[webkit-changes] [105676] trunk/Source/JavaScriptCore

[mhahnenberg]

Title: [105676] trunk/Source/_javascript_Core

Revision

105676

Author

mhahnenb...@apple.com

Date

2012-01-23 18:29:38 -0800 (Mon, 23 Jan 2012)

Log Message

Use copying collector for out-of-line JSObject property storage
https://bugs.webkit.org/show_bug.cgi?id=76665

Reviewed by Geoffrey Garen.

* runtime/JSObject.cpp:
(JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line.
(JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to 
operator new.
* runtime/JSObject.h:

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/runtime/JSObject.cpp
• trunk/Source/_javascript_Core/runtime/JSObject.h

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (105675 => 105676)

--- trunk/Source/_javascript_Core/ChangeLog	2012-01-24 02:18:55 UTC (rev 105675)
+++ trunk/Source/_javascript_Core/ChangeLog	2012-01-24 02:29:38 UTC (rev 105676)
@@ -1,3 +1,16 @@
+2012-01-23  Mark Hahnenberg  <mhahnenb...@apple.com>
+
+        Use copying collector for out-of-line JSObject property storage
+        https://bugs.webkit.org/show_bug.cgi?id=76665
+
+        Reviewed by Geoffrey Garen.
+
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line.
+        (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to 
+        operator new.
+        * runtime/JSObject.h:
+
 2012-01-23  Brian Weinstein  <bweinst...@apple.com>
 
         More build fixing after r105646.

Modified: trunk/Source/_javascript_Core/runtime/JSObject.cpp (105675 => 105676)

--- trunk/Source/_javascript_Core/runtime/JSObject.cpp	2012-01-24 02:18:55 UTC (rev 105675)
+++ trunk/Source/_javascript_Core/runtime/JSObject.cpp	2012-01-24 02:29:38 UTC (rev 105676)
@@ -24,6 +24,7 @@
 #include "config.h"
 #include "JSObject.h"
 
+#include "BumpSpaceInlineMethods.h"
 #include "DatePrototype.h"
 #include "ErrorConstructor.h"
 #include "GetterSetter.h"
@@ -83,11 +84,6 @@
     }
 }
 
-void JSObject::finalize(JSCell* cell)
-{
-    delete [] jsCast<JSObject*>(cell)->m_propertyStorage.get();
-}
-
 void JSObject::destroy(JSCell* cell)
 {
     jsCast<JSObject*>(cell)->JSObject::~JSObject();
@@ -106,7 +102,13 @@
 
     PropertyStorage storage = thisObject->propertyStorage();
     size_t storageSize = thisObject->structure()->propertyStorageSize();
-    visitor.appendValues(storage, storageSize);
+    if (thisObject->isUsingInlineStorage())
+        visitor.appendValues(storage, storageSize);
+    else {
+        visitor.copyAndAppend(reinterpret_cast<void**>(&storage), thisObject->structure()->propertyStorageCapacity() * sizeof(WriteBarrierBase<Unknown>), storage->slot(), storageSize);
+        thisObject->m_propertyStorage.set(storage, StorageBarrier::Unchecked);
+    }
+
     if (thisObject->m_inheritorID)
         visitor.append(&thisObject->m_inheritorID);
 
@@ -633,20 +635,23 @@
 
     // It's important that this function not rely on structure(), since
     // we might be in the middle of a transition.
-    PropertyStorage newPropertyStorage = 0;
-    newPropertyStorage = new WriteBarrierBase<Unknown>[newSize];
 
     PropertyStorage oldPropertyStorage = m_propertyStorage.get();
-    ASSERT(newPropertyStorage);
+    PropertyStorage newPropertyStorage = 0;
 
-    for (unsigned i = 0; i < oldSize; ++i)
-       newPropertyStorage[i] = oldPropertyStorage[i];
+    if (isUsingInlineStorage()) {
+        if (!globalData.heap.tryAllocateStorage(sizeof(WriteBarrierBase<Unknown>) * newSize, reinterpret_cast<void**>(&newPropertyStorage)))
+            CRASH();
 
-    if (isUsingInlineStorage())
-        Heap::heap(this)->addFinalizer(this, &finalize);
-    else
-        delete [] oldPropertyStorage;
+        for (unsigned i = 0; i < oldSize; ++i)
+            newPropertyStorage[i] = oldPropertyStorage[i];
+    } else {
+        if (!globalData.heap.tryReallocateStorage(reinterpret_cast<void**>(&oldPropertyStorage), sizeof(WriteBarrierBase<Unknown>) * oldSize, sizeof(WriteBarrierBase<Unknown>) * newSize))
+            CRASH();
+        newPropertyStorage = oldPropertyStorage;
+    }
 
+    ASSERT(newPropertyStorage);
     m_propertyStorage.set(globalData, this, newPropertyStorage);
 }
 

Modified: trunk/Source/_javascript_Core/runtime/JSObject.h (105675 => 105676)

--- trunk/Source/_javascript_Core/runtime/JSObject.h	2012-01-24 02:18:55 UTC (rev 105675)
+++ trunk/Source/_javascript_Core/runtime/JSObject.h	2012-01-24 02:29:38 UTC (rev 105676)
@@ -90,8 +90,6 @@
 
         JS_EXPORT_PRIVATE static UString className(const JSObject*);
 
-        static void finalize(JSCell*);
-
         JSValue prototype() const;
         void setPrototype(JSGlobalData&, JSValue prototype);
         bool setPrototypeWithCycleCheck(JSGlobalData&, JSValue prototype);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes