     JS_EXPORT_PRIVATE static void visitChildren(JSCell*, SlotVisitor&);
     JS_EXPORT_PRIVATE static void analyzeHeap(JSCell*, HeapAnalyzer&);
     
-    static void destroy(JSCell*);
-    
-    const ClassInfo* classInfo(VM&) const { return m_classInfo; }
-    
 protected:
     JSSegmentedVariableObject(VM&, Structure*, JSScope*);
     
@@ -107,7 +98,6 @@ protected:
     
 private:
     SegmentedVector<WriteBarrier<Unknown>, 16> m_variables;
-    const ClassInfo* m_classInfo;
 #ifndef NDEBUG
     bool m_alreadyDestroyed { false }; // We use these assertions to check that we aren't doing ancient hacks that result in this being destroyed more than once.
 #endif
index 1577cf7..e163269 100644 (file)
@@ -97,6 +97,8 @@
 #include "JSDestructibleObjectHeapCellType.h"
 #include "JSFixedArray.h"
 #include "JSFunction.h"
+#include "JSGlobalLexicalEnvironment.h"
+#include "JSGlobalObject.h"
 #include "JSGlobalObjectFunctions.h"
 #include "JSImmutableButterfly.h"
 #include "JSInternalPromise.h"
@@ -302,10 +304,14 @@ VM::VM(VMType vmType, HeapType heapType)
     , immutableButterflyHeapCellType(makeUnique<HeapCellType>(CellAttributes(DoesNotNeedDestruction, HeapCell::JSCellWithInteriorPointers)))
     , cellHeapCellType(makeUnique<HeapCellType>(CellAttributes(DoesNotNeedDestruction, HeapCell::JSCell)))
     , destructibleCellHeapCellType(makeUnique<HeapCellType>(CellAttributes(NeedsDestruction, HeapCell::JSCell)))
+    , apiGlobalObjectHeapCellType(IsoHeapCellType::create<JSAPIGlobalObject>())
     , callbackConstructorHeapCellType(IsoHeapCellType::create<JSCallbackConstructor>())
+    , callbackGlobalObjectHeapCellType(IsoHeapCellType::create<JSCallbackObject<JSGlobalObject>>())
     , callbackObjectHeapCellType(IsoHeapCellType::create<JSCallbackObject<JSNonFinalObject>>())
     , dateInstanceHeapCellType(IsoHeapCellType::create<DateInstance>())
     , errorInstanceHeapCellType(IsoHeapCellType::create<ErrorInstance>())
+    , globalLexicalEnvironmentHeapCellType(IsoHeapCellType::create<JSGlobalLexicalEnvironment>())
+    , globalObjectHeapCellType(IsoHeapCellType::create<JSGlobalObject>())
     , jsModuleRecordHeapCellType(IsoHeapCellType::create<JSModuleRecord>())
     , moduleNamespaceObjectHeapCellType(IsoHeapCellType::create<JSModuleNamespaceObject>())
     , nativeStdFunctionHeapCellType(IsoHeapCellType::create<JSNativeStdFunction>())
@@ -319,6 +325,7 @@ VM::VM(VMType vmType, HeapType heapType)
 #endif
 #ifdef JSC_GLIB_API_ENABLED
     , apiWrapperObjectHeapCellType(IsoHeapCellType::create<JSCallbackObject<JSAPIWrapperObject>>())
+    , callbackAPIWrapperGlobalObjectHeapCellType(IsoHeapCellType::create<JSCallbackObject<JSAPIWrapperGlobalObject>>())
     , jscCallbackFunctionHeapCellType(IsoHeapCellType::create<JSCCallbackFunction>())
 #endif
 #if ENABLE(INTL)
@@ -353,6 +360,7 @@ VM::VM(VMType vmType, HeapType heapType)
     , executableToCodeBlockEdgeSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), ExecutableToCodeBlockEdge) // Hash:0x7b730b20
     , functionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSFunction) // Hash:0x800fca72
     , getterSetterSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), GetterSetter)
+    , globalLexicalEnvironmentSpace ISO_SUBSPACE_INIT(heap, globalLexicalEnvironmentHeapCellType.get(), JSGlobalLexicalEnvironment)
     , internalFunctionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), InternalFunction) // Hash:0xf845c464
     , nativeExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), NativeExecutable) // Hash:0x67567f95
     , numberObjectSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), NumberObject)
@@ -1374,7 +1382,7 @@ void VM::ensureShadowChicken()
     }
 
 
-DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(apiGlobalObjectSpace, cellHeapCellType.get(), JSAPIGlobalObject)
+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(apiGlobalObjectSpace, apiGlobalObjectHeapCellType.get(), JSAPIGlobalObject)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(apiValueWrapperSpace, cellHeapCellType.get(), JSAPIValueWrapper)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(arrayBufferSpace, cellHeapCellType.get(), JSArrayBuffer)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(asyncGeneratorSpace, cellHeapCellType.get(), JSAsyncGenerator)
@@ -1382,7 +1390,7 @@ DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(bigIntObjectSpace, cellHeapCellType.get(
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(booleanObjectSpace, cellHeapCellType.get(), BooleanObject)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(boundFunctionSpace, cellHeapCellType.get(), JSBoundFunction) // Hash:0xd7916d41
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(callbackConstructorSpace, callbackConstructorHeapCellType.get(), JSCallbackConstructor)
-DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(callbackGlobalObjectSpace, cellHeapCellType.get(), JSCallbackObject<JSGlobalObject>)
+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(callbackGlobalObjectSpace, callbackGlobalObjectHeapCellType.get(), JSCallbackObject<JSGlobalObject>)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(callbackFunctionSpace, cellHeapCellType.get(), JSCallbackFunction) // Hash:0xe7648ebc
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(callbackObjectSpace, callbackObjectHeapCellType.get(), JSCallbackObject<JSNonFinalObject>)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(customGetterSetterFunctionSpace, cellHeapCellType.get(), JSCustomGetterSetterFunction) // Hash:0x18091000
@@ -1392,6 +1400,7 @@ DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(float32ArraySpace, cellHeapCellType.get(
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(float64ArraySpace, cellHeapCellType.get(), JSFloat64Array)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(functionRareDataSpace, destructibleCellHeapCellType.get(), FunctionRareData)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(generatorSpace, cellHeapCellType.get(), JSGenerator)
+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(globalObjectSpace, globalObjectHeapCellType.get(), JSGlobalObject)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(jsModuleRecordSpace, jsModuleRecordHeapCellType.get(), JSModuleRecord)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(int8ArraySpace, cellHeapCellType.get(), JSInt8Array)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(int16ArraySpace, cellHeapCellType.get(), JSInt16Array)
@@ -1422,7 +1431,7 @@ DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(objCCallbackFunctionSpace, objCCallbackF
 #ifdef JSC_GLIB_API_ENABLED
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(apiWrapperObjectSpace, apiWrapperObjectHeapCellType.get(), JSCallbackObject<JSAPIWrapperObject>)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(jscCallbackFunctionSpace, jscCallbackFunctionHeapCellType.get(), JSCCallbackFunction)
-DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(callbackAPIWrapperGlobalObjectSpace, cellHeapCellType.get(), JSCallbackObject<JSAPIWrapperGlobalObject>)
+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(callbackAPIWrapperGlobalObjectSpace, callbackAPIWrapperGlobalObjectHeapCellType.get(), JSCallbackObject<JSAPIWrapperGlobalObject>)
 #endif
 #if ENABLE(INTL)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(intlCollatorSpace, intlCollatorHeapCellType.get(), IntlCollator)
index 80bc5ec..999fcb7 100644 (file)
@@ -126,12 +126,15 @@ class IntlCollator;
 class IntlDateTimeFormat;
 class IntlNumberFormat;
 class IntlPluralRules;
+class JSAPIGlobalObject;
+class JSAPIWrapperGlobalObject;
 class JSAPIWrapperObject;
 class JSCCallbackFunction;
 class JSCallbackConstructor;
 class JSCustomGetterSetterFunction;
 class JSDestructibleObjectHeapCellType;
 class JSGlobalObject;
+class JSGlobalLexicalEnvironment;
 class JSModuleNamespaceObject;
 class JSModuleRecord;
 class JSNativeStdFunction;
@@ -364,10 +367,14 @@ public:
     std::unique_ptr<HeapCellType> immutableButterflyHeapCellType;
     std::unique_ptr<HeapCellType> cellHeapCellType;
     std::unique_ptr<HeapCellType> destructibleCellHeapCellType;
+    std::unique_ptr<IsoHeapCellType> apiGlobalObjectHeapCellType;
     std::unique_ptr<IsoHeapCellType> callbackConstructorHeapCellType;
+    std::unique_ptr<IsoHeapCellType> callbackGlobalObjectHeapCellType;
     std::unique_ptr<IsoHeapCellType> callbackObjectHeapCellType;
     std::unique_ptr<IsoHeapCellType> dateInstanceHeapCellType;
     std::unique_ptr<IsoHeapCellType> errorInstanceHeapCellType;
+    std::unique_ptr<IsoHeapCellType> globalLexicalEnvironmentHeapCellType;
+    std::unique_ptr<IsoHeapCellType> globalObjectHeapCellType;
     std::unique_ptr<IsoHeapCellType> jsModuleRecordHeapCellType;
     std::unique_ptr<IsoHeapCellType> moduleNamespaceObjectHeapCellType;
     std::unique_ptr<IsoHeapCellType> nativeStdFunctionHeapCellType;
@@ -381,6 +388,7 @@ public:
 #endif
 #ifdef JSC_GLIB_API_ENABLED
     std::unique_ptr<IsoHeapCellType> apiWrapperObjectHeapCellType;
+    std::unique_ptr<IsoHeapCellType> callbackAPIWrapperGlobalObjectHeapCellType;
     std::unique_ptr<IsoHeapCellType> jscCallbackFunctionHeapCellType;
 #endif
 #if ENABLE(INTL)
@@ -439,6 +447,7 @@ public:
     IsoSubspace executableToCodeBlockEdgeSpace;
     IsoSubspace functionSpace;
     IsoSubspace getterSetterSpace;
+    IsoSubspace globalLexicalEnvironmentSpace;
     IsoSubspace internalFunctionSpace;
     IsoSubspace nativeExecutableSpace;
     IsoSubspace numberObjectSpace;
@@ -493,6 +502,7 @@ public:
     DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(float64ArraySpace)
     DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(functionRareDataSpace)
     DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(generatorSpace)
+    DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(globalObjectSpace)
     DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(int8ArraySpace)
     DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(int16ArraySpace)
     DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(int32ArraySpace)
index 97656e7..fe3ef7e 100644 (file)
@@ -102,12 +102,12 @@ struct RegExpTest {
     Vector<int, 32> expectVector;
 };
 
-class GlobalObject : public JSGlobalObject {
+class GlobalObject final : public JSGlobalObject {
 private:
     GlobalObject(VM&, Structure*, const Vector<String>& arguments);
 
 public:
-    typedef JSGlobalObject Base;
+    using Base = JSGlobalObject;
 
     static GlobalObject* create(VM& vm, Structure* structure, const Vector<String>& arguments)
     {
@@ -117,7 +117,7 @@ public:
 
     DECLARE_INFO;
 
-    static constexpr bool needsDestructor = false;
+    static constexpr bool needsDestructor = true;
 
     static Structure* createStructure(VM& vm, JSValue prototype)
     {
@@ -131,6 +131,7 @@ protected:
         UNUSED_PARAM(arguments);
     }
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(GlobalObject, JSGlobalObject);
 
 const ClassInfo GlobalObject::s_info = { "global", &JSGlobalObject::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(GlobalObject) };
 
index c054497..90f74fa 100644 (file)
@@ -1,3 +1,109 @@
+2019-12-12  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] Lock-down JSGlobalObject and derived classes in IsoSubspace
+        https://bugs.webkit.org/show_bug.cgi?id=205108
+
+        Reviewed by Mark Lam.
+
+        We put derived classes of JSGlobalObject in IsoSubspace in WebCore side too.
+
+        * bindings/js/JSDOMGlobalObject.h:
+        * bindings/js/JSDOMWindowBase.h:
+        * bindings/js/JSDOMWrapper.cpp:
+        (WebCore::globalObjectOutputConstraintSubspaceFor): Deleted.
+        * bindings/js/JSDOMWrapper.h:
+        * bindings/js/JSRemoteDOMWindowBase.h:
+        * bindings/js/JSWindowProxy.h:
+        * bindings/js/JSWorkerGlobalScopeBase.h:
+        (WebCore::JSWorkerGlobalScopeBase::subspaceFor):
+        * bindings/js/JSWorkletGlobalScopeBase.h:
+        (WebCore::JSWorkletGlobalScopeBase::subspaceFor):
+        * bindings/js/WebCoreJSClientData.cpp:
+        (WebCore::JSVMClientData::JSVMClientData):
+        * bindings/js/WebCoreJSClientData.h:
+        (WebCore::JSVMClientData::subspaceForJSDOMWindow):
+        (WebCore::JSVMClientData::subspaceForJSDedicatedWorkerGlobalScope):
+        (WebCore::JSVMClientData::subspaceForJSRemoteDOMWindow):
+        (WebCore::JSVMClientData::subspaceForJSWorkerGlobalScope):
+        (WebCore::JSVMClientData::subspaceForJSServiceWorkerGlobalScope):
+        (WebCore::JSVMClientData::subspaceForJSPaintWorkletGlobalScope):
+        (WebCore::JSVMClientData::subspaceForJSWorkletGlobalScope):
+        (WebCore::JSVMClientData::forEachOutputConstraintSpace):
+        (WebCore::JSVMClientData::globalObjectOutputConstraintSpace): Deleted.
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateHeader):
+        (GenerateImplementation):
+        (GeneratePrototypeDeclaration):
+        * bindings/scripts/test/JS/JSInterfaceName.cpp:
+        * bindings/scripts/test/JS/JSMapLike.cpp:
+        * bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
+        * bindings/scripts/test/JS/JSReadOnlySetLike.cpp:
+        * bindings/scripts/test/JS/JSSetLike.cpp:
+        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
+        * bindings/scripts/test/JS/JSTestCEReactions.cpp:
+        * bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
+        * bindings/scripts/test/JS/JSTestCallTracer.cpp:
+        * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
+        * bindings/scripts/test/JS/JSTestDOMJIT.cpp:
+        * bindings/scripts/test/JS/JSTestEnabledBySetting.cpp:
+        * bindings/scripts/test/JS/JSTestEnabledForContext.cpp:
+        * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
+        * bindings/scripts/test/JS/JSTestEventTarget.cpp:
+        * bindings/scripts/test/JS/JSTestException.cpp:
+        * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
+        * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
+        (WebCore::JSTestGlobalObject::subspaceForImpl):
+        * bindings/scripts/test/JS/JSTestGlobalObject.h:
+        (WebCore::JSTestGlobalObject::subspaceFor):
+        * bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.cpp:
+        * bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.cpp:
+        * bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.cpp:
+        * bindings/scripts/test/JS/JSTestInterface.cpp:
+        * bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
+        * bindings/scripts/test/JS/JSTestIterable.cpp:
+        * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
+        * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
+        * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.cpp:
+        * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.cpp:
+        * bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.cpp:
+        * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
+        * bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.cpp:
+        * bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.cpp:
+        * bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.cpp:
+        * bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.cpp:
+        * bindings/scripts/test/JS/JSTestNamedGetterCallWith.cpp:
+        * bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.cpp:
+        * bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.cpp:
+        * bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.cpp:
+        * bindings/scripts/test/JS/JSTestNamedSetterThrowingException.cpp:
+        * bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.cpp:
+        * bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.cpp:
+        * bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.cpp:
+        * bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.cpp:
+        * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.cpp:
+        * bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.cpp:
+        * bindings/scripts/test/JS/JSTestNode.cpp:
+        * bindings/scripts/test/JS/JSTestObj.cpp:
+        * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
+        * bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
+        * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
+        * bindings/scripts/test/JS/JSTestPluginInterface.cpp:
+        * bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
+        * bindings/scripts/test/JS/JSTestSerialization.cpp:
+        * bindings/scripts/test/JS/JSTestSerializationIndirectInheritance.cpp:
+        * bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
+        * bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
+        * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
+        * bindings/scripts/test/JS/JSTestStringifier.cpp:
+        * bindings/scripts/test/JS/JSTestStringifierAnonymousOperation.cpp:
+        * bindings/scripts/test/JS/JSTestStringifierNamedOperation.cpp:
+        * bindings/scripts/test/JS/JSTestStringifierOperationImplementedAs.cpp:
+        * bindings/scripts/test/JS/JSTestStringifierOperationNamedToString.cpp:
+        * bindings/scripts/test/JS/JSTestStringifierReadOnlyAttribute.cpp:
+        * bindings/scripts/test/JS/JSTestStringifierReadWriteAttribute.cpp:
+        * bindings/scripts/test/JS/JSTestTypedefs.cpp:
+        * bridge/runtime_method.h:
+
 2019-12-12  Zalan Bujtas  <zalan@apple.com>
 
         [LFC][Integration] Paint seemingly blank runs (0 width, result of negative letter-spacing)
index fcd67d5..d29858c 100644 (file)
@@ -44,15 +44,17 @@ using JSDOMConstructorMap = HashMap<const JSC::ClassInfo*, JSC::WriteBarrier<JSC
 using DOMGuardedObjectSet = HashSet<DOMGuardedObject*>;
 
 class WEBCORE_EXPORT JSDOMGlobalObject : public JSC::JSGlobalObject {
-    using Base = JSC::JSGlobalObject;
-protected:
+public:
     struct JSDOMGlobalObjectData;
 
-    JSDOMGlobalObject(JSC::VM&, JSC::Structure*, Ref<DOMWrapperWorld>&&, const JSC::GlobalObjectMethodTable* = nullptr);
-    static void destroy(JSC::JSCell*);
-    void finishCreation(JSC::VM&);
-    void finishCreation(JSC::VM&, JSC::JSObject*);
+    using Base = JSC::JSGlobalObject;
+
+    static const JSC::ClassInfo s_info;
+
+    template<typename, JSC::SubspaceAccess>
+    static void subspaceFor(JSC::VM&) { RELEASE_ASSERT_NOT_REACHED(); }
 
+    static void destroy(JSC::JSCell*);
 public:
     Lock& gcLock() { return m_gcLock; }
 
@@ -77,8 +79,6 @@ public:
 
     JSBuiltinInternalFunctions& builtinInternalFunctions() { return m_builtinInternalFunctions; }
 
-protected:
-    static const JSC::ClassInfo s_info;
 
 public:
     ~JSDOMGlobalObject();
@@ -91,6 +91,10 @@ public:
     }
 
 protected:
+    JSDOMGlobalObject(JSC::VM&, JSC::Structure*, Ref<DOMWrapperWorld>&&, const JSC::GlobalObjectMethodTable* = nullptr);
+    void finishCreation(JSC::VM&);
+    void finishCreation(JSC::VM&, JSC::JSObject*);
+
     static void promiseRejectionTracker(JSC::JSGlobalObject*, JSC::JSPromise*, JSC::JSPromiseRejectionOperation);
 
     JSDOMStructureMap m_structures;
index 52dff03..1d7762c 100644 (file)
@@ -48,14 +48,14 @@ class JSDOMWindowBasePrivate;
 class JSWindowProxy;
 
 class WEBCORE_EXPORT JSDOMWindowBase : public JSDOMGlobalObject {
-    typedef JSDOMGlobalObject Base;
-protected:
-    JSDOMWindowBase(JSC::VM&, JSC::Structure*, RefPtr<DOMWindow>&&, JSWindowProxy*);
-    void finishCreation(JSC::VM&, JSWindowProxy*);
+public:
+    using Base = JSDOMGlobalObject;
 
     static void destroy(JSCell*);
 
-public:
+    template<typename, JSC::SubspaceAccess>
+    static void subspaceFor(JSC::VM&) { RELEASE_ASSERT_NOT_REACHED(); }
+
     void updateDocument();
 
     DOMWindow& wrapped() const { return *m_wrapped; }
@@ -86,6 +86,9 @@ public:
     static void fireFrameClearedWatchpointsForWindow(DOMWindow*);
 
 protected:
+    JSDOMWindowBase(JSC::VM&, JSC::Structure*, RefPtr<DOMWindow>&&, JSWindowProxy*);
+    void finishCreation(JSC::VM&, JSWindowProxy*);
+
     JSC::WatchpointSet m_windowCloseWatchpoints;
 
 private:
index 7736d0c..8d02765 100644 (file)
@@ -49,11 +49,6 @@ JSC::CompleteSubspace* outputConstraintSubspaceFor(JSC::VM& vm)
     return &static_cast<JSVMClientData*>(vm.clientData)->outputConstraintSpace();
 }
 
-JSC::CompleteSubspace* globalObjectOutputConstraintSubspaceFor(JSC::VM& vm)
-{
-    return &static_cast<JSVMClientData*>(vm.clientData)->globalObjectOutputConstraintSpace();
-}
-
 JSC::JSValue cloneAcrossWorlds(JSC::JSGlobalObject& lexicalGlobalObject, const JSDOMObject& owner, JSC::JSValue value)
 {
     if (isWorldCompatible(lexicalGlobalObject, value))
index 96d39e9..0e89913 100644 (file)
@@ -67,7 +67,6 @@ protected:
 };
 
 WEBCORE_EXPORT JSC::CompleteSubspace* outputConstraintSubspaceFor(JSC::VM&);
-WEBCORE_EXPORT JSC::CompleteSubspace* globalObjectOutputConstraintSubspaceFor(JSC::VM&);
 
 template<typename ImplementationClass> class JSDOMWrapper : public JSDOMObject {
 public:
index 64dfcd3..3916145 100644 (file)
@@ -35,12 +35,14 @@ class JSWindowProxy;
 class JSRemoteDOMWindow;
 
 class WEBCORE_EXPORT JSRemoteDOMWindowBase : public JSDOMGlobalObject {
-protected:
-    JSRemoteDOMWindowBase(JSC::VM&, JSC::Structure*, RefPtr<RemoteDOMWindow>&&, JSWindowProxy*);
+public:
+    using Base = JSDOMGlobalObject;
 
     static void destroy(JSCell*);
 
-public:
+    template<typename, JSC::SubspaceAccess>
+    static void subspaceFor(JSC::VM&) { RELEASE_ASSERT_NOT_REACHED(); }
+
     RemoteDOMWindow& wrapped() const { return *m_wrapped; }
 
     DECLARE_INFO;
@@ -49,6 +51,9 @@ public:
 
     static JSC::RuntimeFlags javaScriptRuntimeFlags(const JSC::JSGlobalObject*);
 
+protected:
+    JSRemoteDOMWindowBase(JSC::VM&, JSC::Structure*, RefPtr<RemoteDOMWindow>&&, JSWindowProxy*);
+
 private:
     RefPtr<RemoteDOMWindow> m_wrapped;
 };
index f44c80a..19c1ba7 100644 (file)
@@ -43,11 +43,12 @@ class AbstractDOMWindow;
 class AbstractFrame;
 
 class JSWindowProxy final : public JSC::JSProxy {
-    using Base = JSC::JSProxy;
 public:
-    static JSWindowProxy& create(JSC::VM&, AbstractDOMWindow&, DOMWrapperWorld&);
+    using Base = JSC::JSProxy;
     static void destroy(JSCell*);
 
+    static JSWindowProxy& create(JSC::VM&, AbstractDOMWindow&, DOMWrapperWorld&);
+
     DECLARE_INFO;
 
     JSDOMGlobalObject* window() const { return static_cast<JSDOMGlobalObject*>(target()); }
index 8e5b298..9fe129c 100644 (file)
@@ -48,8 +48,12 @@ class JSServiceWorkerGlobalScope;
 #endif
 
 class JSWorkerGlobalScopeBase : public JSDOMGlobalObject {
-    typedef JSDOMGlobalObject Base;
 public:
+    using Base = JSDOMGlobalObject;
+
+    template<typename, JSC::SubspaceAccess>
+    static void subspaceFor(JSC::VM&) { RELEASE_ASSERT_NOT_REACHED(); }
+
     static void destroy(JSC::JSCell*);
 
     DECLARE_INFO;
index c4a386b..8fef920 100644 (file)
@@ -38,8 +38,12 @@ class JSWorkletGlobalScope;
 class WorkletGlobalScope;
 
 class JSWorkletGlobalScopeBase : public JSDOMGlobalObject {
-    using Base = JSDOMGlobalObject;
 public:
+    using Base = JSDOMGlobalObject;
+
+    template<typename, JSC::SubspaceAccess>
+    static void subspaceFor(JSC::VM&) { RELEASE_ASSERT_NOT_REACHED(); }
+
     static void destroy(JSC::JSCell*);
 
     DECLARE_INFO;
index 8f8d3ce..0520e0f 100644 (file)
 
 #include "DOMGCOutputConstraint.h"
 #include "JSDOMBinding.h"
+#include "JSDOMWindow.h"
+#include "JSDedicatedWorkerGlobalScope.h"
+#include "JSPaintWorkletGlobalScope.h"
+#include "JSRemoteDOMWindow.h"
+#include "JSServiceWorkerGlobalScope.h"
+#include "JSWorkerGlobalScope.h"
+#include "JSWorkletGlobalScope.h"
 #include <JavaScriptCore/FastMallocAlignedMemoryAllocator.h>
 #include <JavaScriptCore/HeapInlines.h>
+#include <JavaScriptCore/IsoHeapCellType.h>
 #include <JavaScriptCore/JSDestructibleObjectHeapCellType.h>
 #include <JavaScriptCore/MarkingConstraint.h>
 #include <JavaScriptCore/SubspaceInlines.h>
@@ -43,9 +51,30 @@ using namespace JSC;
 JSVMClientData::JSVMClientData(VM& vm)
     : m_builtinFunctions(vm)
     , m_builtinNames(vm)
+    , m_heapCellTypeForJSDOMWindow(JSC::IsoHeapCellType::create<JSDOMWindow>())
+    , m_heapCellTypeForJSDedicatedWorkerGlobalScope(JSC::IsoHeapCellType::create<JSDedicatedWorkerGlobalScope>())
+    , m_heapCellTypeForJSRemoteDOMWindow(JSC::IsoHeapCellType::create<JSRemoteDOMWindow>())
+    , m_heapCellTypeForJSWorkerGlobalScope(JSC::IsoHeapCellType::create<JSWorkerGlobalScope>())
+#if ENABLE(SERVICE_WORKER)
+    , m_heapCellTypeForJSServiceWorkerGlobalScope(JSC::IsoHeapCellType::create<JSServiceWorkerGlobalScope>())
+#endif
+#if ENABLE(CSS_PAINTING_API)
+    , m_heapCellTypeForJSPaintWorkletGlobalScope(JSC::IsoHeapCellType::create<JSPaintWorkletGlobalScope>())
+    , m_heapCellTypeForJSWorkletGlobalScope(JSC::IsoHeapCellType::create<JSWorkletGlobalScope>())
+#endif
     , m_runtimeMethodSpace ISO_SUBSPACE_INIT(vm.heap, vm.cellHeapCellType.get(), RuntimeMethod) // Hash:0xf70c4a85
+    , m_subspaceForJSDOMWindow ISO_SUBSPACE_INIT(vm.heap, m_heapCellTypeForJSDOMWindow.get(), JSDOMWindow)
+    , m_subspaceForJSDedicatedWorkerGlobalScope ISO_SUBSPACE_INIT(vm.heap, m_heapCellTypeForJSDedicatedWorkerGlobalScope.get(), JSDedicatedWorkerGlobalScope)
+    , m_subspaceForJSRemoteDOMWindow ISO_SUBSPACE_INIT(vm.heap, m_heapCellTypeForJSRemoteDOMWindow.get(), JSRemoteDOMWindow)
+    , m_subspaceForJSWorkerGlobalScope ISO_SUBSPACE_INIT(vm.heap, m_heapCellTypeForJSWorkerGlobalScope.get(), JSWorkerGlobalScope)
+#if ENABLE(SERVICE_WORKER)
+    , m_subspaceForJSServiceWorkerGlobalScope ISO_SUBSPACE_INIT(vm.heap, m_heapCellTypeForJSServiceWorkerGlobalScope.get(), JSServiceWorkerGlobalScope)
+#endif
+#if ENABLE(CSS_PAINTING_API)
+    , m_subspaceForJSPaintWorkletGlobalScope ISO_SUBSPACE_INIT(vm.heap, m_heapCellTypeForJSPaintWorkletGlobalScope.get(), JSPaintWorkletGlobalScope)
+    , m_subspaceForJSWorkletGlobalScope ISO_SUBSPACE_INIT(vm.heap, m_heapCellTypeForJSWorkletGlobalScope.get(), JSWorkletGlobalScope)
+#endif
     , m_outputConstraintSpace("WebCore Wrapper w/ Output Constraint", vm.heap, vm.destructibleObjectHeapCellType.get(), vm.fastMallocAllocator.get()) // Hash:0x7724c2e4
-    , m_globalObjectOutputConstraintSpace("WebCore Global Object w/ Output Constraint", vm.heap, vm.cellHeapCellType.get(), vm.fastMallocAllocator.get()) // Hash:0x522d6ec9
 {
 }
 
index b73ac1e..b5fa7fd 100644 (file)
@@ -62,13 +62,34 @@ public:
     JSC::IsoSubspace& runtimeMethodSpace() { return m_runtimeMethodSpace; }
     
     JSC::CompleteSubspace& outputConstraintSpace() { return m_outputConstraintSpace; }
-    JSC::CompleteSubspace& globalObjectOutputConstraintSpace() { return m_globalObjectOutputConstraintSpace; }
+
+    JSC::IsoSubspace& subspaceForJSDOMWindow() { return m_subspaceForJSDOMWindow; }
+    JSC::IsoSubspace& subspaceForJSDedicatedWorkerGlobalScope() { return m_subspaceForJSDedicatedWorkerGlobalScope; }
+    JSC::IsoSubspace& subspaceForJSRemoteDOMWindow() { return m_subspaceForJSRemoteDOMWindow; }
+    JSC::IsoSubspace& subspaceForJSWorkerGlobalScope() { return m_subspaceForJSWorkerGlobalScope; }
+#if ENABLE(SERVICE_WORKER)
+    JSC::IsoSubspace& subspaceForJSServiceWorkerGlobalScope() { return m_subspaceForJSServiceWorkerGlobalScope; }
+#endif
+#if ENABLE(CSS_PAINTING_API)
+    JSC::IsoSubspace& subspaceForJSPaintWorkletGlobalScope() { return m_subspaceForJSPaintWorkletGlobalScope; }
+    JSC::IsoSubspace& subspaceForJSWorkletGlobalScope() { return m_subspaceForJSWorkletGlobalScope; }
+#endif
     
     template<typename Func>
     void forEachOutputConstraintSpace(const Func& func)
     {
         func(m_outputConstraintSpace);
-        func(m_globalObjectOutputConstraintSpace);
+        func(m_subspaceForJSDOMWindow);
+        func(m_subspaceForJSDedicatedWorkerGlobalScope);
+        func(m_subspaceForJSRemoteDOMWindow);
+        func(m_subspaceForJSWorkerGlobalScope);
+#if ENABLE(SERVICE_WORKER)
+        func(m_subspaceForJSServiceWorkerGlobalScope);
+#endif
+#if ENABLE(CSS_PAINTING_API)
+        func(m_subspaceForJSPaintWorkletGlobalScope);
+        func(m_subspaceForJSWorkletGlobalScope);
+#endif
     }
 
 private:
@@ -77,11 +98,34 @@ private:
 
     JSBuiltinFunctions m_builtinFunctions;
     WebCoreBuiltinNames m_builtinNames;
-    
+
+    std::unique_ptr<JSC::HeapCellType> m_heapCellTypeForJSDOMWindow;
+    std::unique_ptr<JSC::HeapCellType> m_heapCellTypeForJSDedicatedWorkerGlobalScope;
+    std::unique_ptr<JSC::HeapCellType> m_heapCellTypeForJSRemoteDOMWindow;
+    std::unique_ptr<JSC::HeapCellType> m_heapCellTypeForJSWorkerGlobalScope;
+#if ENABLE(SERVICE_WORKER)
+    std::unique_ptr<JSC::HeapCellType> m_heapCellTypeForJSServiceWorkerGlobalScope;
+#endif
+#if ENABLE(CSS_PAINTING_API)
+    std::unique_ptr<JSC::HeapCellType> m_heapCellTypeForJSPaintWorkletGlobalScope;
+    std::unique_ptr<JSC::HeapCellType> m_heapCellTypeForJSWorkletGlobalScope;
+#endif
+
     JSC::IsoSubspace m_runtimeMethodSpace;
+
+    JSC::IsoSubspace m_subspaceForJSDOMWindow;
+    JSC::IsoSubspace m_subspaceForJSDedicatedWorkerGlobalScope;
+    JSC::IsoSubspace m_subspaceForJSRemoteDOMWindow;
+    JSC::IsoSubspace m_subspaceForJSWorkerGlobalScope;
+#if ENABLE(SERVICE_WORKER)
+    JSC::IsoSubspace m_subspaceForJSServiceWorkerGlobalScope;
+#endif
+#if ENABLE(CSS_PAINTING_API)
+    JSC::IsoSubspace m_subspaceForJSPaintWorkletGlobalScope;
+    JSC::IsoSubspace m_subspaceForJSWorkletGlobalScope;
+#endif
     
     JSC::CompleteSubspace m_outputConstraintSpace;
-    JSC::CompleteSubspace m_globalObjectOutputConstraintSpace;
 };
 
 } // namespace WebCore
index cf20465..229b30d 100644 (file)
@@ -2622,8 +2622,6 @@ sub GenerateHeader
         push(@headerContent, "    }\n\n");
     }
 
-    push(@headerContent, "    static constexpr bool needsDestruction = false;\n\n") if IsDOMGlobalObject($interface);
-
     $structureFlags{"JSC::HasStaticPropertyTable"} = 1 if InstancePropertyCount($interface) > 0;
     $structureFlags{"JSC::NewImpurePropertyFiresWatchpoints"} = 1 if $interface->extendedAttributes->{NewImpurePropertyFiresWatchpoints};
     $structureFlags{"JSC::IsImmutablePrototypeExoticObject"} = 1 if $interface->extendedAttributes->{IsImmutablePrototypeExoticObject};
@@ -2793,6 +2791,13 @@ sub GenerateHeader
         }
     }
 
+    # FIXME: We put this unconditionally to put all the WebCore JS wrappers in each IsoSubspace.
+    # https://bugs.webkit.org/show_bug.cgi?id=205107
+    if (IsDOMGlobalObject($interface)) {
+        push(@headerContent, "    template<typename, JSC::SubspaceAccess> static JSC::IsoSubspace* subspaceFor(JSC::VM& vm) { return subspaceForImpl(vm); }\n");
+        push(@headerContent, "    static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);\n");
+    }
+
     # visit function
     if ($needsVisitChildren) {
         push(@headerContent, "    static void visitChildren(JSCell*, JSC::SlotVisitor&);\n");
@@ -2812,8 +2817,9 @@ sub GenerateHeader
             # program resumed since the last call to visitChildren or visitOutputConstraints. Since
             # this just calls visitAdditionalChildren, you usually don't have to worry about this.
             push(@headerContent, "    static void visitOutputConstraints(JSCell*, JSC::SlotVisitor&);\n");
-            my $subspaceFunc = IsDOMGlobalObject($interface) ? "globalObjectOutputConstraintSubspaceFor" : "outputConstraintSubspaceFor";
-            push(@headerContent, "    template<typename, JSC::SubspaceAccess> static JSC::CompleteSubspace* subspaceFor(JSC::VM& vm) { return $subspaceFunc(vm); }\n");
+            if (!IsDOMGlobalObject($interface)) {
+                push(@headerContent, "    template<typename, JSC::SubspaceAccess> static JSC::CompleteSubspace* subspaceFor(JSC::VM& vm) { return outputConstraintSubspaceFor(vm); }\n");
+            }
         }
     }
 
@@ -4614,6 +4620,14 @@ sub GenerateImplementation
     GenerateIterableDefinition($interface) if $interface->iterable;
     GenerateSerializerDefinition($interface, $className) if $interface->serializable;
 
+    if (IsDOMGlobalObject($interface)) {
+        AddToImplIncludes("WebCoreJSClientData.h");
+        push(@implContent, "JSC::IsoSubspace* ${className}::subspaceForImpl(JSC::VM& vm)\n");
+        push(@implContent, "{\n");
+        push(@implContent, "    return &static_cast<JSVMClientData*>(vm.clientData)->subspaceFor${className}();\n");
+        push(@implContent, "}\n\n");
+    }
+
     if ($needsVisitChildren) {
         push(@implContent, "void ${className}::visitChildren(JSCell* cell, SlotVisitor& visitor)\n");
         push(@implContent, "{\n");
@@ -7190,7 +7204,8 @@ sub GeneratePrototypeDeclaration
         push(@$outputArray, ";\n");
     }
 
-    push(@$outputArray, "};\n\n");
+    push(@$outputArray, "};\n");
+    push(@$outputArray, "STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(${prototypeClassName}, ${prototypeClassName}::Base);\n\n");
 }
 
 sub GetConstructorTemplateClassName
index 7abebfd..511308b 100644 (file)
@@ -67,6 +67,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSInterfaceNamePrototype, JSInterfaceNamePrototype::Base);
 
 using JSInterfaceNameConstructor = JSDOMConstructorNotConstructable<JSInterfaceName>;
 
index d68deaf..480ac17 100644 (file)
@@ -86,6 +86,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSMapLikePrototype, JSMapLikePrototype::Base);
 
 using JSMapLikeConstructor = JSDOMConstructorNotConstructable<JSMapLike>;
 
index e8a0da3..e1c5378 100644 (file)
@@ -83,6 +83,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSReadOnlyMapLikePrototype, JSReadOnlyMapLikePrototype::Base);
 
 using JSReadOnlyMapLikeConstructor = JSDOMConstructorNotConstructable<JSReadOnlyMapLike>;
 
index 372fcc6..34cfdbd 100644 (file)
@@ -81,6 +81,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSReadOnlySetLikePrototype, JSReadOnlySetLikePrototype::Base);
 
 using JSReadOnlySetLikeConstructor = JSDOMConstructorNotConstructable<JSReadOnlySetLike>;
 
index bd7c30f..73e64a8 100644 (file)
@@ -84,6 +84,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSSetLikePrototype, JSSetLikePrototype::Base);
 
 using JSSetLikeConstructor = JSDOMConstructorNotConstructable<JSSetLike>;
 
index 8cf1456..e1371c3 100644 (file)
@@ -82,6 +82,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestActiveDOMObjectPrototype, JSTestActiveDOMObjectPrototype::Base);
 
 using JSTestActiveDOMObjectConstructor = JSDOMConstructorNotConstructable<JSTestActiveDOMObject>;
 
index c7aaa0a..5749eb4 100644 (file)
@@ -92,6 +92,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestCEReactionsPrototype, JSTestCEReactionsPrototype::Base);
 
 using JSTestCEReactionsConstructor = JSDOMConstructorNotConstructable<JSTestCEReactions>;
 
index e93726e..e7f1e3f 100644 (file)
@@ -79,6 +79,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestCEReactionsStringifierPrototype, JSTestCEReactionsStringifierPrototype::Base);
 
 using JSTestCEReactionsStringifierConstructor = JSDOMConstructorNotConstructable<JSTestCEReactionsStringifier>;
 
index 0d02343..623eab6 100644 (file)
@@ -97,6 +97,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestCallTracerPrototype, JSTestCallTracerPrototype::Base);
 
 using JSTestCallTracerConstructor = JSDOMConstructorNotConstructable<JSTestCallTracer>;
 
index df4ac76..6a9a49c 100644 (file)
@@ -68,6 +68,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestClassWithJSBuiltinConstructorPrototype, JSTestClassWithJSBuiltinConstructorPrototype::Base);
 
 using JSTestClassWithJSBuiltinConstructorConstructor = JSDOMBuiltinConstructor<JSTestClassWithJSBuiltinConstructor>;
 
index 193e228..6f3e34e 100644 (file)
@@ -490,6 +490,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestDOMJITPrototype, JSTestDOMJITPrototype::Base);
 
 using JSTestDOMJITConstructor = JSDOMConstructorNotConstructable<JSTestDOMJIT>;
 
index a325880..6c36339 100644 (file)
@@ -89,6 +89,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestEnabledBySettingPrototype, JSTestEnabledBySettingPrototype::Base);
 
 using JSTestEnabledBySettingConstructor = JSDOMConstructorNotConstructable<JSTestEnabledBySetting>;
 
index 0bfb564..fedbbb5 100644 (file)
@@ -74,6 +74,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestEnabledForContextPrototype, JSTestEnabledForContextPrototype::Base);
 
 using JSTestEnabledForContextConstructor = JSDOMConstructorNotConstructable<JSTestEnabledForContext>;
 
index ddcb215..8b8960b 100644 (file)
@@ -151,6 +151,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestEventConstructorPrototype, JSTestEventConstructorPrototype::Base);
 
 using JSTestEventConstructorConstructor = JSDOMConstructor<JSTestEventConstructor>;
 
index 082cd8c..f947fc6 100644 (file)
@@ -77,6 +77,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestEventTargetPrototype, JSTestEventTargetPrototype::Base);
 
 using JSTestEventTargetConstructor = JSDOMConstructorNotConstructable<JSTestEventTarget>;
 
index 9680d28..6b2daed 100644 (file)
@@ -70,6 +70,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestExceptionPrototype, JSTestExceptionPrototype::Base);
 
 using JSTestExceptionConstructor = JSDOMConstructorNotConstructable<JSTestException>;
 
index 3c5ceba..f84a319 100644 (file)
@@ -70,6 +70,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestGenerateIsReachablePrototype, JSTestGenerateIsReachablePrototype::Base);
 
 using JSTestGenerateIsReachableConstructor = JSDOMConstructorNotConstructable<JSTestGenerateIsReachable>;
 
index a1345e7..01d897e 100644 (file)
@@ -2777,6 +2777,11 @@ EncodedJSValue JSC_HOST_CALL jsTestGlobalObjectInstanceFunctionTestFeatureGetSec
 
 #endif
 
+JSC::IsoSubspace* JSTestGlobalObject::subspaceForImpl(JSC::VM& vm)
+{
+    return &static_cast<JSVMClientData*>(vm.clientData)->subspaceForJSTestGlobalObject();
+}
+
 void JSTestGlobalObject::analyzeHeap(JSCell* cell, HeapAnalyzer& analyzer)
 {
     auto* thisObject = jsCast<JSTestGlobalObject*>(cell);
index c1e1e63..58f7368 100644 (file)
@@ -38,8 +38,6 @@ public:
         return ptr;
     }
 
-    static constexpr bool needsDestruction = false;
-
     static TestGlobalObject* toWrapped(JSC::VM&, JSC::JSValue);
     static void destroy(JSC::JSCell*);
 
@@ -51,6 +49,8 @@ public:
     }
 
     static JSC::JSValue getConstructor(JSC::VM&, const JSC::JSGlobalObject*);
+    template<typename, JSC::SubspaceAccess> static JSC::IsoSubspace* subspaceFor(JSC::VM& vm) { return subspaceForImpl(vm); }
+    static JSC::IsoSubspace* subspaceForImpl(JSC::VM& vm);
     static void analyzeHeap(JSCell*, JSC::HeapAnalyzer&);
 public:
     static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::HasStaticPropertyTable;
@@ -106,6 +106,7 @@ private:
 public:
     static constexpr unsigned StructureFlags = Base::StructureFlags | JSC::HasStaticPropertyTable;
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestGlobalObjectPrototype, JSTestGlobalObjectPrototype::Base);
 
 template<> struct JSDOMWrapperConverterTraits<TestGlobalObject> {
     using WrapperClass = JSTestGlobalObject;
index 982c161..2173bc3 100644 (file)
@@ -69,6 +69,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestIndexedSetterNoIdentifierPrototype, JSTestIndexedSetterNoIdentifierPrototype::Base);
 
 using JSTestIndexedSetterNoIdentifierConstructor = JSDOMConstructorNotConstructable<JSTestIndexedSetterNoIdentifier>;
 
index da4e2d9..6aed112 100644 (file)
@@ -69,6 +69,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestIndexedSetterThrowingExceptionPrototype, JSTestIndexedSetterThrowingExceptionPrototype::Base);
 
 using JSTestIndexedSetterThrowingExceptionConstructor = JSDOMConstructorNotConstructable<JSTestIndexedSetterThrowingException>;
 
index 8e1e1d5..254c8b4 100644 (file)
@@ -75,6 +75,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestIndexedSetterWithIdentifierPrototype, JSTestIndexedSetterWithIdentifierPrototype::Base);
 
 using JSTestIndexedSetterWithIdentifierConstructor = JSDOMConstructorNotConstructable<JSTestIndexedSetterWithIdentifier>;
 
index e984d3e..94fbae9 100644 (file)
@@ -181,6 +181,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestInterfacePrototype, JSTestInterfacePrototype::Base);
 
 using JSTestInterfaceConstructor = JSDOMConstructor<JSTestInterface>;
 
index 2713018..65f2191 100644 (file)
@@ -70,6 +70,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestInterfaceLeadingUnderscorePrototype, JSTestInterfaceLeadingUnderscorePrototype::Base);
 
 using JSTestInterfaceLeadingUnderscoreConstructor = JSDOMConstructorNotConstructable<JSTestInterfaceLeadingUnderscore>;
 
index dd39824..e879665 100644 (file)
@@ -80,6 +80,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestIterablePrototype, JSTestIterablePrototype::Base);
 
 using JSTestIterableConstructor = JSDOMConstructorNotConstructable<JSTestIterable>;
 
index 47e270e..8ece1f4 100644 (file)
@@ -73,6 +73,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestJSBuiltinConstructorPrototype, JSTestJSBuiltinConstructorPrototype::Base);
 
 using JSTestJSBuiltinConstructorConstructor = JSDOMBuiltinConstructor<JSTestJSBuiltinConstructor>;
 
index 7c53540..e03a71e 100644 (file)
@@ -75,6 +75,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestMediaQueryListListenerPrototype, JSTestMediaQueryListListenerPrototype::Base);
 
 using JSTestMediaQueryListListenerConstructor = JSDOMConstructorNotConstructable<JSTestMediaQueryListListener>;
 
index 4d2834c..d2911df 100644 (file)
@@ -70,6 +70,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestNamedAndIndexedSetterNoIdentifierPrototype, JSTestNamedAndIndexedSetterNoIdentifierPrototype::Base);
 
 using JSTestNamedAndIndexedSetterNoIdentifierConstructor = JSDOMConstructorNotConstructable<JSTestNamedAndIndexedSetterNoIdentifier>;
 
index 5fc57e5..9ef23a4 100644 (file)
@@ -70,6 +70,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestNamedAndIndexedSetterThrowingExceptionPrototype, JSTestNamedAndIndexedSetterThrowingExceptionPrototype::Base);
 
 using JSTestNamedAndIndexedSetterThrowingExceptionConstructor = JSDOMConstructorNotConstructable<JSTestNamedAndIndexedSetterThrowingException>;
 
index c2a924a..fc4c879 100644 (file)
@@ -77,6 +77,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestNamedAndIndexedSetterWithIdentifierPrototype, JSTestNamedAndIndexedSetterWithIdentifierPrototype::Base);
 
 using JSTestNamedAndIndexedSetterWithIdentifierConstructor = JSDOMConstructorNotConstructable<JSTestNamedAndIndexedSetterWithIdentifier>;
 
index 7cd7c41..cf1bf0f 100644 (file)
@@ -70,6 +70,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestNamedConstructorPrototype, JSTestNamedConstructorPrototype::Base);
 
 using JSTestNamedConstructorConstructor = JSDOMConstructorNotConstructable<JSTestNamedConstructor>;
 using JSTestNamedConstructorNamedConstructor = JSDOMNamedConstructor<JSTestNamedConstructor>;
index ce205db..06b4820 100644 (file)
@@ -69,6 +69,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestNamedDeleterNoIdentifierPrototype, JSTestNamedDeleterNoIdentifierPrototype::Base);
 
 using JSTestNamedDeleterNoIdentifierConstructor = JSDOMConstructorNotConstructable<JSTestNamedDeleterNoIdentifier>;
 
index c74ed25..a91055b 100644 (file)
@@ -69,6 +69,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestNamedDeleterThrowingExceptionPrototype, JSTestNamedDeleterThrowingExceptionPrototype::Base);
 
 using JSTestNamedDeleterThrowingExceptionConstructor = JSDOMConstructorNotConstructable<JSTestNamedDeleterThrowingException>;
 
index 686e6f9..5d06ee9 100644 (file)
@@ -74,6 +74,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestNamedDeleterWithIdentifierPrototype, JSTestNamedDeleterWithIdentifierPrototype::Base);
 
 using JSTestNamedDeleterWithIdentifierConstructor = JSDOMConstructorNotConstructable<JSTestNamedDeleterWithIdentifier>;
 
index 758c90f..fe0ea58 100644 (file)
@@ -70,6 +70,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestNamedDeleterWithIndexedGetterPrototype, JSTestNamedDeleterWithIndexedGetterPrototype::Base);
 
 using JSTestNamedDeleterWithIndexedGetterConstructor = JSDOMConstructorNotConstructable<JSTestNamedDeleterWithIndexedGetter>;
 
index 61c1b1f..6fa013c 100644 (file)
@@ -69,6 +69,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestNamedGetterCallWithPrototype, JSTestNamedGetterCallWithPrototype::Base);
 
 using JSTestNamedGetterCallWithConstructor = JSDOMConstructorNotConstructable<JSTestNamedGetterCallWith>;
 
index d317026..e93f2b2 100644 (file)
@@ -69,6 +69,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestNamedGetterNoIdentifierPrototype, JSTestNamedGetterNoIdentifierPrototype::Base);
 
 using JSTestNamedGetterNoIdentifierConstructor = JSDOMConstructorNotConstructable<JSTestNamedGetterNoIdentifier>;
 
index 00c3d00..0c4b404 100644 (file)
@@ -74,6 +74,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestNamedGetterWithIdentifierPrototype, JSTestNamedGetterWithIdentifierPrototype::Base);
 
 using JSTestNamedGetterWithIdentifierConstructor = JSDOMConstructorNotConstructable<JSTestNamedGetterWithIdentifier>;
 
index 04ca482..1920d27 100644 (file)
@@ -69,6 +69,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestNamedSetterNoIdentifierPrototype, JSTestNamedSetterNoIdentifierPrototype::Base);
 
 using JSTestNamedSetterNoIdentifierConstructor = JSDOMConstructorNotConstructable<JSTestNamedSetterNoIdentifier>;
 
index 633a400..a2ea45b 100644 (file)
@@ -69,6 +69,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestNamedSetterThrowingExceptionPrototype, JSTestNamedSetterThrowingExceptionPrototype::Base);
 
 using JSTestNamedSetterThrowingExceptionConstructor = JSDOMConstructorNotConstructable<JSTestNamedSetterThrowingException>;
 
index 9757b0a..d9ebc2b 100644 (file)
@@ -74,6 +74,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestNamedSetterWithIdentifierPrototype, JSTestNamedSetterWithIdentifierPrototype::Base);
 
 using JSTestNamedSetterWithIdentifierConstructor = JSDOMConstructorNotConstructable<JSTestNamedSetterWithIdentifier>;
 
index a6a2992..1058744 100644 (file)
@@ -77,6 +77,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestNamedSetterWithIndexedGetterPrototype, JSTestNamedSetterWithIndexedGetterPrototype::Base);
 
 using JSTestNamedSetterWithIndexedGetterConstructor = JSDOMConstructorNotConstructable<JSTestNamedSetterWithIndexedGetter>;
 
index 3088e5f..413db20 100644 (file)
@@ -77,6 +77,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestNamedSetterWithIndexedGetterAndSetterPrototype, JSTestNamedSetterWithIndexedGetterAndSetterPrototype::Base);
 
 using JSTestNamedSetterWithIndexedGetterAndSetterConstructor = JSDOMConstructorNotConstructable<JSTestNamedSetterWithIndexedGetterAndSetter>;
 
index 37b3c75..1206323 100644 (file)
@@ -69,6 +69,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestNamedSetterWithOverrideBuiltinsPrototype, JSTestNamedSetterWithOverrideBuiltinsPrototype::Base);
 
 using JSTestNamedSetterWithOverrideBuiltinsConstructor = JSDOMConstructorNotConstructable<JSTestNamedSetterWithOverrideBuiltins>;
 
index 210737f..8fe5432 100644 (file)
@@ -76,6 +76,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestNamedSetterWithUnforgablePropertiesPrototype, JSTestNamedSetterWithUnforgablePropertiesPrototype::Base);
 
 using JSTestNamedSetterWithUnforgablePropertiesConstructor = JSDOMConstructorNotConstructable<JSTestNamedSetterWithUnforgableProperties>;
 
index c745c56..a80a9a2 100644 (file)
@@ -76,6 +76,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltinsPrototype, JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltinsPrototype::Base);
 
 using JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltinsConstructor = JSDOMConstructorNotConstructable<JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins>;
 
index 7c33712..97f3f9e 100644 (file)
@@ -94,6 +94,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestNodePrototype, JSTestNodePrototype::Base);
 
 using JSTestNodeConstructor = JSDOMConstructor<JSTestNode>;
 
index d76ed9f..ffe4a0e 100644 (file)
@@ -1827,6 +1827,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestObjPrototype, JSTestObjPrototype::Base);
 
 using JSTestObjConstructor = JSDOMConstructor<JSTestObj>;
 
index 0cadc2d..fffec91 100644 (file)
@@ -73,6 +73,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestOverloadedConstructorsPrototype, JSTestOverloadedConstructorsPrototype::Base);
 
 using JSTestOverloadedConstructorsConstructor = JSDOMConstructor<JSTestOverloadedConstructors>;
 
index 7c261cf..b0b960f 100644 (file)
@@ -72,6 +72,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestOverloadedConstructorsWithSequencePrototype, JSTestOverloadedConstructorsWithSequencePrototype::Base);
 
 using JSTestOverloadedConstructorsWithSequenceConstructor = JSDOMConstructor<JSTestOverloadedConstructorsWithSequence>;
 
index 055f735..d13e7ff 100644 (file)
@@ -77,6 +77,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestOverrideBuiltinsPrototype, JSTestOverrideBuiltinsPrototype::Base);
 
 using JSTestOverrideBuiltinsConstructor = JSDOMConstructorNotConstructable<JSTestOverrideBuiltins>;
 
index e576bdf..b6586e7 100644 (file)
@@ -68,6 +68,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestPluginInterfacePrototype, JSTestPluginInterfacePrototype::Base);
 
 using JSTestPluginInterfaceConstructor = JSDOMConstructorNotConstructable<JSTestPluginInterface>;
 
index cdd67b4..870f231 100644 (file)
@@ -152,6 +152,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestPromiseRejectionEventPrototype, JSTestPromiseRejectionEventPrototype::Base);
 
 using JSTestPromiseRejectionEventConstructor = JSDOMConstructor<JSTestPromiseRejectionEvent>;
 
index c34f80e..4441914 100644 (file)
@@ -109,6 +109,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestSerializationPrototype, JSTestSerializationPrototype::Base);
 
 using JSTestSerializationConstructor = JSDOMConstructorNotConstructable<JSTestSerialization>;
 
index f5d3776..79ebca1 100644 (file)
@@ -66,6 +66,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestSerializationIndirectInheritancePrototype, JSTestSerializationIndirectInheritancePrototype::Base);
 
 using JSTestSerializationIndirectInheritanceConstructor = JSDOMConstructorNotConstructable<JSTestSerializationIndirectInheritance>;
 
index c612e95..a6e82e2 100644 (file)
@@ -76,6 +76,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestSerializationInheritPrototype, JSTestSerializationInheritPrototype::Base);
 
 using JSTestSerializationInheritConstructor = JSDOMConstructorNotConstructable<JSTestSerializationInherit>;
 
index e79318d..0b3186f 100644 (file)
@@ -78,6 +78,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestSerializationInheritFinalPrototype, JSTestSerializationInheritFinalPrototype::Base);
 
 using JSTestSerializationInheritFinalConstructor = JSDOMConstructorNotConstructable<JSTestSerializationInheritFinal>;
 
index f412122..67da6d8 100644 (file)
@@ -91,6 +91,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestSerializedScriptValueInterfacePrototype, JSTestSerializedScriptValueInterfacePrototype::Base);
 
 using JSTestSerializedScriptValueInterfaceConstructor = JSDOMConstructorNotConstructable<JSTestSerializedScriptValueInterface>;
 
index 7aec6dc..6dce1b8 100644 (file)
@@ -73,6 +73,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestStringifierPrototype, JSTestStringifierPrototype::Base);
 
 using JSTestStringifierConstructor = JSDOMConstructorNotConstructable<JSTestStringifier>;
 
index ba98920..816bcdc 100644 (file)
@@ -73,6 +73,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestStringifierAnonymousOperationPrototype, JSTestStringifierAnonymousOperationPrototype::Base);
 
 using JSTestStringifierAnonymousOperationConstructor = JSDOMConstructorNotConstructable<JSTestStringifierAnonymousOperation>;
 
index 24651a1..9c3ecc8 100644 (file)
@@ -74,6 +74,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestStringifierNamedOperationPrototype, JSTestStringifierNamedOperationPrototype::Base);
 
 using JSTestStringifierNamedOperationConstructor = JSDOMConstructorNotConstructable<JSTestStringifierNamedOperation>;
 
index 95b024d..b562c32 100644 (file)
@@ -74,6 +74,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestStringifierOperationImplementedAsPrototype, JSTestStringifierOperationImplementedAsPrototype::Base);
 
 using JSTestStringifierOperationImplementedAsConstructor = JSDOMConstructorNotConstructable<JSTestStringifierOperationImplementedAs>;
 
index f7725eb..779159f 100644 (file)
@@ -73,6 +73,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestStringifierOperationNamedToStringPrototype, JSTestStringifierOperationNamedToStringPrototype::Base);
 
 using JSTestStringifierOperationNamedToStringConstructor = JSDOMConstructorNotConstructable<JSTestStringifierOperationNamedToString>;
 
index 67cd738..3569c35 100644 (file)
@@ -75,6 +75,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestStringifierReadOnlyAttributePrototype, JSTestStringifierReadOnlyAttributePrototype::Base);
 
 using JSTestStringifierReadOnlyAttributeConstructor = JSDOMConstructorNotConstructable<JSTestStringifierReadOnlyAttribute>;
 
index d6715db..1338a27 100644 (file)
@@ -76,6 +76,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestStringifierReadWriteAttributePrototype, JSTestStringifierReadWriteAttributePrototype::Base);
 
 using JSTestStringifierReadWriteAttributeConstructor = JSDOMConstructorNotConstructable<JSTestStringifierReadWriteAttribute>;
 
index 75b0c3e..2719eae 100644 (file)
@@ -119,6 +119,7 @@ private:
 
     void finishCreation(JSC::VM&);
 };
+STATIC_ASSERT_ISO_SUBSPACE_SHARABLE(JSTestTypedefsPrototype, JSTestTypedefsPrototype::Base);
 
 using JSTestTypedefsConstructor = JSDOMConstructor<JSTestTypedefs>;
 
index 6742dfb..053243e 100644 (file)
@@ -38,7 +38,7 @@ public:
     static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetCallData;
 
     template<typename CellType, JSC::SubspaceAccess>
-    static IsoSubspace* subspaceFor(VM& vm)
+    static IsoSubspace* subspaceFor(JSC::VM& vm)
     {
         static_assert(sizeof(CellType) == sizeof(RuntimeMethod), "RuntimeMethod subclasses that add fields need to override subspaceFor<>()");
         return subspaceForImpl(vm);