Diff
Modified: trunk/Source/_javascript_Core/API/JSBase.h (230812 => 230813)
--- trunk/Source/_javascript_Core/API/JSBase.h 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/_javascript_Core/API/JSBase.h 2018-04-19 19:33:03 UTC (rev 230813)
@@ -143,7 +143,7 @@
}
#endif
-/* Enable the Objective-C API for platforms with a modern runtime. */
+/* Enable the Objective-C API for platforms with a modern runtime. NOTE: This is duplicated in VM.h. */
#if !defined(JSC_OBJC_API_ENABLED)
#if (defined(__clang__) && defined(__APPLE__) && ((defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && !defined(__i386__)) || (defined(TARGET_OS_IPHONE) && TARGET_OS_IPHONE)))
#define JSC_OBJC_API_ENABLED 1
Modified: trunk/Source/_javascript_Core/API/JSCallbackFunction.h (230812 => 230813)
--- trunk/Source/_javascript_Core/API/JSCallbackFunction.h 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/_javascript_Core/API/JSCallbackFunction.h 2018-04-19 19:33:03 UTC (rev 230813)
@@ -37,6 +37,12 @@
public:
typedef InternalFunction Base;
+ template<typename CellType>
+ static IsoSubspace* subspaceFor(VM& vm)
+ {
+ return &vm.callbackFunctionSpace;
+ }
+
static JSCallbackFunction* create(VM&, JSGlobalObject*, JSObjectCallAsFunctionCallback, const String& name);
DECLARE_INFO;
Modified: trunk/Source/_javascript_Core/API/ObjCCallbackFunction.h (230812 => 230813)
--- trunk/Source/_javascript_Core/API/ObjCCallbackFunction.h 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/_javascript_Core/API/ObjCCallbackFunction.h 2018-04-19 19:33:03 UTC (rev 230813)
@@ -48,6 +48,12 @@
public:
typedef InternalFunction Base;
+ template<typename CellType>
+ static IsoSubspace* subspaceFor(VM& vm)
+ {
+ return &vm.objCCallbackFunctionSpace;
+ }
+
static ObjCCallbackFunction* create(VM&, JSGlobalObject*, const String& name, std::unique_ptr<ObjCCallbackFunctionImpl>);
static void destroy(JSCell*);
Modified: trunk/Source/_javascript_Core/API/glib/JSCCallbackFunction.cpp (230812 => 230813)
--- trunk/Source/_javascript_Core/API/glib/JSCCallbackFunction.cpp 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/_javascript_Core/API/glib/JSCCallbackFunction.cpp 2018-04-19 19:33:03 UTC (rev 230813)
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2018 Igalia S.L.
- * Copyright (C) 2006, 2008, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2006-2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -29,8 +29,10 @@
#include "APICallbackFunction.h"
#include "APICast.h"
+#include "IsoSubspacePerVM.h"
#include "JSCClassPrivate.h"
#include "JSCContextPrivate.h"
+#include "JSDestructibleObjectHeapCellType.h"
#include "JSCExceptionPrivate.h"
#include "JSCInlines.h"
#include "JSFunction.h"
@@ -206,4 +208,10 @@
static_cast<JSCCallbackFunction*>(cell)->JSCCallbackFunction::~JSCCallbackFunction();
}
+IsoSubspace* JSCCallbackFunction::subspaceForImpl(VM& vm)
+{
+ NeverDestroyed<IsoSubspacePerVM> perVM([] (VM& vm) -> IsoSubspacePerVM::SubspaceParameters { return ISO_SUBSPACE_PARAMETERS(vm.destructibleObjectHeapCellType.get(), JSCCallbackFunction); });
+ return &perVM.get().forVM(vm);
+}
+
} // namespace JSC
Modified: trunk/Source/_javascript_Core/API/glib/JSCCallbackFunction.h (230812 => 230813)
--- trunk/Source/_javascript_Core/API/glib/JSCCallbackFunction.h 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/_javascript_Core/API/glib/JSCCallbackFunction.h 2018-04-19 19:33:03 UTC (rev 230813)
@@ -40,6 +40,12 @@
public:
typedef InternalFunction Base;
+ template<typename CellType>
+ static IsoSubspace* subspaceFor(VM& vm)
+ {
+ return subspaceForImpl(vm);
+ }
+
enum class Type {
Function,
Method,
@@ -61,6 +67,8 @@
JSObjectRef construct(JSContextRef, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception);
private:
+ static IsoSubspace* subspaceForImpl(VM&);
+
JSCCallbackFunction(VM&, Structure*, Type, JSCClass*, GRefPtr<GClosure>&&, GType, Vector<GType>&&);
JSObjectCallAsFunctionCallback functionCallback() { return m_functionCallback; }
Modified: trunk/Source/_javascript_Core/CMakeLists.txt (230812 => 230813)
--- trunk/Source/_javascript_Core/CMakeLists.txt 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/_javascript_Core/CMakeLists.txt 2018-04-19 19:33:03 UTC (rev 230813)
@@ -531,6 +531,7 @@
heap/IncrementalSweeper.h
heap/IsoCellSet.h
heap/IsoSubspace.h
+ heap/IsoSubspacePerVM.h
heap/LargeAllocation.h
heap/ListableHandler.h
heap/LocalAllocator.h
Modified: trunk/Source/_javascript_Core/ChangeLog (230812 => 230813)
--- trunk/Source/_javascript_Core/ChangeLog 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/_javascript_Core/ChangeLog 2018-04-19 19:33:03 UTC (rev 230813)
@@ -1,3 +1,46 @@
+2018-04-17 Filip Pizlo <fpi...@apple.com>
+
+ The InternalFunction hierarchy should be in IsoSubspaces
+ https://bugs.webkit.org/show_bug.cgi?id=184721
+
+ Reviewed by Saam Barati.
+
+ This moves InternalFunction into a IsoSubspace. It also moves all subclasses into IsoSubspaces,
+ but subclasses that are the same size as InternalFunction share its subspace. I did this
+ because the subclasses appear to just override methods, which are called dynamically via the
+ structure or class of the object. So, I don't see a type confusion risk if UAF is used to
+ allocate one kind of InternalFunction over another.
+
+ * API/JSBase.h:
+ * API/JSCallbackFunction.h:
+ * API/ObjCCallbackFunction.h:
+ (JSC::ObjCCallbackFunction::subspaceFor):
+ * CMakeLists.txt:
+ * _javascript_Core.xcodeproj/project.pbxproj:
+ * Sources.txt:
+ * heap/IsoSubspacePerVM.cpp: Added.
+ (JSC::IsoSubspacePerVM::AutoremovingIsoSubspace::AutoremovingIsoSubspace):
+ (JSC::IsoSubspacePerVM::AutoremovingIsoSubspace::~AutoremovingIsoSubspace):
+ (JSC::IsoSubspacePerVM::IsoSubspacePerVM):
+ (JSC::IsoSubspacePerVM::~IsoSubspacePerVM):
+ (JSC::IsoSubspacePerVM::forVM):
+ * heap/IsoSubspacePerVM.h: Added.
+ (JSC::IsoSubspacePerVM::SubspaceParameters::SubspaceParameters):
+ * runtime/Error.h:
+ * runtime/ErrorConstructor.h:
+ * runtime/InternalFunction.h:
+ (JSC::InternalFunction::subspaceFor):
+ * runtime/IntlCollatorConstructor.h:
+ * runtime/IntlDateTimeFormatConstructor.h:
+ * runtime/IntlNumberFormatConstructor.h:
+ * runtime/JSArrayBufferConstructor.h:
+ * runtime/NativeErrorConstructor.h:
+ * runtime/ProxyRevoke.h:
+ * runtime/RegExpConstructor.h:
+ * runtime/VM.cpp:
+ (JSC::VM::VM):
+ * runtime/VM.h:
+
2018-04-19 Yusuke Suzuki <utatane....@gmail.com>
Unreviewed, Fix jsc shell
Modified: trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj (230812 => 230813)
--- trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj 2018-04-19 19:33:03 UTC (rev 230813)
@@ -343,6 +343,7 @@
0F5CF9841E9D537700C18692 /* AirLowerStackArgs.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5CF9831E9D537500C18692 /* AirLowerStackArgs.h */; };
0F5CF9891E9ED65200C18692 /* AirStackAllocation.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5CF9871E9ED64E00C18692 /* AirStackAllocation.h */; };
0F5E0FD8207C72730097F0DE /* DFGAbstractInterpreterClobberState.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5E0FD6207C72710097F0DE /* DFGAbstractInterpreterClobberState.h */; };
+ 0F5E0FE72086AD480097F0DE /* IsoSubspacePerVM.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5E0FE52086AD460097F0DE /* IsoSubspacePerVM.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F5EF91F16878F7D003E5C25 /* JITThunks.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5EF91C16878F78003E5C25 /* JITThunks.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F5F08CF146C7633000472A9 /* UnconditionalFinalizer.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5F08CE146C762F000472A9 /* UnconditionalFinalizer.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F60FE901FFC37020003320A /* ExecutableToCodeBlockEdge.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F60FE8E1FFC36FD0003320A /* ExecutableToCodeBlockEdge.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -2350,6 +2351,8 @@
0F5D085C1B8CF99D001143B4 /* DFGNodeOrigin.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGNodeOrigin.cpp; path = dfg/DFGNodeOrigin.cpp; sourceTree = "<group>"; };
0F5E0FD6207C72710097F0DE /* DFGAbstractInterpreterClobberState.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGAbstractInterpreterClobberState.h; path = dfg/DFGAbstractInterpreterClobberState.h; sourceTree = "<group>"; };
0F5E0FD7207C72710097F0DE /* DFGAbstractInterpreterClobberState.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGAbstractInterpreterClobberState.cpp; path = dfg/DFGAbstractInterpreterClobberState.cpp; sourceTree = "<group>"; };
+ 0F5E0FE52086AD460097F0DE /* IsoSubspacePerVM.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = IsoSubspacePerVM.h; sourceTree = "<group>"; };
+ 0F5E0FE62086AD470097F0DE /* IsoSubspacePerVM.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = IsoSubspacePerVM.cpp; sourceTree = "<group>"; };
0F5EF91B16878F78003E5C25 /* JITThunks.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JITThunks.cpp; sourceTree = "<group>"; };
0F5EF91C16878F78003E5C25 /* JITThunks.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JITThunks.h; sourceTree = "<group>"; };
0F5F08CE146C762F000472A9 /* UnconditionalFinalizer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = UnconditionalFinalizer.h; sourceTree = "<group>"; };
@@ -5695,6 +5698,8 @@
0FB4677B1FDDA6D8003FCB09 /* IsoCellSetInlines.h */,
0FDCE12C1FAFB4DE006F3901 /* IsoSubspace.cpp */,
0FDCE12B1FAFB4DE006F3901 /* IsoSubspace.h */,
+ 0F5E0FE62086AD470097F0DE /* IsoSubspacePerVM.cpp */,
+ 0F5E0FE52086AD460097F0DE /* IsoSubspacePerVM.h */,
0F766D2915A8CC34008F363E /* JITStubRoutineSet.cpp */,
0F766D2A15A8CC34008F363E /* JITStubRoutineSet.h */,
0F070A451D543A89006E7232 /* LargeAllocation.cpp */,
@@ -9491,6 +9496,7 @@
53F8D2001E8387D400D21116 /* WasmBBQPlanInlines.h in Headers */,
AD4B1DFA1DF244E20071AE32 /* WasmBinding.h in Headers */,
525C0DDA1E935847002184CD /* WasmCallee.h in Headers */,
+ 0F5E0FE72086AD480097F0DE /* IsoSubspacePerVM.h in Headers */,
53FD04D41D7AB291003287D3 /* WasmCallingConvention.h in Headers */,
526AC4B71E977C5D003500E1 /* WasmCodeBlock.h in Headers */,
AD412B341E7B2E9E008AF157 /* WasmContext.h in Headers */,
Modified: trunk/Source/_javascript_Core/Sources.txt (230812 => 230813)
--- trunk/Source/_javascript_Core/Sources.txt 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/_javascript_Core/Sources.txt 2018-04-19 19:33:03 UTC (rev 230813)
@@ -502,6 +502,7 @@
heap/IsoAlignedMemoryAllocator.cpp
heap/IsoCellSet.cpp
heap/IsoSubspace.cpp
+heap/IsoSubspacePerVM.cpp
heap/JITStubRoutineSet.cpp
heap/LargeAllocation.cpp
heap/LocalAllocator.cpp
Added: trunk/Source/_javascript_Core/heap/IsoSubspacePerVM.cpp (0 => 230813)
--- trunk/Source/_javascript_Core/heap/IsoSubspacePerVM.cpp (rev 0)
+++ trunk/Source/_javascript_Core/heap/IsoSubspacePerVM.cpp 2018-04-19 19:33:03 UTC (rev 230813)
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2018 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "IsoSubspacePerVM.h"
+
+#include "JSCInlines.h"
+
+namespace JSC {
+
+class IsoSubspacePerVM::AutoremovingIsoSubspace : public IsoSubspace {
+public:
+ AutoremovingIsoSubspace(IsoSubspacePerVM& perVM, CString name, Heap& heap, HeapCellType* heapCellType, size_t size)
+ : IsoSubspace(name, heap, heapCellType, size)
+ , m_perVM(perVM)
+ {
+ }
+
+ ~AutoremovingIsoSubspace()
+ {
+ auto locker = holdLock(m_perVM.m_lock);
+ m_perVM.m_subspacePerVM.remove(space().heap()->vm());
+ }
+
+private:
+ IsoSubspacePerVM& m_perVM;
+};
+
+IsoSubspacePerVM::IsoSubspacePerVM(Function<SubspaceParameters(VM&)> subspaceParameters)
+ : m_subspaceParameters(WTFMove(subspaceParameters))
+{
+}
+
+IsoSubspacePerVM::~IsoSubspacePerVM()
+{
+ UNREACHABLE_FOR_PLATFORM();
+}
+
+IsoSubspace& IsoSubspacePerVM::forVM(VM& vm)
+{
+ auto locker = holdLock(m_lock);
+ auto result = m_subspacePerVM.add(&vm, nullptr);
+ if (result.isNewEntry) {
+ SubspaceParameters params = m_subspaceParameters(vm);
+ result.iterator->value = new AutoremovingIsoSubspace(*this, params.name, vm.heap, params.heapCellType, params.size);
+ }
+ return *result.iterator->value;
+}
+
+} // namespace JSC
+
Added: trunk/Source/_javascript_Core/heap/IsoSubspacePerVM.h (0 => 230813)
--- trunk/Source/_javascript_Core/heap/IsoSubspacePerVM.h (rev 0)
+++ trunk/Source/_javascript_Core/heap/IsoSubspacePerVM.h 2018-04-19 19:33:03 UTC (rev 230813)
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2018 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "IsoSubspace.h"
+#include <wtf/Function.h>
+#include <wtf/HashMap.h>
+#include <wtf/Lock.h>
+
+namespace JSC {
+
+// This is an appropriate way to stash IsoSubspaces for rarely-used classes or classes that are mostly
+// sure to be main-thread-only. But if a class typically gets instantiated from multiple threads at
+// once, then this is not great, because concurrent allocations will probably contend on this thing's
+// lock.
+class IsoSubspacePerVM {
+public:
+ struct SubspaceParameters {
+ SubspaceParameters() { }
+
+ SubspaceParameters(CString name, HeapCellType* heapCellType, size_t size)
+ : name(WTFMove(name))
+ , heapCellType(heapCellType)
+ , size(size)
+ {
+ }
+
+ CString name;
+ HeapCellType* heapCellType { nullptr };
+ size_t size { 0 };
+ };
+
+ JS_EXPORT_PRIVATE IsoSubspacePerVM(Function<SubspaceParameters(VM&)>);
+ JS_EXPORT_PRIVATE ~IsoSubspacePerVM();
+
+ JS_EXPORT_PRIVATE IsoSubspace& forVM(VM&);
+
+private:
+ class AutoremovingIsoSubspace;
+ friend class AutoremovingIsoSubspace;
+
+ Lock m_lock;
+ HashMap<VM*, IsoSubspace*> m_subspacePerVM;
+ Function<SubspaceParameters(VM&)> m_subspaceParameters;
+};
+
+#define ISO_SUBSPACE_PARAMETERS(heapCellType, type) ::JSC::IsoSubspacePerVM::SubspaceParameters("Isolated " #type " Space", (heapCellType), sizeof(type))
+
+} // namespace JSC
+
Modified: trunk/Source/_javascript_Core/runtime/Error.h (230812 => 230813)
--- trunk/Source/_javascript_Core/runtime/Error.h 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/_javascript_Core/runtime/Error.h 2018-04-19 19:33:03 UTC (rev 230813)
@@ -115,6 +115,12 @@
public:
typedef InternalFunction Base;
+
+ template<typename CellType>
+ static IsoSubspace* subspaceFor(VM& vm)
+ {
+ return &vm.strictModeTypeErrorFunctionSpace;
+ }
static StrictModeTypeErrorFunction* create(VM& vm, Structure* structure, const String& message)
{
Modified: trunk/Source/_javascript_Core/runtime/ErrorConstructor.h (230812 => 230813)
--- trunk/Source/_javascript_Core/runtime/ErrorConstructor.h 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/_javascript_Core/runtime/ErrorConstructor.h 2018-04-19 19:33:03 UTC (rev 230813)
@@ -1,6 +1,6 @@
/*
* Copyright (C) 1999-2000 Harri Porten (por...@kde.org)
- * Copyright (C) 2008-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2008-2018 Apple Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -31,6 +31,12 @@
public:
typedef InternalFunction Base;
+ template<typename CellType>
+ static IsoSubspace* subspaceFor(VM& vm)
+ {
+ return &vm.errorConstructorSpace;
+ }
+
static ErrorConstructor* create(VM& vm, Structure* structure, ErrorPrototype* errorPrototype, GetterSetter*)
{
ErrorConstructor* constructor = new (NotNull, allocateCell<ErrorConstructor>(vm.heap)) ErrorConstructor(vm, structure);
Modified: trunk/Source/_javascript_Core/runtime/InternalFunction.h (230812 => 230813)
--- trunk/Source/_javascript_Core/runtime/InternalFunction.h 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/_javascript_Core/runtime/InternalFunction.h 2018-04-19 19:33:03 UTC (rev 230813)
@@ -38,6 +38,13 @@
typedef JSDestructibleObject Base;
static const unsigned StructureFlags = Base::StructureFlags | ImplementsHasInstance | ImplementsDefaultHasInstance | TypeOfShouldCallGetCallData;
+ template<typename CellType>
+ static IsoSubspace* subspaceFor(VM& vm)
+ {
+ static_assert(sizeof(CellType) == sizeof(InternalFunction), "InternalFunction subclasses that add fields need to override subspaceFor<>()");
+ return &vm.internalFunctionSpace;
+ }
+
DECLARE_EXPORT_INFO;
JS_EXPORT_PRIVATE static void visitChildren(JSCell*, SlotVisitor&);
Modified: trunk/Source/_javascript_Core/runtime/IntlCollatorConstructor.h (230812 => 230813)
--- trunk/Source/_javascript_Core/runtime/IntlCollatorConstructor.h 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/_javascript_Core/runtime/IntlCollatorConstructor.h 2018-04-19 19:33:03 UTC (rev 230813)
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2015 Andy VanWagoner (thetalecraf...@gmail.com)
+ * Copyright (C) 2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -39,6 +40,12 @@
typedef InternalFunction Base;
static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable;
+ template<typename CellType>
+ static IsoSubspace* subspaceFor(VM& vm)
+ {
+ return &vm.intlCollatorConstructorSpace;
+ }
+
static IntlCollatorConstructor* create(VM&, Structure*, IntlCollatorPrototype*, Structure*);
static Structure* createStructure(VM&, JSGlobalObject*, JSValue);
Modified: trunk/Source/_javascript_Core/runtime/IntlDateTimeFormatConstructor.h (230812 => 230813)
--- trunk/Source/_javascript_Core/runtime/IntlDateTimeFormatConstructor.h 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/_javascript_Core/runtime/IntlDateTimeFormatConstructor.h 2018-04-19 19:33:03 UTC (rev 230813)
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2015 Andy VanWagoner (thetalecraf...@gmail.com)
+ * Copyright (C) 2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -39,6 +40,12 @@
typedef InternalFunction Base;
static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable;
+ template<typename CellType>
+ static IsoSubspace* subspaceFor(VM& vm)
+ {
+ return &vm.intlDateTimeFormatConstructorSpace;
+ }
+
static IntlDateTimeFormatConstructor* create(VM&, Structure*, IntlDateTimeFormatPrototype*, Structure*);
static Structure* createStructure(VM&, JSGlobalObject*, JSValue);
Modified: trunk/Source/_javascript_Core/runtime/IntlNumberFormatConstructor.h (230812 => 230813)
--- trunk/Source/_javascript_Core/runtime/IntlNumberFormatConstructor.h 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/_javascript_Core/runtime/IntlNumberFormatConstructor.h 2018-04-19 19:33:03 UTC (rev 230813)
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2015 Andy VanWagoner (thetalecraf...@gmail.com)
+ * Copyright (C) 2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -39,6 +40,12 @@
typedef InternalFunction Base;
static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable;
+ template<typename CellType>
+ static IsoSubspace* subspaceFor(VM& vm)
+ {
+ return &vm.intlNumberFormatConstructorSpace;
+ }
+
static IntlNumberFormatConstructor* create(VM&, Structure*, IntlNumberFormatPrototype*, Structure*);
static Structure* createStructure(VM&, JSGlobalObject*, JSValue);
Modified: trunk/Source/_javascript_Core/runtime/JSArrayBufferConstructor.h (230812 => 230813)
--- trunk/Source/_javascript_Core/runtime/JSArrayBufferConstructor.h 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/_javascript_Core/runtime/JSArrayBufferConstructor.h 2018-04-19 19:33:03 UTC (rev 230813)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -37,6 +37,12 @@
public:
typedef InternalFunction Base;
+ template<typename CellType>
+ static IsoSubspace* subspaceFor(VM& vm)
+ {
+ return &vm.arrayBufferConstructorSpace;
+ }
+
protected:
JSArrayBufferConstructor(VM&, Structure*, ArrayBufferSharingMode);
void finishCreation(VM&, JSArrayBufferPrototype*, GetterSetter* speciesSymbol);
Modified: trunk/Source/_javascript_Core/runtime/NativeErrorConstructor.h (230812 => 230813)
--- trunk/Source/_javascript_Core/runtime/NativeErrorConstructor.h 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/_javascript_Core/runtime/NativeErrorConstructor.h 2018-04-19 19:33:03 UTC (rev 230813)
@@ -1,6 +1,6 @@
/*
* Copyright (C) 1999-2000 Harri Porten (por...@kde.org)
- * Copyright (C) 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2008-2018 Apple Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -33,6 +33,12 @@
public:
typedef InternalFunction Base;
+ template<typename CellType>
+ static IsoSubspace* subspaceFor(VM& vm)
+ {
+ return &vm.nativeErrorConstructorSpace;
+ }
+
static NativeErrorConstructor* create(VM& vm, JSGlobalObject* globalObject, Structure* structure, Structure* prototypeStructure, const String& name)
{
NativeErrorConstructor* constructor = new (NotNull, allocateCell<NativeErrorConstructor>(vm.heap)) NativeErrorConstructor(vm, structure);
Modified: trunk/Source/_javascript_Core/runtime/ProxyRevoke.h (230812 => 230813)
--- trunk/Source/_javascript_Core/runtime/ProxyRevoke.h 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/_javascript_Core/runtime/ProxyRevoke.h 2018-04-19 19:33:03 UTC (rev 230813)
@@ -36,6 +36,12 @@
typedef InternalFunction Base;
static const unsigned StructureFlags = Base::StructureFlags;
+ template<typename CellType>
+ static IsoSubspace* subspaceFor(VM& vm)
+ {
+ return &vm.proxyRevokeSpace;
+ }
+
static ProxyRevoke* create(VM&, Structure*, ProxyObject*);
DECLARE_INFO;
Modified: trunk/Source/_javascript_Core/runtime/RegExpConstructor.h (230812 => 230813)
--- trunk/Source/_javascript_Core/runtime/RegExpConstructor.h 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/_javascript_Core/runtime/RegExpConstructor.h 2018-04-19 19:33:03 UTC (rev 230813)
@@ -1,6 +1,6 @@
/*
* Copyright (C) 1999-2000 Harri Porten (por...@kde.org)
- * Copyright (C) 2003, 2007-2008, 2016 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2003-2018 Apple Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -35,6 +35,12 @@
typedef InternalFunction Base;
static const unsigned StructureFlags = Base::StructureFlags | HasStaticPropertyTable;
+ template<typename CellType>
+ static IsoSubspace* subspaceFor(VM& vm)
+ {
+ return &vm.regExpConstructorSpace;
+ }
+
static RegExpConstructor* create(VM& vm, Structure* structure, RegExpPrototype* regExpPrototype, GetterSetter* species)
{
RegExpConstructor* constructor = new (NotNull, allocateCell<RegExpConstructor>(vm.heap)) RegExpConstructor(vm, structure, regExpPrototype);
Modified: trunk/Source/_javascript_Core/runtime/VM.cpp (230812 => 230813)
--- trunk/Source/_javascript_Core/runtime/VM.cpp 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/_javascript_Core/runtime/VM.cpp 2018-04-19 19:33:03 UTC (rev 230813)
@@ -41,6 +41,8 @@
#include "DFGWorklist.h"
#include "DirectEvalExecutable.h"
#include "Disassembler.h"
+#include "Error.h"
+#include "ErrorConstructor.h"
#include "ErrorInstance.h"
#include "EvalCodeBlock.h"
#include "Exception.h"
@@ -64,14 +66,19 @@
#include "InferredTypeTable.h"
#include "InferredValue.h"
#include "Interpreter.h"
+#include "IntlCollatorConstructor.h"
+#include "IntlDateTimeFormatConstructor.h"
+#include "IntlNumberFormatConstructor.h"
#include "JITCode.h"
#include "JITWorklist.h"
#include "JSAPIValueWrapper.h"
#include "JSArray.h"
+#include "JSArrayBufferConstructor.h"
#include "JSAsyncFunction.h"
#include "JSBigInt.h"
#include "JSBoundFunction.h"
#include "JSCInlines.h"
+#include "JSCallbackFunction.h"
#include "JSCustomGetterSetterFunction.h"
#include "JSDestructibleObjectHeapCellType.h"
#include "JSFixedArray.h"
@@ -103,9 +110,11 @@
#include "MinimumReservedZoneSize.h"
#include "ModuleProgramCodeBlock.h"
#include "ModuleProgramExecutable.h"
+#include "NativeErrorConstructor.h"
#include "NativeExecutable.h"
#include "NativeStdFunctionCell.h"
#include "Nodes.h"
+#include "ObjCCallbackFunction.h"
#include "Parser.h"
#include "ProfilerDatabase.h"
#include "ProgramCodeBlock.h"
@@ -112,7 +121,9 @@
#include "ProgramExecutable.h"
#include "PromiseDeferredTimer.h"
#include "PropertyMapHashTable.h"
+#include "ProxyRevoke.h"
#include "RegExpCache.h"
+#include "RegExpConstructor.h"
#include "RegExpObject.h"
#include "RegisterAtOffsetList.h"
#include "RuntimeType.h"
@@ -254,11 +265,14 @@
, destructibleObjectSpace("JSDestructibleObject", heap, destructibleObjectHeapCellType.get(), fastMallocAllocator.get())
, eagerlySweptDestructibleObjectSpace("Eagerly Swept JSDestructibleObject", heap, destructibleObjectHeapCellType.get(), fastMallocAllocator.get())
, segmentedVariableObjectSpace("JSSegmentedVariableObjectSpace", heap, segmentedVariableObjectHeapCellType.get(), fastMallocAllocator.get())
+ , arrayBufferConstructorSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), JSArrayBufferConstructor)
, asyncFunctionSpace ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), JSAsyncFunction)
, asyncGeneratorFunctionSpace ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), JSAsyncGeneratorFunction)
, boundFunctionSpace ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), JSBoundFunction)
+ , callbackFunctionSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), JSCallbackFunction)
, customGetterSetterFunctionSpace ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), JSCustomGetterSetterFunction)
, directEvalExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), DirectEvalExecutable)
+ , errorConstructorSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), ErrorConstructor)
, executableToCodeBlockEdgeSpace ISO_SUBSPACE_INIT(heap, cellDangerousBitsHeapCellType.get(), ExecutableToCodeBlockEdge)
, functionExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), FunctionExecutable)
, functionSpace ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), JSFunction)
@@ -266,11 +280,24 @@
, indirectEvalExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), IndirectEvalExecutable)
, inferredTypeSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), InferredType)
, inferredValueSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), InferredValue)
+ , internalFunctionSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), InternalFunction)
+#if ENABLE(INTL)
+ , intlCollatorConstructorSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), IntlCollatorConstructor)
+ , intlDateTimeFormatConstructorSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), IntlDateTimeFormatConstructor)
+ , intlNumberFormatConstructorSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), IntlNumberFormatConstructor)
+#endif
, moduleProgramExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), ModuleProgramExecutable)
+ , nativeErrorConstructorSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), NativeErrorConstructor)
, nativeExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), NativeExecutable)
, nativeStdFunctionSpace ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), JSNativeStdFunction)
+#if JSC_OBJC_API_ENABLED
+ , objCCallbackFunctionSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), ObjCCallbackFunction)
+#endif
, programExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), ProgramExecutable)
, propertyTableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), PropertyTable)
+ , proxyRevokeSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), ProxyRevoke)
+ , regExpConstructorSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), RegExpConstructor)
+ , strictModeTypeErrorFunctionSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), StrictModeTypeErrorFunction)
, structureRareDataSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), StructureRareData)
, structureSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), Structure)
, weakSetSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), JSWeakSet)
Modified: trunk/Source/_javascript_Core/runtime/VM.h (230812 => 230813)
--- trunk/Source/_javascript_Core/runtime/VM.h 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/_javascript_Core/runtime/VM.h 2018-04-19 19:33:03 UTC (rev 230813)
@@ -80,6 +80,16 @@
#include <wtf/StackTrace.h>
#endif
+// Enable the Objective-C API for platforms with a modern runtime. This has to match exactly what we
+// have in JSBase.h.
+#if !defined(JSC_OBJC_API_ENABLED)
+#if (defined(__clang__) && defined(__APPLE__) && ((defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && !defined(__i386__)) || (defined(TARGET_OS_IPHONE) && TARGET_OS_IPHONE)))
+#define JSC_OBJC_API_ENABLED 1
+#else
+#define JSC_OBJC_API_ENABLED 0
+#endif
+#endif
+
namespace WTF {
class SimpleStats;
} // namespace WTF
@@ -337,11 +347,14 @@
CompleteSubspace eagerlySweptDestructibleObjectSpace;
CompleteSubspace segmentedVariableObjectSpace;
+ IsoSubspace arrayBufferConstructorSpace;
IsoSubspace asyncFunctionSpace;
IsoSubspace asyncGeneratorFunctionSpace;
IsoSubspace boundFunctionSpace;
+ IsoSubspace callbackFunctionSpace;
IsoSubspace customGetterSetterFunctionSpace;
IsoSubspace directEvalExecutableSpace;
+ IsoSubspace errorConstructorSpace;
IsoSubspace executableToCodeBlockEdgeSpace;
IsoSubspace functionExecutableSpace;
IsoSubspace functionSpace;
@@ -349,11 +362,24 @@
IsoSubspace indirectEvalExecutableSpace;
IsoSubspace inferredTypeSpace;
IsoSubspace inferredValueSpace;
+ IsoSubspace internalFunctionSpace;
+#if ENABLE(INTL)
+ IsoSubspace intlCollatorConstructorSpace;
+ IsoSubspace intlDateTimeFormatConstructorSpace;
+ IsoSubspace intlNumberFormatConstructorSpace;
+#endif
IsoSubspace moduleProgramExecutableSpace;
+ IsoSubspace nativeErrorConstructorSpace;
IsoSubspace nativeExecutableSpace;
IsoSubspace nativeStdFunctionSpace;
+#if JSC_OBJC_API_ENABLED
+ IsoSubspace objCCallbackFunctionSpace;
+#endif
IsoSubspace programExecutableSpace;
IsoSubspace propertyTableSpace;
+ IsoSubspace proxyRevokeSpace;
+ IsoSubspace regExpConstructorSpace;
+ IsoSubspace strictModeTypeErrorFunctionSpace;
IsoSubspace structureRareDataSpace;
IsoSubspace structureSpace;
IsoSubspace weakSetSpace;
Modified: trunk/Source/WebCore/ChangeLog (230812 => 230813)
--- trunk/Source/WebCore/ChangeLog 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/WebCore/ChangeLog 2018-04-19 19:33:03 UTC (rev 230813)
@@ -1,3 +1,20 @@
+2018-04-17 Filip Pizlo <fpi...@apple.com>
+
+ The InternalFunction hierarchy should be in IsoSubspaces
+ https://bugs.webkit.org/show_bug.cgi?id=184721
+
+ Reviewed by Saam Barati.
+
+ No new tests because no new behavior.
+
+ * bindings/js/WebCoreJSClientData.cpp:
+ (WebCore::JSVMClientData::JSVMClientData):
+ * bindings/js/WebCoreJSClientData.h:
+ (WebCore::JSVMClientData::runtimeMethodSpace):
+ * bridge/runtime_method.cpp:
+ (JSC::RuntimeMethod::subspaceForImpl):
+ * bridge/runtime_method.h:
+
2018-04-19 Brady Eidson <beid...@apple.com>
Add globally-unique HistoryItem identifiers (and have WebKit2 adopt them).
Modified: trunk/Source/WebCore/bindings/js/WebCoreJSClientData.cpp (230812 => 230813)
--- trunk/Source/WebCore/bindings/js/WebCoreJSClientData.cpp 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/WebCore/bindings/js/WebCoreJSClientData.cpp 2018-04-19 19:33:03 UTC (rev 230813)
@@ -35,6 +35,7 @@
#include <_javascript_Core/MarkingConstraint.h>
#include <_javascript_Core/SubspaceInlines.h>
#include <_javascript_Core/VM.h>
+#include "runtime_method.h"
#include <wtf/MainThread.h>
namespace WebCore {
@@ -43,6 +44,7 @@
JSVMClientData::JSVMClientData(VM& vm)
: m_builtinFunctions(vm)
, m_builtinNames(&vm)
+ , m_runtimeMethodSpace ISO_SUBSPACE_INIT(vm.heap, vm.destructibleObjectHeapCellType.get(), RuntimeMethod)
, m_outputConstraintSpace("WebCore Wrapper w/ Output Constraint", vm.heap, vm.destructibleObjectHeapCellType.get(), vm.fastMallocAllocator.get())
, m_globalObjectOutputConstraintSpace("WebCore Global Object w/ Output Constraint", vm.heap, vm.segmentedVariableObjectHeapCellType.get(), vm.fastMallocAllocator.get())
{
Modified: trunk/Source/WebCore/bindings/js/WebCoreJSClientData.h (230812 => 230813)
--- trunk/Source/WebCore/bindings/js/WebCoreJSClientData.h 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/WebCore/bindings/js/WebCoreJSClientData.h 2018-04-19 19:33:03 UTC (rev 230813)
@@ -59,6 +59,8 @@
WebCoreBuiltinNames& builtinNames() { return m_builtinNames; }
JSBuiltinFunctions& builtinFunctions() { return m_builtinFunctions; }
+ JSC::IsoSubspace& runtimeMethodSpace() { return m_runtimeMethodSpace; }
+
JSC::CompleteSubspace& outputConstraintSpace() { return m_outputConstraintSpace; }
JSC::CompleteSubspace& globalObjectOutputConstraintSpace() { return m_globalObjectOutputConstraintSpace; }
@@ -76,6 +78,8 @@
JSBuiltinFunctions m_builtinFunctions;
WebCoreBuiltinNames m_builtinNames;
+ JSC::IsoSubspace m_runtimeMethodSpace;
+
JSC::CompleteSubspace m_outputConstraintSpace;
JSC::CompleteSubspace m_globalObjectOutputConstraintSpace;
};
Modified: trunk/Source/WebCore/bridge/runtime_method.cpp (230812 => 230813)
--- trunk/Source/WebCore/bridge/runtime_method.cpp 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/WebCore/bridge/runtime_method.cpp 2018-04-19 19:33:03 UTC (rev 230813)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2003, 2008, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2003-2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -29,6 +29,7 @@
#include "JSDOMBinding.h"
#include "JSHTMLElement.h"
#include "JSPluginElementFunctions.h"
+#include "WebCoreJSClientData.h"
#include "runtime_object.h"
#include <_javascript_Core/Error.h>
#include <_javascript_Core/FunctionPrototype.h>
@@ -79,6 +80,11 @@
return InternalFunction::getOwnPropertySlot(thisObject, exec, propertyName, slot);
}
+IsoSubspace* RuntimeMethod::subspaceForImpl(VM& vm)
+{
+ return &static_cast<JSVMClientData*>(vm.clientData)->runtimeMethodSpace();
+}
+
static EncodedJSValue JSC_HOST_CALL callRuntimeMethod(ExecState* exec)
{
VM& vm = exec->vm();
Modified: trunk/Source/WebCore/bridge/runtime_method.h (230812 => 230813)
--- trunk/Source/WebCore/bridge/runtime_method.h 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/WebCore/bridge/runtime_method.h 2018-04-19 19:33:03 UTC (rev 230813)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2003, 2008 Apple Inc. All rights reserved.
+ * Copyright (C) 2003-2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -37,6 +37,13 @@
typedef InternalFunction Base;
static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | TypeOfShouldCallGetCallData;
+ template<typename CellType>
+ static IsoSubspace* subspaceFor(VM& vm)
+ {
+ static_assert(sizeof(CellType) == sizeof(RuntimeMethod), "RuntimeMethod subclasses that add fields need to override subspaceFor<>()");
+ return subspaceForImpl(vm);
+ }
+
static RuntimeMethod* create(ExecState*, JSGlobalObject* globalObject, Structure* structure, const String& name, Bindings::Method* method)
{
VM& vm = globalObject->vm();
@@ -68,6 +75,8 @@
private:
static EncodedJSValue lengthGetter(ExecState*, EncodedJSValue, PropertyName);
+ static IsoSubspace* subspaceForImpl(VM&);
+
Bindings::Method* m_method;
};
Modified: trunk/Source/WebKit/ChangeLog (230812 => 230813)
--- trunk/Source/WebKit/ChangeLog 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/WebKit/ChangeLog 2018-04-19 19:33:03 UTC (rev 230813)
@@ -1,3 +1,23 @@
+2018-04-17 Filip Pizlo <fpi...@apple.com>
+
+ The InternalFunction hierarchy should be in IsoSubspaces
+ https://bugs.webkit.org/show_bug.cgi?id=184721
+
+ Reviewed by Saam Barati.
+
+ * WebProcess/Plugins/Netscape/JSNPMethod.cpp:
+ (WebKit::JSNPMethod::subspaceForImpl):
+ * WebProcess/Plugins/Netscape/JSNPMethod.h:
+ (WebKit::JSNPMethod::create): Deleted.
+ (WebKit::JSNPMethod::npIdentifier const): Deleted.
+ (WebKit::JSNPMethod::createStructure): Deleted.
+ * WebProcess/Plugins/Netscape/JSNPObject.cpp:
+ (WebKit::JSNPObject::subspaceForImpl):
+ * WebProcess/Plugins/Netscape/JSNPObject.h:
+ (WebKit::JSNPObject::create): Deleted.
+ (WebKit::JSNPObject::npObject const): Deleted.
+ (WebKit::JSNPObject::createStructure): Deleted.
+
2018-04-19 Brady Eidson <beid...@apple.com>
Add globally-unique HistoryItem identifiers (and have WebKit2 adopt them).
Modified: trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.cpp (230812 => 230813)
--- trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.cpp 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.cpp 2018-04-19 19:33:03 UTC (rev 230813)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -31,6 +31,8 @@
#include "JSNPObject.h"
#include <_javascript_Core/Error.h>
#include <_javascript_Core/FunctionPrototype.h>
+#include <_javascript_Core/IsoSubspacePerVM.h>
+#include <_javascript_Core/JSDestructibleObjectHeapCellType.h>
#include <_javascript_Core/JSGlobalObject.h>
#include <_javascript_Core/JSObject.h>
#include <WebCore/JSHTMLElement.h>
@@ -59,6 +61,12 @@
ASSERT(inherits(vm, info()));
}
+IsoSubspace* JSNPMethod::subspaceForImpl(VM& vm)
+{
+ static NeverDestroyed<IsoSubspacePerVM> perVM([] (VM& vm) { return ISO_SUBSPACE_PARAMETERS(vm.destructibleObjectHeapCellType.get(), JSNPMethod); });
+ return &perVM.get().forVM(vm);
+}
+
static EncodedJSValue JSC_HOST_CALL callMethod(ExecState* exec)
{
VM& vm = exec->vm();
Modified: trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.h (230812 => 230813)
--- trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.h 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.h 2018-04-19 19:33:03 UTC (rev 230813)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -37,10 +37,16 @@
namespace WebKit {
// A JSObject that wraps an NPMethod.
-class JSNPMethod : public JSC::InternalFunction {
+class JSNPMethod final : public JSC::InternalFunction {
public:
typedef JSC::InternalFunction Base;
+ template<typename CellType>
+ static JSC::IsoSubspace* subspaceFor(JSC::VM& vm)
+ {
+ return subspaceForImpl(vm);
+ }
+
static JSNPMethod* create(JSC::ExecState* exec, JSC::JSGlobalObject* globalObject, const String& name, NPIdentifier npIdent)
{
JSC::VM& vm = globalObject->vm();
@@ -57,7 +63,9 @@
protected:
void finishCreation(JSC::VM&, const String& name);
-private:
+private:
+ static JSC::IsoSubspace* subspaceForImpl(JSC::VM&);
+
JSNPMethod(JSC::JSGlobalObject*, JSC::Structure*, NPIdentifier);
static JSC::Structure* createStructure(JSC::VM& vm, JSC::JSGlobalObject* globalObject, JSC::JSValue prototype)
Modified: trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.cpp (230812 => 230813)
--- trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.cpp 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.cpp 2018-04-19 19:33:03 UTC (rev 230813)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010, 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -35,6 +35,8 @@
#include <_javascript_Core/AuxiliaryBarrierInlines.h>
#include <_javascript_Core/Error.h>
#include <_javascript_Core/IdentifierInlines.h>
+#include <_javascript_Core/IsoSubspacePerVM.h>
+#include <_javascript_Core/JSDestructibleObjectHeapCellType.h>
#include <_javascript_Core/JSGlobalObject.h>
#include <_javascript_Core/JSLock.h>
#include <_javascript_Core/ObjectPrototype.h>
@@ -527,6 +529,12 @@
return throwException(exec, scope, createReferenceError(exec, "Trying to access object from destroyed plug-in."));
}
+IsoSubspace* JSNPObject::subspaceForImpl(VM& vm)
+{
+ static NeverDestroyed<IsoSubspacePerVM> perVM([] (VM& vm) { return ISO_SUBSPACE_PARAMETERS(vm.destructibleObjectHeapCellType.get(), JSNPObject); });
+ return &perVM.get().forVM(vm);
+}
+
} // namespace WebKit
#endif // ENABLE(NETSCAPE_PLUGIN_API)
Modified: trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h (230812 => 230813)
--- trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h 2018-04-19 18:45:40 UTC (rev 230812)
+++ trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h 2018-04-19 19:33:03 UTC (rev 230813)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -41,11 +41,17 @@
// JSNPObject is a JSObject that wraps an NPObject.
-class JSNPObject : public JSC::JSDestructibleObject {
+class JSNPObject final : public JSC::JSDestructibleObject {
public:
typedef JSC::JSDestructibleObject Base;
static const unsigned StructureFlags = Base::StructureFlags | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::TypeOfShouldCallGetCallData;
+ template<typename CellType>
+ static JSC::IsoSubspace* subspaceFor(JSC::VM& vm)
+ {
+ return subspaceForImpl(vm);
+ }
+
static JSNPObject* create(JSC::JSGlobalObject* globalObject, NPRuntimeObjectMap* objectMap, NPObject* npObject)
{
JSC::Structure* structure = createStructure(globalObject->vm(), globalObject, globalObject->objectPrototype());
@@ -74,6 +80,8 @@
void finishCreation(JSC::JSGlobalObject*);
private:
+ static JSC::IsoSubspace* subspaceForImpl(JSC::VM&);
+
JSNPObject(JSC::JSGlobalObject*, JSC::Structure*, NPRuntimeObjectMap*, NPObject*);
static JSC::Structure* createStructure(JSC::VM& vm, JSC::JSGlobalObject* globalObject, JSC::JSValue prototype)
