WebKit Bugzilla
Attachment 360522 Details for
Bug 193993
: [JSC] Shrink size of VM by lazily allocating IsoSubspaces for non-common types
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-193993-20190129163407.patch (text/plain), 83.89 KB, created by
Yusuke Suzuki
on 2019-01-29 16:34:08 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Yusuke Suzuki
Created:
2019-01-29 16:34:08 PST
Size:
83.89 KB
patch
obsolete
>Subversion Revision: 240680 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index a9f4332315cbb3821e7cf263e482738bd974a22d..24bc67cb82ae4262231ae15bd0ba4f8cf630022d 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,147 @@ >+2019-01-29 Yusuke Suzuki <ysuzuki@apple.com> >+ >+ [JSC] Shrink size of VM by lazily allocating IsoSubspaces for non-common types >+ https://bugs.webkit.org/show_bug.cgi?id=193993 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ JSC::VM has a lot of IsoSubspaces, and each takes 504B. This unnecessarily makes VM so large. >+ And some of them are rarely used. We should allocate it lazily. >+ >+ In this patch, we make some `IsoSubspaces` `std::unique_ptr<IsoSubspace>`. And we add ensureXXXSpace >+ functions which allocate IsoSubspaces lazily. This function is used by subspaceFor<> in each class. >+ And we also add subspaceForConcurrently<> function, which is called from concurrent JIT tiers. This >+ returns nullptr if the subspace is not allocated yet. JSCell::subspaceFor now takes second template >+ parameter which tells the function whether subspaceFor is concurrently done. If the IsoSubspace is >+ lazily created, we may return nullptr for the concurrent access. We ensure the space's initialization >+ by using WTF::storeStoreFence when lazily allocating it. >+ >+ In GC's constraint solving, we may touch these lazily allocated spaces. At that time, we check the >+ existence of the space before touching this. This is not racy because the main thread is stopped when >+ the constraint solving is working. >+ >+ This changes sizeof(VM) from 72664 to 61840, which is nice since VM now fits in 64KB. >+ >+ * API/JSCallbackFunction.h: >+ * API/ObjCCallbackFunction.h: >+ (JSC::ObjCCallbackFunction::subspaceFor): >+ * API/glib/JSCCallbackFunction.h: >+ * bytecode/CodeBlock.h: >+ * bytecode/EvalCodeBlock.h: >+ * bytecode/ExecutableToCodeBlockEdge.h: >+ * bytecode/FunctionCodeBlock.h: >+ * bytecode/ModuleProgramCodeBlock.h: >+ * bytecode/ProgramCodeBlock.h: >+ * bytecode/UnlinkedFunctionExecutable.h: >+ * dfg/DFGSpeculativeJIT.cpp: >+ (JSC::DFG::SpeculativeJIT::emitAllocateRawObject): >+ (JSC::DFG::SpeculativeJIT::compileMakeRope): >+ (JSC::DFG::SpeculativeJIT::compileNewObject): >+ * ftl/FTLLowerDFGToB3.cpp: >+ (JSC::FTL::DFG::LowerDFGToB3::compileMakeRope): >+ (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject): >+ (JSC::FTL::DFG::LowerDFGToB3::allocateObject): >+ (JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedObject): >+ (JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedCell): >+ * heap/Heap.cpp: >+ (JSC::Heap::finalizeUnconditionalFinalizers): >+ (JSC::Heap::deleteAllCodeBlocks): >+ (JSC::Heap::addCoreConstraints): >+ * jit/AssemblyHelpers.h: >+ (JSC::AssemblyHelpers::emitAllocateJSObjectWithKnownSize): >+ (JSC::AssemblyHelpers::emitAllocateVariableSizedCell): >+ * jit/JITOpcodes.cpp: >+ (JSC::JIT::emit_op_new_object): >+ * jit/JITOpcodes32_64.cpp: >+ (JSC::JIT::emit_op_new_object): >+ * runtime/DirectArguments.h: >+ * runtime/DirectEvalExecutable.h: >+ * runtime/ErrorInstance.h: >+ (JSC::ErrorInstance::subspaceFor): >+ * runtime/ExecutableBase.h: >+ * runtime/FunctionExecutable.h: >+ * runtime/IndirectEvalExecutable.h: >+ * runtime/InferredValue.h: >+ * runtime/InternalFunction.h: >+ * runtime/JSAsyncFunction.h: >+ * runtime/JSAsyncGeneratorFunction.h: >+ * runtime/JSBoundFunction.h: >+ * runtime/JSCell.h: >+ (JSC::subspaceFor): >+ (JSC::subspaceForConcurrently): >+ * runtime/JSCellInlines.h: >+ * runtime/JSCustomGetterSetterFunction.h: >+ * runtime/JSDestructibleObject.h: >+ * runtime/JSFunction.h: >+ * runtime/JSGeneratorFunction.h: >+ * runtime/JSImmutableButterfly.h: >+ * runtime/JSLexicalEnvironment.h: >+ (JSC::JSLexicalEnvironment::subspaceFor): >+ * runtime/JSNativeStdFunction.h: >+ * runtime/JSObject.h: >+ * runtime/JSSegmentedVariableObject.h: >+ * runtime/JSString.h: >+ * runtime/ModuleProgramExecutable.h: >+ * runtime/NativeExecutable.h: >+ * runtime/ProgramExecutable.h: >+ * runtime/PropertyMapHashTable.h: >+ * runtime/ProxyRevoke.h: >+ * runtime/ScopedArguments.h: >+ * runtime/Structure.h: >+ * runtime/StructureRareData.h: >+ * runtime/Symbol.h: >+ * runtime/VM.cpp: >+ (JSC::VM::VM): >+ (JSC::VM::ensureAsyncFunctionSpaceSlow): >+ (JSC::VM::ensureAsyncGeneratorFunctionSpaceSlow): >+ (JSC::VM::ensureBoundFunctionSpaceSlow): >+ (JSC::VM::ensureCallbackFunctionSpaceSlow): >+ (JSC::VM::ensureCustomGetterSetterFunctionSpaceSlow): >+ (JSC::VM::ensureErrorInstanceSpaceSlow): >+ (JSC::VM::ensureGeneratorFunctionSpaceSlow): >+ (JSC::VM::ensureNativeStdFunctionSpaceSlow): >+ (JSC::VM::ensureProxyRevokeSpaceSlow): >+ (JSC::VM::ensureWeakMapSpaceSlow): >+ (JSC::VM::ensureWeakSetSpaceSlow): >+ (JSC::VM::ensureObjCCallbackFunctionSpaceSlow): >+ (JSC::VM::ensureWebAssemblyCodeBlockSpaceSlow): >+ (JSC::VM::ensureWebAssemblyFunctionSpaceSlow): >+ (JSC::VM::ensureWebAssemblyWrapperFunctionSpaceSlow): >+ (JSC::VM::ensureEvalCodeBlockSpaceSlow): >+ (JSC::VM::ensureModuleProgramCodeBlockSpaceSlow): >+ (JSC::VM::ensureDirectEvalExecutableSpaceSlow): >+ (JSC::VM::ensureIndirectEvalExecutableSpaceSlow): >+ (JSC::VM::ensureModuleProgramExecutableSpaceSlow): >+ * runtime/VM.h: >+ (JSC::VM::ensureEvalCodeBlockSpace): >+ (JSC::VM::ensureModuleProgramCodeBlockSpace): >+ (JSC::VM::forEachCodeBlockSpace): >+ (JSC::VM::ensureDirectEvalExecutableSpace): >+ (JSC::VM::ensureIndirectEvalExecutableSpace): >+ (JSC::VM::ensureModuleProgramExecutableSpace): >+ (JSC::VM::forEachScriptExecutableSpace): >+ (JSC::VM::ensureAsyncFunctionSpace): >+ (JSC::VM::ensureAsyncGeneratorFunctionSpace): >+ (JSC::VM::ensureBoundFunctionSpace): >+ (JSC::VM::ensureCallbackFunctionSpace): >+ (JSC::VM::ensureCustomGetterSetterFunctionSpace): >+ (JSC::VM::ensureErrorInstanceSpace): >+ (JSC::VM::ensureGeneratorFunctionSpace): >+ (JSC::VM::ensureNativeStdFunctionSpace): >+ (JSC::VM::ensureProxyRevokeSpace): >+ (JSC::VM::ensureWeakMapSpace): >+ (JSC::VM::ensureWeakSetSpace): >+ (JSC::VM::ensureObjCCallbackFunctionSpace): >+ (JSC::VM::ensureWebAssemblyCodeBlockSpace): >+ (JSC::VM::ensureWebAssemblyFunctionSpace): >+ (JSC::VM::ensureWebAssemblyWrapperFunctionSpace): >+ * runtime/WeakMapImpl.h: >+ (JSC::WeakMapImpl::subspaceFor): >+ * wasm/js/JSWebAssemblyCodeBlock.h: >+ * wasm/js/JSWebAssemblyMemory.h: >+ * wasm/js/WebAssemblyFunction.h: >+ * wasm/js/WebAssemblyWrapperFunction.h: >+ > 2019-01-29 Yusuke Suzuki <ysuzuki@apple.com> > > [JSC] FTL should handle LocalAllocator* >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 5ed3184efc2897dbe9a8cfdd0b131176d6e5a6ee..7d88451a5685346a1795d2bb518c1ee742f8c5b7 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,16 @@ >+2019-01-29 Yusuke Suzuki <ysuzuki@apple.com> >+ >+ [JSC] Shrink size of VM by lazily allocating IsoSubspaces for non-common types >+ https://bugs.webkit.org/show_bug.cgi?id=193993 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ No new tests (OOPS!). >+ >+ * bindings/scripts/CodeGeneratorJS.pm: >+ (GenerateHeader): >+ * bridge/runtime_method.h: >+ > 2019-01-29 Simon Fraser <simon.fraser@apple.com> > > REGRESSION(r240553): [iOS] Crash in ScrollingTree::updateTreeFromStateNode when attempting to log in to icloud.com >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 16dcc6aa696f33ef60a12e95f8da2cb4b607e953..22485171a781672f79742c88731bd3f57a233129 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,13 @@ >+2019-01-29 Yusuke Suzuki <ysuzuki@apple.com> >+ >+ [JSC] Shrink size of VM by lazily allocating IsoSubspaces for non-common types >+ https://bugs.webkit.org/show_bug.cgi?id=193993 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * WebProcess/Plugins/Netscape/JSNPMethod.h: >+ * WebProcess/Plugins/Netscape/JSNPObject.h: >+ > 2019-01-29 Simon Fraser <simon.fraser@apple.com> > > REGRESSION(r240553): [iOS] Crash in ScrollingTree::updateTreeFromStateNode when attempting to log in to icloud.com >diff --git a/Source/JavaScriptCore/API/JSCallbackFunction.h b/Source/JavaScriptCore/API/JSCallbackFunction.h >index 6cf9cfc2e4fab7c01ddc6e02b663850b0a7f1642..9cb7f7b7ed8dd07738fb5e1cd0c72470755f88af 100644 >--- a/Source/JavaScriptCore/API/JSCallbackFunction.h >+++ b/Source/JavaScriptCore/API/JSCallbackFunction.h >@@ -37,10 +37,12 @@ class JSCallbackFunction final : public InternalFunction { > public: > typedef InternalFunction Base; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.callbackFunctionSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.callbackFunctionSpace.get(); >+ return &vm.ensureCallbackFunctionSpace(); > } > > static JSCallbackFunction* create(VM&, JSGlobalObject*, JSObjectCallAsFunctionCallback, const String& name); >diff --git a/Source/JavaScriptCore/API/ObjCCallbackFunction.h b/Source/JavaScriptCore/API/ObjCCallbackFunction.h >index c90ff0c68a3bd3a6b104b51a2204623030188da4..358fb79ab96331d2c3ded13423643e3144fbda8f 100644 >--- a/Source/JavaScriptCore/API/ObjCCallbackFunction.h >+++ b/Source/JavaScriptCore/API/ObjCCallbackFunction.h >@@ -48,10 +48,12 @@ class ObjCCallbackFunction : public InternalFunction { > public: > typedef InternalFunction Base; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.objCCallbackFunctionSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.objCCallbackFunctionSpace.get(); >+ return &vm.ensureObjCCallbackFunctionSpace(); > } > > static ObjCCallbackFunction* create(VM&, JSGlobalObject*, const String& name, std::unique_ptr<ObjCCallbackFunctionImpl>); >diff --git a/Source/JavaScriptCore/API/glib/JSCCallbackFunction.h b/Source/JavaScriptCore/API/glib/JSCCallbackFunction.h >index 04663fade495fc428379ad2300432c33bf1f870e..2c59b9b84fc8630284e318e6235f07026eccc23d 100644 >--- a/Source/JavaScriptCore/API/glib/JSCCallbackFunction.h >+++ b/Source/JavaScriptCore/API/glib/JSCCallbackFunction.h >@@ -40,7 +40,7 @@ class JSCCallbackFunction : public InternalFunction { > public: > typedef InternalFunction Base; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return subspaceForImpl(vm); >diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.h b/Source/JavaScriptCore/bytecode/CodeBlock.h >index c747426b38e566ebb9e842ce23ed59384eb0ae20..4256f7c1d101ca40580218ffd2e9ada2f342518f 100644 >--- a/Source/JavaScriptCore/bytecode/CodeBlock.h >+++ b/Source/JavaScriptCore/bytecode/CodeBlock.h >@@ -115,7 +115,7 @@ class CodeBlock : public JSCell { > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > static const bool needsDestruction = true; > >- template<typename> >+ template<typename, SubspaceAccess> > static void subspaceFor(VM&) { } > > DECLARE_INFO; >diff --git a/Source/JavaScriptCore/bytecode/EvalCodeBlock.h b/Source/JavaScriptCore/bytecode/EvalCodeBlock.h >index 6775c362b5d805149dd51ac3210e01d764fc93c5..a10124c3017ad3531ee02165bc4c9d815d4fa256 100644 >--- a/Source/JavaScriptCore/bytecode/EvalCodeBlock.h >+++ b/Source/JavaScriptCore/bytecode/EvalCodeBlock.h >@@ -38,10 +38,15 @@ class EvalCodeBlock final : public GlobalCodeBlock { > typedef GlobalCodeBlock Base; > DECLARE_INFO; > >- template<typename> >+ template<typename, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.evalCodeBlockSpace.space; >+ if (mode == SubspaceAccess::Concurrently) { >+ if (auto* space = vm.evalCodeBlockSpace.get()) >+ return &space->space; >+ return nullptr; >+ } >+ return &vm.ensureEvalCodeBlockSpace().space; > } > > static EvalCodeBlock* create(VM* vm, CopyParsedBlockTag, EvalCodeBlock& other) >diff --git a/Source/JavaScriptCore/bytecode/ExecutableToCodeBlockEdge.h b/Source/JavaScriptCore/bytecode/ExecutableToCodeBlockEdge.h >index 19e353048371a7dfff1ceeb8df8428e1bb71ffdc..6ef41b570223a67627ffeab1b4b9f8ee551fc8fa 100644 >--- a/Source/JavaScriptCore/bytecode/ExecutableToCodeBlockEdge.h >+++ b/Source/JavaScriptCore/bytecode/ExecutableToCodeBlockEdge.h >@@ -40,7 +40,7 @@ class ExecutableToCodeBlockEdge final : public JSCell { > typedef JSCell Base; > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.executableToCodeBlockEdgeSpace; >diff --git a/Source/JavaScriptCore/bytecode/FunctionCodeBlock.h b/Source/JavaScriptCore/bytecode/FunctionCodeBlock.h >index 6f50422882ffaf55360bd12f325a2d23bfda4827..063b25dee9a195dffc64b34463e4426b1870f6ed 100644 >--- a/Source/JavaScriptCore/bytecode/FunctionCodeBlock.h >+++ b/Source/JavaScriptCore/bytecode/FunctionCodeBlock.h >@@ -39,7 +39,7 @@ class FunctionCodeBlock final : public CodeBlock { > typedef CodeBlock Base; > DECLARE_INFO; > >- template<typename> >+ template<typename, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.functionCodeBlockSpace.space; >diff --git a/Source/JavaScriptCore/bytecode/ModuleProgramCodeBlock.h b/Source/JavaScriptCore/bytecode/ModuleProgramCodeBlock.h >index ae99f77d5b43682003ce4b057d948c43ae156350..c3e2e3cee34ccf81847a334c3e5d5251513149ef 100644 >--- a/Source/JavaScriptCore/bytecode/ModuleProgramCodeBlock.h >+++ b/Source/JavaScriptCore/bytecode/ModuleProgramCodeBlock.h >@@ -39,10 +39,15 @@ class ModuleProgramCodeBlock final : public GlobalCodeBlock { > typedef GlobalCodeBlock Base; > DECLARE_INFO; > >- template<typename> >+ template<typename, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.moduleProgramCodeBlockSpace.space; >+ if (mode == SubspaceAccess::Concurrently) { >+ if (auto* space = vm.moduleProgramCodeBlockSpace.get()) >+ return &space->space; >+ return nullptr; >+ } >+ return &vm.ensureModuleProgramCodeBlockSpace().space; > } > > static ModuleProgramCodeBlock* create(VM* vm, CopyParsedBlockTag, ModuleProgramCodeBlock& other) >diff --git a/Source/JavaScriptCore/bytecode/ProgramCodeBlock.h b/Source/JavaScriptCore/bytecode/ProgramCodeBlock.h >index 8ea9b4caa04439831ec17b1acdbf8c8d1f84e8ae..3e24544e7048ff21c67f9b7d8ae825f8749db259 100644 >--- a/Source/JavaScriptCore/bytecode/ProgramCodeBlock.h >+++ b/Source/JavaScriptCore/bytecode/ProgramCodeBlock.h >@@ -39,7 +39,7 @@ class ProgramCodeBlock final : public GlobalCodeBlock { > typedef GlobalCodeBlock Base; > DECLARE_INFO; > >- template<typename> >+ template<typename, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.programCodeBlockSpace.space; >diff --git a/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h b/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h >index d637d68af5ad631558ea93b3b86b9da04cb83175..205152d598a6c3b3f131258dae70aeedf5678ad5 100644 >--- a/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h >+++ b/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h >@@ -61,7 +61,7 @@ class UnlinkedFunctionExecutable final : public JSCell { > typedef JSCell Base; > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.unlinkedFunctionExecutableSpace.space; >diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp >index 16e431c4a79b9cb5bad88135c6ad05fce4793d30..a453611c635a9044d061f643c7b4662c1d21e726 100644 >--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp >+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp >@@ -130,7 +130,9 @@ void SpeculativeJIT::emitAllocateRawObject(GPRReg resultGPR, RegisteredStructure > } > > size_t allocationSize = JSFinalObject::allocationSize(inlineCapacity); >- Allocator allocator = subspaceFor<JSFinalObject>(*m_jit.vm())->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); >+ Allocator allocator; >+ if (auto* subspace = subspaceForConcurrently<JSFinalObject>(*m_jit.vm())) >+ allocator = subspace->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); > if (allocator) { > emitAllocateJSObject(resultGPR, JITAllocator::constant(allocator), scratchGPR, TrustedImmPtr(structure), storageGPR, scratch2GPR, slowCases); > m_jit.emitInitializeInlineStorage(resultGPR, structure->inlineCapacity()); >@@ -4361,7 +4363,9 @@ void SpeculativeJIT::compileMakeRope(Node* node) > GPRReg scratchGPR = scratch.gpr(); > > JITCompiler::JumpList slowPath; >- Allocator allocatorValue = subspaceFor<JSRopeString>(*m_jit.vm())->allocatorForNonVirtual(sizeof(JSRopeString), AllocatorForMode::AllocatorIfExists); >+ Allocator allocatorValue; >+ if (auto* subspace = subspaceForConcurrently<JSRopeString>(*m_jit.vm())) >+ allocatorValue = subspace->allocatorForNonVirtual(sizeof(JSRopeString), AllocatorForMode::AllocatorIfExists); > emitAllocateJSCell(resultGPR, JITAllocator::constant(allocatorValue), allocatorGPR, TrustedImmPtr(m_jit.graph().registerStructure(m_jit.vm()->stringStructure.get())), scratchGPR, slowPath); > > m_jit.storePtr(TrustedImmPtr(nullptr), JITCompiler::Address(resultGPR, JSString::offsetOfValue())); >@@ -12542,7 +12546,9 @@ void SpeculativeJIT::compileNewObject(Node* node) > > RegisteredStructure structure = node->structure(); > size_t allocationSize = JSFinalObject::allocationSize(structure->inlineCapacity()); >- Allocator allocatorValue = subspaceFor<JSFinalObject>(*m_jit.vm())->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); >+ Allocator allocatorValue; >+ if (auto* subspace = subspaceForConcurrently<JSFinalObject>(*m_jit.vm())) >+ allocatorValue = subspace->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); > > if (!allocatorValue) > slowPath.append(m_jit.jump()); >diff --git a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >index 4f3a5a054b58b145c70c8a4a6a4af6cc0f5a0807..008d1fec1420ee2743d8883be9bfe1965207fe4b 100644 >--- a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >+++ b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >@@ -6471,7 +6471,9 @@ class LowerDFGToB3 { > > LBasicBlock lastNext = m_out.insertNewBlocksBefore(slowPath); > >- Allocator allocator = subspaceFor<JSRopeString>(vm())->allocatorForNonVirtual(sizeof(JSRopeString), AllocatorForMode::AllocatorIfExists); >+ Allocator allocator; >+ if (auto* subspace = subspaceForConcurrently<JSRopeString>(vm())) >+ allocator = subspace->allocatorForNonVirtual(sizeof(JSRopeString), AllocatorForMode::AllocatorIfExists); > > LValue result = allocateCell( > m_out.constIntPtr(allocator.localAllocator()), vm().stringStructure.get(), slowPath); >@@ -10722,7 +10724,9 @@ class LowerDFGToB3 { > > if (structure->outOfLineCapacity() || hasIndexedProperties(structure->indexingType())) { > size_t allocationSize = JSFinalObject::allocationSize(structure->inlineCapacity()); >- Allocator cellAllocator = subspaceFor<JSFinalObject>(vm())->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); >+ Allocator cellAllocator; >+ if (auto* subspace = subspaceForConcurrently<JSFinalObject>(vm())) >+ cellAllocator = subspace->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); > > bool hasIndexingHeader = hasIndexedProperties(structure->indexingType()); > unsigned indexingHeaderSize = 0; >@@ -13189,7 +13193,9 @@ class LowerDFGToB3 { > LValue allocateObject( > size_t size, StructureType structure, LValue butterfly, LBasicBlock slowPath) > { >- Allocator allocator = subspaceFor<ClassType>(vm())->allocatorForNonVirtual(size, AllocatorForMode::AllocatorIfExists); >+ Allocator allocator; >+ if (auto* subspace = subspaceForConcurrently<ClassType>(vm())) >+ allocator = subspace->allocatorForNonVirtual(size, AllocatorForMode::AllocatorIfExists); > return allocateObject( > m_out.constIntPtr(allocator.localAllocator()), structure, butterfly, slowPath); > } >@@ -13253,7 +13259,9 @@ class LowerDFGToB3 { > LValue allocateVariableSizedObject( > LValue size, RegisteredStructure structure, LValue butterfly, LBasicBlock slowPath) > { >- LValue allocator = allocatorForSize(*subspaceFor<ClassType>(vm()), size, slowPath); >+ CompleteSubspace* subspace = subspaceForConcurrently<ClassType>(vm()); >+ RELEASE_ASSERT_WITH_MESSAGE(subspace, "CompleteSubspace is always allocated"); >+ LValue allocator = allocatorForSize(*subspace, size, slowPath); > return allocateObject(allocator, structure, butterfly, slowPath); > } > >@@ -13261,14 +13269,18 @@ class LowerDFGToB3 { > LValue allocateVariableSizedCell( > LValue size, Structure* structure, LBasicBlock slowPath) > { >- LValue allocator = allocatorForSize(*subspaceFor<ClassType>(vm()), size, slowPath); >+ CompleteSubspace* subspace = subspaceForConcurrently<ClassType>(vm()); >+ RELEASE_ASSERT_WITH_MESSAGE(subspace, "CompleteSubspace is always allocated"); >+ LValue allocator = allocatorForSize(*subspace, size, slowPath); > return allocateCell(allocator, structure, slowPath); > } > > LValue allocateObject(RegisteredStructure structure) > { > size_t allocationSize = JSFinalObject::allocationSize(structure.get()->inlineCapacity()); >- Allocator allocator = subspaceFor<JSFinalObject>(vm())->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); >+ Allocator allocator; >+ if (auto* subspace = subspaceForConcurrently<JSFinalObject>(vm())) >+ allocator = subspace->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); > > // FIXME: If the allocator is null, we could simply emit a normal C call to the allocator > // instead of putting it on the slow path. >diff --git a/Source/JavaScriptCore/heap/Heap.cpp b/Source/JavaScriptCore/heap/Heap.cpp >index 06ea3b62e6436440323b3a9dd3c2debe8b002e7b..2a44e620d259d9dfd646ca62e6e3addcb4e358f4 100644 >--- a/Source/JavaScriptCore/heap/Heap.cpp >+++ b/Source/JavaScriptCore/heap/Heap.cpp >@@ -573,12 +573,16 @@ void Heap::finalizeUnconditionalFinalizers() > this->finalizeMarkedUnconditionalFinalizers<CodeBlock>(space.finalizerSet); > }); > finalizeMarkedUnconditionalFinalizers<ExecutableToCodeBlockEdge>(vm()->executableToCodeBlockEdgesWithFinalizers); >- finalizeMarkedUnconditionalFinalizers<JSWeakSet>(vm()->weakSetSpace); >- finalizeMarkedUnconditionalFinalizers<JSWeakMap>(vm()->weakMapSpace); >- finalizeMarkedUnconditionalFinalizers<ErrorInstance>(vm()->errorInstanceSpace); >+ if (vm()->weakSetSpace) >+ finalizeMarkedUnconditionalFinalizers<JSWeakSet>(*vm()->weakSetSpace); >+ if (vm()->weakMapSpace) >+ finalizeMarkedUnconditionalFinalizers<JSWeakMap>(*vm()->weakMapSpace); >+ if (vm()->errorInstanceSpace) >+ finalizeMarkedUnconditionalFinalizers<ErrorInstance>(*vm()->errorInstanceSpace); > > #if ENABLE(WEBASSEMBLY) >- finalizeMarkedUnconditionalFinalizers<JSWebAssemblyCodeBlock>(vm()->webAssemblyCodeBlockSpace); >+ if (vm()->webAssemblyCodeBlockSpace) >+ finalizeMarkedUnconditionalFinalizers<JSWebAssemblyCodeBlock>(*vm()->webAssemblyCodeBlockSpace); > #endif > } > >@@ -896,11 +900,13 @@ void Heap::deleteAllCodeBlocks(DeleteAllCodeEffort effort) > // points into a CodeBlock that could be dead. The IC will still succeed because > // it uses a callee check, but then it will call into dead code. > HeapIterationScope heapIterationScope(*this); >- vm.webAssemblyCodeBlockSpace.forEachLiveCell([&] (HeapCell* cell, HeapCell::Kind kind) { >- ASSERT_UNUSED(kind, kind == HeapCell::JSCell); >- JSWebAssemblyCodeBlock* codeBlock = static_cast<JSWebAssemblyCodeBlock*>(cell); >- codeBlock->clearJSCallICs(vm); >- }); >+ if (vm.webAssemblyCodeBlockSpace) { >+ vm.webAssemblyCodeBlockSpace->forEachLiveCell([&] (HeapCell* cell, HeapCell::Kind kind) { >+ ASSERT_UNUSED(kind, kind == HeapCell::JSCell); >+ JSWebAssemblyCodeBlock* codeBlock = static_cast<JSWebAssemblyCodeBlock*>(cell); >+ codeBlock->clearJSCallICs(vm); >+ }); >+ } > } > #endif > } >@@ -2730,7 +2736,8 @@ void Heap::addCoreConstraints() > }; > > add(vm.executableToCodeBlockEdgesWithConstraints); >- add(vm.weakMapSpace); >+ if (vm.weakMapSpace) >+ add(*vm.weakMapSpace); > }, > ConstraintVolatility::GreyedByMarking, > ConstraintParallelism::Parallel); >diff --git a/Source/JavaScriptCore/jit/AssemblyHelpers.h b/Source/JavaScriptCore/jit/AssemblyHelpers.h >index 283bb03033bc583703ecd6fc0bc8bf87f93e7528..8abd20067ae2aade2ff94d6c7a7a37984272a24b 100644 >--- a/Source/JavaScriptCore/jit/AssemblyHelpers.h >+++ b/Source/JavaScriptCore/jit/AssemblyHelpers.h >@@ -1752,7 +1752,9 @@ class AssemblyHelpers : public MacroAssembler { > VM& vm, GPRReg resultGPR, StructureType structure, StorageType storage, GPRReg scratchGPR1, > GPRReg scratchGPR2, JumpList& slowPath, size_t size) > { >- Allocator allocator = subspaceFor<ClassType>(vm)->allocatorForNonVirtual(size, AllocatorForMode::AllocatorIfExists); >+ Allocator allocator; >+ if (auto* subspace = subspaceForConcurrently<ClassType>(vm)) >+ allocator = subspace->allocatorForNonVirtual(size, AllocatorForMode::AllocatorIfExists); > emitAllocateJSObject(resultGPR, JITAllocator::constant(allocator), scratchGPR1, structure, storage, scratchGPR2, slowPath); > } > >@@ -1769,8 +1771,9 @@ class AssemblyHelpers : public MacroAssembler { > template<typename ClassType, typename StructureType> > void emitAllocateVariableSizedCell(VM& vm, GPRReg resultGPR, StructureType structure, GPRReg allocationSize, GPRReg scratchGPR1, GPRReg scratchGPR2, JumpList& slowPath) > { >- CompleteSubspace& subspace = *subspaceFor<ClassType>(vm); >- emitAllocateVariableSized(resultGPR, subspace, allocationSize, scratchGPR1, scratchGPR2, slowPath); >+ CompleteSubspace* subspace = subspaceForConcurrently<ClassType>(vm); >+ RELEASE_ASSERT_WITH_MESSAGE(subspace, "CompleteSubspace is always allocated"); >+ emitAllocateVariableSized(resultGPR, *subspace, allocationSize, scratchGPR1, scratchGPR2, slowPath); > emitStoreStructureWithTypeInfo(structure, resultGPR, scratchGPR2); > } > >diff --git a/Source/JavaScriptCore/jit/JITOpcodes.cpp b/Source/JavaScriptCore/jit/JITOpcodes.cpp >index 378dc505f7007b5207a2115a856002d54cf11cb7..6ad0cd818fd009975d1c1f9322fdadc9ba75dd5a 100644 >--- a/Source/JavaScriptCore/jit/JITOpcodes.cpp >+++ b/Source/JavaScriptCore/jit/JITOpcodes.cpp >@@ -96,7 +96,9 @@ void JIT::emit_op_new_object(const Instruction* currentInstruction) > auto& metadata = bytecode.metadata(m_codeBlock); > Structure* structure = metadata.m_objectAllocationProfile.structure(); > size_t allocationSize = JSFinalObject::allocationSize(structure->inlineCapacity()); >- Allocator allocator = subspaceFor<JSFinalObject>(*m_vm)->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); >+ Allocator allocator; >+ if (auto* subspace = subspaceForConcurrently<JSFinalObject>(*m_vm)) >+ allocator = subspace->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); > > RegisterID resultReg = regT0; > RegisterID allocatorReg = regT1; >diff --git a/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp b/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp >index f36cd4339dee03f75ed10df196948e2317570f69..784fd5ca32f9301cc051c674353262fcd3bd36af 100644 >--- a/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp >+++ b/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp >@@ -84,7 +84,9 @@ void JIT::emit_op_new_object(const Instruction* currentInstruction) > auto& metadata = bytecode.metadata(m_codeBlock); > Structure* structure = metadata.m_objectAllocationProfile.structure(); > size_t allocationSize = JSFinalObject::allocationSize(structure->inlineCapacity()); >- Allocator allocator = subspaceFor<JSFinalObject>(*m_vm)->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); >+ Allocator allocator; >+ if (auto* subspace = subspaceForConcurrently<JSFinalObject>(*m_vm)) >+ allocator = subspace->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); > > RegisterID resultReg = returnValueGPR; > RegisterID allocatorReg = regT1; >diff --git a/Source/JavaScriptCore/runtime/DirectArguments.h b/Source/JavaScriptCore/runtime/DirectArguments.h >index 2a78fd0fea3e83af1404005d6ac3be5be13a0cae..39331e05bbd433b5968d5c7bc5ee96d5c02ebf34 100644 >--- a/Source/JavaScriptCore/runtime/DirectArguments.h >+++ b/Source/JavaScriptCore/runtime/DirectArguments.h >@@ -46,7 +46,7 @@ class DirectArguments final : public GenericArguments<DirectArguments> { > DirectArguments(VM&, Structure*, unsigned length, unsigned capacity); > > public: >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { > RELEASE_ASSERT(!CellType::needsDestruction); >diff --git a/Source/JavaScriptCore/runtime/DirectEvalExecutable.h b/Source/JavaScriptCore/runtime/DirectEvalExecutable.h >index 32067080e78f797345851fd79d4f0ba6fc18feae..1af63f79cedd27f100d392a70d67f0bf356980b5 100644 >--- a/Source/JavaScriptCore/runtime/DirectEvalExecutable.h >+++ b/Source/JavaScriptCore/runtime/DirectEvalExecutable.h >@@ -31,10 +31,15 @@ namespace JSC { > > class DirectEvalExecutable final : public EvalExecutable { > public: >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.directEvalExecutableSpace.space; >+ if (mode == SubspaceAccess::Concurrently) { >+ if (auto* space = vm.directEvalExecutableSpace.get()) >+ return &space->space; >+ return nullptr; >+ } >+ return &vm.ensureDirectEvalExecutableSpace().space; > } > > static DirectEvalExecutable* create(ExecState*, const SourceCode&, bool isInStrictContext, DerivedContextType, bool isArrowFunctionContext, EvalContextType, const VariableEnvironment*); >diff --git a/Source/JavaScriptCore/runtime/ErrorInstance.h b/Source/JavaScriptCore/runtime/ErrorInstance.h >index d95cbf81b40169581a5e2a144959bf72e49e2534..aa567f79f0b81313da651dd116b95a20498b4a59 100644 >--- a/Source/JavaScriptCore/runtime/ErrorInstance.h >+++ b/Source/JavaScriptCore/runtime/ErrorInstance.h >@@ -72,10 +72,12 @@ class ErrorInstance : public JSDestructibleObject { > bool materializeErrorInfoIfNeeded(VM&); > bool materializeErrorInfoIfNeeded(VM&, PropertyName); > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.errorInstanceSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.errorInstanceSpace.get(); >+ return &vm.ensureErrorInstanceSpace(); > } > > void finalizeUnconditionally(VM&); >diff --git a/Source/JavaScriptCore/runtime/ExecutableBase.h b/Source/JavaScriptCore/runtime/ExecutableBase.h >index c719ffba5f893a6ff5b82d67a42820dfd0bc8e43..de60f0b861b4f6ea91e1d2c58878e01b4d61fd70 100644 >--- a/Source/JavaScriptCore/runtime/ExecutableBase.h >+++ b/Source/JavaScriptCore/runtime/ExecutableBase.h >@@ -84,7 +84,7 @@ class ExecutableBase : public JSCell { > static void destroy(JSCell*); > > // Force subclasses to override this. >- template<typename> >+ template<typename, SubspaceAccess> > static void subspaceFor(VM&) { } > > CodeBlockHash hashFor(CodeSpecializationKind) const; >diff --git a/Source/JavaScriptCore/runtime/FunctionExecutable.h b/Source/JavaScriptCore/runtime/FunctionExecutable.h >index 1baaa8572162d81d8c7ad2efc4e926de0ea59727..1a64c2e5d77b15eb7f0b063788a54f4b7a6ca32a 100644 >--- a/Source/JavaScriptCore/runtime/FunctionExecutable.h >+++ b/Source/JavaScriptCore/runtime/FunctionExecutable.h >@@ -39,7 +39,7 @@ class FunctionExecutable final : public ScriptExecutable { > typedef ScriptExecutable Base; > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.functionExecutableSpace.space; >diff --git a/Source/JavaScriptCore/runtime/IndirectEvalExecutable.h b/Source/JavaScriptCore/runtime/IndirectEvalExecutable.h >index d868d93efc342cca017720de22646c1af2632e76..8cc9721fc1a2a95b34f5e3220d600e8cfc4e1b86 100644 >--- a/Source/JavaScriptCore/runtime/IndirectEvalExecutable.h >+++ b/Source/JavaScriptCore/runtime/IndirectEvalExecutable.h >@@ -31,10 +31,15 @@ namespace JSC { > > class IndirectEvalExecutable final : public EvalExecutable { > public: >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.indirectEvalExecutableSpace.space; >+ if (mode == SubspaceAccess::Concurrently) { >+ if (auto* space = vm.indirectEvalExecutableSpace.get()) >+ return &space->space; >+ return nullptr; >+ } >+ return &vm.ensureIndirectEvalExecutableSpace().space; > } > > static IndirectEvalExecutable* create(ExecState*, const SourceCode&, bool isInStrictContext, DerivedContextType, bool isArrowFunctionContext, EvalContextType); >diff --git a/Source/JavaScriptCore/runtime/InferredValue.h b/Source/JavaScriptCore/runtime/InferredValue.h >index 08028ef4b7e5cc3ab9231ea6d1063920ae9a0338..d89ebbb2cc2ed3fa8d189b98ee1a0f6100f7f01c 100644 >--- a/Source/JavaScriptCore/runtime/InferredValue.h >+++ b/Source/JavaScriptCore/runtime/InferredValue.h >@@ -45,7 +45,7 @@ class InferredValue final : public JSCell { > public: > typedef JSCell Base; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.inferredValueSpace; >diff --git a/Source/JavaScriptCore/runtime/InternalFunction.h b/Source/JavaScriptCore/runtime/InternalFunction.h >index 244c4f72a8f6783cadb04c2f5d4187f8d9a1d98a..634d9dd1027b68d4130d4188f6d76e0e8d2796b2 100644 >--- a/Source/JavaScriptCore/runtime/InternalFunction.h >+++ b/Source/JavaScriptCore/runtime/InternalFunction.h >@@ -38,7 +38,7 @@ class InternalFunction : public JSDestructibleObject { > typedef JSDestructibleObject Base; > static const unsigned StructureFlags = Base::StructureFlags | ImplementsHasInstance | ImplementsDefaultHasInstance | OverridesGetCallData; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > static_assert(sizeof(CellType) == sizeof(InternalFunction), "InternalFunction subclasses that add fields need to override subspaceFor<>()"); >diff --git a/Source/JavaScriptCore/runtime/JSAsyncFunction.h b/Source/JavaScriptCore/runtime/JSAsyncFunction.h >index 459d5a9f77a6f261f8cdb8ac968b13c37c22a2a0..f626cbbf921b34f48583e4dc15ccaf42f1493e49 100644 >--- a/Source/JavaScriptCore/runtime/JSAsyncFunction.h >+++ b/Source/JavaScriptCore/runtime/JSAsyncFunction.h >@@ -38,10 +38,12 @@ class JSAsyncFunction final : public JSFunction { > > const static unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.asyncFunctionSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.asyncFunctionSpace.get(); >+ return &vm.ensureAsyncFunctionSpace(); > } > > DECLARE_EXPORT_INFO; >diff --git a/Source/JavaScriptCore/runtime/JSAsyncGeneratorFunction.h b/Source/JavaScriptCore/runtime/JSAsyncGeneratorFunction.h >index a38c6225ba816a5e379587e4c2b6d141251f7aee..b46e2c28a850c321c4ec0cfa64eed340da6da957 100644 >--- a/Source/JavaScriptCore/runtime/JSAsyncGeneratorFunction.h >+++ b/Source/JavaScriptCore/runtime/JSAsyncGeneratorFunction.h >@@ -38,10 +38,12 @@ class JSAsyncGeneratorFunction final : public JSFunction { > > const static unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.asyncGeneratorFunctionSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.asyncGeneratorFunctionSpace.get(); >+ return &vm.ensureAsyncGeneratorFunctionSpace(); > } > > DECLARE_EXPORT_INFO; >diff --git a/Source/JavaScriptCore/runtime/JSBoundFunction.h b/Source/JavaScriptCore/runtime/JSBoundFunction.h >index 928ddc58a219f12a39d97d4d1008485d99688491..eb968342e000f5c03c1d4c64a4f33b8073e3e4cd 100644 >--- a/Source/JavaScriptCore/runtime/JSBoundFunction.h >+++ b/Source/JavaScriptCore/runtime/JSBoundFunction.h >@@ -42,10 +42,12 @@ class JSBoundFunction final : public JSFunction { > const static unsigned StructureFlags = Base::StructureFlags & ~ImplementsDefaultHasInstance; > static_assert(StructureFlags & ImplementsHasInstance, ""); > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.boundFunctionSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.boundFunctionSpace.get(); >+ return &vm.ensureBoundFunctionSpace(); > } > > static JSBoundFunction* create(VM&, ExecState*, JSGlobalObject*, JSObject* targetFunction, JSValue boundThis, JSArray* boundArgs, int, const String& name); >diff --git a/Source/JavaScriptCore/runtime/JSCell.h b/Source/JavaScriptCore/runtime/JSCell.h >index 9e8ba60d9f621e49881fe22026cafdaa8ea7eda8..c1e20fe6727ad8b476809662fbea5f37e1ec048a 100644 >--- a/Source/JavaScriptCore/runtime/JSCell.h >+++ b/Source/JavaScriptCore/runtime/JSCell.h >@@ -57,6 +57,11 @@ enum class GCDeferralContextArgPresense { > DoesNotHaveArg > }; > >+enum class SubspaceAccess { >+ OnMainThread, >+ Concurrently, >+}; >+ > template<typename T> void* allocateCell(Heap&, size_t = sizeof(T)); > template<typename T> void* tryAllocateCell(Heap&, size_t = sizeof(T)); > template<typename T> void* allocateCell(Heap&, GCDeferralContext*, size_t = sizeof(T)); >@@ -88,7 +93,7 @@ class JSCell : public HeapCell { > // Don't call this directly. Call JSC::subspaceFor<Type>(vm) instead. > // FIXME: Refer to Subspace by reference. > // https://bugs.webkit.org/show_bug.cgi?id=166988 >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM&); > > static JSCell* seenMultipleCalleeObjects() { return bitwise_cast<JSCell*>(static_cast<uintptr_t>(1)); } >@@ -294,7 +299,13 @@ class JSCellLock : public JSCell { > template<typename Type> > inline auto subspaceFor(VM& vm) > { >- return Type::template subspaceFor<Type>(vm); >+ return Type::template subspaceFor<Type, SubspaceAccess::OnMainThread>(vm); >+} >+ >+template<typename Type> >+inline auto subspaceForConcurrently(VM& vm) >+{ >+ return Type::template subspaceFor<Type, SubspaceAccess::Concurrently>(vm); > } > > } // namespace JSC >diff --git a/Source/JavaScriptCore/runtime/JSCellInlines.h b/Source/JavaScriptCore/runtime/JSCellInlines.h >index 3c5ad64857c65356d06c4cfd3a38dc436fcbc3fa..08fa3a3698c38ecb17d304469ba2b387e9e1427f 100644 >--- a/Source/JavaScriptCore/runtime/JSCellInlines.h >+++ b/Source/JavaScriptCore/runtime/JSCellInlines.h >@@ -145,7 +145,7 @@ ALWAYS_INLINE VM& ExecState::vm() const > return *callee->markedBlock().vm(); > } > >-template<typename CellType> >+template<typename CellType, SubspaceAccess> > CompleteSubspace* JSCell::subspaceFor(VM& vm) > { > if (CellType::needsDestruction) >diff --git a/Source/JavaScriptCore/runtime/JSCustomGetterSetterFunction.h b/Source/JavaScriptCore/runtime/JSCustomGetterSetterFunction.h >index 17c7f18be8db35a85d216906312f1a1e8d5439cc..88d8f15402f7786f288a4bef8adcdb601b512035 100644 >--- a/Source/JavaScriptCore/runtime/JSCustomGetterSetterFunction.h >+++ b/Source/JavaScriptCore/runtime/JSCustomGetterSetterFunction.h >@@ -40,10 +40,12 @@ class JSCustomGetterSetterFunction final : public JSFunction { > > static const unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.customGetterSetterFunctionSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.customGetterSetterFunctionSpace.get(); >+ return &vm.ensureCustomGetterSetterFunctionSpace(); > } > > static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype) >diff --git a/Source/JavaScriptCore/runtime/JSDestructibleObject.h b/Source/JavaScriptCore/runtime/JSDestructibleObject.h >index 43828f0fc1df41bf35b9f13777d987a53b92ce82..d2617b75836fe3a647968bc33d0f01f091964adb 100644 >--- a/Source/JavaScriptCore/runtime/JSDestructibleObject.h >+++ b/Source/JavaScriptCore/runtime/JSDestructibleObject.h >@@ -37,7 +37,7 @@ class JSDestructibleObject : public JSNonFinalObject { > > static const bool needsDestruction = true; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { > return &vm.destructibleObjectSpace; >diff --git a/Source/JavaScriptCore/runtime/JSFunction.h b/Source/JavaScriptCore/runtime/JSFunction.h >index 1e77632b511f2e26e2c4d2af892d9a6966b4c63b..3bf067658c3af38e759784e06a7b4dde43823f7e 100644 >--- a/Source/JavaScriptCore/runtime/JSFunction.h >+++ b/Source/JavaScriptCore/runtime/JSFunction.h >@@ -62,7 +62,7 @@ class JSFunction : public JSCallee { > > public: > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.functionSpace; >diff --git a/Source/JavaScriptCore/runtime/JSGeneratorFunction.h b/Source/JavaScriptCore/runtime/JSGeneratorFunction.h >index 0e88fc735cb92a72b1c0b495b7fa630c25fe9490..dc0210093777f18bac71ea2b3dc081884bcc08c9 100644 >--- a/Source/JavaScriptCore/runtime/JSGeneratorFunction.h >+++ b/Source/JavaScriptCore/runtime/JSGeneratorFunction.h >@@ -66,10 +66,12 @@ class JSGeneratorFunction final : public JSFunction { > > const static unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.generatorFunctionSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.generatorFunctionSpace.get(); >+ return &vm.ensureGeneratorFunctionSpace(); > } > > DECLARE_EXPORT_INFO; >diff --git a/Source/JavaScriptCore/runtime/JSImmutableButterfly.h b/Source/JavaScriptCore/runtime/JSImmutableButterfly.h >index 4ac2a6c4e4b5da3ccad5d448328f52ac67f69cd2..b554c5fdeccf6bc1ee3633ff4811eed2755047b0 100644 >--- a/Source/JavaScriptCore/runtime/JSImmutableButterfly.h >+++ b/Source/JavaScriptCore/runtime/JSImmutableButterfly.h >@@ -88,7 +88,7 @@ class JSImmutableButterfly : public JSCell { > > void copyToArguments(ExecState*, VirtualRegister firstElementDest, unsigned offset, unsigned length); > >- template<typename> >+ template<typename, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { > // We allocate out of the JSValue gigacage as other code expects all butterflies to live there. >diff --git a/Source/JavaScriptCore/runtime/JSLexicalEnvironment.h b/Source/JavaScriptCore/runtime/JSLexicalEnvironment.h >index cfec9567b6746ddd06e464133121a9dd021deea2..3b67629889603a67ecf6c05df4748c3a5119cdb3 100644 >--- a/Source/JavaScriptCore/runtime/JSLexicalEnvironment.h >+++ b/Source/JavaScriptCore/runtime/JSLexicalEnvironment.h >@@ -40,10 +40,10 @@ class JSLexicalEnvironment : public JSSymbolTableObject { > friend class JIT; > friend class LLIntOffsetsExtractor; > public: >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { >- RELEASE_ASSERT(!CellType::needsDestruction); >+ static_assert(!CellType::needsDestruction, ""); > return &vm.jsValueGigacageCellSpace; > } > >diff --git a/Source/JavaScriptCore/runtime/JSNativeStdFunction.h b/Source/JavaScriptCore/runtime/JSNativeStdFunction.h >index e2041496f8e7aa208c0fc66a034980d98d0ff0ac..532e36d9a97b4db497352152af97dc43415dc350 100644 >--- a/Source/JavaScriptCore/runtime/JSNativeStdFunction.h >+++ b/Source/JavaScriptCore/runtime/JSNativeStdFunction.h >@@ -40,10 +40,12 @@ class JSNativeStdFunction final : public JSFunction { > > const static unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.nativeStdFunctionSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.nativeStdFunctionSpace.get(); >+ return &vm.ensureNativeStdFunctionSpace(); > } > > DECLARE_EXPORT_INFO; >diff --git a/Source/JavaScriptCore/runtime/JSObject.h b/Source/JavaScriptCore/runtime/JSObject.h >index 192db5eeea713e617b71219af7f749a20ea0481f..79e08489994c76557b8f567d3b3ad3ecd9c8688b 100644 >--- a/Source/JavaScriptCore/runtime/JSObject.h >+++ b/Source/JavaScriptCore/runtime/JSObject.h >@@ -104,7 +104,7 @@ class JSObject : public JSCell { > public: > typedef JSCell Base; > >- template<typename> >+ template<typename, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { > return &vm.cellJSValueOOBSpace; >diff --git a/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h b/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h >index cb5fe372ae22fbe10fba8a650f84cef59a24a511..deef4e5f9e86a87797521910b6167133af65b618 100644 >--- a/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h >+++ b/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h >@@ -90,7 +90,7 @@ class JSSegmentedVariableObject : public JSSymbolTableObject { > > static void destroy(JSCell*); > >- template<typename> >+ template<typename, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { > return &vm.segmentedVariableObjectSpace; >diff --git a/Source/JavaScriptCore/runtime/JSString.h b/Source/JavaScriptCore/runtime/JSString.h >index 57d7f9040240f06f700fb88dd1233134c374f1af..8b4d2091364236480ee62748b2706f1d3239b11d 100644 >--- a/Source/JavaScriptCore/runtime/JSString.h >+++ b/Source/JavaScriptCore/runtime/JSString.h >@@ -89,7 +89,7 @@ class JSString : public JSCell { > > // We specialize the string subspace to get the fastest possible sweep. This wouldn't be > // necessary if JSString didn't have a destructor. >- template<typename> >+ template<typename, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { > return &vm.stringSpace; >diff --git a/Source/JavaScriptCore/runtime/ModuleProgramExecutable.h b/Source/JavaScriptCore/runtime/ModuleProgramExecutable.h >index f5171d4c34ad27d9b92167d64471964156b0d524..2deafbf609404018022d0e8bb284eb43faade325 100644 >--- a/Source/JavaScriptCore/runtime/ModuleProgramExecutable.h >+++ b/Source/JavaScriptCore/runtime/ModuleProgramExecutable.h >@@ -36,10 +36,15 @@ class ModuleProgramExecutable final : public ScriptExecutable { > typedef ScriptExecutable Base; > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.moduleProgramExecutableSpace.space; >+ if (mode == SubspaceAccess::Concurrently) { >+ if (auto* space = vm.moduleProgramExecutableSpace.get()) >+ return &space->space; >+ return nullptr; >+ } >+ return &vm.ensureModuleProgramExecutableSpace().space; > } > > static ModuleProgramExecutable* create(ExecState*, const SourceCode&); >diff --git a/Source/JavaScriptCore/runtime/NativeExecutable.h b/Source/JavaScriptCore/runtime/NativeExecutable.h >index 637be6fde74715921559e6159b3717a89a0849a2..91fb35ba0ea3c438a2400c24a458e9bbfb99cb44 100644 >--- a/Source/JavaScriptCore/runtime/NativeExecutable.h >+++ b/Source/JavaScriptCore/runtime/NativeExecutable.h >@@ -44,7 +44,7 @@ class NativeExecutable final : public ExecutableBase { > > static void destroy(JSCell*); > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.nativeExecutableSpace; >diff --git a/Source/JavaScriptCore/runtime/ProgramExecutable.h b/Source/JavaScriptCore/runtime/ProgramExecutable.h >index ff84c9e7122866318a4acf415c856f211c088b7f..a1ecd21e0100fff7e7256a9d5c746658e423130d 100644 >--- a/Source/JavaScriptCore/runtime/ProgramExecutable.h >+++ b/Source/JavaScriptCore/runtime/ProgramExecutable.h >@@ -36,7 +36,7 @@ class ProgramExecutable final : public ScriptExecutable { > typedef ScriptExecutable Base; > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.programExecutableSpace.space; >diff --git a/Source/JavaScriptCore/runtime/PropertyMapHashTable.h b/Source/JavaScriptCore/runtime/PropertyMapHashTable.h >index 27edadc47ccd864ab01f5c3950dcf18828888058..70e9a71d0ddb064cc255b4e3e22a90abdeaf3828 100644 >--- a/Source/JavaScriptCore/runtime/PropertyMapHashTable.h >+++ b/Source/JavaScriptCore/runtime/PropertyMapHashTable.h >@@ -123,7 +123,7 @@ class PropertyTable final : public JSCell { > typedef JSCell Base; > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.propertyTableSpace; >diff --git a/Source/JavaScriptCore/runtime/ProxyRevoke.h b/Source/JavaScriptCore/runtime/ProxyRevoke.h >index 322096564e9870cc392e383c9005f770ba8e7e80..ca064fd9fdf67ec5c311994bbd4a99d09fe16e15 100644 >--- a/Source/JavaScriptCore/runtime/ProxyRevoke.h >+++ b/Source/JavaScriptCore/runtime/ProxyRevoke.h >@@ -36,10 +36,12 @@ class ProxyRevoke final : public InternalFunction { > typedef InternalFunction Base; > static const unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.proxyRevokeSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.proxyRevokeSpace.get(); >+ return &vm.ensureProxyRevokeSpace(); > } > > static ProxyRevoke* create(VM&, Structure*, ProxyObject*); >diff --git a/Source/JavaScriptCore/runtime/ScopedArguments.h b/Source/JavaScriptCore/runtime/ScopedArguments.h >index a9c0b2407fa50018c337169233dc7ff2f57829ad..4d48a99da50feb6117795a90ace437b9face2a16 100644 >--- a/Source/JavaScriptCore/runtime/ScopedArguments.h >+++ b/Source/JavaScriptCore/runtime/ScopedArguments.h >@@ -43,7 +43,7 @@ class ScopedArguments final : public GenericArguments<ScopedArguments> { > using Base = GenericArguments<ScopedArguments>; > > public: >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { > RELEASE_ASSERT(!CellType::needsDestruction); >diff --git a/Source/JavaScriptCore/runtime/Structure.h b/Source/JavaScriptCore/runtime/Structure.h >index e11a853e1acbd24b695d10109d1dd3205ce0ea62..36826932411c067c1bbc73f5a392aa94a7e6ee96 100644 >--- a/Source/JavaScriptCore/runtime/Structure.h >+++ b/Source/JavaScriptCore/runtime/Structure.h >@@ -132,7 +132,7 @@ class Structure final : public JSCell { > > ~Structure(); > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.structureSpace; >diff --git a/Source/JavaScriptCore/runtime/StructureRareData.h b/Source/JavaScriptCore/runtime/StructureRareData.h >index 336732d11d873d42f20f9910871e28c270f6a885..c4be7140ce82c2941d2241f38d8d5af38f8bc618 100644 >--- a/Source/JavaScriptCore/runtime/StructureRareData.h >+++ b/Source/JavaScriptCore/runtime/StructureRareData.h >@@ -43,7 +43,7 @@ class StructureRareData final : public JSCell { > typedef JSCell Base; > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.structureRareDataSpace; >diff --git a/Source/JavaScriptCore/runtime/Symbol.h b/Source/JavaScriptCore/runtime/Symbol.h >index 71023e61abf00d44edcc851ba92264369710ecc6..1cd5a20bf3f9cab72f38d322a6ab6ca162ab668e 100644 >--- a/Source/JavaScriptCore/runtime/Symbol.h >+++ b/Source/JavaScriptCore/runtime/Symbol.h >@@ -36,7 +36,7 @@ class Symbol final : public JSCell { > typedef JSCell Base; > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal | OverridesToThis; > >- template<typename> >+ template<typename, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { > return &vm.cellJSValueOOBSpace; >diff --git a/Source/JavaScriptCore/runtime/VM.cpp b/Source/JavaScriptCore/runtime/VM.cpp >index 9b954c229bc0712dbf28c6cfd729f8c700d91617..a592de8175a1af63c74f265d804046f157c92e9c 100644 >--- a/Source/JavaScriptCore/runtime/VM.cpp >+++ b/Source/JavaScriptCore/runtime/VM.cpp >@@ -289,44 +289,20 @@ VM::VM(VMType vmType, HeapType heapType) > , destructibleObjectSpace("JSDestructibleObject", heap, destructibleObjectHeapCellType.get(), fastMallocAllocator.get()) > , eagerlySweptDestructibleObjectSpace("Eagerly Swept JSDestructibleObject", heap, destructibleObjectHeapCellType.get(), fastMallocAllocator.get()) > , segmentedVariableObjectSpace("JSSegmentedVariableObjectSpace", heap, segmentedVariableObjectHeapCellType.get(), fastMallocAllocator.get()) >- , asyncFunctionSpace ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), JSAsyncFunction) >- , asyncGeneratorFunctionSpace ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), JSAsyncGeneratorFunction) >- , boundFunctionSpace ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), JSBoundFunction) >- , callbackFunctionSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), JSCallbackFunction) >- , customGetterSetterFunctionSpace ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), JSCustomGetterSetterFunction) > , executableToCodeBlockEdgeSpace ISO_SUBSPACE_INIT(heap, cellDangerousBitsHeapCellType.get(), ExecutableToCodeBlockEdge) > , functionSpace ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), JSFunction) >- , generatorFunctionSpace ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), JSGeneratorFunction) > , inferredValueSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), InferredValue) > , internalFunctionSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), InternalFunction) > , nativeExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), NativeExecutable) >- , nativeStdFunctionSpace ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), JSNativeStdFunction) >-#if JSC_OBJC_API_ENABLED >- , objCCallbackFunctionSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), ObjCCallbackFunction) >-#endif > , propertyTableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), PropertyTable) >- , proxyRevokeSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), ProxyRevoke) > , structureRareDataSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), StructureRareData) > , structureSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), Structure) >- , weakSetSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), JSWeakSet) >- , weakMapSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), JSWeakMap) >- , errorInstanceSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), ErrorInstance) >-#if ENABLE(WEBASSEMBLY) >- , webAssemblyCodeBlockSpace ISO_SUBSPACE_INIT(heap, webAssemblyCodeBlockHeapCellType.get(), JSWebAssemblyCodeBlock) >- , webAssemblyFunctionSpace ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), WebAssemblyFunction) >- , webAssemblyWrapperFunctionSpace ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), WebAssemblyWrapperFunction) >-#endif > , executableToCodeBlockEdgesWithConstraints(executableToCodeBlockEdgeSpace) > , executableToCodeBlockEdgesWithFinalizers(executableToCodeBlockEdgeSpace) > , inferredValuesWithFinalizers(inferredValueSpace) >- , evalCodeBlockSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), EvalCodeBlock) > , functionCodeBlockSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), FunctionCodeBlock) >- , moduleProgramCodeBlockSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), ModuleProgramCodeBlock) > , programCodeBlockSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), ProgramCodeBlock) >- , directEvalExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), DirectEvalExecutable) > , functionExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), FunctionExecutable) >- , indirectEvalExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), IndirectEvalExecutable) >- , moduleProgramExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), ModuleProgramExecutable) > , programExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), ProgramExecutable) > , unlinkedFunctionExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), UnlinkedFunctionExecutable) > , vmType(vmType) >@@ -1246,6 +1222,190 @@ void VM::ensureShadowChicken() > m_shadowChicken = std::make_unique<ShadowChicken>(); > } > >+IsoSubspace& VM::ensureAsyncFunctionSpaceSlow() >+{ >+ ASSERT(!asyncFunctionspace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), JSAsyncFunction); >+ WTF::storeStoreFence(); >+ asyncFunctionSpace = WTFMove(space); >+ return *asyncFunctionSpace; >+} >+ >+IsoSubspace& VM::ensureAsyncGeneratorFunctionSpaceSlow() >+{ >+ ASSERT(!asyncGeneratorFunctionspace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), JSAsyncGeneratorFunction); >+ WTF::storeStoreFence(); >+ asyncGeneratorFunctionSpace = WTFMove(space); >+ return *asyncGeneratorFunctionSpace; >+} >+ >+IsoSubspace& VM::ensureBoundFunctionSpaceSlow() >+{ >+ ASSERT(!boundFunctionspace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), JSBoundFunction); >+ WTF::storeStoreFence(); >+ boundFunctionSpace = WTFMove(space); >+ return *boundFunctionSpace; >+} >+ >+IsoSubspace& VM::ensureCallbackFunctionSpaceSlow() >+{ >+ ASSERT(!callbackFunctionspace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), JSCallbackFunction); >+ WTF::storeStoreFence(); >+ callbackFunctionSpace = WTFMove(space); >+ return *callbackFunctionSpace; >+} >+ >+IsoSubspace& VM::ensureCustomGetterSetterFunctionSpaceSlow() >+{ >+ ASSERT(!customGetterSetterFunctionspace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), JSCustomGetterSetterFunction); >+ WTF::storeStoreFence(); >+ customGetterSetterFunctionSpace = WTFMove(space); >+ return *customGetterSetterFunctionSpace; >+} >+ >+IsoSubspace& VM::ensureErrorInstanceSpaceSlow() >+{ >+ ASSERT(!errorInstanceSpace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), ErrorInstance); >+ WTF::storeStoreFence(); >+ errorInstanceSpace = WTFMove(space); >+ return *errorInstanceSpace; >+} >+ >+IsoSubspace& VM::ensureGeneratorFunctionSpaceSlow() >+{ >+ ASSERT(!generatorFunctionSpace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), JSGeneratorFunction); >+ WTF::storeStoreFence(); >+ generatorFunctionSpace = WTFMove(space); >+ return *generatorFunctionSpace; >+} >+ >+IsoSubspace& VM::ensureNativeStdFunctionSpaceSlow() >+{ >+ ASSERT(!nativeStdFunctionspace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), JSNativeStdFunction); >+ WTF::storeStoreFence(); >+ nativeStdFunctionSpace = WTFMove(space); >+ return *nativeStdFunctionSpace; >+} >+ >+IsoSubspace& VM::ensureProxyRevokeSpaceSlow() >+{ >+ ASSERT(!proxyRevokeSpace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), ProxyRevoke); >+ WTF::storeStoreFence(); >+ proxyRevokeSpace = WTFMove(space); >+ return *proxyRevokeSpace; >+} >+ >+IsoSubspace& VM::ensureWeakMapSpaceSlow() >+{ >+ ASSERT(!weakMapSpace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), JSWeakMap); >+ WTF::storeStoreFence(); >+ weakMapSpace = WTFMove(space); >+ return *weakMapSpace; >+} >+ >+IsoSubspace& VM::ensureWeakSetSpaceSlow() >+{ >+ ASSERT(!weakSetSpace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), JSWeakSet); >+ WTF::storeStoreFence(); >+ weakSetSpace = WTFMove(space); >+ return *weakSetSpace; >+} >+ >+#if JSC_OBJC_API_ENABLED >+IsoSubspace& VM::ensureObjCCallbackFunctionSpaceSlow() >+{ >+ ASSERT(!objCCallbackFunctionSpace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), ObjCCallbackFunction); >+ WTF::storeStoreFence(); >+ objCCallbackFunctionSpace = WTFMove(space); >+ return *objCCallbackFunctionSpace; >+} >+#endif >+ >+#if ENABLE(WEBASSEMBLY) >+IsoSubspace& VM::ensureWebAssemblyCodeBlockSpaceSlow() >+{ >+ ASSERT(!webAssemblyCodeBlockSpace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, webAssemblyCodeBlockHeapCellType.get(), JSWebAssemblyCodeBlock); >+ WTF::storeStoreFence(); >+ webAssemblyCodeBlockSpace = WTFMove(space); >+ return *webAssemblyCodeBlockSpace; >+} >+ >+IsoSubspace& VM::ensureWebAssemblyFunctionSpaceSlow() >+{ >+ ASSERT(!webAssemblyFunctionSpace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), WebAssemblyFunction); >+ WTF::storeStoreFence(); >+ webAssemblyFunctionSpace = WTFMove(space); >+ return *webAssemblyFunctionSpace; >+} >+ >+IsoSubspace& VM::ensureWebAssemblyWrapperFunctionSpaceSlow() >+{ >+ ASSERT(!webAssemblyWrapperFunctionSpace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), WebAssemblyWrapperFunction); >+ WTF::storeStoreFence(); >+ webAssemblyWrapperFunctionSpace = WTFMove(space); >+ return *webAssemblyWrapperFunctionSpace; >+} >+#endif >+ >+VM::SpaceAndFinalizerSet& VM::ensureEvalCodeBlockSpaceSlow() >+{ >+ ASSERT(!evalCodeBlockSpace); >+ auto space = std::make_unique<SpaceAndFinalizerSet> ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), EvalCodeBlock); >+ WTF::storeStoreFence(); >+ evalCodeBlockSpace = WTFMove(space); >+ return *evalCodeBlockSpace; >+} >+ >+VM::SpaceAndFinalizerSet& VM::ensureModuleProgramCodeBlockSpaceSlow() >+{ >+ ASSERT(!moduleProgramCodeBlockSpace); >+ auto space = std::make_unique<SpaceAndFinalizerSet> ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), ModuleProgramCodeBlock); >+ WTF::storeStoreFence(); >+ moduleProgramCodeBlockSpace = WTFMove(space); >+ return *moduleProgramCodeBlockSpace; >+} >+ >+VM::ScriptExecutableSpaceAndSet& VM::ensureDirectEvalExecutableSpaceSlow() >+{ >+ ASSERT(!directEvalExecutableSpace); >+ auto space = std::make_unique<ScriptExecutableSpaceAndSet> ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), DirectEvalExecutable); >+ WTF::storeStoreFence(); >+ directEvalExecutableSpace = WTFMove(space); >+ return *directEvalExecutableSpace; >+} >+ >+VM::ScriptExecutableSpaceAndSet& VM::ensureIndirectEvalExecutableSpaceSlow() >+{ >+ ASSERT(!indirectEvalExecutableSpace); >+ auto space = std::make_unique<ScriptExecutableSpaceAndSet> ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), IndirectEvalExecutable); >+ WTF::storeStoreFence(); >+ indirectEvalExecutableSpace = WTFMove(space); >+ return *indirectEvalExecutableSpace; >+} >+ >+VM::ScriptExecutableSpaceAndSet& VM::ensureModuleProgramExecutableSpaceSlow() >+{ >+ ASSERT(!moduleProgramExecutableSpace); >+ auto space = std::make_unique<ScriptExecutableSpaceAndSet> ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), ModuleProgramExecutable); >+ WTF::storeStoreFence(); >+ moduleProgramExecutableSpace = WTFMove(space); >+ return *moduleProgramExecutableSpace; >+} >+ > JSGlobalObject* VM::vmEntryGlobalObject(const CallFrame* callFrame) const > { > if (callFrame && callFrame->isGlobalExec()) { >diff --git a/Source/JavaScriptCore/runtime/VM.h b/Source/JavaScriptCore/runtime/VM.h >index 5839e207fe375d24d9c526090dc3bd6ba2055c93..fa76003ecd0b2eefb6b37dbb44f5a86e25f0e6c2 100644 >--- a/Source/JavaScriptCore/runtime/VM.h >+++ b/Source/JavaScriptCore/runtime/VM.h >@@ -368,32 +368,32 @@ class VM : public ThreadSafeRefCounted<VM>, public DoublyLinkedListNode<VM> { > CompleteSubspace eagerlySweptDestructibleObjectSpace; > CompleteSubspace segmentedVariableObjectSpace; > >- IsoSubspace asyncFunctionSpace; >- IsoSubspace asyncGeneratorFunctionSpace; >- IsoSubspace boundFunctionSpace; >- IsoSubspace callbackFunctionSpace; >- IsoSubspace customGetterSetterFunctionSpace; > IsoSubspace executableToCodeBlockEdgeSpace; > IsoSubspace functionSpace; >- IsoSubspace generatorFunctionSpace; > IsoSubspace inferredValueSpace; > IsoSubspace internalFunctionSpace; > IsoSubspace nativeExecutableSpace; >- IsoSubspace nativeStdFunctionSpace; >-#if JSC_OBJC_API_ENABLED >- IsoSubspace objCCallbackFunctionSpace; >-#endif > IsoSubspace propertyTableSpace; >- IsoSubspace proxyRevokeSpace; > IsoSubspace structureRareDataSpace; > IsoSubspace structureSpace; >- IsoSubspace weakSetSpace; >- IsoSubspace weakMapSpace; >- IsoSubspace errorInstanceSpace; >+ std::unique_ptr<IsoSubspace> asyncFunctionSpace; >+ std::unique_ptr<IsoSubspace> asyncGeneratorFunctionSpace; >+ std::unique_ptr<IsoSubspace> boundFunctionSpace; >+ std::unique_ptr<IsoSubspace> callbackFunctionSpace; >+ std::unique_ptr<IsoSubspace> customGetterSetterFunctionSpace; >+ std::unique_ptr<IsoSubspace> errorInstanceSpace; >+ std::unique_ptr<IsoSubspace> generatorFunctionSpace; >+ std::unique_ptr<IsoSubspace> nativeStdFunctionSpace; >+ std::unique_ptr<IsoSubspace> proxyRevokeSpace; >+ std::unique_ptr<IsoSubspace> weakSetSpace; >+ std::unique_ptr<IsoSubspace> weakMapSpace; >+#if JSC_OBJC_API_ENABLED >+ std::unique_ptr<IsoSubspace> objCCallbackFunctionSpace; >+#endif > #if ENABLE(WEBASSEMBLY) >- IsoSubspace webAssemblyCodeBlockSpace; >- IsoSubspace webAssemblyFunctionSpace; >- IsoSubspace webAssemblyWrapperFunctionSpace; >+ std::unique_ptr<IsoSubspace> webAssemblyCodeBlockSpace; >+ std::unique_ptr<IsoSubspace> webAssemblyFunctionSpace; >+ std::unique_ptr<IsoSubspace> webAssemblyWrapperFunctionSpace; > #endif > > IsoCellSet executableToCodeBlockEdgesWithConstraints; >@@ -401,6 +401,8 @@ class VM : public ThreadSafeRefCounted<VM>, public DoublyLinkedListNode<VM> { > IsoCellSet inferredValuesWithFinalizers; > > struct SpaceAndFinalizerSet { >+ WTF_MAKE_STRUCT_FAST_ALLOCATED; >+ > IsoSubspace space; > IsoCellSet finalizerSet; > >@@ -420,23 +422,43 @@ class VM : public ThreadSafeRefCounted<VM>, public DoublyLinkedListNode<VM> { > } > }; > >- SpaceAndFinalizerSet evalCodeBlockSpace; >+ std::unique_ptr<SpaceAndFinalizerSet> evalCodeBlockSpace; >+ std::unique_ptr<SpaceAndFinalizerSet> moduleProgramCodeBlockSpace; > SpaceAndFinalizerSet functionCodeBlockSpace; >- SpaceAndFinalizerSet moduleProgramCodeBlockSpace; > SpaceAndFinalizerSet programCodeBlockSpace; > >+ SpaceAndFinalizerSet& ensureEvalCodeBlockSpace() >+ { >+ if (evalCodeBlockSpace) >+ return *evalCodeBlockSpace; >+ return ensureEvalCodeBlockSpaceSlow(); >+ } >+ SpaceAndFinalizerSet& ensureEvalCodeBlockSpaceSlow(); >+ >+ SpaceAndFinalizerSet& ensureModuleProgramCodeBlockSpace() >+ { >+ if (moduleProgramCodeBlockSpace) >+ return *moduleProgramCodeBlockSpace; >+ return ensureModuleProgramCodeBlockSpaceSlow(); >+ } >+ SpaceAndFinalizerSet& ensureModuleProgramCodeBlockSpaceSlow(); >+ > template<typename Func> > void forEachCodeBlockSpace(const Func& func) > { > // This should not include webAssemblyCodeBlockSpace because this is about subsclasses of > // JSC::CodeBlock. >- func(evalCodeBlockSpace); >+ if (evalCodeBlockSpace) >+ func(*evalCodeBlockSpace); > func(functionCodeBlockSpace); >- func(moduleProgramCodeBlockSpace); >+ if (moduleProgramCodeBlockSpace) >+ func(*moduleProgramCodeBlockSpace); > func(programCodeBlockSpace); > } > > struct ScriptExecutableSpaceAndSet { >+ WTF_MAKE_STRUCT_FAST_ALLOCATED; >+ > IsoSubspace space; > IsoCellSet clearableCodeSet; > >@@ -455,19 +477,46 @@ class VM : public ThreadSafeRefCounted<VM>, public DoublyLinkedListNode<VM> { > } > }; > >- ScriptExecutableSpaceAndSet directEvalExecutableSpace; >+ std::unique_ptr<ScriptExecutableSpaceAndSet> directEvalExecutableSpace; >+ std::unique_ptr<ScriptExecutableSpaceAndSet> indirectEvalExecutableSpace; >+ std::unique_ptr<ScriptExecutableSpaceAndSet> moduleProgramExecutableSpace; > ScriptExecutableSpaceAndSet functionExecutableSpace; >- ScriptExecutableSpaceAndSet indirectEvalExecutableSpace; >- ScriptExecutableSpaceAndSet moduleProgramExecutableSpace; > ScriptExecutableSpaceAndSet programExecutableSpace; > >+ ScriptExecutableSpaceAndSet& ensureDirectEvalExecutableSpace() >+ { >+ if (directEvalExecutableSpace) >+ return *directEvalExecutableSpace; >+ return ensureDirectEvalExecutableSpaceSlow(); >+ } >+ ScriptExecutableSpaceAndSet& ensureDirectEvalExecutableSpaceSlow(); >+ >+ ScriptExecutableSpaceAndSet& ensureIndirectEvalExecutableSpace() >+ { >+ if (indirectEvalExecutableSpace) >+ return *indirectEvalExecutableSpace; >+ return ensureIndirectEvalExecutableSpaceSlow(); >+ } >+ ScriptExecutableSpaceAndSet& ensureIndirectEvalExecutableSpaceSlow(); >+ >+ ScriptExecutableSpaceAndSet& ensureModuleProgramExecutableSpace() >+ { >+ if (moduleProgramExecutableSpace) >+ return *moduleProgramExecutableSpace; >+ return ensureModuleProgramExecutableSpaceSlow(); >+ } >+ ScriptExecutableSpaceAndSet& ensureModuleProgramExecutableSpaceSlow(); >+ > template<typename Func> > void forEachScriptExecutableSpace(const Func& func) > { >- func(directEvalExecutableSpace); >+ if (directEvalExecutableSpace) >+ func(*directEvalExecutableSpace); > func(functionExecutableSpace); >- func(indirectEvalExecutableSpace); >- func(moduleProgramExecutableSpace); >+ if (indirectEvalExecutableSpace) >+ func(*indirectEvalExecutableSpace); >+ if (moduleProgramExecutableSpace) >+ func(*moduleProgramExecutableSpace); > func(programExecutableSpace); > } > >@@ -582,6 +631,130 @@ class VM : public ThreadSafeRefCounted<VM>, public DoublyLinkedListNode<VM> { > > WeakGCMap<SymbolImpl*, Symbol, PtrHash<SymbolImpl*>> symbolImplToSymbolMap; > >+ IsoSubspace& ensureAsyncFunctionSpace() >+ { >+ if (asyncFunctionSpace) >+ return *asyncFunctionSpace; >+ return ensureAsyncFunctionSpaceSlow(); >+ } >+ IsoSubspace& ensureAsyncFunctionSpaceSlow(); >+ >+ IsoSubspace& ensureAsyncGeneratorFunctionSpace() >+ { >+ if (asyncGeneratorFunctionSpace) >+ return *asyncGeneratorFunctionSpace; >+ return ensureAsyncGeneratorFunctionSpaceSlow(); >+ } >+ IsoSubspace& ensureAsyncGeneratorFunctionSpaceSlow(); >+ >+ IsoSubspace& ensureBoundFunctionSpace() >+ { >+ if (boundFunctionSpace) >+ return *boundFunctionSpace; >+ return ensureBoundFunctionSpaceSlow(); >+ } >+ IsoSubspace& ensureBoundFunctionSpaceSlow(); >+ >+ IsoSubspace& ensureCallbackFunctionSpace() >+ { >+ if (callbackFunctionSpace) >+ return *callbackFunctionSpace; >+ return ensureCallbackFunctionSpaceSlow(); >+ } >+ IsoSubspace& ensureCallbackFunctionSpaceSlow(); >+ >+ IsoSubspace& ensureCustomGetterSetterFunctionSpace() >+ { >+ if (customGetterSetterFunctionSpace) >+ return *customGetterSetterFunctionSpace; >+ return ensureCustomGetterSetterFunctionSpaceSlow(); >+ } >+ IsoSubspace& ensureCustomGetterSetterFunctionSpaceSlow(); >+ >+ IsoSubspace& ensureErrorInstanceSpace() >+ { >+ if (errorInstanceSpace) >+ return *errorInstanceSpace; >+ return ensureErrorInstanceSpaceSlow(); >+ } >+ IsoSubspace& ensureErrorInstanceSpaceSlow(); >+ >+ IsoSubspace& ensureGeneratorFunctionSpace() >+ { >+ if (generatorFunctionSpace) >+ return *generatorFunctionSpace; >+ return ensureGeneratorFunctionSpaceSlow(); >+ } >+ IsoSubspace& ensureGeneratorFunctionSpaceSlow(); >+ >+ IsoSubspace& ensureNativeStdFunctionSpace() >+ { >+ if (nativeStdFunctionSpace) >+ return *nativeStdFunctionSpace; >+ return ensureNativeStdFunctionSpaceSlow(); >+ } >+ IsoSubspace& ensureNativeStdFunctionSpaceSlow(); >+ >+ IsoSubspace& ensureProxyRevokeSpace() >+ { >+ if (proxyRevokeSpace) >+ return *proxyRevokeSpace; >+ return ensureProxyRevokeSpaceSlow(); >+ } >+ IsoSubspace& ensureProxyRevokeSpaceSlow(); >+ >+ IsoSubspace& ensureWeakMapSpace() >+ { >+ if (weakMapSpace) >+ return *weakMapSpace; >+ return ensureWeakMapSpaceSlow(); >+ } >+ IsoSubspace& ensureWeakMapSpaceSlow(); >+ >+ IsoSubspace& ensureWeakSetSpace() >+ { >+ if (weakSetSpace) >+ return *weakSetSpace; >+ return ensureWeakSetSpaceSlow(); >+ } >+ IsoSubspace& ensureWeakSetSpaceSlow(); >+ >+#if JSC_OBJC_API_ENABLED >+ IsoSubspace& ensureObjCCallbackFunctionSpace() >+ { >+ if (objCCallbackFunctionSpace) >+ return *objCCallbackFunctionSpace; >+ return ensureObjCCallbackFunctionSpaceSlow(); >+ } >+ IsoSubspace& ensureObjCCallbackFunctionSpaceSlow(); >+#endif >+ >+#if ENABLE(WEBASSEMBLY) >+ IsoSubspace& ensureWebAssemblyCodeBlockSpace() >+ { >+ if (webAssemblyCodeBlockSpace) >+ return *webAssemblyCodeBlockSpace; >+ return ensureWebAssemblyCodeBlockSpaceSlow(); >+ } >+ IsoSubspace& ensureWebAssemblyCodeBlockSpaceSlow(); >+ >+ IsoSubspace& ensureWebAssemblyFunctionSpace() >+ { >+ if (webAssemblyFunctionSpace) >+ return *webAssemblyFunctionSpace; >+ return ensureWebAssemblyFunctionSpaceSlow(); >+ } >+ IsoSubspace& ensureWebAssemblyFunctionSpaceSlow(); >+ >+ IsoSubspace& ensureWebAssemblyWrapperFunctionSpace() >+ { >+ if (webAssemblyWrapperFunctionSpace) >+ return *webAssemblyWrapperFunctionSpace; >+ return ensureWebAssemblyWrapperFunctionSpaceSlow(); >+ } >+ IsoSubspace& ensureWebAssemblyWrapperFunctionSpaceSlow(); >+#endif >+ > enum class DeletePropertyMode { > // Default behaviour of deleteProperty, matching the spec. > Default, >diff --git a/Source/JavaScriptCore/runtime/WeakMapImpl.h b/Source/JavaScriptCore/runtime/WeakMapImpl.h >index 5258cbc2d3e107b6f118132bc68f6d20d5e5100a..a039ee4a09c830b9657183407c4ce050e2ad4012 100644 >--- a/Source/JavaScriptCore/runtime/WeakMapImpl.h >+++ b/Source/JavaScriptCore/runtime/WeakMapImpl.h >@@ -302,12 +302,17 @@ class WeakMapImpl : public JSDestructibleObject { > return std::is_same<WeakMapBucketType, JSC::WeakMapBucket<WeakMapBucketDataKey>>::value; > } > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >+ if (mode == SubspaceAccess::Concurrently) { >+ if (isWeakMap()) >+ return vm.weakMapSpace.get(); >+ return vm.weakSetSpace.get(); >+ } > if (isWeakMap()) >- return &vm.weakMapSpace; >- return &vm.weakSetSpace; >+ return &vm.ensureWeakMapSpace(); >+ return &vm.ensureWeakSetSpace(); > } > > static void visitOutputConstraints(JSCell*, SlotVisitor&); >diff --git a/Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h b/Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h >index 0eb4aa16a2630b50900d3dfd6fd8c814a2c1b0bf..8dfa7766eeb618c88aa9908a8ab17bf5e3d3f71e 100644 >--- a/Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h >+++ b/Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h >@@ -59,10 +59,12 @@ class JSWebAssemblyCodeBlock final : public JSCell { > return Structure::create(vm, globalObject, prototype, TypeInfo(CellType, StructureFlags), info()); > } > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.webAssemblyCodeBlockSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.webAssemblyCodeBlockSpace.get(); >+ return &vm.ensureWebAssemblyCodeBlockSpace(); > } > > Wasm::CodeBlock& codeBlock() { return m_codeBlock.get(); } >diff --git a/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.h b/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.h >index b03ae04171158bb4a34ca4b5aec7d50a1564c3d7..a1459453e8f9f35940f040c1893c5849b5b7bfe1 100644 >--- a/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.h >+++ b/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.h >@@ -43,7 +43,7 @@ class JSWebAssemblyMemory final : public JSDestructibleObject { > public: > typedef JSDestructibleObject Base; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { > // We hold onto a lot of memory, so it makes a lot of sense to be swept eagerly. >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.h b/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.h >index 344390099ea133ac9d3f60530fddad359cc6c64f..9735b867128b0e5ca98ca97077d8e1f7ef4858af 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.h >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.h >@@ -49,10 +49,12 @@ class WebAssemblyFunction final : public WebAssemblyFunctionBase { > > const static unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.webAssemblyFunctionSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.webAssemblyFunctionSpace.get(); >+ return &vm.ensureWebAssemblyFunctionSpace(); > } > > DECLARE_EXPORT_INFO; >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.h b/Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.h >index 015fef2cda7fcf5502a618cce5a706b2547d1a8c..e2e8b66d38693d7681ed564eb3dd91c624f79f1b 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.h >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.h >@@ -40,10 +40,12 @@ class WebAssemblyWrapperFunction final : public WebAssemblyFunctionBase { > > const static unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.webAssemblyWrapperFunctionSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.webAssemblyWrapperFunctionSpace.get(); >+ return &vm.ensureWebAssemblyWrapperFunctionSpace(); > } > > DECLARE_INFO; >diff --git a/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm b/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm >index 6af893d53a72e6487236b8e501d198a0313c926d..b53514b49b4d2c0b41945dc60fdccd6dec3e7399 100644 >--- a/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm >+++ b/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm >@@ -2758,7 +2758,7 @@ sub GenerateHeader > # this just calls visitAdditionalChildren, you usually don't have to worry about this. > push(@headerContent, " static void visitOutputConstraints(JSCell*, JSC::SlotVisitor&);\n"); > my $subspaceFunc = IsDOMGlobalObject($interface) ? "globalObjectOutputConstraintSubspaceFor" : "outputConstraintSubspaceFor"; >- push(@headerContent, " template<typename> static JSC::CompleteSubspace* subspaceFor(JSC::VM& vm) { return $subspaceFunc(vm); }\n"); >+ push(@headerContent, " template<typename, JSC::SubspaceAccess> static JSC::CompleteSubspace* subspaceFor(JSC::VM& vm) { return $subspaceFunc(vm); }\n"); > } > } > >diff --git a/Source/WebCore/bridge/runtime_method.h b/Source/WebCore/bridge/runtime_method.h >index 2eefd8e4a23a7894e15f7055594d5a329b0d6e84..cdc23949ba9341b0dab1aba7b145cbf29fc7ae9a 100644 >--- a/Source/WebCore/bridge/runtime_method.h >+++ b/Source/WebCore/bridge/runtime_method.h >@@ -37,7 +37,7 @@ class WEBCORE_EXPORT RuntimeMethod : public InternalFunction { > typedef InternalFunction Base; > static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetCallData; > >- template<typename CellType> >+ template<typename CellType, JSC::SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > static_assert(sizeof(CellType) == sizeof(RuntimeMethod), "RuntimeMethod subclasses that add fields need to override subspaceFor<>()"); >diff --git a/Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.h b/Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.h >index 1864bab2b7354731ca726090e55a1769e220a5fa..28a72bbdb9cccd48ddf14b218cfb35fe58b245bf 100644 >--- a/Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.h >+++ b/Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.h >@@ -41,7 +41,7 @@ class JSNPMethod final : public JSC::InternalFunction { > public: > typedef JSC::InternalFunction Base; > >- template<typename CellType> >+ template<typename CellType, JSC::SubspaceAccess> > static JSC::IsoSubspace* subspaceFor(JSC::VM& vm) > { > return subspaceForImpl(vm); >diff --git a/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h b/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h >index 63db339c4913713390456884a6213eb379fa79d2..6f6747f431207cffaf1f04699b4baddb1c7791a7 100644 >--- a/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h >+++ b/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h >@@ -46,7 +46,7 @@ class JSNPObject final : public JSC::JSDestructibleObject { > typedef JSC::JSDestructibleObject Base; > static const unsigned StructureFlags = Base::StructureFlags | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::OverridesGetCallData; > >- template<typename CellType> >+ template<typename CellType, JSC::SubspaceAccess> > static JSC::IsoSubspace* subspaceFor(JSC::VM& vm) > { > return subspaceForImpl(vm);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=360522">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 193993
:
360518
|
360522
|
360523
|
360534
|
360535
|
360537
|
360544
|
360547
|
360550
|
360554
|
360555
|
360556
|
360557
|
360558
|
361042
|
361096