WebKit Bugzilla
Attachment 361042 Details for
Bug 193993
: [JSC] Shrink size of VM by lazily allocating IsoSubspaces for non-common types
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-193993-20190203233304.patch (text/plain), 80.58 KB, created by
Yusuke Suzuki
on 2019-02-03 23:33:05 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Yusuke Suzuki
Created:
2019-02-03 23:33:05 PST
Size:
80.58 KB
patch
obsolete
>Subversion Revision: 240915 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index ab93f3bef0252283a03d0c46630a32b1f7ad7341..ebddf43103460c103970aa5f7c15241cacf18a1c 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,150 @@ >+2019-02-03 Yusuke Suzuki <ysuzuki@apple.com> >+ >+ [JSC] Shrink size of VM by lazily allocating IsoSubspaces for non-common types >+ https://bugs.webkit.org/show_bug.cgi?id=193993 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ JSC::VM has a lot of IsoSubspaces, and each takes 504B. This unnecessarily makes VM so large. >+ And some of them are rarely used. We should allocate it lazily. >+ >+ In this patch, we make some `IsoSubspaces` `std::unique_ptr<IsoSubspace>`. And we add ensureXXXSpace >+ functions which allocate IsoSubspaces lazily. This function is used by subspaceFor<> in each class. >+ And we also add subspaceForConcurrently<> function, which is called from concurrent JIT tiers. This >+ returns nullptr if the subspace is not allocated yet. JSCell::subspaceFor now takes second template >+ parameter which tells the function whether subspaceFor is concurrently done. If the IsoSubspace is >+ lazily created, we may return nullptr for the concurrent access. We ensure the space's initialization >+ by using WTF::storeStoreFence when lazily allocating it. >+ >+ In GC's constraint solving, we may touch these lazily allocated spaces. At that time, we check the >+ existence of the space before touching this. This is not racy because the main thread is stopped when >+ the constraint solving is working. >+ >+ This changes sizeof(VM) from 64736 to 56472. >+ >+ Another interesting thing is that we removed `PreventCollectionScope preventCollectionScope(heap);` in >+ `Subspace::initialize`. This is really dangerous API since it easily causes dead-lock between the >+ collector and the mutator if IsoSubspace is dynamically created. We do want to make IsoSubspaces >+ dynamically-created ones since the requirement of the pre-allocation poses a scalability problem >+ of IsoSubspace adoption because IsoSubspace is large. Registered Subspace is only touched in the >+ EndPhase, and the peripheries should be stopped when running EndPhase. Thus, as long as the main thread >+ can run this IsoSubspace code, the collector is never EndPhase. So this is safe. >+ >+ * API/JSCallbackFunction.h: >+ * API/ObjCCallbackFunction.h: >+ (JSC::ObjCCallbackFunction::subspaceFor): >+ * API/glib/JSCCallbackFunction.h: >+ * bytecode/CodeBlock.h: >+ * bytecode/EvalCodeBlock.h: >+ * bytecode/ExecutableToCodeBlockEdge.h: >+ * bytecode/FunctionCodeBlock.h: >+ * bytecode/ModuleProgramCodeBlock.h: >+ * bytecode/ProgramCodeBlock.h: >+ * bytecode/UnlinkedFunctionExecutable.h: >+ * dfg/DFGSpeculativeJIT.cpp: >+ (JSC::DFG::SpeculativeJIT::emitAllocateRawObject): >+ (JSC::DFG::SpeculativeJIT::compileMakeRope): >+ (JSC::DFG::SpeculativeJIT::compileNewObject): >+ * ftl/FTLLowerDFGToB3.cpp: >+ (JSC::FTL::DFG::LowerDFGToB3::compileMakeRope): >+ (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject): >+ (JSC::FTL::DFG::LowerDFGToB3::allocateObject): >+ (JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedObject): >+ (JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedCell): >+ * heap/Heap.cpp: >+ (JSC::Heap::finalizeUnconditionalFinalizers): >+ (JSC::Heap::deleteAllCodeBlocks): >+ (JSC::Heap::addCoreConstraints): >+ * heap/Subspace.cpp: >+ (JSC::Subspace::initialize): >+ * jit/AssemblyHelpers.h: >+ (JSC::AssemblyHelpers::emitAllocateJSObjectWithKnownSize): >+ (JSC::AssemblyHelpers::emitAllocateVariableSizedCell): >+ * jit/JITOpcodes.cpp: >+ (JSC::JIT::emit_op_new_object): >+ * jit/JITOpcodes32_64.cpp: >+ (JSC::JIT::emit_op_new_object): >+ * runtime/DirectArguments.h: >+ * runtime/DirectEvalExecutable.h: >+ * runtime/ErrorInstance.h: >+ (JSC::ErrorInstance::subspaceFor): >+ * runtime/ExecutableBase.h: >+ * runtime/FunctionExecutable.h: >+ * runtime/IndirectEvalExecutable.h: >+ * runtime/InferredValue.cpp: >+ (JSC::InferredValue::visitChildren): >+ * runtime/InferredValue.h: >+ * runtime/InferredValueInlines.h: >+ (JSC::InferredValue::finalizeUnconditionally): >+ * runtime/InternalFunction.h: >+ * runtime/JSAsyncFunction.h: >+ * runtime/JSAsyncGeneratorFunction.h: >+ * runtime/JSBoundFunction.h: >+ * runtime/JSCell.h: >+ (JSC::subspaceFor): >+ (JSC::subspaceForConcurrently): >+ * runtime/JSCellInlines.h: >+ * runtime/JSCustomGetterSetterFunction.h: >+ * runtime/JSDestructibleObject.h: >+ * runtime/JSFunction.h: >+ * runtime/JSGeneratorFunction.h: >+ * runtime/JSImmutableButterfly.h: >+ * runtime/JSLexicalEnvironment.h: >+ (JSC::JSLexicalEnvironment::subspaceFor): >+ * runtime/JSNativeStdFunction.h: >+ * runtime/JSSegmentedVariableObject.h: >+ * runtime/JSString.h: >+ * runtime/ModuleProgramExecutable.h: >+ * runtime/NativeExecutable.h: >+ * runtime/ProgramExecutable.h: >+ * runtime/PropertyMapHashTable.h: >+ * runtime/ProxyRevoke.h: >+ * runtime/ScopedArguments.h: >+ * runtime/Structure.h: >+ * runtime/StructureRareData.h: >+ * runtime/VM.cpp: >+ (JSC::VM::VM): >+ (JSC::VM::ensureBoundFunctionSpaceSlow): >+ (JSC::VM::ensureCallbackFunctionSpaceSlow): >+ (JSC::VM::ensureCustomGetterSetterFunctionSpaceSlow): >+ (JSC::VM::ensureErrorInstanceSpaceSlow): >+ (JSC::VM::ensureNativeStdFunctionSpaceSlow): >+ (JSC::VM::ensureProxyRevokeSpaceSlow): >+ (JSC::VM::ensureWeakMapSpaceSlow): >+ (JSC::VM::ensureWeakSetSpaceSlow): >+ (JSC::VM::ensureObjCCallbackFunctionSpaceSlow): >+ (JSC::VM::ensureWebAssemblyCodeBlockSpaceSlow): >+ (JSC::VM::ensureWebAssemblyFunctionSpaceSlow): >+ (JSC::VM::ensureWebAssemblyWrapperFunctionSpaceSlow): >+ (JSC::VM::ensureInferredValueSpaceSlow): >+ (JSC::VM::ensureDirectEvalExecutableSpaceSlow): >+ (JSC::VM::ensureIndirectEvalExecutableSpaceSlow): >+ (JSC::VM::ensureModuleProgramExecutableSpaceSlow): >+ * runtime/VM.h: >+ (JSC::VM::ensureInferredValueSpace): >+ (JSC::VM::ensureDirectEvalExecutableSpace): >+ (JSC::VM::ensureIndirectEvalExecutableSpace): >+ (JSC::VM::ensureModuleProgramExecutableSpace): >+ (JSC::VM::forEachScriptExecutableSpace): >+ (JSC::VM::ensureBoundFunctionSpace): >+ (JSC::VM::ensureCallbackFunctionSpace): >+ (JSC::VM::ensureCustomGetterSetterFunctionSpace): >+ (JSC::VM::ensureErrorInstanceSpace): >+ (JSC::VM::ensureNativeStdFunctionSpace): >+ (JSC::VM::ensureProxyRevokeSpace): >+ (JSC::VM::ensureWeakMapSpace): >+ (JSC::VM::ensureWeakSetSpace): >+ (JSC::VM::ensureObjCCallbackFunctionSpace): >+ (JSC::VM::ensureWebAssemblyCodeBlockSpace): >+ (JSC::VM::ensureWebAssemblyFunctionSpace): >+ (JSC::VM::ensureWebAssemblyWrapperFunctionSpace): >+ * runtime/WeakMapImpl.h: >+ (JSC::WeakMapImpl::subspaceFor): >+ * wasm/js/JSWebAssemblyCodeBlock.h: >+ * wasm/js/JSWebAssemblyMemory.h: >+ * wasm/js/WebAssemblyFunction.h: >+ * wasm/js/WebAssemblyWrapperFunction.h: >+ > 2019-02-03 Yusuke Suzuki <ysuzuki@apple.com> > > [JSC] UnlinkedMetadataTable assumes that MetadataTable is destroyed before it is destructed, but order of destruction of JS heap cells are not guaranteed >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index e3478e353bdf4aead441991062f9aefbedc6f60f..e5b59cac46c7b61d80e6e5fec7e331554aa3f037 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,14 @@ >+2019-02-03 Yusuke Suzuki <ysuzuki@apple.com> >+ >+ [JSC] Shrink size of VM by lazily allocating IsoSubspaces for non-common types >+ https://bugs.webkit.org/show_bug.cgi?id=193993 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * bindings/scripts/CodeGeneratorJS.pm: >+ (GenerateHeader): >+ * bridge/runtime_method.h: >+ > 2019-02-03 Simon Fraser <simon.fraser@apple.com> > > Make setNeedsLayout on the root more explicitly about triggering its side-effects >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 41073f1dfbc7479658b1cfa01dcc51a41ad4a735..d132af1339f043b261e50e01efea98fbec057a8e 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,13 @@ >+2019-02-03 Yusuke Suzuki <ysuzuki@apple.com> >+ >+ [JSC] Shrink size of VM by lazily allocating IsoSubspaces for non-common types >+ https://bugs.webkit.org/show_bug.cgi?id=193993 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * WebProcess/Plugins/Netscape/JSNPMethod.h: >+ * WebProcess/Plugins/Netscape/JSNPObject.h: >+ > 2019-02-03 Fujii Hironori <Hironori.Fujii@sony.com> > > [curl] [WebKit] Assertion failures of missing networkStorageSession for storage/indexeddb tests >diff --git a/Source/JavaScriptCore/API/JSCallbackFunction.h b/Source/JavaScriptCore/API/JSCallbackFunction.h >index 6cf9cfc2e4fab7c01ddc6e02b663850b0a7f1642..9cb7f7b7ed8dd07738fb5e1cd0c72470755f88af 100644 >--- a/Source/JavaScriptCore/API/JSCallbackFunction.h >+++ b/Source/JavaScriptCore/API/JSCallbackFunction.h >@@ -37,10 +37,12 @@ class JSCallbackFunction final : public InternalFunction { > public: > typedef InternalFunction Base; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.callbackFunctionSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.callbackFunctionSpace.get(); >+ return &vm.ensureCallbackFunctionSpace(); > } > > static JSCallbackFunction* create(VM&, JSGlobalObject*, JSObjectCallAsFunctionCallback, const String& name); >diff --git a/Source/JavaScriptCore/API/ObjCCallbackFunction.h b/Source/JavaScriptCore/API/ObjCCallbackFunction.h >index c90ff0c68a3bd3a6b104b51a2204623030188da4..358fb79ab96331d2c3ded13423643e3144fbda8f 100644 >--- a/Source/JavaScriptCore/API/ObjCCallbackFunction.h >+++ b/Source/JavaScriptCore/API/ObjCCallbackFunction.h >@@ -48,10 +48,12 @@ class ObjCCallbackFunction : public InternalFunction { > public: > typedef InternalFunction Base; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.objCCallbackFunctionSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.objCCallbackFunctionSpace.get(); >+ return &vm.ensureObjCCallbackFunctionSpace(); > } > > static ObjCCallbackFunction* create(VM&, JSGlobalObject*, const String& name, std::unique_ptr<ObjCCallbackFunctionImpl>); >diff --git a/Source/JavaScriptCore/API/glib/JSCCallbackFunction.h b/Source/JavaScriptCore/API/glib/JSCCallbackFunction.h >index 04663fade495fc428379ad2300432c33bf1f870e..2c59b9b84fc8630284e318e6235f07026eccc23d 100644 >--- a/Source/JavaScriptCore/API/glib/JSCCallbackFunction.h >+++ b/Source/JavaScriptCore/API/glib/JSCCallbackFunction.h >@@ -40,7 +40,7 @@ class JSCCallbackFunction : public InternalFunction { > public: > typedef InternalFunction Base; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return subspaceForImpl(vm); >diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.h b/Source/JavaScriptCore/bytecode/CodeBlock.h >index b091683608fe18223fb6cb891f05a37055c1ee9d..d5a232b61447ad48c738c2bccd31df2dd3de2fde 100644 >--- a/Source/JavaScriptCore/bytecode/CodeBlock.h >+++ b/Source/JavaScriptCore/bytecode/CodeBlock.h >@@ -114,7 +114,7 @@ class CodeBlock : public JSCell { > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > static const bool needsDestruction = true; > >- template<typename> >+ template<typename, SubspaceAccess> > static void subspaceFor(VM&) { } > > DECLARE_INFO; >diff --git a/Source/JavaScriptCore/bytecode/EvalCodeBlock.h b/Source/JavaScriptCore/bytecode/EvalCodeBlock.h >index 1166962155a8def81e5f162568f8f5125e5d25bb..e568a8def0341a18e84905b277fa1e7893117f85 100644 >--- a/Source/JavaScriptCore/bytecode/EvalCodeBlock.h >+++ b/Source/JavaScriptCore/bytecode/EvalCodeBlock.h >@@ -38,7 +38,7 @@ class EvalCodeBlock final : public GlobalCodeBlock { > typedef GlobalCodeBlock Base; > DECLARE_INFO; > >- template<typename> >+ template<typename, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.codeBlockSpace.space; >diff --git a/Source/JavaScriptCore/bytecode/ExecutableToCodeBlockEdge.h b/Source/JavaScriptCore/bytecode/ExecutableToCodeBlockEdge.h >index 19e353048371a7dfff1ceeb8df8428e1bb71ffdc..6ef41b570223a67627ffeab1b4b9f8ee551fc8fa 100644 >--- a/Source/JavaScriptCore/bytecode/ExecutableToCodeBlockEdge.h >+++ b/Source/JavaScriptCore/bytecode/ExecutableToCodeBlockEdge.h >@@ -40,7 +40,7 @@ class ExecutableToCodeBlockEdge final : public JSCell { > typedef JSCell Base; > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.executableToCodeBlockEdgeSpace; >diff --git a/Source/JavaScriptCore/bytecode/FunctionCodeBlock.h b/Source/JavaScriptCore/bytecode/FunctionCodeBlock.h >index 55540bd0b199ae229dcfbc8a1a14f89f90ceff61..cccb5c553d37a7ec879dcb1ed542e9e277d88182 100644 >--- a/Source/JavaScriptCore/bytecode/FunctionCodeBlock.h >+++ b/Source/JavaScriptCore/bytecode/FunctionCodeBlock.h >@@ -39,7 +39,7 @@ class FunctionCodeBlock final : public CodeBlock { > typedef CodeBlock Base; > DECLARE_INFO; > >- template<typename> >+ template<typename, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.codeBlockSpace.space; >diff --git a/Source/JavaScriptCore/bytecode/ModuleProgramCodeBlock.h b/Source/JavaScriptCore/bytecode/ModuleProgramCodeBlock.h >index f74784ebdfd34eb41ad99e5a378086eb18bb6899..467b3d56d0381f49209678328da2b96778614b04 100644 >--- a/Source/JavaScriptCore/bytecode/ModuleProgramCodeBlock.h >+++ b/Source/JavaScriptCore/bytecode/ModuleProgramCodeBlock.h >@@ -39,7 +39,7 @@ class ModuleProgramCodeBlock final : public GlobalCodeBlock { > typedef GlobalCodeBlock Base; > DECLARE_INFO; > >- template<typename> >+ template<typename, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.codeBlockSpace.space; >diff --git a/Source/JavaScriptCore/bytecode/ProgramCodeBlock.h b/Source/JavaScriptCore/bytecode/ProgramCodeBlock.h >index be89b6df495b7f3e25ed3457450703b073b0fa80..e8ba30fe5bccf229c5c7b7c7c14b77fda7b77776 100644 >--- a/Source/JavaScriptCore/bytecode/ProgramCodeBlock.h >+++ b/Source/JavaScriptCore/bytecode/ProgramCodeBlock.h >@@ -39,7 +39,7 @@ class ProgramCodeBlock final : public GlobalCodeBlock { > typedef GlobalCodeBlock Base; > DECLARE_INFO; > >- template<typename> >+ template<typename, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.codeBlockSpace.space; >diff --git a/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h b/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h >index d637d68af5ad631558ea93b3b86b9da04cb83175..205152d598a6c3b3f131258dae70aeedf5678ad5 100644 >--- a/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h >+++ b/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h >@@ -61,7 +61,7 @@ class UnlinkedFunctionExecutable final : public JSCell { > typedef JSCell Base; > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.unlinkedFunctionExecutableSpace.space; >diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp >index 9ec916f2ea05972f666a9b2132806fee4aef595d..d7a498a4a258f83ef0f8eca489f9ff73923e7812 100644 >--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp >+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp >@@ -130,7 +130,9 @@ void SpeculativeJIT::emitAllocateRawObject(GPRReg resultGPR, RegisteredStructure > } > > size_t allocationSize = JSFinalObject::allocationSize(inlineCapacity); >- Allocator allocator = subspaceFor<JSFinalObject>(*m_jit.vm())->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); >+ Allocator allocator; >+ if (auto* subspace = subspaceForConcurrently<JSFinalObject>(*m_jit.vm())) >+ allocator = subspace->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); > if (allocator) { > emitAllocateJSObject(resultGPR, JITAllocator::constant(allocator), scratchGPR, TrustedImmPtr(structure), storageGPR, scratch2GPR, slowCases); > m_jit.emitInitializeInlineStorage(resultGPR, structure->inlineCapacity()); >@@ -4359,7 +4361,9 @@ void SpeculativeJIT::compileMakeRope(Node* node) > GPRReg scratchGPR = scratch.gpr(); > > JITCompiler::JumpList slowPath; >- Allocator allocatorValue = subspaceFor<JSRopeString>(*m_jit.vm())->allocatorForNonVirtual(sizeof(JSRopeString), AllocatorForMode::AllocatorIfExists); >+ Allocator allocatorValue; >+ if (auto* subspace = subspaceForConcurrently<JSRopeString>(*m_jit.vm())) >+ allocatorValue = subspace->allocatorForNonVirtual(sizeof(JSRopeString), AllocatorForMode::AllocatorIfExists); > emitAllocateJSCell(resultGPR, JITAllocator::constant(allocatorValue), allocatorGPR, TrustedImmPtr(m_jit.graph().registerStructure(m_jit.vm()->stringStructure.get())), scratchGPR, slowPath); > > m_jit.storePtr(TrustedImmPtr(nullptr), JITCompiler::Address(resultGPR, JSString::offsetOfValue())); >@@ -12540,7 +12544,9 @@ void SpeculativeJIT::compileNewObject(Node* node) > > RegisteredStructure structure = node->structure(); > size_t allocationSize = JSFinalObject::allocationSize(structure->inlineCapacity()); >- Allocator allocatorValue = subspaceFor<JSFinalObject>(*m_jit.vm())->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); >+ Allocator allocatorValue; >+ if (auto* subspace = subspaceForConcurrently<JSFinalObject>(*m_jit.vm())) >+ allocatorValue = subspace->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); > > if (!allocatorValue) > slowPath.append(m_jit.jump()); >diff --git a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >index 4f3a5a054b58b145c70c8a4a6a4af6cc0f5a0807..008d1fec1420ee2743d8883be9bfe1965207fe4b 100644 >--- a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >+++ b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >@@ -6471,7 +6471,9 @@ class LowerDFGToB3 { > > LBasicBlock lastNext = m_out.insertNewBlocksBefore(slowPath); > >- Allocator allocator = subspaceFor<JSRopeString>(vm())->allocatorForNonVirtual(sizeof(JSRopeString), AllocatorForMode::AllocatorIfExists); >+ Allocator allocator; >+ if (auto* subspace = subspaceForConcurrently<JSRopeString>(vm())) >+ allocator = subspace->allocatorForNonVirtual(sizeof(JSRopeString), AllocatorForMode::AllocatorIfExists); > > LValue result = allocateCell( > m_out.constIntPtr(allocator.localAllocator()), vm().stringStructure.get(), slowPath); >@@ -10722,7 +10724,9 @@ class LowerDFGToB3 { > > if (structure->outOfLineCapacity() || hasIndexedProperties(structure->indexingType())) { > size_t allocationSize = JSFinalObject::allocationSize(structure->inlineCapacity()); >- Allocator cellAllocator = subspaceFor<JSFinalObject>(vm())->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); >+ Allocator cellAllocator; >+ if (auto* subspace = subspaceForConcurrently<JSFinalObject>(vm())) >+ cellAllocator = subspace->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); > > bool hasIndexingHeader = hasIndexedProperties(structure->indexingType()); > unsigned indexingHeaderSize = 0; >@@ -13189,7 +13193,9 @@ class LowerDFGToB3 { > LValue allocateObject( > size_t size, StructureType structure, LValue butterfly, LBasicBlock slowPath) > { >- Allocator allocator = subspaceFor<ClassType>(vm())->allocatorForNonVirtual(size, AllocatorForMode::AllocatorIfExists); >+ Allocator allocator; >+ if (auto* subspace = subspaceForConcurrently<ClassType>(vm())) >+ allocator = subspace->allocatorForNonVirtual(size, AllocatorForMode::AllocatorIfExists); > return allocateObject( > m_out.constIntPtr(allocator.localAllocator()), structure, butterfly, slowPath); > } >@@ -13253,7 +13259,9 @@ class LowerDFGToB3 { > LValue allocateVariableSizedObject( > LValue size, RegisteredStructure structure, LValue butterfly, LBasicBlock slowPath) > { >- LValue allocator = allocatorForSize(*subspaceFor<ClassType>(vm()), size, slowPath); >+ CompleteSubspace* subspace = subspaceForConcurrently<ClassType>(vm()); >+ RELEASE_ASSERT_WITH_MESSAGE(subspace, "CompleteSubspace is always allocated"); >+ LValue allocator = allocatorForSize(*subspace, size, slowPath); > return allocateObject(allocator, structure, butterfly, slowPath); > } > >@@ -13261,14 +13269,18 @@ class LowerDFGToB3 { > LValue allocateVariableSizedCell( > LValue size, Structure* structure, LBasicBlock slowPath) > { >- LValue allocator = allocatorForSize(*subspaceFor<ClassType>(vm()), size, slowPath); >+ CompleteSubspace* subspace = subspaceForConcurrently<ClassType>(vm()); >+ RELEASE_ASSERT_WITH_MESSAGE(subspace, "CompleteSubspace is always allocated"); >+ LValue allocator = allocatorForSize(*subspace, size, slowPath); > return allocateCell(allocator, structure, slowPath); > } > > LValue allocateObject(RegisteredStructure structure) > { > size_t allocationSize = JSFinalObject::allocationSize(structure.get()->inlineCapacity()); >- Allocator allocator = subspaceFor<JSFinalObject>(vm())->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); >+ Allocator allocator; >+ if (auto* subspace = subspaceForConcurrently<JSFinalObject>(vm())) >+ allocator = subspace->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); > > // FIXME: If the allocator is null, we could simply emit a normal C call to the allocator > // instead of putting it on the slow path. >diff --git a/Source/JavaScriptCore/heap/Heap.cpp b/Source/JavaScriptCore/heap/Heap.cpp >index 06ea3b62e6436440323b3a9dd3c2debe8b002e7b..70068d001ad8f8659b71e9e5755641c6fa98772e 100644 >--- a/Source/JavaScriptCore/heap/Heap.cpp >+++ b/Source/JavaScriptCore/heap/Heap.cpp >@@ -567,18 +567,23 @@ void Heap::finalizeMarkedUnconditionalFinalizers(CellSet& cellSet) > > void Heap::finalizeUnconditionalFinalizers() > { >- finalizeMarkedUnconditionalFinalizers<InferredValue>(vm()->inferredValuesWithFinalizers); >+ if (vm()->inferredValueSpace) >+ finalizeMarkedUnconditionalFinalizers<InferredValue>(vm()->inferredValueSpace->space); > vm()->forEachCodeBlockSpace( > [&] (auto& space) { > this->finalizeMarkedUnconditionalFinalizers<CodeBlock>(space.finalizerSet); > }); > finalizeMarkedUnconditionalFinalizers<ExecutableToCodeBlockEdge>(vm()->executableToCodeBlockEdgesWithFinalizers); >- finalizeMarkedUnconditionalFinalizers<JSWeakSet>(vm()->weakSetSpace); >- finalizeMarkedUnconditionalFinalizers<JSWeakMap>(vm()->weakMapSpace); >- finalizeMarkedUnconditionalFinalizers<ErrorInstance>(vm()->errorInstanceSpace); >+ if (vm()->weakSetSpace) >+ finalizeMarkedUnconditionalFinalizers<JSWeakSet>(*vm()->weakSetSpace); >+ if (vm()->weakMapSpace) >+ finalizeMarkedUnconditionalFinalizers<JSWeakMap>(*vm()->weakMapSpace); >+ if (vm()->errorInstanceSpace) >+ finalizeMarkedUnconditionalFinalizers<ErrorInstance>(*vm()->errorInstanceSpace); > > #if ENABLE(WEBASSEMBLY) >- finalizeMarkedUnconditionalFinalizers<JSWebAssemblyCodeBlock>(vm()->webAssemblyCodeBlockSpace); >+ if (vm()->webAssemblyCodeBlockSpace) >+ finalizeMarkedUnconditionalFinalizers<JSWebAssemblyCodeBlock>(*vm()->webAssemblyCodeBlockSpace); > #endif > } > >@@ -896,11 +901,13 @@ void Heap::deleteAllCodeBlocks(DeleteAllCodeEffort effort) > // points into a CodeBlock that could be dead. The IC will still succeed because > // it uses a callee check, but then it will call into dead code. > HeapIterationScope heapIterationScope(*this); >- vm.webAssemblyCodeBlockSpace.forEachLiveCell([&] (HeapCell* cell, HeapCell::Kind kind) { >- ASSERT_UNUSED(kind, kind == HeapCell::JSCell); >- JSWebAssemblyCodeBlock* codeBlock = static_cast<JSWebAssemblyCodeBlock*>(cell); >- codeBlock->clearJSCallICs(vm); >- }); >+ if (vm.webAssemblyCodeBlockSpace) { >+ vm.webAssemblyCodeBlockSpace->forEachLiveCell([&] (HeapCell* cell, HeapCell::Kind kind) { >+ ASSERT_UNUSED(kind, kind == HeapCell::JSCell); >+ JSWebAssemblyCodeBlock* codeBlock = static_cast<JSWebAssemblyCodeBlock*>(cell); >+ codeBlock->clearJSCallICs(vm); >+ }); >+ } > } > #endif > } >@@ -2730,7 +2737,8 @@ void Heap::addCoreConstraints() > }; > > add(vm.executableToCodeBlockEdgesWithConstraints); >- add(vm.weakMapSpace); >+ if (vm.weakMapSpace) >+ add(*vm.weakMapSpace); > }, > ConstraintVolatility::GreyedByMarking, > ConstraintParallelism::Parallel); >diff --git a/Source/JavaScriptCore/heap/Subspace.cpp b/Source/JavaScriptCore/heap/Subspace.cpp >index b87052c65e2091f2ddb279cfa49f2fc72abbaac0..de40617fd32cfede2abbf9be2b8b9de9220fff5f 100644 >--- a/Source/JavaScriptCore/heap/Subspace.cpp >+++ b/Source/JavaScriptCore/heap/Subspace.cpp >@@ -50,7 +50,6 @@ void Subspace::initialize(HeapCellType* heapCellType, AlignedMemoryAllocator* al > m_directoryForEmptyAllocation = m_alignedMemoryAllocator->firstDirectory(); > > Heap& heap = *m_space.heap(); >- PreventCollectionScope preventCollectionScope(heap); > heap.objectSpace().m_subspaces.append(this); > m_alignedMemoryAllocator->registerSubspace(this); > } >diff --git a/Source/JavaScriptCore/jit/AssemblyHelpers.h b/Source/JavaScriptCore/jit/AssemblyHelpers.h >index 283bb03033bc583703ecd6fc0bc8bf87f93e7528..8abd20067ae2aade2ff94d6c7a7a37984272a24b 100644 >--- a/Source/JavaScriptCore/jit/AssemblyHelpers.h >+++ b/Source/JavaScriptCore/jit/AssemblyHelpers.h >@@ -1752,7 +1752,9 @@ class AssemblyHelpers : public MacroAssembler { > VM& vm, GPRReg resultGPR, StructureType structure, StorageType storage, GPRReg scratchGPR1, > GPRReg scratchGPR2, JumpList& slowPath, size_t size) > { >- Allocator allocator = subspaceFor<ClassType>(vm)->allocatorForNonVirtual(size, AllocatorForMode::AllocatorIfExists); >+ Allocator allocator; >+ if (auto* subspace = subspaceForConcurrently<ClassType>(vm)) >+ allocator = subspace->allocatorForNonVirtual(size, AllocatorForMode::AllocatorIfExists); > emitAllocateJSObject(resultGPR, JITAllocator::constant(allocator), scratchGPR1, structure, storage, scratchGPR2, slowPath); > } > >@@ -1769,8 +1771,9 @@ class AssemblyHelpers : public MacroAssembler { > template<typename ClassType, typename StructureType> > void emitAllocateVariableSizedCell(VM& vm, GPRReg resultGPR, StructureType structure, GPRReg allocationSize, GPRReg scratchGPR1, GPRReg scratchGPR2, JumpList& slowPath) > { >- CompleteSubspace& subspace = *subspaceFor<ClassType>(vm); >- emitAllocateVariableSized(resultGPR, subspace, allocationSize, scratchGPR1, scratchGPR2, slowPath); >+ CompleteSubspace* subspace = subspaceForConcurrently<ClassType>(vm); >+ RELEASE_ASSERT_WITH_MESSAGE(subspace, "CompleteSubspace is always allocated"); >+ emitAllocateVariableSized(resultGPR, *subspace, allocationSize, scratchGPR1, scratchGPR2, slowPath); > emitStoreStructureWithTypeInfo(structure, resultGPR, scratchGPR2); > } > >diff --git a/Source/JavaScriptCore/jit/JITOpcodes.cpp b/Source/JavaScriptCore/jit/JITOpcodes.cpp >index 378dc505f7007b5207a2115a856002d54cf11cb7..6ad0cd818fd009975d1c1f9322fdadc9ba75dd5a 100644 >--- a/Source/JavaScriptCore/jit/JITOpcodes.cpp >+++ b/Source/JavaScriptCore/jit/JITOpcodes.cpp >@@ -96,7 +96,9 @@ void JIT::emit_op_new_object(const Instruction* currentInstruction) > auto& metadata = bytecode.metadata(m_codeBlock); > Structure* structure = metadata.m_objectAllocationProfile.structure(); > size_t allocationSize = JSFinalObject::allocationSize(structure->inlineCapacity()); >- Allocator allocator = subspaceFor<JSFinalObject>(*m_vm)->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); >+ Allocator allocator; >+ if (auto* subspace = subspaceForConcurrently<JSFinalObject>(*m_vm)) >+ allocator = subspace->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); > > RegisterID resultReg = regT0; > RegisterID allocatorReg = regT1; >diff --git a/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp b/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp >index f36cd4339dee03f75ed10df196948e2317570f69..784fd5ca32f9301cc051c674353262fcd3bd36af 100644 >--- a/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp >+++ b/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp >@@ -84,7 +84,9 @@ void JIT::emit_op_new_object(const Instruction* currentInstruction) > auto& metadata = bytecode.metadata(m_codeBlock); > Structure* structure = metadata.m_objectAllocationProfile.structure(); > size_t allocationSize = JSFinalObject::allocationSize(structure->inlineCapacity()); >- Allocator allocator = subspaceFor<JSFinalObject>(*m_vm)->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); >+ Allocator allocator; >+ if (auto* subspace = subspaceForConcurrently<JSFinalObject>(*m_vm)) >+ allocator = subspace->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); > > RegisterID resultReg = returnValueGPR; > RegisterID allocatorReg = regT1; >diff --git a/Source/JavaScriptCore/runtime/DirectArguments.h b/Source/JavaScriptCore/runtime/DirectArguments.h >index 2a78fd0fea3e83af1404005d6ac3be5be13a0cae..32cdd0b7046cc8f6186b58c439d65745efe9dced 100644 >--- a/Source/JavaScriptCore/runtime/DirectArguments.h >+++ b/Source/JavaScriptCore/runtime/DirectArguments.h >@@ -46,10 +46,10 @@ class DirectArguments final : public GenericArguments<DirectArguments> { > DirectArguments(VM&, Structure*, unsigned length, unsigned capacity); > > public: >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { >- RELEASE_ASSERT(!CellType::needsDestruction); >+ static_assert(!CellType::needsDestruction, ""); > return &vm.jsValueGigacageCellSpace; > } > >diff --git a/Source/JavaScriptCore/runtime/DirectEvalExecutable.h b/Source/JavaScriptCore/runtime/DirectEvalExecutable.h >index 32067080e78f797345851fd79d4f0ba6fc18feae..1af63f79cedd27f100d392a70d67f0bf356980b5 100644 >--- a/Source/JavaScriptCore/runtime/DirectEvalExecutable.h >+++ b/Source/JavaScriptCore/runtime/DirectEvalExecutable.h >@@ -31,10 +31,15 @@ namespace JSC { > > class DirectEvalExecutable final : public EvalExecutable { > public: >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.directEvalExecutableSpace.space; >+ if (mode == SubspaceAccess::Concurrently) { >+ if (auto* space = vm.directEvalExecutableSpace.get()) >+ return &space->space; >+ return nullptr; >+ } >+ return &vm.ensureDirectEvalExecutableSpace().space; > } > > static DirectEvalExecutable* create(ExecState*, const SourceCode&, bool isInStrictContext, DerivedContextType, bool isArrowFunctionContext, EvalContextType, const VariableEnvironment*); >diff --git a/Source/JavaScriptCore/runtime/ErrorInstance.h b/Source/JavaScriptCore/runtime/ErrorInstance.h >index d95cbf81b40169581a5e2a144959bf72e49e2534..aa567f79f0b81313da651dd116b95a20498b4a59 100644 >--- a/Source/JavaScriptCore/runtime/ErrorInstance.h >+++ b/Source/JavaScriptCore/runtime/ErrorInstance.h >@@ -72,10 +72,12 @@ class ErrorInstance : public JSDestructibleObject { > bool materializeErrorInfoIfNeeded(VM&); > bool materializeErrorInfoIfNeeded(VM&, PropertyName); > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.errorInstanceSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.errorInstanceSpace.get(); >+ return &vm.ensureErrorInstanceSpace(); > } > > void finalizeUnconditionally(VM&); >diff --git a/Source/JavaScriptCore/runtime/ExecutableBase.h b/Source/JavaScriptCore/runtime/ExecutableBase.h >index c719ffba5f893a6ff5b82d67a42820dfd0bc8e43..de60f0b861b4f6ea91e1d2c58878e01b4d61fd70 100644 >--- a/Source/JavaScriptCore/runtime/ExecutableBase.h >+++ b/Source/JavaScriptCore/runtime/ExecutableBase.h >@@ -84,7 +84,7 @@ class ExecutableBase : public JSCell { > static void destroy(JSCell*); > > // Force subclasses to override this. >- template<typename> >+ template<typename, SubspaceAccess> > static void subspaceFor(VM&) { } > > CodeBlockHash hashFor(CodeSpecializationKind) const; >diff --git a/Source/JavaScriptCore/runtime/FunctionExecutable.h b/Source/JavaScriptCore/runtime/FunctionExecutable.h >index 5b14e2b2ab5e7c83d799d4096bfb59d44ca49514..b84c895ffd14dd9a9b67004e47b177e6d1af26aa 100644 >--- a/Source/JavaScriptCore/runtime/FunctionExecutable.h >+++ b/Source/JavaScriptCore/runtime/FunctionExecutable.h >@@ -39,7 +39,7 @@ class FunctionExecutable final : public ScriptExecutable { > typedef ScriptExecutable Base; > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.functionExecutableSpace.space; >diff --git a/Source/JavaScriptCore/runtime/IndirectEvalExecutable.h b/Source/JavaScriptCore/runtime/IndirectEvalExecutable.h >index d868d93efc342cca017720de22646c1af2632e76..8cc9721fc1a2a95b34f5e3220d600e8cfc4e1b86 100644 >--- a/Source/JavaScriptCore/runtime/IndirectEvalExecutable.h >+++ b/Source/JavaScriptCore/runtime/IndirectEvalExecutable.h >@@ -31,10 +31,15 @@ namespace JSC { > > class IndirectEvalExecutable final : public EvalExecutable { > public: >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.indirectEvalExecutableSpace.space; >+ if (mode == SubspaceAccess::Concurrently) { >+ if (auto* space = vm.indirectEvalExecutableSpace.get()) >+ return &space->space; >+ return nullptr; >+ } >+ return &vm.ensureIndirectEvalExecutableSpace().space; > } > > static IndirectEvalExecutable* create(ExecState*, const SourceCode&, bool isInStrictContext, DerivedContextType, bool isArrowFunctionContext, EvalContextType); >diff --git a/Source/JavaScriptCore/runtime/InferredValue.cpp b/Source/JavaScriptCore/runtime/InferredValue.cpp >index 989479edfd68b524041590fc723d8853040d4aec..3714a5715945d6a407f56b0f8573c7a3e1471b91 100644 >--- a/Source/JavaScriptCore/runtime/InferredValue.cpp >+++ b/Source/JavaScriptCore/runtime/InferredValue.cpp >@@ -63,7 +63,7 @@ void InferredValue::visitChildren(JSCell* cell, SlotVisitor& visitor) > if (!value.isCell()) > return; > >- visitor.vm().inferredValuesWithFinalizers.add(inferredValue); >+ VM::SpaceAndFinalizerSet::finalizerSetFor(*inferredValue->subspace()).add(inferredValue); > } > > InferredValue::InferredValue(VM& vm) >diff --git a/Source/JavaScriptCore/runtime/InferredValue.h b/Source/JavaScriptCore/runtime/InferredValue.h >index 08028ef4b7e5cc3ab9231ea6d1063920ae9a0338..c6da8e1ed066445248f1c55a035cf5ce6fdba58d 100644 >--- a/Source/JavaScriptCore/runtime/InferredValue.h >+++ b/Source/JavaScriptCore/runtime/InferredValue.h >@@ -45,10 +45,15 @@ class InferredValue final : public JSCell { > public: > typedef JSCell Base; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.inferredValueSpace; >+ if (mode == SubspaceAccess::Concurrently) { >+ if (auto* space = vm.inferredValueSpace.get()) >+ return &space->space; >+ return nullptr; >+ } >+ return &vm.ensureInferredValueSpace().space; > } > > static InferredValue* create(VM&); >diff --git a/Source/JavaScriptCore/runtime/InferredValueInlines.h b/Source/JavaScriptCore/runtime/InferredValueInlines.h >index 9694b6df766ab98842534e65fcbfe311c22c404a..38856067dce8fabb8b4137184903a24556737451 100644 >--- a/Source/JavaScriptCore/runtime/InferredValueInlines.h >+++ b/Source/JavaScriptCore/runtime/InferredValueInlines.h >@@ -40,7 +40,7 @@ void InferredValue::finalizeUnconditionally(VM& vm) > invalidate(vm, StringFireDetail("InferredValue clean-up during GC")); > } > >- vm.inferredValuesWithFinalizers.remove(this); >+ VM::SpaceAndFinalizerSet::finalizerSetFor(*subspace()).remove(this); > } > > } // namespace JSC >diff --git a/Source/JavaScriptCore/runtime/InternalFunction.h b/Source/JavaScriptCore/runtime/InternalFunction.h >index 244c4f72a8f6783cadb04c2f5d4187f8d9a1d98a..634d9dd1027b68d4130d4188f6d76e0e8d2796b2 100644 >--- a/Source/JavaScriptCore/runtime/InternalFunction.h >+++ b/Source/JavaScriptCore/runtime/InternalFunction.h >@@ -38,7 +38,7 @@ class InternalFunction : public JSDestructibleObject { > typedef JSDestructibleObject Base; > static const unsigned StructureFlags = Base::StructureFlags | ImplementsHasInstance | ImplementsDefaultHasInstance | OverridesGetCallData; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > static_assert(sizeof(CellType) == sizeof(InternalFunction), "InternalFunction subclasses that add fields need to override subspaceFor<>()"); >diff --git a/Source/JavaScriptCore/runtime/JSAsyncFunction.h b/Source/JavaScriptCore/runtime/JSAsyncFunction.h >index 9b98ea28efea48e8a9e781cab18f92c6121f46fd..ba80bab6c9c9fbb644aa72fc6f088d6e979b0772 100644 >--- a/Source/JavaScriptCore/runtime/JSAsyncFunction.h >+++ b/Source/JavaScriptCore/runtime/JSAsyncFunction.h >@@ -38,7 +38,7 @@ class JSAsyncFunction final : public JSFunction { > > const static unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.functionSpace; >diff --git a/Source/JavaScriptCore/runtime/JSAsyncGeneratorFunction.h b/Source/JavaScriptCore/runtime/JSAsyncGeneratorFunction.h >index 06c072bcd887813ef51bc24863d5ad474bb9dfcf..70239b8c03a03545e193c6781bf452a5b6af4e37 100644 >--- a/Source/JavaScriptCore/runtime/JSAsyncGeneratorFunction.h >+++ b/Source/JavaScriptCore/runtime/JSAsyncGeneratorFunction.h >@@ -38,7 +38,7 @@ class JSAsyncGeneratorFunction final : public JSFunction { > > const static unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.functionSpace; >diff --git a/Source/JavaScriptCore/runtime/JSBoundFunction.h b/Source/JavaScriptCore/runtime/JSBoundFunction.h >index 928ddc58a219f12a39d97d4d1008485d99688491..eb968342e000f5c03c1d4c64a4f33b8073e3e4cd 100644 >--- a/Source/JavaScriptCore/runtime/JSBoundFunction.h >+++ b/Source/JavaScriptCore/runtime/JSBoundFunction.h >@@ -42,10 +42,12 @@ class JSBoundFunction final : public JSFunction { > const static unsigned StructureFlags = Base::StructureFlags & ~ImplementsDefaultHasInstance; > static_assert(StructureFlags & ImplementsHasInstance, ""); > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.boundFunctionSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.boundFunctionSpace.get(); >+ return &vm.ensureBoundFunctionSpace(); > } > > static JSBoundFunction* create(VM&, ExecState*, JSGlobalObject*, JSObject* targetFunction, JSValue boundThis, JSArray* boundArgs, int, const String& name); >diff --git a/Source/JavaScriptCore/runtime/JSCell.h b/Source/JavaScriptCore/runtime/JSCell.h >index 9e8ba60d9f621e49881fe22026cafdaa8ea7eda8..c1e20fe6727ad8b476809662fbea5f37e1ec048a 100644 >--- a/Source/JavaScriptCore/runtime/JSCell.h >+++ b/Source/JavaScriptCore/runtime/JSCell.h >@@ -57,6 +57,11 @@ enum class GCDeferralContextArgPresense { > DoesNotHaveArg > }; > >+enum class SubspaceAccess { >+ OnMainThread, >+ Concurrently, >+}; >+ > template<typename T> void* allocateCell(Heap&, size_t = sizeof(T)); > template<typename T> void* tryAllocateCell(Heap&, size_t = sizeof(T)); > template<typename T> void* allocateCell(Heap&, GCDeferralContext*, size_t = sizeof(T)); >@@ -88,7 +93,7 @@ class JSCell : public HeapCell { > // Don't call this directly. Call JSC::subspaceFor<Type>(vm) instead. > // FIXME: Refer to Subspace by reference. > // https://bugs.webkit.org/show_bug.cgi?id=166988 >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM&); > > static JSCell* seenMultipleCalleeObjects() { return bitwise_cast<JSCell*>(static_cast<uintptr_t>(1)); } >@@ -294,7 +299,13 @@ class JSCellLock : public JSCell { > template<typename Type> > inline auto subspaceFor(VM& vm) > { >- return Type::template subspaceFor<Type>(vm); >+ return Type::template subspaceFor<Type, SubspaceAccess::OnMainThread>(vm); >+} >+ >+template<typename Type> >+inline auto subspaceForConcurrently(VM& vm) >+{ >+ return Type::template subspaceFor<Type, SubspaceAccess::Concurrently>(vm); > } > > } // namespace JSC >diff --git a/Source/JavaScriptCore/runtime/JSCellInlines.h b/Source/JavaScriptCore/runtime/JSCellInlines.h >index f4639eb0792f9edcf3fcc4a9b8a7d95a5b9c2d64..76deba6e386d07271007c42e53f1941896aab291 100644 >--- a/Source/JavaScriptCore/runtime/JSCellInlines.h >+++ b/Source/JavaScriptCore/runtime/JSCellInlines.h >@@ -145,7 +145,7 @@ ALWAYS_INLINE VM& ExecState::vm() const > return *callee->markedBlock().vm(); > } > >-template<typename CellType> >+template<typename CellType, SubspaceAccess> > CompleteSubspace* JSCell::subspaceFor(VM& vm) > { > if (CellType::needsDestruction) >diff --git a/Source/JavaScriptCore/runtime/JSCustomGetterSetterFunction.h b/Source/JavaScriptCore/runtime/JSCustomGetterSetterFunction.h >index 17c7f18be8db35a85d216906312f1a1e8d5439cc..88d8f15402f7786f288a4bef8adcdb601b512035 100644 >--- a/Source/JavaScriptCore/runtime/JSCustomGetterSetterFunction.h >+++ b/Source/JavaScriptCore/runtime/JSCustomGetterSetterFunction.h >@@ -40,10 +40,12 @@ class JSCustomGetterSetterFunction final : public JSFunction { > > static const unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.customGetterSetterFunctionSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.customGetterSetterFunctionSpace.get(); >+ return &vm.ensureCustomGetterSetterFunctionSpace(); > } > > static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype) >diff --git a/Source/JavaScriptCore/runtime/JSDestructibleObject.h b/Source/JavaScriptCore/runtime/JSDestructibleObject.h >index 43828f0fc1df41bf35b9f13777d987a53b92ce82..d2617b75836fe3a647968bc33d0f01f091964adb 100644 >--- a/Source/JavaScriptCore/runtime/JSDestructibleObject.h >+++ b/Source/JavaScriptCore/runtime/JSDestructibleObject.h >@@ -37,7 +37,7 @@ class JSDestructibleObject : public JSNonFinalObject { > > static const bool needsDestruction = true; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { > return &vm.destructibleObjectSpace; >diff --git a/Source/JavaScriptCore/runtime/JSFunction.h b/Source/JavaScriptCore/runtime/JSFunction.h >index 1e77632b511f2e26e2c4d2af892d9a6966b4c63b..3bf067658c3af38e759784e06a7b4dde43823f7e 100644 >--- a/Source/JavaScriptCore/runtime/JSFunction.h >+++ b/Source/JavaScriptCore/runtime/JSFunction.h >@@ -62,7 +62,7 @@ class JSFunction : public JSCallee { > > public: > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.functionSpace; >diff --git a/Source/JavaScriptCore/runtime/JSGeneratorFunction.h b/Source/JavaScriptCore/runtime/JSGeneratorFunction.h >index ee5ac42a806d49786779fe5c1360b9edbe8ef46a..99781c57b97a303675203988f2b392bda82a0311 100644 >--- a/Source/JavaScriptCore/runtime/JSGeneratorFunction.h >+++ b/Source/JavaScriptCore/runtime/JSGeneratorFunction.h >@@ -66,7 +66,7 @@ class JSGeneratorFunction final : public JSFunction { > > const static unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.functionSpace; >diff --git a/Source/JavaScriptCore/runtime/JSImmutableButterfly.h b/Source/JavaScriptCore/runtime/JSImmutableButterfly.h >index 4ac2a6c4e4b5da3ccad5d448328f52ac67f69cd2..b554c5fdeccf6bc1ee3633ff4811eed2755047b0 100644 >--- a/Source/JavaScriptCore/runtime/JSImmutableButterfly.h >+++ b/Source/JavaScriptCore/runtime/JSImmutableButterfly.h >@@ -88,7 +88,7 @@ class JSImmutableButterfly : public JSCell { > > void copyToArguments(ExecState*, VirtualRegister firstElementDest, unsigned offset, unsigned length); > >- template<typename> >+ template<typename, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { > // We allocate out of the JSValue gigacage as other code expects all butterflies to live there. >diff --git a/Source/JavaScriptCore/runtime/JSLexicalEnvironment.h b/Source/JavaScriptCore/runtime/JSLexicalEnvironment.h >index cfec9567b6746ddd06e464133121a9dd021deea2..3b67629889603a67ecf6c05df4748c3a5119cdb3 100644 >--- a/Source/JavaScriptCore/runtime/JSLexicalEnvironment.h >+++ b/Source/JavaScriptCore/runtime/JSLexicalEnvironment.h >@@ -40,10 +40,10 @@ class JSLexicalEnvironment : public JSSymbolTableObject { > friend class JIT; > friend class LLIntOffsetsExtractor; > public: >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { >- RELEASE_ASSERT(!CellType::needsDestruction); >+ static_assert(!CellType::needsDestruction, ""); > return &vm.jsValueGigacageCellSpace; > } > >diff --git a/Source/JavaScriptCore/runtime/JSNativeStdFunction.h b/Source/JavaScriptCore/runtime/JSNativeStdFunction.h >index e2041496f8e7aa208c0fc66a034980d98d0ff0ac..532e36d9a97b4db497352152af97dc43415dc350 100644 >--- a/Source/JavaScriptCore/runtime/JSNativeStdFunction.h >+++ b/Source/JavaScriptCore/runtime/JSNativeStdFunction.h >@@ -40,10 +40,12 @@ class JSNativeStdFunction final : public JSFunction { > > const static unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.nativeStdFunctionSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.nativeStdFunctionSpace.get(); >+ return &vm.ensureNativeStdFunctionSpace(); > } > > DECLARE_EXPORT_INFO; >diff --git a/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h b/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h >index cb5fe372ae22fbe10fba8a650f84cef59a24a511..deef4e5f9e86a87797521910b6167133af65b618 100644 >--- a/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h >+++ b/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h >@@ -90,7 +90,7 @@ class JSSegmentedVariableObject : public JSSymbolTableObject { > > static void destroy(JSCell*); > >- template<typename> >+ template<typename, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { > return &vm.segmentedVariableObjectSpace; >diff --git a/Source/JavaScriptCore/runtime/JSString.h b/Source/JavaScriptCore/runtime/JSString.h >index 57d7f9040240f06f700fb88dd1233134c374f1af..8b4d2091364236480ee62748b2706f1d3239b11d 100644 >--- a/Source/JavaScriptCore/runtime/JSString.h >+++ b/Source/JavaScriptCore/runtime/JSString.h >@@ -89,7 +89,7 @@ class JSString : public JSCell { > > // We specialize the string subspace to get the fastest possible sweep. This wouldn't be > // necessary if JSString didn't have a destructor. >- template<typename> >+ template<typename, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { > return &vm.stringSpace; >diff --git a/Source/JavaScriptCore/runtime/ModuleProgramExecutable.h b/Source/JavaScriptCore/runtime/ModuleProgramExecutable.h >index f5171d4c34ad27d9b92167d64471964156b0d524..2deafbf609404018022d0e8bb284eb43faade325 100644 >--- a/Source/JavaScriptCore/runtime/ModuleProgramExecutable.h >+++ b/Source/JavaScriptCore/runtime/ModuleProgramExecutable.h >@@ -36,10 +36,15 @@ class ModuleProgramExecutable final : public ScriptExecutable { > typedef ScriptExecutable Base; > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.moduleProgramExecutableSpace.space; >+ if (mode == SubspaceAccess::Concurrently) { >+ if (auto* space = vm.moduleProgramExecutableSpace.get()) >+ return &space->space; >+ return nullptr; >+ } >+ return &vm.ensureModuleProgramExecutableSpace().space; > } > > static ModuleProgramExecutable* create(ExecState*, const SourceCode&); >diff --git a/Source/JavaScriptCore/runtime/NativeExecutable.h b/Source/JavaScriptCore/runtime/NativeExecutable.h >index 637be6fde74715921559e6159b3717a89a0849a2..91fb35ba0ea3c438a2400c24a458e9bbfb99cb44 100644 >--- a/Source/JavaScriptCore/runtime/NativeExecutable.h >+++ b/Source/JavaScriptCore/runtime/NativeExecutable.h >@@ -44,7 +44,7 @@ class NativeExecutable final : public ExecutableBase { > > static void destroy(JSCell*); > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.nativeExecutableSpace; >diff --git a/Source/JavaScriptCore/runtime/ProgramExecutable.h b/Source/JavaScriptCore/runtime/ProgramExecutable.h >index ff84c9e7122866318a4acf415c856f211c088b7f..a1ecd21e0100fff7e7256a9d5c746658e423130d 100644 >--- a/Source/JavaScriptCore/runtime/ProgramExecutable.h >+++ b/Source/JavaScriptCore/runtime/ProgramExecutable.h >@@ -36,7 +36,7 @@ class ProgramExecutable final : public ScriptExecutable { > typedef ScriptExecutable Base; > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.programExecutableSpace.space; >diff --git a/Source/JavaScriptCore/runtime/PropertyMapHashTable.h b/Source/JavaScriptCore/runtime/PropertyMapHashTable.h >index 27edadc47ccd864ab01f5c3950dcf18828888058..70e9a71d0ddb064cc255b4e3e22a90abdeaf3828 100644 >--- a/Source/JavaScriptCore/runtime/PropertyMapHashTable.h >+++ b/Source/JavaScriptCore/runtime/PropertyMapHashTable.h >@@ -123,7 +123,7 @@ class PropertyTable final : public JSCell { > typedef JSCell Base; > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.propertyTableSpace; >diff --git a/Source/JavaScriptCore/runtime/ProxyRevoke.h b/Source/JavaScriptCore/runtime/ProxyRevoke.h >index 322096564e9870cc392e383c9005f770ba8e7e80..ca064fd9fdf67ec5c311994bbd4a99d09fe16e15 100644 >--- a/Source/JavaScriptCore/runtime/ProxyRevoke.h >+++ b/Source/JavaScriptCore/runtime/ProxyRevoke.h >@@ -36,10 +36,12 @@ class ProxyRevoke final : public InternalFunction { > typedef InternalFunction Base; > static const unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.proxyRevokeSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.proxyRevokeSpace.get(); >+ return &vm.ensureProxyRevokeSpace(); > } > > static ProxyRevoke* create(VM&, Structure*, ProxyObject*); >diff --git a/Source/JavaScriptCore/runtime/ScopedArguments.h b/Source/JavaScriptCore/runtime/ScopedArguments.h >index a9c0b2407fa50018c337169233dc7ff2f57829ad..4d48a99da50feb6117795a90ace437b9face2a16 100644 >--- a/Source/JavaScriptCore/runtime/ScopedArguments.h >+++ b/Source/JavaScriptCore/runtime/ScopedArguments.h >@@ -43,7 +43,7 @@ class ScopedArguments final : public GenericArguments<ScopedArguments> { > using Base = GenericArguments<ScopedArguments>; > > public: >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { > RELEASE_ASSERT(!CellType::needsDestruction); >diff --git a/Source/JavaScriptCore/runtime/Structure.h b/Source/JavaScriptCore/runtime/Structure.h >index e11a853e1acbd24b695d10109d1dd3205ce0ea62..36826932411c067c1bbc73f5a392aa94a7e6ee96 100644 >--- a/Source/JavaScriptCore/runtime/Structure.h >+++ b/Source/JavaScriptCore/runtime/Structure.h >@@ -132,7 +132,7 @@ class Structure final : public JSCell { > > ~Structure(); > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.structureSpace; >diff --git a/Source/JavaScriptCore/runtime/StructureRareData.h b/Source/JavaScriptCore/runtime/StructureRareData.h >index 336732d11d873d42f20f9910871e28c270f6a885..c4be7140ce82c2941d2241f38d8d5af38f8bc618 100644 >--- a/Source/JavaScriptCore/runtime/StructureRareData.h >+++ b/Source/JavaScriptCore/runtime/StructureRareData.h >@@ -43,7 +43,7 @@ class StructureRareData final : public JSCell { > typedef JSCell Base; > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.structureRareDataSpace; >diff --git a/Source/JavaScriptCore/runtime/VM.cpp b/Source/JavaScriptCore/runtime/VM.cpp >index 30afc6ab9cb4c4417191642e69b5f2ecd0d21870..8c8d03c33898e5fd5b1ea2b1d12fcd981886aba1 100644 >--- a/Source/JavaScriptCore/runtime/VM.cpp >+++ b/Source/JavaScriptCore/runtime/VM.cpp >@@ -287,38 +287,17 @@ VM::VM(VMType vmType, HeapType heapType) > , destructibleObjectSpace("JSDestructibleObject", heap, destructibleObjectHeapCellType.get(), fastMallocAllocator.get()) > , eagerlySweptDestructibleObjectSpace("Eagerly Swept JSDestructibleObject", heap, destructibleObjectHeapCellType.get(), fastMallocAllocator.get()) > , segmentedVariableObjectSpace("JSSegmentedVariableObjectSpace", heap, segmentedVariableObjectHeapCellType.get(), fastMallocAllocator.get()) >- , boundFunctionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSBoundFunction) >- , callbackFunctionSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), JSCallbackFunction) >- , customGetterSetterFunctionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSCustomGetterSetterFunction) > , executableToCodeBlockEdgeSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), ExecutableToCodeBlockEdge) > , functionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSFunction) >- , inferredValueSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), InferredValue) > , internalFunctionSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), InternalFunction) > , nativeExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), NativeExecutable) >- , nativeStdFunctionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSNativeStdFunction) >-#if JSC_OBJC_API_ENABLED >- , objCCallbackFunctionSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), ObjCCallbackFunction) >-#endif > , propertyTableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), PropertyTable) >- , proxyRevokeSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), ProxyRevoke) > , structureRareDataSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), StructureRareData) > , structureSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), Structure) >- , weakSetSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), JSWeakSet) >- , weakMapSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), JSWeakMap) >- , errorInstanceSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), ErrorInstance) >-#if ENABLE(WEBASSEMBLY) >- , webAssemblyCodeBlockSpace ISO_SUBSPACE_INIT(heap, webAssemblyCodeBlockHeapCellType.get(), JSWebAssemblyCodeBlock) >- , webAssemblyFunctionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), WebAssemblyFunction) >- , webAssemblyWrapperFunctionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), WebAssemblyWrapperFunction) >-#endif > , executableToCodeBlockEdgesWithConstraints(executableToCodeBlockEdgeSpace) > , executableToCodeBlockEdgesWithFinalizers(executableToCodeBlockEdgeSpace) >- , inferredValuesWithFinalizers(inferredValueSpace) > , codeBlockSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), CodeBlock) >- , directEvalExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), DirectEvalExecutable) > , functionExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), FunctionExecutable) >- , indirectEvalExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), IndirectEvalExecutable) >- , moduleProgramExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), ModuleProgramExecutable) > , programExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), ProgramExecutable) > , unlinkedFunctionExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), UnlinkedFunctionExecutable) > , vmType(vmType) >@@ -1239,6 +1218,154 @@ void VM::ensureShadowChicken() > m_shadowChicken = std::make_unique<ShadowChicken>(); > } > >+IsoSubspace& VM::ensureBoundFunctionSpaceSlow() >+{ >+ ASSERT(!boundFunctionSpace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSBoundFunction); >+ WTF::storeStoreFence(); >+ boundFunctionSpace = WTFMove(space); >+ return *boundFunctionSpace; >+} >+ >+IsoSubspace& VM::ensureCallbackFunctionSpaceSlow() >+{ >+ ASSERT(!callbackFunctionSpace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), JSCallbackFunction); >+ WTF::storeStoreFence(); >+ callbackFunctionSpace = WTFMove(space); >+ return *callbackFunctionSpace; >+} >+ >+IsoSubspace& VM::ensureCustomGetterSetterFunctionSpaceSlow() >+{ >+ ASSERT(!customGetterSetterFunctionSpace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSCustomGetterSetterFunction); >+ WTF::storeStoreFence(); >+ customGetterSetterFunctionSpace = WTFMove(space); >+ return *customGetterSetterFunctionSpace; >+} >+ >+IsoSubspace& VM::ensureErrorInstanceSpaceSlow() >+{ >+ ASSERT(!errorInstanceSpace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), ErrorInstance); >+ WTF::storeStoreFence(); >+ errorInstanceSpace = WTFMove(space); >+ return *errorInstanceSpace; >+} >+ >+IsoSubspace& VM::ensureNativeStdFunctionSpaceSlow() >+{ >+ ASSERT(!nativeStdFunctionSpace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSNativeStdFunction); >+ WTF::storeStoreFence(); >+ nativeStdFunctionSpace = WTFMove(space); >+ return *nativeStdFunctionSpace; >+} >+ >+IsoSubspace& VM::ensureProxyRevokeSpaceSlow() >+{ >+ ASSERT(!proxyRevokeSpace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), ProxyRevoke); >+ WTF::storeStoreFence(); >+ proxyRevokeSpace = WTFMove(space); >+ return *proxyRevokeSpace; >+} >+ >+IsoSubspace& VM::ensureWeakMapSpaceSlow() >+{ >+ ASSERT(!weakMapSpace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), JSWeakMap); >+ WTF::storeStoreFence(); >+ weakMapSpace = WTFMove(space); >+ return *weakMapSpace; >+} >+ >+IsoSubspace& VM::ensureWeakSetSpaceSlow() >+{ >+ ASSERT(!weakSetSpace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), JSWeakSet); >+ WTF::storeStoreFence(); >+ weakSetSpace = WTFMove(space); >+ return *weakSetSpace; >+} >+ >+#if JSC_OBJC_API_ENABLED >+IsoSubspace& VM::ensureObjCCallbackFunctionSpaceSlow() >+{ >+ ASSERT(!objCCallbackFunctionSpace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), ObjCCallbackFunction); >+ WTF::storeStoreFence(); >+ objCCallbackFunctionSpace = WTFMove(space); >+ return *objCCallbackFunctionSpace; >+} >+#endif >+ >+#if ENABLE(WEBASSEMBLY) >+IsoSubspace& VM::ensureWebAssemblyCodeBlockSpaceSlow() >+{ >+ ASSERT(!webAssemblyCodeBlockSpace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, webAssemblyCodeBlockHeapCellType.get(), JSWebAssemblyCodeBlock); >+ WTF::storeStoreFence(); >+ webAssemblyCodeBlockSpace = WTFMove(space); >+ return *webAssemblyCodeBlockSpace; >+} >+ >+IsoSubspace& VM::ensureWebAssemblyFunctionSpaceSlow() >+{ >+ ASSERT(!webAssemblyFunctionSpace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), WebAssemblyFunction); >+ WTF::storeStoreFence(); >+ webAssemblyFunctionSpace = WTFMove(space); >+ return *webAssemblyFunctionSpace; >+} >+ >+IsoSubspace& VM::ensureWebAssemblyWrapperFunctionSpaceSlow() >+{ >+ ASSERT(!webAssemblyWrapperFunctionSpace); >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), WebAssemblyWrapperFunction); >+ WTF::storeStoreFence(); >+ webAssemblyWrapperFunctionSpace = WTFMove(space); >+ return *webAssemblyWrapperFunctionSpace; >+} >+#endif >+ >+VM::SpaceAndFinalizerSet& VM::ensureInferredValueSpaceSlow() >+{ >+ ASSERT(!inferredValueSpace); >+ auto space = std::make_unique<SpaceAndFinalizerSet> ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), InferredValue); >+ WTF::storeStoreFence(); >+ inferredValueSpace = WTFMove(space); >+ return *inferredValueSpace; >+} >+ >+VM::ScriptExecutableSpaceAndSet& VM::ensureDirectEvalExecutableSpaceSlow() >+{ >+ ASSERT(!directEvalExecutableSpace); >+ auto space = std::make_unique<ScriptExecutableSpaceAndSet> ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), DirectEvalExecutable); >+ WTF::storeStoreFence(); >+ directEvalExecutableSpace = WTFMove(space); >+ return *directEvalExecutableSpace; >+} >+ >+VM::ScriptExecutableSpaceAndSet& VM::ensureIndirectEvalExecutableSpaceSlow() >+{ >+ ASSERT(!indirectEvalExecutableSpace); >+ auto space = std::make_unique<ScriptExecutableSpaceAndSet> ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), IndirectEvalExecutable); >+ WTF::storeStoreFence(); >+ indirectEvalExecutableSpace = WTFMove(space); >+ return *indirectEvalExecutableSpace; >+} >+ >+VM::ScriptExecutableSpaceAndSet& VM::ensureModuleProgramExecutableSpaceSlow() >+{ >+ ASSERT(!moduleProgramExecutableSpace); >+ auto space = std::make_unique<ScriptExecutableSpaceAndSet> ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), ModuleProgramExecutable); >+ WTF::storeStoreFence(); >+ moduleProgramExecutableSpace = WTFMove(space); >+ return *moduleProgramExecutableSpace; >+} >+ > JSGlobalObject* VM::vmEntryGlobalObject(const CallFrame* callFrame) const > { > if (callFrame && callFrame->isGlobalExec()) { >diff --git a/Source/JavaScriptCore/runtime/VM.h b/Source/JavaScriptCore/runtime/VM.h >index 8abaa20b154226ec2189d27f0cda7da667c56ab2..100282b78c521238d34cbdb57b48f41d38ce4450 100644 >--- a/Source/JavaScriptCore/runtime/VM.h >+++ b/Source/JavaScriptCore/runtime/VM.h >@@ -366,36 +366,36 @@ class VM : public ThreadSafeRefCounted<VM>, public DoublyLinkedListNode<VM> { > CompleteSubspace eagerlySweptDestructibleObjectSpace; > CompleteSubspace segmentedVariableObjectSpace; > >- IsoSubspace boundFunctionSpace; >- IsoSubspace callbackFunctionSpace; >- IsoSubspace customGetterSetterFunctionSpace; > IsoSubspace executableToCodeBlockEdgeSpace; > IsoSubspace functionSpace; >- IsoSubspace inferredValueSpace; > IsoSubspace internalFunctionSpace; > IsoSubspace nativeExecutableSpace; >- IsoSubspace nativeStdFunctionSpace; >-#if JSC_OBJC_API_ENABLED >- IsoSubspace objCCallbackFunctionSpace; >-#endif > IsoSubspace propertyTableSpace; >- IsoSubspace proxyRevokeSpace; > IsoSubspace structureRareDataSpace; > IsoSubspace structureSpace; >- IsoSubspace weakSetSpace; >- IsoSubspace weakMapSpace; >- IsoSubspace errorInstanceSpace; >+#if JSC_OBJC_API_ENABLED >+ std::unique_ptr<IsoSubspace> objCCallbackFunctionSpace; >+#endif >+ std::unique_ptr<IsoSubspace> boundFunctionSpace; >+ std::unique_ptr<IsoSubspace> callbackFunctionSpace; >+ std::unique_ptr<IsoSubspace> customGetterSetterFunctionSpace; >+ std::unique_ptr<IsoSubspace> errorInstanceSpace; >+ std::unique_ptr<IsoSubspace> nativeStdFunctionSpace; >+ std::unique_ptr<IsoSubspace> proxyRevokeSpace; >+ std::unique_ptr<IsoSubspace> weakSetSpace; >+ std::unique_ptr<IsoSubspace> weakMapSpace; > #if ENABLE(WEBASSEMBLY) >- IsoSubspace webAssemblyCodeBlockSpace; >- IsoSubspace webAssemblyFunctionSpace; >- IsoSubspace webAssemblyWrapperFunctionSpace; >+ std::unique_ptr<IsoSubspace> webAssemblyCodeBlockSpace; >+ std::unique_ptr<IsoSubspace> webAssemblyFunctionSpace; >+ std::unique_ptr<IsoSubspace> webAssemblyWrapperFunctionSpace; > #endif > > IsoCellSet executableToCodeBlockEdgesWithConstraints; > IsoCellSet executableToCodeBlockEdgesWithFinalizers; >- IsoCellSet inferredValuesWithFinalizers; > > struct SpaceAndFinalizerSet { >+ WTF_MAKE_STRUCT_FAST_ALLOCATED; >+ > IsoSubspace space; > IsoCellSet finalizerSet; > >@@ -416,6 +416,15 @@ class VM : public ThreadSafeRefCounted<VM>, public DoublyLinkedListNode<VM> { > }; > > SpaceAndFinalizerSet codeBlockSpace; >+ std::unique_ptr<SpaceAndFinalizerSet> inferredValueSpace; >+ >+ SpaceAndFinalizerSet& ensureInferredValueSpace() >+ { >+ if (inferredValueSpace) >+ return *inferredValueSpace; >+ return ensureInferredValueSpaceSlow(); >+ } >+ SpaceAndFinalizerSet& ensureInferredValueSpaceSlow(); > > template<typename Func> > void forEachCodeBlockSpace(const Func& func) >@@ -426,6 +435,8 @@ class VM : public ThreadSafeRefCounted<VM>, public DoublyLinkedListNode<VM> { > } > > struct ScriptExecutableSpaceAndSet { >+ WTF_MAKE_STRUCT_FAST_ALLOCATED; >+ > IsoSubspace space; > IsoCellSet clearableCodeSet; > >@@ -444,23 +455,52 @@ class VM : public ThreadSafeRefCounted<VM>, public DoublyLinkedListNode<VM> { > } > }; > >- ScriptExecutableSpaceAndSet directEvalExecutableSpace; >+ std::unique_ptr<ScriptExecutableSpaceAndSet> directEvalExecutableSpace; >+ std::unique_ptr<ScriptExecutableSpaceAndSet> indirectEvalExecutableSpace; >+ std::unique_ptr<ScriptExecutableSpaceAndSet> moduleProgramExecutableSpace; > ScriptExecutableSpaceAndSet functionExecutableSpace; >- ScriptExecutableSpaceAndSet indirectEvalExecutableSpace; >- ScriptExecutableSpaceAndSet moduleProgramExecutableSpace; > ScriptExecutableSpaceAndSet programExecutableSpace; > >+ ScriptExecutableSpaceAndSet& ensureDirectEvalExecutableSpace() >+ { >+ if (directEvalExecutableSpace) >+ return *directEvalExecutableSpace; >+ return ensureDirectEvalExecutableSpaceSlow(); >+ } >+ ScriptExecutableSpaceAndSet& ensureDirectEvalExecutableSpaceSlow(); >+ >+ ScriptExecutableSpaceAndSet& ensureIndirectEvalExecutableSpace() >+ { >+ if (indirectEvalExecutableSpace) >+ return *indirectEvalExecutableSpace; >+ return ensureIndirectEvalExecutableSpaceSlow(); >+ } >+ ScriptExecutableSpaceAndSet& ensureIndirectEvalExecutableSpaceSlow(); >+ >+ ScriptExecutableSpaceAndSet& ensureModuleProgramExecutableSpace() >+ { >+ if (moduleProgramExecutableSpace) >+ return *moduleProgramExecutableSpace; >+ return ensureModuleProgramExecutableSpaceSlow(); >+ } >+ ScriptExecutableSpaceAndSet& ensureModuleProgramExecutableSpaceSlow(); >+ > template<typename Func> > void forEachScriptExecutableSpace(const Func& func) > { >- func(directEvalExecutableSpace); >+ if (directEvalExecutableSpace) >+ func(*directEvalExecutableSpace); > func(functionExecutableSpace); >- func(indirectEvalExecutableSpace); >- func(moduleProgramExecutableSpace); >+ if (indirectEvalExecutableSpace) >+ func(*indirectEvalExecutableSpace); >+ if (moduleProgramExecutableSpace) >+ func(*moduleProgramExecutableSpace); > func(programExecutableSpace); > } > > struct UnlinkedFunctionExecutableSpaceAndSet { >+ WTF_MAKE_STRUCT_FAST_ALLOCATED; >+ > IsoSubspace space; > IsoCellSet clearableCodeSet; > >@@ -571,6 +611,106 @@ class VM : public ThreadSafeRefCounted<VM>, public DoublyLinkedListNode<VM> { > > WeakGCMap<SymbolImpl*, Symbol, PtrHash<SymbolImpl*>> symbolImplToSymbolMap; > >+ IsoSubspace& ensureBoundFunctionSpace() >+ { >+ if (boundFunctionSpace) >+ return *boundFunctionSpace; >+ return ensureBoundFunctionSpaceSlow(); >+ } >+ IsoSubspace& ensureBoundFunctionSpaceSlow(); >+ >+ IsoSubspace& ensureCallbackFunctionSpace() >+ { >+ if (callbackFunctionSpace) >+ return *callbackFunctionSpace; >+ return ensureCallbackFunctionSpaceSlow(); >+ } >+ IsoSubspace& ensureCallbackFunctionSpaceSlow(); >+ >+ IsoSubspace& ensureCustomGetterSetterFunctionSpace() >+ { >+ if (customGetterSetterFunctionSpace) >+ return *customGetterSetterFunctionSpace; >+ return ensureCustomGetterSetterFunctionSpaceSlow(); >+ } >+ IsoSubspace& ensureCustomGetterSetterFunctionSpaceSlow(); >+ >+ IsoSubspace& ensureErrorInstanceSpace() >+ { >+ if (errorInstanceSpace) >+ return *errorInstanceSpace; >+ return ensureErrorInstanceSpaceSlow(); >+ } >+ IsoSubspace& ensureErrorInstanceSpaceSlow(); >+ >+ IsoSubspace& ensureNativeStdFunctionSpace() >+ { >+ if (nativeStdFunctionSpace) >+ return *nativeStdFunctionSpace; >+ return ensureNativeStdFunctionSpaceSlow(); >+ } >+ IsoSubspace& ensureNativeStdFunctionSpaceSlow(); >+ >+ IsoSubspace& ensureProxyRevokeSpace() >+ { >+ if (proxyRevokeSpace) >+ return *proxyRevokeSpace; >+ return ensureProxyRevokeSpaceSlow(); >+ } >+ IsoSubspace& ensureProxyRevokeSpaceSlow(); >+ >+ IsoSubspace& ensureWeakMapSpace() >+ { >+ if (weakMapSpace) >+ return *weakMapSpace; >+ return ensureWeakMapSpaceSlow(); >+ } >+ IsoSubspace& ensureWeakMapSpaceSlow(); >+ >+ IsoSubspace& ensureWeakSetSpace() >+ { >+ if (weakSetSpace) >+ return *weakSetSpace; >+ return ensureWeakSetSpaceSlow(); >+ } >+ IsoSubspace& ensureWeakSetSpaceSlow(); >+ >+#if JSC_OBJC_API_ENABLED >+ IsoSubspace& ensureObjCCallbackFunctionSpace() >+ { >+ if (objCCallbackFunctionSpace) >+ return *objCCallbackFunctionSpace; >+ return ensureObjCCallbackFunctionSpaceSlow(); >+ } >+ IsoSubspace& ensureObjCCallbackFunctionSpaceSlow(); >+#endif >+ >+#if ENABLE(WEBASSEMBLY) >+ IsoSubspace& ensureWebAssemblyCodeBlockSpace() >+ { >+ if (webAssemblyCodeBlockSpace) >+ return *webAssemblyCodeBlockSpace; >+ return ensureWebAssemblyCodeBlockSpaceSlow(); >+ } >+ IsoSubspace& ensureWebAssemblyCodeBlockSpaceSlow(); >+ >+ IsoSubspace& ensureWebAssemblyFunctionSpace() >+ { >+ if (webAssemblyFunctionSpace) >+ return *webAssemblyFunctionSpace; >+ return ensureWebAssemblyFunctionSpaceSlow(); >+ } >+ IsoSubspace& ensureWebAssemblyFunctionSpaceSlow(); >+ >+ IsoSubspace& ensureWebAssemblyWrapperFunctionSpace() >+ { >+ if (webAssemblyWrapperFunctionSpace) >+ return *webAssemblyWrapperFunctionSpace; >+ return ensureWebAssemblyWrapperFunctionSpaceSlow(); >+ } >+ IsoSubspace& ensureWebAssemblyWrapperFunctionSpaceSlow(); >+#endif >+ > enum class DeletePropertyMode { > // Default behaviour of deleteProperty, matching the spec. > Default, >diff --git a/Source/JavaScriptCore/runtime/WeakMapImpl.h b/Source/JavaScriptCore/runtime/WeakMapImpl.h >index 5258cbc2d3e107b6f118132bc68f6d20d5e5100a..a039ee4a09c830b9657183407c4ce050e2ad4012 100644 >--- a/Source/JavaScriptCore/runtime/WeakMapImpl.h >+++ b/Source/JavaScriptCore/runtime/WeakMapImpl.h >@@ -302,12 +302,17 @@ class WeakMapImpl : public JSDestructibleObject { > return std::is_same<WeakMapBucketType, JSC::WeakMapBucket<WeakMapBucketDataKey>>::value; > } > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >+ if (mode == SubspaceAccess::Concurrently) { >+ if (isWeakMap()) >+ return vm.weakMapSpace.get(); >+ return vm.weakSetSpace.get(); >+ } > if (isWeakMap()) >- return &vm.weakMapSpace; >- return &vm.weakSetSpace; >+ return &vm.ensureWeakMapSpace(); >+ return &vm.ensureWeakSetSpace(); > } > > static void visitOutputConstraints(JSCell*, SlotVisitor&); >diff --git a/Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h b/Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h >index 0eb4aa16a2630b50900d3dfd6fd8c814a2c1b0bf..8dfa7766eeb618c88aa9908a8ab17bf5e3d3f71e 100644 >--- a/Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h >+++ b/Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h >@@ -59,10 +59,12 @@ class JSWebAssemblyCodeBlock final : public JSCell { > return Structure::create(vm, globalObject, prototype, TypeInfo(CellType, StructureFlags), info()); > } > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.webAssemblyCodeBlockSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.webAssemblyCodeBlockSpace.get(); >+ return &vm.ensureWebAssemblyCodeBlockSpace(); > } > > Wasm::CodeBlock& codeBlock() { return m_codeBlock.get(); } >diff --git a/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.h b/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.h >index b03ae04171158bb4a34ca4b5aec7d50a1564c3d7..a1459453e8f9f35940f040c1893c5849b5b7bfe1 100644 >--- a/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.h >+++ b/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.h >@@ -43,7 +43,7 @@ class JSWebAssemblyMemory final : public JSDestructibleObject { > public: > typedef JSDestructibleObject Base; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { > // We hold onto a lot of memory, so it makes a lot of sense to be swept eagerly. >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.h b/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.h >index 344390099ea133ac9d3f60530fddad359cc6c64f..9735b867128b0e5ca98ca97077d8e1f7ef4858af 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.h >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.h >@@ -49,10 +49,12 @@ class WebAssemblyFunction final : public WebAssemblyFunctionBase { > > const static unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.webAssemblyFunctionSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.webAssemblyFunctionSpace.get(); >+ return &vm.ensureWebAssemblyFunctionSpace(); > } > > DECLARE_EXPORT_INFO; >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.h b/Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.h >index 015fef2cda7fcf5502a618cce5a706b2547d1a8c..e2e8b66d38693d7681ed564eb3dd91c624f79f1b 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.h >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.h >@@ -40,10 +40,12 @@ class WebAssemblyWrapperFunction final : public WebAssemblyFunctionBase { > > const static unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.webAssemblyWrapperFunctionSpace; >+ if (mode == SubspaceAccess::Concurrently) >+ return vm.webAssemblyWrapperFunctionSpace.get(); >+ return &vm.ensureWebAssemblyWrapperFunctionSpace(); > } > > DECLARE_INFO; >diff --git a/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm b/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm >index 6af893d53a72e6487236b8e501d198a0313c926d..b53514b49b4d2c0b41945dc60fdccd6dec3e7399 100644 >--- a/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm >+++ b/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm >@@ -2758,7 +2758,7 @@ sub GenerateHeader > # this just calls visitAdditionalChildren, you usually don't have to worry about this. > push(@headerContent, " static void visitOutputConstraints(JSCell*, JSC::SlotVisitor&);\n"); > my $subspaceFunc = IsDOMGlobalObject($interface) ? "globalObjectOutputConstraintSubspaceFor" : "outputConstraintSubspaceFor"; >- push(@headerContent, " template<typename> static JSC::CompleteSubspace* subspaceFor(JSC::VM& vm) { return $subspaceFunc(vm); }\n"); >+ push(@headerContent, " template<typename, JSC::SubspaceAccess> static JSC::CompleteSubspace* subspaceFor(JSC::VM& vm) { return $subspaceFunc(vm); }\n"); > } > } > >diff --git a/Source/WebCore/bridge/runtime_method.h b/Source/WebCore/bridge/runtime_method.h >index 2eefd8e4a23a7894e15f7055594d5a329b0d6e84..cdc23949ba9341b0dab1aba7b145cbf29fc7ae9a 100644 >--- a/Source/WebCore/bridge/runtime_method.h >+++ b/Source/WebCore/bridge/runtime_method.h >@@ -37,7 +37,7 @@ class WEBCORE_EXPORT RuntimeMethod : public InternalFunction { > typedef InternalFunction Base; > static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetCallData; > >- template<typename CellType> >+ template<typename CellType, JSC::SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > static_assert(sizeof(CellType) == sizeof(RuntimeMethod), "RuntimeMethod subclasses that add fields need to override subspaceFor<>()"); >diff --git a/Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.h b/Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.h >index 1864bab2b7354731ca726090e55a1769e220a5fa..28a72bbdb9cccd48ddf14b218cfb35fe58b245bf 100644 >--- a/Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.h >+++ b/Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.h >@@ -41,7 +41,7 @@ class JSNPMethod final : public JSC::InternalFunction { > public: > typedef JSC::InternalFunction Base; > >- template<typename CellType> >+ template<typename CellType, JSC::SubspaceAccess> > static JSC::IsoSubspace* subspaceFor(JSC::VM& vm) > { > return subspaceForImpl(vm); >diff --git a/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h b/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h >index 63db339c4913713390456884a6213eb379fa79d2..6f6747f431207cffaf1f04699b4baddb1c7791a7 100644 >--- a/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h >+++ b/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h >@@ -46,7 +46,7 @@ class JSNPObject final : public JSC::JSDestructibleObject { > typedef JSC::JSDestructibleObject Base; > static const unsigned StructureFlags = Base::StructureFlags | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::OverridesGetCallData; > >- template<typename CellType> >+ template<typename CellType, JSC::SubspaceAccess> > static JSC::IsoSubspace* subspaceFor(JSC::VM& vm) > { > return subspaceForImpl(vm);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=361042">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 193993
:
360518
|
360522
|
360523
|
360534
|
360535
|
360537
|
360544
|
360547
|
360550
|
360554
|
360555
|
360556
|
360557
|
360558
|
361042
|
361096