Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (225886 => 225887)
--- trunk/Source/_javascript_Core/ChangeLog 2017-12-14 01:07:23 UTC (rev 225886)
+++ trunk/Source/_javascript_Core/ChangeLog 2017-12-14 01:12:03 UTC (rev 225887)
@@ -1,3 +1,29 @@
+2017-12-12 Filip Pizlo <fpi...@apple.com>
+
+ InferredValue should use IsoSubspace
+ https://bugs.webkit.org/show_bug.cgi?id=180738
+
+ Reviewed by Keith Miller.
+
+ This moves InferredValue into an IsoSubspace and then takes advantage of this to get rid of
+ its UnconditionalFinalizer.
+
+ * _javascript_Core.xcodeproj/project.pbxproj:
+ * heap/Heap.cpp:
+ (JSC::Heap::finalizeUnconditionalFinalizers):
+ * runtime/InferredValue.cpp:
+ (JSC::InferredValue::visitChildren):
+ (JSC::InferredValue::ValueCleanup::ValueCleanup): Deleted.
+ (JSC::InferredValue::ValueCleanup::~ValueCleanup): Deleted.
+ (JSC::InferredValue::ValueCleanup::finalizeUnconditionally): Deleted.
+ * runtime/InferredValue.h:
+ (JSC::InferredValue::subspaceFor):
+ * runtime/InferredValueInlines.h: Added.
+ (JSC::InferredValue::finalizeUnconditionally):
+ * runtime/VM.cpp:
+ (JSC::VM::VM):
+ * runtime/VM.h:
+
2017-12-13 Devin Rousso <web...@devinrousso.com>
Web Inspector: add instrumentation for ImageBitmapRenderingContext
Modified: trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj (225886 => 225887)
--- trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj 2017-12-14 01:07:23 UTC (rev 225886)
+++ trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj 2017-12-14 01:12:03 UTC (rev 225887)
@@ -310,6 +310,7 @@
0F485328187DFDEC0083B687 /* FTLAvailableRecovery.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F485324187DFDEC0083B687 /* FTLAvailableRecovery.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F48532A187DFDEC0083B687 /* FTLRecoveryOpcode.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F485326187DFDEC0083B687 /* FTLRecoveryOpcode.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F4A38FA1C8E13DF00190318 /* SuperSampler.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4A38F81C8E13DF00190318 /* SuperSampler.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0F4AE0431FE0D25700E20839 /* InferredValueInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4AE0421FE0D25400E20839 /* InferredValueInlines.h */; };
0F4B94DC17B9F07500DD03A4 /* TypedArrayInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4B94DB17B9F07500DD03A4 /* TypedArrayInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F4C91661C29F4F2004341A6 /* B3OriginDump.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4C91651C29F4F2004341A6 /* B3OriginDump.h */; };
0F4D8C741FC7A97A001D32AC /* VisitCounter.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4D8C721FC7A973001D32AC /* VisitCounter.h */; };
@@ -2282,6 +2283,7 @@
0F493AF816D0CAD10084508B /* SourceProvider.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SourceProvider.cpp; sourceTree = "<group>"; };
0F4A38F71C8E13DF00190318 /* SuperSampler.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SuperSampler.cpp; sourceTree = "<group>"; };
0F4A38F81C8E13DF00190318 /* SuperSampler.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SuperSampler.h; sourceTree = "<group>"; };
+ 0F4AE0421FE0D25400E20839 /* InferredValueInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = InferredValueInlines.h; sourceTree = "<group>"; };
0F4B94DB17B9F07500DD03A4 /* TypedArrayInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TypedArrayInlines.h; sourceTree = "<group>"; };
0F4C91651C29F4F2004341A6 /* B3OriginDump.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = B3OriginDump.h; path = b3/B3OriginDump.h; sourceTree = "<group>"; };
0F4D8C721FC7A973001D32AC /* VisitCounter.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = VisitCounter.h; sourceTree = "<group>"; };
@@ -6507,13 +6509,14 @@
0FFC92101B94D4DF0071DD66 /* InferredTypeTable.h */,
0FF8BDE81AD4CF7100DFE884 /* InferredValue.cpp */,
0FF8BDE91AD4CF7100DFE884 /* InferredValue.h */,
+ 0F4AE0421FE0D25400E20839 /* InferredValueInlines.h */,
E178636C0D9BEEC300D74E75 /* InitializeThreading.cpp */,
E178633F0D9BEC0000D74E75 /* InitializeThreading.h */,
E35E035D1B7AB43E0073AD2A /* InspectorInstrumentationObject.cpp */,
E35E035E1B7AB43E0073AD2A /* InspectorInstrumentationObject.h */,
+ A7A8AF2B17ADB5F3005AB174 /* Int8Array.h */,
A7A8AF2C17ADB5F3005AB174 /* Int16Array.h */,
A7A8AF2D17ADB5F3005AB174 /* Int32Array.h */,
- A7A8AF2B17ADB5F3005AB174 /* Int8Array.h */,
BC9BB95B0E19680600DF8855 /* InternalFunction.cpp */,
BC11667A0E199C05008066DD /* InternalFunction.h */,
A1B9E2331B4E0D6700BC7FED /* IntlCollator.cpp */,
@@ -6614,9 +6617,9 @@
BC756FC60E2031B200DE7D12 /* JSGlobalObjectFunctions.cpp */,
BC756FC70E2031B200DE7D12 /* JSGlobalObjectFunctions.h */,
79B819921DD25CF500DDC714 /* JSGlobalObjectInlines.h */,
+ 0F2B66C917B6B5AB00A7AE3F /* JSInt8Array.h */,
0F2B66CA17B6B5AB00A7AE3F /* JSInt16Array.h */,
0F2B66CB17B6B5AB00A7AE3F /* JSInt32Array.h */,
- 0F2B66C917B6B5AB00A7AE3F /* JSInt8Array.h */,
E33F507E1B8429A400413856 /* JSInternalPromise.cpp */,
E33F507F1B8429A400413856 /* JSInternalPromise.h */,
E33F50761B84225700413856 /* JSInternalPromiseConstructor.cpp */,
@@ -6705,10 +6708,10 @@
53F256E11B87E28000B4B768 /* JSTypedArrayViewPrototype.cpp */,
53917E7C1B791106000EBD33 /* JSTypedArrayViewPrototype.h */,
6507D2970E871E4A00D7D896 /* JSTypeInfo.h */,
+ 0F2B66D217B6B5AB00A7AE3F /* JSUint8Array.h */,
+ 0F2B66D317B6B5AB00A7AE3F /* JSUint8ClampedArray.h */,
0F2B66D417B6B5AB00A7AE3F /* JSUint16Array.h */,
0F2B66D517B6B5AB00A7AE3F /* JSUint32Array.h */,
- 0F2B66D217B6B5AB00A7AE3F /* JSUint8Array.h */,
- 0F2B66D317B6B5AB00A7AE3F /* JSUint8ClampedArray.h */,
A7CA3AE117DA41AE006538AF /* JSWeakMap.cpp */,
A7CA3AE217DA41AE006538AF /* JSWeakMap.h */,
709FB8611AE335C60039D069 /* JSWeakSet.cpp */,
@@ -6922,11 +6925,11 @@
0F2D4DE019832D91007D4B19 /* TypeProfilerLog.h */,
0F2D4DE319832D91007D4B19 /* TypeSet.cpp */,
0F2D4DE419832D91007D4B19 /* TypeSet.h */,
+ A7A8AF3017ADB5F3005AB174 /* Uint8Array.h */,
+ A7A8AF3117ADB5F3005AB174 /* Uint8ClampedArray.h */,
A7A8AF3217ADB5F3005AB174 /* Uint16Array.h */,
866739D113BFDE710023D87C /* Uint16WithFraction.h */,
A7A8AF3317ADB5F3005AB174 /* Uint32Array.h */,
- A7A8AF3017ADB5F3005AB174 /* Uint8Array.h */,
- A7A8AF3117ADB5F3005AB174 /* Uint8ClampedArray.h */,
0FE050231AA9095600D33B33 /* VarOffset.cpp */,
0FE050241AA9095600D33B33 /* VarOffset.h */,
E18E3A570DF9278C00D90B34 /* VM.cpp */,
@@ -8864,7 +8867,7 @@
148CD1D8108CF902008163C6 /* JSContextRefPrivate.h in Headers */,
FE2B0B731FD9EF700075DA5F /* JSCPoison.h in Headers */,
FE2B0B691FD227E00075DA5F /* JSCPoisonedPtr.h in Headers */,
- FE2B0B691FD227E00075DA5F /* JSCScrambledPtr.h in Headers */,
+ FE2B0B691FD227E00075DA5F /* JSCPoisonedPtr.h in Headers */,
A72028B81797601E0098028C /* JSCTestRunnerUtils.h in Headers */,
72AAF7CE1D0D31B3005E60BE /* JSCustomGetterSetterFunction.h in Headers */,
0F2B66EC17B6B5AB00A7AE3F /* JSDataView.h in Headers */,
@@ -9107,6 +9110,7 @@
E3C295DD1ED2CBDA00D3016F /* ObjectPropertyChangeAdaptiveWatchpoint.h in Headers */,
0FD3E40A1B618B6600C80E1E /* ObjectPropertyCondition.h in Headers */,
0FD3E40C1B618B6600C80E1E /* ObjectPropertyConditionSet.h in Headers */,
+ 0F4AE0431FE0D25700E20839 /* InferredValueInlines.h in Headers */,
BC18C4460E16F5CD00B34460 /* ObjectPrototype.h in Headers */,
E124A8F70E555775003091F1 /* OpaqueJSString.h in Headers */,
969A079B0ED1D3AE00F1F681 /* Opcode.h in Headers */,
Modified: trunk/Source/_javascript_Core/heap/Heap.cpp (225886 => 225887)
--- trunk/Source/_javascript_Core/heap/Heap.cpp 2017-12-14 01:07:23 UTC (rev 225886)
+++ trunk/Source/_javascript_Core/heap/Heap.cpp 2017-12-14 01:12:03 UTC (rev 225887)
@@ -41,6 +41,7 @@
#include "HeapVerifier.h"
#include "IncrementalSweeper.h"
#include "InferredTypeInlines.h"
+#include "InferredValueInlines.h"
#include "Interpreter.h"
#include "IsoCellSetInlines.h"
#include "JITStubRoutineSet.h"
@@ -565,6 +566,7 @@
void Heap::finalizeUnconditionalFinalizers()
{
finalizeUnconditionalFinalizers<InferredType>(vm()->inferredTypesWithFinalizers);
+ finalizeUnconditionalFinalizers<InferredValue>(vm()->inferredValuesWithFinalizers);
while (m_unconditionalFinalizers.hasNext()) {
UnconditionalFinalizer* finalizer = m_unconditionalFinalizers.removeNext();
Modified: trunk/Source/_javascript_Core/runtime/InferredValue.cpp (225886 => 225887)
--- trunk/Source/_javascript_Core/runtime/InferredValue.cpp 2017-12-14 01:07:23 UTC (rev 225886)
+++ trunk/Source/_javascript_Core/runtime/InferredValue.cpp 2017-12-14 01:12:03 UTC (rev 225887)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2015-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2017 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -26,6 +26,7 @@
#include "config.h"
#include "InferredValue.h"
+#include "IsoCellSetInlines.h"
#include "JSCInlines.h"
namespace JSC {
@@ -54,14 +55,6 @@
{
InferredValue* inferredValue = jsCast<InferredValue*>(cell);
- auto locker = holdLock(*inferredValue);
-
- if (inferredValue->m_set.hasBeenInvalidated()) {
- if (inferredValue->m_cleanup && !inferredValue->m_cleanup->isOnList())
- inferredValue->m_cleanup = nullptr;
- return;
- }
-
JSValue value = inferredValue->m_value.get();
if (!value)
return;
@@ -68,9 +61,7 @@
if (!value.isCell())
return;
- if (!inferredValue->m_cleanup)
- inferredValue->m_cleanup = std::make_unique<ValueCleanup>(inferredValue);
- visitor.addUnconditionalFinalizer(inferredValue->m_cleanup.get());
+ visitor.vm().inferredValuesWithFinalizers.add(inferredValue);
}
InferredValue::InferredValue(VM& vm)
@@ -112,28 +103,5 @@
notifyWriteSlow(vm, value, StringFireDetail(reason));
}
-InferredValue::ValueCleanup::ValueCleanup(InferredValue* owner)
- : m_owner(owner)
-{
-}
-
-InferredValue::ValueCleanup::~ValueCleanup()
-{
-}
-
-void InferredValue::ValueCleanup::finalizeUnconditionally()
-{
- JSValue value = m_owner->m_value.get();
-
- // Concurrent GC means that this could have changed since we installed the finalizer.
- if (!value || !value.isCell())
- return;
-
- if (Heap::isMarked(value.asCell()))
- return;
-
- m_owner->invalidate(*m_owner->vm(), StringFireDetail("InferredValue clean-up during GC"));
-}
-
} // namespace JSC
Modified: trunk/Source/_javascript_Core/runtime/InferredValue.h (225886 => 225887)
--- trunk/Source/_javascript_Core/runtime/InferredValue.h 2017-12-14 01:07:23 UTC (rev 225886)
+++ trunk/Source/_javascript_Core/runtime/InferredValue.h 2017-12-14 01:12:03 UTC (rev 225887)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2017 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -43,6 +43,12 @@
public:
typedef JSCell Base;
+ template<typename CellType>
+ static IsoSubspace* subspaceFor(VM& vm)
+ {
+ return &vm.inferredValueSpace;
+ }
+
static InferredValue* create(VM&);
static const bool needsDestruction = true;
@@ -95,23 +101,7 @@
static const unsigned StructureFlags = StructureIsImmortal | Base::StructureFlags;
- // We could have used Weak<>. But we want arbitrary JSValues, not just cells. It's also somewhat
- // convenient to have eager notification of death.
- //
- // Also note that this should be a private class, but it isn't because Windows.
- class ValueCleanup : public UnconditionalFinalizer {
- WTF_MAKE_FAST_ALLOCATED;
-
- public:
- ValueCleanup(InferredValue*);
- virtual ~ValueCleanup();
-
- protected:
- void finalizeUnconditionally() override;
-
- private:
- InferredValue* m_owner;
- };
+ void finalizeUnconditionally(VM&);
private:
InferredValue(VM&);
@@ -120,11 +110,8 @@
JS_EXPORT_PRIVATE void notifyWriteSlow(VM&, JSValue, const FireDetail&);
JS_EXPORT_PRIVATE void notifyWriteSlow(VM&, JSValue, const char* reason);
- friend class ValueCleanup;
-
InlineWatchpointSet m_set;
WriteBarrier<Unknown> m_value;
- std::unique_ptr<ValueCleanup> m_cleanup;
};
// FIXME: We could have an InlineInferredValue, which only allocates the InferredValue object when
Added: trunk/Source/_javascript_Core/runtime/InferredValueInlines.h (0 => 225887)
--- trunk/Source/_javascript_Core/runtime/InferredValueInlines.h (rev 0)
+++ trunk/Source/_javascript_Core/runtime/InferredValueInlines.h 2017-12-14 01:12:03 UTC (rev 225887)
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "InferredValue.h"
+
+namespace JSC {
+
+void InferredValue::finalizeUnconditionally(VM& vm)
+{
+ JSValue value = m_value.get();
+
+ if (value && value.isCell()) {
+ if (Heap::isMarked(value.asCell()))
+ return;
+
+ invalidate(vm, StringFireDetail("InferredValue clean-up during GC"));
+ }
+
+ vm.inferredValuesWithFinalizers.remove(this);
+}
+
+} // namespace JSC
+
Modified: trunk/Source/_javascript_Core/runtime/VM.cpp (225886 => 225887)
--- trunk/Source/_javascript_Core/runtime/VM.cpp 2017-12-14 01:07:23 UTC (rev 225886)
+++ trunk/Source/_javascript_Core/runtime/VM.cpp 2017-12-14 01:12:03 UTC (rev 225887)
@@ -61,6 +61,7 @@
#include "IncrementalSweeper.h"
#include "IndirectEvalExecutable.h"
#include "InferredTypeTable.h"
+#include "InferredValue.h"
#include "Interpreter.h"
#include "JITCode.h"
#include "JITWorklist.h"
@@ -208,6 +209,7 @@
, functionExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), FunctionExecutable)
, indirectEvalExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), IndirectEvalExecutable)
, inferredTypeSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), InferredType)
+ , inferredValueSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), InferredValue)
, moduleProgramExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), ModuleProgramExecutable)
, nativeExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), NativeExecutable)
, programExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), ProgramExecutable)
@@ -215,6 +217,7 @@
, structureRareDataSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), StructureRareData)
, structureSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), Structure)
, inferredTypesWithFinalizers(inferredTypeSpace)
+ , inferredValuesWithFinalizers(inferredValueSpace)
, vmType(vmType)
, clientData(0)
, topEntryFrame(nullptr)
Modified: trunk/Source/_javascript_Core/runtime/VM.h (225886 => 225887)
--- trunk/Source/_javascript_Core/runtime/VM.h 2017-12-14 01:07:23 UTC (rev 225886)
+++ trunk/Source/_javascript_Core/runtime/VM.h 2017-12-14 01:12:03 UTC (rev 225887)
@@ -342,6 +342,7 @@
IsoSubspace functionExecutableSpace;
IsoSubspace indirectEvalExecutableSpace;
IsoSubspace inferredTypeSpace;
+ IsoSubspace inferredValueSpace;
IsoSubspace moduleProgramExecutableSpace;
IsoSubspace nativeExecutableSpace;
IsoSubspace programExecutableSpace;
@@ -350,6 +351,7 @@
IsoSubspace structureSpace;
IsoCellSet inferredTypesWithFinalizers;
+ IsoCellSet inferredValuesWithFinalizers;
VMType vmType;
ClientData* clientData;
