Split MarkedSpace into destructor and destructor-free subspaces
https://bugs.webkit.org/show_bug.cgi?id=77761
Reviewed by Geoffrey Garen.
Source/JavaScriptCore:
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Switched over to use destructor-free space.
* heap/Heap.h:
(JSC::Heap::allocatorForObjectWithoutDestructor): Added to give clients (e.g. the JIT) the ability to
pick which subspace they want to allocate out of.
(JSC::Heap::allocatorForObjectWithDestructor): Ditto.
(Heap):
(JSC::Heap::allocateWithDestructor): Added private function for CellAllocator to use.
(JSC):
(JSC::Heap::allocateWithoutDestructor): Ditto.
* heap/MarkedAllocator.cpp: Added the cellsNeedDestruction flag to allocators so that they can allocate
their MarkedBlocks correctly.
(JSC::MarkedAllocator::allocateBlock):
* heap/MarkedAllocator.h:
(JSC::MarkedAllocator::cellsNeedDestruction):
(MarkedAllocator):
(JSC::MarkedAllocator::MarkedAllocator):
(JSC):
(JSC::MarkedAllocator::init): Replaced custom set functions, which were only used upon initialization, with
an init function that does all of that stuff in fewer lines.
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::create):
(JSC::MarkedBlock::recycle):
(JSC::MarkedBlock::MarkedBlock):
(JSC::MarkedBlock::callDestructor): Templatized, along with specializedSweep and sweepHelper, to make
checking the m_cellsNeedDestructor flag faster and cleaner looking.
(JSC):
(JSC::MarkedBlock::specializedSweep):
(JSC::MarkedBlock::sweep):
(JSC::MarkedBlock::sweepHelper):
* heap/MarkedBlock.h:
(MarkedBlock):
(JSC::MarkedBlock::cellsNeedDestruction):
(JSC):
* heap/MarkedSpace.cpp:
(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::resetAllocators):
(JSC::MarkedSpace::canonicalizeCellLivenessData):
(JSC::TakeIfUnmarked::operator()):
* heap/MarkedSpace.h:
(MarkedSpace):
(Subspace):
(JSC::MarkedSpace::allocatorFor): Needed function to differentiate between the two broad subspaces of
allocators.
(JSC):
(JSC::MarkedSpace::destructorAllocatorFor): Ditto.
(JSC::MarkedSpace::allocateWithoutDestructor): Ditto.
(JSC::MarkedSpace::allocateWithDestructor): Ditto.
(JSC::MarkedSpace::forEachBlock):
* jit/JIT.h:
* jit/JITInlineMethods.h: Modified to use the proper allocator for JSFinalObjects and others.
(JSC::JIT::emitAllocateBasicJSObject):
(JSC::JIT::emitAllocateJSFinalObject):
(JSC::JIT::emitAllocateJSFunction):
* runtime/JSArray.cpp:
(JSC):
* runtime/JSArray.h:
(JSArray):
(JSC::JSArray::create):
(JSC):
(JSC::JSArray::tryCreateUninitialized):
* runtime/JSCell.h:
(JSCell):
(JSC):
(NeedsDestructor): Template struct that calculates at compile time whether the class in question requires
destruction or not using the compiler type trait __has_trivial_destructor. allocateCell then checks this
constant to decide whether to allocate in the destructor or destructor-free parts of the heap.
(JSC::allocateCell):
* runtime/JSFunction.cpp:
(JSC):
* runtime/JSFunction.h:
(JSFunction):
* runtime/JSObject.cpp:
(JSC):
* runtime/JSObject.h:
(JSNonFinalObject):
(JSC):
(JSFinalObject):
(JSC::JSFinalObject::create):
Source/WebCore:
No new tests.
* bindings/js/JSDOMWindowShell.cpp: Removed old operator new, which was just used in the create
function so that we can use allocateCell instead.
(WebCore):
* bindings/js/JSDOMWindowShell.h:
(WebCore::JSDOMWindowShell::create):
(JSDOMWindowShell):
* bindings/scripts/CodeGeneratorJS.pm: Added destructor back to root JS DOM nodes (e.g. JSNode, etc)
because their destroy functions need to be called, so we don't want the NeedsDestructor struct to
think they don't need destruction due to having empty/trivial destructors.
Removed ASSERT_HAS_TRIVIAL_DESTRUCTOR from all JS DOM wrapper auto-generated objects because their
ancestors now have non-trivial destructors.
(GenerateHeader):
(GenerateImplementation):
(GenerateConstructorDefinition):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@107445 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/JavaScriptCore/runtime/JSArray.h b/Source/JavaScriptCore/runtime/JSArray.h
index a3354c6..68e38cf 100644
--- a/Source/JavaScriptCore/runtime/JSArray.h
+++ b/Source/JavaScriptCore/runtime/JSArray.h
@@ -135,23 +135,14 @@
static void finalize(JSCell*);
- static JSArray* create(JSGlobalData& globalData, Structure* structure, unsigned initialLength = 0)
- {
- JSArray* array = new (NotNull, allocateCell<JSArray>(globalData.heap)) JSArray(globalData, structure);
- array->finishCreation(globalData, initialLength);
- return array;
- }
+ static JSArray* create(JSGlobalData&, Structure*, unsigned initialLength = 0);
// tryCreateUninitialized is used for fast construction of arrays whose size and
// contents are known at time of creation. Clients of this interface must:
// - null-check the result (indicating out of memory, or otherwise unable to allocate vector).
// - call 'initializeIndex' for all properties in sequence, for 0 <= i < initialLength.
// - called 'completeInitialization' after all properties have been initialized.
- static JSArray* tryCreateUninitialized(JSGlobalData& globalData, Structure* structure, unsigned initialLength)
- {
- JSArray* array = new (NotNull, allocateCell<JSArray>(globalData.heap)) JSArray(globalData, structure);
- return array->tryFinishCreationUninitialized(globalData, initialLength);
- }
+ static JSArray* tryCreateUninitialized(JSGlobalData&, Structure*, unsigned initialLength);
JS_EXPORT_PRIVATE static bool defineOwnProperty(JSObject*, ExecState*, const Identifier&, PropertyDescriptor&, bool throwException);
@@ -299,6 +290,19 @@
void* m_subclassData; // A JSArray subclass can use this to fill the vector lazily.
};
+ inline JSArray* JSArray::create(JSGlobalData& globalData, Structure* structure, unsigned initialLength)
+ {
+ JSArray* array = new (NotNull, allocateCell<JSArray>(globalData.heap)) JSArray(globalData, structure);
+ array->finishCreation(globalData, initialLength);
+ return array;
+ }
+
+ inline JSArray* JSArray::tryCreateUninitialized(JSGlobalData& globalData, Structure* structure, unsigned initialLength)
+ {
+ JSArray* array = new (NotNull, allocateCell<JSArray>(globalData.heap)) JSArray(globalData, structure);
+ return array->tryFinishCreationUninitialized(globalData, initialLength);
+ }
+
JSArray* asArray(JSValue);
inline JSArray* asArray(JSCell* cell)
