WebKit Bugzilla
Attachment 361096 Details for
Bug 193993
: [JSC] Shrink size of VM by lazily allocating IsoSubspaces for non-common types
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-193993-20190204135537.patch (text/plain), 85.08 KB, created by
Yusuke Suzuki
on 2019-02-04 13:55:38 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Yusuke Suzuki
Created:
2019-02-04 13:55:38 PST
Size:
85.08 KB
patch
obsolete
>Subversion Revision: 240939 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index abd09751c826c04d7670707787354ba961c4be1f..09f91830de83db11b0db472a8a098efba5101036 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,139 @@ >+2019-02-04 Yusuke Suzuki <ysuzuki@apple.com> >+ >+ [JSC] Shrink size of VM by lazily allocating IsoSubspaces for non-common types >+ https://bugs.webkit.org/show_bug.cgi?id=193993 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ JSC::VM has a lot of IsoSubspaces, and each takes 504B. This unnecessarily makes VM so large. >+ And some of them are rarely used. We should allocate it lazily. >+ >+ In this patch, we make some `IsoSubspaces` `std::unique_ptr<IsoSubspace>`. And we add ensureXXXSpace >+ functions which allocate IsoSubspaces lazily. This function is used by subspaceFor<> in each class. >+ And we also add subspaceForConcurrently<> function, which is called from concurrent JIT tiers. This >+ returns nullptr if the subspace is not allocated yet. JSCell::subspaceFor now takes second template >+ parameter which tells the function whether subspaceFor is concurrently done. If the IsoSubspace is >+ lazily created, we may return nullptr for the concurrent access. We ensure the space's initialization >+ by using WTF::storeStoreFence when lazily allocating it. >+ >+ In GC's constraint solving, we may touch these lazily allocated spaces. At that time, we check the >+ existence of the space before touching this. This is not racy because the main thread is stopped when >+ the constraint solving is working. >+ >+ This changes sizeof(VM) from 64736 to 56472. >+ >+ Another interesting thing is that we removed `PreventCollectionScope preventCollectionScope(heap);` in >+ `Subspace::initialize`. This is really dangerous API since it easily causes dead-lock between the >+ collector and the mutator if IsoSubspace is dynamically created. We do want to make IsoSubspaces >+ dynamically-created ones since the requirement of the pre-allocation poses a scalability problem >+ of IsoSubspace adoption because IsoSubspace is large. Registered Subspace is only touched in the >+ EndPhase, and the peripheries should be stopped when running EndPhase. Thus, as long as the main thread >+ can run this IsoSubspace code, the collector is never EndPhase. So this is safe. >+ >+ * API/JSCallbackFunction.h: >+ * API/ObjCCallbackFunction.h: >+ (JSC::ObjCCallbackFunction::subspaceFor): >+ * API/glib/JSCCallbackFunction.h: >+ * CMakeLists.txt: >+ * JavaScriptCore.xcodeproj/project.pbxproj: >+ * bytecode/CodeBlock.cpp: >+ (JSC::CodeBlock::visitChildren): >+ (JSC::CodeBlock::finalizeUnconditionally): >+ * bytecode/CodeBlock.h: >+ * bytecode/EvalCodeBlock.h: >+ * bytecode/ExecutableToCodeBlockEdge.h: >+ * bytecode/FunctionCodeBlock.h: >+ * bytecode/ModuleProgramCodeBlock.h: >+ * bytecode/ProgramCodeBlock.h: >+ * bytecode/UnlinkedFunctionExecutable.cpp: >+ (JSC::UnlinkedFunctionExecutable::unlinkedCodeBlockFor): >+ * bytecode/UnlinkedFunctionExecutable.h: >+ * dfg/DFGSpeculativeJIT.cpp: >+ (JSC::DFG::SpeculativeJIT::emitAllocateRawObject): >+ (JSC::DFG::SpeculativeJIT::compileMakeRope): >+ (JSC::DFG::SpeculativeJIT::compileNewObject): >+ * ftl/FTLLowerDFGToB3.cpp: >+ (JSC::FTL::DFG::LowerDFGToB3::compileMakeRope): >+ (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject): >+ (JSC::FTL::DFG::LowerDFGToB3::allocateObject): >+ (JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedObject): >+ (JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedCell): >+ * heap/Heap.cpp: >+ (JSC::Heap::finalizeUnconditionalFinalizers): >+ (JSC::Heap::deleteAllCodeBlocks): >+ (JSC::Heap::deleteAllUnlinkedCodeBlocks): >+ (JSC::Heap::addCoreConstraints): >+ * heap/Subspace.cpp: >+ (JSC::Subspace::initialize): >+ * jit/AssemblyHelpers.h: >+ (JSC::AssemblyHelpers::emitAllocateJSObjectWithKnownSize): >+ (JSC::AssemblyHelpers::emitAllocateVariableSizedCell): >+ * jit/JITOpcodes.cpp: >+ (JSC::JIT::emit_op_new_object): >+ * jit/JITOpcodes32_64.cpp: >+ (JSC::JIT::emit_op_new_object): >+ * runtime/DirectArguments.h: >+ * runtime/DirectEvalExecutable.h: >+ * runtime/ErrorInstance.h: >+ (JSC::ErrorInstance::subspaceFor): >+ * runtime/ExecutableBase.h: >+ * runtime/FunctionExecutable.h: >+ * runtime/IndirectEvalExecutable.h: >+ * runtime/InferredValue.cpp: >+ (JSC::InferredValue::visitChildren): >+ * runtime/InferredValue.h: >+ * runtime/InferredValueInlines.h: >+ (JSC::InferredValue::finalizeUnconditionally): >+ * runtime/InternalFunction.h: >+ * runtime/JSAsyncFunction.h: >+ * runtime/JSAsyncGeneratorFunction.h: >+ * runtime/JSBoundFunction.h: >+ * runtime/JSCell.h: >+ (JSC::subspaceFor): >+ (JSC::subspaceForConcurrently): >+ * runtime/JSCellInlines.h: >+ (JSC::allocatorForNonVirtualConcurrently): >+ * runtime/JSCustomGetterSetterFunction.h: >+ * runtime/JSDestructibleObject.h: >+ * runtime/JSFunction.h: >+ * runtime/JSGeneratorFunction.h: >+ * runtime/JSImmutableButterfly.h: >+ * runtime/JSLexicalEnvironment.h: >+ (JSC::JSLexicalEnvironment::subspaceFor): >+ * runtime/JSNativeStdFunction.h: >+ * runtime/JSSegmentedVariableObject.h: >+ * runtime/JSString.h: >+ * runtime/ModuleProgramExecutable.h: >+ * runtime/NativeExecutable.h: >+ * runtime/ProgramExecutable.h: >+ * runtime/PropertyMapHashTable.h: >+ * runtime/ProxyRevoke.h: >+ * runtime/ScopedArguments.h: >+ * runtime/ScriptExecutable.cpp: >+ (JSC::ScriptExecutable::clearCode): >+ (JSC::ScriptExecutable::installCode): >+ * runtime/Structure.h: >+ * runtime/StructureRareData.h: >+ * runtime/SubspaceAccess.h: Copied from Source/JavaScriptCore/runtime/InferredValueInlines.h. >+ * runtime/VM.cpp: >+ (JSC::VM::VM): >+ * runtime/VM.h: >+ (JSC::VM::SpaceAndSet::SpaceAndSet): >+ (JSC::VM::SpaceAndSet::setFor): >+ (JSC::VM::forEachScriptExecutableSpace): >+ (JSC::VM::SpaceAndFinalizerSet::SpaceAndFinalizerSet): Deleted. >+ (JSC::VM::SpaceAndFinalizerSet::finalizerSetFor): Deleted. >+ (JSC::VM::ScriptExecutableSpaceAndSet::ScriptExecutableSpaceAndSet): Deleted. >+ (JSC::VM::ScriptExecutableSpaceAndSet::clearableCodeSetFor): Deleted. >+ (JSC::VM::UnlinkedFunctionExecutableSpaceAndSet::UnlinkedFunctionExecutableSpaceAndSet): Deleted. >+ (JSC::VM::UnlinkedFunctionExecutableSpaceAndSet::clearableCodeSetFor): Deleted. >+ * runtime/WeakMapImpl.h: >+ (JSC::WeakMapImpl::subspaceFor): >+ * wasm/js/JSWebAssemblyCodeBlock.h: >+ * wasm/js/JSWebAssemblyMemory.h: >+ * wasm/js/WebAssemblyFunction.h: >+ * wasm/js/WebAssemblyWrapperFunction.h: >+ > 2019-02-04 Yusuke Suzuki <ysuzuki@apple.com> > > [JSC] Shrink size of FunctionExecutable >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 4240d8e6fbfc517a25f61a178c604ef22f56f2c0..4f36f90508081a84f0b0492c912629f0faf743aa 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,14 @@ >+2019-02-04 Yusuke Suzuki <ysuzuki@apple.com> >+ >+ [JSC] Shrink size of VM by lazily allocating IsoSubspaces for non-common types >+ https://bugs.webkit.org/show_bug.cgi?id=193993 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * bindings/scripts/CodeGeneratorJS.pm: >+ (GenerateHeader): >+ * bridge/runtime_method.h: >+ > 2019-02-04 Eric Liang <ericliang@apple.com> > > When performing Increment or Decrement on sliders, check to see if the slider is disabled. >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 12ebcda93625ba3c61128aa650a7c48f66e4cac5..b406a969e0942acbbcba413b8d23e5a0cb69fc7d 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,13 @@ >+2019-02-04 Yusuke Suzuki <ysuzuki@apple.com> >+ >+ [JSC] Shrink size of VM by lazily allocating IsoSubspaces for non-common types >+ https://bugs.webkit.org/show_bug.cgi?id=193993 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * WebProcess/Plugins/Netscape/JSNPMethod.h: >+ * WebProcess/Plugins/Netscape/JSNPObject.h: >+ > 2019-02-04 Michael Catanzaro <mcatanzaro@igalia.com> > > Unreviewed, improve preprocessor guard >diff --git a/Source/JavaScriptCore/API/JSCallbackFunction.h b/Source/JavaScriptCore/API/JSCallbackFunction.h >index 6cf9cfc2e4fab7c01ddc6e02b663850b0a7f1642..7b2e5599d8ae4971a6c26067f6168fcb0a46e9b0 100644 >--- a/Source/JavaScriptCore/API/JSCallbackFunction.h >+++ b/Source/JavaScriptCore/API/JSCallbackFunction.h >@@ -37,10 +37,10 @@ class JSCallbackFunction final : public InternalFunction { > public: > typedef InternalFunction Base; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.callbackFunctionSpace; >+ return vm.callbackFunctionSpace<mode>(); > } > > static JSCallbackFunction* create(VM&, JSGlobalObject*, JSObjectCallAsFunctionCallback, const String& name); >diff --git a/Source/JavaScriptCore/API/ObjCCallbackFunction.h b/Source/JavaScriptCore/API/ObjCCallbackFunction.h >index c90ff0c68a3bd3a6b104b51a2204623030188da4..c30c1562837fa00f94988ab59f19de3eb154c6f5 100644 >--- a/Source/JavaScriptCore/API/ObjCCallbackFunction.h >+++ b/Source/JavaScriptCore/API/ObjCCallbackFunction.h >@@ -48,10 +48,10 @@ class ObjCCallbackFunction : public InternalFunction { > public: > typedef InternalFunction Base; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.objCCallbackFunctionSpace; >+ return vm.objCCallbackFunctionSpace<mode>(); > } > > static ObjCCallbackFunction* create(VM&, JSGlobalObject*, const String& name, std::unique_ptr<ObjCCallbackFunctionImpl>); >diff --git a/Source/JavaScriptCore/API/glib/JSCCallbackFunction.h b/Source/JavaScriptCore/API/glib/JSCCallbackFunction.h >index 04663fade495fc428379ad2300432c33bf1f870e..2c59b9b84fc8630284e318e6235f07026eccc23d 100644 >--- a/Source/JavaScriptCore/API/glib/JSCCallbackFunction.h >+++ b/Source/JavaScriptCore/API/glib/JSCCallbackFunction.h >@@ -40,7 +40,7 @@ class JSCCallbackFunction : public InternalFunction { > public: > typedef InternalFunction Base; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return subspaceForImpl(vm); >diff --git a/Source/JavaScriptCore/CMakeLists.txt b/Source/JavaScriptCore/CMakeLists.txt >index d04740bf141d32996c62f585b28bc4ccb435d800..be0c2140e9b73671f312b9e83568161543050db5 100644 >--- a/Source/JavaScriptCore/CMakeLists.txt >+++ b/Source/JavaScriptCore/CMakeLists.txt >@@ -937,6 +937,7 @@ set(JavaScriptCore_PRIVATE_FRAMEWORK_HEADERS > runtime/StructureRareData.h > runtime/StructureRareDataInlines.h > runtime/StructureTransitionTable.h >+ runtime/SubspaceAccess.h > runtime/Symbol.h > runtime/SymbolPrototype.h > runtime/SymbolTable.h >diff --git a/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj b/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj >index f842f1949c5fa4ef44477b350e5fee57f25b5043..f25f336b9ebf06af0867d0bae4f40a61ec3c0103 100644 >--- a/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj >+++ b/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj >@@ -1765,6 +1765,7 @@ > E36CC9472086314F0051FFD6 /* WasmCreationMode.h in Headers */ = {isa = PBXBuildFile; fileRef = E36CC9462086314F0051FFD6 /* WasmCreationMode.h */; settings = {ATTRIBUTES = (Private, ); }; }; > E3794E761B77EB97005543AE /* ModuleAnalyzer.h in Headers */ = {isa = PBXBuildFile; fileRef = E3794E741B77EB97005543AE /* ModuleAnalyzer.h */; settings = {ATTRIBUTES = (Private, ); }; }; > E3893A1D2203A7C600E79A74 /* AsyncFromSyncIteratorPrototype.lut.h in Headers */ = {isa = PBXBuildFile; fileRef = E3893A1C2203A7C600E79A74 /* AsyncFromSyncIteratorPrototype.lut.h */; }; >+ E39006212208BFC4001019CF /* SubspaceAccess.h in Headers */ = {isa = PBXBuildFile; fileRef = E39006202208BFC3001019CF /* SubspaceAccess.h */; settings = {ATTRIBUTES = (Private, ); }; }; > E393ADD81FE702D00022D681 /* WeakMapImplInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = E393ADD71FE702CC0022D681 /* WeakMapImplInlines.h */; }; > E39D45F51D39005600B3B377 /* InterpreterInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = E39D9D841D39000600667282 /* InterpreterInlines.h */; settings = {ATTRIBUTES = (Private, ); }; }; > E39DA4A71B7E8B7C0084F33A /* JSModuleRecord.h in Headers */ = {isa = PBXBuildFile; fileRef = E39DA4A51B7E8B7C0084F33A /* JSModuleRecord.h */; settings = {ATTRIBUTES = (Private, ); }; }; >@@ -4703,10 +4704,11 @@ > E3794E741B77EB97005543AE /* ModuleAnalyzer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ModuleAnalyzer.h; sourceTree = "<group>"; }; > E380A76B1DCD7195000F89E6 /* MacroAssemblerHelpers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MacroAssemblerHelpers.h; sourceTree = "<group>"; }; > E380D66B1F19249D00A59095 /* BuiltinNames.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = BuiltinNames.cpp; sourceTree = "<group>"; }; >- E3893A1C2203A7C600E79A74 /* AsyncFromSyncIteratorPrototype.lut.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AsyncFromSyncIteratorPrototype.lut.h; path = AsyncFromSyncIteratorPrototype.lut.h; sourceTree = "<group>"; }; >+ E3893A1C2203A7C600E79A74 /* AsyncFromSyncIteratorPrototype.lut.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AsyncFromSyncIteratorPrototype.lut.h; sourceTree = "<group>"; }; > E38D060B1F8E814100649CF2 /* JSScriptFetchParameters.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSScriptFetchParameters.h; sourceTree = "<group>"; }; > E38D060C1F8E814100649CF2 /* ScriptFetchParameters.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ScriptFetchParameters.h; sourceTree = "<group>"; }; > E38D060D1F8E814100649CF2 /* JSScriptFetchParameters.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSScriptFetchParameters.cpp; sourceTree = "<group>"; }; >+ E39006202208BFC3001019CF /* SubspaceAccess.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SubspaceAccess.h; sourceTree = "<group>"; }; > E393ADD71FE702CC0022D681 /* WeakMapImplInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WeakMapImplInlines.h; sourceTree = "<group>"; }; > E3963CEC1B73F75000EB4CE5 /* NodesAnalyzeModule.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NodesAnalyzeModule.cpp; sourceTree = "<group>"; }; > E39D9D841D39000600667282 /* InterpreterInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = InterpreterInlines.h; sourceTree = "<group>"; }; >@@ -7164,6 +7166,7 @@ > C2FE18A316BAEC4000AF3061 /* StructureRareData.h */, > C20BA92C16BB1C1500B3AEA2 /* StructureRareDataInlines.h */, > BC9041470EB9250900FE26FA /* StructureTransitionTable.h */, >+ E39006202208BFC3001019CF /* SubspaceAccess.h */, > 705B41A31A6E501E00716757 /* Symbol.cpp */, > 705B41A41A6E501E00716757 /* Symbol.h */, > 705B41A51A6E501E00716757 /* SymbolConstructor.cpp */, >@@ -9692,6 +9695,7 @@ > BC9041480EB9250900FE26FA /* StructureTransitionTable.h in Headers */, > 0F44767020C5E2B4008B2C36 /* StubInfoSummary.h in Headers */, > 0F7DF1371E2970E10095951B /* Subspace.h in Headers */, >+ E39006212208BFC4001019CF /* SubspaceAccess.h in Headers */, > 0F7DF1381E2970E40095951B /* SubspaceInlines.h in Headers */, > 0F4A38FA1C8E13DF00190318 /* SuperSampler.h in Headers */, > 530A66CD1FB1346D0026A545 /* SuperSamplerBytecodeScope.h in Headers */, >diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.cpp b/Source/JavaScriptCore/bytecode/CodeBlock.cpp >index 0707789eaf1c4cef9f5909aabc757835d981f955..3837d11e69b7876436dafcf033d73fa5d5e80fc0 100644 >--- a/Source/JavaScriptCore/bytecode/CodeBlock.cpp >+++ b/Source/JavaScriptCore/bytecode/CodeBlock.cpp >@@ -997,7 +997,7 @@ void CodeBlock::visitChildren(SlotVisitor& visitor) > stronglyVisitStrongReferences(locker, visitor); > stronglyVisitWeakReferences(locker, visitor); > >- VM::SpaceAndFinalizerSet::finalizerSetFor(*subspace()).add(this); >+ VM::SpaceAndSet::setFor(*subspace()).add(this); > } > > bool CodeBlock::shouldVisitStrongly(const ConcurrentJSLocker& locker) >@@ -1392,7 +1392,7 @@ void CodeBlock::finalizeUnconditionally(VM&) > } > #endif // ENABLE(DFG_JIT) > >- VM::SpaceAndFinalizerSet::finalizerSetFor(*subspace()).remove(this); >+ VM::SpaceAndSet::setFor(*subspace()).remove(this); > } > > void CodeBlock::destroy(JSCell* cell) >diff --git a/Source/JavaScriptCore/bytecode/CodeBlock.h b/Source/JavaScriptCore/bytecode/CodeBlock.h >index b091683608fe18223fb6cb891f05a37055c1ee9d..d5a232b61447ad48c738c2bccd31df2dd3de2fde 100644 >--- a/Source/JavaScriptCore/bytecode/CodeBlock.h >+++ b/Source/JavaScriptCore/bytecode/CodeBlock.h >@@ -114,7 +114,7 @@ class CodeBlock : public JSCell { > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > static const bool needsDestruction = true; > >- template<typename> >+ template<typename, SubspaceAccess> > static void subspaceFor(VM&) { } > > DECLARE_INFO; >diff --git a/Source/JavaScriptCore/bytecode/EvalCodeBlock.h b/Source/JavaScriptCore/bytecode/EvalCodeBlock.h >index 1166962155a8def81e5f162568f8f5125e5d25bb..e568a8def0341a18e84905b277fa1e7893117f85 100644 >--- a/Source/JavaScriptCore/bytecode/EvalCodeBlock.h >+++ b/Source/JavaScriptCore/bytecode/EvalCodeBlock.h >@@ -38,7 +38,7 @@ class EvalCodeBlock final : public GlobalCodeBlock { > typedef GlobalCodeBlock Base; > DECLARE_INFO; > >- template<typename> >+ template<typename, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.codeBlockSpace.space; >diff --git a/Source/JavaScriptCore/bytecode/ExecutableToCodeBlockEdge.h b/Source/JavaScriptCore/bytecode/ExecutableToCodeBlockEdge.h >index 19e353048371a7dfff1ceeb8df8428e1bb71ffdc..6ef41b570223a67627ffeab1b4b9f8ee551fc8fa 100644 >--- a/Source/JavaScriptCore/bytecode/ExecutableToCodeBlockEdge.h >+++ b/Source/JavaScriptCore/bytecode/ExecutableToCodeBlockEdge.h >@@ -40,7 +40,7 @@ class ExecutableToCodeBlockEdge final : public JSCell { > typedef JSCell Base; > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.executableToCodeBlockEdgeSpace; >diff --git a/Source/JavaScriptCore/bytecode/FunctionCodeBlock.h b/Source/JavaScriptCore/bytecode/FunctionCodeBlock.h >index 55540bd0b199ae229dcfbc8a1a14f89f90ceff61..cccb5c553d37a7ec879dcb1ed542e9e277d88182 100644 >--- a/Source/JavaScriptCore/bytecode/FunctionCodeBlock.h >+++ b/Source/JavaScriptCore/bytecode/FunctionCodeBlock.h >@@ -39,7 +39,7 @@ class FunctionCodeBlock final : public CodeBlock { > typedef CodeBlock Base; > DECLARE_INFO; > >- template<typename> >+ template<typename, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.codeBlockSpace.space; >diff --git a/Source/JavaScriptCore/bytecode/ModuleProgramCodeBlock.h b/Source/JavaScriptCore/bytecode/ModuleProgramCodeBlock.h >index f74784ebdfd34eb41ad99e5a378086eb18bb6899..467b3d56d0381f49209678328da2b96778614b04 100644 >--- a/Source/JavaScriptCore/bytecode/ModuleProgramCodeBlock.h >+++ b/Source/JavaScriptCore/bytecode/ModuleProgramCodeBlock.h >@@ -39,7 +39,7 @@ class ModuleProgramCodeBlock final : public GlobalCodeBlock { > typedef GlobalCodeBlock Base; > DECLARE_INFO; > >- template<typename> >+ template<typename, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.codeBlockSpace.space; >diff --git a/Source/JavaScriptCore/bytecode/ProgramCodeBlock.h b/Source/JavaScriptCore/bytecode/ProgramCodeBlock.h >index be89b6df495b7f3e25ed3457450703b073b0fa80..e8ba30fe5bccf229c5c7b7c7c14b77fda7b77776 100644 >--- a/Source/JavaScriptCore/bytecode/ProgramCodeBlock.h >+++ b/Source/JavaScriptCore/bytecode/ProgramCodeBlock.h >@@ -39,7 +39,7 @@ class ProgramCodeBlock final : public GlobalCodeBlock { > typedef GlobalCodeBlock Base; > DECLARE_INFO; > >- template<typename> >+ template<typename, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.codeBlockSpace.space; >diff --git a/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp b/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp >index 7b29fc3107728230183739e4e44659a36d46f228..ac416e4df68a67e804f3b3209ba941afa3902bba 100644 >--- a/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp >+++ b/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp >@@ -237,7 +237,7 @@ UnlinkedFunctionCodeBlock* UnlinkedFunctionExecutable::unlinkedCodeBlockFor( > m_unlinkedCodeBlockForConstruct.set(vm, this, result); > break; > } >- vm.unlinkedFunctionExecutableSpace.clearableCodeSet.add(this); >+ vm.unlinkedFunctionExecutableSpace.set.add(this); > return result; > } > >diff --git a/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h b/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h >index d637d68af5ad631558ea93b3b86b9da04cb83175..c8109eee1d81000e143ea2a35c8b7fbf60e10d78 100644 >--- a/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h >+++ b/Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.h >@@ -61,7 +61,7 @@ class UnlinkedFunctionExecutable final : public JSCell { > typedef JSCell Base; > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.unlinkedFunctionExecutableSpace.space; >@@ -120,7 +120,7 @@ class UnlinkedFunctionExecutable final : public JSCell { > { > m_unlinkedCodeBlockForCall.clear(); > m_unlinkedCodeBlockForConstruct.clear(); >- vm.unlinkedFunctionExecutableSpace.clearableCodeSet.remove(this); >+ vm.unlinkedFunctionExecutableSpace.set.remove(this); > } > > void recordParse(CodeFeatures features, bool hasCapturedVariables) >diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp >index 9ec916f2ea05972f666a9b2132806fee4aef595d..2fed431b1a6f330baac79a4787bb7fb2b018d028 100644 >--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp >+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp >@@ -130,7 +130,7 @@ void SpeculativeJIT::emitAllocateRawObject(GPRReg resultGPR, RegisteredStructure > } > > size_t allocationSize = JSFinalObject::allocationSize(inlineCapacity); >- Allocator allocator = subspaceFor<JSFinalObject>(*m_jit.vm())->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); >+ Allocator allocator = allocatorForNonVirtualConcurrently<JSFinalObject>(*m_jit.vm(), allocationSize, AllocatorForMode::AllocatorIfExists); > if (allocator) { > emitAllocateJSObject(resultGPR, JITAllocator::constant(allocator), scratchGPR, TrustedImmPtr(structure), storageGPR, scratch2GPR, slowCases); > m_jit.emitInitializeInlineStorage(resultGPR, structure->inlineCapacity()); >@@ -4359,7 +4359,7 @@ void SpeculativeJIT::compileMakeRope(Node* node) > GPRReg scratchGPR = scratch.gpr(); > > JITCompiler::JumpList slowPath; >- Allocator allocatorValue = subspaceFor<JSRopeString>(*m_jit.vm())->allocatorForNonVirtual(sizeof(JSRopeString), AllocatorForMode::AllocatorIfExists); >+ Allocator allocatorValue = allocatorForNonVirtualConcurrently<JSRopeString>(*m_jit.vm(), sizeof(JSRopeString), AllocatorForMode::AllocatorIfExists); > emitAllocateJSCell(resultGPR, JITAllocator::constant(allocatorValue), allocatorGPR, TrustedImmPtr(m_jit.graph().registerStructure(m_jit.vm()->stringStructure.get())), scratchGPR, slowPath); > > m_jit.storePtr(TrustedImmPtr(nullptr), JITCompiler::Address(resultGPR, JSString::offsetOfValue())); >@@ -12540,8 +12540,7 @@ void SpeculativeJIT::compileNewObject(Node* node) > > RegisteredStructure structure = node->structure(); > size_t allocationSize = JSFinalObject::allocationSize(structure->inlineCapacity()); >- Allocator allocatorValue = subspaceFor<JSFinalObject>(*m_jit.vm())->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); >- >+ Allocator allocatorValue = allocatorForNonVirtualConcurrently<JSFinalObject>(*m_jit.vm(), allocationSize, AllocatorForMode::AllocatorIfExists); > if (!allocatorValue) > slowPath.append(m_jit.jump()); > else { >diff --git a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >index 4f3a5a054b58b145c70c8a4a6a4af6cc0f5a0807..90dcea22bef8b2d65ec56db239ddf9c7122482e3 100644 >--- a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >+++ b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >@@ -6471,7 +6471,7 @@ class LowerDFGToB3 { > > LBasicBlock lastNext = m_out.insertNewBlocksBefore(slowPath); > >- Allocator allocator = subspaceFor<JSRopeString>(vm())->allocatorForNonVirtual(sizeof(JSRopeString), AllocatorForMode::AllocatorIfExists); >+ Allocator allocator = allocatorForNonVirtualConcurrently<JSRopeString>(vm(), sizeof(JSRopeString), AllocatorForMode::AllocatorIfExists); > > LValue result = allocateCell( > m_out.constIntPtr(allocator.localAllocator()), vm().stringStructure.get(), slowPath); >@@ -10722,7 +10722,7 @@ class LowerDFGToB3 { > > if (structure->outOfLineCapacity() || hasIndexedProperties(structure->indexingType())) { > size_t allocationSize = JSFinalObject::allocationSize(structure->inlineCapacity()); >- Allocator cellAllocator = subspaceFor<JSFinalObject>(vm())->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); >+ Allocator cellAllocator = allocatorForNonVirtualConcurrently<JSFinalObject>(vm(), allocationSize, AllocatorForMode::AllocatorIfExists); > > bool hasIndexingHeader = hasIndexedProperties(structure->indexingType()); > unsigned indexingHeaderSize = 0; >@@ -13189,7 +13189,7 @@ class LowerDFGToB3 { > LValue allocateObject( > size_t size, StructureType structure, LValue butterfly, LBasicBlock slowPath) > { >- Allocator allocator = subspaceFor<ClassType>(vm())->allocatorForNonVirtual(size, AllocatorForMode::AllocatorIfExists); >+ Allocator allocator = allocatorForNonVirtualConcurrently<ClassType>(vm(), size, AllocatorForMode::AllocatorIfExists); > return allocateObject( > m_out.constIntPtr(allocator.localAllocator()), structure, butterfly, slowPath); > } >@@ -13253,7 +13253,9 @@ class LowerDFGToB3 { > LValue allocateVariableSizedObject( > LValue size, RegisteredStructure structure, LValue butterfly, LBasicBlock slowPath) > { >- LValue allocator = allocatorForSize(*subspaceFor<ClassType>(vm()), size, slowPath); >+ CompleteSubspace* subspace = subspaceForConcurrently<ClassType>(vm()); >+ RELEASE_ASSERT_WITH_MESSAGE(subspace, "CompleteSubspace is always allocated"); >+ LValue allocator = allocatorForSize(*subspace, size, slowPath); > return allocateObject(allocator, structure, butterfly, slowPath); > } > >@@ -13261,14 +13263,16 @@ class LowerDFGToB3 { > LValue allocateVariableSizedCell( > LValue size, Structure* structure, LBasicBlock slowPath) > { >- LValue allocator = allocatorForSize(*subspaceFor<ClassType>(vm()), size, slowPath); >+ CompleteSubspace* subspace = subspaceForConcurrently<ClassType>(vm()); >+ RELEASE_ASSERT_WITH_MESSAGE(subspace, "CompleteSubspace is always allocated"); >+ LValue allocator = allocatorForSize(*subspace, size, slowPath); > return allocateCell(allocator, structure, slowPath); > } > > LValue allocateObject(RegisteredStructure structure) > { > size_t allocationSize = JSFinalObject::allocationSize(structure.get()->inlineCapacity()); >- Allocator allocator = subspaceFor<JSFinalObject>(vm())->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); >+ Allocator allocator = allocatorForNonVirtualConcurrently<JSFinalObject>(vm(), allocationSize, AllocatorForMode::AllocatorIfExists); > > // FIXME: If the allocator is null, we could simply emit a normal C call to the allocator > // instead of putting it on the slow path. >diff --git a/Source/JavaScriptCore/heap/Heap.cpp b/Source/JavaScriptCore/heap/Heap.cpp >index 06ea3b62e6436440323b3a9dd3c2debe8b002e7b..5f2bc83f4767fdcaa23234d5fbb10e130a7f8c7f 100644 >--- a/Source/JavaScriptCore/heap/Heap.cpp >+++ b/Source/JavaScriptCore/heap/Heap.cpp >@@ -567,18 +567,23 @@ void Heap::finalizeMarkedUnconditionalFinalizers(CellSet& cellSet) > > void Heap::finalizeUnconditionalFinalizers() > { >- finalizeMarkedUnconditionalFinalizers<InferredValue>(vm()->inferredValuesWithFinalizers); >+ if (vm()->m_inferredValueSpace) >+ finalizeMarkedUnconditionalFinalizers<InferredValue>(vm()->m_inferredValueSpace->space); > vm()->forEachCodeBlockSpace( > [&] (auto& space) { >- this->finalizeMarkedUnconditionalFinalizers<CodeBlock>(space.finalizerSet); >+ this->finalizeMarkedUnconditionalFinalizers<CodeBlock>(space.set); > }); > finalizeMarkedUnconditionalFinalizers<ExecutableToCodeBlockEdge>(vm()->executableToCodeBlockEdgesWithFinalizers); >- finalizeMarkedUnconditionalFinalizers<JSWeakSet>(vm()->weakSetSpace); >- finalizeMarkedUnconditionalFinalizers<JSWeakMap>(vm()->weakMapSpace); >- finalizeMarkedUnconditionalFinalizers<ErrorInstance>(vm()->errorInstanceSpace); >+ if (vm()->m_weakSetSpace) >+ finalizeMarkedUnconditionalFinalizers<JSWeakSet>(*vm()->m_weakSetSpace); >+ if (vm()->m_weakMapSpace) >+ finalizeMarkedUnconditionalFinalizers<JSWeakMap>(*vm()->m_weakMapSpace); >+ if (vm()->m_errorInstanceSpace) >+ finalizeMarkedUnconditionalFinalizers<ErrorInstance>(*vm()->m_errorInstanceSpace); > > #if ENABLE(WEBASSEMBLY) >- finalizeMarkedUnconditionalFinalizers<JSWebAssemblyCodeBlock>(vm()->webAssemblyCodeBlockSpace); >+ if (vm()->m_webAssemblyCodeBlockSpace) >+ finalizeMarkedUnconditionalFinalizers<JSWebAssemblyCodeBlock>(*vm()->m_webAssemblyCodeBlockSpace); > #endif > } > >@@ -880,11 +885,11 @@ void Heap::deleteAllCodeBlocks(DeleteAllCodeEffort effort) > vm.forEachScriptExecutableSpace( > [&] (auto& spaceAndSet) { > HeapIterationScope heapIterationScope(*this); >- auto& clearableCodeSet = spaceAndSet.clearableCodeSet; >- clearableCodeSet.forEachLiveCell( >+ auto& set = spaceAndSet.set; >+ set.forEachLiveCell( > [&] (HeapCell* cell, HeapCell::Kind) { > ScriptExecutable* executable = static_cast<ScriptExecutable*>(cell); >- executable->clearCode(clearableCodeSet); >+ executable->clearCode(set); > }); > }); > >@@ -896,11 +901,13 @@ void Heap::deleteAllCodeBlocks(DeleteAllCodeEffort effort) > // points into a CodeBlock that could be dead. The IC will still succeed because > // it uses a callee check, but then it will call into dead code. > HeapIterationScope heapIterationScope(*this); >- vm.webAssemblyCodeBlockSpace.forEachLiveCell([&] (HeapCell* cell, HeapCell::Kind kind) { >- ASSERT_UNUSED(kind, kind == HeapCell::JSCell); >- JSWebAssemblyCodeBlock* codeBlock = static_cast<JSWebAssemblyCodeBlock*>(cell); >- codeBlock->clearJSCallICs(vm); >- }); >+ if (vm.m_webAssemblyCodeBlockSpace) { >+ vm.m_webAssemblyCodeBlockSpace->forEachLiveCell([&] (HeapCell* cell, HeapCell::Kind kind) { >+ ASSERT_UNUSED(kind, kind == HeapCell::JSCell); >+ JSWebAssemblyCodeBlock* codeBlock = static_cast<JSWebAssemblyCodeBlock*>(cell); >+ codeBlock->clearJSCallICs(vm); >+ }); >+ } > } > #endif > } >@@ -916,7 +923,7 @@ void Heap::deleteAllUnlinkedCodeBlocks(DeleteAllCodeEffort effort) > RELEASE_ASSERT(!m_collectionScope); > > HeapIterationScope heapIterationScope(*this); >- vm.unlinkedFunctionExecutableSpace.clearableCodeSet.forEachLiveCell( >+ vm.unlinkedFunctionExecutableSpace.set.forEachLiveCell( > [&] (HeapCell* cell, HeapCell::Kind) { > UnlinkedFunctionExecutable* executable = static_cast<UnlinkedFunctionExecutable*>(cell); > executable->clearCode(vm); >@@ -2730,7 +2737,8 @@ void Heap::addCoreConstraints() > }; > > add(vm.executableToCodeBlockEdgesWithConstraints); >- add(vm.weakMapSpace); >+ if (vm.m_weakMapSpace) >+ add(*vm.m_weakMapSpace); > }, > ConstraintVolatility::GreyedByMarking, > ConstraintParallelism::Parallel); >diff --git a/Source/JavaScriptCore/heap/Subspace.cpp b/Source/JavaScriptCore/heap/Subspace.cpp >index b87052c65e2091f2ddb279cfa49f2fc72abbaac0..de40617fd32cfede2abbf9be2b8b9de9220fff5f 100644 >--- a/Source/JavaScriptCore/heap/Subspace.cpp >+++ b/Source/JavaScriptCore/heap/Subspace.cpp >@@ -50,7 +50,6 @@ void Subspace::initialize(HeapCellType* heapCellType, AlignedMemoryAllocator* al > m_directoryForEmptyAllocation = m_alignedMemoryAllocator->firstDirectory(); > > Heap& heap = *m_space.heap(); >- PreventCollectionScope preventCollectionScope(heap); > heap.objectSpace().m_subspaces.append(this); > m_alignedMemoryAllocator->registerSubspace(this); > } >diff --git a/Source/JavaScriptCore/jit/AssemblyHelpers.h b/Source/JavaScriptCore/jit/AssemblyHelpers.h >index 283bb03033bc583703ecd6fc0bc8bf87f93e7528..4b90f3aacbd22198cf33bd64d7e8ac82322e5423 100644 >--- a/Source/JavaScriptCore/jit/AssemblyHelpers.h >+++ b/Source/JavaScriptCore/jit/AssemblyHelpers.h >@@ -1752,7 +1752,7 @@ class AssemblyHelpers : public MacroAssembler { > VM& vm, GPRReg resultGPR, StructureType structure, StorageType storage, GPRReg scratchGPR1, > GPRReg scratchGPR2, JumpList& slowPath, size_t size) > { >- Allocator allocator = subspaceFor<ClassType>(vm)->allocatorForNonVirtual(size, AllocatorForMode::AllocatorIfExists); >+ Allocator allocator = allocatorForNonVirtualConcurrently<ClassType>(vm, size, AllocatorForMode::AllocatorIfExists); > emitAllocateJSObject(resultGPR, JITAllocator::constant(allocator), scratchGPR1, structure, storage, scratchGPR2, slowPath); > } > >@@ -1769,8 +1769,9 @@ class AssemblyHelpers : public MacroAssembler { > template<typename ClassType, typename StructureType> > void emitAllocateVariableSizedCell(VM& vm, GPRReg resultGPR, StructureType structure, GPRReg allocationSize, GPRReg scratchGPR1, GPRReg scratchGPR2, JumpList& slowPath) > { >- CompleteSubspace& subspace = *subspaceFor<ClassType>(vm); >- emitAllocateVariableSized(resultGPR, subspace, allocationSize, scratchGPR1, scratchGPR2, slowPath); >+ CompleteSubspace* subspace = subspaceForConcurrently<ClassType>(vm); >+ RELEASE_ASSERT_WITH_MESSAGE(subspace, "CompleteSubspace is always allocated"); >+ emitAllocateVariableSized(resultGPR, *subspace, allocationSize, scratchGPR1, scratchGPR2, slowPath); > emitStoreStructureWithTypeInfo(structure, resultGPR, scratchGPR2); > } > >diff --git a/Source/JavaScriptCore/jit/JITOpcodes.cpp b/Source/JavaScriptCore/jit/JITOpcodes.cpp >index 378dc505f7007b5207a2115a856002d54cf11cb7..bd249581f5cba6b3fe8f5f36706bd4ada9e38877 100644 >--- a/Source/JavaScriptCore/jit/JITOpcodes.cpp >+++ b/Source/JavaScriptCore/jit/JITOpcodes.cpp >@@ -96,7 +96,7 @@ void JIT::emit_op_new_object(const Instruction* currentInstruction) > auto& metadata = bytecode.metadata(m_codeBlock); > Structure* structure = metadata.m_objectAllocationProfile.structure(); > size_t allocationSize = JSFinalObject::allocationSize(structure->inlineCapacity()); >- Allocator allocator = subspaceFor<JSFinalObject>(*m_vm)->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); >+ Allocator allocator = allocatorForNonVirtualConcurrently<JSFinalObject>(*m_vm, allocationSize, AllocatorForMode::AllocatorIfExists); > > RegisterID resultReg = regT0; > RegisterID allocatorReg = regT1; >diff --git a/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp b/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp >index f36cd4339dee03f75ed10df196948e2317570f69..0816da4a5fe7106e2f582795bebd0b5859074bbd 100644 >--- a/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp >+++ b/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp >@@ -84,7 +84,7 @@ void JIT::emit_op_new_object(const Instruction* currentInstruction) > auto& metadata = bytecode.metadata(m_codeBlock); > Structure* structure = metadata.m_objectAllocationProfile.structure(); > size_t allocationSize = JSFinalObject::allocationSize(structure->inlineCapacity()); >- Allocator allocator = subspaceFor<JSFinalObject>(*m_vm)->allocatorForNonVirtual(allocationSize, AllocatorForMode::AllocatorIfExists); >+ Allocator allocator = allocatorForNonVirtualConcurrently<JSFinalObject>(*m_vm, allocationSize, AllocatorForMode::AllocatorIfExists); > > RegisterID resultReg = returnValueGPR; > RegisterID allocatorReg = regT1; >diff --git a/Source/JavaScriptCore/runtime/DirectArguments.h b/Source/JavaScriptCore/runtime/DirectArguments.h >index 2a78fd0fea3e83af1404005d6ac3be5be13a0cae..32cdd0b7046cc8f6186b58c439d65745efe9dced 100644 >--- a/Source/JavaScriptCore/runtime/DirectArguments.h >+++ b/Source/JavaScriptCore/runtime/DirectArguments.h >@@ -46,10 +46,10 @@ class DirectArguments final : public GenericArguments<DirectArguments> { > DirectArguments(VM&, Structure*, unsigned length, unsigned capacity); > > public: >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { >- RELEASE_ASSERT(!CellType::needsDestruction); >+ static_assert(!CellType::needsDestruction, ""); > return &vm.jsValueGigacageCellSpace; > } > >diff --git a/Source/JavaScriptCore/runtime/DirectEvalExecutable.h b/Source/JavaScriptCore/runtime/DirectEvalExecutable.h >index 32067080e78f797345851fd79d4f0ba6fc18feae..63e00f446c6bb92a49995e64ec1fbc420a1b6872 100644 >--- a/Source/JavaScriptCore/runtime/DirectEvalExecutable.h >+++ b/Source/JavaScriptCore/runtime/DirectEvalExecutable.h >@@ -31,10 +31,10 @@ namespace JSC { > > class DirectEvalExecutable final : public EvalExecutable { > public: >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.directEvalExecutableSpace.space; >+ return vm.directEvalExecutableSpace<mode>(); > } > > static DirectEvalExecutable* create(ExecState*, const SourceCode&, bool isInStrictContext, DerivedContextType, bool isArrowFunctionContext, EvalContextType, const VariableEnvironment*); >diff --git a/Source/JavaScriptCore/runtime/ErrorInstance.h b/Source/JavaScriptCore/runtime/ErrorInstance.h >index d95cbf81b40169581a5e2a144959bf72e49e2534..fbc6f253d936df37efa7a6c4bee15f5b916b7ebb 100644 >--- a/Source/JavaScriptCore/runtime/ErrorInstance.h >+++ b/Source/JavaScriptCore/runtime/ErrorInstance.h >@@ -72,10 +72,10 @@ class ErrorInstance : public JSDestructibleObject { > bool materializeErrorInfoIfNeeded(VM&); > bool materializeErrorInfoIfNeeded(VM&, PropertyName); > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.errorInstanceSpace; >+ return vm.errorInstanceSpace<mode>(); > } > > void finalizeUnconditionally(VM&); >diff --git a/Source/JavaScriptCore/runtime/ExecutableBase.h b/Source/JavaScriptCore/runtime/ExecutableBase.h >index 296da1b4a0f8dd2ef067d4d86fee10b185e6395c..4ba9896070935cd4e4378b5ff336eafad0582da7 100644 >--- a/Source/JavaScriptCore/runtime/ExecutableBase.h >+++ b/Source/JavaScriptCore/runtime/ExecutableBase.h >@@ -84,7 +84,7 @@ class ExecutableBase : public JSCell { > static void destroy(JSCell*); > > // Force subclasses to override this. >- template<typename> >+ template<typename, SubspaceAccess> > static void subspaceFor(VM&) { } > > CodeBlockHash hashFor(CodeSpecializationKind) const; >diff --git a/Source/JavaScriptCore/runtime/FunctionExecutable.h b/Source/JavaScriptCore/runtime/FunctionExecutable.h >index 013696a932931762cdba6da54824049454ee075d..0e1882983d3fe259f9b81cc2f18f457f098b6d53 100644 >--- a/Source/JavaScriptCore/runtime/FunctionExecutable.h >+++ b/Source/JavaScriptCore/runtime/FunctionExecutable.h >@@ -40,7 +40,7 @@ class FunctionExecutable final : public ScriptExecutable { > typedef ScriptExecutable Base; > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.functionExecutableSpace.space; >diff --git a/Source/JavaScriptCore/runtime/IndirectEvalExecutable.h b/Source/JavaScriptCore/runtime/IndirectEvalExecutable.h >index d868d93efc342cca017720de22646c1af2632e76..511b447ec9b982f202beca3bbc5092288f66ae66 100644 >--- a/Source/JavaScriptCore/runtime/IndirectEvalExecutable.h >+++ b/Source/JavaScriptCore/runtime/IndirectEvalExecutable.h >@@ -31,10 +31,10 @@ namespace JSC { > > class IndirectEvalExecutable final : public EvalExecutable { > public: >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.indirectEvalExecutableSpace.space; >+ return vm.indirectEvalExecutableSpace<mode>(); > } > > static IndirectEvalExecutable* create(ExecState*, const SourceCode&, bool isInStrictContext, DerivedContextType, bool isArrowFunctionContext, EvalContextType); >diff --git a/Source/JavaScriptCore/runtime/InferredValue.cpp b/Source/JavaScriptCore/runtime/InferredValue.cpp >index 989479edfd68b524041590fc723d8853040d4aec..c90f55d7baa5dadf7a251f3e44bff2bc3362c43d 100644 >--- a/Source/JavaScriptCore/runtime/InferredValue.cpp >+++ b/Source/JavaScriptCore/runtime/InferredValue.cpp >@@ -63,7 +63,7 @@ void InferredValue::visitChildren(JSCell* cell, SlotVisitor& visitor) > if (!value.isCell()) > return; > >- visitor.vm().inferredValuesWithFinalizers.add(inferredValue); >+ VM::SpaceAndSet::setFor(*inferredValue->subspace()).add(inferredValue); > } > > InferredValue::InferredValue(VM& vm) >diff --git a/Source/JavaScriptCore/runtime/InferredValue.h b/Source/JavaScriptCore/runtime/InferredValue.h >index 08028ef4b7e5cc3ab9231ea6d1063920ae9a0338..da63e018c34d980aa06ee14bc972a57a29f0b6b6 100644 >--- a/Source/JavaScriptCore/runtime/InferredValue.h >+++ b/Source/JavaScriptCore/runtime/InferredValue.h >@@ -45,10 +45,10 @@ class InferredValue final : public JSCell { > public: > typedef JSCell Base; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.inferredValueSpace; >+ return vm.inferredValueSpace<mode>(); > } > > static InferredValue* create(VM&); >diff --git a/Source/JavaScriptCore/runtime/InferredValueInlines.h b/Source/JavaScriptCore/runtime/InferredValueInlines.h >index 9694b6df766ab98842534e65fcbfe311c22c404a..95114e44eb6aa617af20d3c529360c2487dfb886 100644 >--- a/Source/JavaScriptCore/runtime/InferredValueInlines.h >+++ b/Source/JavaScriptCore/runtime/InferredValueInlines.h >@@ -40,7 +40,7 @@ void InferredValue::finalizeUnconditionally(VM& vm) > invalidate(vm, StringFireDetail("InferredValue clean-up during GC")); > } > >- vm.inferredValuesWithFinalizers.remove(this); >+ VM::SpaceAndSet::setFor(*subspace()).remove(this); > } > > } // namespace JSC >diff --git a/Source/JavaScriptCore/runtime/InternalFunction.h b/Source/JavaScriptCore/runtime/InternalFunction.h >index 244c4f72a8f6783cadb04c2f5d4187f8d9a1d98a..634d9dd1027b68d4130d4188f6d76e0e8d2796b2 100644 >--- a/Source/JavaScriptCore/runtime/InternalFunction.h >+++ b/Source/JavaScriptCore/runtime/InternalFunction.h >@@ -38,7 +38,7 @@ class InternalFunction : public JSDestructibleObject { > typedef JSDestructibleObject Base; > static const unsigned StructureFlags = Base::StructureFlags | ImplementsHasInstance | ImplementsDefaultHasInstance | OverridesGetCallData; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > static_assert(sizeof(CellType) == sizeof(InternalFunction), "InternalFunction subclasses that add fields need to override subspaceFor<>()"); >diff --git a/Source/JavaScriptCore/runtime/JSAsyncFunction.h b/Source/JavaScriptCore/runtime/JSAsyncFunction.h >index 9b98ea28efea48e8a9e781cab18f92c6121f46fd..ba80bab6c9c9fbb644aa72fc6f088d6e979b0772 100644 >--- a/Source/JavaScriptCore/runtime/JSAsyncFunction.h >+++ b/Source/JavaScriptCore/runtime/JSAsyncFunction.h >@@ -38,7 +38,7 @@ class JSAsyncFunction final : public JSFunction { > > const static unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.functionSpace; >diff --git a/Source/JavaScriptCore/runtime/JSAsyncGeneratorFunction.h b/Source/JavaScriptCore/runtime/JSAsyncGeneratorFunction.h >index 06c072bcd887813ef51bc24863d5ad474bb9dfcf..70239b8c03a03545e193c6781bf452a5b6af4e37 100644 >--- a/Source/JavaScriptCore/runtime/JSAsyncGeneratorFunction.h >+++ b/Source/JavaScriptCore/runtime/JSAsyncGeneratorFunction.h >@@ -38,7 +38,7 @@ class JSAsyncGeneratorFunction final : public JSFunction { > > const static unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.functionSpace; >diff --git a/Source/JavaScriptCore/runtime/JSBoundFunction.h b/Source/JavaScriptCore/runtime/JSBoundFunction.h >index 928ddc58a219f12a39d97d4d1008485d99688491..5814886be607d0e4a9e2b0bac10b7b565c5b68d9 100644 >--- a/Source/JavaScriptCore/runtime/JSBoundFunction.h >+++ b/Source/JavaScriptCore/runtime/JSBoundFunction.h >@@ -42,10 +42,10 @@ class JSBoundFunction final : public JSFunction { > const static unsigned StructureFlags = Base::StructureFlags & ~ImplementsDefaultHasInstance; > static_assert(StructureFlags & ImplementsHasInstance, ""); > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.boundFunctionSpace; >+ return vm.boundFunctionSpace<mode>(); > } > > static JSBoundFunction* create(VM&, ExecState*, JSGlobalObject*, JSObject* targetFunction, JSValue boundThis, JSArray* boundArgs, int, const String& name); >diff --git a/Source/JavaScriptCore/runtime/JSCell.h b/Source/JavaScriptCore/runtime/JSCell.h >index 9e8ba60d9f621e49881fe22026cafdaa8ea7eda8..d050e6a70e1753c95dee7afe50279a2987678cbf 100644 >--- a/Source/JavaScriptCore/runtime/JSCell.h >+++ b/Source/JavaScriptCore/runtime/JSCell.h >@@ -32,6 +32,7 @@ > #include "JSLock.h" > #include "JSTypeInfo.h" > #include "SlotVisitor.h" >+#include "SubspaceAccess.h" > #include "TypedArrayType.h" > #include "WriteBarrier.h" > >@@ -88,7 +89,7 @@ class JSCell : public HeapCell { > // Don't call this directly. Call JSC::subspaceFor<Type>(vm) instead. > // FIXME: Refer to Subspace by reference. > // https://bugs.webkit.org/show_bug.cgi?id=166988 >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM&); > > static JSCell* seenMultipleCalleeObjects() { return bitwise_cast<JSCell*>(static_cast<uintptr_t>(1)); } >@@ -294,7 +295,13 @@ class JSCellLock : public JSCell { > template<typename Type> > inline auto subspaceFor(VM& vm) > { >- return Type::template subspaceFor<Type>(vm); >+ return Type::template subspaceFor<Type, SubspaceAccess::OnMainThread>(vm); >+} >+ >+template<typename Type> >+inline auto subspaceForConcurrently(VM& vm) >+{ >+ return Type::template subspaceFor<Type, SubspaceAccess::Concurrently>(vm); > } > > } // namespace JSC >diff --git a/Source/JavaScriptCore/runtime/JSCellInlines.h b/Source/JavaScriptCore/runtime/JSCellInlines.h >index f4639eb0792f9edcf3fcc4a9b8a7d95a5b9c2d64..e8860f2a00a62cbaf26eb744a92d1c5f7ca1be6e 100644 >--- a/Source/JavaScriptCore/runtime/JSCellInlines.h >+++ b/Source/JavaScriptCore/runtime/JSCellInlines.h >@@ -25,6 +25,7 @@ > > #pragma once > >+#include "AllocatorForMode.h" > #include "AllocatorInlines.h" > #include "CompleteSubspaceInlines.h" > #include "CPU.h" >@@ -145,7 +146,7 @@ ALWAYS_INLINE VM& ExecState::vm() const > return *callee->markedBlock().vm(); > } > >-template<typename CellType> >+template<typename CellType, SubspaceAccess> > CompleteSubspace* JSCell::subspaceFor(VM& vm) > { > if (CellType::needsDestruction) >@@ -153,6 +154,14 @@ CompleteSubspace* JSCell::subspaceFor(VM& vm) > return &vm.cellSpace; > } > >+template<typename Type> >+inline Allocator allocatorForNonVirtualConcurrently(VM& vm, size_t allocationSize, AllocatorForMode mode) >+{ >+ if (auto* subspace = subspaceForConcurrently<Type>(vm)) >+ return subspace->allocatorForNonVirtual(allocationSize, mode); >+ return { }; >+} >+ > template<typename T> > ALWAYS_INLINE void* tryAllocateCellHelper(Heap& heap, size_t size, GCDeferralContext* deferralContext, AllocationFailureMode failureMode) > { >diff --git a/Source/JavaScriptCore/runtime/JSCustomGetterSetterFunction.h b/Source/JavaScriptCore/runtime/JSCustomGetterSetterFunction.h >index 17c7f18be8db35a85d216906312f1a1e8d5439cc..dfac65c58aa46afc126d7187b1772fc6d29a155c 100644 >--- a/Source/JavaScriptCore/runtime/JSCustomGetterSetterFunction.h >+++ b/Source/JavaScriptCore/runtime/JSCustomGetterSetterFunction.h >@@ -40,10 +40,10 @@ class JSCustomGetterSetterFunction final : public JSFunction { > > static const unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.customGetterSetterFunctionSpace; >+ return vm.customGetterSetterFunctionSpace<mode>(); > } > > static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype) >diff --git a/Source/JavaScriptCore/runtime/JSDestructibleObject.h b/Source/JavaScriptCore/runtime/JSDestructibleObject.h >index 43828f0fc1df41bf35b9f13777d987a53b92ce82..d2617b75836fe3a647968bc33d0f01f091964adb 100644 >--- a/Source/JavaScriptCore/runtime/JSDestructibleObject.h >+++ b/Source/JavaScriptCore/runtime/JSDestructibleObject.h >@@ -37,7 +37,7 @@ class JSDestructibleObject : public JSNonFinalObject { > > static const bool needsDestruction = true; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { > return &vm.destructibleObjectSpace; >diff --git a/Source/JavaScriptCore/runtime/JSFunction.h b/Source/JavaScriptCore/runtime/JSFunction.h >index 1e77632b511f2e26e2c4d2af892d9a6966b4c63b..3bf067658c3af38e759784e06a7b4dde43823f7e 100644 >--- a/Source/JavaScriptCore/runtime/JSFunction.h >+++ b/Source/JavaScriptCore/runtime/JSFunction.h >@@ -62,7 +62,7 @@ class JSFunction : public JSCallee { > > public: > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.functionSpace; >diff --git a/Source/JavaScriptCore/runtime/JSGeneratorFunction.h b/Source/JavaScriptCore/runtime/JSGeneratorFunction.h >index ee5ac42a806d49786779fe5c1360b9edbe8ef46a..99781c57b97a303675203988f2b392bda82a0311 100644 >--- a/Source/JavaScriptCore/runtime/JSGeneratorFunction.h >+++ b/Source/JavaScriptCore/runtime/JSGeneratorFunction.h >@@ -66,7 +66,7 @@ class JSGeneratorFunction final : public JSFunction { > > const static unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.functionSpace; >diff --git a/Source/JavaScriptCore/runtime/JSImmutableButterfly.h b/Source/JavaScriptCore/runtime/JSImmutableButterfly.h >index 4ac2a6c4e4b5da3ccad5d448328f52ac67f69cd2..b554c5fdeccf6bc1ee3633ff4811eed2755047b0 100644 >--- a/Source/JavaScriptCore/runtime/JSImmutableButterfly.h >+++ b/Source/JavaScriptCore/runtime/JSImmutableButterfly.h >@@ -88,7 +88,7 @@ class JSImmutableButterfly : public JSCell { > > void copyToArguments(ExecState*, VirtualRegister firstElementDest, unsigned offset, unsigned length); > >- template<typename> >+ template<typename, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { > // We allocate out of the JSValue gigacage as other code expects all butterflies to live there. >diff --git a/Source/JavaScriptCore/runtime/JSLexicalEnvironment.h b/Source/JavaScriptCore/runtime/JSLexicalEnvironment.h >index cfec9567b6746ddd06e464133121a9dd021deea2..3b67629889603a67ecf6c05df4748c3a5119cdb3 100644 >--- a/Source/JavaScriptCore/runtime/JSLexicalEnvironment.h >+++ b/Source/JavaScriptCore/runtime/JSLexicalEnvironment.h >@@ -40,10 +40,10 @@ class JSLexicalEnvironment : public JSSymbolTableObject { > friend class JIT; > friend class LLIntOffsetsExtractor; > public: >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { >- RELEASE_ASSERT(!CellType::needsDestruction); >+ static_assert(!CellType::needsDestruction, ""); > return &vm.jsValueGigacageCellSpace; > } > >diff --git a/Source/JavaScriptCore/runtime/JSNativeStdFunction.h b/Source/JavaScriptCore/runtime/JSNativeStdFunction.h >index e2041496f8e7aa208c0fc66a034980d98d0ff0ac..fab9d6e357e797175cf04d15eae1742968c7409b 100644 >--- a/Source/JavaScriptCore/runtime/JSNativeStdFunction.h >+++ b/Source/JavaScriptCore/runtime/JSNativeStdFunction.h >@@ -40,10 +40,10 @@ class JSNativeStdFunction final : public JSFunction { > > const static unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.nativeStdFunctionSpace; >+ return vm.nativeStdFunctionSpace<mode>(); > } > > DECLARE_EXPORT_INFO; >diff --git a/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h b/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h >index cb5fe372ae22fbe10fba8a650f84cef59a24a511..deef4e5f9e86a87797521910b6167133af65b618 100644 >--- a/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h >+++ b/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h >@@ -90,7 +90,7 @@ class JSSegmentedVariableObject : public JSSymbolTableObject { > > static void destroy(JSCell*); > >- template<typename> >+ template<typename, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { > return &vm.segmentedVariableObjectSpace; >diff --git a/Source/JavaScriptCore/runtime/JSString.h b/Source/JavaScriptCore/runtime/JSString.h >index 57d7f9040240f06f700fb88dd1233134c374f1af..8b4d2091364236480ee62748b2706f1d3239b11d 100644 >--- a/Source/JavaScriptCore/runtime/JSString.h >+++ b/Source/JavaScriptCore/runtime/JSString.h >@@ -89,7 +89,7 @@ class JSString : public JSCell { > > // We specialize the string subspace to get the fastest possible sweep. This wouldn't be > // necessary if JSString didn't have a destructor. >- template<typename> >+ template<typename, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { > return &vm.stringSpace; >diff --git a/Source/JavaScriptCore/runtime/ModuleProgramExecutable.h b/Source/JavaScriptCore/runtime/ModuleProgramExecutable.h >index f5171d4c34ad27d9b92167d64471964156b0d524..ff82c284a90013ee561c9b30b70c0e37012c46cf 100644 >--- a/Source/JavaScriptCore/runtime/ModuleProgramExecutable.h >+++ b/Source/JavaScriptCore/runtime/ModuleProgramExecutable.h >@@ -36,10 +36,10 @@ class ModuleProgramExecutable final : public ScriptExecutable { > typedef ScriptExecutable Base; > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.moduleProgramExecutableSpace.space; >+ return vm.moduleProgramExecutableSpace<mode>(); > } > > static ModuleProgramExecutable* create(ExecState*, const SourceCode&); >diff --git a/Source/JavaScriptCore/runtime/NativeExecutable.h b/Source/JavaScriptCore/runtime/NativeExecutable.h >index 637be6fde74715921559e6159b3717a89a0849a2..91fb35ba0ea3c438a2400c24a458e9bbfb99cb44 100644 >--- a/Source/JavaScriptCore/runtime/NativeExecutable.h >+++ b/Source/JavaScriptCore/runtime/NativeExecutable.h >@@ -44,7 +44,7 @@ class NativeExecutable final : public ExecutableBase { > > static void destroy(JSCell*); > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.nativeExecutableSpace; >diff --git a/Source/JavaScriptCore/runtime/ProgramExecutable.h b/Source/JavaScriptCore/runtime/ProgramExecutable.h >index ff84c9e7122866318a4acf415c856f211c088b7f..a1ecd21e0100fff7e7256a9d5c746658e423130d 100644 >--- a/Source/JavaScriptCore/runtime/ProgramExecutable.h >+++ b/Source/JavaScriptCore/runtime/ProgramExecutable.h >@@ -36,7 +36,7 @@ class ProgramExecutable final : public ScriptExecutable { > typedef ScriptExecutable Base; > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.programExecutableSpace.space; >diff --git a/Source/JavaScriptCore/runtime/PropertyMapHashTable.h b/Source/JavaScriptCore/runtime/PropertyMapHashTable.h >index 27edadc47ccd864ab01f5c3950dcf18828888058..70e9a71d0ddb064cc255b4e3e22a90abdeaf3828 100644 >--- a/Source/JavaScriptCore/runtime/PropertyMapHashTable.h >+++ b/Source/JavaScriptCore/runtime/PropertyMapHashTable.h >@@ -123,7 +123,7 @@ class PropertyTable final : public JSCell { > typedef JSCell Base; > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.propertyTableSpace; >diff --git a/Source/JavaScriptCore/runtime/ProxyRevoke.h b/Source/JavaScriptCore/runtime/ProxyRevoke.h >index 322096564e9870cc392e383c9005f770ba8e7e80..64bfe3a7ef3f4397070ad45efd920345b374c395 100644 >--- a/Source/JavaScriptCore/runtime/ProxyRevoke.h >+++ b/Source/JavaScriptCore/runtime/ProxyRevoke.h >@@ -36,10 +36,10 @@ class ProxyRevoke final : public InternalFunction { > typedef InternalFunction Base; > static const unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.proxyRevokeSpace; >+ return vm.proxyRevokeSpace<mode>(); > } > > static ProxyRevoke* create(VM&, Structure*, ProxyObject*); >diff --git a/Source/JavaScriptCore/runtime/ScopedArguments.h b/Source/JavaScriptCore/runtime/ScopedArguments.h >index a9c0b2407fa50018c337169233dc7ff2f57829ad..f36db86986262f435bee43a9edb3f30ce0cbdd70 100644 >--- a/Source/JavaScriptCore/runtime/ScopedArguments.h >+++ b/Source/JavaScriptCore/runtime/ScopedArguments.h >@@ -43,10 +43,10 @@ class ScopedArguments final : public GenericArguments<ScopedArguments> { > using Base = GenericArguments<ScopedArguments>; > > public: >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { >- RELEASE_ASSERT(!CellType::needsDestruction); >+ static_assert(!CellType::needsDestruction, ""); > return &vm.jsValueGigacageCellSpace; > } > >diff --git a/Source/JavaScriptCore/runtime/ScriptExecutable.cpp b/Source/JavaScriptCore/runtime/ScriptExecutable.cpp >index 891c3a151a9b20f57645d6cd4943ff4ed750c560..3251a7908f681ef1d2aadef3ef8d9e7255d9b339 100644 >--- a/Source/JavaScriptCore/runtime/ScriptExecutable.cpp >+++ b/Source/JavaScriptCore/runtime/ScriptExecutable.cpp >@@ -68,7 +68,7 @@ void ScriptExecutable::destroy(JSCell* cell) > void ScriptExecutable::clearCode(IsoCellSet& clearableCodeSet) > { > Base::clearCode(); >- ASSERT(&VM::ScriptExecutableSpaceAndSet::clearableCodeSetFor(*subspace()) == &clearableCodeSet); >+ ASSERT(&VM::SpaceAndSet::setFor(*subspace()) == &clearableCodeSet); > clearableCodeSet.remove(this); > } > >@@ -149,7 +149,7 @@ void ScriptExecutable::installCode(VM& vm, CodeBlock* genericCodeBlock, CodeType > break; > } > >- auto& clearableCodeSet = VM::ScriptExecutableSpaceAndSet::clearableCodeSetFor(*subspace()); >+ auto& clearableCodeSet = VM::SpaceAndSet::setFor(*subspace()); > if (hasClearableCode()) > clearableCodeSet.add(this); > else >diff --git a/Source/JavaScriptCore/runtime/Structure.h b/Source/JavaScriptCore/runtime/Structure.h >index e11a853e1acbd24b695d10109d1dd3205ce0ea62..36826932411c067c1bbc73f5a392aa94a7e6ee96 100644 >--- a/Source/JavaScriptCore/runtime/Structure.h >+++ b/Source/JavaScriptCore/runtime/Structure.h >@@ -132,7 +132,7 @@ class Structure final : public JSCell { > > ~Structure(); > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.structureSpace; >diff --git a/Source/JavaScriptCore/runtime/StructureRareData.h b/Source/JavaScriptCore/runtime/StructureRareData.h >index 336732d11d873d42f20f9910871e28c270f6a885..c4be7140ce82c2941d2241f38d8d5af38f8bc618 100644 >--- a/Source/JavaScriptCore/runtime/StructureRareData.h >+++ b/Source/JavaScriptCore/runtime/StructureRareData.h >@@ -43,7 +43,7 @@ class StructureRareData final : public JSCell { > typedef JSCell Base; > static const unsigned StructureFlags = Base::StructureFlags | StructureIsImmortal; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > return &vm.structureRareDataSpace; >diff --git a/Source/JavaScriptCore/runtime/SubspaceAccess.h b/Source/JavaScriptCore/runtime/SubspaceAccess.h >new file mode 100644 >index 0000000000000000000000000000000000000000..66e71d851f00a9041850231095e2985cce8d0695 >--- /dev/null >+++ b/Source/JavaScriptCore/runtime/SubspaceAccess.h >@@ -0,0 +1,35 @@ >+/* >+ * Copyright (C) 2019 Apple Inc. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#pragma once >+ >+namespace JSC { >+ >+enum class SubspaceAccess { >+ OnMainThread, >+ Concurrently, >+}; >+ >+} >diff --git a/Source/JavaScriptCore/runtime/VM.cpp b/Source/JavaScriptCore/runtime/VM.cpp >index 30afc6ab9cb4c4417191642e69b5f2ecd0d21870..c804e439af0a4e963466b2ddfadea2eb9e1dc53a 100644 >--- a/Source/JavaScriptCore/runtime/VM.cpp >+++ b/Source/JavaScriptCore/runtime/VM.cpp >@@ -287,38 +287,17 @@ VM::VM(VMType vmType, HeapType heapType) > , destructibleObjectSpace("JSDestructibleObject", heap, destructibleObjectHeapCellType.get(), fastMallocAllocator.get()) > , eagerlySweptDestructibleObjectSpace("Eagerly Swept JSDestructibleObject", heap, destructibleObjectHeapCellType.get(), fastMallocAllocator.get()) > , segmentedVariableObjectSpace("JSSegmentedVariableObjectSpace", heap, segmentedVariableObjectHeapCellType.get(), fastMallocAllocator.get()) >- , boundFunctionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSBoundFunction) >- , callbackFunctionSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), JSCallbackFunction) >- , customGetterSetterFunctionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSCustomGetterSetterFunction) > , executableToCodeBlockEdgeSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), ExecutableToCodeBlockEdge) > , functionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSFunction) >- , inferredValueSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), InferredValue) > , internalFunctionSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), InternalFunction) > , nativeExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), NativeExecutable) >- , nativeStdFunctionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSNativeStdFunction) >-#if JSC_OBJC_API_ENABLED >- , objCCallbackFunctionSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), ObjCCallbackFunction) >-#endif > , propertyTableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), PropertyTable) >- , proxyRevokeSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), ProxyRevoke) > , structureRareDataSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), StructureRareData) > , structureSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), Structure) >- , weakSetSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), JSWeakSet) >- , weakMapSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), JSWeakMap) >- , errorInstanceSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), ErrorInstance) >-#if ENABLE(WEBASSEMBLY) >- , webAssemblyCodeBlockSpace ISO_SUBSPACE_INIT(heap, webAssemblyCodeBlockHeapCellType.get(), JSWebAssemblyCodeBlock) >- , webAssemblyFunctionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), WebAssemblyFunction) >- , webAssemblyWrapperFunctionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), WebAssemblyWrapperFunction) >-#endif > , executableToCodeBlockEdgesWithConstraints(executableToCodeBlockEdgeSpace) > , executableToCodeBlockEdgesWithFinalizers(executableToCodeBlockEdgeSpace) >- , inferredValuesWithFinalizers(inferredValueSpace) > , codeBlockSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), CodeBlock) >- , directEvalExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), DirectEvalExecutable) > , functionExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), FunctionExecutable) >- , indirectEvalExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), IndirectEvalExecutable) >- , moduleProgramExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), ModuleProgramExecutable) > , programExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), ProgramExecutable) > , unlinkedFunctionExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), UnlinkedFunctionExecutable) > , vmType(vmType) >@@ -1239,6 +1218,49 @@ void VM::ensureShadowChicken() > m_shadowChicken = std::make_unique<ShadowChicken>(); > } > >+#define DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(name, heapCellType, type) \ >+ IsoSubspace* VM::name##Slow() \ >+ { \ >+ ASSERT(!m_##name); \ >+ auto space = std::make_unique<IsoSubspace> ISO_SUBSPACE_INIT(heap, heapCellType, type); \ >+ WTF::storeStoreFence(); \ >+ m_##name = WTFMove(space); \ >+ return m_##name.get(); \ >+ } >+ >+ >+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(boundFunctionSpace, cellHeapCellType.get(), JSBoundFunction) >+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(callbackFunctionSpace, destructibleObjectHeapCellType.get(), JSCallbackFunction) >+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(customGetterSetterFunctionSpace, cellHeapCellType.get(), JSCustomGetterSetterFunction) >+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(errorInstanceSpace, destructibleObjectHeapCellType.get(), ErrorInstance) >+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(nativeStdFunctionSpace, cellHeapCellType.get(), JSNativeStdFunction) >+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(proxyRevokeSpace, destructibleObjectHeapCellType.get(), ProxyRevoke) >+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(weakMapSpace, destructibleObjectHeapCellType.get(), JSWeakMap) >+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(weakSetSpace, destructibleObjectHeapCellType.get(), JSWeakSet) >+#if JSC_OBJC_API_ENABLED >+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(objCCallbackFunctionSpace, destructibleObjectHeapCellType.get(), ObjCCallbackFunction) >+#endif >+#if ENABLE(WEBASSEMBLY) >+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(webAssemblyCodeBlockSpace, webAssemblyCodeBlockHeapCellType.get(), JSWebAssemblyCodeBlock) >+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(webAssemblyFunctionSpace, cellHeapCellType.get(), WebAssemblyFunction) >+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(webAssemblyWrapperFunctionSpace, cellHeapCellType.get(), WebAssemblyWrapperFunction) >+#endif >+ >+#define DYNAMIC_SPACE_AND_SET_DEFINE_MEMBER_SLOW(name, heapCellType, type) \ >+ IsoSubspace* VM::name##Slow() \ >+ { \ >+ ASSERT(!m_##name); \ >+ auto space = std::make_unique<SpaceAndSet> ISO_SUBSPACE_INIT(heap, heapCellType, type); \ >+ WTF::storeStoreFence(); \ >+ m_##name = WTFMove(space); \ >+ return &m_##name->space; \ >+ } >+ >+DYNAMIC_SPACE_AND_SET_DEFINE_MEMBER_SLOW(inferredValueSpace, destructibleCellHeapCellType.get(), InferredValue) >+DYNAMIC_SPACE_AND_SET_DEFINE_MEMBER_SLOW(directEvalExecutableSpace, destructibleCellHeapCellType.get(), DirectEvalExecutable) >+DYNAMIC_SPACE_AND_SET_DEFINE_MEMBER_SLOW(indirectEvalExecutableSpace, destructibleCellHeapCellType.get(), IndirectEvalExecutable) >+DYNAMIC_SPACE_AND_SET_DEFINE_MEMBER_SLOW(moduleProgramExecutableSpace, destructibleCellHeapCellType.get(), ModuleProgramExecutable) >+ > JSGlobalObject* VM::vmEntryGlobalObject(const CallFrame* callFrame) const > { > if (callFrame && callFrame->isGlobalExec()) { >diff --git a/Source/JavaScriptCore/runtime/VM.h b/Source/JavaScriptCore/runtime/VM.h >index 8abaa20b154226ec2189d27f0cda7da667c56ab2..619d993b33ba8415e2ac7fd01ff3699ff8242c8a 100644 >--- a/Source/JavaScriptCore/runtime/VM.h >+++ b/Source/JavaScriptCore/runtime/VM.h >@@ -51,6 +51,7 @@ > #include "SmallStrings.h" > #include "Strong.h" > #include "StructureCache.h" >+#include "SubspaceAccess.h" > #include "VMTraps.h" > #include "WasmContext.h" > #include "Watchpoint.h" >@@ -366,56 +367,83 @@ class VM : public ThreadSafeRefCounted<VM>, public DoublyLinkedListNode<VM> { > CompleteSubspace eagerlySweptDestructibleObjectSpace; > CompleteSubspace segmentedVariableObjectSpace; > >- IsoSubspace boundFunctionSpace; >- IsoSubspace callbackFunctionSpace; >- IsoSubspace customGetterSetterFunctionSpace; > IsoSubspace executableToCodeBlockEdgeSpace; > IsoSubspace functionSpace; >- IsoSubspace inferredValueSpace; > IsoSubspace internalFunctionSpace; > IsoSubspace nativeExecutableSpace; >- IsoSubspace nativeStdFunctionSpace; >-#if JSC_OBJC_API_ENABLED >- IsoSubspace objCCallbackFunctionSpace; >-#endif > IsoSubspace propertyTableSpace; >- IsoSubspace proxyRevokeSpace; > IsoSubspace structureRareDataSpace; > IsoSubspace structureSpace; >- IsoSubspace weakSetSpace; >- IsoSubspace weakMapSpace; >- IsoSubspace errorInstanceSpace; >+ >+#define DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(name) \ >+ template<SubspaceAccess mode> \ >+ IsoSubspace* name() \ >+ { \ >+ if (m_##name || mode == SubspaceAccess::Concurrently) \ >+ return m_##name.get(); \ >+ return name##Slow(); \ >+ } \ >+ IsoSubspace* name##Slow(); \ >+ std::unique_ptr<IsoSubspace> m_##name; >+ >+ >+#if JSC_OBJC_API_ENABLED >+ DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(objCCallbackFunctionSpace) >+#endif >+ DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(boundFunctionSpace) >+ DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(callbackFunctionSpace) >+ DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(customGetterSetterFunctionSpace) >+ DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(errorInstanceSpace) >+ DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(nativeStdFunctionSpace) >+ DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(proxyRevokeSpace) >+ DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(weakSetSpace) >+ DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(weakMapSpace) > #if ENABLE(WEBASSEMBLY) >- IsoSubspace webAssemblyCodeBlockSpace; >- IsoSubspace webAssemblyFunctionSpace; >- IsoSubspace webAssemblyWrapperFunctionSpace; >+ DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(webAssemblyCodeBlockSpace) >+ DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(webAssemblyFunctionSpace) >+ DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(webAssemblyWrapperFunctionSpace) > #endif > > IsoCellSet executableToCodeBlockEdgesWithConstraints; > IsoCellSet executableToCodeBlockEdgesWithFinalizers; >- IsoCellSet inferredValuesWithFinalizers; >+ >+#define DYNAMIC_SPACE_AND_SET_DEFINE_MEMBER(name) \ >+ template<SubspaceAccess mode> \ >+ IsoSubspace* name() \ >+ { \ >+ if (auto* spaceAndSet = m_##name.get()) \ >+ return &spaceAndSet->space; \ >+ if (mode == SubspaceAccess::Concurrently) \ >+ return nullptr; \ >+ return name##Slow(); \ >+ } \ >+ IsoSubspace* name##Slow(); \ >+ std::unique_ptr<SpaceAndSet> m_##name; > >- struct SpaceAndFinalizerSet { >+ struct SpaceAndSet { >+ WTF_MAKE_STRUCT_FAST_ALLOCATED; >+ > IsoSubspace space; >- IsoCellSet finalizerSet; >+ IsoCellSet set; > > template<typename... Arguments> >- SpaceAndFinalizerSet(Arguments&&... arguments) >+ SpaceAndSet(Arguments&&... arguments) > : space(std::forward<Arguments>(arguments)...) >- , finalizerSet(space) >+ , set(space) > { > } > >- static IsoCellSet& finalizerSetFor(Subspace& space) >+ static IsoCellSet& setFor(Subspace& space) > { > return *bitwise_cast<IsoCellSet*>( > bitwise_cast<char*>(&space) - >- OBJECT_OFFSETOF(SpaceAndFinalizerSet, space) + >- OBJECT_OFFSETOF(SpaceAndFinalizerSet, finalizerSet)); >+ OBJECT_OFFSETOF(SpaceAndSet, space) + >+ OBJECT_OFFSETOF(SpaceAndSet, set)); > } > }; > >- SpaceAndFinalizerSet codeBlockSpace; >+ SpaceAndSet codeBlockSpace; >+ DYNAMIC_SPACE_AND_SET_DEFINE_MEMBER(inferredValueSpace) > > template<typename Func> > void forEachCodeBlockSpace(const Func& func) >@@ -425,61 +453,26 @@ class VM : public ThreadSafeRefCounted<VM>, public DoublyLinkedListNode<VM> { > func(codeBlockSpace); > } > >- struct ScriptExecutableSpaceAndSet { >- IsoSubspace space; >- IsoCellSet clearableCodeSet; >- >- template<typename... Arguments> >- ScriptExecutableSpaceAndSet(Arguments&&... arguments) >- : space(std::forward<Arguments>(arguments)...) >- , clearableCodeSet(space) >- { } >- >- static IsoCellSet& clearableCodeSetFor(Subspace& space) >- { >- return *bitwise_cast<IsoCellSet*>( >- bitwise_cast<char*>(&space) - >- OBJECT_OFFSETOF(ScriptExecutableSpaceAndSet, space) + >- OBJECT_OFFSETOF(ScriptExecutableSpaceAndSet, clearableCodeSet)); >- } >- }; >- >- ScriptExecutableSpaceAndSet directEvalExecutableSpace; >- ScriptExecutableSpaceAndSet functionExecutableSpace; >- ScriptExecutableSpaceAndSet indirectEvalExecutableSpace; >- ScriptExecutableSpaceAndSet moduleProgramExecutableSpace; >- ScriptExecutableSpaceAndSet programExecutableSpace; >+ DYNAMIC_SPACE_AND_SET_DEFINE_MEMBER(directEvalExecutableSpace) >+ DYNAMIC_SPACE_AND_SET_DEFINE_MEMBER(indirectEvalExecutableSpace) >+ DYNAMIC_SPACE_AND_SET_DEFINE_MEMBER(moduleProgramExecutableSpace) >+ SpaceAndSet functionExecutableSpace; >+ SpaceAndSet programExecutableSpace; > > template<typename Func> > void forEachScriptExecutableSpace(const Func& func) > { >- func(directEvalExecutableSpace); >+ if (m_directEvalExecutableSpace) >+ func(*m_directEvalExecutableSpace); > func(functionExecutableSpace); >- func(indirectEvalExecutableSpace); >- func(moduleProgramExecutableSpace); >+ if (m_indirectEvalExecutableSpace) >+ func(*m_indirectEvalExecutableSpace); >+ if (m_moduleProgramExecutableSpace) >+ func(*m_moduleProgramExecutableSpace); > func(programExecutableSpace); > } > >- struct UnlinkedFunctionExecutableSpaceAndSet { >- IsoSubspace space; >- IsoCellSet clearableCodeSet; >- >- template<typename... Arguments> >- UnlinkedFunctionExecutableSpaceAndSet(Arguments&&... arguments) >- : space(std::forward<Arguments>(arguments)...) >- , clearableCodeSet(space) >- { } >- >- static IsoCellSet& clearableCodeSetFor(Subspace& space) >- { >- return *bitwise_cast<IsoCellSet*>( >- bitwise_cast<char*>(&space) - >- OBJECT_OFFSETOF(UnlinkedFunctionExecutableSpaceAndSet, space) + >- OBJECT_OFFSETOF(UnlinkedFunctionExecutableSpaceAndSet, clearableCodeSet)); >- } >- }; >- >- UnlinkedFunctionExecutableSpaceAndSet unlinkedFunctionExecutableSpace; >+ SpaceAndSet unlinkedFunctionExecutableSpace; > > VMType vmType; > ClientData* clientData; >diff --git a/Source/JavaScriptCore/runtime/WeakMapImpl.h b/Source/JavaScriptCore/runtime/WeakMapImpl.h >index 5258cbc2d3e107b6f118132bc68f6d20d5e5100a..8b45ffe15912937d01c8bb10a767ec93d3ded65a 100644 >--- a/Source/JavaScriptCore/runtime/WeakMapImpl.h >+++ b/Source/JavaScriptCore/runtime/WeakMapImpl.h >@@ -302,12 +302,12 @@ class WeakMapImpl : public JSDestructibleObject { > return std::is_same<WeakMapBucketType, JSC::WeakMapBucket<WeakMapBucketDataKey>>::value; > } > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { > if (isWeakMap()) >- return &vm.weakMapSpace; >- return &vm.weakSetSpace; >+ return vm.weakMapSpace<mode>(); >+ return vm.weakSetSpace<mode>(); > } > > static void visitOutputConstraints(JSCell*, SlotVisitor&); >diff --git a/Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h b/Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h >index 0eb4aa16a2630b50900d3dfd6fd8c814a2c1b0bf..bf1ccacb101ccc94af9c4a715e797b781d1770ff 100644 >--- a/Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h >+++ b/Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h >@@ -59,10 +59,10 @@ class JSWebAssemblyCodeBlock final : public JSCell { > return Structure::create(vm, globalObject, prototype, TypeInfo(CellType, StructureFlags), info()); > } > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.webAssemblyCodeBlockSpace; >+ return vm.webAssemblyCodeBlockSpace<mode>(); > } > > Wasm::CodeBlock& codeBlock() { return m_codeBlock.get(); } >diff --git a/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.h b/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.h >index b03ae04171158bb4a34ca4b5aec7d50a1564c3d7..a1459453e8f9f35940f040c1893c5849b5b7bfe1 100644 >--- a/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.h >+++ b/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.h >@@ -43,7 +43,7 @@ class JSWebAssemblyMemory final : public JSDestructibleObject { > public: > typedef JSDestructibleObject Base; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess> > static CompleteSubspace* subspaceFor(VM& vm) > { > // We hold onto a lot of memory, so it makes a lot of sense to be swept eagerly. >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.h b/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.h >index 344390099ea133ac9d3f60530fddad359cc6c64f..feadec537aa4ae03545102327c87d88d99f79a41 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.h >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.h >@@ -49,10 +49,10 @@ class WebAssemblyFunction final : public WebAssemblyFunctionBase { > > const static unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.webAssemblyFunctionSpace; >+ return vm.webAssemblyFunctionSpace<mode>(); > } > > DECLARE_EXPORT_INFO; >diff --git a/Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.h b/Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.h >index 015fef2cda7fcf5502a618cce5a706b2547d1a8c..12a55d6e35de3e3707687f5b3108f7282e3475dd 100644 >--- a/Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.h >+++ b/Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.h >@@ -40,10 +40,10 @@ class WebAssemblyWrapperFunction final : public WebAssemblyFunctionBase { > > const static unsigned StructureFlags = Base::StructureFlags; > >- template<typename CellType> >+ template<typename CellType, SubspaceAccess mode> > static IsoSubspace* subspaceFor(VM& vm) > { >- return &vm.webAssemblyWrapperFunctionSpace; >+ return vm.webAssemblyWrapperFunctionSpace<mode>(); > } > > DECLARE_INFO; >diff --git a/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm b/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm >index 6af893d53a72e6487236b8e501d198a0313c926d..b53514b49b4d2c0b41945dc60fdccd6dec3e7399 100644 >--- a/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm >+++ b/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm >@@ -2758,7 +2758,7 @@ sub GenerateHeader > # this just calls visitAdditionalChildren, you usually don't have to worry about this. > push(@headerContent, " static void visitOutputConstraints(JSCell*, JSC::SlotVisitor&);\n"); > my $subspaceFunc = IsDOMGlobalObject($interface) ? "globalObjectOutputConstraintSubspaceFor" : "outputConstraintSubspaceFor"; >- push(@headerContent, " template<typename> static JSC::CompleteSubspace* subspaceFor(JSC::VM& vm) { return $subspaceFunc(vm); }\n"); >+ push(@headerContent, " template<typename, JSC::SubspaceAccess> static JSC::CompleteSubspace* subspaceFor(JSC::VM& vm) { return $subspaceFunc(vm); }\n"); > } > } > >diff --git a/Source/WebCore/bridge/runtime_method.h b/Source/WebCore/bridge/runtime_method.h >index 2eefd8e4a23a7894e15f7055594d5a329b0d6e84..cdc23949ba9341b0dab1aba7b145cbf29fc7ae9a 100644 >--- a/Source/WebCore/bridge/runtime_method.h >+++ b/Source/WebCore/bridge/runtime_method.h >@@ -37,7 +37,7 @@ class WEBCORE_EXPORT RuntimeMethod : public InternalFunction { > typedef InternalFunction Base; > static const unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetCallData; > >- template<typename CellType> >+ template<typename CellType, JSC::SubspaceAccess> > static IsoSubspace* subspaceFor(VM& vm) > { > static_assert(sizeof(CellType) == sizeof(RuntimeMethod), "RuntimeMethod subclasses that add fields need to override subspaceFor<>()"); >diff --git a/Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.h b/Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.h >index 1864bab2b7354731ca726090e55a1769e220a5fa..28a72bbdb9cccd48ddf14b218cfb35fe58b245bf 100644 >--- a/Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.h >+++ b/Source/WebKit/WebProcess/Plugins/Netscape/JSNPMethod.h >@@ -41,7 +41,7 @@ class JSNPMethod final : public JSC::InternalFunction { > public: > typedef JSC::InternalFunction Base; > >- template<typename CellType> >+ template<typename CellType, JSC::SubspaceAccess> > static JSC::IsoSubspace* subspaceFor(JSC::VM& vm) > { > return subspaceForImpl(vm); >diff --git a/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h b/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h >index 63db339c4913713390456884a6213eb379fa79d2..6f6747f431207cffaf1f04699b4baddb1c7791a7 100644 >--- a/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h >+++ b/Source/WebKit/WebProcess/Plugins/Netscape/JSNPObject.h >@@ -46,7 +46,7 @@ class JSNPObject final : public JSC::JSDestructibleObject { > typedef JSC::JSDestructibleObject Base; > static const unsigned StructureFlags = Base::StructureFlags | JSC::OverridesGetOwnPropertySlot | JSC::OverridesGetPropertyNames | JSC::OverridesGetCallData; > >- template<typename CellType> >+ template<typename CellType, JSC::SubspaceAccess> > static JSC::IsoSubspace* subspaceFor(JSC::VM& vm) > { > return subspaceForImpl(vm);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=361096">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
keith_miller
:
review+
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 193993
:
360518
|
360522
|
360523
|
360534
|
360535
|
360537
|
360544
|
360547
|
360550
|
360554
|
360555
|
360556
|
360557
|
360558
|
361042
| 361096