Changeset 52948 in webkit
- Timestamp:
- Jan 7, 2010 2:07:36 PM (14 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
-
JavaScriptCore/ChangeLog (modified) (1 diff)
-
JavaScriptCore/runtime/Structure.cpp (modified) (12 diffs)
-
JavaScriptCore/runtime/Structure.h (modified) (4 diffs)
-
WebCore/ChangeLog (modified) (1 diff)
-
WebCore/bindings/js/JSDOMWindowBase.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/JavaScriptCore/ChangeLog
r52924 r52948 1 2010-01-07 Geoffrey Garen <ggaren@apple.com> 2 3 Reviewed by Sam Weinig. 4 5 Safari memory usage skyrockets using new Google AdWords interface 6 https://bugs.webkit.org/show_bug.cgi?id=33343 7 8 The memory use was caused by the global object creating too many structures 9 as it thrashed between different specific functions. 10 11 * runtime/Structure.cpp: 12 (JSC::Structure::Structure): 13 (JSC::Structure::addPropertyTransition): 14 (JSC::Structure::changePrototypeTransition): 15 (JSC::Structure::despecifyFunctionTransition): 16 (JSC::Structure::addAnonymousSlotsTransition): 17 (JSC::Structure::getterSetterTransition): 18 (JSC::Structure::toDictionaryTransition): 19 (JSC::Structure::addPropertyWithoutTransition): 20 (JSC::Structure::despecifyAllFunctions): 21 * runtime/Structure.h: 22 (JSC::Structure::disableSpecificFunctionTracking): Track a thrash count 23 for specific functions. Disable specific function tracking once the 24 thrash count has been hit. 25 1 26 2010-01-07 Csaba Osztrogonác <ossy@webkit.org> 2 27 -
trunk/JavaScriptCore/runtime/Structure.cpp
r51875 r52948 135 135 , m_hasGetterSetterProperties(false) 136 136 , m_attributesInPrevious(0) 137 , m_specificFunctionThrashCount(0) 137 138 { 138 139 ASSERT(m_prototype); … … 359 360 ASSERT(structure->typeInfo().type() == ObjectType); 360 361 ASSERT(!Structure::addPropertyTransitionToExistingStructure(structure, propertyName, attributes, specificValue, offset)); 362 363 if (structure->m_specificFunctionThrashCount == maxSpecificFunctionThrashCount) 364 specificValue = 0; 361 365 362 366 if (structure->transitionCount() > s_maxTransitionLength) { … … 379 383 transition->m_hasGetterSetterProperties = structure->m_hasGetterSetterProperties; 380 384 transition->m_hasNonEnumerableProperties = structure->m_hasNonEnumerableProperties; 385 transition->m_specificFunctionThrashCount = structure->m_specificFunctionThrashCount; 381 386 382 387 if (structure->m_propertyTable) { … … 422 427 transition->m_hasGetterSetterProperties = structure->m_hasGetterSetterProperties; 423 428 transition->m_hasNonEnumerableProperties = structure->m_hasNonEnumerableProperties; 429 transition->m_specificFunctionThrashCount = structure->m_specificFunctionThrashCount; 424 430 425 431 // Don't set m_offset, as one can not transition to this. … … 434 440 PassRefPtr<Structure> Structure::despecifyFunctionTransition(Structure* structure, const Identifier& replaceFunction) 435 441 { 442 ASSERT(structure->m_specificFunctionThrashCount < maxSpecificFunctionThrashCount); 436 443 RefPtr<Structure> transition = create(structure->storedPrototype(), structure->typeInfo()); 437 444 … … 439 446 transition->m_hasGetterSetterProperties = structure->m_hasGetterSetterProperties; 440 447 transition->m_hasNonEnumerableProperties = structure->m_hasNonEnumerableProperties; 448 transition->m_specificFunctionThrashCount = structure->m_specificFunctionThrashCount + 1; 441 449 442 450 // Don't set m_offset, as one can not transition to this. … … 446 454 transition->m_isPinnedPropertyTable = true; 447 455 448 bool removed = transition->despecifyFunction(replaceFunction); 449 ASSERT_UNUSED(removed, removed); 456 if (transition->m_specificFunctionThrashCount == maxSpecificFunctionThrashCount) 457 transition->despecifyAllFunctions(); 458 else { 459 bool removed = transition->despecifyFunction(replaceFunction); 460 ASSERT_UNUSED(removed, removed); 461 } 450 462 451 463 return transition.release(); … … 471 483 transition->m_hasGetterSetterProperties = structure->m_hasGetterSetterProperties; 472 484 transition->m_hasNonEnumerableProperties = structure->m_hasNonEnumerableProperties; 485 transition->m_specificFunctionThrashCount = structure->m_specificFunctionThrashCount; 473 486 474 487 if (structure->m_propertyTable) { … … 500 513 transition->m_hasGetterSetterProperties = transition->m_hasGetterSetterProperties; 501 514 transition->m_hasNonEnumerableProperties = structure->m_hasNonEnumerableProperties; 515 transition->m_specificFunctionThrashCount = structure->m_specificFunctionThrashCount; 502 516 503 517 // Don't set m_offset, as one can not transition to this. … … 519 533 transition->m_hasGetterSetterProperties = structure->m_hasGetterSetterProperties; 520 534 transition->m_hasNonEnumerableProperties = structure->m_hasNonEnumerableProperties; 535 transition->m_specificFunctionThrashCount = structure->m_specificFunctionThrashCount; 521 536 522 537 structure->materializePropertyMapIfNecessary(); … … 583 598 { 584 599 ASSERT(!m_enumerationCache); 600 601 if (m_specificFunctionThrashCount == maxSpecificFunctionThrashCount) 602 specificValue = 0; 603 585 604 materializePropertyMapIfNecessary(); 586 605 … … 758 777 } 759 778 } 779 } 780 781 void Structure::despecifyAllFunctions() 782 { 783 materializePropertyMapIfNecessary(); 784 if (!m_propertyTable) 785 return; 786 787 unsigned entryCount = m_propertyTable->keyCount + m_propertyTable->deletedSentinelCount; 788 for (unsigned i = 1; i <= entryCount; ++i) 789 m_propertyTable->entries()[i].specificValue = 0; 760 790 } 761 791 -
trunk/JavaScriptCore/runtime/Structure.h
r51955 r52948 127 127 bool isEmpty() const { return m_propertyTable ? !m_propertyTable->keyCount : m_offset == noOffset; } 128 128 129 JSCell* specificValue() { return m_specificValueInPrevious; }130 129 void despecifyDictionaryFunction(const Identifier& propertyName); 130 void disableSpecificFunctionTracking() { m_specificFunctionThrashCount = maxSpecificFunctionThrashCount; } 131 131 132 132 void setEnumerationCache(JSPropertyNameIterator* enumerationCache); // Defined in JSPropertyNameIterator.h. 133 133 JSPropertyNameIterator* enumerationCache() { return m_enumerationCache.get(); } 134 134 void getEnumerablePropertyNames(PropertyNameArray&); 135 135 136 136 private: 137 137 Structure(JSValue prototype, const TypeInfo&); … … 157 157 158 158 bool despecifyFunction(const Identifier&); 159 void despecifyAllFunctions(); 159 160 160 161 PropertyMapHashTable* copyPropertyTable(); … … 180 181 181 182 static const signed char noOffset = -1; 183 184 static const unsigned maxSpecificFunctionThrashCount = 3; 182 185 183 186 TypeInfo m_typeInfo; … … 212 215 #endif 213 216 unsigned m_anonymousSlotsInPrevious : 6; 217 unsigned m_specificFunctionThrashCount : 2; 218 // 4 free bits 214 219 }; 215 220 -
trunk/WebCore/ChangeLog
r52947 r52948 1 2010-01-07 Geoffrey Garen <ggaren@apple.com> 2 3 Reviewed by Sam Weinig. 4 5 Safari memory usage skyrockets using new Google AdWords interface 6 https://bugs.webkit.org/show_bug.cgi?id=33343 7 8 * bindings/js/JSDOMWindowBase.cpp: 9 (WebCore::JSDOMWindowBase::JSDOMWindowBase): Disabled specific function 10 tracking for the window object, since there's no way to do direct 11 method calls on the window object; they all go through the window shell. 12 1 13 2010-01-07 Simon Fraser <simon.fraser@apple.com> 2 14 -
trunk/WebCore/bindings/js/JSDOMWindowBase.cpp
r52314 r52948 54 54 : JSDOMGlobalObject(structure, new JSDOMWindowBaseData(window, shell), shell) 55 55 { 56 structure()->disableSpecificFunctionTracking(); 57 56 58 GlobalPropertyInfo staticGlobals[] = { 57 59 GlobalPropertyInfo(Identifier(globalExec(), "document"), jsNull(), DontDelete | ReadOnly),
Note: See TracChangeset
for help on using the changeset viewer.
