Changeset 252452 in webkit

Timestamp:

Nov 14, 2019 1:37:12 AM (4 years ago)

Author:

ysuzuki@apple.com

Message:

[JSC] BlockDirectory's bits should be compact
​https://bugs.webkit.org/show_bug.cgi?id=204149

Reviewed by Robin Morisset.

Source/JavaScriptCore:

We start applying IsoSubspace to all JSCells. This means that IsoSubspace should be small enough,
so that we can hold many IsoSubspaces without considering about memory regression.

In this patch, we introduce several things to shrink sizeof(IsoSubspace) from 528 to 384.

1. Adjusting members to remove some paddings.
2. Remove m_heap field since this can be got from the caller easily.
3. Make MarkedSpace::heap() efficient: just doing pointer arithmetic.
4. Remove m_size field from IsoSubspace since BlockDirectory knows cellSize.
5. Introduce BlockDirectoryBits, which repalces 9 FastBitVector in BlockDirectory to this one class. Since all FastBitVector has the same size, we should not have a size field for each FastBitVector. We reuse FastBitVector's View mechanism to keep the same ergonomics while making BlockDirectoryBits much smaller. We put 9 uint32_t as Segment, and manage Vector<Segment> in this data structure. Since we touch several bits at the same time for the same block-index, this data structure is compact and efficient.

• CMakeLists.txt:
• JavaScriptCore.xcodeproj/project.pbxproj:
• heap/AlignedMemoryAllocator.cpp:

(JSC::AlignedMemoryAllocator::registerDirectory):

• heap/AlignedMemoryAllocator.h:
• heap/Allocator.h:
• heap/AllocatorInlines.h:

(JSC::Allocator::allocate const):

• heap/BlockDirectory.cpp:

(JSC::BlockDirectory::BlockDirectory):
(JSC::BlockDirectory::findEmptyBlockToSteal):
(JSC::BlockDirectory::findBlockForAllocation):
(JSC::BlockDirectory::tryAllocateBlock):
(JSC::BlockDirectory::addBlock):
(JSC::BlockDirectory::removeBlock):
(JSC::BlockDirectory::prepareForAllocation):
(JSC::BlockDirectory::beginMarkingForFullCollection):
(JSC::BlockDirectory::endMarking):
(JSC::BlockDirectory::snapshotUnsweptForEdenCollection):
(JSC::BlockDirectory::snapshotUnsweptForFullCollection):
(JSC::BlockDirectory::findBlockToSweep):
(JSC::BlockDirectory::sweep):
(JSC::BlockDirectory::shrink):
(JSC::BlockDirectory::assertNoUnswept):
(JSC::BlockDirectory::parallelNotEmptyBlockSource):
(JSC::BlockDirectory::dumpBits):

• heap/BlockDirectory.h:

(JSC::BlockDirectory::cellKind const):
(JSC::BlockDirectory::forEachBitVector):
(JSC::BlockDirectory::forEachBitVectorWithName):
(JSC::BlockDirectory::heap): Deleted.

• heap/BlockDirectoryBits.h: Added.

(JSC::BlockDirectoryBits::BlockDirectoryBitVectorWordView::BlockDirectoryBitVectorWordView):
(JSC::BlockDirectoryBits::BlockDirectoryBitVectorWordView::numBits const):
(JSC::BlockDirectoryBits::BlockDirectoryBitVectorWordView::word const):
(JSC::BlockDirectoryBits::BlockDirectoryBitVectorWordView::word):
(JSC::BlockDirectoryBits::BlockDirectoryBitVectorWordView::clearAll):
(JSC::BlockDirectoryBits::BlockDirectoryBitVectorWordView::view const):
(JSC::BlockDirectoryBits::numBits const):
(JSC::BlockDirectoryBits::resize):
(JSC::BlockDirectoryBits::forEachSegment):

• heap/BlockDirectoryInlines.h:

(JSC::BlockDirectory::forEachBlock):
(JSC::BlockDirectory::forEachNotEmptyBlock):

• heap/CompleteSubspace.cpp:

(JSC::CompleteSubspace::allocatorForSlow):
(JSC::CompleteSubspace::tryAllocateSlow):

• heap/CompleteSubspaceInlines.h:

(JSC::CompleteSubspace::allocateNonVirtual):

• heap/IsoCellSet.cpp:

(JSC::IsoCellSet::parallelNotEmptyMarkedBlockSource):

• heap/IsoCellSetInlines.h:

(JSC::IsoCellSet::forEachMarkedCell):

• heap/IsoSubspace.cpp:

(JSC::IsoSubspace::IsoSubspace):
(JSC::IsoSubspace::tryAllocateFromLowerTier):

• heap/IsoSubspace.h:

(JSC::IsoSubspace::cellSize):
(JSC::IsoSubspace::allocatorForNonVirtual):
(JSC::IsoSubspace::size const): Deleted.
(): Deleted.

• heap/IsoSubspaceInlines.h:

(JSC::IsoSubspace::allocateNonVirtual):

• heap/IsoSubspacePerVM.cpp:

(JSC::IsoSubspacePerVM::AutoremovingIsoSubspace::~AutoremovingIsoSubspace):

• heap/LocalAllocator.cpp:

(JSC::LocalAllocator::allocateSlowCase):
(JSC::LocalAllocator::doTestCollectionsIfNeeded):

• heap/LocalAllocator.h:
• heap/LocalAllocatorInlines.h:

(JSC::LocalAllocator::allocate):

• heap/MarkedBlock.cpp:

(JSC::MarkedBlock::Handle::dumpState):

• heap/MarkedSpace.cpp:

(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::sweepBlocks):
(JSC::MarkedSpace::prepareForAllocation):
(JSC::MarkedSpace::visitWeakSets):
(JSC::MarkedSpace::reapWeakSets):
(JSC::MarkedSpace::prepareForMarking):
(JSC::MarkedSpace::beginMarking):
(JSC::MarkedSpace::snapshotUnswept):

• heap/MarkedSpace.h:

(JSC::MarkedSpace::heap const): Deleted.

• heap/MarkedSpaceInlines.h:

(JSC::MarkedSpace::heap const):

• heap/Subspace.cpp:

(JSC::Subspace::initialize):

• heap/Subspace.h:

Source/WTF:

• wtf/FastBitVector.h:

(WTF::fastBitVectorArrayLength):
(WTF::FastBitVectorImpl::unsafeWords):
(WTF::FastBitVectorImpl::unsafeWords const):
(WTF::FastBitReference::FastBitReference):
(WTF::FastBitReference::operator bool const):
(WTF::FastBitReference::operator=):
(WTF::FastBitVector::at):
(WTF::FastBitVector::operator[]):
(WTF::FastBitVector::BitReference::BitReference): Deleted.
(WTF::FastBitVector::BitReference::operator bool const): Deleted.
(WTF::FastBitVector::BitReference::operator=): Deleted.

Location:

trunk/Source

Files:

• JavaScriptCore/CMakeLists.txt (modified) (1 diff)
• JavaScriptCore/ChangeLog (modified) (1 diff)
• JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (modified) (4 diffs)
• JavaScriptCore/heap/AlignedMemoryAllocator.cpp (modified) (1 diff)
• JavaScriptCore/heap/AlignedMemoryAllocator.h (modified) (2 diffs)
• JavaScriptCore/heap/Allocator.h (modified) (2 diffs)
• JavaScriptCore/heap/AllocatorInlines.h (modified) (1 diff)
• JavaScriptCore/heap/BlockDirectory.cpp (modified) (18 diffs)
• JavaScriptCore/heap/BlockDirectory.h (modified) (10 diffs)
• JavaScriptCore/heap/BlockDirectoryBits.h (added)
• JavaScriptCore/heap/BlockDirectoryInlines.h (modified) (2 diffs)
• JavaScriptCore/heap/CompleteSubspace.cpp (modified) (4 diffs)
• JavaScriptCore/heap/CompleteSubspaceInlines.h (modified) (1 diff)
• JavaScriptCore/heap/IsoCellSet.cpp (modified) (1 diff)
• JavaScriptCore/heap/IsoCellSetInlines.h (modified) (1 diff)
• JavaScriptCore/heap/IsoSubspace.cpp (modified) (4 diffs)
• JavaScriptCore/heap/IsoSubspace.h (modified) (3 diffs)
• JavaScriptCore/heap/IsoSubspaceInlines.h (modified) (1 diff)
• JavaScriptCore/heap/IsoSubspacePerVM.cpp (modified) (1 diff)
• JavaScriptCore/heap/LocalAllocator.cpp (modified) (5 diffs)
• JavaScriptCore/heap/LocalAllocator.h (modified) (3 diffs)
• JavaScriptCore/heap/LocalAllocatorInlines.h (modified) (1 diff)
• JavaScriptCore/heap/MarkedBlock.cpp (modified) (1 diff)
• JavaScriptCore/heap/MarkedSpace.cpp (modified) (10 diffs)
• JavaScriptCore/heap/MarkedSpace.h (modified) (2 diffs)
• JavaScriptCore/heap/MarkedSpaceInlines.h (modified) (1 diff)
• JavaScriptCore/heap/Subspace.cpp (modified) (2 diffs)
• JavaScriptCore/heap/Subspace.h (modified) (1 diff)
• WTF/ChangeLog (modified) (1 diff)
• WTF/wtf/FastBitVector.h (modified) (4 diffs)

trunk/Source/JavaScriptCore/CMakeLists.txt

@@ -570 +570 @@
     heap/AllocatorForMode.h
     heap/BlockDirectory.h
+    heap/BlockDirectoryBits.h
     heap/BlockDirectoryInlines.h
     heap/CellAttributes.h

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2019-11-14  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] BlockDirectory's bits should be compact
+        https://bugs.webkit.org/show_bug.cgi?id=204149
+
+        Reviewed by Robin Morisset.
+
+        We start applying IsoSubspace to all JSCells. This means that IsoSubspace should be small enough,
+        so that we can hold many IsoSubspaces without considering about memory regression.
+
+        In this patch, we introduce several things to shrink sizeof(IsoSubspace) from 528 to 384.
+
+        1. Adjusting members to remove some paddings.
+        2. Remove m_heap field since this can be got from the caller easily.
+        3. Make MarkedSpace::heap() efficient: just doing pointer arithmetic.
+        4. Remove m_size field from IsoSubspace since BlockDirectory knows cellSize.
+        5. Introduce BlockDirectoryBits, which repalces 9 FastBitVector in BlockDirectory to this one class.
+           Since all FastBitVector has the same size, we should not have a size field for each FastBitVector.
+           We reuse FastBitVector's View mechanism to keep the same ergonomics while making BlockDirectoryBits
+           much smaller. We put 9 uint32_t as Segment, and manage Vector<Segment> in this data structure. Since
+           we touch several bits at the same time for the same block-index, this data structure is compact and
+           efficient.
+
+        * CMakeLists.txt:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * heap/AlignedMemoryAllocator.cpp:
+        (JSC::AlignedMemoryAllocator::registerDirectory):
+        * heap/AlignedMemoryAllocator.h:
+        * heap/Allocator.h:
+        * heap/AllocatorInlines.h:
+        (JSC::Allocator::allocate const):
+        * heap/BlockDirectory.cpp:
+        (JSC::BlockDirectory::BlockDirectory):
+        (JSC::BlockDirectory::findEmptyBlockToSteal):
+        (JSC::BlockDirectory::findBlockForAllocation):
+        (JSC::BlockDirectory::tryAllocateBlock):
+        (JSC::BlockDirectory::addBlock):
+        (JSC::BlockDirectory::removeBlock):
+        (JSC::BlockDirectory::prepareForAllocation):
+        (JSC::BlockDirectory::beginMarkingForFullCollection):
+        (JSC::BlockDirectory::endMarking):
+        (JSC::BlockDirectory::snapshotUnsweptForEdenCollection):
+        (JSC::BlockDirectory::snapshotUnsweptForFullCollection):
+        (JSC::BlockDirectory::findBlockToSweep):
+        (JSC::BlockDirectory::sweep):
+        (JSC::BlockDirectory::shrink):
+        (JSC::BlockDirectory::assertNoUnswept):
+        (JSC::BlockDirectory::parallelNotEmptyBlockSource):
+        (JSC::BlockDirectory::dumpBits):
+        * heap/BlockDirectory.h:
+        (JSC::BlockDirectory::cellKind const):
+        (JSC::BlockDirectory::forEachBitVector):
+        (JSC::BlockDirectory::forEachBitVectorWithName):
+        (JSC::BlockDirectory::heap): Deleted.
+        * heap/BlockDirectoryBits.h: Added.
+        (JSC::BlockDirectoryBits::BlockDirectoryBitVectorWordView::BlockDirectoryBitVectorWordView):
+        (JSC::BlockDirectoryBits::BlockDirectoryBitVectorWordView::numBits const):
+        (JSC::BlockDirectoryBits::BlockDirectoryBitVectorWordView::word const):
+        (JSC::BlockDirectoryBits::BlockDirectoryBitVectorWordView::word):
+        (JSC::BlockDirectoryBits::BlockDirectoryBitVectorWordView::clearAll):
+        (JSC::BlockDirectoryBits::BlockDirectoryBitVectorWordView::view const):
+        (JSC::BlockDirectoryBits::numBits const):
+        (JSC::BlockDirectoryBits::resize):
+        (JSC::BlockDirectoryBits::forEachSegment):
+        * heap/BlockDirectoryInlines.h:
+        (JSC::BlockDirectory::forEachBlock):
+        (JSC::BlockDirectory::forEachNotEmptyBlock):
+        * heap/CompleteSubspace.cpp:
+        (JSC::CompleteSubspace::allocatorForSlow):
+        (JSC::CompleteSubspace::tryAllocateSlow):
+        * heap/CompleteSubspaceInlines.h:
+        (JSC::CompleteSubspace::allocateNonVirtual):
+        * heap/IsoCellSet.cpp:
+        (JSC::IsoCellSet::parallelNotEmptyMarkedBlockSource):
+        * heap/IsoCellSetInlines.h:
+        (JSC::IsoCellSet::forEachMarkedCell):
+        * heap/IsoSubspace.cpp:
+        (JSC::IsoSubspace::IsoSubspace):
+        (JSC::IsoSubspace::tryAllocateFromLowerTier):
+        * heap/IsoSubspace.h:
+        (JSC::IsoSubspace::cellSize):
+        (JSC::IsoSubspace::allocatorForNonVirtual):
+        (JSC::IsoSubspace::size const): Deleted.
+        (): Deleted.
+        * heap/IsoSubspaceInlines.h:
+        (JSC::IsoSubspace::allocateNonVirtual):
+        * heap/IsoSubspacePerVM.cpp:
+        (JSC::IsoSubspacePerVM::AutoremovingIsoSubspace::~AutoremovingIsoSubspace):
+        * heap/LocalAllocator.cpp:
+        (JSC::LocalAllocator::allocateSlowCase):
+        (JSC::LocalAllocator::doTestCollectionsIfNeeded):
+        * heap/LocalAllocator.h:
+        * heap/LocalAllocatorInlines.h:
+        (JSC::LocalAllocator::allocate):
+        * heap/MarkedBlock.cpp:
+        (JSC::MarkedBlock::Handle::dumpState):
+        * heap/MarkedSpace.cpp:
+        (JSC::MarkedSpace::MarkedSpace):
+        (JSC::MarkedSpace::sweepBlocks):
+        (JSC::MarkedSpace::prepareForAllocation):
+        (JSC::MarkedSpace::visitWeakSets):
+        (JSC::MarkedSpace::reapWeakSets):
+        (JSC::MarkedSpace::prepareForMarking):
+        (JSC::MarkedSpace::beginMarking):
+        (JSC::MarkedSpace::snapshotUnswept):
+        * heap/MarkedSpace.h:
+        (JSC::MarkedSpace::heap const): Deleted.
+        * heap/MarkedSpaceInlines.h:
+        (JSC::MarkedSpace::heap const):
+        * heap/Subspace.cpp:
+        (JSC::Subspace::initialize):
+        * heap/Subspace.h:
+
 2019-11-13  Robin Morisset  <rmorisset@apple.com>
 

trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj

@@ -1818 +1818 @@
                 E3794E761B77EB97005543AE /* ModuleAnalyzer.h in Headers */ = {isa = PBXBuildFile; fileRef = E3794E741B77EB97005543AE /* ModuleAnalyzer.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 E3850B15226ED641009ABF9C /* DFGMinifiedIDInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = E3850B14226ED63E009ABF9C /* DFGMinifiedIDInlines.h */; };
+                E38652E3237CA0C900E1D5EE /* BlockDirectoryBits.h in Headers */ = {isa = PBXBuildFile; fileRef = E38652E2237CA0C800E1D5EE /* BlockDirectoryBits.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 E3893A1D2203A7C600E79A74 /* AsyncFromSyncIteratorPrototype.lut.h in Headers */ = {isa = PBXBuildFile; fileRef = E3893A1C2203A7C600E79A74 /* AsyncFromSyncIteratorPrototype.lut.h */; };
                 E38D999C221B78BB00D50474 /* JSNonDestructibleProxy.h in Headers */ = {isa = PBXBuildFile; fileRef = E38D999A221B789F00D50474 /* JSNonDestructibleProxy.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -4948 +4949 @@
                 E380D66B1F19249D00A59095 /* BuiltinNames.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = BuiltinNames.cpp; sourceTree = "<group>"; };
                 E3850B14226ED63E009ABF9C /* DFGMinifiedIDInlines.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = DFGMinifiedIDInlines.h; path = dfg/DFGMinifiedIDInlines.h; sourceTree = "<group>"; };
+                E38652E2237CA0C800E1D5EE /* BlockDirectoryBits.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BlockDirectoryBits.h; sourceTree = "<group>"; };
                 E3893A1C2203A7C600E79A74 /* AsyncFromSyncIteratorPrototype.lut.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AsyncFromSyncIteratorPrototype.lut.h; sourceTree = "<group>"; };
                 E38D060B1F8E814100649CF2 /* JSScriptFetchParameters.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSScriptFetchParameters.h; sourceTree = "<group>"; };
@@ -6103 +6105 @@
                                 C2B916C414DA040C00CBAC86 /* BlockDirectory.cpp */,
                                 C2B916C114DA014E00CBAC86 /* BlockDirectory.h */,
+                                E38652E2237CA0C800E1D5EE /* BlockDirectoryBits.h */,
                                 0F7DF1451E2BEF680095951B /* BlockDirectoryInlines.h */,
                                 0F9630351D4192C3005609D9 /* CellAttributes.cpp */,
@@ -9009 +9012 @@
                                 0F64B2721A784BAF006E4E66 /* BinarySwitch.h in Headers */,
                                 C2B916C214DA014E00CBAC86 /* BlockDirectory.h in Headers */,
+                                E38652E3237CA0C900E1D5EE /* BlockDirectoryBits.h in Headers */,
                                 0F7DF1461E2BEF6A0095951B /* BlockDirectoryInlines.h in Headers */,
                                 BC18C3EC0E16F5CD00B34460 /* BooleanObject.h in Headers */,

trunk/Source/JavaScriptCore/heap/AlignedMemoryAllocator.cpp

@@ -41 +41 @@
 }
 
-void AlignedMemoryAllocator::registerDirectory(BlockDirectory* directory)
+void AlignedMemoryAllocator::registerDirectory(Heap& heap, BlockDirectory* directory)
 {
     RELEASE_ASSERT(!directory->nextDirectoryInAlignedMemoryAllocator());
     
     if (m_directories.isEmpty()) {
-        ASSERT(!Thread::mayBeGCThread() || directory->heap()->worldIsStopped());
+        ASSERT_UNUSED(heap, !Thread::mayBeGCThread() || heap.worldIsStopped());
         for (Subspace* subspace = m_subspaces.first(); subspace; subspace = subspace->nextSubspaceInAlignedMemoryAllocator())
             subspace->didCreateFirstDirectory(directory);

trunk/Source/JavaScriptCore/heap/AlignedMemoryAllocator.h

@@ -32 +32 @@
 
 class BlockDirectory;
+class Heap;
 class Subspace;
 
@@ -46 +47 @@
     virtual void dump(PrintStream&) const = 0;
 
-    void registerDirectory(BlockDirectory*);
+    void registerDirectory(Heap&, BlockDirectory*);
     BlockDirectory* firstDirectory() const { return m_directories.first(); }
 

trunk/Source/JavaScriptCore/heap/Allocator.h

@@ -32 +32 @@
 
 class GCDeferralContext;
+class Heap;
 class LocalAllocator;
 
@@ -46 +47 @@
     }
     
-    void* allocate(GCDeferralContext*, AllocationFailureMode) const;
+    void* allocate(Heap&, GCDeferralContext*, AllocationFailureMode) const;
     
     unsigned cellSize() const;

trunk/Source/JavaScriptCore/heap/AllocatorInlines.h

@@ -31 +31 @@
 namespace JSC {
 
-ALWAYS_INLINE void* Allocator::allocate(GCDeferralContext* context, AllocationFailureMode mode) const
+ALWAYS_INLINE void* Allocator::allocate(Heap& heap, GCDeferralContext* context, AllocationFailureMode mode) const
 {
-    return m_localAllocator->allocate(context, mode);
+    return m_localAllocator->allocate(heap, context, mode);
 }
 

trunk/Source/JavaScriptCore/heap/BlockDirectory.cpp

@@ -39 +39 @@
 namespace JSC {
 
-BlockDirectory::BlockDirectory(Heap* heap, size_t cellSize)
+BlockDirectory::BlockDirectory(size_t cellSize)
     : m_cellSize(static_cast<unsigned>(cellSize))
-    , m_heap(heap)
 {
 }
@@ -77 +76 @@
 MarkedBlock::Handle* BlockDirectory::findEmptyBlockToSteal()
 {
-    m_emptyCursor = m_empty.findBit(m_emptyCursor, true);
+    m_emptyCursor = m_bits.empty().findBit(m_emptyCursor, true);
     if (m_emptyCursor >= m_blocks.size())
         return nullptr;
@@ -86 +85 @@
 {
     for (;;) {
-        allocator.m_allocationCursor = (m_canAllocateButNotEmpty | m_empty).findBit(allocator.m_allocationCursor, true);
+        allocator.m_allocationCursor = (m_bits.canAllocateButNotEmpty() | m_bits.empty()).findBit(allocator.m_allocationCursor, true);
         if (allocator.m_allocationCursor >= m_blocks.size())
             return nullptr;
@@ -97 +96 @@
 }
 
-MarkedBlock::Handle* BlockDirectory::tryAllocateBlock()
+MarkedBlock::Handle* BlockDirectory::tryAllocateBlock(Heap& heap)
 {
     SuperSamplerScope superSamplerScope(false);
     
-    MarkedBlock::Handle* handle = MarkedBlock::tryCreate(*m_heap, subspace()->alignedMemoryAllocator());
+    MarkedBlock::Handle* handle = MarkedBlock::tryCreate(heap, subspace()->alignedMemoryAllocator());
     if (!handle)
         return nullptr;
@@ -119 +118 @@
         m_blocks.append(block);
         if (m_blocks.capacity() != oldCapacity) {
-            forEachBitVector(
-                NoLockingNecessary,
-                [&] (FastBitVector& vector) {
-                    ASSERT_UNUSED(vector, vector.numBits() == oldCapacity);
-                });
-            
+            ASSERT(m_bits.numBits() == oldCapacity);
             ASSERT(m_blocks.capacity() > oldCapacity);
             
             LockHolder locker(m_bitvectorLock);
             subspace()->didResizeBits(m_blocks.capacity());
-            forEachBitVector(
-                locker,
-                [&] (FastBitVector& vector) {
-                    vector.resize(m_blocks.capacity());
-                });
+            m_bits.resize(m_blocks.capacity());
         }
     } else {
@@ -143 +133 @@
     forEachBitVector(
         NoLockingNecessary,
-        [&] (FastBitVector& vector) {
-            ASSERT_UNUSED(vector, !vector[index]);
+        [&](auto vectorRef) {
+            ASSERT_UNUSED(vectorRef, !vectorRef[index]);
         });
 
@@ -166 +156 @@
     forEachBitVector(
         holdLock(m_bitvectorLock),
-        [&] (FastBitVector& vector) {
-            vector[block->index()] = false;
+        [&](auto vectorRef) {
+            vectorRef[block->index()] = false;
         });
     
@@ -193 +183 @@
     m_emptyCursor = 0;
     
-    m_eden.clearAll();
+    m_bits.eden().clearAll();
 
     if (UNLIKELY(Options::useImmortalObjects())) {
@@ -238 +228 @@
     // collections, so if you survived the last collection you will survive the next one so long
     // as the next one is eden.
-    m_markingNotEmpty.clearAll();
-    m_markingRetired.clearAll();
+    m_bits.markingNotEmpty().clearAll();
+    m_bits.markingRetired().clearAll();
 }
 
 void BlockDirectory::endMarking()
 {
-    m_allocated.clearAll();
+    m_bits.allocated().clearAll();
     
     // It's surprising and frustrating to comprehend, but the end-of-marking flip does not need to
@@ -250 +240 @@
     // vectors.
     
-    m_empty = m_live & ~m_markingNotEmpty;
-    m_canAllocateButNotEmpty = m_live & m_markingNotEmpty & ~m_markingRetired;
+    m_bits.empty() = m_bits.live() & ~m_bits.markingNotEmpty();
+    m_bits.canAllocateButNotEmpty() = m_bits.live() & m_bits.markingNotEmpty() & ~m_bits.markingRetired();
 
     if (needsDestruction()) {
@@ -259 +249 @@
         // we just allocate a block or when we move a block from one size class to another. That doesn't
         // happen here.
-        m_destructible = m_live;
+        m_bits.destructible() = m_bits.live();
     }
     
@@ -270 +260 @@
 void BlockDirectory::snapshotUnsweptForEdenCollection()
 {
-    m_unswept |= m_eden;
+    m_bits.unswept() |= m_bits.eden();
 }
 
 void BlockDirectory::snapshotUnsweptForFullCollection()
 {
-    m_unswept = m_live;
+    m_bits.unswept() = m_bits.live();
 }
 
 MarkedBlock::Handle* BlockDirectory::findBlockToSweep()
 {
-    m_unsweptCursor = m_unswept.findBit(m_unsweptCursor, true);
+    m_unsweptCursor = m_bits.unswept().findBit(m_unsweptCursor, true);
     if (m_unsweptCursor >= m_blocks.size())
         return nullptr;
@@ -288 +278 @@
 void BlockDirectory::sweep()
 {
-    m_unswept.forEachSetBit(
+    m_bits.unswept().forEachSetBit(
         [&] (size_t index) {
             MarkedBlock::Handle* block = m_blocks[index];
@@ -297 +287 @@
 void BlockDirectory::shrink()
 {
-    (m_empty & ~m_destructible).forEachSetBit(
+    (m_bits.empty() & ~m_bits.destructible()).forEachSetBit(
         [&] (size_t index) {
             markedSpace().freeBlock(m_blocks[index]);
@@ -308 +298 @@
         return;
     
-    if (m_unswept.isEmpty())
+    if (m_bits.unswept().isEmpty())
         return;
     
@@ -330 +320 @@
                 return nullptr;
             auto locker = holdLock(m_lock);
-            m_index = m_directory.m_markingNotEmpty.findBit(m_index, true);
+            m_index = m_directory.m_bits.markingNotEmpty().findBit(m_index, true);
             if (m_index >= m_directory.m_blocks.size()) {
                 m_done = true;
@@ -358 +348 @@
     forEachBitVectorWithName(
         NoLockingNecessary,
-        [&] (FastBitVector&, const char* name) {
+        [&](auto vectorRef, const char* name) {
+            UNUSED_PARAM(vectorRef);
             unsigned length = strlen(name);
             maxNameLength = std::max(maxNameLength, length);
@@ -365 +356 @@
     forEachBitVectorWithName(
         NoLockingNecessary,
-        [&] (FastBitVector& vector, const char* name) {
+        [&](auto vectorRef, const char* name) {
             out.print("    ", name, ": ");
             for (unsigned i = maxNameLength - strlen(name); i--;)
                 out.print(" ");
-            out.print(vector, "\n");
+            out.print(vectorRef, "\n");
         });
 }

trunk/Source/JavaScriptCore/heap/BlockDirectory.h

@@ -27 +27 @@
 
 #include "AllocationFailureMode.h"
+#include "BlockDirectoryBits.h"
 #include "CellAttributes.h"
 #include "FreeList.h"
@@ -45 +46 @@
 class LLIntOffsetsExtractor;
 
-#define FOR_EACH_BLOCK_DIRECTORY_BIT(macro) \
-    macro(live, Live) /* The set of block indices that have actual blocks. */\
-    macro(empty, Empty) /* The set of all blocks that have no live objects. */ \
-    macro(allocated, Allocated) /* The set of all blocks that are full of live objects. */\
-    macro(canAllocateButNotEmpty, CanAllocateButNotEmpty) /* The set of all blocks are neither empty nor retired (i.e. are more than minMarkedBlockUtilization full). */ \
-    macro(destructible, Destructible) /* The set of all blocks that may have destructors to run. */\
-    macro(eden, Eden) /* The set of all blocks that have new objects since the last GC. */\
-    macro(unswept, Unswept) /* The set of all blocks that could be swept by the incremental sweeper. */\
-    \
-    /* These are computed during marking. */\
-    macro(markingNotEmpty, MarkingNotEmpty) /* The set of all blocks that are not empty. */ \
-    macro(markingRetired, MarkingRetired) /* The set of all blocks that are retired. */
-
-// FIXME: We defined canAllocateButNotEmpty and empty to be exclusive:
-//
-//     canAllocateButNotEmpty & empty == 0
-//
-// Instead of calling it canAllocate and making it inclusive:
-//
-//     canAllocate & empty == empty
-//
-// The latter is probably better. I'll leave it to a future bug to fix that, since breathing on
-// this code leads to regressions for days, and it's not clear that making this change would
-// improve perf since it would not change the collector's behavior, and either way the directory
-// has to look at both bitvectors.
-// https://bugs.webkit.org/show_bug.cgi?id=162121
-
 class BlockDirectory {
     WTF_MAKE_NONCOPYABLE(BlockDirectory);
@@ -79 +53 @@
 
 public:
-    BlockDirectory(Heap*, size_t cellSize);
+    BlockDirectory(size_t cellSize);
     ~BlockDirectory();
     void setSubspace(Subspace*);
@@ -99 +73 @@
     DestructionMode destruction() const { return m_attributes.destruction; }
     HeapCell::Kind cellKind() const { return m_attributes.cellKind; }
-    Heap* heap() { return m_heap; }
 
     bool isFreeListedCell(const void* target);
@@ -116 +89 @@
 
 #define BLOCK_DIRECTORY_BIT_ACCESSORS(lowerBitName, capitalBitName)     \
-    bool is ## capitalBitName(const AbstractLocker&, size_t index) const { return m_ ## lowerBitName[index]; } \
+    bool is ## capitalBitName(const AbstractLocker&, size_t index) const { return m_bits.is ## capitalBitName(index); } \
     bool is ## capitalBitName(const AbstractLocker& locker, MarkedBlock::Handle* block) const { return is ## capitalBitName(locker, block->index()); } \
-    void setIs ## capitalBitName(const AbstractLocker&, size_t index, bool value) { m_ ## lowerBitName[index] = value; } \
+    void setIs ## capitalBitName(const AbstractLocker&, size_t index, bool value) { m_bits.setIs ## capitalBitName(index, value); } \
     void setIs ## capitalBitName(const AbstractLocker& locker, MarkedBlock::Handle* block, bool value) { setIs ## capitalBitName(locker, block->index(), value); }
     FOR_EACH_BLOCK_DIRECTORY_BIT(BLOCK_DIRECTORY_BIT_ACCESSORS)
@@ -127 +100 @@
     {
 #define BLOCK_DIRECTORY_BIT_CALLBACK(lowerBitName, capitalBitName) \
-        func(m_ ## lowerBitName);
+        func(m_bits.lowerBitName());
         FOR_EACH_BLOCK_DIRECTORY_BIT(BLOCK_DIRECTORY_BIT_CALLBACK);
 #undef BLOCK_DIRECTORY_BIT_CALLBACK
@@ -136 +109 @@
     {
 #define BLOCK_DIRECTORY_BIT_CALLBACK(lowerBitName, capitalBitName) \
-        func(m_ ## lowerBitName, #capitalBitName);
+        func(m_bits.lowerBitName(), #capitalBitName);
         FOR_EACH_BLOCK_DIRECTORY_BIT(BLOCK_DIRECTORY_BIT_CALLBACK);
 #undef BLOCK_DIRECTORY_BIT_CALLBACK
@@ -167 +140 @@
     MarkedBlock::Handle* findBlockForAllocation(LocalAllocator&);
     
-    MarkedBlock::Handle* tryAllocateBlock();
+    MarkedBlock::Handle* tryAllocateBlock(Heap&);
     
     Vector<MarkedBlock::Handle*> m_blocks;
@@ -174 +147 @@
     // Mutator uses this to guard resizing the bitvectors. Those things in the GC that may run
     // concurrently to the mutator must lock this when accessing the bitvectors.
-#define BLOCK_DIRECTORY_BIT_DECLARATION(lowerBitName, capitalBitName) \
-    FastBitVector m_ ## lowerBitName;
-    FOR_EACH_BLOCK_DIRECTORY_BIT(BLOCK_DIRECTORY_BIT_DECLARATION)
-#undef BLOCK_DIRECTORY_BIT_DECLARATION
+    BlockDirectoryBits m_bits;
     Lock m_bitvectorLock;
     Lock m_localAllocatorsLock;
@@ -191 +161 @@
     // FIXME: All of these should probably be references.
     // https://bugs.webkit.org/show_bug.cgi?id=166988
-    Heap* m_heap { nullptr };
     Subspace* m_subspace { nullptr };
     BlockDirectory* m_nextDirectory { nullptr };

trunk/Source/JavaScriptCore/heap/BlockDirectoryInlines.h

@@ -34 +34 @@
 template <typename Functor> inline void BlockDirectory::forEachBlock(const Functor& functor)
 {
-    m_live.forEachSetBit(
+    m_bits.live().forEachSetBit(
         [&] (size_t index) {
             functor(m_blocks[index]);
@@ -42 +42 @@
 template <typename Functor> inline void BlockDirectory::forEachNotEmptyBlock(const Functor& functor)
 {
-    m_markingNotEmpty.forEachSetBit(
+    m_bits.markingNotEmpty().forEachSetBit(
         [&] (size_t index) {
             functor(m_blocks[index]);

trunk/Source/JavaScriptCore/heap/CompleteSubspace.cpp

@@ -33 +33 @@
 #include "LocalAllocatorInlines.h"
 #include "MarkedBlockInlines.h"
+#include "MarkedSpaceInlines.h"
 #include "PreventCollectionScope.h"
 #include "SubspaceInlines.h"
@@ -80 +81 @@
         dataLog("Creating BlockDirectory/LocalAllocator for ", m_name, ", ", attributes(), ", ", sizeClass, ".\n");
     
-    std::unique_ptr<BlockDirectory> uniqueDirectory = makeUnique<BlockDirectory>(m_space.heap(), sizeClass);
+    std::unique_ptr<BlockDirectory> uniqueDirectory = makeUnique<BlockDirectory>(sizeClass);
     BlockDirectory* directory = uniqueDirectory.get();
     m_directories.append(WTFMove(uniqueDirectory));
@@ -106 +107 @@
     
     directory->setNextDirectoryInSubspace(m_firstDirectory);
-    m_alignedMemoryAllocator->registerDirectory(directory);
+    m_alignedMemoryAllocator->registerDirectory(m_space.heap(), directory);
     WTF::storeStoreFence();
     m_firstDirectory = directory;
@@ -128 +129 @@
     
     if (Allocator allocator = allocatorFor(size, AllocatorForMode::EnsureAllocator))
-        return allocator.allocate(deferralContext, AllocationFailureMode::ReturnNull);
+        return allocator.allocate(vm.heap, deferralContext, AllocationFailureMode::ReturnNull);
     
     if (size <= Options::preciseAllocationCutoff()

trunk/Source/JavaScriptCore/heap/CompleteSubspaceInlines.h

@@ -37 +37 @@
 
     if (Allocator allocator = allocatorForNonVirtual(size, AllocatorForMode::AllocatorIfExists))
-        return allocator.allocate(deferralContext, failureMode);
+        return allocator.allocate(vm.heap, deferralContext, failureMode);
     return allocateSlow(vm, size, deferralContext, failureMode);
 }

trunk/Source/JavaScriptCore/heap/IsoCellSet.cpp

@@ -62 +62 @@
                 return nullptr;
             auto locker = holdLock(m_lock);
-            auto bits = m_directory.m_markingNotEmpty & m_set.m_blocksWithBits;
+            auto bits = m_directory.m_bits.markingNotEmpty() & m_set.m_blocksWithBits;
             m_index = bits.findBit(m_index, true);
             if (m_index >= m_directory.m_blocks.size()) {

trunk/Source/JavaScriptCore/heap/IsoCellSetInlines.h

@@ -71 +71 @@
 {
     BlockDirectory& directory = m_subspace.m_directory;
-    (directory.m_markingNotEmpty & m_blocksWithBits).forEachSetBit(
+    (directory.m_bits.markingNotEmpty() & m_blocksWithBits).forEachSetBit(
         [&] (size_t blockIndex) {
             MarkedBlock::Handle* block = directory.m_blocks[blockIndex];

trunk/Source/JavaScriptCore/heap/IsoSubspace.cpp

@@ -33 +33 @@
 #include "IsoSubspaceInlines.h"
 #include "LocalAllocatorInlines.h"
+#include "MarkedSpaceInlines.h"
 
 namespace JSC {
@@ -38 +39 @@
 IsoSubspace::IsoSubspace(CString name, Heap& heap, HeapCellType* heapCellType, size_t size, uint8_t numberOfLowerTierCells)
     : Subspace(name, heap)
-    , m_size(size)
-    , m_directory(&heap, WTF::roundUpToMultipleOf<MarkedBlock::atomSize>(size))
+    , m_directory(WTF::roundUpToMultipleOf<MarkedBlock::atomSize>(size))
     , m_localAllocator(&m_directory)
     , m_isoAlignedMemoryAllocator(makeUnique<IsoAlignedMemoryAllocator>())
-    , m_remainingLowerTierCellCount(numberOfLowerTierCells)
 {
+    m_remainingLowerTierCellCount = numberOfLowerTierCells;
+    ASSERT(WTF::roundUpToMultipleOf<MarkedBlock::atomSize>(size) == cellSize());
     ASSERT(numberOfLowerTierCells <= MarkedBlock::maxNumberOfLowerTierCells);
     m_isIsoSubspace = true;
@@ -51 +52 @@
     m_directory.setSubspace(this);
     m_space.addBlockDirectory(locker, &m_directory);
-    m_alignedMemoryAllocator->registerDirectory(&m_directory);
+    m_alignedMemoryAllocator->registerDirectory(heap, &m_directory);
     m_firstDirectory = &m_directory;
 }
@@ -112 +113 @@
     }
     if (m_remainingLowerTierCellCount) {
-        size_t size = WTF::roundUpToMultipleOf<MarkedSpace::sizeStep>(m_size);
-        PreciseAllocation* allocation = PreciseAllocation::createForLowerTier(*m_space.heap(), size, this, --m_remainingLowerTierCellCount);
+        PreciseAllocation* allocation = PreciseAllocation::createForLowerTier(m_space.heap(), cellSize(), this, --m_remainingLowerTierCellCount);
         return revive(allocation);
     }

trunk/Source/JavaScriptCore/heap/IsoSubspace.h

@@ -41 +41 @@
     JS_EXPORT_PRIVATE ~IsoSubspace();
 
-    size_t size() const { return m_size; }
+    size_t cellSize() { return m_directory.cellSize(); }
 
     Allocator allocatorFor(size_t, AllocatorForMode) override;
@@ -64 +64 @@
     void didBeginSweepingToFreeList(MarkedBlock::Handle*) override;
     
-    size_t m_size;
     BlockDirectory m_directory;
     LocalAllocator m_localAllocator;
@@ -70 +69 @@
     SentinelLinkedList<PreciseAllocation, PackedRawSentinelNode<PreciseAllocation>> m_lowerTierFreeList;
     SentinelLinkedList<IsoCellSet, PackedRawSentinelNode<IsoCellSet>> m_cellSets;
-    uint8_t m_remainingLowerTierCellCount { 0 };
 };
 
 ALWAYS_INLINE Allocator IsoSubspace::allocatorForNonVirtual(size_t size, AllocatorForMode)
 {
-    RELEASE_ASSERT(size == this->size());
+    RELEASE_ASSERT(WTF::roundUpToMultipleOf<MarkedBlock::atomSize>(size) == cellSize());
     return Allocator(&m_localAllocator);
 }

trunk/Source/JavaScriptCore/heap/IsoSubspaceInlines.h

@@ -28 +28 @@
 namespace JSC {
 
-ALWAYS_INLINE void* IsoSubspace::allocateNonVirtual(VM&, size_t size, GCDeferralContext* deferralContext, AllocationFailureMode failureMode)
+ALWAYS_INLINE void* IsoSubspace::allocateNonVirtual(VM& vm, size_t size, GCDeferralContext* deferralContext, AllocationFailureMode failureMode)
 {
-    RELEASE_ASSERT(size == this->size());
+    RELEASE_ASSERT(WTF::roundUpToMultipleOf<MarkedBlock::atomSize>(size) == cellSize());
     Allocator allocator = allocatorForNonVirtual(size, AllocatorForMode::MustAlreadyHaveAllocator);
-    void* result = allocator.allocate(deferralContext, failureMode);
+    void* result = allocator.allocate(vm.heap, deferralContext, failureMode);
     return result;
 }

trunk/Source/JavaScriptCore/heap/IsoSubspacePerVM.cpp

@@ -42 +42 @@
     {
         auto locker = holdLock(m_perVM.m_lock);
-        m_perVM.m_subspacePerVM.remove(&space().heap()->vm());
+        m_perVM.m_subspacePerVM.remove(&space().heap().vm());
     }
 

trunk/Source/JavaScriptCore/heap/LocalAllocator.cpp

@@ -111 +111 @@
 }
 
-void* LocalAllocator::allocateSlowCase(GCDeferralContext* deferralContext, AllocationFailureMode failureMode)
+void* LocalAllocator::allocateSlowCase(Heap& heap, GCDeferralContext* deferralContext, AllocationFailureMode failureMode)
 {
     SuperSamplerScope superSamplerScope(false);
-    Heap& heap = *m_directory->m_heap;
     ASSERT(heap.vm().currentThreadIsHoldingAPILock());
-    doTestCollectionsIfNeeded(deferralContext);
+    doTestCollectionsIfNeeded(heap, deferralContext);
 
     ASSERT(!m_directory->markedSpace().isIterating());
@@ -130 +129 @@
     // happens when running WebKit tests, which inject a callback into the GC's finalization.
     if (UNLIKELY(m_currentBlock))
-        return allocate(deferralContext, failureMode);
+        return allocate(heap, deferralContext, failureMode);
     
     void* result = tryAllocateWithoutCollecting();
@@ -143 +142 @@
     }
     
-    MarkedBlock::Handle* block = m_directory->tryAllocateBlock();
+    MarkedBlock::Handle* block = m_directory->tryAllocateBlock(heap);
     if (!block) {
         if (failureMode == AllocationFailureMode::Assert)
@@ -250 +249 @@
 }
 
-void LocalAllocator::doTestCollectionsIfNeeded(GCDeferralContext* deferralContext)
+void LocalAllocator::doTestCollectionsIfNeeded(Heap& heap, GCDeferralContext* deferralContext)
 {
     if (!Options::slowPathAllocsBetweenGCs())
@@ -257 +256 @@
     static unsigned allocationCount = 0;
     if (!allocationCount) {
-        if (!m_directory->m_heap->isDeferred()) {
+        if (!heap.isDeferred()) {
             if (deferralContext)
                 deferralContext->m_shouldGC = true;
             else
-                m_directory->m_heap->collectNow(Sync, CollectionScope::Full);
+                heap.collectNow(Sync, CollectionScope::Full);
         }
     }

trunk/Source/JavaScriptCore/heap/LocalAllocator.h

@@ -35 +35 @@
 class BlockDirectory;
 class GCDeferralContext;
+class Heap;
 
 class LocalAllocator : public BasicRawSentinelNode<LocalAllocator> {
@@ -43 +44 @@
     ~LocalAllocator();
     
-    void* allocate(GCDeferralContext*, AllocationFailureMode);
+    void* allocate(Heap&, GCDeferralContext*, AllocationFailureMode);
     
     unsigned cellSize() const { return m_freeList.cellSize(); }
@@ -61 +62 @@
     
     void reset();
-    JS_EXPORT_PRIVATE void* allocateSlowCase(GCDeferralContext*, AllocationFailureMode failureMode);
+    JS_EXPORT_PRIVATE void* allocateSlowCase(Heap&, GCDeferralContext*, AllocationFailureMode);
     void didConsumeFreeList();
     void* tryAllocateWithoutCollecting();
     void* tryAllocateIn(MarkedBlock::Handle*);
     void* allocateIn(MarkedBlock::Handle*);
-    ALWAYS_INLINE void doTestCollectionsIfNeeded(GCDeferralContext*);
+    ALWAYS_INLINE void doTestCollectionsIfNeeded(Heap&, GCDeferralContext*);
 
     BlockDirectory* m_directory;

trunk/Source/JavaScriptCore/heap/LocalAllocatorInlines.h

@@ -31 +31 @@
 namespace JSC {
 
-ALWAYS_INLINE void* LocalAllocator::allocate(GCDeferralContext* deferralContext, AllocationFailureMode failureMode)
+ALWAYS_INLINE void* LocalAllocator::allocate(Heap& heap, GCDeferralContext* deferralContext, AllocationFailureMode failureMode)
 {
     if (validateDFGDoesGC)
-        RELEASE_ASSERT(m_directory->heap()->expectDoesGC());
+        RELEASE_ASSERT(heap.expectDoesGC());
     return m_freeList.allocate(
         [&] () -> HeapCell* {
-            sanitizeStackForVM(m_directory->heap()->vm());
-            return static_cast<HeapCell*>(allocateSlowCase(deferralContext, failureMode));
+            sanitizeStackForVM(heap.vm());
+            return static_cast<HeapCell*>(allocateSlowCase(heap, deferralContext, failureMode));
         });
 }

trunk/Source/JavaScriptCore/heap/MarkedBlock.cpp

@@ -378 +378 @@
     directory()->forEachBitVectorWithName(
         holdLock(directory()->bitvectorLock()),
-        [&] (FastBitVector& bitvector, const char* name) {
-            out.print(comma, name, ":", bitvector[index()] ? "YES" : "no");
+        [&](auto vectorRef, const char* name) {
+            out.print(comma, name, ":", vectorRef[index()] ? "YES" : "no");
         });
 }

trunk/Source/JavaScriptCore/heap/MarkedSpace.cpp

@@ -28 +28 @@
 #include "JSCInlines.h"
 #include "MarkedBlockInlines.h"
+#include "MarkedSpaceInlines.h"
 #include <wtf/ListDump.h>
 
@@ -196 +197 @@
 
 MarkedSpace::MarkedSpace(Heap* heap)
-    : m_heap(heap)
-{
+{
+    ASSERT_UNUSED(heap, heap == &this->heap());
     initializeSizeClassForStepSize();
 }
@@ -235 +236 @@
 void MarkedSpace::sweepBlocks()
 {
-    m_heap->sweeper().stopSweeping();
+    heap().sweeper().stopSweeping();
     forEachDirectory(
         [&] (BlockDirectory& directory) -> IterationStatus {
@@ -271 +272 @@
 void MarkedSpace::prepareForAllocation()
 {
-    ASSERT(!Thread::mayBeGCThread() || m_heap->worldIsStopped());
+    ASSERT(!Thread::mayBeGCThread() || heap().worldIsStopped());
     for (Subspace* subspace : m_subspaces)
         subspace->prepareForAllocation();
@@ -277 +278 @@
     m_activeWeakSets.takeFrom(m_newActiveWeakSets);
     
-    if (m_heap->collectionScope() == CollectionScope::Eden)
+    if (heap().collectionScope() == CollectionScope::Eden)
         m_preciseAllocationsNurseryOffsetForSweep = m_preciseAllocationsNurseryOffset;
     else
@@ -299 +300 @@
     m_newActiveWeakSets.forEach(visit);
     
-    if (m_heap->collectionScope() == CollectionScope::Full)
+    if (heap().collectionScope() == CollectionScope::Full)
         m_activeWeakSets.forEach(visit);
 }
@@ -311 +312 @@
     m_newActiveWeakSets.forEach(visit);
     
-    if (m_heap->collectionScope() == CollectionScope::Full)
+    if (heap().collectionScope() == CollectionScope::Full)
         m_activeWeakSets.forEach(visit);
 }
@@ -357 +358 @@
 void MarkedSpace::prepareForMarking()
 {
-    if (m_heap->collectionScope() == CollectionScope::Eden)
+    if (heap().collectionScope() == CollectionScope::Eden)
         m_preciseAllocationsOffsetForThisCollection = m_preciseAllocationsNurseryOffset;
     else
@@ -417 +418 @@
 void MarkedSpace::beginMarking()
 {
-    if (m_heap->collectionScope() == CollectionScope::Full) {
+    if (heap().collectionScope() == CollectionScope::Full) {
         forEachDirectory(
             [&] (BlockDirectory& directory) -> IterationStatus {
@@ -552 +553 @@
 void MarkedSpace::snapshotUnswept()
 {
-    if (m_heap->collectionScope() == CollectionScope::Eden) {
+    if (heap().collectionScope() == CollectionScope::Eden) {
         forEachDirectory(
             [&] (BlockDirectory& directory) -> IterationStatus {

trunk/Source/JavaScriptCore/heap/MarkedSpace.h

@@ -96 +96 @@
     ~MarkedSpace();
     
-    Heap* heap() const { return m_heap; }
+    Heap& heap() const;
     
     void lastChanceToFinalize(); // Must call stopAllocatingForGood first.
@@ -214 +214 @@
     PreciseAllocation** m_preciseAllocationsForThisCollectionEnd { nullptr };
 
-    Heap* m_heap;
     size_t m_capacity { 0 };
     HeapVersion m_markingVersion { initialVersion };

trunk/Source/JavaScriptCore/heap/MarkedSpaceInlines.h

@@ -30 +30 @@
 
 namespace JSC {
+
+ALWAYS_INLINE Heap& MarkedSpace::heap() const
+{
+    return *bitwise_cast<Heap*>(bitwise_cast<uintptr_t>(this) - OBJECT_OFFSETOF(Heap, m_objectSpace));
+}
 
 template<typename Functor> inline void MarkedSpace::forEachLiveCell(HeapIterationScope&, const Functor& functor)

trunk/Source/JavaScriptCore/heap/Subspace.cpp

@@ -32 +32 @@
 #include "JSCInlines.h"
 #include "MarkedBlockInlines.h"
+#include "MarkedSpaceInlines.h"
 #include "ParallelSourceAdapter.h"
 #include "PreventCollectionScope.h"
@@ -50 +51 @@
     m_directoryForEmptyAllocation = m_alignedMemoryAllocator->firstDirectory();
 
-    Heap& heap = *m_space.heap();
+    Heap& heap = m_space.heap();
     heap.objectSpace().m_subspaces.append(this);
     m_alignedMemoryAllocator->registerSubspace(this);

trunk/Source/JavaScriptCore/heap/Subspace.h

@@ -120 +120 @@
 
     bool m_isIsoSubspace { false };
+protected:
+    uint8_t m_remainingLowerTierCellCount { 0 };
 };
 

trunk/Source/WTF/ChangeLog

@@ +1 @@
+2019-11-14  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] BlockDirectory's bits should be compact
+        https://bugs.webkit.org/show_bug.cgi?id=204149
+
+        Reviewed by Robin Morisset.
+
+        * wtf/FastBitVector.h:
+        (WTF::fastBitVectorArrayLength):
+        (WTF::FastBitVectorImpl::unsafeWords):
+        (WTF::FastBitVectorImpl::unsafeWords const):
+        (WTF::FastBitReference::FastBitReference):
+        (WTF::FastBitReference::operator bool const):
+        (WTF::FastBitReference::operator=):
+        (WTF::FastBitVector::at):
+        (WTF::FastBitVector::operator[]):
+        (WTF::FastBitVector::BitReference::BitReference): Deleted.
+        (WTF::FastBitVector::BitReference::operator bool const): Deleted.
+        (WTF::FastBitVector::BitReference::operator=): Deleted.
+
 2019-11-11  Ross Kirsling  <ross.kirsling@sony.com>
 

trunk/Source/WTF/wtf/FastBitVector.h

@@ -36 +36 @@
 class PrintStream;
 
-inline size_t fastBitVectorArrayLength(size_t numBits) { return (numBits + 31) / 32; }
+inline constexpr size_t fastBitVectorArrayLength(size_t numBits) { return (numBits + 31) / 32; }
 
 class FastBitVectorWordView {
@@ -422 +422 @@
     
     typename Words::ViewType wordView() const { return m_words.view(); }
+
+    Words& unsafeWords() { return m_words; }
+    const Words& unsafeWords() const { return m_words; }
     
 private:
@@ -436 +439 @@
     Words m_words;
 };
+
+class FastBitReference {
+    WTF_MAKE_FAST_ALLOCATED;
+public:
+    FastBitReference() = default;
+
+    FastBitReference(uint32_t* word, uint32_t mask)
+        : m_word(word)
+        , m_mask(mask)
+    {
+    }
+
+    explicit operator bool() const
+    {
+        return !!(*m_word & m_mask);
+    }
+
+    FastBitReference& operator=(bool value)
+    {
+        if (value)
+            *m_word |= m_mask;
+        else
+            *m_word &= ~m_mask;
+        return *this;
+    }
+
+private:
+    uint32_t* m_word { nullptr };
+    uint32_t m_mask { 0 };
+};
+
+
 
 class FastBitVector : public FastBitVectorImpl<FastBitVectorWordOwner> {
@@ -519 +554 @@
     }
     
-    class BitReference {
-    public:
-        BitReference() { }
-        
-        BitReference(uint32_t* word, uint32_t mask)
-            : m_word(word)
-            , m_mask(mask)
-        {
-        }
-        
-        explicit operator bool() const
-        {
-            return !!(*m_word & m_mask);
-        }
-        
-        BitReference& operator=(bool value)
-        {
-            if (value)
-                *m_word |= m_mask;
-            else
-                *m_word &= ~m_mask;
-            return *this;
-        }
-        
-    private:
-        uint32_t* m_word { nullptr };
-        uint32_t m_mask { 0 };
-    };
-    
-    BitReference at(size_t index)
+    FastBitReference at(size_t index)
     {
         ASSERT_WITH_SECURITY_IMPLICATION(index < numBits());
-        return BitReference(&m_words.word(index >> 5), 1 << (index & 31));
-    }
-    
-    BitReference operator[](size_t index)
+        return FastBitReference(&m_words.word(index >> 5), 1 << (index & 31));
+    }
+    
+    FastBitReference operator[](size_t index)
     {
         return at(index);