Diff
Modified: trunk/Source/_javascript_Core/API/ObjCCallbackFunction.h (252874 => 252875)
--- trunk/Source/_javascript_Core/API/ObjCCallbackFunction.h 2019-11-26 06:08:58 UTC (rev 252874)
+++ trunk/Source/_javascript_Core/API/ObjCCallbackFunction.h 2019-11-26 07:02:45 UTC (rev 252875)
@@ -55,6 +55,7 @@
}
static ObjCCallbackFunction* create(VM&, JSGlobalObject*, const String& name, std::unique_ptr<ObjCCallbackFunctionImpl>);
+ static constexpr bool needsDestruction = true;
static void destroy(JSCell*);
static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
Modified: trunk/Source/_javascript_Core/API/glib/JSCCallbackFunction.cpp (252874 => 252875)
--- trunk/Source/_javascript_Core/API/glib/JSCCallbackFunction.cpp 2019-11-26 06:08:58 UTC (rev 252874)
+++ trunk/Source/_javascript_Core/API/glib/JSCCallbackFunction.cpp 2019-11-26 07:02:45 UTC (rev 252875)
@@ -29,7 +29,6 @@
#include "APICallbackFunction.h"
#include "APICast.h"
-#include "IsoSubspacePerVM.h"
#include "JSCClassPrivate.h"
#include "JSCContextPrivate.h"
#include "JSDestructibleObjectHeapCellType.h"
@@ -223,10 +222,4 @@
static_cast<JSCCallbackFunction*>(cell)->JSCCallbackFunction::~JSCCallbackFunction();
}
-IsoSubspace* JSCCallbackFunction::subspaceForImpl(VM& vm)
-{
- NeverDestroyed<IsoSubspacePerVM> perVM([] (VM& vm) -> IsoSubspacePerVM::SubspaceParameters { return ISO_SUBSPACE_PARAMETERS(vm.destructibleObjectHeapCellType.get(), JSCCallbackFunction); });
- return &perVM.get().forVM(vm);
-}
-
} // namespace JSC
Modified: trunk/Source/_javascript_Core/API/glib/JSCCallbackFunction.h (252874 => 252875)
--- trunk/Source/_javascript_Core/API/glib/JSCCallbackFunction.h 2019-11-26 06:08:58 UTC (rev 252874)
+++ trunk/Source/_javascript_Core/API/glib/JSCCallbackFunction.h 2019-11-26 07:02:45 UTC (rev 252875)
@@ -35,15 +35,15 @@
namespace JSC {
-class JSCCallbackFunction : public InternalFunction {
+class JSCCallbackFunction final : public InternalFunction {
friend struct APICallbackFunction;
public:
typedef InternalFunction Base;
- template<typename CellType, SubspaceAccess>
+ template<typename CellType, SubspaceAccess mode>
static IsoSubspace* subspaceFor(VM& vm)
{
- return subspaceForImpl(vm);
+ return vm.jscCallbackFunctionSpace<mode>();
}
enum class Type {
@@ -53,6 +53,7 @@
};
static JSCCallbackFunction* create(VM&, JSGlobalObject*, const String& name, Type, JSCClass*, GRefPtr<GClosure>&&, GType, Optional<Vector<GType>>&&);
+ static constexpr bool needsDestruction = true;
static void destroy(JSCell*);
static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
@@ -67,8 +68,6 @@
JSObjectRef construct(JSContextRef, size_t argumentCount, const JSValueRef arguments[], JSValueRef* exception);
private:
- static IsoSubspace* subspaceForImpl(VM&);
-
JSCCallbackFunction(VM&, Structure*, Type, JSCClass*, GRefPtr<GClosure>&&, GType, Optional<Vector<GType>>&&);
JSObjectCallAsFunctionCallback functionCallback() { return m_functionCallback; }
Modified: trunk/Source/_javascript_Core/ChangeLog (252874 => 252875)
--- trunk/Source/_javascript_Core/ChangeLog 2019-11-26 06:08:58 UTC (rev 252874)
+++ trunk/Source/_javascript_Core/ChangeLog 2019-11-26 07:02:45 UTC (rev 252875)
@@ -1,3 +1,34 @@
+2019-11-25 Yusuke Suzuki <[email protected]>
+
+ [JSC] InternalFunction should be non-destructible
+ https://bugs.webkit.org/show_bug.cgi?id=204556
+
+ Reviewed by Mark Lam.
+
+ InternalFunction and most of its subclasses should be non-destructible since they can be trivially
+ destructed and don't use a destroy function. For the few subclasses that do need a destroy function,
+ these should have different IsoSubspaces of their own. For each of these subclasses, we annotate
+ needsDestruction = true, define a specific HeapCellType for them, and pass the HeapCellType to their
+ IsoSubspace so that their destructors can be invoked.
+
+ * API/ObjCCallbackFunction.h:
+ * API/glib/JSCCallbackFunction.cpp:
+ (JSC::JSCCallbackFunction::subspaceForImpl): Deleted.
+ * API/glib/JSCCallbackFunction.h:
+ (JSC::JSCCallbackFunction::subspaceFor): Deleted.
+ (JSC::JSCCallbackFunction::createStructure): Deleted.
+ (JSC::JSCCallbackFunction::functionCallback): Deleted.
+ (JSC::JSCCallbackFunction::constructCallback): Deleted.
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
+ (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::InternalFunction):
+ * runtime/InternalFunction.h:
+ * runtime/VM.cpp:
+ (JSC::VM::VM):
+ * runtime/VM.h:
+
2019-11-25 Saam Barati <[email protected]>
Unreviewed. Fix 32-bit build.
Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (252874 => 252875)
--- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2019-11-26 06:08:58 UTC (rev 252874)
+++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2019-11-26 07:02:45 UTC (rev 252875)
@@ -3748,7 +3748,7 @@
if (!isTypedView(type))
return false;
- if (function->classInfo() != constructorClassInfoForType(type))
+ if (function->classInfo(*m_vm) != constructorClassInfoForType(type))
return false;
if (function->globalObject() != m_inlineStackTop->m_codeBlock->globalObject())
@@ -3818,7 +3818,7 @@
return false;
}
- if (function->classInfo() == ArrayConstructor::info()) {
+ if (function->classInfo(*m_vm) == ArrayConstructor::info()) {
if (function->globalObject() != m_inlineStackTop->m_codeBlock->globalObject())
return false;
@@ -3836,7 +3836,7 @@
return true;
}
- if (function->classInfo() == NumberConstructor::info()) {
+ if (function->classInfo(*m_vm) == NumberConstructor::info()) {
if (kind == CodeForConstruct)
return false;
@@ -3849,7 +3849,7 @@
return true;
}
- if (function->classInfo() == StringConstructor::info()) {
+ if (function->classInfo(*m_vm) == StringConstructor::info()) {
insertChecks();
Node* resultNode;
@@ -3866,7 +3866,7 @@
return true;
}
- if (function->classInfo() == SymbolConstructor::info() && kind == CodeForCall) {
+ if (function->classInfo(*m_vm) == SymbolConstructor::info() && kind == CodeForCall) {
insertChecks();
Node* resultNode;
@@ -3881,7 +3881,7 @@
}
// FIXME: This should handle construction as well. https://bugs.webkit.org/show_bug.cgi?id=155591
- if (function->classInfo() == ObjectConstructor::info() && kind == CodeForCall) {
+ if (function->classInfo(*m_vm) == ObjectConstructor::info() && kind == CodeForCall) {
insertChecks();
Node* resultNode;
Modified: trunk/Source/_javascript_Core/runtime/InternalFunction.cpp (252874 => 252875)
--- trunk/Source/_javascript_Core/runtime/InternalFunction.cpp 2019-11-26 06:08:58 UTC (rev 252874)
+++ trunk/Source/_javascript_Core/runtime/InternalFunction.cpp 2019-11-26 07:02:45 UTC (rev 252875)
@@ -35,7 +35,7 @@
const ClassInfo InternalFunction::s_info = { "Function", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(InternalFunction) };
InternalFunction::InternalFunction(VM& vm, Structure* structure, NativeFunction functionForCall, NativeFunction functionForConstruct)
- : JSDestructibleObject(vm, structure)
+ : Base(vm, structure)
, m_functionForCall(functionForCall)
, m_functionForConstruct(functionForConstruct ? functionForConstruct : callHostFunctionAsConstructor)
, m_globalObject(vm, this, structure->globalObject())
Modified: trunk/Source/_javascript_Core/runtime/InternalFunction.h (252874 => 252875)
--- trunk/Source/_javascript_Core/runtime/InternalFunction.h 2019-11-26 06:08:58 UTC (rev 252874)
+++ trunk/Source/_javascript_Core/runtime/InternalFunction.h 2019-11-26 07:02:45 UTC (rev 252875)
@@ -30,11 +30,11 @@
class FunctionPrototype;
-class InternalFunction : public JSDestructibleObject {
+class InternalFunction : public JSNonFinalObject {
friend class JIT;
friend class LLIntOffsetsExtractor;
public:
- typedef JSDestructibleObject Base;
+ using Base = JSNonFinalObject;
static constexpr unsigned StructureFlags = Base::StructureFlags | ImplementsHasInstance | ImplementsDefaultHasInstance | OverridesGetCallData;
template<typename CellType, SubspaceAccess>
Modified: trunk/Source/_javascript_Core/runtime/VM.cpp (252874 => 252875)
--- trunk/Source/_javascript_Core/runtime/VM.cpp 2019-11-26 06:08:58 UTC (rev 252874)
+++ trunk/Source/_javascript_Core/runtime/VM.cpp 2019-11-26 07:02:45 UTC (rev 252875)
@@ -172,6 +172,10 @@
#include "RegExp.h"
#endif
+#ifdef JSC_GLIB_API_ENABLED
+#include "JSCCallbackFunction.h"
+#endif
+
namespace JSC {
#if ENABLE(JIT)
@@ -265,6 +269,12 @@
, weakMapHeapCellType(makeUnique<IsoHeapCellType<JSWeakMap>>())
, weakSetHeapCellType(makeUnique<IsoHeapCellType<JSWeakSet>>())
, destructibleObjectHeapCellType(makeUnique<JSDestructibleObjectHeapCellType>())
+#if JSC_OBJC_API_ENABLED
+ , objCCallbackFunctionHeapCellType(makeUnique<IsoHeapCellType<ObjCCallbackFunction>>())
+#endif
+#ifdef JSC_GLIB_API_ENABLED
+ , jscCallbackFunctionHeapCellType(makeUnique<IsoHeapCellType<JSCCallbackFunction>>())
+#endif
#if ENABLE(WEBASSEMBLY)
, webAssemblyCodeBlockHeapCellType(makeUnique<IsoHeapCellType<JSWebAssemblyCodeBlock>>())
, webAssemblyFunctionHeapCellType(makeUnique<IsoHeapCellType<WebAssemblyFunction>>())
@@ -280,7 +290,7 @@
, executableToCodeBlockEdgeSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), ExecutableToCodeBlockEdge) // Hash:0x7b730b20
, functionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSFunction) // Hash:0x800fca72
, getterSetterSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), GetterSetter)
- , internalFunctionSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), InternalFunction) // Hash:0xf845c464
+ , internalFunctionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), InternalFunction) // Hash:0xf845c464
, nativeExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), NativeExecutable) // Hash:0x67567f95
, propertyTableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), PropertyTable) // Hash:0xc6bc9f12
, ropeStringSpace ISO_SUBSPACE_INIT(heap, stringHeapCellType.get(), JSRopeString)
@@ -1295,13 +1305,13 @@
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(boundFunctionSpace, cellHeapCellType.get(), JSBoundFunction) // Hash:0xd7916d41
-DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(callbackFunctionSpace, destructibleObjectHeapCellType.get(), JSCallbackFunction) // Hash:0xe7648ebc
+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(callbackFunctionSpace, cellHeapCellType.get(), JSCallbackFunction) // Hash:0xe7648ebc
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(customGetterSetterFunctionSpace, cellHeapCellType.get(), JSCustomGetterSetterFunction) // Hash:0x18091000
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(errorInstanceSpace, destructibleObjectHeapCellType.get(), ErrorInstance) // Hash:0x3f40d4a
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(functionRareDataSpace, destructibleCellHeapCellType.get(), FunctionRareData)
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(nativeStdFunctionSpace, cellHeapCellType.get(), JSNativeStdFunction) // Hash:0x70ed61e4
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(proxyObjectSpace, cellHeapCellType.get(), ProxyObject)
-DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(proxyRevokeSpace, destructibleObjectHeapCellType.get(), ProxyRevoke) // Hash:0xb506a939
+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(proxyRevokeSpace, cellHeapCellType.get(), ProxyRevoke) // Hash:0xb506a939
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(symbolSpace, destructibleCellHeapCellType.get(), Symbol)
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(unlinkedEvalCodeBlockSpace, destructibleCellHeapCellType.get(), UnlinkedEvalCodeBlock)
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(unlinkedFunctionCodeBlockSpace, destructibleCellHeapCellType.get(), UnlinkedFunctionCodeBlock)
@@ -1311,8 +1321,11 @@
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(weakSetSpace, weakSetHeapCellType.get(), JSWeakSet) // Hash:0x4c781b30
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(weakObjectRefSpace, cellHeapCellType.get(), JSWeakObjectRef) // Hash:0x8ec68f1f
#if JSC_OBJC_API_ENABLED
-DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(objCCallbackFunctionSpace, destructibleObjectHeapCellType.get(), ObjCCallbackFunction) // Hash:0x10f610b8
+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(objCCallbackFunctionSpace, objCCallbackFunctionHeapCellType.get(), ObjCCallbackFunction) // Hash:0x10f610b8
#endif
+#ifdef JSC_GLIB_API_ENABLED
+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(jscCallbackFunctionSpace, jscCallbackFunctionHeapCellType.get(), JSCCallbackFunction)
+#endif
#if ENABLE(WEBASSEMBLY)
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(webAssemblyCodeBlockSpace, webAssemblyCodeBlockHeapCellType.get(), JSWebAssemblyCodeBlock) // Hash:0x9ad995cd
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(webAssemblyFunctionSpace, webAssemblyFunctionHeapCellType.get(), WebAssemblyFunction) // Hash:0x8b7c32db
Modified: trunk/Source/_javascript_Core/runtime/VM.h (252874 => 252875)
--- trunk/Source/_javascript_Core/runtime/VM.h 2019-11-26 06:08:58 UTC (rev 252874)
+++ trunk/Source/_javascript_Core/runtime/VM.h 2019-11-26 07:02:45 UTC (rev 252875)
@@ -120,6 +120,7 @@
class HeapProfiler;
class Identifier;
class Interpreter;
+class JSCCallbackFunction;
class JSCustomGetterSetterFunction;
class JSDestructibleObjectHeapCellType;
class JSGlobalObject;
@@ -133,6 +134,7 @@
class JSWebAssemblyInstance;
class LLIntOffsetsExtractor;
class NativeExecutable;
+class ObjCCallbackFunction;
class PromiseTimer;
class RegExp;
class RegExpCache;
@@ -346,6 +348,12 @@
std::unique_ptr<IsoHeapCellType<JSWeakMap>> weakMapHeapCellType;
std::unique_ptr<IsoHeapCellType<JSWeakSet>> weakSetHeapCellType;
std::unique_ptr<JSDestructibleObjectHeapCellType> destructibleObjectHeapCellType;
+#if JSC_OBJC_API_ENABLED
+ std::unique_ptr<IsoHeapCellType<ObjCCallbackFunction>> objCCallbackFunctionHeapCellType;
+#endif
+#ifdef JSC_GLIB_API_ENABLED
+ std::unique_ptr<IsoHeapCellType<JSCCallbackFunction>> jscCallbackFunctionHeapCellType;
+#endif
#if ENABLE(WEBASSEMBLY)
std::unique_ptr<IsoHeapCellType<JSWebAssemblyCodeBlock>> webAssemblyCodeBlockHeapCellType;
std::unique_ptr<IsoHeapCellType<WebAssemblyFunction>> webAssemblyFunctionHeapCellType;
@@ -411,6 +419,9 @@
#if JSC_OBJC_API_ENABLED
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(objCCallbackFunctionSpace)
#endif
+#ifdef JSC_GLIB_API_ENABLED
+ DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(jscCallbackFunctionSpace)
+#endif
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(boundFunctionSpace)
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(callbackFunctionSpace)
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(customGetterSetterFunctionSpace)
Modified: trunk/Source/WebCore/ChangeLog (252874 => 252875)
--- trunk/Source/WebCore/ChangeLog 2019-11-26 06:08:58 UTC (rev 252874)
+++ trunk/Source/WebCore/ChangeLog 2019-11-26 07:02:45 UTC (rev 252875)
@@ -1,3 +1,13 @@
+2019-11-25 Yusuke Suzuki <[email protected]>
+
+ [JSC] InternalFunction should be non-destructible
+ https://bugs.webkit.org/show_bug.cgi?id=204556
+
+ Reviewed by Mark Lam.
+
+ * bindings/js/WebCoreJSClientData.cpp:
+ (WebCore::JSVMClientData::JSVMClientData):
+
2019-11-25 Fujii Hironori <[email protected]>
[Win] Update KeyboardEvent as per the latest specification
Modified: trunk/Source/WebCore/bindings/js/WebCoreJSClientData.cpp (252874 => 252875)
--- trunk/Source/WebCore/bindings/js/WebCoreJSClientData.cpp 2019-11-26 06:08:58 UTC (rev 252874)
+++ trunk/Source/WebCore/bindings/js/WebCoreJSClientData.cpp 2019-11-26 07:02:45 UTC (rev 252875)
@@ -43,7 +43,7 @@
JSVMClientData::JSVMClientData(VM& vm)
: m_builtinFunctions(vm)
, m_builtinNames(vm)
- , m_runtimeMethodSpace ISO_SUBSPACE_INIT(vm.heap, vm.destructibleObjectHeapCellType.get(), RuntimeMethod) // Hash:0xf70c4a85
+ , m_runtimeMethodSpace ISO_SUBSPACE_INIT(vm.heap, vm.cellHeapCellType.get(), RuntimeMethod) // Hash:0xf70c4a85
, m_outputConstraintSpace("WebCore Wrapper w/ Output Constraint", vm.heap, vm.destructibleObjectHeapCellType.get(), vm.fastMallocAllocator.get()) // Hash:0x7724c2e4
, m_globalObjectOutputConstraintSpace("WebCore Global Object w/ Output Constraint", vm.heap, vm.cellHeapCellType.get(), vm.fastMallocAllocator.get()) // Hash:0x522d6ec9
{
Modified: trunk/Source/WebKit/ChangeLog (252874 => 252875)
--- trunk/Source/WebKit/ChangeLog 2019-11-26 06:08:58 UTC (rev 252874)
+++ trunk/Source/WebKit/ChangeLog 2019-11-26 07:02:45 UTC (rev 252875)
@@ -1,3 +1,13 @@
+2019-11-25 Yusuke Suzuki <[email protected]>
+
+ [JSC] InternalFunction should be non-destructible
+ https://bugs.webkit.org/show_bug.cgi?id=204556
+
+ Reviewed by Mark Lam.
+
+ * WebProcess/Plugins/Netscape/JSNPMethod.cpp:
+ (WebKit::JSNPMethod::subspaceForImpl):
+
2019-11-25 Wenson Hsieh <[email protected]>
[macOS] Dragged images are only available as .tiff when dropping onto macCatalyst apps
Modified: trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.cpp (252874 => 252875)
--- trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.cpp 2019-11-26 06:08:58 UTC (rev 252874)
+++ trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.cpp 2019-11-26 07:02:45 UTC (rev 252875)
@@ -62,7 +62,7 @@
IsoSubspace* JSNPMethod::subspaceForImpl(VM& vm)
{
- static NeverDestroyed<IsoSubspacePerVM> perVM([] (VM& vm) { return ISO_SUBSPACE_PARAMETERS(vm.destructibleObjectHeapCellType.get(), JSNPMethod); });
+ static NeverDestroyed<IsoSubspacePerVM> perVM([] (VM& vm) { return ISO_SUBSPACE_PARAMETERS(vm.cellHeapCellType.get(), JSNPMethod); });
return &perVM.get().forVM(vm);
}
