First step toward incremental Weak<T> finalization
https://bugs.webkit.org/show_bug.cgi?id=82670
Reviewed by Filip Pizlo.
Source/JavaScriptCore:
This patch implements a Weak<T> heap that is compatible with incremental
finalization, while making as few behavior changes as possible. The behavior
changes it makes are:
(*) Weak<T>'s raw JSValue no longer reverts to JSValue() automatically --
instead, a separate flag indicates that the JSValue is no longer valid.
(This is required so that the JSValue can be preserved for later finalization.)
Objects dealing with WeakImpls directly must change to check the flag.
(*) Weak<T> is no longer a subclass of Handle<T>.
(*) DOM GC performance is different -- 9% faster in the geometric mean,
but 15% slower in one specific case:
gc-dom1.html: 6% faster
gc-dom2.html: 23% faster
gc-dom3.html: 17% faster
gc-dom4.html: 15% *slower*
The key features of this new heap are:
(*) Each block knows its own state, independent of any other blocks.
(*) Each block caches its own sweep result.
(*) The heap visits dead Weak<T>s at the end of GC. (It doesn't
mark them yet, since that would be a behavior change.)
* API/JSCallbackObject.cpp:
(JSC::JSCallbackObjectData::finalize):
* API/JSCallbackObjectFunctions.h:
(JSC::::init): Updated to use the new WeakHeap API.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.gypi:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri: Paid the build system tax since I added some new files.
* heap/Handle.h: Made WeakBlock a friend and exposed slot() as public,
so we can keep passing a Handle<T> to finalizers, to avoid more surface
area change in this patch. A follow-up patch should change the type we
pass to finalizers.
* heap/HandleHeap.cpp:
(JSC):
(JSC::HandleHeap::writeBarrier):
(JSC::HandleHeap::isLiveNode):
* heap/HandleHeap.h:
(JSC):
(HandleHeap):
(Node):
(JSC::HandleHeap::Node::Node): Removed all code related to Weak<T>, since
we have a separate WeakHeap now.
* heap/Heap.cpp:
(JSC::Heap::Heap): Removed m_extraCost because extra cost is accounted
for through our watermark now. Removed m_waterMark because it was unused.
(JSC::Heap::destroy): Updated for addition of WeakHeap.
(JSC::Heap::reportExtraMemoryCostSlowCase): Changed from using its own
variable to participating in the watermark strategy. I wanted to standardize
WeakHeap and all other Heap clients on this strategy, to make sure it's
accurate.
(JSC::Heap::markRoots): Updated for addition of WeakHeap. Added WeakHeap
dead visit pass, as explained above.
(JSC::Heap::collect):
(JSC::Heap::resetAllocators): Updated for addition of WeakHeap.
(JSC::Heap::addFinalizer):
(JSC::Heap::FinalizerOwner::finalize): Updated for new Weak<T> API.
* heap/Heap.h:
(JSC::Heap::weakHeap):
(Heap):
(JSC::Heap::addToWaterMark): Added a way to participate in the watermarking
strategy, since this is the best way for WeakHeap to report its memory
cost. (I plan to update this in a follow-up patch to make it more accurate,
but for now it is not less accurate than it used to be.)
* heap/MarkedSpace.cpp:
(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::resetAllocators):
* heap/MarkedSpace.h:
(MarkedSpace):
(JSC::MarkedSpace::addToWaterMark):
(JSC::MarkedSpace::didConsumeFreeList): Removed m_nurseryWaterMark because
it was unused, and I didn't want to update WeakHeap to keep an usused
variable working. Added API for above.
* heap/PassWeak.h:
(JSC):
(WeakImplAccessor):
(PassWeak):
(JSC::::operator):
(JSC::::get):
(JSC::::was):
(JSC::::PassWeak):
(JSC::::~PassWeak):
(JSC::UnspecifiedBoolType):
(JSC::::leakImpl):
(JSC::adoptWeak):
* heap/Strong.h:
(JSC::Strong::operator!):
(Strong):
(JSC::Strong::operator UnspecifiedBoolType*):
(JSC::Strong::get):
* heap/Weak.h:
(Weak):
(JSC::::Weak):
(JSC):
(JSC::::isHashTableDeletedValue):
(JSC::::~Weak):
(JSC::::swap):
(JSC::=):
(JSC::::operator):
(JSC::UnspecifiedBoolType):
(JSC::::release):
(JSC::::clear):
(JSC::::hashTableDeletedValue): Lots of code changes here, but they boil
down to two things:
(*) Allocate WeakImpls from the WeakHeap instead of Handles from the HandleHeap.
(*) Explicitly check WeakImpl::state() for non-liveness before returning
a value (explained above).
These files implement the new Weak<T> heap behavior described above:
* heap/WeakBlock.cpp: Added.
* heap/WeakBlock.h: Added.
* heap/WeakHandleOwner.cpp: Added.
* heap/WeakHandleOwner.h: Added.
* heap/WeakHeap.cpp: Added.
* heap/WeakHeap.h: Added.
* heap/WeakImpl.h: Added.
One interesting difference from the old heap is that we don't allow
clients to overwrite a WeakImpl after allocating it, and we don't recycle
WeakImpls prior to garbage collection. This is required for lazy finalization,
but it will also help us esablish a useful invariant in the future: allocating
a WeakImpl will be a binding contract to run a finalizer at some point in the
future, even if the WeakImpl is later deallocated.
* jit/JITStubs.cpp:
(JSC::JITThunks::hostFunctionStub): Check the Weak<T> for ! instead of
its JSValue, since that's our API contract now, and the JSValue might
be stale.
* runtime/JSCell.h:
(JSC::jsCast): Allow casting NULL pointers because it's useful and harmless.
* runtime/Structure.cpp:
(JSC::StructureTransitionTable::add): I can't remember why I did this.
* runtime/StructureTransitionTable.h:
* runtime/WeakGCMap.h: I had to update these classes because they allocate
and deallocate weak pointers manually. They should probably stop doing that.
Source/WebCore:
Updated WebCore for Weak<T> API changes.
* bindings/js/DOMWrapperWorld.cpp:
(WebCore::JSStringOwner::finalize): We're not allowed to get() a dead Weak<T>
anymore, so use the debug-only was() helper function instead.
* bindings/js/JSDOMBinding.h:
(WebCore::uncacheWrapper): Ditto.
* bindings/js/JSNodeCustom.h:
(WebCore::setInlineCachedWrapper):
(WebCore::clearInlineCachedWrapper): We're not allowed to get() a dead
Weak<T>, so I had to push down these ASSERTs into ScriptWrappable.
* bindings/js/JSNodeFilterCondition.cpp:
(WebCore::JSNodeFilterCondition::acceptNode): Updated for non-Handle-ness
of Weak<T>.
* bindings/js/ScriptWrappable.h:
(WebCore::ScriptWrappable::setWrapper):
(WebCore::ScriptWrappable::clearWrapper): Use was(), as above.
Source/WebKit2:
Updated for API change.
* WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
(WebKit::NPRuntimeObjectMap::finalize):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@113141 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/JavaScriptCore/heap/Heap.cpp b/Source/JavaScriptCore/heap/Heap.cpp
index c54ba77..a41764f 100644
--- a/Source/JavaScriptCore/heap/Heap.cpp
+++ b/Source/JavaScriptCore/heap/Heap.cpp
@@ -313,18 +313,17 @@
: m_heapSize(heapSize)
, m_minBytesPerCycle(heapSizeForHint(heapSize))
, m_lastFullGCSize(0)
- , m_waterMark(0)
, m_highWaterMark(m_minBytesPerCycle)
, m_operationInProgress(NoOperation)
, m_objectSpace(this)
, m_storageSpace(this)
, m_blockFreeingThreadShouldQuit(false)
- , m_extraCost(0)
, m_markListSet(0)
, m_activityCallback(DefaultGCActivityCallback::create(this))
, m_machineThreads(this)
, m_sharedData(globalData)
, m_slotVisitor(m_sharedData)
+ , m_weakHeap(this)
, m_handleHeap(globalData)
, m_isSafeToCollect(false)
, m_globalData(globalData)
@@ -376,7 +375,7 @@
canonicalizeCellLivenessData();
clearMarks();
- m_handleHeap.finalizeWeakHandles();
+ m_weakHeap.finalizeAll();
m_globalData->smallStrings.finalizeSmallStrings();
shrink();
m_storageSpace.destroy();
@@ -466,9 +465,7 @@
// if a large value survives one garbage collection, there is not much point to
// collecting more frequently as long as it stays alive.
- if (m_extraCost > maxExtraCost && m_extraCost > highWaterMark() / 2)
- collectAllGarbage();
- m_extraCost += cost;
+ addToWaterMark(cost);
}
void Heap::protect(JSValue k)
@@ -687,12 +684,12 @@
#endif
}
- // Weak handles must be marked last, because their owners use the set of
- // opaque roots to determine reachability.
+ // Weak references must be marked last because their liveness depends on
+ // the liveness of the rest of the object graph.
{
- GCPHASE(VisitingWeakHandles);
+ GCPHASE(VisitingLiveWeakHandles);
while (true) {
- m_handleHeap.visitWeakHandles(heapRootVisitor);
+ m_weakHeap.visitLiveWeakImpls(heapRootVisitor);
harvestWeakReferences();
if (visitor.isEmpty())
break;
@@ -705,6 +702,12 @@
}
}
}
+
+ {
+ GCPHASE(VisitingDeadWeakHandles);
+ m_weakHeap.visitDeadWeakImpls(heapRootVisitor);
+ }
+
GCCOUNTER(VisitedValueCount, visitor.visitCount());
visitor.doneCopying();
@@ -815,7 +818,7 @@
{
GCPHASE(FinalizeWeakHandles);
- m_handleHeap.finalizeWeakHandles();
+ m_weakHeap.sweep();
m_globalData->smallStrings.finalizeSmallStrings();
}
@@ -846,7 +849,7 @@
size_t proportionalBytes = 2 * newSize;
if (fullGC) {
m_lastFullGCSize = newSize;
- setHighWaterMark(max(proportionalBytes, m_minBytesPerCycle));
+ m_highWaterMark = max(proportionalBytes, m_minBytesPerCycle);
}
double lastGCEndTime = WTF::currentTime();
m_lastGCLength = lastGCEndTime - lastGCStartTime;
@@ -862,8 +865,8 @@
void Heap::resetAllocators()
{
- m_extraCost = 0;
m_objectSpace.resetAllocators();
+ m_weakHeap.resetAllocator();
}
void Heap::setActivityCallback(PassOwnPtr<GCActivityCallback> activityCallback)
@@ -924,15 +927,15 @@
void Heap::addFinalizer(JSCell* cell, Finalizer finalizer)
{
- Weak<JSCell> weak(*globalData(), cell, &m_finalizerOwner, reinterpret_cast<void*>(finalizer));
- weak.leakHandle(); // Balanced by FinalizerOwner::finalize().
+ weakHeap()->allocate(cell, &m_finalizerOwner, reinterpret_cast<void*>(finalizer)); // Balanced by FinalizerOwner::finalize().
}
void Heap::FinalizerOwner::finalize(Handle<Unknown> handle, void* context)
{
- Weak<JSCell> weak(Weak<JSCell>::Adopt, handle);
+ HandleSlot slot = handle.slot();
Finalizer finalizer = reinterpret_cast<Finalizer>(context);
- finalizer(weak.get());
+ finalizer(slot->asCell());
+ WeakHeap::deallocate(WeakImpl::asWeakImpl(slot));
}
void Heap::addFunctionExecutable(FunctionExecutable* executable)
