Diff
Modified: trunk/Source/_javascript_Core/CMakeLists.txt (230225 => 230226)
--- trunk/Source/_javascript_Core/CMakeLists.txt 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/CMakeLists.txt 2018-04-03 23:52:09 UTC (rev 230226)
@@ -546,8 +546,6 @@
heap/MutatorState.h
heap/RegisterState.h
heap/RunningScope.h
- heap/SecurityKind.h
- heap/SecurityOriginToken.h
heap/SimpleMarkingConstraint.h
heap/SlotVisitor.h
heap/SlotVisitorInlines.h
Modified: trunk/Source/_javascript_Core/ChangeLog (230225 => 230226)
--- trunk/Source/_javascript_Core/ChangeLog 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/ChangeLog 2018-04-03 23:52:09 UTC (rev 230226)
@@ -1,3 +1,58 @@
+2018-04-03 Filip Pizlo <fpi...@apple.com>
+
+ GC shouldn't do object distancing
+ https://bugs.webkit.org/show_bug.cgi?id=184195
+
+ Reviewed by Saam Barati.
+
+ This rolls out SecurityKind/SecurityOriginToken, but keeps the TLC infrastructure. It seems
+ to be a small speed-up.
+
+ * CMakeLists.txt:
+ * _javascript_Core.xcodeproj/project.pbxproj:
+ * Sources.txt:
+ * heap/BlockDirectory.cpp:
+ (JSC::BlockDirectory::findBlockForAllocation):
+ (JSC::BlockDirectory::addBlock):
+ * heap/BlockDirectory.h:
+ * heap/CellAttributes.cpp:
+ (JSC::CellAttributes::dump const):
+ * heap/CellAttributes.h:
+ (JSC::CellAttributes::CellAttributes):
+ * heap/LocalAllocator.cpp:
+ (JSC::LocalAllocator::allocateSlowCase):
+ (JSC::LocalAllocator::tryAllocateWithoutCollecting):
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::Handle::didAddToDirectory):
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::Handle::securityOriginToken const): Deleted.
+ * heap/SecurityKind.cpp: Removed.
+ * heap/SecurityKind.h: Removed.
+ * heap/SecurityOriginToken.cpp: Removed.
+ * heap/SecurityOriginToken.h: Removed.
+ * heap/ThreadLocalCache.cpp:
+ (JSC::ThreadLocalCache::create):
+ (JSC::ThreadLocalCache::ThreadLocalCache):
+ * heap/ThreadLocalCache.h:
+ (JSC::ThreadLocalCache::securityOriginToken const): Deleted.
+ * runtime/JSDestructibleObjectHeapCellType.cpp:
+ (JSC::JSDestructibleObjectHeapCellType::JSDestructibleObjectHeapCellType):
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::JSGlobalObject):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::threadLocalCache const): Deleted.
+ * runtime/JSSegmentedVariableObjectHeapCellType.cpp:
+ (JSC::JSSegmentedVariableObjectHeapCellType::JSSegmentedVariableObjectHeapCellType):
+ * runtime/JSStringHeapCellType.cpp:
+ (JSC::JSStringHeapCellType::JSStringHeapCellType):
+ * runtime/VM.cpp:
+ (JSC::VM::VM):
+ * runtime/VM.h:
+ * runtime/VMEntryScope.cpp:
+ (JSC::VMEntryScope::VMEntryScope):
+ * wasm/js/JSWebAssemblyCodeBlockHeapCellType.cpp:
+ (JSC::JSWebAssemblyCodeBlockHeapCellType::JSWebAssemblyCodeBlockHeapCellType):
+
2018-04-02 Saam Barati <sbar...@apple.com>
bmalloc should compute its own estimate of its footprint
Modified: trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj (230225 => 230226)
--- trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj 2018-04-03 23:52:09 UTC (rev 230226)
@@ -296,7 +296,6 @@
0F426A481460CBB300131F8F /* ValueRecovery.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F426A451460CBAB00131F8F /* ValueRecovery.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F426A491460CBB700131F8F /* VirtualRegister.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F426A461460CBAB00131F8F /* VirtualRegister.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F426A4B1460CD6E00131F8F /* DataFormat.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F426A4A1460CD6B00131F8F /* DataFormat.h */; settings = {ATTRIBUTES = (Private, ); }; };
- 0F42B3C3201EC9FF00357031 /* SecurityOriginToken.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F42B3C2201EC9FD00357031 /* SecurityOriginToken.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F431738146BAC69007E3890 /* ListableHandler.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F431736146BAC65007E3890 /* ListableHandler.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F4570391BE44C910062A629 /* AirEliminateDeadCode.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4570371BE44C910062A629 /* AirEliminateDeadCode.h */; };
0F45703D1BE45F0A0062A629 /* AirReportUsedRegisters.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F45703B1BE45F0A0062A629 /* AirReportUsedRegisters.h */; };
@@ -336,7 +335,6 @@
0F5A6284188C98D40072C9DF /* FTLValueRange.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5A6282188C98D40072C9DF /* FTLValueRange.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F5AE2C41DF4F2800066EFE1 /* VMInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = FE90BB3A1B7CF64E006B3F03 /* VMInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F5B4A331C84F0D600F1B17E /* SlowPathReturnType.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5B4A321C84F0D600F1B17E /* SlowPathReturnType.h */; settings = {ATTRIBUTES = (Private, ); }; };
- 0F5B6ED32036796B007AABF3 /* SecurityKind.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5B6ED120367968007AABF3 /* SecurityKind.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F5BF1641F2317120029D91D /* B3HoistLoopInvariantValues.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5BF1621F2317120029D91D /* B3HoistLoopInvariantValues.h */; };
0F5BF1671F23A0980029D91D /* B3BackwardsCFG.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5BF1661F23A0980029D91D /* B3BackwardsCFG.h */; };
0F5BF1691F23A0AA0029D91D /* B3NaturalLoops.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5BF1681F23A0AA0029D91D /* B3NaturalLoops.h */; };
@@ -2270,7 +2268,6 @@
0F426A461460CBAB00131F8F /* VirtualRegister.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = VirtualRegister.h; sourceTree = "<group>"; };
0F426A4A1460CD6B00131F8F /* DataFormat.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DataFormat.h; sourceTree = "<group>"; };
0F42B3C0201EB50900357031 /* Allocator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Allocator.cpp; sourceTree = "<group>"; };
- 0F42B3C2201EC9FD00357031 /* SecurityOriginToken.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecurityOriginToken.h; sourceTree = "<group>"; };
0F431736146BAC65007E3890 /* ListableHandler.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ListableHandler.h; sourceTree = "<group>"; };
0F4570361BE44C910062A629 /* AirEliminateDeadCode.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = AirEliminateDeadCode.cpp; path = b3/air/AirEliminateDeadCode.cpp; sourceTree = "<group>"; };
0F4570371BE44C910062A629 /* AirEliminateDeadCode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AirEliminateDeadCode.h; path = b3/air/AirEliminateDeadCode.h; sourceTree = "<group>"; };
@@ -2338,9 +2335,6 @@
0F5A6281188C98D40072C9DF /* FTLValueRange.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLValueRange.cpp; path = ftl/FTLValueRange.cpp; sourceTree = "<group>"; };
0F5A6282188C98D40072C9DF /* FTLValueRange.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLValueRange.h; path = ftl/FTLValueRange.h; sourceTree = "<group>"; };
0F5B4A321C84F0D600F1B17E /* SlowPathReturnType.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SlowPathReturnType.h; sourceTree = "<group>"; };
- 0F5B6ED120367968007AABF3 /* SecurityKind.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecurityKind.h; sourceTree = "<group>"; };
- 0F5B6ED220367968007AABF3 /* SecurityKind.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecurityKind.cpp; sourceTree = "<group>"; };
- 0F5B6ED42036799A007AABF3 /* SecurityOriginToken.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecurityOriginToken.cpp; sourceTree = "<group>"; };
0F5BF1611F2317120029D91D /* B3HoistLoopInvariantValues.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; name = B3HoistLoopInvariantValues.cpp; path = b3/B3HoistLoopInvariantValues.cpp; sourceTree = "<group>"; };
0F5BF1621F2317120029D91D /* B3HoistLoopInvariantValues.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = B3HoistLoopInvariantValues.h; path = b3/B3HoistLoopInvariantValues.h; sourceTree = "<group>"; };
0F5BF1661F23A0980029D91D /* B3BackwardsCFG.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = B3BackwardsCFG.h; path = b3/B3BackwardsCFG.h; sourceTree = "<group>"; };
@@ -5736,10 +5730,6 @@
0FD0E5EF1E46BF230006AB08 /* RegisterState.h */,
0F7CF94E1DBEEE860098CC12 /* ReleaseHeapAccessScope.h */,
0F2C63A91E4FA42C00C13839 /* RunningScope.h */,
- 0F5B6ED220367968007AABF3 /* SecurityKind.cpp */,
- 0F5B6ED120367968007AABF3 /* SecurityKind.h */,
- 0F5B6ED42036799A007AABF3 /* SecurityOriginToken.cpp */,
- 0F42B3C2201EC9FD00357031 /* SecurityOriginToken.h */,
0F4D8C761FCA3CF2001D32AC /* SimpleMarkingConstraint.cpp */,
0F4D8C771FCA3CF3001D32AC /* SimpleMarkingConstraint.h */,
C225494215F7DBAA0065E898 /* SlotVisitor.cpp */,
@@ -9357,8 +9347,6 @@
A54CF2FA184EAEDA00237F19 /* ScriptObject.h in Headers */,
A55165D51BDF135A003B75C1 /* ScriptProfilingScope.h in Headers */,
A54CF2F6184EAB2400237F19 /* ScriptValue.h in Headers */,
- 0F5B6ED32036796B007AABF3 /* SecurityKind.h in Headers */,
- 0F42B3C3201EC9FF00357031 /* SecurityOriginToken.h in Headers */,
A7299DA617D12858005F5FF9 /* SetConstructor.h in Headers */,
A790DD6E182F499700588807 /* SetIteratorPrototype.h in Headers */,
A7299DA217D12848005F5FF9 /* SetPrototype.h in Headers */,
Modified: trunk/Source/_javascript_Core/Sources.txt (230225 => 230226)
--- trunk/Source/_javascript_Core/Sources.txt 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/Sources.txt 2018-04-03 23:52:09 UTC (rev 230226)
@@ -514,8 +514,6 @@
heap/MarkingConstraintSolver.cpp
heap/MutatorScheduler.cpp
heap/MutatorState.cpp
-heap/SecurityKind.cpp
-heap/SecurityOriginToken.cpp
heap/SimpleMarkingConstraint.cpp
heap/SlotVisitor.cpp
heap/SpaceTimeMutatorScheduler.cpp
Modified: trunk/Source/_javascript_Core/heap/BlockDirectory.cpp (230225 => 230226)
--- trunk/Source/_javascript_Core/heap/BlockDirectory.cpp 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/heap/BlockDirectory.cpp 2018-04-03 23:52:09 UTC (rev 230226)
@@ -89,10 +89,8 @@
size_t blockIndex = allocator.m_allocationCursor++;
MarkedBlock::Handle* result = m_blocks[blockIndex];
- if (result->securityOriginToken() == allocator.tlc()->securityOriginToken()) {
- setIsCanAllocateButNotEmpty(NoLockingNecessary, blockIndex, false);
- return result;
- }
+ setIsCanAllocateButNotEmpty(NoLockingNecessary, blockIndex, false);
+ return result;
}
}
@@ -109,7 +107,7 @@
return handle;
}
-void BlockDirectory::addBlock(MarkedBlock::Handle* block, SecurityOriginToken securityOriginToken)
+void BlockDirectory::addBlock(MarkedBlock::Handle* block)
{
size_t index;
if (m_freeBlockIndices.isEmpty()) {
@@ -147,7 +145,7 @@
});
// This is the point at which the block learns of its cellSize() and attributes().
- block->didAddToDirectory(this, index, securityOriginToken);
+ block->didAddToDirectory(this, index);
setIsLive(NoLockingNecessary, index, true);
setIsEmpty(NoLockingNecessary, index, true);
Modified: trunk/Source/_javascript_Core/heap/BlockDirectory.h (230225 => 230226)
--- trunk/Source/_javascript_Core/heap/BlockDirectory.h 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/heap/BlockDirectory.h 2018-04-03 23:52:09 UTC (rev 230226)
@@ -110,7 +110,7 @@
RefPtr<SharedTask<MarkedBlock::Handle*()>> parallelNotEmptyBlockSource();
- void addBlock(MarkedBlock::Handle*, SecurityOriginToken);
+ void addBlock(MarkedBlock::Handle*);
void removeBlock(MarkedBlock::Handle*);
bool isPagedOut(MonotonicTime deadline);
Modified: trunk/Source/_javascript_Core/heap/CellAttributes.cpp (230225 => 230226)
--- trunk/Source/_javascript_Core/heap/CellAttributes.cpp 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/heap/CellAttributes.cpp 2018-04-03 23:52:09 UTC (rev 230226)
@@ -32,7 +32,7 @@
void CellAttributes::dump(PrintStream& out) const
{
- out.print("{", destruction, ", ", cellKind, ", ", securityKind, "}");
+ out.print("{", destruction, ", ", cellKind, "}");
}
} // namespace JSC
Modified: trunk/Source/_javascript_Core/heap/CellAttributes.h (230225 => 230226)
--- trunk/Source/_javascript_Core/heap/CellAttributes.h 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/heap/CellAttributes.h 2018-04-03 23:52:09 UTC (rev 230226)
@@ -27,7 +27,6 @@
#include "DestructionMode.h"
#include "HeapCell.h"
-#include "SecurityKind.h"
#include <wtf/PrintStream.h>
namespace JSC {
@@ -35,10 +34,9 @@
struct CellAttributes {
CellAttributes() { }
- CellAttributes(DestructionMode destruction, HeapCell::Kind cellKind, SecurityKind securityKind)
+ CellAttributes(DestructionMode destruction, HeapCell::Kind cellKind)
: destruction(destruction)
, cellKind(cellKind)
- , securityKind(securityKind)
{
}
@@ -46,7 +44,6 @@
DestructionMode destruction { DoesNotNeedDestruction };
HeapCell::Kind cellKind { HeapCell::JSCell };
- SecurityKind securityKind { SecurityKind::DangerousBits };
};
} // namespace JSC
Modified: trunk/Source/_javascript_Core/heap/LocalAllocator.cpp (230225 => 230226)
--- trunk/Source/_javascript_Core/heap/LocalAllocator.cpp 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/heap/LocalAllocator.cpp 2018-04-03 23:52:09 UTC (rev 230226)
@@ -177,7 +177,7 @@
else
return nullptr;
}
- m_directory->addBlock(block, m_tlc->securityOriginToken());
+ m_directory->addBlock(block);
result = allocateIn(block);
ASSERT(result);
return result;
@@ -233,7 +233,7 @@
// because there is a remote chance that a block may have both canAllocateButNotEmpty
// and empty set at the same time.
block->removeFromDirectory();
- m_directory->addBlock(block, m_tlc->securityOriginToken());
+ m_directory->addBlock(block);
return allocateIn(block);
}
}
Modified: trunk/Source/_javascript_Core/heap/MarkedBlock.cpp (230225 => 230226)
--- trunk/Source/_javascript_Core/heap/MarkedBlock.cpp 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/heap/MarkedBlock.cpp 2018-04-03 23:52:09 UTC (rev 230226)
@@ -334,7 +334,7 @@
m_directory->removeBlock(this);
}
-void MarkedBlock::Handle::didAddToDirectory(BlockDirectory* directory, size_t index, SecurityOriginToken securityOriginToken)
+void MarkedBlock::Handle::didAddToDirectory(BlockDirectory* directory, size_t index)
{
ASSERT(m_index == std::numeric_limits<size_t>::max());
ASSERT(!m_directory);
@@ -349,20 +349,7 @@
m_atomsPerCell = (cellSize + atomSize - 1) / atomSize;
m_endAtom = endAtom - m_atomsPerCell + 1;
- if (directory->attributes().securityKind == SecurityKind::JSValueOOB) {
- // If we are going to be used for JSValueOOB allocations, then we may need to zero the block.
- // We don't have to zero it if it was already used for JSValues in the same security origin.
- // It's tempting to say that this means that we don't have to zero it if it's coming from
- // JSValueStrict, but since JSValueStrict doesn't zero when converting from DangerousBits, that
- // would not be sound.
-
- if (m_attributes.securityKind != SecurityKind::JSValueOOB
- || m_securityOriginToken != securityOriginToken)
- memset(&block(), 0, m_endAtom * atomSize);
- }
-
m_attributes = directory->attributes();
- m_securityOriginToken = securityOriginToken;
if (m_attributes.cellKind != HeapCell::JSCell)
RELEASE_ASSERT(m_attributes.destruction == DoesNotNeedDestruction);
Modified: trunk/Source/_javascript_Core/heap/MarkedBlock.h (230225 => 230226)
--- trunk/Source/_javascript_Core/heap/MarkedBlock.h 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/heap/MarkedBlock.h 2018-04-03 23:52:09 UTC (rev 230226)
@@ -25,7 +25,6 @@
#include "DestructionMode.h"
#include "HeapCell.h"
#include "IterationStatus.h"
-#include "SecurityOriginToken.h"
#include "WeakSet.h"
#include <wtf/Atomics.h>
#include <wtf/Bitmap.h>
@@ -190,13 +189,11 @@
void removeFromDirectory();
- void didAddToDirectory(BlockDirectory*, size_t index, SecurityOriginToken);
+ void didAddToDirectory(BlockDirectory*, size_t index);
void didRemoveFromDirectory();
void dumpState(PrintStream&);
- SecurityOriginToken securityOriginToken() const { return m_securityOriginToken; }
-
private:
Handle(Heap&, AlignedMemoryAllocator*, void*);
@@ -232,8 +229,6 @@
WeakSet m_weakSet;
MarkedBlock* m_block { nullptr };
-
- SecurityOriginToken m_securityOriginToken { 0 };
};
private:
Deleted: trunk/Source/_javascript_Core/heap/SecurityKind.cpp (230225 => 230226)
--- trunk/Source/_javascript_Core/heap/SecurityKind.cpp 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/heap/SecurityKind.cpp 2018-04-03 23:52:09 UTC (rev 230226)
@@ -1,51 +0,0 @@
-/*
- * Copyright (C) 2018 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "SecurityKind.h"
-
-#include <wtf/Assertions.h>
-#include <wtf/PrintStream.h>
-
-namespace WTF {
-
-void printInternal(PrintStream& out, JSC::SecurityKind securityKind)
-{
- switch (securityKind) {
- case JSC::SecurityKind::JSValueOOB:
- out.print("JSValueOOB");
- return;
- case JSC::SecurityKind::JSValueStrict:
- out.print("JSValueStrict");
- return;
- case JSC::SecurityKind::DangerousBits:
- out.print("DangerousBits");
- return;
- }
- RELEASE_ASSERT_NOT_REACHED();
-}
-
-} // namespace WTF
-
Deleted: trunk/Source/_javascript_Core/heap/SecurityKind.h (230225 => 230226)
--- trunk/Source/_javascript_Core/heap/SecurityKind.h 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/heap/SecurityKind.h 2018-04-03 23:52:09 UTC (rev 230226)
@@ -1,73 +0,0 @@
-/*
- * Copyright (C) 2018 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#pragma once
-
-namespace JSC {
-
-// NOTE: SecurityKind is for distancing. But caging implies distancing. So, things that have their own
-// cages (like typed arrays) don't need to worry about the security kind.
-enum class SecurityKind : uint8_t {
- // The JSValueOOB security kind is for cells that contain JValues and can be accessed out-of-bounds
- // up to minimumDistanceBetweenCellsFromDifferentOrigins.
- //
- // JSValues can reference cells in JSValueOOB. Therefore, JSValues can only reference cells in
- // JSValueOOB - otherwise a Spectre OOB attack would be able to violate the rules of JSValueStrict
- // and DangerousBits.
- //
- // The OOB space is the space that depends on the heap's distancing to do OOB protection.
- JSValueOOB,
-
- // The JSValueStrict security kind is for cells that contain JSValues but cannot be accessed
- // out-of-bounds. Currently, it's not essential to keep this separate from DangerousBits. We're
- // using this to get some wiggle room for how we handle array elements. For example, we might want
- // to allow OOB reads but not OOB writes, since JSValueStrict contains only JSValues and length fields.
- // Using Spectre to read the length fields is not useful for attackers since they can read them anyway.
- // So, they will only want to write to length fields, in order to confuse a subsequent bounds check.
- // They can do that within a speculation window. However, we currently use precise index masking for
- // this.
- //
- // It's illegal to use this for any subclass of JSObject, JSString, or Symbol, or any other cell
- // that could be referenced from a JSValue. You must use poisoned pointers to point at these cells.
- JSValueStrict,
-
- // The DangerousBits security kind is for cells that contain values that could be usefully type-
- // confused with JSValue.
- //
- // It's illegal to use this for any subclass of JSObject, JSString, or Symbol, or any other cell
- // that could be referenced from a JSValue. You must use poisoned pointers to point at these cells.
- DangerousBits
-};
-
-} // namespace JSC
-
-namespace WTF {
-
-class PrintStream;
-
-void printInternal(PrintStream&, JSC::SecurityKind);
-
-} // namespace WTF
-
Deleted: trunk/Source/_javascript_Core/heap/SecurityOriginToken.cpp (230225 => 230226)
--- trunk/Source/_javascript_Core/heap/SecurityOriginToken.cpp 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/heap/SecurityOriginToken.cpp 2018-04-03 23:52:09 UTC (rev 230226)
@@ -1,40 +0,0 @@
-/*
- * Copyright (C) 2018 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "SecurityOriginToken.h"
-
-#include <wtf/Atomics.h>
-
-namespace JSC {
-
-SecurityOriginToken uniqueSecurityOriginToken()
-{
- static SecurityOriginToken counter;
- return WTF::atomicExchangeAdd(&counter, 1) + 1;
-}
-
-} // namespace JSC
-
Deleted: trunk/Source/_javascript_Core/heap/SecurityOriginToken.h (230225 => 230226)
--- trunk/Source/_javascript_Core/heap/SecurityOriginToken.h 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/heap/SecurityOriginToken.h 2018-04-03 23:52:09 UTC (rev 230226)
@@ -1,35 +0,0 @@
-/*
- * Copyright (C) 2018 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#pragma once
-
-namespace JSC {
-
-typedef uint64_t SecurityOriginToken;
-
-JS_EXPORT_PRIVATE SecurityOriginToken uniqueSecurityOriginToken();
-
-} // namespace JSC
-
Modified: trunk/Source/_javascript_Core/heap/ThreadLocalCache.cpp (230225 => 230226)
--- trunk/Source/_javascript_Core/heap/ThreadLocalCache.cpp 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/heap/ThreadLocalCache.cpp 2018-04-03 23:52:09 UTC (rev 230226)
@@ -32,14 +32,13 @@
namespace JSC {
-RefPtr<ThreadLocalCache> ThreadLocalCache::create(Heap& heap, SecurityOriginToken securityOriginToken)
+RefPtr<ThreadLocalCache> ThreadLocalCache::create(Heap& heap)
{
- return adoptRef(new ThreadLocalCache(heap, securityOriginToken));
+ return adoptRef(new ThreadLocalCache(heap));
}
-ThreadLocalCache::ThreadLocalCache(Heap& heap, SecurityOriginToken securityOriginToken)
+ThreadLocalCache::ThreadLocalCache(Heap& heap)
: m_heap(heap)
- , m_securityOriginToken(securityOriginToken)
{
m_data = allocateData();
}
Modified: trunk/Source/_javascript_Core/heap/ThreadLocalCache.h (230225 => 230226)
--- trunk/Source/_javascript_Core/heap/ThreadLocalCache.h 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/heap/ThreadLocalCache.h 2018-04-03 23:52:09 UTC (rev 230226)
@@ -27,7 +27,6 @@
#include "AllocationFailureMode.h"
#include "LocalAllocator.h"
-#include "SecurityOriginToken.h"
#include <wtf/FastMalloc.h>
#include <wtf/FastTLS.h>
#include <wtf/ThreadSafeRefCounted.h>
@@ -43,7 +42,7 @@
WTF_MAKE_FAST_ALLOCATED;
public:
- JS_EXPORT_PRIVATE static RefPtr<ThreadLocalCache> create(Heap&, SecurityOriginToken = uniqueSecurityOriginToken());
+ JS_EXPORT_PRIVATE static RefPtr<ThreadLocalCache> create(Heap&);
JS_EXPORT_PRIVATE virtual ~ThreadLocalCache();
@@ -63,10 +62,8 @@
static ptrdiff_t offsetOfSizeInData() { return OBJECT_OFFSETOF(Data, size); }
static ptrdiff_t offsetOfFirstAllocatorInData() { return OBJECT_OFFSETOF(Data, allocator); }
- SecurityOriginToken securityOriginToken() const { return m_securityOriginToken; }
-
protected:
- JS_EXPORT_PRIVATE ThreadLocalCache(Heap&, SecurityOriginToken);
+ JS_EXPORT_PRIVATE ThreadLocalCache(Heap&);
private:
friend class VM;
@@ -99,8 +96,6 @@
Heap& m_heap;
Data* m_data { nullptr };
- SecurityOriginToken m_securityOriginToken;
-
#if USE(FAST_TLS_FOR_TLC)
static const pthread_key_t tlsKey = WTF_GC_TLC_KEY;
#endif
Modified: trunk/Source/_javascript_Core/runtime/JSDestructibleObjectHeapCellType.cpp (230225 => 230226)
--- trunk/Source/_javascript_Core/runtime/JSDestructibleObjectHeapCellType.cpp 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/runtime/JSDestructibleObjectHeapCellType.cpp 2018-04-03 23:52:09 UTC (rev 230226)
@@ -39,7 +39,7 @@
};
JSDestructibleObjectHeapCellType::JSDestructibleObjectHeapCellType()
- : HeapCellType(CellAttributes(NeedsDestruction, HeapCell::JSCell, SecurityKind::JSValueOOB))
+ : HeapCellType(CellAttributes(NeedsDestruction, HeapCell::JSCell))
{
}
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp (230225 => 230226)
--- trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2018-04-03 23:52:09 UTC (rev 230226)
@@ -339,7 +339,7 @@
return JSValue::encode(jsUndefined());
}
-JSGlobalObject::JSGlobalObject(VM& vm, Structure* structure, const GlobalObjectMethodTable* globalObjectMethodTable, RefPtr<ThreadLocalCache> threadLocalCache)
+JSGlobalObject::JSGlobalObject(VM& vm, Structure* structure, const GlobalObjectMethodTable* globalObjectMethodTable)
: Base(vm, structure, 0)
, m_vm(vm)
, m_masqueradesAsUndefinedWatchpoint(adoptRef(new WatchpointSet(IsWatched)))
@@ -356,7 +356,6 @@
, m_numberToStringWatchpoint(IsWatched)
, m_runtimeFlags()
, m_globalObjectMethodTable(globalObjectMethodTable ? globalObjectMethodTable : &s_globalObjectMethodTable)
- , m_threadLocalCache(threadLocalCache ? WTFMove(threadLocalCache) : vm.defaultThreadLocalCache)
{
}
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObject.h (230225 => 230226)
--- trunk/Source/_javascript_Core/runtime/JSGlobalObject.h 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalObject.h 2018-04-03 23:52:09 UTC (rev 230226)
@@ -496,7 +496,7 @@
const RuntimeFlags& runtimeFlags() const { return m_runtimeFlags; }
protected:
- JS_EXPORT_PRIVATE explicit JSGlobalObject(VM&, Structure*, const GlobalObjectMethodTable* = nullptr, RefPtr<ThreadLocalCache> = nullptr);
+ JS_EXPORT_PRIVATE explicit JSGlobalObject(VM&, Structure*, const GlobalObjectMethodTable* = nullptr);
JS_EXPORT_PRIVATE void finishCreation(VM&);
@@ -905,8 +905,6 @@
void setWrapperMap(std::unique_ptr<WrapperMap>&&);
#endif
- ThreadLocalCache& threadLocalCache() const { return *m_threadLocalCache.get(); }
-
protected:
struct GlobalPropertyInfo {
GlobalPropertyInfo(const Identifier& i, JSValue v, unsigned a)
@@ -940,7 +938,6 @@
#ifdef JSC_GLIB_API_ENABLED
std::unique_ptr<WrapperMap> m_wrapperMap;
#endif
- RefPtr<ThreadLocalCache> m_threadLocalCache;
};
inline JSArray* constructEmptyArray(ExecState* exec, ArrayAllocationProfile* profile, JSGlobalObject* globalObject, unsigned initialLength = 0, JSValue newTarget = JSValue())
Modified: trunk/Source/_javascript_Core/runtime/JSSegmentedVariableObjectHeapCellType.cpp (230225 => 230226)
--- trunk/Source/_javascript_Core/runtime/JSSegmentedVariableObjectHeapCellType.cpp 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/runtime/JSSegmentedVariableObjectHeapCellType.cpp 2018-04-03 23:52:09 UTC (rev 230226)
@@ -39,7 +39,7 @@
};
JSSegmentedVariableObjectHeapCellType::JSSegmentedVariableObjectHeapCellType()
- : HeapCellType(CellAttributes(NeedsDestruction, HeapCell::JSCell, SecurityKind::JSValueOOB))
+ : HeapCellType(CellAttributes(NeedsDestruction, HeapCell::JSCell))
{
}
Modified: trunk/Source/_javascript_Core/runtime/JSStringHeapCellType.cpp (230225 => 230226)
--- trunk/Source/_javascript_Core/runtime/JSStringHeapCellType.cpp 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/runtime/JSStringHeapCellType.cpp 2018-04-03 23:52:09 UTC (rev 230226)
@@ -39,7 +39,7 @@
};
JSStringHeapCellType::JSStringHeapCellType()
- : HeapCellType(CellAttributes(NeedsDestruction, HeapCell::JSCell, SecurityKind::JSValueOOB))
+ : HeapCellType(CellAttributes(NeedsDestruction, HeapCell::JSCell))
{
}
Modified: trunk/Source/_javascript_Core/runtime/VM.cpp (230225 => 230226)
--- trunk/Source/_javascript_Core/runtime/VM.cpp 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/runtime/VM.cpp 2018-04-03 23:52:09 UTC (rev 230226)
@@ -233,11 +233,10 @@
, fastMallocAllocator(std::make_unique<FastMallocAlignedMemoryAllocator>())
, primitiveGigacageAllocator(std::make_unique<GigacageAlignedMemoryAllocator>(Gigacage::Primitive))
, jsValueGigacageAllocator(std::make_unique<GigacageAlignedMemoryAllocator>(Gigacage::JSValue))
- , auxiliaryJSValueStrictHeapCellType(std::make_unique<HeapCellType>(CellAttributes(DoesNotNeedDestruction, HeapCell::Auxiliary, SecurityKind::JSValueStrict)))
- , auxiliaryDangerousBitsHeapCellType(std::make_unique<HeapCellType>(CellAttributes(DoesNotNeedDestruction, HeapCell::Auxiliary, SecurityKind::DangerousBits)))
- , cellJSValueOOBHeapCellType(std::make_unique<HeapCellType>(CellAttributes(DoesNotNeedDestruction, HeapCell::JSCell, SecurityKind::JSValueOOB)))
- , cellDangerousBitsHeapCellType(std::make_unique<HeapCellType>(CellAttributes(DoesNotNeedDestruction, HeapCell::JSCell, SecurityKind::JSValueOOB)))
- , destructibleCellHeapCellType(std::make_unique<HeapCellType>(CellAttributes(NeedsDestruction, HeapCell::JSCell, SecurityKind::DangerousBits)))
+ , auxiliaryHeapCellType(std::make_unique<HeapCellType>(CellAttributes(DoesNotNeedDestruction, HeapCell::Auxiliary)))
+ , cellJSValueOOBHeapCellType(std::make_unique<HeapCellType>(CellAttributes(DoesNotNeedDestruction, HeapCell::JSCell)))
+ , cellDangerousBitsHeapCellType(std::make_unique<HeapCellType>(CellAttributes(DoesNotNeedDestruction, HeapCell::JSCell)))
+ , destructibleCellHeapCellType(std::make_unique<HeapCellType>(CellAttributes(NeedsDestruction, HeapCell::JSCell)))
, stringHeapCellType(std::make_unique<JSStringHeapCellType>())
, destructibleObjectHeapCellType(std::make_unique<JSDestructibleObjectHeapCellType>())
, segmentedVariableObjectHeapCellType(std::make_unique<JSSegmentedVariableObjectHeapCellType>())
@@ -244,8 +243,8 @@
#if ENABLE(WEBASSEMBLY)
, webAssemblyCodeBlockHeapCellType(std::make_unique<JSWebAssemblyCodeBlockHeapCellType>())
#endif
- , primitiveGigacageAuxiliarySpace("Primitive Gigacage Auxiliary", heap, auxiliaryDangerousBitsHeapCellType.get(), primitiveGigacageAllocator.get())
- , jsValueGigacageAuxiliarySpace("JSValue Gigacage Auxiliary", heap, auxiliaryJSValueStrictHeapCellType.get(), jsValueGigacageAllocator.get())
+ , primitiveGigacageAuxiliarySpace("Primitive Gigacage Auxiliary", heap, auxiliaryHeapCellType.get(), primitiveGigacageAllocator.get())
+ , jsValueGigacageAuxiliarySpace("JSValue Gigacage Auxiliary", heap, auxiliaryHeapCellType.get(), jsValueGigacageAllocator.get())
, cellJSValueOOBSpace("JSCell JSValueOOB", heap, cellJSValueOOBHeapCellType.get(), fastMallocAllocator.get())
, cellDangerousBitsSpace("JSCell DangerousBits", heap, cellDangerousBitsHeapCellType.get(), fastMallocAllocator.get())
, jsValueGigacageCellSpace("JSValue Gigacage JSCell", heap, cellJSValueOOBHeapCellType.get(), jsValueGigacageAllocator.get())
Modified: trunk/Source/_javascript_Core/runtime/VM.h (230225 => 230226)
--- trunk/Source/_javascript_Core/runtime/VM.h 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/runtime/VM.h 2018-04-03 23:52:09 UTC (rev 230226)
@@ -293,8 +293,7 @@
std::unique_ptr<GigacageAlignedMemoryAllocator> primitiveGigacageAllocator;
std::unique_ptr<GigacageAlignedMemoryAllocator> jsValueGigacageAllocator;
- std::unique_ptr<HeapCellType> auxiliaryJSValueStrictHeapCellType;
- std::unique_ptr<HeapCellType> auxiliaryDangerousBitsHeapCellType;
+ std::unique_ptr<HeapCellType> auxiliaryHeapCellType;
std::unique_ptr<HeapCellType> cellJSValueOOBHeapCellType;
std::unique_ptr<HeapCellType> cellDangerousBitsHeapCellType;
std::unique_ptr<HeapCellType> destructibleCellHeapCellType;
Modified: trunk/Source/_javascript_Core/runtime/VMEntryScope.cpp (230225 => 230226)
--- trunk/Source/_javascript_Core/runtime/VMEntryScope.cpp 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/runtime/VMEntryScope.cpp 2018-04-03 23:52:09 UTC (rev 230226)
@@ -30,7 +30,6 @@
#include "JSGlobalObject.h"
#include "Options.h"
#include "SamplingProfiler.h"
-#include "ThreadLocalCacheInlines.h"
#include "VM.h"
#include "Watchdog.h"
#include <wtf/StackBounds.h>
@@ -42,7 +41,6 @@
: m_vm(vm)
, m_globalObject(globalObject)
{
- globalObject->threadLocalCache().install(vm, &m_previousTLC);
ASSERT(!DisallowVMReentry::isInEffectOnCurrentThread());
ASSERT(Thread::current().stack().isGrowingDownward());
if (!vm.entryScope) {
Modified: trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyCodeBlockHeapCellType.cpp (230225 => 230226)
--- trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyCodeBlockHeapCellType.cpp 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyCodeBlockHeapCellType.cpp 2018-04-03 23:52:09 UTC (rev 230226)
@@ -43,7 +43,7 @@
};
JSWebAssemblyCodeBlockHeapCellType::JSWebAssemblyCodeBlockHeapCellType()
- : HeapCellType(CellAttributes(NeedsDestruction, HeapCell::JSCell, SecurityKind::DangerousBits))
+ : HeapCellType(CellAttributes(NeedsDestruction, HeapCell::JSCell))
{
}
Modified: trunk/Source/WebCore/ChangeLog (230225 => 230226)
--- trunk/Source/WebCore/ChangeLog 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/WebCore/ChangeLog 2018-04-03 23:52:09 UTC (rev 230226)
@@ -1,3 +1,25 @@
+2018-04-03 Filip Pizlo <fpi...@apple.com>
+
+ GC shouldn't do object distancing
+ https://bugs.webkit.org/show_bug.cgi?id=184195
+
+ Reviewed by Saam Barati.
+
+ No new tests because no change in behavior.
+
+ * Sources.txt:
+ * WebCore.xcodeproj/project.pbxproj:
+ * bindings/js/JSDOMGlobalObject.cpp:
+ (WebCore::JSDOMGlobalObject::JSDOMGlobalObject):
+ * bindings/js/JSDOMGlobalObject.h:
+ * bindings/js/JSDOMWindowBase.cpp:
+ (WebCore::JSDOMWindowBase::JSDOMWindowBase):
+ * dom/Document.cpp:
+ (WebCore::Document::threadLocalCache): Deleted.
+ * dom/Document.h:
+ * page/OriginThreadLocalCache.cpp: Removed.
+ * page/OriginThreadLocalCache.h: Removed.
+
2018-04-03 Brent Fulgham <bfulg...@apple.com>
Guard against keychain/certificate access outside the network process
Modified: trunk/Source/WebCore/Sources.txt (230225 => 230226)
--- trunk/Source/WebCore/Sources.txt 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/WebCore/Sources.txt 2018-04-03 23:52:09 UTC (rev 230226)
@@ -1347,7 +1347,6 @@
page/Navigator.cpp
page/NavigatorBase.cpp
page/OriginAccessEntry.cpp
-page/OriginThreadLocalCache.cpp
page/Page.cpp
page/PageConfiguration.cpp
page/PageConsoleClient.cpp
Modified: trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj (230225 => 230226)
--- trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2018-04-03 23:52:09 UTC (rev 230226)
@@ -342,7 +342,6 @@
0F580CFF0F12DE9B0051D689 /* RenderLayerBacking.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F580CFB0F12DE9B0051D689 /* RenderLayerBacking.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F580FA31496939100FB5BD8 /* WebTiledBackingLayer.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F580FA11496939100FB5BD8 /* WebTiledBackingLayer.h */; };
0F580FAF149800D400FB5BD8 /* AnimationUtilities.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F580FAE149800D400FB5BD8 /* AnimationUtilities.h */; settings = {ATTRIBUTES = (Private, ); }; };
- 0F5B408A20212F770080F913 /* OriginThreadLocalCache.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5B408820212F730080F913 /* OriginThreadLocalCache.h */; };
0F5B7A5510F65D7A00376302 /* RenderEmbeddedObject.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5B7A5310F65D7A00376302 /* RenderEmbeddedObject.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F5E200618E771FC003EC3E5 /* PlatformCAAnimationCocoa.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5E200518E771FC003EC3E5 /* PlatformCAAnimationCocoa.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F605AED15F94848004DF0C0 /* ScrollingConstraints.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F605AEB15F94848004DF0C0 /* ScrollingConstraints.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -5577,8 +5576,6 @@
0F580FA11496939100FB5BD8 /* WebTiledBackingLayer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WebTiledBackingLayer.h; sourceTree = "<group>"; };
0F580FA21496939100FB5BD8 /* WebTiledBackingLayer.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WebTiledBackingLayer.mm; sourceTree = "<group>"; };
0F580FAE149800D400FB5BD8 /* AnimationUtilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AnimationUtilities.h; sourceTree = "<group>"; };
- 0F5B408820212F730080F913 /* OriginThreadLocalCache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OriginThreadLocalCache.h; sourceTree = "<group>"; };
- 0F5B408920212F730080F913 /* OriginThreadLocalCache.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = OriginThreadLocalCache.cpp; sourceTree = "<group>"; };
0F5B7A5210F65D7A00376302 /* RenderEmbeddedObject.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RenderEmbeddedObject.cpp; sourceTree = "<group>"; };
0F5B7A5310F65D7A00376302 /* RenderEmbeddedObject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RenderEmbeddedObject.h; sourceTree = "<group>"; };
0F5E200518E771FC003EC3E5 /* PlatformCAAnimationCocoa.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PlatformCAAnimationCocoa.h; sourceTree = "<group>"; };
@@ -19068,8 +19065,6 @@
5182C24B1F313AE00059BA7C /* NavigatorServiceWorker.idl */,
00146288103CD1DE000B20DB /* OriginAccessEntry.cpp */,
00146289103CD1DE000B20DB /* OriginAccessEntry.h */,
- 0F5B408920212F730080F913 /* OriginThreadLocalCache.cpp */,
- 0F5B408820212F730080F913 /* OriginThreadLocalCache.h */,
65FEA86809833ADE00BED4AB /* Page.cpp */,
65A21467097A329100B9050A /* Page.h */,
CD5E5B601A15F156000C609E /* PageConfiguration.cpp */,
@@ -29202,7 +29197,6 @@
4184F5161EAF05A800F18BF0 /* OrientationNotifier.h in Headers */,
0014628B103CD1DE000B20DB /* OriginAccessEntry.h in Headers */,
FE9E89FC16E2DC0500A908F8 /* OriginLock.h in Headers */,
- 0F5B408A20212F770080F913 /* OriginThreadLocalCache.h in Headers */,
FD581FAF1520F91F003A7A75 /* OscillatorNode.h in Headers */,
BC5EB5DD0E81B8DD00B25965 /* OutlineValue.h in Headers */,
7A29F57218C69514004D0F81 /* OutOfBandTextTrackPrivateAVF.h in Headers */,
Modified: trunk/Source/WebCore/bindings/js/JSDOMGlobalObject.cpp (230225 => 230226)
--- trunk/Source/WebCore/bindings/js/JSDOMGlobalObject.cpp 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/WebCore/bindings/js/JSDOMGlobalObject.cpp 2018-04-03 23:52:09 UTC (rev 230226)
@@ -56,8 +56,8 @@
const ClassInfo JSDOMGlobalObject::s_info = { "DOMGlobalObject", &JSGlobalObject::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSDOMGlobalObject) };
-JSDOMGlobalObject::JSDOMGlobalObject(VM& vm, Structure* structure, Ref<DOMWrapperWorld>&& world, const GlobalObjectMethodTable* globalObjectMethodTable, RefPtr<JSC::ThreadLocalCache>&& threadLocalCache)
- : JSGlobalObject(vm, structure, globalObjectMethodTable, WTFMove(threadLocalCache))
+JSDOMGlobalObject::JSDOMGlobalObject(VM& vm, Structure* structure, Ref<DOMWrapperWorld>&& world, const GlobalObjectMethodTable* globalObjectMethodTable)
+ : JSGlobalObject(vm, structure, globalObjectMethodTable)
, m_world(WTFMove(world))
, m_worldIsNormal(m_world->isNormal())
, m_builtinInternalFunctions(vm)
Modified: trunk/Source/WebCore/bindings/js/JSDOMGlobalObject.h (230225 => 230226)
--- trunk/Source/WebCore/bindings/js/JSDOMGlobalObject.h 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/WebCore/bindings/js/JSDOMGlobalObject.h 2018-04-03 23:52:09 UTC (rev 230226)
@@ -31,7 +31,6 @@
#include <_javascript_Core/JSGlobalObject.h>
#include <_javascript_Core/LockDuringMarking.h>
#include <_javascript_Core/StructureInlines.h>
-#include <_javascript_Core/ThreadLocalCache.h>
namespace WebCore {
@@ -49,7 +48,7 @@
protected:
struct JSDOMGlobalObjectData;
- JSDOMGlobalObject(JSC::VM&, JSC::Structure*, Ref<DOMWrapperWorld>&&, const JSC::GlobalObjectMethodTable* = nullptr, RefPtr<JSC::ThreadLocalCache>&& = nullptr);
+ JSDOMGlobalObject(JSC::VM&, JSC::Structure*, Ref<DOMWrapperWorld>&&, const JSC::GlobalObjectMethodTable* = nullptr);
static void destroy(JSC::JSCell*);
void finishCreation(JSC::VM&);
void finishCreation(JSC::VM&, JSC::JSObject*);
Modified: trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp (230225 => 230226)
--- trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/WebCore/bindings/js/JSDOMWindowBase.cpp 2018-04-03 23:52:09 UTC (rev 230226)
@@ -79,7 +79,7 @@
};
JSDOMWindowBase::JSDOMWindowBase(VM& vm, Structure* structure, RefPtr<DOMWindow>&& window, JSDOMWindowProxy* proxy)
- : JSDOMGlobalObject(vm, structure, proxy->world(), &s_globalObjectMethodTable, window ? &window->document()->threadLocalCache() : nullptr)
+ : JSDOMGlobalObject(vm, structure, proxy->world(), &s_globalObjectMethodTable)
, m_windowCloseWatchpoints((window && window->frame()) ? IsWatched : IsInvalidated)
, m_wrapped(WTFMove(window))
, m_proxy(proxy)
Modified: trunk/Source/WebCore/dom/Document.cpp (230225 => 230226)
--- trunk/Source/WebCore/dom/Document.cpp 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/WebCore/dom/Document.cpp 2018-04-03 23:52:09 UTC (rev 230226)
@@ -131,7 +131,6 @@
#include "NodeRareData.h"
#include "NodeWithIndex.h"
#include "OriginAccessEntry.h"
-#include "OriginThreadLocalCache.h"
#include "OverflowEvent.h"
#include "PageConsoleClient.h"
#include "PageGroup.h"
@@ -7767,16 +7766,4 @@
}
#endif
-JSC::ThreadLocalCache& Document::threadLocalCache()
-{
- if (!m_threadLocalCache) {
- SecurityOrigin& origin = securityOrigin();
- if (origin.isUnique() || (origin.isLocal() && origin.enforcesFilePathSeparation()))
- m_threadLocalCache = JSC::ThreadLocalCache::create(commonVM().heap);
- else
- m_threadLocalCache = OriginThreadLocalCache::create(origin);
- }
- return *m_threadLocalCache;
-}
-
} // namespace WebCore
Modified: trunk/Source/WebCore/dom/Document.h (230225 => 230226)
--- trunk/Source/WebCore/dom/Document.h 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/WebCore/dom/Document.h 2018-04-03 23:52:09 UTC (rev 230226)
@@ -52,7 +52,6 @@
#include "UserActionElementSet.h"
#include "ViewportArguments.h"
#include "VisibilityState.h"
-#include <_javascript_Core/ThreadLocalCache.h>
#include <pal/SessionID.h>
#include <wtf/Deque.h>
#include <wtf/Forward.h>
@@ -1414,8 +1413,6 @@
bool handlingTouchEvent() const { return m_handlingTouchEvent; }
#endif
- JSC::ThreadLocalCache& threadLocalCache();
-
#if HAVE(CFNETWORK_STORAGE_PARTITIONING)
bool hasRequestedPageSpecificStorageAccessWithUserInteraction(const String& primaryDomain);
void setHasRequestedPageSpecificStorageAccessWithUserInteraction(const String& primaryDomain);
@@ -1906,8 +1903,6 @@
HashSet<ApplicationStateChangeListener*> m_applicationStateChangeListeners;
- RefPtr<JSC::ThreadLocalCache> m_threadLocalCache;
-
#if HAVE(CFNETWORK_STORAGE_PARTITIONING)
String m_primaryDomainRequestedPageSpecificStorageAccessWithUserInteraction { };
#endif
Deleted: trunk/Source/WebCore/page/OriginThreadLocalCache.cpp (230225 => 230226)
--- trunk/Source/WebCore/page/OriginThreadLocalCache.cpp 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/WebCore/page/OriginThreadLocalCache.cpp 2018-04-03 23:52:09 UTC (rev 230226)
@@ -1,68 +0,0 @@
-/*
- * Copyright (C) 2018 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "OriginThreadLocalCache.h"
-
-#include "CommonVM.h"
-#include "SecurityOriginHash.h"
-#include <wtf/HashMap.h>
-#include <wtf/NeverDestroyed.h>
-
-namespace WebCore {
-
-typedef HashMap<RefPtr<SecurityOrigin>, OriginThreadLocalCache*> ThreadLocalCacheMap;
-
-static ThreadLocalCacheMap& threadLocalCacheMap()
-{
- static NeverDestroyed<ThreadLocalCacheMap> map;
- return map;
-}
-
-Ref<OriginThreadLocalCache> OriginThreadLocalCache::create(SecurityOrigin& key)
-{
- auto iter = threadLocalCacheMap().find(&key);
- if (iter != threadLocalCacheMap().end())
- return *iter->value;
-
- return adoptRef(*new OriginThreadLocalCache(key));
-}
-
-OriginThreadLocalCache::~OriginThreadLocalCache()
-{
- bool result = threadLocalCacheMap().remove(m_key);
- RELEASE_ASSERT(result);
-}
-
-OriginThreadLocalCache::OriginThreadLocalCache(SecurityOrigin& key)
- : ThreadLocalCache(commonVM().heap, JSC::uniqueSecurityOriginToken())
- , m_key(&key)
-{
- auto result = threadLocalCacheMap().add(&key, this);
- RELEASE_ASSERT(result);
-}
-
-} // namespace WebCore
-
Deleted: trunk/Source/WebCore/page/OriginThreadLocalCache.h (230225 => 230226)
--- trunk/Source/WebCore/page/OriginThreadLocalCache.h 2018-04-03 23:50:14 UTC (rev 230225)
+++ trunk/Source/WebCore/page/OriginThreadLocalCache.h 2018-04-03 23:52:09 UTC (rev 230226)
@@ -1,46 +0,0 @@
-/*
- * Copyright (C) 2018 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#pragma once
-
-#include "SecurityOrigin.h"
-#include <_javascript_Core/ThreadLocalCache.h>
-
-namespace WebCore {
-
-class OriginThreadLocalCache final : public JSC::ThreadLocalCache {
-public:
- static Ref<OriginThreadLocalCache> create(SecurityOrigin&);
-
- ~OriginThreadLocalCache() override;
-
-private:
- explicit OriginThreadLocalCache(SecurityOrigin&);
-
- RefPtr<SecurityOrigin> m_key;
-};
-
-} // namespace WebCore
-