[JSC] JSCallee should be in IsoSubspace
https://bugs.webkit.org/show_bug.cgi?id=204961
Reviewed by Mark Lam.
We should put JSCallee in IsoSubspace. Currently, we are also putting JSToWasmICCallee in IsoSusbapce
since it is a derived class of JSCallee, but I think we can remove this class completely. We are tracking
it in [1].
[1]: https://bugs.webkit.org/show_bug.cgi?id=204960
* debugger/DebuggerScope.h:
* interpreter/Interpreter.cpp:
(JSC::Interpreter::executeProgram):
(JSC::Interpreter::execute):
* runtime/JSCallee.h:
(JSC::JSCallee::subspaceFor):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::globalCallee):
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:
* wasm/js/JSToWasmICCallee.h:
(JSC::JSToWasmICCallee::function): Deleted.
(JSC::JSToWasmICCallee::JSToWasmICCallee): Deleted.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@253233 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
index ff56a72..18b6d54 100644
--- a/Source/JavaScriptCore/ChangeLog
+++ b/Source/JavaScriptCore/ChangeLog
@@ -1,3 +1,31 @@
+2019-12-06 Yusuke Suzuki <ysuzuki@apple.com>
+
+ [JSC] JSCallee should be in IsoSubspace
+ https://bugs.webkit.org/show_bug.cgi?id=204961
+
+ Reviewed by Mark Lam.
+
+ We should put JSCallee in IsoSubspace. Currently, we are also putting JSToWasmICCallee in IsoSusbapce
+ since it is a derived class of JSCallee, but I think we can remove this class completely. We are tracking
+ it in [1].
+
+ [1]: https://bugs.webkit.org/show_bug.cgi?id=204960
+
+ * debugger/DebuggerScope.h:
+ * interpreter/Interpreter.cpp:
+ (JSC::Interpreter::executeProgram):
+ (JSC::Interpreter::execute):
+ * runtime/JSCallee.h:
+ (JSC::JSCallee::subspaceFor):
+ * runtime/JSGlobalObject.h:
+ (JSC::JSGlobalObject::globalCallee):
+ * runtime/VM.cpp:
+ (JSC::VM::VM):
+ * runtime/VM.h:
+ * wasm/js/JSToWasmICCallee.h:
+ (JSC::JSToWasmICCallee::function): Deleted.
+ (JSC::JSToWasmICCallee::JSToWasmICCallee): Deleted.
+
2019-12-06 Devin Rousso <drousso@apple.com>
Web Inspector: add compiler UNLIKELY hints when checking if developer extras are enabled
diff --git a/Source/JavaScriptCore/debugger/DebuggerScope.h b/Source/JavaScriptCore/debugger/DebuggerScope.h
index 33170eb6..27ea0c6 100644
--- a/Source/JavaScriptCore/debugger/DebuggerScope.h
+++ b/Source/JavaScriptCore/debugger/DebuggerScope.h
@@ -54,8 +54,7 @@
static Structure* createStructure(VM& vm, JSGlobalObject* globalObject)
{
return Structure::create(vm, globalObject, jsNull(), TypeInfo(ObjectType, StructureFlags), info());
- }
-
+ }
class iterator {
public:
iterator(DebuggerScope* node)
diff --git a/Source/JavaScriptCore/interpreter/Interpreter.cpp b/Source/JavaScriptCore/interpreter/Interpreter.cpp
index c391608..9c1cc42 100644
--- a/Source/JavaScriptCore/interpreter/Interpreter.cpp
+++ b/Source/JavaScriptCore/interpreter/Interpreter.cpp
@@ -666,6 +666,7 @@
VM& vm = scope->vm();
auto throwScope = DECLARE_THROW_SCOPE(vm);
JSGlobalObject* globalObject = scope->globalObject(vm);
+ JSCallee* globalCallee = globalObject->globalCallee();
ProgramExecutable* program = ProgramExecutable::create(globalObject, source);
EXCEPTION_ASSERT(throwScope.exception() || program);
@@ -839,7 +840,7 @@
ASSERT(codeBlock->numParameters() == 1); // 1 parameter for 'this'.
ProtoCallFrame protoCallFrame;
- protoCallFrame.init(codeBlock, globalObject, JSCallee::create(vm, globalObject, scope), thisObj, 1);
+ protoCallFrame.init(codeBlock, globalObject, globalCallee, thisObj, 1);
// Execute the code:
throwScope.release();
@@ -1151,8 +1152,13 @@
ASSERT(codeBlock->numParameters() == 1); // 1 parameter for 'this'.
+ JSCallee* callee = nullptr;
+ if (scope == globalObject->globalScope())
+ callee = globalObject->globalCallee();
+ else
+ callee = JSCallee::create(vm, globalObject, scope);
ProtoCallFrame protoCallFrame;
- protoCallFrame.init(codeBlock, globalObject, JSCallee::create(vm, globalObject, scope), thisValue, 1);
+ protoCallFrame.init(codeBlock, globalObject, callee, thisValue, 1);
// Execute the code:
throwScope.release();
diff --git a/Source/JavaScriptCore/runtime/JSCallee.h b/Source/JavaScriptCore/runtime/JSCallee.h
index bbcebf3..0662c4d 100644
--- a/Source/JavaScriptCore/runtime/JSCallee.h
+++ b/Source/JavaScriptCore/runtime/JSCallee.h
@@ -44,9 +44,15 @@
friend class VM;
public:
- typedef JSNonFinalObject Base;
+ using Base = JSNonFinalObject;
static constexpr unsigned StructureFlags = Base::StructureFlags | ImplementsHasInstance | ImplementsDefaultHasInstance;
+ template<typename CellType, SubspaceAccess>
+ static IsoSubspace* subspaceFor(VM& vm)
+ {
+ return &vm.calleeSpace;
+ }
+
static JSCallee* create(VM& vm, JSGlobalObject* globalObject, JSScope* scope)
{
JSCallee* callee = new (NotNull, allocateCell<JSCallee>(vm.heap)) JSCallee(vm, scope, globalObject->calleeStructure());
diff --git a/Source/JavaScriptCore/runtime/JSGlobalObject.h b/Source/JavaScriptCore/runtime/JSGlobalObject.h
index 1bf4e27..8a7ff96 100644
--- a/Source/JavaScriptCore/runtime/JSGlobalObject.h
+++ b/Source/JavaScriptCore/runtime/JSGlobalObject.h
@@ -581,6 +581,8 @@
void setGlobalScopeExtension(JSScope*);
void clearGlobalScopeExtension();
+ JSCallee* globalCallee() { return m_globalCallee.get(); }
+
// The following accessors return pristine values, even if a script
// replaces the global object's associated property.
diff --git a/Source/JavaScriptCore/runtime/VM.cpp b/Source/JavaScriptCore/runtime/VM.cpp
index 72a2007..a7de6af 100644
--- a/Source/JavaScriptCore/runtime/VM.cpp
+++ b/Source/JavaScriptCore/runtime/VM.cpp
@@ -84,6 +84,7 @@
#include "JSBoundFunction.h"
#include "JSCInlines.h"
#include "JSCallbackFunction.h"
+#include "JSCallee.h"
#include "JSCustomGetterSetterFunction.h"
#include "JSDestructibleObjectHeapCellType.h"
#include "JSFixedArray.h"
@@ -102,6 +103,7 @@
#include "JSSetIterator.h"
#include "JSSourceCode.h"
#include "JSTemplateObjectDescriptor.h"
+#include "JSToWasmICCallee.h"
#include "JSTypedArrays.h"
#include "JSWeakMap.h"
#include "JSWeakObjectRef.h"
@@ -317,6 +319,7 @@
, destructibleCellSpace("Destructible JSCell", heap, destructibleCellHeapCellType.get(), fastMallocAllocator.get()) // Hash:0xbfff3d73
, destructibleObjectSpace("JSDestructibleObject", heap, destructibleObjectHeapCellType.get(), fastMallocAllocator.get()) // Hash:0x4f5ed7a9
, bigIntSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), JSBigInt)
+ , calleeSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSCallee)
, clonedArgumentsSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), ClonedArguments)
, dateInstanceSpace ISO_SUBSPACE_INIT(heap, dateInstanceHeapCellType.get(), DateInstance)
, executableToCodeBlockEdgeSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), ExecutableToCodeBlockEdge) // Hash:0x7b730b20
@@ -1386,6 +1389,7 @@
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(intlPluralRulesSpace, intlPluralRulesHeapCellType.get(), IntlPluralRules)
#endif
#if ENABLE(WEBASSEMBLY)
+DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(jsToWasmICCalleeSpace, cellHeapCellType.get(), JSToWasmICCallee)
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(webAssemblyCodeBlockSpace, webAssemblyCodeBlockHeapCellType.get(), JSWebAssemblyCodeBlock) // Hash:0x9ad995cd
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(webAssemblyFunctionSpace, webAssemblyFunctionHeapCellType.get(), WebAssemblyFunction) // Hash:0x8b7c32db
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(webAssemblyGlobalSpace, webAssemblyGlobalHeapCellType.get(), JSWebAssemblyGlobal)
diff --git a/Source/JavaScriptCore/runtime/VM.h b/Source/JavaScriptCore/runtime/VM.h
index 12957ad..4f94ed0 100644
--- a/Source/JavaScriptCore/runtime/VM.h
+++ b/Source/JavaScriptCore/runtime/VM.h
@@ -414,6 +414,7 @@
CompleteSubspace destructibleObjectSpace;
IsoSubspace bigIntSpace;
+ IsoSubspace calleeSpace;
IsoSubspace clonedArgumentsSpace;
IsoSubspace dateInstanceSpace;
IsoSubspace executableToCodeBlockEdgeSpace;
@@ -488,6 +489,7 @@
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(intlPluralRulesSpace)
#endif
#if ENABLE(WEBASSEMBLY)
+ DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(jsToWasmICCalleeSpace)
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(webAssemblyCodeBlockSpace)
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(webAssemblyFunctionSpace)
DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER(webAssemblyGlobalSpace)
diff --git a/Source/JavaScriptCore/wasm/js/JSToWasmICCallee.h b/Source/JavaScriptCore/wasm/js/JSToWasmICCallee.h
index 4618ebb..c024ca2 100644
--- a/Source/JavaScriptCore/wasm/js/JSToWasmICCallee.h
+++ b/Source/JavaScriptCore/wasm/js/JSToWasmICCallee.h
@@ -33,9 +33,18 @@
class WebAssemblyFunction;
-class JSToWasmICCallee : public JSCallee {
- using Base = JSCallee;
+// FIXME: Remove this type. Unwinding should just work by using WebAssemblyFunction instead of JSToWasmICCallee.
+// https://bugs.webkit.org/show_bug.cgi?id=204960
+class JSToWasmICCallee final : public JSCallee {
public:
+ using Base = JSCallee;
+
+ template<typename CellType, SubspaceAccess mode>
+ static IsoSubspace* subspaceFor(VM& vm)
+ {
+ return vm.jsToWasmICCalleeSpace<mode>();
+ }
+
DECLARE_INFO;
static JSToWasmICCallee* create(VM&, JSGlobalObject*, WebAssemblyFunction*);
