Changeset 252875 in webkit
- Timestamp:
- Nov 25, 2019 11:02:45 PM (4 years ago)
- Location:
- trunk/Source
- Files:
-
- 13 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/API/ObjCCallbackFunction.h
r240965 r252875 56 56 57 57 static ObjCCallbackFunction* create(VM&, JSGlobalObject*, const String& name, std::unique_ptr<ObjCCallbackFunctionImpl>); 58 static constexpr bool needsDestruction = true; 58 59 static void destroy(JSCell*); 59 60 -
trunk/Source/JavaScriptCore/API/glib/JSCCallbackFunction.cpp
r251425 r252875 30 30 #include "APICallbackFunction.h" 31 31 #include "APICast.h" 32 #include "IsoSubspacePerVM.h"33 32 #include "JSCClassPrivate.h" 34 33 #include "JSCContextPrivate.h" … … 224 223 } 225 224 226 IsoSubspace* JSCCallbackFunction::subspaceForImpl(VM& vm)227 {228 NeverDestroyed<IsoSubspacePerVM> perVM([] (VM& vm) -> IsoSubspacePerVM::SubspaceParameters { return ISO_SUBSPACE_PARAMETERS(vm.destructibleObjectHeapCellType.get(), JSCCallbackFunction); });229 return &perVM.get().forVM(vm);230 }231 232 225 } // namespace JSC -
trunk/Source/JavaScriptCore/API/glib/JSCCallbackFunction.h
r240965 r252875 36 36 namespace JSC { 37 37 38 class JSCCallbackFunction : public InternalFunction {38 class JSCCallbackFunction final : public InternalFunction { 39 39 friend struct APICallbackFunction; 40 40 public: 41 41 typedef InternalFunction Base; 42 42 43 template<typename CellType, SubspaceAccess >43 template<typename CellType, SubspaceAccess mode> 44 44 static IsoSubspace* subspaceFor(VM& vm) 45 45 { 46 return subspaceForImpl(vm);46 return vm.jscCallbackFunctionSpace<mode>(); 47 47 } 48 48 … … 54 54 55 55 static JSCCallbackFunction* create(VM&, JSGlobalObject*, const String& name, Type, JSCClass*, GRefPtr<GClosure>&&, GType, Optional<Vector<GType>>&&); 56 static constexpr bool needsDestruction = true; 56 57 static void destroy(JSCell*); 57 58 … … 68 69 69 70 private: 70 static IsoSubspace* subspaceForImpl(VM&);71 72 71 JSCCallbackFunction(VM&, Structure*, Type, JSCClass*, GRefPtr<GClosure>&&, GType, Optional<Vector<GType>>&&); 73 72 -
trunk/Source/JavaScriptCore/ChangeLog
r252871 r252875 1 2019-11-25 Yusuke Suzuki <ysuzuki@apple.com> 2 3 [JSC] InternalFunction should be non-destructible 4 https://bugs.webkit.org/show_bug.cgi?id=204556 5 6 Reviewed by Mark Lam. 7 8 InternalFunction and most of its subclasses should be non-destructible since they can be trivially 9 destructed and don't use a destroy function. For the few subclasses that do need a destroy function, 10 these should have different IsoSubspaces of their own. For each of these subclasses, we annotate 11 needsDestruction = true, define a specific HeapCellType for them, and pass the HeapCellType to their 12 IsoSubspace so that their destructors can be invoked. 13 14 * API/ObjCCallbackFunction.h: 15 * API/glib/JSCCallbackFunction.cpp: 16 (JSC::JSCCallbackFunction::subspaceForImpl): Deleted. 17 * API/glib/JSCCallbackFunction.h: 18 (JSC::JSCCallbackFunction::subspaceFor): Deleted. 19 (JSC::JSCCallbackFunction::createStructure): Deleted. 20 (JSC::JSCCallbackFunction::functionCallback): Deleted. 21 (JSC::JSCCallbackFunction::constructCallback): Deleted. 22 * dfg/DFGByteCodeParser.cpp: 23 (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor): 24 (JSC::DFG::ByteCodeParser::handleConstantInternalFunction): 25 * runtime/InternalFunction.cpp: 26 (JSC::InternalFunction::InternalFunction): 27 * runtime/InternalFunction.h: 28 * runtime/VM.cpp: 29 (JSC::VM::VM): 30 * runtime/VM.h: 31 1 32 2019-11-25 Saam Barati <sbarati@apple.com> 2 33 -
trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
r252825 r252875 3749 3749 return false; 3750 3750 3751 if (function->classInfo( ) != constructorClassInfoForType(type))3751 if (function->classInfo(*m_vm) != constructorClassInfoForType(type)) 3752 3752 return false; 3753 3753 … … 3819 3819 } 3820 3820 3821 if (function->classInfo( ) == ArrayConstructor::info()) {3821 if (function->classInfo(*m_vm) == ArrayConstructor::info()) { 3822 3822 if (function->globalObject() != m_inlineStackTop->m_codeBlock->globalObject()) 3823 3823 return false; … … 3837 3837 } 3838 3838 3839 if (function->classInfo( ) == NumberConstructor::info()) {3839 if (function->classInfo(*m_vm) == NumberConstructor::info()) { 3840 3840 if (kind == CodeForConstruct) 3841 3841 return false; … … 3850 3850 } 3851 3851 3852 if (function->classInfo( ) == StringConstructor::info()) {3852 if (function->classInfo(*m_vm) == StringConstructor::info()) { 3853 3853 insertChecks(); 3854 3854 … … 3867 3867 } 3868 3868 3869 if (function->classInfo( ) == SymbolConstructor::info() && kind == CodeForCall) {3869 if (function->classInfo(*m_vm) == SymbolConstructor::info() && kind == CodeForCall) { 3870 3870 insertChecks(); 3871 3871 … … 3882 3882 3883 3883 // FIXME: This should handle construction as well. https://bugs.webkit.org/show_bug.cgi?id=155591 3884 if (function->classInfo( ) == ObjectConstructor::info() && kind == CodeForCall) {3884 if (function->classInfo(*m_vm) == ObjectConstructor::info() && kind == CodeForCall) { 3885 3885 insertChecks(); 3886 3886 -
trunk/Source/JavaScriptCore/runtime/InternalFunction.cpp
r252520 r252875 36 36 37 37 InternalFunction::InternalFunction(VM& vm, Structure* structure, NativeFunction functionForCall, NativeFunction functionForConstruct) 38 : JSDestructibleObject(vm, structure)38 : Base(vm, structure) 39 39 , m_functionForCall(functionForCall) 40 40 , m_functionForConstruct(functionForConstruct ? functionForConstruct : callHostFunctionAsConstructor) -
trunk/Source/JavaScriptCore/runtime/InternalFunction.h
r252520 r252875 31 31 class FunctionPrototype; 32 32 33 class InternalFunction : public JS DestructibleObject {33 class InternalFunction : public JSNonFinalObject { 34 34 friend class JIT; 35 35 friend class LLIntOffsetsExtractor; 36 36 public: 37 typedef JSDestructibleObject Base;37 using Base = JSNonFinalObject; 38 38 static constexpr unsigned StructureFlags = Base::StructureFlags | ImplementsHasInstance | ImplementsDefaultHasInstance | OverridesGetCallData; 39 39 -
trunk/Source/JavaScriptCore/runtime/VM.cpp
r252843 r252875 173 173 #endif 174 174 175 #ifdef JSC_GLIB_API_ENABLED 176 #include "JSCCallbackFunction.h" 177 #endif 178 175 179 namespace JSC { 176 180 … … 266 270 , weakSetHeapCellType(makeUnique<IsoHeapCellType<JSWeakSet>>()) 267 271 , destructibleObjectHeapCellType(makeUnique<JSDestructibleObjectHeapCellType>()) 272 #if JSC_OBJC_API_ENABLED 273 , objCCallbackFunctionHeapCellType(makeUnique<IsoHeapCellType<ObjCCallbackFunction>>()) 274 #endif 275 #ifdef JSC_GLIB_API_ENABLED 276 , jscCallbackFunctionHeapCellType(makeUnique<IsoHeapCellType<JSCCallbackFunction>>()) 277 #endif 268 278 #if ENABLE(WEBASSEMBLY) 269 279 , webAssemblyCodeBlockHeapCellType(makeUnique<IsoHeapCellType<JSWebAssemblyCodeBlock>>()) … … 281 291 , functionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSFunction) // Hash:0x800fca72 282 292 , getterSetterSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), GetterSetter) 283 , internalFunctionSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), InternalFunction) // Hash:0xf845c464293 , internalFunctionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), InternalFunction) // Hash:0xf845c464 284 294 , nativeExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), NativeExecutable) // Hash:0x67567f95 285 295 , propertyTableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), PropertyTable) // Hash:0xc6bc9f12 … … 1296 1306 1297 1307 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(boundFunctionSpace, cellHeapCellType.get(), JSBoundFunction) // Hash:0xd7916d41 1298 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(callbackFunctionSpace, destructibleObjectHeapCellType.get(), JSCallbackFunction) // Hash:0xe7648ebc1308 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(callbackFunctionSpace, cellHeapCellType.get(), JSCallbackFunction) // Hash:0xe7648ebc 1299 1309 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(customGetterSetterFunctionSpace, cellHeapCellType.get(), JSCustomGetterSetterFunction) // Hash:0x18091000 1300 1310 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(errorInstanceSpace, destructibleObjectHeapCellType.get(), ErrorInstance) // Hash:0x3f40d4a … … 1302 1312 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(nativeStdFunctionSpace, cellHeapCellType.get(), JSNativeStdFunction) // Hash:0x70ed61e4 1303 1313 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(proxyObjectSpace, cellHeapCellType.get(), ProxyObject) 1304 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(proxyRevokeSpace, destructibleObjectHeapCellType.get(), ProxyRevoke) // Hash:0xb506a9391314 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(proxyRevokeSpace, cellHeapCellType.get(), ProxyRevoke) // Hash:0xb506a939 1305 1315 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(symbolSpace, destructibleCellHeapCellType.get(), Symbol) 1306 1316 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(unlinkedEvalCodeBlockSpace, destructibleCellHeapCellType.get(), UnlinkedEvalCodeBlock) … … 1312 1322 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(weakObjectRefSpace, cellHeapCellType.get(), JSWeakObjectRef) // Hash:0x8ec68f1f 1313 1323 #if JSC_OBJC_API_ENABLED 1314 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(objCCallbackFunctionSpace, destructibleObjectHeapCellType.get(), ObjCCallbackFunction) // Hash:0x10f610b8 1324 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(objCCallbackFunctionSpace, objCCallbackFunctionHeapCellType.get(), ObjCCallbackFunction) // Hash:0x10f610b8 1325 #endif 1326 #ifdef JSC_GLIB_API_ENABLED 1327 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(jscCallbackFunctionSpace, jscCallbackFunctionHeapCellType.get(), JSCCallbackFunction) 1315 1328 #endif 1316 1329 #if ENABLE(WEBASSEMBLY) -
trunk/Source/JavaScriptCore/runtime/VM.h
r252843 r252875 121 121 class Identifier; 122 122 class Interpreter; 123 class JSCCallbackFunction; 123 124 class JSCustomGetterSetterFunction; 124 125 class JSDestructibleObjectHeapCellType; … … 134 135 class LLIntOffsetsExtractor; 135 136 class NativeExecutable; 137 class ObjCCallbackFunction; 136 138 class PromiseTimer; 137 139 class RegExp; … … 347 349 std::unique_ptr<IsoHeapCellType<JSWeakSet>> weakSetHeapCellType; 348 350 std::unique_ptr<JSDestructibleObjectHeapCellType> destructibleObjectHeapCellType; 351 #if JSC_OBJC_API_ENABLED 352 std::unique_ptr<IsoHeapCellType<ObjCCallbackFunction>> objCCallbackFunctionHeapCellType; 353 #endif 354 #ifdef JSC_GLIB_API_ENABLED 355 std::unique_ptr<IsoHeapCellType<JSCCallbackFunction>> jscCallbackFunctionHeapCellType; 356 #endif 349 357 #if ENABLE(WEBASSEMBLY) 350 358 std::unique_ptr<IsoHeapCellType<JSWebAssemblyCodeBlock>> webAssemblyCodeBlockHeapCellType; … … 411 419 #if JSC_OBJC_API_ENABLED 412 420 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(objCCallbackFunctionSpace) 421 #endif 422 #ifdef JSC_GLIB_API_ENABLED 423 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(jscCallbackFunctionSpace) 413 424 #endif 414 425 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(boundFunctionSpace) -
trunk/Source/WebCore/ChangeLog
r252873 r252875 1 2019-11-25 Yusuke Suzuki <ysuzuki@apple.com> 2 3 [JSC] InternalFunction should be non-destructible 4 https://bugs.webkit.org/show_bug.cgi?id=204556 5 6 Reviewed by Mark Lam. 7 8 * bindings/js/WebCoreJSClientData.cpp: 9 (WebCore::JSVMClientData::JSVMClientData): 10 1 11 2019-11-25 Fujii Hironori <Hironori.Fujii@sony.com> 2 12 -
trunk/Source/WebCore/bindings/js/WebCoreJSClientData.cpp
r249175 r252875 44 44 : m_builtinFunctions(vm) 45 45 , m_builtinNames(vm) 46 , m_runtimeMethodSpace ISO_SUBSPACE_INIT(vm.heap, vm. destructibleObjectHeapCellType.get(), RuntimeMethod) // Hash:0xf70c4a8546 , m_runtimeMethodSpace ISO_SUBSPACE_INIT(vm.heap, vm.cellHeapCellType.get(), RuntimeMethod) // Hash:0xf70c4a85 47 47 , m_outputConstraintSpace("WebCore Wrapper w/ Output Constraint", vm.heap, vm.destructibleObjectHeapCellType.get(), vm.fastMallocAllocator.get()) // Hash:0x7724c2e4 48 48 , m_globalObjectOutputConstraintSpace("WebCore Global Object w/ Output Constraint", vm.heap, vm.cellHeapCellType.get(), vm.fastMallocAllocator.get()) // Hash:0x522d6ec9 -
trunk/Source/WebKit/ChangeLog
r252874 r252875 1 2019-11-25 Yusuke Suzuki <ysuzuki@apple.com> 2 3 [JSC] InternalFunction should be non-destructible 4 https://bugs.webkit.org/show_bug.cgi?id=204556 5 6 Reviewed by Mark Lam. 7 8 * WebProcess/Plugins/Netscape/JSNPMethod.cpp: 9 (WebKit::JSNPMethod::subspaceForImpl): 10 1 11 2019-11-25 Wenson Hsieh <wenson_hsieh@apple.com> 2 12 -
trunk/Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.cpp
r251425 r252875 63 63 IsoSubspace* JSNPMethod::subspaceForImpl(VM& vm) 64 64 { 65 static NeverDestroyed<IsoSubspacePerVM> perVM([] (VM& vm) { return ISO_SUBSPACE_PARAMETERS(vm. destructibleObjectHeapCellType.get(), JSNPMethod); });65 static NeverDestroyed<IsoSubspacePerVM> perVM([] (VM& vm) { return ISO_SUBSPACE_PARAMETERS(vm.cellHeapCellType.get(), JSNPMethod); }); 66 66 return &perVM.get().forVM(vm); 67 67 }
Note: See TracChangeset
for help on using the changeset viewer.