[JSC] Put JSProxy in IsoSubspace
authorysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 13 Jan 2020 21:28:45 +0000 (21:28 +0000)
committerysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 13 Jan 2020 21:28:45 +0000 (21:28 +0000)
https://bugs.webkit.org/show_bug.cgi?id=206187

Reviewed by Mark Lam.

1. Put JSProxy in IsoSubspace.
2. Make JSProxy non-destructible since derived class JSWindowProxy is having its own IsoSubspace with destructibility.

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Sources.txt:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::resetPrototype):
(JSC::JSGlobalObject::finishCreation):
* runtime/JSNonDestructibleProxy.cpp: Removed.
* runtime/JSNonDestructibleProxy.h: Removed.
* runtime/JSProxy.h:
(JSC::JSProxy::subspaceFor):
* runtime/JSStringIterator.h:
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@254447 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/CMakeLists.txt
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
Source/JavaScriptCore/Sources.txt
Source/JavaScriptCore/runtime/JSGlobalObject.cpp
Source/JavaScriptCore/runtime/JSNonDestructibleProxy.cpp [deleted file]
Source/JavaScriptCore/runtime/JSNonDestructibleProxy.h [deleted file]
Source/JavaScriptCore/runtime/JSProxy.h
Source/JavaScriptCore/runtime/JSStringIterator.h
Source/JavaScriptCore/runtime/VM.cpp
Source/JavaScriptCore/runtime/VM.h

index ccef1af..4f2e04d 100644 (file)
@@ -900,7 +900,6 @@ set(JavaScriptCore_PRIVATE_FRAMEWORK_HEADERS
     runtime/JSModuleLoader.h
     runtime/JSModuleRecord.h
     runtime/JSNativeStdFunction.h
-    runtime/JSNonDestructibleProxy.h
     runtime/JSONObject.h
     runtime/JSObject.h
     runtime/JSObjectInlines.h
index 0697290..faf423d 100644 (file)
@@ -1,3 +1,28 @@
+2020-01-13  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] Put JSProxy in IsoSubspace
+        https://bugs.webkit.org/show_bug.cgi?id=206187
+
+        Reviewed by Mark Lam.
+
+        1. Put JSProxy in IsoSubspace.
+        2. Make JSProxy non-destructible since derived class JSWindowProxy is having its own IsoSubspace with destructibility.
+
+        * CMakeLists.txt:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * Sources.txt:
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::resetPrototype):
+        (JSC::JSGlobalObject::finishCreation):
+        * runtime/JSNonDestructibleProxy.cpp: Removed.
+        * runtime/JSNonDestructibleProxy.h: Removed.
+        * runtime/JSProxy.h:
+        (JSC::JSProxy::subspaceFor):
+        * runtime/JSStringIterator.h:
+        * runtime/VM.cpp:
+        (JSC::VM::VM):
+        * runtime/VM.h:
+
 2020-01-11  Keith Miller  <keith_miller@apple.com>
 
         CheckNeutered needs to claim it reads JSType in clobberize.
index 00a818e..2d745f2 100644 (file)
                E3850B15226ED641009ABF9C /* DFGMinifiedIDInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = E3850B14226ED63E009ABF9C /* DFGMinifiedIDInlines.h */; };
                E38652E3237CA0C900E1D5EE /* BlockDirectoryBits.h in Headers */ = {isa = PBXBuildFile; fileRef = E38652E2237CA0C800E1D5EE /* BlockDirectoryBits.h */; settings = {ATTRIBUTES = (Private, ); }; };
                E3893A1D2203A7C600E79A74 /* AsyncFromSyncIteratorPrototype.lut.h in Headers */ = {isa = PBXBuildFile; fileRef = E3893A1C2203A7C600E79A74 /* AsyncFromSyncIteratorPrototype.lut.h */; };
-               E38D999C221B78BB00D50474 /* JSNonDestructibleProxy.h in Headers */ = {isa = PBXBuildFile; fileRef = E38D999A221B789F00D50474 /* JSNonDestructibleProxy.h */; settings = {ATTRIBUTES = (Private, ); }; };
                E39006212208BFC4001019CF /* SubspaceAccess.h in Headers */ = {isa = PBXBuildFile; fileRef = E39006202208BFC3001019CF /* SubspaceAccess.h */; settings = {ATTRIBUTES = (Private, ); }; };
                E393ADD81FE702D00022D681 /* WeakMapImplInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = E393ADD71FE702CC0022D681 /* WeakMapImplInlines.h */; };
                E39BF39922A2288B00BD183E /* SymbolTableInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = E39BF39822A2288B00BD183E /* SymbolTableInlines.h */; };
                E38D060B1F8E814100649CF2 /* JSScriptFetchParameters.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSScriptFetchParameters.h; sourceTree = "<group>"; };
                E38D060C1F8E814100649CF2 /* ScriptFetchParameters.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ScriptFetchParameters.h; sourceTree = "<group>"; };
                E38D060D1F8E814100649CF2 /* JSScriptFetchParameters.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSScriptFetchParameters.cpp; sourceTree = "<group>"; };
-               E38D999A221B789F00D50474 /* JSNonDestructibleProxy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = JSNonDestructibleProxy.h; sourceTree = "<group>"; };
-               E38D999B221B789F00D50474 /* JSNonDestructibleProxy.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = JSNonDestructibleProxy.cpp; sourceTree = "<group>"; };
                E39006202208BFC3001019CF /* SubspaceAccess.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SubspaceAccess.h; sourceTree = "<group>"; };
                E3915C062309682900CB2561 /* WasmContext.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WasmContext.cpp; sourceTree = "<group>"; };
                E393ADD71FE702CC0022D681 /* WeakMapImplInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WeakMapImplInlines.h; sourceTree = "<group>"; };
                                E39DA4A51B7E8B7C0084F33A /* JSModuleRecord.h */,
                                E33E8D1A1B9013C300346B52 /* JSNativeStdFunction.cpp */,
                                E33E8D1B1B9013C300346B52 /* JSNativeStdFunction.h */,
-                               E38D999B221B789F00D50474 /* JSNonDestructibleProxy.cpp */,
-                               E38D999A221B789F00D50474 /* JSNonDestructibleProxy.h */,
                                BC22A3980E16E14800AF21C8 /* JSObject.cpp */,
                                BC22A3990E16E14800AF21C8 /* JSObject.h */,
                                0F93275E1C21EF7F00CF6564 /* JSObjectInlines.h */,
                                E318CBC11B8AEF5100A2929D /* JSModuleNamespaceObject.h in Headers */,
                                E39DA4A71B7E8B7C0084F33A /* JSModuleRecord.h in Headers */,
                                E33E8D1D1B9013C300346B52 /* JSNativeStdFunction.h in Headers */,
-                               E38D999C221B78BB00D50474 /* JSNonDestructibleProxy.h in Headers */,
                                BC18C4240E16F5CD00B34460 /* JSObject.h in Headers */,
                                0F93275F1C21EF7F00CF6564 /* JSObjectInlines.h in Headers */,
                                BC18C4250E16F5CD00B34460 /* JSObjectRef.h in Headers */,
index d242ef6..6ad431b 100644 (file)
@@ -854,7 +854,6 @@ runtime/JSModuleLoader.cpp
 runtime/JSModuleNamespaceObject.cpp
 runtime/JSModuleRecord.cpp
 runtime/JSNativeStdFunction.cpp
-runtime/JSNonDestructibleProxy.cpp
 runtime/JSONObject.cpp
 runtime/JSObject.cpp
 runtime/JSPromise.cpp
index 1bdc82f..e8ad25f 100644 (file)
 #include "JSModuleNamespaceObject.h"
 #include "JSModuleRecord.h"
 #include "JSNativeStdFunction.h"
-#include "JSNonDestructibleProxy.h"
 #include "JSONObject.h"
 #include "JSPromise.h"
 #include "JSPromiseConstructor.h"
@@ -1706,7 +1705,7 @@ void JSGlobalObject::resetPrototype(VM& vm, JSValue prototype)
     setPrototypeDirect(vm, prototype);
     fixupPrototypeChainWithObjectPrototype(vm);
     // Whenever we change the prototype of the global object, we need to create a new JSProxy with the correct prototype.
-    setGlobalThis(vm, JSNonDestructibleProxy::create(vm, JSNonDestructibleProxy::createStructure(vm, this, prototype, PureForwardingProxyType), this));
+    setGlobalThis(vm, JSProxy::create(vm, JSProxy::createStructure(vm, this, prototype, PureForwardingProxyType), this));
 }
 
 void JSGlobalObject::visitChildren(JSCell* cell, SlotVisitor& visitor)
@@ -2210,7 +2209,7 @@ void JSGlobalObject::finishCreation(VM& vm)
     structure(vm)->setGlobalObject(vm, this);
     m_runtimeFlags = m_globalObjectMethodTable->javaScriptRuntimeFlags(this);
     init(vm);
-    setGlobalThis(vm, JSNonDestructibleProxy::create(vm, JSNonDestructibleProxy::createStructure(vm, this, getPrototypeDirect(vm), PureForwardingProxyType), this));
+    setGlobalThis(vm, JSProxy::create(vm, JSProxy::createStructure(vm, this, getPrototypeDirect(vm), PureForwardingProxyType), this));
     ASSERT(type() == GlobalObjectType);
 }
 
diff --git a/Source/JavaScriptCore/runtime/JSNonDestructibleProxy.cpp b/Source/JavaScriptCore/runtime/JSNonDestructibleProxy.cpp
deleted file mode 100644 (file)
index 9e08ca2..0000000
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Copyright (C) 2019 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "JSNonDestructibleProxy.h"
-
-namespace JSC {
-
-const ClassInfo JSNonDestructibleProxy::s_info = { "JSNonDestructibleProxy", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSNonDestructibleProxy) };
-
-} // namespace JSC
diff --git a/Source/JavaScriptCore/runtime/JSNonDestructibleProxy.h b/Source/JavaScriptCore/runtime/JSNonDestructibleProxy.h
deleted file mode 100644 (file)
index 9ccfc1a..0000000
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright (C) 2019 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#pragma once
-
-#include "JSProxy.h"
-
-namespace JSC {
-
-class JSNonDestructibleProxy : public JSProxy {
-public:
-    using Base = JSProxy;
-    static constexpr unsigned StructureFlags = Base::StructureFlags;
-    static constexpr bool needsDestruction = false;
-
-    template<typename CellType, SubspaceAccess mode>
-    static CompleteSubspace* subspaceFor(VM& vm)
-    {
-        // JSProxy is JSDestrucitbleObject, but we make this JSNonDestructibleProxy non-destructible by using non-destructible subspace.
-        // The motivation behind this is (1) except for JSWindowProxy JSProxy does not need to be destructible, and (2) subspace of destructible
-        // and non-destructible objects are separated and JSProxy is using one MarkedBlock only for JSProxy class in the JSC framework and wasting memory.
-        // Basically, to make objects destructible, objects need to inherit JSDestructibleObject. It holds a classInfo at a specific offset
-        // so that Heap can get methodTable::destroy even if structures held by objects are destroyed before objects' destructions. But this
-        // requirement forces JSProxy to inherit JSDestructibleObject for JSWindowProxy even while the other JSProxy does not need to be
-        // destructible. We create JSNonDestructibleProxy, which is a subclass of JSProxy, and make it non-destructible so that we still keep
-        // JSWindowProxy destructible while making JSNonDestructibleProxy non-destructible.
-        return JSNonFinalObject::subspaceFor<CellType, mode>(vm);
-    }
-
-    static JSNonDestructibleProxy* create(VM& vm, Structure* structure, JSObject* target)
-    {
-        JSNonDestructibleProxy* proxy = new (NotNull, allocateCell<JSNonDestructibleProxy>(vm.heap)) JSNonDestructibleProxy(vm, structure);
-        proxy->finishCreation(vm, target);
-        return proxy;
-    }
-
-    static JSNonDestructibleProxy* create(VM& vm, Structure* structure)
-    {
-        JSNonDestructibleProxy* proxy = new (NotNull, allocateCell<JSNonDestructibleProxy>(vm.heap)) JSNonDestructibleProxy(vm, structure);
-        proxy->finishCreation(vm);
-        return proxy;
-    }
-
-    static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype, JSType proxyType)
-    {
-        ASSERT(proxyType == ImpureProxyType || proxyType == PureForwardingProxyType);
-        return Structure::create(vm, globalObject, prototype, TypeInfo(proxyType, StructureFlags), info());
-    }
-
-    DECLARE_EXPORT_INFO;
-
-protected:
-    JSNonDestructibleProxy(VM& vm, Structure* structure)
-        : Base(vm, structure)
-    {
-    }
-};
-
-} // namespace JSC
index 7911ba4..351e668 100644 (file)
 
 #pragma once
 
-#include "JSDestructibleObject.h"
+#include "JSObject.h"
 
 namespace JSC {
 
-class JSProxy : public JSDestructibleObject {
+class JSProxy : public JSNonFinalObject {
 public:
-    using Base = JSDestructibleObject;
+    using Base = JSNonFinalObject;
     static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero;
 
+    template<typename CellType, SubspaceAccess>
+    static IsoSubspace* subspaceFor(VM& vm)
+    {
+        static_assert(sizeof(CellType) == sizeof(JSProxy));
+        return &vm.jsProxySpace;
+    }
+
     static JSProxy* create(VM& vm, Structure* structure, JSObject* target)
     {
         JSProxy* proxy = new (NotNull, allocateCell<JSProxy>(vm.heap)) JSProxy(vm, structure);
index b48b7a8..0ab6498 100644 (file)
@@ -25,7 +25,7 @@
 
 #pragma once
 
-#include "JSObject.h"
+#include "JSInternalFieldObjectImpl.h"
 
 namespace JSC {
 
index 4752aa0..4bd549b 100644 (file)
 #include "JSNativeStdFunction.h"
 #include "JSPromise.h"
 #include "JSPropertyNameEnumerator.h"
+#include "JSProxy.h"
 #include "JSScriptFetchParameters.h"
 #include "JSScriptFetcher.h"
 #include "JSSet.h"
@@ -369,6 +370,7 @@ VM::VM(VMType vmType, HeapType heapType)
     , getterSetterSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), GetterSetter)
     , globalLexicalEnvironmentSpace ISO_SUBSPACE_INIT(heap, globalLexicalEnvironmentHeapCellType.get(), JSGlobalLexicalEnvironment)
     , internalFunctionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), InternalFunction) // Hash:0xf845c464
+    , jsProxySpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSProxy)
     , nativeExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), NativeExecutable) // Hash:0x67567f95
     , numberObjectSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), NumberObject)
     , promiseSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSPromise)
index 9c2a16c..d1c8713 100644 (file)
@@ -452,6 +452,7 @@ public:
     IsoSubspace getterSetterSpace;
     IsoSubspace globalLexicalEnvironmentSpace;
     IsoSubspace internalFunctionSpace;
+    IsoSubspace jsProxySpace;
     IsoSubspace nativeExecutableSpace;
     IsoSubspace numberObjectSpace;
     IsoSubspace promiseSpace;