Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (266249 => 266250)
--- trunk/Source/_javascript_Core/ChangeLog 2020-08-27 19:52:20 UTC (rev 266249)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-08-27 20:01:04 UTC (rev 266250)
@@ -1,3 +1,21 @@
+2020-08-27 Yusuke Suzuki <[email protected]>
+
+ [JSC] Use auxiliary memory for JSBigInt storage
+ https://bugs.webkit.org/show_bug.cgi?id=215876
+
+ Reviewed by Mark Lam.
+
+ This makes JSBigInt non-destructible cell. And it makes allocating JSBigInt from JIT easy.
+
+ * runtime/JSBigInt.cpp:
+ (JSC::JSBigInt::JSBigInt):
+ (JSC::JSBigInt::visitChildren):
+ (JSC::JSBigInt::createWithLength):
+ (JSC::JSBigInt::destroy): Deleted.
+ * runtime/JSBigInt.h:
+ * runtime/VM.cpp:
+ (JSC::VM::VM):
+
2020-08-27 Keith Miller <[email protected]>
OSR availability validation should run for any node with exitOK
Modified: trunk/Source/_javascript_Core/runtime/JSBigInt.cpp (266249 => 266250)
--- trunk/Source/_javascript_Core/runtime/JSBigInt.cpp 2020-08-27 19:52:20 UTC (rev 266249)
+++ trunk/Source/_javascript_Core/runtime/JSBigInt.cpp 2020-08-27 20:01:04 UTC (rev 266250)
@@ -63,12 +63,16 @@
JSBigInt::JSBigInt(VM& vm, Structure* structure, Digit* data, unsigned length)
: Base(vm, structure)
, m_length(length)
- , m_data(data, length)
+ , m_data(vm, this, data, length)
{ }
-void JSBigInt::destroy(JSCell* thisCell)
+void JSBigInt::visitChildren(JSCell* cell, SlotVisitor& visitor)
{
- static_cast<JSBigInt*>(thisCell)->~JSBigInt();
+ auto* thisObject = jsCast<JSBigInt*>(cell);
+ ASSERT_GC_OBJECT_INHERITS(thisObject, info());
+ Base::visitChildren(thisObject, visitor);
+ if (auto* data = ""
+ visitor.markAuxiliary(data);
}
void JSBigInt::initialize(InitializationType initType)
@@ -108,7 +112,7 @@
}
ASSERT(length <= maxLength);
- void* data = "" length * sizeof(Digit));
+ void* data = "" length * sizeof(Digit), nullptr, AllocationFailureMode::ReturnNull);
if (UNLIKELY(!data)) {
if (nullOrGlobalObjectForOOM) {
auto scope = DECLARE_THROW_SCOPE(vm);
Modified: trunk/Source/_javascript_Core/runtime/JSBigInt.h (266249 => 266250)
--- trunk/Source/_javascript_Core/runtime/JSBigInt.h 2020-08-27 19:52:20 UTC (rev 266249)
+++ trunk/Source/_javascript_Core/runtime/JSBigInt.h 2020-08-27 20:01:04 UTC (rev 266250)
@@ -50,8 +50,7 @@
static constexpr unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal | OverridesToThis;
friend class CachedBigInt;
- static constexpr bool needsDestruction = true;
- static void destroy(JSCell*);
+ static void visitChildren(JSCell*, SlotVisitor&);
template<typename CellType, SubspaceAccess>
static IsoSubspace* subspaceFor(VM& vm)
@@ -576,7 +575,7 @@
const unsigned m_length;
bool m_sign { false };
- CagedUniquePtr<Gigacage::Primitive, Digit> m_data;
+ CagedBarrierPtr<Gigacage::Primitive, Digit> m_data;
};
inline JSBigInt* asHeapBigInt(JSValue value)
Modified: trunk/Source/_javascript_Core/runtime/VM.cpp (266249 => 266250)
--- trunk/Source/_javascript_Core/runtime/VM.cpp 2020-08-27 19:52:20 UTC (rev 266249)
+++ trunk/Source/_javascript_Core/runtime/VM.cpp 2020-08-27 20:01:04 UTC (rev 266250)
@@ -337,7 +337,7 @@
, variableSizedCellSpace("Variable Sized JSCell", heap, cellHeapCellType.get(), fastMallocAllocator.get()) // Hash:0xbcd769cc
, destructibleObjectSpace("JSDestructibleObject", heap, destructibleObjectHeapCellType.get(), fastMallocAllocator.get()) // Hash:0x4f5ed7a9
, arraySpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSArray)
- , bigIntSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), JSBigInt)
+ , bigIntSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSBigInt)
, calleeSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSCallee)
, clonedArgumentsSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), ClonedArguments)
, customGetterSetterSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), CustomGetterSetter)
