[JSC] Put all API related JS cells into IsoSubspace
authorysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 11 Dec 2019 09:48:01 +0000 (09:48 +0000)
committerysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 11 Dec 2019 09:48:01 +0000 (09:48 +0000)
https://bugs.webkit.org/show_bug.cgi?id=205097

Reviewed by Mark Lam.

Source/JavaScriptCore:

This patch puts API related JS cells into IsoSubspace.

* API/JSAPIGlobalObject.h:
(JSC::JSAPIGlobalObject::create): Deleted.
(JSC::JSAPIGlobalObject::createStructure): Deleted.
(JSC::JSAPIGlobalObject::JSAPIGlobalObject): Deleted.
* API/JSAPIValueWrapper.h:
* API/JSAPIWrapperObject.h:
(JSC::JSAPIWrapperObject::subspaceFor):
* API/JSAPIWrapperObject.mm:
(JSC::JSCallbackObject<JSAPIWrapperObject>::subspaceForImpl):
* API/JSCallbackConstructor.cpp:
(JSC::JSCallbackConstructor::JSCallbackConstructor):
* API/JSCallbackConstructor.h:
* API/JSCallbackObject.cpp:
(JSC::JSCallbackObject<JSNonFinalObject>::createStructure):
(JSC::JSCallbackObject<JSNonFinalObject>::subspaceForImpl):
(JSC::JSCallbackObject<JSGlobalObject>::subspaceForImpl):
(JSC::JSCallbackObject<JSDestructibleObject>::createStructure): Deleted.
* API/JSCallbackObject.h:
* API/JSCallbackObjectFunctions.h:
(JSC::JSCallbackObject<Parent>::init):
* API/JSClassRef.cpp:
(OpaqueJSClass::prototype):
* API/JSObjectRef.cpp:
(JSObjectMake):
(JSObjectGetPrivate):
(JSObjectSetPrivate):
(JSObjectGetPrivateProperty):
(JSObjectSetPrivateProperty):
(JSObjectDeletePrivateProperty):
* API/JSValueRef.cpp:
(JSValueIsObjectOfClass):
* API/JSWeakObjectMapRefPrivate.cpp:
* API/glib/JSAPIWrapperGlobalObject.cpp:
(JSC::JSCallbackObject<JSAPIWrapperGlobalObject>::subspaceForImpl):
* API/glib/JSAPIWrapperGlobalObject.h:
(JSC::JSAPIWrapperGlobalObject::subspaceFor):
* API/glib/JSAPIWrapperObjectGLib.cpp:
(JSC::JSCallbackObject<JSAPIWrapperObject>::subspaceForImpl):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
* runtime/JSSegmentedVariableObject.cpp:
(JSC::JSSegmentedVariableObject::finishCreation):
* runtime/JSSegmentedVariableObject.h:
(JSC::JSSegmentedVariableObject::classInfo const):
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:

Source/WebCore:

* bindings/js/JSDOMGlobalObject.cpp:
(WebCore::JSDOMGlobalObject::finishCreation):
* bindings/js/JSDOMWrapper.cpp:
(WebCore::JSDOMObject::JSDOMObject):
* bindings/js/JSWindowProxy.cpp:
(WebCore::JSWindowProxy::setWindow):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@253365 268f45cc-cd09-0410-ab3c-d52691b4dbfc

26 files changed:
Source/JavaScriptCore/API/JSAPIGlobalObject.h
Source/JavaScriptCore/API/JSAPIValueWrapper.h
Source/JavaScriptCore/API/JSAPIWrapperObject.h
Source/JavaScriptCore/API/JSAPIWrapperObject.mm
Source/JavaScriptCore/API/JSCallbackConstructor.cpp
Source/JavaScriptCore/API/JSCallbackConstructor.h
Source/JavaScriptCore/API/JSCallbackObject.cpp
Source/JavaScriptCore/API/JSCallbackObject.h
Source/JavaScriptCore/API/JSCallbackObjectFunctions.h
Source/JavaScriptCore/API/JSClassRef.cpp
Source/JavaScriptCore/API/JSObjectRef.cpp
Source/JavaScriptCore/API/JSValueRef.cpp
Source/JavaScriptCore/API/JSWeakObjectMapRefPrivate.cpp
Source/JavaScriptCore/API/glib/JSAPIWrapperGlobalObject.cpp
Source/JavaScriptCore/API/glib/JSAPIWrapperGlobalObject.h
Source/JavaScriptCore/API/glib/JSAPIWrapperObjectGLib.cpp
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/JSGlobalObject.cpp
Source/JavaScriptCore/runtime/JSSegmentedVariableObject.cpp
Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h
Source/JavaScriptCore/runtime/VM.cpp
Source/JavaScriptCore/runtime/VM.h
Source/WebCore/ChangeLog
Source/WebCore/bindings/js/JSDOMGlobalObject.cpp
Source/WebCore/bindings/js/JSDOMWrapper.cpp
Source/WebCore/bindings/js/JSWindowProxy.cpp

index 4b3bb15..60f6f66 100644 (file)
@@ -31,13 +31,19 @@ OBJC_CLASS JSScript;
 
 namespace JSC {
 
-class JSAPIGlobalObject : public JSGlobalObject {
+class JSAPIGlobalObject final : public JSGlobalObject {
 public:
     using Base = JSGlobalObject;
 
     DECLARE_EXPORT_INFO;
     static const GlobalObjectMethodTable s_globalObjectMethodTable;
 
+    template<typename CellType, SubspaceAccess mode>
+    static IsoSubspace* subspaceFor(VM& vm)
+    {
+        return vm.apiGlobalObjectSpace<mode>();
+    }
+
     static JSAPIGlobalObject* create(VM& vm, Structure* structure)
     {
         auto* object = new (NotNull, allocateCell<JSAPIGlobalObject>(vm.heap)) JSAPIGlobalObject(vm, structure);
index 41f509d..1f78229 100644 (file)
@@ -32,9 +32,15 @@ namespace JSC {
 class JSAPIValueWrapper final : public JSCell {
     friend JSValue jsAPIValueWrapper(JSGlobalObject*, JSValue);
 public:
-    typedef JSCell Base;
+    using Base = JSCell;
     static constexpr unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal;
 
+    template<typename CellType, SubspaceAccess mode>
+    static IsoSubspace* subspaceFor(VM& vm)
+    {
+        return vm.apiValueWrapperSpace<mode>();
+    }
+
     JSValue value() const { return m_value.get(); }
 
     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
index dd874dc..f3b98dc 100644 (file)
 
 namespace JSC {
     
-class JSAPIWrapperObject : public JSDestructibleObject {
+class JSAPIWrapperObject : public JSNonFinalObject {
 public:
-    typedef JSDestructibleObject Base;
+    using Base = JSNonFinalObject;
+
+    template<typename, SubspaceAccess>
+    static void subspaceFor(VM&) { RELEASE_ASSERT_NOT_REACHED(); }
     
     void finishCreation(VM&);
     static void visitChildren(JSCell*, JSC::SlotVisitor&);
index 58b74e7..0b22057 100644 (file)
@@ -105,6 +105,19 @@ void JSAPIWrapperObject::visitChildren(JSCell* cell, JSC::SlotVisitor& visitor)
         scanExternalObjectGraph(visitor.vm(), visitor, wrappedObject);
 }
 
+template <>
+IsoSubspace* JSCallbackObject<JSAPIWrapperObject>::subspaceForImpl(VM& vm, SubspaceAccess mode)
+{
+    switch (mode) {
+    case SubspaceAccess::OnMainThread:
+        return vm.apiWrapperObjectSpace<SubspaceAccess::OnMainThread>();
+    case SubspaceAccess::Concurrently:
+        return vm.apiWrapperObjectSpace<SubspaceAccess::Concurrently>();
+    }
+    RELEASE_ASSERT_NOT_REACHED();
+    return nullptr;
+}
+
 } // namespace JSC
 
 #endif // JSC_OBJC_API_ENABLED
index 070d75d..49f4ce7 100644 (file)
@@ -39,7 +39,7 @@ namespace JSC {
 const ClassInfo JSCallbackConstructor::s_info = { "CallbackConstructor", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSCallbackConstructor) };
 
 JSCallbackConstructor::JSCallbackConstructor(JSGlobalObject* globalObject, Structure* structure, JSClassRef jsClass, JSObjectCallAsConstructorCallback callback)
-    : JSDestructibleObject(globalObject->vm(), structure)
+    : Base(globalObject->vm(), structure)
     , m_class(jsClass)
     , m_callback(callback)
 {
index 25928fb..e572594 100644 (file)
 #ifndef JSCallbackConstructor_h
 #define JSCallbackConstructor_h
 
-#include "JSDestructibleObject.h"
 #include "JSObjectRef.h"
 
 namespace JSC {
 
-class JSCallbackConstructor final : public JSDestructibleObject {
+class JSCallbackConstructor final : public JSNonFinalObject {
 public:
-    typedef JSDestructibleObject Base;
+    using Base = JSNonFinalObject;
     static constexpr unsigned StructureFlags = Base::StructureFlags | ImplementsHasInstance | ImplementsDefaultHasInstance;
+    static constexpr bool needsDestruction = true;
+
+    template<typename CellType, SubspaceAccess mode>
+    static IsoSubspace* subspaceFor(VM& vm)
+    {
+        return vm.callbackConstructorSpace<mode>();
+    }
 
     static JSCallbackConstructor* create(JSGlobalObject* globalObject, Structure* structure, JSClassRef classRef, JSObjectCallAsConstructorCallback callback) 
     {
index cb63f49..0b9e520 100644 (file)
 #include "JSCallbackObject.h"
 
 #include "Heap.h"
+#include "JSAPIWrapperObject.h"
 #include "JSCInlines.h"
 #include <wtf/text/StringHash.h>
 
 namespace JSC {
 
 // Define the two types of JSCallbackObjects we support.
-template <> const ClassInfo JSCallbackObject<JSDestructibleObject>::s_info = { "CallbackObject", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSCallbackObject) };
+template <> const ClassInfo JSCallbackObject<JSNonFinalObject>::s_info = { "CallbackObject", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSCallbackObject) };
 template <> const ClassInfo JSCallbackObject<JSGlobalObject>::s_info = { "CallbackGlobalObject", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSCallbackObject) };
 
-template<> const bool JSCallbackObject<JSDestructibleObject>::needsDestruction = true;
+template<> const bool JSCallbackObject<JSNonFinalObject>::needsDestruction = true;
 template<> const bool JSCallbackObject<JSGlobalObject>::needsDestruction = false;
 
 template<>
@@ -49,7 +50,7 @@ JSCallbackObject<JSGlobalObject>* JSCallbackObject<JSGlobalObject>::create(VM& v
 }
 
 template <>
-Structure* JSCallbackObject<JSDestructibleObject>::createStructure(VM& vm, JSGlobalObject* globalObject, JSValue proto)
+Structure* JSCallbackObject<JSNonFinalObject>::createStructure(VM& vm, JSGlobalObject* globalObject, JSValue proto)
 { 
     return Structure::create(vm, globalObject, proto, TypeInfo(ObjectType, StructureFlags), info()); 
 }
@@ -60,4 +61,30 @@ Structure* JSCallbackObject<JSGlobalObject>::createStructure(VM& vm, JSGlobalObj
     return Structure::create(vm, globalObject, proto, TypeInfo(GlobalObjectType, StructureFlags), info()); 
 }
 
+template <>
+IsoSubspace* JSCallbackObject<JSNonFinalObject>::subspaceForImpl(VM& vm, SubspaceAccess mode)
+{
+    switch (mode) {
+    case SubspaceAccess::OnMainThread:
+        return vm.callbackObjectSpace<SubspaceAccess::OnMainThread>();
+    case SubspaceAccess::Concurrently:
+        return vm.callbackObjectSpace<SubspaceAccess::Concurrently>();
+    }
+    RELEASE_ASSERT_NOT_REACHED();
+    return nullptr;
+}
+
+template <>
+IsoSubspace* JSCallbackObject<JSGlobalObject>::subspaceForImpl(VM& vm, SubspaceAccess mode)
+{
+    switch (mode) {
+    case SubspaceAccess::OnMainThread:
+        return vm.callbackGlobalObjectSpace<SubspaceAccess::OnMainThread>();
+    case SubspaceAccess::Concurrently:
+        return vm.callbackGlobalObjectSpace<SubspaceAccess::Concurrently>();
+    }
+    RELEASE_ASSERT_NOT_REACHED();
+    return nullptr;
+}
+
 } // namespace JSC
index 4f5f4b6..034b357 100644 (file)
@@ -131,7 +131,7 @@ protected:
     void finishCreation(VM&);
 
 public:
-    typedef Parent Base;
+    using Base = Parent;
     static constexpr unsigned StructureFlags = Base::StructureFlags | ProhibitsPropertyCaching | OverridesGetOwnPropertySlot | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero | ImplementsHasInstance | OverridesGetPropertyNames | OverridesGetCallData;
     static_assert(!(StructureFlags & ImplementsDefaultHasInstance), "using customHasInstance");
 
@@ -153,6 +153,12 @@ public:
         static_cast<JSCallbackObject*>(cell)->JSCallbackObject::~JSCallbackObject();
     }
 
+    template<typename CellType, SubspaceAccess mode>
+    static IsoSubspace* subspaceFor(VM& vm)
+    {
+        return subspaceForImpl(vm, mode);
+    }
+
     void setPrivate(void* data);
     void* getPrivate();
 
@@ -184,6 +190,7 @@ public:
     using Parent::methodTable;
 
 private:
+    static IsoSubspace* subspaceForImpl(VM&, SubspaceAccess);
     static String className(const JSObject*, VM&);
     static String toStringName(const JSObject*, JSGlobalObject*);
 
index a029952..8e7962c 100644 (file)
@@ -125,7 +125,7 @@ void JSCallbackObject<Parent>::init(JSGlobalObject* globalObject)
         initialize(toRef(globalObject), toRef(jsCast<JSObject*>(this)));
     }
     
-    m_classInfo = this->classInfo();
+    m_classInfo = this->classInfo(getVM(globalObject));
 }
 
 template <class Parent>
index 4c126e4..92df638 100644 (file)
@@ -190,7 +190,7 @@ JSObject* OpaqueJSClass::prototype(JSGlobalObject* globalObject)
         return prototype;
 
     // Recursive, but should be good enough for our purposes
-    JSObject* prototype = JSCallbackObject<JSDestructibleObject>::create(globalObject, globalObject->callbackObjectStructure(), prototypeClass, &jsClassData); // set jsClassData as the object's private data, so it can clear our reference on destruction
+    JSObject* prototype = JSCallbackObject<JSNonFinalObject>::create(globalObject, globalObject->callbackObjectStructure(), prototypeClass, &jsClassData); // set jsClassData as the object's private data, so it can clear our reference on destruction
     if (parentClass) {
         if (JSObject* parentPrototype = parentClass->prototype(globalObject))
             prototype->setPrototypeDirect(globalObject->vm(), parentPrototype);
index b4bfefe..f7f9dab 100644 (file)
@@ -96,7 +96,7 @@ JSObjectRef JSObjectMake(JSContextRef ctx, JSClassRef jsClass, void* data)
     if (!jsClass)
         return toRef(constructEmptyObject(globalObject));
 
-    JSCallbackObject<JSDestructibleObject>* object = JSCallbackObject<JSDestructibleObject>::create(globalObject, globalObject->callbackObjectStructure(), jsClass, data);
+    JSCallbackObject<JSNonFinalObject>* object = JSCallbackObject<JSNonFinalObject>::create(globalObject, globalObject->callbackObjectStructure(), jsClass, data);
     if (JSObject* prototype = jsClass->prototype(globalObject))
         object->setPrototypeDirect(vm, prototype);
 
@@ -567,8 +567,8 @@ void* JSObjectGetPrivate(JSObjectRef object)
 
     if (classInfo->isSubClassOf(JSCallbackObject<JSGlobalObject>::info()))
         return static_cast<JSCallbackObject<JSGlobalObject>*>(jsObject)->getPrivate();
-    if (classInfo->isSubClassOf(JSCallbackObject<JSDestructibleObject>::info()))
-        return static_cast<JSCallbackObject<JSDestructibleObject>*>(jsObject)->getPrivate();
+    if (classInfo->isSubClassOf(JSCallbackObject<JSNonFinalObject>::info()))
+        return static_cast<JSCallbackObject<JSNonFinalObject>*>(jsObject)->getPrivate();
 #if JSC_OBJC_API_ENABLED
     if (classInfo->isSubClassOf(JSCallbackObject<JSAPIWrapperObject>::info()))
         return static_cast<JSCallbackObject<JSAPIWrapperObject>*>(jsObject)->getPrivate();
@@ -594,8 +594,8 @@ bool JSObjectSetPrivate(JSObjectRef object, void* data)
         static_cast<JSCallbackObject<JSGlobalObject>*>(jsObject)->setPrivate(data);
         return true;
     }
-    if (classInfo->isSubClassOf(JSCallbackObject<JSDestructibleObject>::info())) {
-        static_cast<JSCallbackObject<JSDestructibleObject>*>(jsObject)->setPrivate(data);
+    if (classInfo->isSubClassOf(JSCallbackObject<JSNonFinalObject>::info())) {
+        static_cast<JSCallbackObject<JSNonFinalObject>*>(jsObject)->setPrivate(data);
         return true;
     }
 #if JSC_OBJC_API_ENABLED
@@ -624,8 +624,8 @@ JSValueRef JSObjectGetPrivateProperty(JSContextRef ctx, JSObjectRef object, JSSt
 
     if (jsObject->inherits<JSCallbackObject<JSGlobalObject>>(vm))
         result = jsCast<JSCallbackObject<JSGlobalObject>*>(jsObject)->getPrivateProperty(name);
-    else if (jsObject->inherits<JSCallbackObject<JSDestructibleObject>>(vm))
-        result = jsCast<JSCallbackObject<JSDestructibleObject>*>(jsObject)->getPrivateProperty(name);
+    else if (jsObject->inherits<JSCallbackObject<JSNonFinalObject>>(vm))
+        result = jsCast<JSCallbackObject<JSNonFinalObject>*>(jsObject)->getPrivateProperty(name);
 #if JSC_OBJC_API_ENABLED
     else if (jsObject->inherits<JSCallbackObject<JSAPIWrapperObject>>(vm))
         result = jsCast<JSCallbackObject<JSAPIWrapperObject>*>(jsObject)->getPrivateProperty(name);
@@ -650,8 +650,8 @@ bool JSObjectSetPrivateProperty(JSContextRef ctx, JSObjectRef object, JSStringRe
         jsCast<JSCallbackObject<JSGlobalObject>*>(jsObject)->setPrivateProperty(vm, name, jsValue);
         return true;
     }
-    if (jsObject->inherits<JSCallbackObject<JSDestructibleObject>>(vm)) {
-        jsCast<JSCallbackObject<JSDestructibleObject>*>(jsObject)->setPrivateProperty(vm, name, jsValue);
+    if (jsObject->inherits<JSCallbackObject<JSNonFinalObject>>(vm)) {
+        jsCast<JSCallbackObject<JSNonFinalObject>*>(jsObject)->setPrivateProperty(vm, name, jsValue);
         return true;
     }
 #if JSC_OBJC_API_ENABLED
@@ -679,8 +679,8 @@ bool JSObjectDeletePrivateProperty(JSContextRef ctx, JSObjectRef object, JSStrin
         jsCast<JSCallbackObject<JSGlobalObject>*>(jsObject)->deletePrivateProperty(name);
         return true;
     }
-    if (jsObject->inherits<JSCallbackObject<JSDestructibleObject>>(vm)) {
-        jsCast<JSCallbackObject<JSDestructibleObject>*>(jsObject)->deletePrivateProperty(name);
+    if (jsObject->inherits<JSCallbackObject<JSNonFinalObject>>(vm)) {
+        jsCast<JSCallbackObject<JSNonFinalObject>*>(jsObject)->deletePrivateProperty(name);
         return true;
     }
 #if JSC_OBJC_API_ENABLED
index f5b650e..fb16c4d 100644 (file)
@@ -210,8 +210,8 @@ bool JSValueIsObjectOfClass(JSContextRef ctx, JSValueRef value, JSClassRef jsCla
 
         if (o->inherits<JSCallbackObject<JSGlobalObject>>(vm))
             return jsCast<JSCallbackObject<JSGlobalObject>*>(o)->inherits(jsClass);
-        if (o->inherits<JSCallbackObject<JSDestructibleObject>>(vm))
-            return jsCast<JSCallbackObject<JSDestructibleObject>*>(o)->inherits(jsClass);
+        if (o->inherits<JSCallbackObject<JSNonFinalObject>>(vm))
+            return jsCast<JSCallbackObject<JSNonFinalObject>*>(o)->inherits(jsClass);
 #if JSC_OBJC_API_ENABLED
         if (o->inherits<JSCallbackObject<JSAPIWrapperObject>>(vm))
             return jsCast<JSCallbackObject<JSAPIWrapperObject>*>(o)->inherits(jsClass);
index d2c537a..23e251f 100644 (file)
@@ -64,7 +64,7 @@ void JSWeakObjectMapSet(JSContextRef ctx, JSWeakObjectMapRef map, void* key, JSO
         return;
     ASSERT(obj->inherits<JSProxy>(vm)
         || obj->inherits<JSCallbackObject<JSGlobalObject>>(vm)
-        || obj->inherits<JSCallbackObject<JSDestructibleObject>>(vm));
+        || obj->inherits<JSCallbackObject<JSNonFinalObject>>(vm));
     map->map().set(key, obj);
 }
 
index 6ae1945..b286545 100644 (file)
@@ -59,6 +59,19 @@ template <> const ClassInfo JSCallbackObject<JSAPIWrapperGlobalObject>::s_info =
 template<> const bool JSCallbackObject<JSAPIWrapperGlobalObject>::needsDestruction = false;
 
 template <>
+IsoSubspace* JSCallbackObject<JSAPIWrapperGlobalObject>::subspaceForImpl(VM& vm, SubspaceAccess mode)
+{
+    switch (mode) {
+    case SubspaceAccess::OnMainThread:
+        return vm.callbackAPIWrapperGlobalObjectSpace<SubspaceAccess::OnMainThread>();
+    case SubspaceAccess::Concurrently:
+        return vm.callbackAPIWrapperGlobalObjectSpace<SubspaceAccess::Concurrently>();
+    }
+    RELEASE_ASSERT_NOT_REACHED();
+    return nullptr;
+}
+
+template <>
 Structure* JSCallbackObject<JSAPIWrapperGlobalObject>::createStructure(VM& vm, JSGlobalObject*, JSValue proto)
 {
     return Structure::create(vm, nullptr, proto, TypeInfo(GlobalObjectType, StructureFlags), &s_info);
index d54a9ec..6a34899 100644 (file)
@@ -33,7 +33,10 @@ namespace JSC {
 
 class JSAPIWrapperGlobalObject : public JSGlobalObject {
 public:
-    typedef JSGlobalObject Base;
+    using Base = JSGlobalObject;
+
+    template<typename, SubspaceAccess>
+    static void subspaceFor(VM&) { RELEASE_ASSERT_NOT_REACHED(); }
 
     void finishCreation(VM&);
     static void visitChildren(JSCell*, JSC::SlotVisitor&);
index 867fd42..ea34123 100644 (file)
@@ -72,6 +72,19 @@ template <> const ClassInfo JSCallbackObject<JSAPIWrapperObject>::s_info = { "JS
 template<> const bool JSCallbackObject<JSAPIWrapperObject>::needsDestruction = true;
 
 template <>
+IsoSubspace* JSCallbackObject<JSAPIWrapperObject>::subspaceForImpl(VM& vm, SubspaceAccess mode)
+{
+    switch (mode) {
+    case SubspaceAccess::OnMainThread:
+        return vm.apiWrapperObjectSpace<SubspaceAccess::OnMainThread>();
+    case SubspaceAccess::Concurrently:
+        return vm.apiWrapperObjectSpace<SubspaceAccess::Concurrently>();
+    }
+    RELEASE_ASSERT_NOT_REACHED();
+    return nullptr;
+}
+
+template <>
 Structure* JSCallbackObject<JSAPIWrapperObject>::createStructure(VM& vm, JSGlobalObject* globalObject, JSValue proto)
 {
     return Structure::create(vm, globalObject, proto, TypeInfo(ObjectType, StructureFlags), &s_info);
index 9175d93..afc915c 100644 (file)
@@ -1,3 +1,60 @@
+2019-12-11  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] Put all API related JS cells into IsoSubspace
+        https://bugs.webkit.org/show_bug.cgi?id=205097
+
+        Reviewed by Mark Lam.
+
+        This patch puts API related JS cells into IsoSubspace.
+
+        * API/JSAPIGlobalObject.h:
+        (JSC::JSAPIGlobalObject::create): Deleted.
+        (JSC::JSAPIGlobalObject::createStructure): Deleted.
+        (JSC::JSAPIGlobalObject::JSAPIGlobalObject): Deleted.
+        * API/JSAPIValueWrapper.h:
+        * API/JSAPIWrapperObject.h:
+        (JSC::JSAPIWrapperObject::subspaceFor):
+        * API/JSAPIWrapperObject.mm:
+        (JSC::JSCallbackObject<JSAPIWrapperObject>::subspaceForImpl):
+        * API/JSCallbackConstructor.cpp:
+        (JSC::JSCallbackConstructor::JSCallbackConstructor):
+        * API/JSCallbackConstructor.h:
+        * API/JSCallbackObject.cpp:
+        (JSC::JSCallbackObject<JSNonFinalObject>::createStructure):
+        (JSC::JSCallbackObject<JSNonFinalObject>::subspaceForImpl):
+        (JSC::JSCallbackObject<JSGlobalObject>::subspaceForImpl):
+        (JSC::JSCallbackObject<JSDestructibleObject>::createStructure): Deleted.
+        * API/JSCallbackObject.h:
+        * API/JSCallbackObjectFunctions.h:
+        (JSC::JSCallbackObject<Parent>::init):
+        * API/JSClassRef.cpp:
+        (OpaqueJSClass::prototype):
+        * API/JSObjectRef.cpp:
+        (JSObjectMake):
+        (JSObjectGetPrivate):
+        (JSObjectSetPrivate):
+        (JSObjectGetPrivateProperty):
+        (JSObjectSetPrivateProperty):
+        (JSObjectDeletePrivateProperty):
+        * API/JSValueRef.cpp:
+        (JSValueIsObjectOfClass):
+        * API/JSWeakObjectMapRefPrivate.cpp:
+        * API/glib/JSAPIWrapperGlobalObject.cpp:
+        (JSC::JSCallbackObject<JSAPIWrapperGlobalObject>::subspaceForImpl):
+        * API/glib/JSAPIWrapperGlobalObject.h:
+        (JSC::JSAPIWrapperGlobalObject::subspaceFor):
+        * API/glib/JSAPIWrapperObjectGLib.cpp:
+        (JSC::JSCallbackObject<JSAPIWrapperObject>::subspaceForImpl):
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::init):
+        * runtime/JSSegmentedVariableObject.cpp:
+        (JSC::JSSegmentedVariableObject::finishCreation):
+        * runtime/JSSegmentedVariableObject.h:
+        (JSC::JSSegmentedVariableObject::classInfo const):
+        * runtime/VM.cpp:
+        (JSC::VM::VM):
+        * runtime/VM.h:
+
 2019-12-10  Saam Barati  <sbarati@apple.com>
 
         BytecodeDumper should print out of line jump targets
index 441b304..f59c7ac 100644 (file)
@@ -670,7 +670,7 @@ void JSGlobalObject::init(VM& vm)
         });
     m_callbackObjectStructure.initLater(
         [] (const Initializer<Structure>& init) {
-            init.set(JSCallbackObject<JSDestructibleObject>::createStructure(init.vm, init.owner, init.owner->m_objectPrototype.get()));
+            init.set(JSCallbackObject<JSNonFinalObject>::createStructure(init.vm, init.owner, init.owner->m_objectPrototype.get()));
         });
 
 #if JSC_OBJC_API_ENABLED
index c750705..faa7ed0 100644 (file)
@@ -119,7 +119,7 @@ void JSSegmentedVariableObject::finishCreation(VM& vm)
     Base::finishCreation(vm);
     setSymbolTable(vm, SymbolTable::create(vm));
     vm.heap.addFinalizer(this, [] (JSCell* cell) {
-        static_cast<JSSegmentedVariableObject*>(cell)->classInfo()->methodTable.destroy(cell);
+        static_cast<JSSegmentedVariableObject*>(cell)->m_classInfo->methodTable.destroy(cell);
     });
 }
 
index 0a12848..535fc34 100644 (file)
@@ -96,7 +96,7 @@ public:
     
     static void destroy(JSCell*);
     
-    const ClassInfo* classInfo() const { return m_classInfo; }
+    const ClassInfo* classInfo(VM&) const { return m_classInfo; }
     
 protected:
     JSSegmentedVariableObject(VM&, Structure*, JSScope*);
index a481882..c25666b 100644 (file)
@@ -78,7 +78,9 @@
 #include "IsoHeapCellType.h"
 #include "JITCode.h"
 #include "JITWorklist.h"
+#include "JSAPIGlobalObject.h"
 #include "JSAPIValueWrapper.h"
+#include "JSAPIWrapperObject.h"
 #include "JSArray.h"
 #include "JSArrayBuffer.h"
 #include "JSArrayBufferConstructor.h"
@@ -86,7 +88,9 @@
 #include "JSBigInt.h"
 #include "JSBoundFunction.h"
 #include "JSCInlines.h"
+#include "JSCallbackConstructor.h"
 #include "JSCallbackFunction.h"
+#include "JSCallbackObject.h"
 #include "JSCallee.h"
 #include "JSCustomGetterSetterFunction.h"
 #include "JSDestructibleObjectHeapCellType.h"
 #include "NativeExecutable.h"
 #include "Nodes.h"
 #include "NumberObject.h"
-#include "ObjCCallbackFunction.h"
 #include "Parser.h"
 #include "PredictionFileCreatingFuzzerAgent.h"
 #include "ProfilerDatabase.h"
 #include "RegExp.h"
 #endif
 
+#if JSC_OBJC_API_ENABLED
+#include "ObjCCallbackFunction.h"
+#endif
+
 #ifdef JSC_GLIB_API_ENABLED
+#include "JSAPIWrapperGlobalObject.h"
 #include "JSCCallbackFunction.h"
 #endif
 
@@ -293,6 +301,8 @@ VM::VM(VMType vmType, HeapType heapType)
     , immutableButterflyHeapCellType(makeUnique<HeapCellType>(CellAttributes(DoesNotNeedDestruction, HeapCell::JSCellWithInteriorPointers)))
     , cellHeapCellType(makeUnique<HeapCellType>(CellAttributes(DoesNotNeedDestruction, HeapCell::JSCell)))
     , destructibleCellHeapCellType(makeUnique<HeapCellType>(CellAttributes(NeedsDestruction, HeapCell::JSCell)))
+    , callbackConstructorHeapCellType(makeUnique<IsoHeapCellType<JSCallbackConstructor>>())
+    , callbackObjectHeapCellType(makeUnique<IsoHeapCellType<JSCallbackObject<JSNonFinalObject>>>())
     , dateInstanceHeapCellType(makeUnique<IsoHeapCellType<DateInstance>>())
     , errorInstanceHeapCellType(makeUnique<IsoHeapCellType<ErrorInstance>>())
     , jsModuleRecordHeapCellType(makeUnique<IsoHeapCellType<JSModuleRecord>>())
@@ -303,9 +313,11 @@ VM::VM(VMType vmType, HeapType heapType)
     , weakSetHeapCellType(makeUnique<IsoHeapCellType<JSWeakSet>>())
     , destructibleObjectHeapCellType(makeUnique<JSDestructibleObjectHeapCellType>())
 #if JSC_OBJC_API_ENABLED
+    , apiWrapperObjectHeapCellType(makeUnique<IsoHeapCellType<JSCallbackObject<JSAPIWrapperObject>>>())
     , objCCallbackFunctionHeapCellType(makeUnique<IsoHeapCellType<ObjCCallbackFunction>>())
 #endif
 #ifdef JSC_GLIB_API_ENABLED
+    , apiWrapperObjectHeapCellType(makeUnique<IsoHeapCellType<JSCallbackObject<JSAPIWrapperObject>>>())
     , jscCallbackFunctionHeapCellType(makeUnique<IsoHeapCellType<JSCCallbackFunction>>())
 #endif
 #if ENABLE(INTL)
@@ -1361,12 +1373,17 @@ void VM::ensureShadowChicken()
     }
 
 
+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(apiGlobalObjectSpace, cellHeapCellType.get(), JSAPIGlobalObject)
+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(apiValueWrapperSpace, cellHeapCellType.get(), JSAPIValueWrapper)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(arrayBufferSpace, cellHeapCellType.get(), JSArrayBuffer)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(asyncGeneratorSpace, cellHeapCellType.get(), JSAsyncGenerator)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(bigIntObjectSpace, cellHeapCellType.get(), BigIntObject)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(booleanObjectSpace, cellHeapCellType.get(), BooleanObject)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(boundFunctionSpace, cellHeapCellType.get(), JSBoundFunction) // Hash:0xd7916d41
+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(callbackConstructorSpace, callbackConstructorHeapCellType.get(), JSCallbackConstructor)
+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(callbackGlobalObjectSpace, cellHeapCellType.get(), JSCallbackObject<JSGlobalObject>)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(callbackFunctionSpace, cellHeapCellType.get(), JSCallbackFunction) // Hash:0xe7648ebc
+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(callbackObjectSpace, callbackObjectHeapCellType.get(), JSCallbackObject<JSNonFinalObject>)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(customGetterSetterFunctionSpace, cellHeapCellType.get(), JSCustomGetterSetterFunction) // Hash:0x18091000
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(dataViewSpace, cellHeapCellType.get(), JSDataView)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(errorInstanceSpace, errorInstanceHeapCellType.get(), ErrorInstance) // Hash:0x3f40d4a
@@ -1398,10 +1415,13 @@ DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(weakMapSpace, weakMapHeapCellType.get(),
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(weakSetSpace, weakSetHeapCellType.get(), JSWeakSet) // Hash:0x4c781b30
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(weakObjectRefSpace, cellHeapCellType.get(), JSWeakObjectRef) // Hash:0x8ec68f1f
 #if JSC_OBJC_API_ENABLED
+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(apiWrapperObjectSpace, apiWrapperObjectHeapCellType.get(), JSCallbackObject<JSAPIWrapperObject>)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(objCCallbackFunctionSpace, objCCallbackFunctionHeapCellType.get(), ObjCCallbackFunction) // Hash:0x10f610b8
 #endif
 #ifdef JSC_GLIB_API_ENABLED
+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(apiWrapperObjectSpace, apiWrapperObjectHeapCellType.get(), JSCallbackObject<JSAPIWrapperObject>)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(jscCallbackFunctionSpace, jscCallbackFunctionHeapCellType.get(), JSCCallbackFunction)
+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(callbackAPIWrapperGlobalObjectSpace, cellHeapCellType.get(), JSCallbackObject<JSAPIWrapperGlobalObject>)
 #endif
 #if ENABLE(INTL)
 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(intlCollatorSpace, intlCollatorHeapCellType.get(), IntlCollator)
index eddbfc5..c124fab 100644 (file)
@@ -126,13 +126,16 @@ class IntlCollator;
 class IntlDateTimeFormat;
 class IntlNumberFormat;
 class IntlPluralRules;
+class JSAPIWrapperObject;
 class JSCCallbackFunction;
+class JSCallbackConstructor;
 class JSCustomGetterSetterFunction;
 class JSDestructibleObjectHeapCellType;
 class JSGlobalObject;
 class JSModuleNamespaceObject;
 class JSModuleRecord;
 class JSNativeStdFunction;
+class JSNonFinalObject;
 class JSObject;
 class JSPromise;
 class JSPropertyNameEnumerator;
@@ -182,6 +185,7 @@ class WebAssemblyFunction;
 class WebAssemblyModuleRecord;
 
 template<typename CellType> class IsoHeapCellType;
+template<typename Parent> class JSCallbackObject;
 
 #if ENABLE(FTL_JIT)
 namespace FTL {
@@ -359,6 +363,8 @@ public:
     std::unique_ptr<HeapCellType> immutableButterflyHeapCellType;
     std::unique_ptr<HeapCellType> cellHeapCellType;
     std::unique_ptr<HeapCellType> destructibleCellHeapCellType;
+    std::unique_ptr<IsoHeapCellType<JSCallbackConstructor>> callbackConstructorHeapCellType;
+    std::unique_ptr<IsoHeapCellType<JSCallbackObject<JSNonFinalObject>>> callbackObjectHeapCellType;
     std::unique_ptr<IsoHeapCellType<DateInstance>> dateInstanceHeapCellType;
     std::unique_ptr<IsoHeapCellType<ErrorInstance>> errorInstanceHeapCellType;
     std::unique_ptr<IsoHeapCellType<JSModuleRecord>> jsModuleRecordHeapCellType;
@@ -369,9 +375,11 @@ public:
     std::unique_ptr<IsoHeapCellType<JSWeakSet>> weakSetHeapCellType;
     std::unique_ptr<JSDestructibleObjectHeapCellType> destructibleObjectHeapCellType;
 #if JSC_OBJC_API_ENABLED
+    std::unique_ptr<IsoHeapCellType<JSCallbackObject<JSAPIWrapperObject>>> apiWrapperObjectHeapCellType;
     std::unique_ptr<IsoHeapCellType<ObjCCallbackFunction>> objCCallbackFunctionHeapCellType;
 #endif
 #ifdef JSC_GLIB_API_ENABLED
+    std::unique_ptr<IsoHeapCellType<JSCallbackObject<JSAPIWrapperObject>>> apiWrapperObjectHeapCellType;
     std::unique_ptr<IsoHeapCellType<JSCCallbackFunction>> jscCallbackFunctionHeapCellType;
 #endif
 #if ENABLE(INTL)
@@ -458,17 +466,25 @@ public:
 
 
 #if JSC_OBJC_API_ENABLED
+    DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(apiWrapperObjectSpace)
     DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(objCCallbackFunctionSpace)
 #endif
 #ifdef JSC_GLIB_API_ENABLED
+    DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(apiWrapperObjectSpace)
     DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(jscCallbackFunctionSpace)
+    DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(callbackAPIWrapperGlobalObjectSpace)
 #endif
+    DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(apiGlobalObjectSpace)
+    DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(apiValueWrapperSpace)
     DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(arrayBufferSpace)
     DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(asyncGeneratorSpace)
     DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(bigIntObjectSpace)
     DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(booleanObjectSpace)
     DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(boundFunctionSpace)
+    DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(callbackConstructorSpace)
+    DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(callbackGlobalObjectSpace)
     DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(callbackFunctionSpace)
+    DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(callbackObjectSpace)
     DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(customGetterSetterFunctionSpace)
     DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(dataViewSpace)
     DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(errorInstanceSpace)
index c313777..0808f0d 100644 (file)
@@ -1,3 +1,17 @@
+2019-12-11  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] Put all API related JS cells into IsoSubspace
+        https://bugs.webkit.org/show_bug.cgi?id=205097
+
+        Reviewed by Mark Lam.
+
+        * bindings/js/JSDOMGlobalObject.cpp:
+        (WebCore::JSDOMGlobalObject::finishCreation):
+        * bindings/js/JSDOMWrapper.cpp:
+        (WebCore::JSDOMObject::JSDOMObject):
+        * bindings/js/JSWindowProxy.cpp:
+        (WebCore::JSWindowProxy::setWindow):
+
 2019-12-10  youenn fablet  <youenn@apple.com>
 
         TrackListBase does not need to be an ActiveDOMObject
index 60a34cf..63839d1 100644 (file)
@@ -149,7 +149,7 @@ void JSDOMGlobalObject::finishCreation(VM& vm)
 
     addBuiltinGlobals(vm);
 
-    RELEASE_ASSERT(classInfo());
+    RELEASE_ASSERT(classInfo(vm));
 }
 
 void JSDOMGlobalObject::finishCreation(VM& vm, JSObject* thisValue)
@@ -159,7 +159,7 @@ void JSDOMGlobalObject::finishCreation(VM& vm, JSObject* thisValue)
 
     addBuiltinGlobals(vm);
 
-    RELEASE_ASSERT(classInfo());
+    RELEASE_ASSERT(classInfo(vm));
 }
 
 ScriptExecutionContext* JSDOMGlobalObject::scriptExecutionContext() const
index 056bdbd..7736d0c 100644 (file)
@@ -41,7 +41,7 @@ STATIC_ASSERT_IS_TRIVIALLY_DESTRUCTIBLE(JSDOMObject);
 JSDOMObject::JSDOMObject(JSC::Structure* structure, JSC::JSGlobalObject& globalObject)
     : Base(globalObject.vm(), structure)
 {
-    ASSERT(scriptExecutionContext() || globalObject.classInfo() == JSRemoteDOMWindow::info());
+    ASSERT(scriptExecutionContext() || globalObject.classInfo(globalObject.vm()) == JSRemoteDOMWindow::info());
 }
 
 JSC::CompleteSubspace* outputConstraintSubspaceFor(JSC::VM& vm)
index 7ac8f79..db7031a 100644 (file)
@@ -75,7 +75,7 @@ void JSWindowProxy::destroy(JSCell* cell)
 
 void JSWindowProxy::setWindow(VM& vm, JSDOMGlobalObject& window)
 {
-    ASSERT(window.classInfo() == JSDOMWindow::info() || window.classInfo() == JSRemoteDOMWindow::info());
+    ASSERT(window.classInfo(vm) == JSDOMWindow::info() || window.classInfo(vm) == JSRemoteDOMWindow::info());
     setTarget(vm, &window);
     structure(vm)->setGlobalObject(vm, &window);
     GCController::singleton().garbageCollectSoon();