Diff
Modified: trunk/Source/_javascript_Core/CMakeLists.txt (254446 => 254447)
--- trunk/Source/_javascript_Core/CMakeLists.txt 2020-01-13 20:21:23 UTC (rev 254446)
+++ trunk/Source/_javascript_Core/CMakeLists.txt 2020-01-13 21:28:45 UTC (rev 254447)
@@ -900,7 +900,6 @@
runtime/JSModuleLoader.h
runtime/JSModuleRecord.h
runtime/JSNativeStdFunction.h
- runtime/JSNonDestructibleProxy.h
runtime/JSONObject.h
runtime/JSObject.h
runtime/JSObjectInlines.h
Modified: trunk/Source/_javascript_Core/ChangeLog (254446 => 254447)
--- trunk/Source/_javascript_Core/ChangeLog 2020-01-13 20:21:23 UTC (rev 254446)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-01-13 21:28:45 UTC (rev 254447)
@@ -1,3 +1,28 @@
+2020-01-13 Yusuke Suzuki <[email protected]>
+
+ [JSC] Put JSProxy in IsoSubspace
+ https://bugs.webkit.org/show_bug.cgi?id=206187
+
+ Reviewed by Mark Lam.
+
+ 1. Put JSProxy in IsoSubspace.
+ 2. Make JSProxy non-destructible since derived class JSWindowProxy is having its own IsoSubspace with destructibility.
+
+ * CMakeLists.txt:
+ * _javascript_Core.xcodeproj/project.pbxproj:
+ * Sources.txt:
+ * runtime/JSGlobalObject.cpp:
+ (JSC::JSGlobalObject::resetPrototype):
+ (JSC::JSGlobalObject::finishCreation):
+ * runtime/JSNonDestructibleProxy.cpp: Removed.
+ * runtime/JSNonDestructibleProxy.h: Removed.
+ * runtime/JSProxy.h:
+ (JSC::JSProxy::subspaceFor):
+ * runtime/JSStringIterator.h:
+ * runtime/VM.cpp:
+ (JSC::VM::VM):
+ * runtime/VM.h:
+
2020-01-11 Keith Miller <[email protected]>
CheckNeutered needs to claim it reads JSType in clobberize.
Modified: trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj (254446 => 254447)
--- trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj 2020-01-13 20:21:23 UTC (rev 254446)
+++ trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj 2020-01-13 21:28:45 UTC (rev 254447)
@@ -1821,7 +1821,6 @@
E3850B15226ED641009ABF9C /* DFGMinifiedIDInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = E3850B14226ED63E009ABF9C /* DFGMinifiedIDInlines.h */; };
E38652E3237CA0C900E1D5EE /* BlockDirectoryBits.h in Headers */ = {isa = PBXBuildFile; fileRef = E38652E2237CA0C800E1D5EE /* BlockDirectoryBits.h */; settings = {ATTRIBUTES = (Private, ); }; };
E3893A1D2203A7C600E79A74 /* AsyncFromSyncIteratorPrototype.lut.h in Headers */ = {isa = PBXBuildFile; fileRef = E3893A1C2203A7C600E79A74 /* AsyncFromSyncIteratorPrototype.lut.h */; };
- E38D999C221B78BB00D50474 /* JSNonDestructibleProxy.h in Headers */ = {isa = PBXBuildFile; fileRef = E38D999A221B789F00D50474 /* JSNonDestructibleProxy.h */; settings = {ATTRIBUTES = (Private, ); }; };
E39006212208BFC4001019CF /* SubspaceAccess.h in Headers */ = {isa = PBXBuildFile; fileRef = E39006202208BFC3001019CF /* SubspaceAccess.h */; settings = {ATTRIBUTES = (Private, ); }; };
E393ADD81FE702D00022D681 /* WeakMapImplInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = E393ADD71FE702CC0022D681 /* WeakMapImplInlines.h */; };
E39BF39922A2288B00BD183E /* SymbolTableInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = E39BF39822A2288B00BD183E /* SymbolTableInlines.h */; };
@@ -4969,8 +4968,6 @@
E38D060B1F8E814100649CF2 /* JSScriptFetchParameters.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSScriptFetchParameters.h; sourceTree = "<group>"; };
E38D060C1F8E814100649CF2 /* ScriptFetchParameters.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ScriptFetchParameters.h; sourceTree = "<group>"; };
E38D060D1F8E814100649CF2 /* JSScriptFetchParameters.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSScriptFetchParameters.cpp; sourceTree = "<group>"; };
- E38D999A221B789F00D50474 /* JSNonDestructibleProxy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = JSNonDestructibleProxy.h; sourceTree = "<group>"; };
- E38D999B221B789F00D50474 /* JSNonDestructibleProxy.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = JSNonDestructibleProxy.cpp; sourceTree = "<group>"; };
E39006202208BFC3001019CF /* SubspaceAccess.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SubspaceAccess.h; sourceTree = "<group>"; };
E3915C062309682900CB2561 /* WasmContext.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WasmContext.cpp; sourceTree = "<group>"; };
E393ADD71FE702CC0022D681 /* WeakMapImplInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WeakMapImplInlines.h; sourceTree = "<group>"; };
@@ -7324,8 +7321,6 @@
E39DA4A51B7E8B7C0084F33A /* JSModuleRecord.h */,
E33E8D1A1B9013C300346B52 /* JSNativeStdFunction.cpp */,
E33E8D1B1B9013C300346B52 /* JSNativeStdFunction.h */,
- E38D999B221B789F00D50474 /* JSNonDestructibleProxy.cpp */,
- E38D999A221B789F00D50474 /* JSNonDestructibleProxy.h */,
BC22A3980E16E14800AF21C8 /* JSObject.cpp */,
BC22A3990E16E14800AF21C8 /* JSObject.h */,
0F93275E1C21EF7F00CF6564 /* JSObjectInlines.h */,
@@ -9809,7 +9804,6 @@
E318CBC11B8AEF5100A2929D /* JSModuleNamespaceObject.h in Headers */,
E39DA4A71B7E8B7C0084F33A /* JSModuleRecord.h in Headers */,
E33E8D1D1B9013C300346B52 /* JSNativeStdFunction.h in Headers */,
- E38D999C221B78BB00D50474 /* JSNonDestructibleProxy.h in Headers */,
BC18C4240E16F5CD00B34460 /* JSObject.h in Headers */,
0F93275F1C21EF7F00CF6564 /* JSObjectInlines.h in Headers */,
BC18C4250E16F5CD00B34460 /* JSObjectRef.h in Headers */,
Modified: trunk/Source/_javascript_Core/Sources.txt (254446 => 254447)
--- trunk/Source/_javascript_Core/Sources.txt 2020-01-13 20:21:23 UTC (rev 254446)
+++ trunk/Source/_javascript_Core/Sources.txt 2020-01-13 21:28:45 UTC (rev 254447)
@@ -854,7 +854,6 @@
runtime/JSModuleNamespaceObject.cpp
runtime/JSModuleRecord.cpp
runtime/JSNativeStdFunction.cpp
-runtime/JSNonDestructibleProxy.cpp
runtime/JSONObject.cpp
runtime/JSObject.cpp
runtime/JSPromise.cpp
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp (254446 => 254447)
--- trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2020-01-13 20:21:23 UTC (rev 254446)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2020-01-13 21:28:45 UTC (rev 254447)
@@ -110,7 +110,6 @@
#include "JSModuleNamespaceObject.h"
#include "JSModuleRecord.h"
#include "JSNativeStdFunction.h"
-#include "JSNonDestructibleProxy.h"
#include "JSONObject.h"
#include "JSPromise.h"
#include "JSPromiseConstructor.h"
@@ -1706,7 +1705,7 @@
setPrototypeDirect(vm, prototype);
fixupPrototypeChainWithObjectPrototype(vm);
// Whenever we change the prototype of the global object, we need to create a new JSProxy with the correct prototype.
- setGlobalThis(vm, JSNonDestructibleProxy::create(vm, JSNonDestructibleProxy::createStructure(vm, this, prototype, PureForwardingProxyType), this));
+ setGlobalThis(vm, JSProxy::create(vm, JSProxy::createStructure(vm, this, prototype, PureForwardingProxyType), this));
}
void JSGlobalObject::visitChildren(JSCell* cell, SlotVisitor& visitor)
@@ -2210,7 +2209,7 @@
structure(vm)->setGlobalObject(vm, this);
m_runtimeFlags = m_globalObjectMethodTable->_javascript_RuntimeFlags(this);
init(vm);
- setGlobalThis(vm, JSNonDestructibleProxy::create(vm, JSNonDestructibleProxy::createStructure(vm, this, getPrototypeDirect(vm), PureForwardingProxyType), this));
+ setGlobalThis(vm, JSProxy::create(vm, JSProxy::createStructure(vm, this, getPrototypeDirect(vm), PureForwardingProxyType), this));
ASSERT(type() == GlobalObjectType);
}
Deleted: trunk/Source/_javascript_Core/runtime/JSNonDestructibleProxy.cpp (254446 => 254447)
--- trunk/Source/_javascript_Core/runtime/JSNonDestructibleProxy.cpp 2020-01-13 20:21:23 UTC (rev 254446)
+++ trunk/Source/_javascript_Core/runtime/JSNonDestructibleProxy.cpp 2020-01-13 21:28:45 UTC (rev 254447)
@@ -1,33 +0,0 @@
-/*
- * Copyright (C) 2019 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "JSNonDestructibleProxy.h"
-
-namespace JSC {
-
-const ClassInfo JSNonDestructibleProxy::s_info = { "JSNonDestructibleProxy", &Base::s_info, nullptr, nullptr, CREATE_METHOD_TABLE(JSNonDestructibleProxy) };
-
-} // namespace JSC
Deleted: trunk/Source/_javascript_Core/runtime/JSNonDestructibleProxy.h (254446 => 254447)
--- trunk/Source/_javascript_Core/runtime/JSNonDestructibleProxy.h 2020-01-13 20:21:23 UTC (rev 254446)
+++ trunk/Source/_javascript_Core/runtime/JSNonDestructibleProxy.h 2020-01-13 21:28:45 UTC (rev 254447)
@@ -1,81 +0,0 @@
-/*
- * Copyright (C) 2019 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#pragma once
-
-#include "JSProxy.h"
-
-namespace JSC {
-
-class JSNonDestructibleProxy : public JSProxy {
-public:
- using Base = JSProxy;
- static constexpr unsigned StructureFlags = Base::StructureFlags;
- static constexpr bool needsDestruction = false;
-
- template<typename CellType, SubspaceAccess mode>
- static CompleteSubspace* subspaceFor(VM& vm)
- {
- // JSProxy is JSDestrucitbleObject, but we make this JSNonDestructibleProxy non-destructible by using non-destructible subspace.
- // The motivation behind this is (1) except for JSWindowProxy JSProxy does not need to be destructible, and (2) subspace of destructible
- // and non-destructible objects are separated and JSProxy is using one MarkedBlock only for JSProxy class in the JSC framework and wasting memory.
- // Basically, to make objects destructible, objects need to inherit JSDestructibleObject. It holds a classInfo at a specific offset
- // so that Heap can get methodTable::destroy even if structures held by objects are destroyed before objects' destructions. But this
- // requirement forces JSProxy to inherit JSDestructibleObject for JSWindowProxy even while the other JSProxy does not need to be
- // destructible. We create JSNonDestructibleProxy, which is a subclass of JSProxy, and make it non-destructible so that we still keep
- // JSWindowProxy destructible while making JSNonDestructibleProxy non-destructible.
- return JSNonFinalObject::subspaceFor<CellType, mode>(vm);
- }
-
- static JSNonDestructibleProxy* create(VM& vm, Structure* structure, JSObject* target)
- {
- JSNonDestructibleProxy* proxy = new (NotNull, allocateCell<JSNonDestructibleProxy>(vm.heap)) JSNonDestructibleProxy(vm, structure);
- proxy->finishCreation(vm, target);
- return proxy;
- }
-
- static JSNonDestructibleProxy* create(VM& vm, Structure* structure)
- {
- JSNonDestructibleProxy* proxy = new (NotNull, allocateCell<JSNonDestructibleProxy>(vm.heap)) JSNonDestructibleProxy(vm, structure);
- proxy->finishCreation(vm);
- return proxy;
- }
-
- static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype, JSType proxyType)
- {
- ASSERT(proxyType == ImpureProxyType || proxyType == PureForwardingProxyType);
- return Structure::create(vm, globalObject, prototype, TypeInfo(proxyType, StructureFlags), info());
- }
-
- DECLARE_EXPORT_INFO;
-
-protected:
- JSNonDestructibleProxy(VM& vm, Structure* structure)
- : Base(vm, structure)
- {
- }
-};
-
-} // namespace JSC
Modified: trunk/Source/_javascript_Core/runtime/JSProxy.h (254446 => 254447)
--- trunk/Source/_javascript_Core/runtime/JSProxy.h 2020-01-13 20:21:23 UTC (rev 254446)
+++ trunk/Source/_javascript_Core/runtime/JSProxy.h 2020-01-13 21:28:45 UTC (rev 254447)
@@ -25,15 +25,22 @@
#pragma once
-#include "JSDestructibleObject.h"
+#include "JSObject.h"
namespace JSC {
-class JSProxy : public JSDestructibleObject {
+class JSProxy : public JSNonFinalObject {
public:
- using Base = JSDestructibleObject;
+ using Base = JSNonFinalObject;
static constexpr unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames | InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero;
+ template<typename CellType, SubspaceAccess>
+ static IsoSubspace* subspaceFor(VM& vm)
+ {
+ static_assert(sizeof(CellType) == sizeof(JSProxy));
+ return &vm.jsProxySpace;
+ }
+
static JSProxy* create(VM& vm, Structure* structure, JSObject* target)
{
JSProxy* proxy = new (NotNull, allocateCell<JSProxy>(vm.heap)) JSProxy(vm, structure);
Modified: trunk/Source/_javascript_Core/runtime/JSStringIterator.h (254446 => 254447)
--- trunk/Source/_javascript_Core/runtime/JSStringIterator.h 2020-01-13 20:21:23 UTC (rev 254446)
+++ trunk/Source/_javascript_Core/runtime/JSStringIterator.h 2020-01-13 21:28:45 UTC (rev 254447)
@@ -25,7 +25,7 @@
#pragma once
-#include "JSObject.h"
+#include "JSInternalFieldObjectImpl.h"
namespace JSC {
Modified: trunk/Source/_javascript_Core/runtime/VM.cpp (254446 => 254447)
--- trunk/Source/_javascript_Core/runtime/VM.cpp 2020-01-13 20:21:23 UTC (rev 254446)
+++ trunk/Source/_javascript_Core/runtime/VM.cpp 2020-01-13 21:28:45 UTC (rev 254447)
@@ -111,6 +111,7 @@
#include "JSNativeStdFunction.h"
#include "JSPromise.h"
#include "JSPropertyNameEnumerator.h"
+#include "JSProxy.h"
#include "JSScriptFetchParameters.h"
#include "JSScriptFetcher.h"
#include "JSSet.h"
@@ -369,6 +370,7 @@
, getterSetterSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), GetterSetter)
, globalLexicalEnvironmentSpace ISO_SUBSPACE_INIT(heap, globalLexicalEnvironmentHeapCellType.get(), JSGlobalLexicalEnvironment)
, internalFunctionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), InternalFunction) // Hash:0xf845c464
+ , jsProxySpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSProxy)
, nativeExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), NativeExecutable) // Hash:0x67567f95
, numberObjectSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), NumberObject)
, promiseSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSPromise)
Modified: trunk/Source/_javascript_Core/runtime/VM.h (254446 => 254447)
--- trunk/Source/_javascript_Core/runtime/VM.h 2020-01-13 20:21:23 UTC (rev 254446)
+++ trunk/Source/_javascript_Core/runtime/VM.h 2020-01-13 21:28:45 UTC (rev 254447)
@@ -452,6 +452,7 @@
IsoSubspace getterSetterSpace;
IsoSubspace globalLexicalEnvironmentSpace;
IsoSubspace internalFunctionSpace;
+ IsoSubspace jsProxySpace;
IsoSubspace nativeExecutableSpace;
IsoSubspace numberObjectSpace;
IsoSubspace promiseSpace;
