1. 17 Sep, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Delayed structure sweep can leak structures without bound · 013fd88d
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=96546
      
      Reviewed by Gavin Barraclough.
      
      This patch gets rid of the separate Structure allocator in the MarkedSpace and adds two new destructor-only
      allocators. We now have separate allocators for our three types of objects: those objects with no destructors,
      those objects with destructors and with immortal structures, and those objects with destructors that don't have 
      immortal structures. All of the objects of the third type (destructors without immortal structures) now 
      inherit from a new class named JSDestructibleObject (which in turn is a subclass of JSNonFinalObject), which stores 
      the ClassInfo for these classes at a fixed offset for safe retrieval during sweeping/destruction.
      
      Source/JavaScriptCore: 
      
      * API/JSCallbackConstructor.cpp: Use JSDestructibleObject for JSCallbackConstructor.
      (JSC):
      (JSC::JSCallbackConstructor::JSCallbackConstructor):
      * API/JSCallbackConstructor.h:
      (JSCallbackConstructor):
      * API/JSCallbackObject.cpp: Inherit from JSDestructibleObject for normal JSCallbackObjects and use a finalizer for 
      JSCallbackObject<JSGlobalObject>, since JSGlobalObject also uses a finalizer.
      (JSC):
      (JSC::::create): We need to move the create function for JSCallbackObject<JSGlobalObject> out of line so we can add 
      the finalizer for it. We don't want to add the finalizer is something like finishCreation in case somebody decides 
      to subclass this. We use this same technique for many other subclasses of JSGlobalObject.
      (JSC::::createStructure):
      * API/JSCallbackObject.h:
      (JSCallbackObject):
      (JSC):
      * API/JSClassRef.cpp: Change all the JSCallbackObject<JSNonFinalObject> to use JSDestructibleObject instead.
      (OpaqueJSClass::prototype):
      * API/JSObjectRef.cpp: Ditto.
      (JSObjectMake):
      (JSObjectGetPrivate):
      (JSObjectSetPrivate):
      (JSObjectGetPrivateProperty):
      (JSObjectSetPrivateProperty):
      (JSObjectDeletePrivateProperty):
      * API/JSValueRef.cpp: Ditto.
      (JSValueIsObjectOfClass):
      * API/JSWeakObjectMapRefPrivate.cpp: Ditto.
      * JSCTypedArrayStubs.h:
      (JSC):
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * dfg/DFGSpeculativeJIT.h: Use the proper allocator type when doing inline allocation in the DFG.
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
      (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
      * heap/Heap.cpp:
      (JSC):
      * heap/Heap.h: Add accessors for the various types of allocators now. Also remove the isSafeToSweepStructures function 
      since it's always safe to sweep Structures now.
      (JSC::Heap::allocatorForObjectWithNormalDestructor): 
      (JSC::Heap::allocatorForObjectWithImmortalStructureDestructor):
      (Heap):
      (JSC::Heap::allocateWithNormalDestructor):
      (JSC):
      (JSC::Heap::allocateWithImmortalStructureDestructor):
      * heap/IncrementalSweeper.cpp: Remove all the logic to detect when it's safe to sweep Structures from the 
      IncrementalSweeper since it's always safe to sweep Structures now.
      (JSC::IncrementalSweeper::IncrementalSweeper):
      (JSC::IncrementalSweeper::sweepNextBlock):
      (JSC::IncrementalSweeper::startSweeping):
      (JSC::IncrementalSweeper::willFinishSweeping):
      (JSC):
      * heap/IncrementalSweeper.h:
      (IncrementalSweeper):
      * heap/MarkedAllocator.cpp: Remove the logic that was preventing us from sweeping Structures if it wasn't safe. Add 
      tracking of the specific destructor type of allocator. 
      (JSC::MarkedAllocator::tryAllocateHelper):
      (JSC::MarkedAllocator::allocateBlock):
      * heap/MarkedAllocator.h:
      (JSC::MarkedAllocator::destructorType):
      (MarkedAllocator):
      (JSC::MarkedAllocator::MarkedAllocator):
      (JSC::MarkedAllocator::init):
      * heap/MarkedBlock.cpp: Add all the destructor type stuff to MarkedBlocks so that we do the right thing when sweeping. 
      We also use the stored destructor type to determine the right thing to do in all JSCell::classInfo() calls.
      (JSC::MarkedBlock::create):
      (JSC::MarkedBlock::MarkedBlock):
      (JSC):
      (JSC::MarkedBlock::specializedSweep):
      (JSC::MarkedBlock::sweep):
      (JSC::MarkedBlock::sweepHelper):
      * heap/MarkedBlock.h:
      (JSC):
      (JSC::MarkedBlock::allocator):
      (JSC::MarkedBlock::destructorType):
      * heap/MarkedSpace.cpp: Add the new destructor allocators to MarkedSpace.
      (JSC::MarkedSpace::MarkedSpace):
      (JSC::MarkedSpace::resetAllocators):
      (JSC::MarkedSpace::canonicalizeCellLivenessData):
      (JSC::MarkedSpace::isPagedOut):
      (JSC::MarkedSpace::freeBlock):
      * heap/MarkedSpace.h:
      (MarkedSpace):
      (JSC::MarkedSpace::immortalStructureDestructorAllocatorFor):
      (JSC::MarkedSpace::normalDestructorAllocatorFor):
      (JSC::MarkedSpace::allocateWithImmortalStructureDestructor):
      (JSC::MarkedSpace::allocateWithNormalDestructor):
      (JSC::MarkedSpace::forEachBlock):
      * heap/SlotVisitor.cpp: Add include because the symbol was needed in an inlined function.
      * jit/JIT.h: Make sure we use the correct allocator when doing inline allocations in the baseline JIT.
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicJSObject):
      (JSC::JIT::emitAllocateJSFinalObject):
      (JSC::JIT::emitAllocateJSArray):
      * jsc.cpp: 
      (GlobalObject::create): Add finalizer here since JSGlobalObject needs to use a finalizer instead of inheriting from 
      JSDestructibleObject.
      * runtime/Arguments.cpp: Inherit from JSDestructibleObject.
      (JSC):
      * runtime/Arguments.h:
      (Arguments):
      (JSC::Arguments::Arguments):
      * runtime/ErrorPrototype.cpp: Added an assert to make sure we have a trivial destructor.
      (JSC):
      * runtime/Executable.h: Indicate that all of the Executable* classes have immortal Structures.
      (JSC):
      * runtime/InternalFunction.cpp: Inherit from JSDestructibleObject.
      (JSC):
      (JSC::InternalFunction::InternalFunction):
      * runtime/InternalFunction.h:
      (InternalFunction):
      * runtime/JSCell.h: Added the NEEDS_DESTRUCTOR  macro to make it easier for classes to indicate that instead of being 
      allocated in a destructor MarkedAllocator that they will handle their destruction themselves through the 
      use of a finalizer.
      (JSC):
      (HasImmortalStructure): New template to help us determine at compile-time if a particular class 
      should be allocated in the immortal structure MarkedAllocator. The default value is false. In order 
      to be allocated in the immortal structure allocator, classes must specialize this template. Also added 
      a macro to make it easier for classes to specialize the template.
      (JSC::allocateCell): Use the appropriate allocator depending on the destructor type.
      * runtime/JSDestructibleObject.h: Added. New class that stores the ClassInfo of any subclass so that it can be 
      accessed safely when the object is being destroyed.
      (JSC):
      (JSDestructibleObject):
      (JSC::JSDestructibleObject::classInfo):
      (JSC::JSDestructibleObject::JSDestructibleObject):
      (JSC::JSCell::classInfo): Checks the current MarkedBlock to see where it should get the ClassInfo from so that it's always safe.
      * runtime/JSGlobalObject.cpp: JSGlobalObject now uses a finalizer instead of a destructor so that it can avoid forcing all 
      of its relatives in the inheritance hierarchy (e.g. JSScope) to use destructors as well.
      (JSC::JSGlobalObject::reset):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::createRareDataIfNeeded): Since we always create a finalizer now, we don't have to worry about adding one 
      for the m_rareData field when it's created.
      (JSC::JSGlobalObject::create):
      (JSC):
      * runtime/JSGlobalThis.h: Inherit from JSDestructibleObject.
      (JSGlobalThis):
      (JSC::JSGlobalThis::JSGlobalThis):
      * runtime/JSPropertyNameIterator.h: Has an immortal Structure.
      (JSC):
      * runtime/JSScope.cpp:
      (JSC):
      * runtime/JSString.h: Has an immortal Structure.
      (JSC):
      * runtime/JSWrapperObject.h: Inherit from JSDestructibleObject.
      (JSWrapperObject):
      (JSC::JSWrapperObject::JSWrapperObject):
      * runtime/MathObject.cpp: Cleaning up some of the inheritance stuff.
      (JSC):
      * runtime/NameInstance.h: Inherit from JSDestructibleObject.
      (NameInstance):
      * runtime/RegExp.h: Has immortal Structure.
      (JSC):
      * runtime/RegExpObject.cpp: Inheritance cleanup.
      (JSC):
      * runtime/SparseArrayValueMap.h: Has immortal Structure.
      (JSC):
      * runtime/Structure.h: Has immortal Structure.
      (JSC):
      * runtime/StructureChain.h: Ditto.
      (JSC):
      * runtime/SymbolTable.h: Ditto.
      (SharedSymbolTable):
      (JSC):
      
      Source/WebCore: 
      
      No new tests.
      
      * ForwardingHeaders/runtime/JSDestructableObject.h: Added.
      * bindings/js/JSDOMWrapper.h: Inherits from JSDestructibleObject.
      (JSDOMWrapper):
      (WebCore::JSDOMWrapper::JSDOMWrapper):
      * bindings/scripts/CodeGeneratorJS.pm: Add finalizers to anything that inherits from JSGlobalObject,
      e.g. JSDOMWindow and JSWorkerContexts. For those classes we also need to use the NEEDS_DESTRUCTOR macro.
      (GenerateHeader):
      * bridge/objc/objc_runtime.h: Inherit from JSDestructibleObject.
      (ObjcFallbackObjectImp):
      * bridge/objc/objc_runtime.mm:
      (Bindings):
      (JSC::Bindings::ObjcFallbackObjectImp::ObjcFallbackObjectImp):
      * bridge/runtime_array.cpp: Use a finalizer so that JSArray isn't forced to inherit from JSDestructibleObject.
      (JSC):
      (JSC::RuntimeArray::destroy):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::create):
      (JSC):
      * bridge/runtime_object.cpp: Inherit from JSDestructibleObject.
      (Bindings):
      (JSC::Bindings::RuntimeObject::RuntimeObject):
      * bridge/runtime_object.h:
      (RuntimeObject):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128813 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      013fd88d
  2. 14 Sep, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Remove the Zapped BlockState · 76e50b10
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=96708
      
      Reviewed by Geoffrey Garen.
      
      The Zapped block state is rather confusing. It indicates that a block is in one of two different states that we
      can't tell the difference between:
      
      1) I have run all destructors of things that are zapped, and I have not allocated any more objects. This block
         is ready for reclaiming if you so choose.
      2) I have run all the destructors of things that are zapped, but I have allocated more stuff since then, so it
         is not safe to reclaim this block.
      
      This state adds a lot of complexity to our state transition model for MarkedBlocks. We should get rid of it.
      We can replace this state by making sure mark bits represent all of the liveness information we need when running
      our conservative stack scan. Instead of zapping the free list when canonicalizing cell liveness data prior to
      a conservative scan, we can instead mark all objects in the block except for those in the free list. This should
      incur no performance penalty since we're doing it on a very small O(1) number of blocks at the beginning of the collection.
      
      For the time being we still need to use zapping to determine whether we have run an object's destructor or not.
      
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::tryAllocateHelper): Renaming stuff.
      * heap/MarkedAllocator.h: Renamed zapFreeList to canonicalizeCellLivenessData to match.
      (MarkedAllocator):
      (JSC::MarkedAllocator::canonicalizeCellLivenessData): Same as old zapFreeList, but just call canonicalize instead.
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::specializedSweep): Remove the check for Zapped block stuff. Also change the block state to Marked
      instead of Zapped if we're not producing a FreeList since that's the only other state that really makes any sense.
      (JSC::MarkedBlock::sweepHelper): Remove Zapped related code.
      (SetAllMarksFunctor): Functor to set all the mark bits in the block since there's not a simple function to call on
      the Bitmap itself.
      (JSC::SetAllMarksFunctor::operator()):
      (JSC):
      (JSC::MarkedBlock::canonicalizeCellLivenessData): Remove all the stuff for Zapped. For FreeListed, set all the mark bits
      and then clear the ones for the objects in the FreeList. This ensures that only the things that were in the FreeList
      are considered to be dead by the conservative scan, just like if we were to have zapped the FreeList like before.
      * heap/MarkedBlock.h:
      (MarkedBlock):
      (JSC::MarkedBlock::clearMarked): Add function to clear individual mark bits, since we need that functionality now.
      (JSC):
      (JSC::MarkedBlock::isLive): Remove code for Zapped stuff. Marked handles all interesting cases now.
      (JSC::MarkedBlock::forEachCell): Add new iterator function that iterates over all cells in the block, regardless of
      whether they're live or a dead.
      * heap/MarkedSpace.cpp:
      (JSC::MarkedSpace::canonicalizeCellLivenessData): Change to call the renamed canonicalize function.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128563 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      76e50b10
  3. 10 Sep, 2012 1 commit
    • ggaren@apple.com's avatar
      Added large allocation support to MarkedSpace · 6159e5f9
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=96214
      
      Originally reviewed by Oliver Hunt, then I added a design revision by
      suggested by Phil Pizlo.
      
      I expanded the imprecise size classes to cover up to 32KB, then added
      an mmap-based allocator for everything bigger. There's a lot of tuning
      we could do in these size classes, but currently they're almost
      completely unused, so I haven't done any tuning.
      
      Subtle point: the large allocator is a degenerate case of our free list
      logic. Its list only ever contains zero or one items.
      
      * heap/Heap.h:
      (JSC::Heap::allocateStructure): Pipe in size information.
      
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::tryAllocateHelper): Handle the case where we
      find a free item in the sweep list but the item isn't big enough. This
      can happen in the large allocator because it mixes sizes.
      
      (JSC::MarkedAllocator::tryAllocate):
      (JSC::MarkedAllocator::allocateSlowCase): More piping.
      
      (JSC::MarkedAllocator::allocateBlock): Handle the oversize case.
      
      (JSC::MarkedAllocator::addBlock): I moved the call to didAddBlock here
      because it made more sense.
      
      * heap/MarkedAllocator.h:
      (MarkedAllocator):
      (JSC::MarkedAllocator::allocate):
      * heap/MarkedSpace.cpp:
      (JSC::MarkedSpace::MarkedSpace):
      (JSC::MarkedSpace::resetAllocators):
      (JSC::MarkedSpace::canonicalizeCellLivenessData):
      (JSC::MarkedSpace::isPagedOut):
      (JSC::MarkedSpace::freeBlock):
      * heap/MarkedSpace.h:
      (MarkedSpace):
      (JSC::MarkedSpace::allocatorFor):
      (JSC::MarkedSpace::destructorAllocatorFor):
      (JSC::MarkedSpace::allocateWithoutDestructor):
      (JSC::MarkedSpace::allocateWithDestructor):
      (JSC::MarkedSpace::allocateStructure):
      (JSC::MarkedSpace::forEachBlock):
      * runtime/Structure.h:
      (JSC::Structure): More piping.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128141 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6159e5f9
  4. 31 Jul, 2012 2 commits
    • mhahnenberg@apple.com's avatar
      Structures should be swept after all other objects · 59c64f1e
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=92679
      
      Reviewed by Filip Pizlo.
      
      In order to get rid of ClassInfo from our objects, we need to be able to safely get the 
      ClassInfo during the destruction of objects. We'd like to get the ClassInfo out of the 
      Structure, but currently it is not safe to do so because the order of destruction of objects 
      is not guaranteed to sweep objects before their corresponding Structure. We can fix this by 
      sweeping Structures after everything else.
      
      * heap/Heap.cpp:
      (JSC::Heap::isSafeToSweepStructures): Add a function that checks if it is safe to sweep Structures.
      If the Heap's IncrementalSweeper member is null, that means we're shutting down this VM and it is 
      safe to sweep structures since we'll always do Structures last anyways due to the ordering of 
      MarkedSpace::forEachBlock.
      (JSC):
      (JSC::Heap::didStartVMShutdown): Add this intermediate function to the Heap that ~JSGlobalData now
      calls rather than calling the two HeapTimer objects individually. This allows the Heap to null out 
      these pointers after it has invalidated them to prevent accidental use-after-free in the sweep() 
      calls during lastChanceToFinalize().
      * heap/Heap.h:
      (Heap):
      * heap/HeapTimer.h:
      (HeapTimer):
      * heap/IncrementalSweeper.cpp:
      (JSC::IncrementalSweeper::structuresCanBeSwept): Determines if it is currently safe to sweep Structures.
      This decision is based on whether we have gotten to the end of the vector of blocks that need sweeping
      the first time.
      (JSC):
      (JSC::IncrementalSweeper::doSweep): We add a second pass over the vector to sweep Structures after we 
      make our first pass. We now null out the slots as we sweep them so that we can quickly find the 
      Structures during the second pass.
      (JSC::IncrementalSweeper::startSweeping): Initialize our new Structure sweeping index.
      (JSC::IncrementalSweeper::willFinishSweeping): Callback that is called by MarkedSpace::sweep to notify 
      the IncrementalSweeper that we are going to sweep all of the remaining blocks in the Heap so it can 
      assume that everything is taken care of in the correct order. Since MarkedSpace::forEachBlock 
      iterates over the Structure blocks after all other blocks, the ordering property for sweeping Structures holds.
      (JSC::IncrementalSweeper::IncrementalSweeper): Initialize Structure sweeping index.
      * heap/IncrementalSweeper.h: Add declarations for new stuff.
      (IncrementalSweeper):
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::tryAllocateHelper): We now check if the current block only contains structures and 
      if so and it isn't safe to sweep Structures according to the Heap, we just return early instead of doing 
      the normal lazy sweep. If this proves to be too much of a waste in the future we can add an extra clause that 
      will sweep some number of other blocks in place of the current block to mitigate the cost of the floating 
      Structure garbage.
      (JSC::MarkedAllocator::addBlock):
      * heap/MarkedAllocator.h:
      (JSC::MarkedAllocator::zapFreeList): When we zap the free list in the MarkedAllocator, the current block is no 
      longer valid to allocate from, so we set the current block to null.
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::sweepHelper): Added a couple assertions to make sure that we weren't trying to sweep Structures
      at an unsafe time.
      * heap/MarkedSpace.cpp:
      (JSC::MarkedSpace::sweep): Notify the IncrementalSweeper that the MarkedSpace will finish all currently remaining sweeping.
      (JSC): 
      * heap/MarkedSpace.h:
      (JSC):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::~JSGlobalData): Call the new Heap::didStartVMShutdown.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@124265 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      59c64f1e
    • ggaren@apple.com's avatar
      Removed some public data and casting from the Heap · dd7793a8
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=92777
      
      Reviewed by Oliver Hunt.
      
      * heap/BlockAllocator.cpp:
      (JSC::BlockAllocator::releaseFreeBlocks):
      (JSC::BlockAllocator::blockFreeingThreadMain): Use the DeadBlock class
      since HeapBlock is a template, and not a class, now. Call destroy()
      instead of monkeying around with DeadBlock's internal data because
      encapsulation is good.
      
      * heap/BlockAllocator.h:
      (DeadBlock): Added a class to represent a dead block, since HeapBlock is
      a template now, and can't be instantiated directly.
      
      (JSC::DeadBlock::DeadBlock):
      (JSC::DeadBlock::create):
      (BlockAllocator):
      (JSC::BlockAllocator::allocate):
      (JSC::BlockAllocator::deallocate): Use the DeadBlock class because
      encapsulation is good.
      
      * heap/CopiedBlock.h:
      (CopiedBlock::destroy): No need for a destroy() function, since we
      inherit one now.
      
      (JSC::CopiedBlock::CopiedBlock):
      (JSC::CopiedBlock::payloadEnd):
      (JSC::CopiedBlock::capacity): Updated for some encapsulation inside
      HeapBlock.
      
      * heap/CopiedSpace.cpp:
      (JSC::CopiedSpace::~CopiedSpace):
      (JSC::CopiedSpace::doneCopying):
      (JSC::CopiedSpace::size):
      (JSC::CopiedSpace::capacity):
      (JSC::isBlockListPagedOut): Removed a bunch of casting. This is no longer
      necessary, now that our list and its nodes have the right type.
      
      * heap/CopiedSpace.h: Use the right type in our data structures because
      it improves clarity.
      
      * heap/CopiedSpaceInlineMethods.h:
      (JSC::CopiedSpace::startedCopying): Use swap to avoid duplicating it.
      
      * heap/HeapBlock.h:
      (HeapBlock): Made this a class template so we can return the right type
      in linked list operations. Made our data private because encapsulation
      is good.
      
      (JSC::HeapBlock::destroy): Since we know our type, we can also eliminate
      duplicate destroy() functions in our subclasses.
      
      (JSC::HeapBlock::allocation): Added an accessor so we can hide our data.
      By using const, this accessor prevents clients from accidentally deleting
      our allocation.
      
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::isPagedOut):
      (JSC::MarkedAllocator::tryAllocateHelper):
      (JSC::MarkedAllocator::removeBlock): Removed a bunch of casting. This is
      no longer necessary, now that our list and its nodes have the right type.
      
      * heap/MarkedAllocator.h:
      (MarkedAllocator):
      (JSC::MarkedAllocator::reset):
      (JSC::MarkedAllocator::forEachBlock): Use the right type, do less casting.
      
      * heap/MarkedBlock.cpp: 
      (JSC::MarkedBlock::destroy): Removed this function because our parent
      class provides it for us now.
      
      (JSC::MarkedBlock::MarkedBlock):
      * heap/MarkedBlock.h:
      (MarkedBlock):
      (JSC::MarkedBlock::capacity): Updated for encapsulation.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@124250 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      dd7793a8
  5. 30 Jul, 2012 2 commits
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r124123. · 764c9fb1
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/124123
      https://bugs.webkit.org/show_bug.cgi?id=92700
      
      ASSERT crashes terminate webkit Layout tests (Requested by
      msaboff on #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2012-07-30
      
      * heap/Heap.cpp:
      * heap/Heap.h:
      (Heap):
      * heap/IncrementalSweeper.cpp:
      (JSC::IncrementalSweeper::doSweep):
      (JSC::IncrementalSweeper::startSweeping):
      (JSC::IncrementalSweeper::IncrementalSweeper):
      (JSC):
      * heap/IncrementalSweeper.h:
      (IncrementalSweeper):
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::tryAllocateHelper):
      (JSC::MarkedAllocator::addBlock):
      * heap/MarkedAllocator.h:
      (JSC::MarkedAllocator::zapFreeList):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::sweepHelper):
      * heap/MarkedSpace.cpp:
      * heap/MarkedSpace.h:
      (JSC::MarkedSpace::sweep):
      (JSC):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::~JSGlobalData):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@124141 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      764c9fb1
    • mhahnenberg@apple.com's avatar
      Structures should be swept after all other objects · 3c1699eb
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=92679
      
      Reviewed by Filip Pizlo.
      
      In order to get rid of ClassInfo from our objects, we need to be able to safely get the 
      ClassInfo during the destruction of objects. We'd like to get the ClassInfo out of the 
      Structure, but currently it is not safe to do so because the order of destruction of objects 
      is not guaranteed to sweep objects before their corresponding Structure. We can fix this by 
      sweeping Structures after everything else.
      
      * heap/Heap.cpp:
      (JSC::Heap::isSafeToSweepStructures): Add a function that checks if it is safe to sweep Structures.
      If the Heap's IncrementalSweeper member is null, that means we're shutting down this VM and it is 
      safe to sweep structures since we'll always do Structures last anyways due to the ordering of 
      MarkedSpace::forEachBlock.
      (JSC):
      (JSC::Heap::didStartVMShutdown): Add this intermediate function to the Heap that ~JSGlobalData now
      calls rather than calling the two HeapTimer objects individually. This allows the Heap to null out 
      these pointers after it has invalidated them to prevent accidental use-after-free in the sweep() 
      calls during lastChanceToFinalize().
      * heap/Heap.h:
      (Heap):
      * heap/HeapTimer.h:
      (HeapTimer):
      * heap/IncrementalSweeper.cpp:
      (JSC::IncrementalSweeper::structuresCanBeSwept): Determines if it is currently safe to sweep Structures.
      This decision is based on whether we have gotten to the end of the vector of blocks that need sweeping
      the first time.
      (JSC):
      (JSC::IncrementalSweeper::doSweep): We add a second pass over the vector to sweep Structures after we 
      make our first pass. We now null out the slots as we sweep them so that we can quickly find the 
      Structures during the second pass.
      (JSC::IncrementalSweeper::startSweeping): Initialize our new Structure sweeping index.
      (JSC::IncrementalSweeper::willFinishSweeping): Callback that is called by MarkedSpace::sweep to notify 
      the IncrementalSweeper that we are going to sweep all of the remaining blocks in the Heap so it can 
      assume that everything is taken care of in the correct order. Since MarkedSpace::forEachBlock 
      iterates over the Structure blocks after all other blocks, the ordering property for sweeping Structures holds.
      (JSC::IncrementalSweeper::IncrementalSweeper): Initialize Structure sweeping index.
      * heap/IncrementalSweeper.h: Add declarations for new stuff.
      (IncrementalSweeper):
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::tryAllocateHelper): We now check if the current block only contains structures and 
      if so and it isn't safe to sweep Structures according to the Heap, we just return early instead of doing 
      the normal lazy sweep. If this proves to be too much of a waste in the future we can add an extra clause that 
      will sweep some number of other blocks in place of the current block to mitigate the cost of the floating 
      Structure garbage.
      (JSC::MarkedAllocator::addBlock):
      * heap/MarkedAllocator.h:
      (JSC::MarkedAllocator::zapFreeList): When we zap the free list in the MarkedAllocator, the current block is no 
      longer valid to allocate from, so we set the current block to null.
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::sweepHelper): Added a couple assertions to make sure that we weren't trying to sweep Structures
      at an unsafe time.
      * heap/MarkedSpace.cpp:
      (JSC::MarkedSpace::sweep): Notify the IncrementalSweeper that the MarkedSpace will finish all currently remaining sweeping.
      (JSC): 
      * heap/MarkedSpace.h:
      (JSC):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::~JSGlobalData): Call the new Heap::didStartVMShutdown.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@124123 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3c1699eb
  6. 27 Jul, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Split functionality of MarkedAllocator::m_currentBlock · 7f5b959a
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=92550
      
      Reviewed by Filip Pizlo.
      
      MarkedAllocator::m_currentBlock serves two purposes right now; it indicates the block that is currently 
      being used for allocation and the beginning of the list of blocks that need to be swept. We should split 
      these two functionalities into two separate fields.
      
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::tryAllocateHelper): Use m_blocksToSweep instead of m_currentBlock as the 
      initializer/reference of the loop. Only change m_currentBlock when we know what the result will be.
      (JSC::MarkedAllocator::addBlock): When we add a new block we know that both m_blocksToSweep and 
      m_currentBlock are null. In order to preserve the invariant that m_currentBlock <= m_blocksToSweep, 
      we assign both of them to point to the new block.
      (JSC::MarkedAllocator::removeBlock): We need a separate check to see if the block we're removing is 
      m_blocksToSweep and if so, advance it to the next block in the list.
      * heap/MarkedAllocator.h:
      (MarkedAllocator): Initialize m_blocksToSweep.
      (JSC::MarkedAllocator::MarkedAllocator):
      (JSC::MarkedAllocator::reset): We set m_blocksToSweep to be the head of our list. This function is called
      at the end of a collection, so all of the blocks in our allocator need to be swept. We need to sweep a 
      block before we can start allocating, so m_currentBlock is set to null. We also set the freeList to 
      the empty FreeList to emphasize the fact that we can't start allocating until we do some sweeping.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@123931 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7f5b959a
  7. 26 Jul, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Allocate Structures in a separate part of the Heap · b44a7f0d
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=92420
      
      Reviewed by Filip Pizlo.
      
      To fix our issue with destruction/finalization of Structures before their objects, we can move Structures to a separate 
      part of the Heap that will be swept after all other objects. This first patch will just be separating Structures 
      out into their own separate MarkedAllocator. Everything else will behave identically.
      
      * heap/Heap.h: New function to allocate Structures in the Heap.
      (Heap):
      (JSC):
      (JSC::Heap::allocateStructure):
      * heap/MarkedAllocator.cpp: Pass whether or not we're allocated Structures to the MarkedBlock.
      (JSC::MarkedAllocator::allocateBlock):
      * heap/MarkedAllocator.h: Add tracking for whether or not we're allocating only Structures.
      (JSC::MarkedAllocator::onlyContainsStructures):
      (MarkedAllocator):
      (JSC::MarkedAllocator::MarkedAllocator):
      (JSC::MarkedAllocator::init):
      * heap/MarkedBlock.cpp: Add tracking for whether or not we're allocating only Structures. We need this to be able to 
      distinguish the various MarkedBlock types in MarkedSpace::allocatorFor(MarkedBlock*).
      (JSC::MarkedBlock::create):
      (JSC::MarkedBlock::MarkedBlock):
      * heap/MarkedBlock.h:
      (MarkedBlock):
      (JSC::MarkedBlock::onlyContainsStructures):
      (JSC):
      * heap/MarkedSpace.cpp: Include the new Structure allocator in all the places that all the other allocators are used/modified.
      (JSC::MarkedSpace::MarkedSpace):
      (JSC::MarkedSpace::resetAllocators):
      (JSC::MarkedSpace::canonicalizeCellLivenessData):
      (JSC::MarkedSpace::isPagedOut):
      * heap/MarkedSpace.h: Add new MarkedAllocator just for Structures.
      (MarkedSpace):
      (JSC::MarkedSpace::allocatorFor):
      (JSC::MarkedSpace::allocateStructure):
      (JSC):
      (JSC::MarkedSpace::forEachBlock):
      * runtime/Structure.h: Move all of the functions that call allocateCell<Structure> down below the explicit template specialization
      for allocateCell<Structure>. The new inline specialization for allocateCell directly calls the allocateStructure() function in the
      Heap.
      (Structure):
      (JSC::Structure):
      (JSC):
      (JSC::Structure::create):
      (JSC::Structure::createStructure):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@123813 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b44a7f0d
  8. 08 May, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Heap should not continually allocate new pages in steady state · 3e7e4e00
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=85936
      
      Reviewed by Geoff Garen.
      
      Currently, in steady state (i.e. a constant amount of live GC 
      memory with a constant rate of allocation) assuming we've just 
      finished a collection with X live blocks in CopiedSpace, we 
      increase our working set by X blocks in CopiedSpace with each 
      collection we perform. This is due to the fact that we allocate 
      until we run out of free blocks to use in the Heap before we 
      consider whether we should run a collection. 
      
      In the longer term, this issue will be mostly resolved by 
      implementing quick release for the CopiedSpace. In the shorter 
      term, we should change our policy to check whether we should 
      allocate before trying to use a free block from the Heap. We 
      can change our policy to something more appropriate once we 
      have implemented quick release.
      
      This change should also have the convenient side effect of 
      reducing the variance in GC-heavy tests (e.g. v8-splay) due 
      to fact that we are doing less VM allocation during copying 
      collection. Overall, this patch is performance neutral across 
      the benchmarks we track.
      
      * heap/CopiedSpace.cpp: 
      (JSC::CopiedSpace::getFreshBlock): Shuffle the request from the BlockAllocator
      around so that we only do it if the block request must succeed 
      i.e. after we've already checked whether we should do a collection.
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::allocateSlowCase): Ditto.
      (JSC::MarkedAllocator::allocateBlock): We no longer have a failure mode in this 
      function because by the time we've called it, we've already checked whether we 
      should run a collection so there's no point in returning null.
      * heap/MarkedAllocator.h: Removing old arguments from function declaration.
      (MarkedAllocator):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@116484 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3e7e4e00
  9. 02 May, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Opportunistic GC should give up if the Heap is paged out · 2e132e42
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=85411
      
      Reviewed by Filip Pizlo.
      
      Opportunistic GC is punishing us severely in limited memory situations because its 
      assumptions about how much time a collection will take are way out of whack when the Heap 
      has been paged out by the OS. We should add a simple detection function to the Heap that 
      detects if its is paged out. It will do this by iterating each block of both the MarkedSpace 
      and CopiedSpace. If that operation takes longer than a fixed amount of time (e.g. 100ms), 
      the function returns true. This function will only be run prior to an opportunistic 
      collection (i.e. it will not run during our normal allocation-triggered collections).
      
      In my tests, steady state was drastically improved in high memory pressure situations (i.e. 
      the browser was still usable, significant reduction in SPODs). Occasionally, a normal GC
      would be triggered due to pages doing things in the background, which would cause a 
      significant pause. As we close pages we now cause normal collections rather than full 
      collections, which prevents us from collecting all of the dead memory immediately. One 
      nice way to deal with this issue might be to do incremental sweeping.
      
      
      * heap/CopiedSpace.cpp:
      (JSC::isBlockListPagedOut): Helper function to reduce code duplication when iterating over 
      to-space, from-space, and the oversize blocks.
      (JSC):
      (JSC::CopiedSpace::isPagedOut): Tries to determine whether or not CopiedSpace is paged out
      by iterating all of the blocks.
      * heap/CopiedSpace.h:
      (CopiedSpace):
      * heap/Heap.cpp:
      (JSC::Heap::isPagedOut): Tries to determine whether the Heap is paged out by asking the 
      MarkedSpace and CopiedSpace if they are paged out.
      (JSC):
      * heap/Heap.h:
      (Heap):
      (JSC::Heap::increaseLastGCLength): Added this so that the GC timer can linearly back off 
      each time it determines that the Heap is paged out.
      * heap/MarkedAllocator.cpp:
      (JSC::MarkedAllocator::isPagedOut): Tries to determine if this particular MarkedAllocator's
      list of blocks are paged out.
      (JSC):
      * heap/MarkedAllocator.h:
      (MarkedAllocator):
      * heap/MarkedSpace.cpp:
      (JSC::MarkedSpace::isPagedOut): For each MarkedAllocator, check to see if they're paged out.
      * heap/MarkedSpace.h:
      (MarkedSpace):
      * runtime/GCActivityCallback.cpp:
      (JSC::DefaultGCActivityCallback::cancel):
      (JSC):
      * runtime/GCActivityCallback.h:
      (JSC::GCActivityCallback::cancel):
      (DefaultGCActivityCallback):
      * runtime/GCActivityCallbackCF.cpp: Added a constant of 100ms for the timeout in determining
      whether the Heap is paged out or not.
      (JSC):
      (JSC::DefaultGCActivityCallbackPlatformData::timerDidFire): Added the check to see if we 
      should attempt a collection based on whether or not we can iterate the blocks of the Heap in 
      100ms. If we can't, we cancel the timer and tell the Heap we just wasted 100ms more trying to 
      do a collection. This gives us a nice linear backoff so we're not constantly re-trying in
      steady state paged-out-ness.
      (JSC::DefaultGCActivityCallback::cancel): Added this function which, while currently doing 
      exactly the same thing as willCollect, is more obvious as to what it's doing when we call it 
      in timerDidFire.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@115915 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2e132e42
  10. 24 Apr, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      GC Activity Callback timer should be based on how much has been allocated since the last collection · 98daed04
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=84763
      
      Reviewed by Geoffrey Garen.
      
      The desired behavior for the GC timer is to collect at some point in the future, 
      regardless of how little we've allocated. A secondary goal, which is almost if not 
      as important, is for the timer to collect sooner if there is the potential to 
      collect a greater amount of memory. Conversely, as we allocate more memory we'd 
      like to reduce the delay to the next collection. If we're allocating quickly enough, 
      the timer should be preempted in favor of a normal allocation-triggered collection. 
      If allocation were to slow or stop, we'd like the timer to be able to opportunistically 
      run a collection without us having to allocate to the hard limit set by the Heap.
      
      This type of policy can be described in terms of the amount of CPU we are willing 
      to dedicate to reclaim a single MB of memory. For example, we might be willing to 
      dedicate 1% of our CPU to reclaim 1 MB. We base our CPU usage off of the length of 
      the last collection, e.g. if our last collection took 1ms, we would want to wait about 
      100ms before running another collection to reclaim 1 MB. These constants should be 
      tune-able, e.g. 0.1% CPU = 1 MB vs. 1% CPU = 1 MB vs. 10% CPU = 1 MB.
      
      * API/JSBase.cpp: Use the new reportAbandonedObjectGraph.
      (JSGarbageCollect):
      * API/JSContextRef.cpp: Ditto.
      * heap/Heap.cpp:
      (JSC::Heap::Heap):
      (JSC::Heap::reportAbandonedObjectGraph): Similar to reportExtraMemoryCost. Clients call
      this function to notify the Heap that some unknown number of JSC objects might have just 
      been abandoned and are now garbage. The Heap might schedule a new collection timer based 
      on this notification.
      (JSC):
      (JSC::Heap::collect): Renamed m_lastFullGCSize to the less confusing m_sizeAfterLastCollect.
      * heap/Heap.h:
      (Heap):
      * heap/MarkedAllocator.h:
      (JSC::MarkedAllocator::zapFreeList): Fixed a bug in zapFreeList that failed to nullify the 
      current allocator's FreeList once zapping was complete.
      * runtime/GCActivityCallback.cpp: Removed didAbandonObjectGraph because it was replaced by 
      Heap::reportAbandonedObjectGraph.
      (JSC):
      * runtime/GCActivityCallback.h:
      (JSC::GCActivityCallback::willCollect):
      (DefaultGCActivityCallback):
      * runtime/GCActivityCallbackCF.cpp: Refactored the GC timer code so that we now schedule the 
      timer based on how much we have allocated since the last collection up to a certain amount. 
      We use the length of the previous GC to try to keep our total cost of opportunistic timer-triggered
      collections around 1% of the CPU per MB of garbage we expect to reclaim up to a maximum of 5 MB.
      (DefaultGCActivityCallbackPlatformData):
      (JSC):
      (JSC::DefaultGCActivityCallback::~DefaultGCActivityCallback):
      (JSC::DefaultGCActivityCallback::commonConstructor):
      (JSC::scheduleTimer):
      (JSC::cancelTimer):
      (JSC::DefaultGCActivityCallback::didAllocate):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@115156 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      98daed04
  11. 19 Apr, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      We're collecting pathologically due to small allocations · 8b5cfd3b
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=84404
      
      Reviewed by Geoffrey Garen.
      
      No change in performance on run-jsc-benchmarks.
      
      * dfg/DFGSpeculativeJIT.h: Replacing m_firstFreeCell with m_freeList.
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
      * heap/CopiedSpace.cpp: Getting rid of any water mark related stuff, since it's no 
      longer useful. 
      (JSC::CopiedSpace::CopiedSpace):
      (JSC::CopiedSpace::tryAllocateSlowCase): We now only call didAllocate here rather than 
      carrying out a somewhat complicated accounting job for our old water mark throughout CopiedSpace.
      (JSC::CopiedSpace::tryAllocateOversize):  Call the new didAllocate to notify the Heap of 
      newly allocated stuff.
      (JSC::CopiedSpace::tryReallocateOversize):
      (JSC::CopiedSpace::doneFillingBlock):
      (JSC::CopiedSpace::doneCopying):
      (JSC::CopiedSpace::destroy):
      * heap/CopiedSpace.h:
      (CopiedSpace):
      * heap/CopiedSpaceInlineMethods.h:
      (JSC::CopiedSpace::startedCopying):
      * heap/Heap.cpp: Removed water mark related stuff, replaced with new bytesAllocated and 
      bytesAllocatedLimit to track how much memory has been allocated since the last collection.
      (JSC::Heap::Heap):
      (JSC::Heap::reportExtraMemoryCostSlowCase):
      (JSC::Heap::collect): We now set the new limit of bytes that we can allocate before triggering 
      a collection to be the size of the Heap after the previous collection. Thus, we still have our 
      2x allocation amount.
      (JSC::Heap::didAllocate): Notifies the GC activity timer of how many bytes have been allocated 
      thus far and then adds the new number of bytes to the current total.
      (JSC):
      * heap/Heap.h: Removed water mark related stuff.
      (JSC::Heap::notifyIsSafeToCollect):
      (Heap):
      (JSC::Heap::shouldCollect):
      (JSC):
      * heap/MarkedAllocator.cpp: 
      (JSC::MarkedAllocator::tryAllocateHelper): Refactored to use MarkedBlock's new FreeList struct.
      (JSC::MarkedAllocator::allocateSlowCase):
      (JSC::MarkedAllocator::addBlock):
      * heap/MarkedAllocator.h: 
      (MarkedAllocator):
      (JSC::MarkedAllocator::MarkedAllocator):
      (JSC::MarkedAllocator::allocate): 
      (JSC::MarkedAllocator::zapFreeList): Refactored to take in a FreeList instead of a FreeCell.
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::specializedSweep):
      (JSC::MarkedBlock::sweep):
      (JSC::MarkedBlock::sweepHelper):
      (JSC::MarkedBlock::zapFreeList):
      * heap/MarkedBlock.h:
      (FreeList): Added a new struct that keeps track of the current MarkedAllocator's
      free list including the number of bytes of stuff in the free list so that when the free list is 
      exhausted, the correct amount can be reported to Heap.
      (MarkedBlock):
      (JSC::MarkedBlock::FreeList::FreeList):
      (JSC):
      * heap/MarkedSpace.cpp: Removing all water mark related stuff.
      (JSC::MarkedSpace::MarkedSpace):
      (JSC::MarkedSpace::resetAllocators):
      * heap/MarkedSpace.h:
      (MarkedSpace):
      (JSC):
      * heap/WeakSet.cpp:
      (JSC::WeakSet::findAllocator): Refactored to use the didAllocate interface with the Heap. This 
      function still needs work though now that the Heap knows how many bytes have been allocated 
      since the last collection.
      * jit/JITInlineMethods.h: Refactored to use MarkedBlock's new FreeList struct.
      (JSC::JIT::emitAllocateBasicJSObject): Ditto.
      * llint/LowLevelInterpreter.asm: Ditto.
      * runtime/GCActivityCallback.cpp: 
      (JSC::DefaultGCActivityCallback::didAllocate): 
      * runtime/GCActivityCallback.h:
      (JSC::GCActivityCallback::didAllocate): Renamed willAllocate to didAllocate to indicate that 
      the allocation that is being reported has already taken place.
      (DefaultGCActivityCallback):
      * runtime/GCActivityCallbackCF.cpp:
      (JSC):
      (JSC::DefaultGCActivityCallback::didAllocate): Refactored to return early if the amount of 
      allocation since the last collection is not above a threshold (initially arbitrarily chosen to 
      be 128KB). 
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@114698 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8b5cfd3b
  12. 21 Feb, 2012 2 commits
    • fpizlo@apple.com's avatar
      JSC should be a triple-tier VM · 7bbcaab7
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=75812
      <rdar://problem/10079694>
      
      Source/JavaScriptCore: 
      
      Reviewed by Gavin Barraclough.
              
      Implemented an interpreter that uses the JIT's calling convention. This
      interpreter is called LLInt, or the Low Level Interpreter. JSC will now
      will start by executing code in LLInt and will only tier up to the old
      JIT after the code is proven hot.
              
      LLInt is written in a modified form of our macro assembly. This new macro
      assembly is compiled by an offline assembler (see offlineasm), which
      implements many modern conveniences such as a Turing-complete CPS-based
      macro language and direct access to relevant C++ type information
      (basically offsets of fields and sizes of structs/classes).
              
      Code executing in LLInt appears to the rest of the JSC world "as if" it
      were executing in the old JIT. Hence, things like exception handling and
      cross-execution-engine calls just work and require pretty much no
      additional overhead.
              
      This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
      V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
      V8, and Kraken, but appear to get a double-digit improvement on real-world
      websites due to a huge reduction in the amount of JIT'ing.
              
      * CMakeLists.txt:
      * GNUmakefile.am:
      * GNUmakefile.list.am:
      * JavaScriptCore.pri:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
      * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/LinkBuffer.h:
      * assembler/MacroAssemblerCodeRef.h:
      (MacroAssemblerCodePtr):
      (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
      * bytecode/BytecodeConventions.h: Added.
      * bytecode/CallLinkStatus.cpp:
      (JSC::CallLinkStatus::computeFromLLInt):
      (JSC):
      (JSC::CallLinkStatus::computeFor):
      * bytecode/CallLinkStatus.h:
      (JSC::CallLinkStatus::isSet):
      (JSC::CallLinkStatus::operator!):
      (CallLinkStatus):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::~CodeBlock):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::stronglyVisitStrongReferences):
      (JSC):
      (JSC::CodeBlock::unlinkCalls):
      (JSC::CodeBlock::unlinkIncomingCalls):
      (JSC::CodeBlock::bytecodeOffset):
      (JSC::ProgramCodeBlock::jettison):
      (JSC::EvalCodeBlock::jettison):
      (JSC::FunctionCodeBlock::jettison):
      (JSC::ProgramCodeBlock::jitCompileImpl):
      (JSC::EvalCodeBlock::jitCompileImpl):
      (JSC::FunctionCodeBlock::jitCompileImpl):
      * bytecode/CodeBlock.h:
      (JSC):
      (CodeBlock):
      (JSC::CodeBlock::baselineVersion):
      (JSC::CodeBlock::linkIncomingCall):
      (JSC::CodeBlock::bytecodeOffset):
      (JSC::CodeBlock::jitCompile):
      (JSC::CodeBlock::hasOptimizedReplacement):
      (JSC::CodeBlock::addPropertyAccessInstruction):
      (JSC::CodeBlock::addGlobalResolveInstruction):
      (JSC::CodeBlock::addLLIntCallLinkInfo):
      (JSC::CodeBlock::addGlobalResolveInfo):
      (JSC::CodeBlock::numberOfMethodCallLinkInfos):
      (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
      (JSC::CodeBlock::likelyToTakeSlowCase):
      (JSC::CodeBlock::couldTakeSlowCase):
      (JSC::CodeBlock::likelyToTakeSpecialFastCase):
      (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
      (JSC::CodeBlock::likelyToTakeAnySlowCase):
      (JSC::CodeBlock::addFrequentExitSite):
      (JSC::CodeBlock::dontJITAnytimeSoon):
      (JSC::CodeBlock::jitAfterWarmUp):
      (JSC::CodeBlock::jitSoon):
      (JSC::CodeBlock::llintExecuteCounter):
      (ProgramCodeBlock):
      (EvalCodeBlock):
      (FunctionCodeBlock):
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeFromLLInt):
      (JSC):
      (JSC::GetByIdStatus::computeFor):
      * bytecode/GetByIdStatus.h:
      (JSC::GetByIdStatus::GetByIdStatus):
      (JSC::GetByIdStatus::wasSeenInJIT):
      (GetByIdStatus):
      * bytecode/Instruction.h:
      (JSC):
      (JSC::Instruction::Instruction):
      (Instruction):
      * bytecode/LLIntCallLinkInfo.h: Added.
      (JSC):
      (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo):
      (LLIntCallLinkInfo):
      (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo):
      (JSC::LLIntCallLinkInfo::isLinked):
      (JSC::LLIntCallLinkInfo::unlink):
      * bytecode/MethodCallLinkStatus.cpp:
      (JSC::MethodCallLinkStatus::computeFor):
      * bytecode/Opcode.cpp:
      (JSC):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/PutByIdStatus.cpp:
      (JSC::PutByIdStatus::computeFromLLInt):
      (JSC):
      (JSC::PutByIdStatus::computeFor):
      * bytecode/PutByIdStatus.h:
      (PutByIdStatus):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveWithBase):
      (JSC::BytecodeGenerator::emitGetById):
      (JSC::BytecodeGenerator::emitPutById):
      (JSC::BytecodeGenerator::emitDirectPutById):
      (JSC::BytecodeGenerator::emitCall):
      (JSC::BytecodeGenerator::emitConstruct):
      (JSC::BytecodeGenerator::emitCatch):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOperations.cpp:
      * heap/Heap.h:
      (JSC):
      (JSC::Heap::firstAllocatorWithoutDestructors):
      (Heap):
      * heap/MarkStack.cpp:
      (JSC::visitChildren):
      * heap/MarkedAllocator.h:
      (JSC):
      (MarkedAllocator):
      * heap/MarkedSpace.h:
      (JSC):
      (MarkedSpace):
      (JSC::MarkedSpace::firstAllocator):
      * interpreter/CallFrame.cpp:
      (JSC):
      (JSC::CallFrame::bytecodeOffsetForNonDFGCode):
      (JSC::CallFrame::setBytecodeOffsetForNonDFGCode):
      (JSC::CallFrame::currentVPC):
      (JSC::CallFrame::setCurrentVPC):
      (JSC::CallFrame::trueCallerFrame):
      * interpreter/CallFrame.h:
      (JSC::ExecState::hasReturnPC):
      (JSC::ExecState::clearReturnPC):
      (ExecState):
      (JSC::ExecState::bytecodeOffsetForNonDFGCode):
      (JSC::ExecState::currentVPC):
      (JSC::ExecState::setCurrentVPC):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::Interpreter):
      (JSC::Interpreter::~Interpreter):
      (JSC):
      (JSC::Interpreter::initialize):
      (JSC::Interpreter::isOpcode):
      (JSC::Interpreter::unwindCallFrame):
      (JSC::getCallerInfo):
      (JSC::Interpreter::privateExecute):
      (JSC::Interpreter::retrieveLastCaller):
      * interpreter/Interpreter.h:
      (JSC):
      (Interpreter):
      (JSC::Interpreter::getOpcode):
      (JSC::Interpreter::getOpcodeID):
      (JSC::Interpreter::classicEnabled):
      * interpreter/RegisterFile.h:
      (JSC):
      (RegisterFile):
      * jit/ExecutableAllocator.h:
      (JSC):
      * jit/HostCallReturnValue.cpp: Added.
      (JSC):
      (JSC::getHostCallReturnValueWithExecState):
      * jit/HostCallReturnValue.h: Added.
      (JSC):
      (JSC::initializeHostCallReturnValue):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      (JSC::JIT::privateCompile):
      * jit/JITCode.h:
      (JSC::JITCode::isOptimizingJIT):
      (JITCode):
      (JSC::JITCode::isBaselineCode):
      (JSC::JITCode::JITCode):
      * jit/JITDriver.h:
      (JSC::jitCompileIfAppropriate):
      (JSC::jitCompileFunctionIfAppropriate):
      * jit/JITExceptions.cpp:
      (JSC::jitThrow):
      * jit/JITInlineMethods.h:
      (JSC::JIT::updateTopCallFrame):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC):
      * jit/JITStubs.h:
      (JSC):
      * jit/JSInterfaceJIT.h:
      * llint: Added.
      * llint/LLIntCommon.h: Added.
      * llint/LLIntData.cpp: Added.
      (LLInt):
      (JSC::LLInt::Data::Data):
      (JSC::LLInt::Data::performAssertions):
      (JSC::LLInt::Data::~Data):
      * llint/LLIntData.h: Added.
      (JSC):
      (LLInt):
      (Data):
      (JSC::LLInt::Data::exceptionInstructions):
      (JSC::LLInt::Data::opcodeMap):
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntEntrypoints.cpp: Added.
      (LLInt):
      (JSC::LLInt::getFunctionEntrypoint):
      (JSC::LLInt::getEvalEntrypoint):
      (JSC::LLInt::getProgramEntrypoint):
      * llint/LLIntEntrypoints.h: Added.
      (JSC):
      (LLInt):
      (JSC::LLInt::getEntrypoint):
      * llint/LLIntExceptions.cpp: Added.
      (LLInt):
      (JSC::LLInt::interpreterThrowInCaller):
      (JSC::LLInt::returnToThrowForThrownException):
      (JSC::LLInt::returnToThrow):
      (JSC::LLInt::callToThrow):
      * llint/LLIntExceptions.h: Added.
      (JSC):
      (LLInt):
      * llint/LLIntOfflineAsmConfig.h: Added.
      * llint/LLIntOffsetsExtractor.cpp: Added.
      (JSC):
      (LLIntOffsetsExtractor):
      (JSC::LLIntOffsetsExtractor::dummy):
      (main):
      * llint/LLIntSlowPaths.cpp: Added.
      (LLInt):
      (JSC::LLInt::llint_trace_operand):
      (JSC::LLInt::llint_trace_value):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::traceFunctionPrologue):
      (JSC::LLInt::shouldJIT):
      (JSC::LLInt::entryOSR):
      (JSC::LLInt::resolveGlobal):
      (JSC::LLInt::getByVal):
      (JSC::LLInt::handleHostCall):
      (JSC::LLInt::setUpCall):
      (JSC::LLInt::genericCall):
      * llint/LLIntSlowPaths.h: Added.
      (JSC):
      (LLInt):
      * llint/LLIntThunks.cpp: Added.
      (LLInt):
      (JSC::LLInt::generateThunkWithJumpTo):
      (JSC::LLInt::functionForCallEntryThunkGenerator):
      (JSC::LLInt::functionForConstructEntryThunkGenerator):
      (JSC::LLInt::functionForCallArityCheckThunkGenerator):
      (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
      (JSC::LLInt::evalEntryThunkGenerator):
      (JSC::LLInt::programEntryThunkGenerator):
      * llint/LLIntThunks.h: Added.
      (JSC):
      (LLInt):
      * llint/LowLevelInterpreter.asm: Added.
      * llint/LowLevelInterpreter.cpp: Added.
      * llint/LowLevelInterpreter.h: Added.
      * offlineasm: Added.
      * offlineasm/armv7.rb: Added.
      * offlineasm/asm.rb: Added.
      * offlineasm/ast.rb: Added.
      * offlineasm/backends.rb: Added.
      * offlineasm/generate_offset_extractor.rb: Added.
      * offlineasm/instructions.rb: Added.
      * offlineasm/offset_extractor_constants.rb: Added.
      * offlineasm/offsets.rb: Added.
      * offlineasm/opt.rb: Added.
      * offlineasm/parser.rb: Added.
      * offlineasm/registers.rb: Added.
      * offlineasm/self_hash.rb: Added.
      * offlineasm/settings.rb: Added.
      * offlineasm/transform.rb: Added.
      * offlineasm/x86.rb: Added.
      * runtime/CodeSpecializationKind.h: Added.
      (JSC):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::arityCheckFor):
      (CommonSlowPaths):
      * runtime/Executable.cpp:
      (JSC::jettisonCodeBlock):
      (JSC):
      (JSC::EvalExecutable::jitCompile):
      (JSC::samplingDescription):
      (JSC::EvalExecutable::compileInternal):
      (JSC::ProgramExecutable::jitCompile):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::FunctionExecutable::baselineCodeBlockFor):
      (JSC::FunctionExecutable::jitCompileForCall):
      (JSC::FunctionExecutable::jitCompileForConstruct):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
      * runtime/Executable.h:
      (JSC):
      (EvalExecutable):
      (ProgramExecutable):
      (FunctionExecutable):
      (JSC::FunctionExecutable::jitCompileFor):
      * runtime/ExecutionHarness.h: Added.
      (JSC):
      (JSC::prepareForExecution):
      (JSC::prepareFunctionForExecution):
      * runtime/JSArray.h:
      (JSC):
      (JSArray):
      * runtime/JSCell.h:
      (JSC):
      (JSCell):
      * runtime/JSFunction.h:
      (JSC):
      (JSFunction):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSC):
      (JSGlobalData):
      * runtime/JSGlobalObject.h:
      (JSC):
      (JSGlobalObject):
      * runtime/JSObject.h:
      (JSC):
      (JSObject):
      (JSFinalObject):
      * runtime/JSPropertyNameIterator.h:
      (JSC):
      (JSPropertyNameIterator):
      * runtime/JSString.h:
      (JSC):
      (JSString):
      * runtime/JSTypeInfo.h:
      (JSC):
      (TypeInfo):
      * runtime/JSValue.cpp:
      (JSC::JSValue::description):
      * runtime/JSValue.h:
      (LLInt):
      (JSValue):
      * runtime/JSVariableObject.h:
      (JSC):
      (JSVariableObject):
      * runtime/Options.cpp:
      (Options):
      (JSC::Options::initializeOptions):
      * runtime/Options.h:
      (Options):
      * runtime/ScopeChain.h:
      (JSC):
      (ScopeChainNode):
      * runtime/Structure.cpp:
      (JSC::Structure::addPropertyTransition):
      * runtime/Structure.h:
      (JSC):
      (Structure):
      * runtime/StructureChain.h:
      (JSC):
      (StructureChain):
      * wtf/InlineASM.h:
      * wtf/Platform.h:
      * wtf/SentinelLinkedList.h:
      (SentinelLinkedList):
      (WTF::SentinelLinkedList::isEmpty):
      * wtf/text/StringImpl.h:
      (JSC):
      (StringImpl):
      
      Source/WebCore: 
      
      Reviewed by Gavin Barraclough.
              
      No new tests, because there is no change in behavior.
      
      * CMakeLists.txt:
      
      Source/WebKit: 
      
      Reviewed by Gavin Barraclough.
      
      Changed EFL's build system to include a new directory in JavaScriptCore.
              
      * CMakeLists.txt:
      
      Tools: 
      
      Reviewed by Gavin Barraclough.
      
      Changed EFL's build system to include a new directory in JavaScriptCore.
      
      * DumpRenderTree/efl/CMakeLists.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108444 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7bbcaab7
    • aroben@apple.com's avatar
      Roll out r108309, r108323, and r108326 · e089d623
      aroben@apple.com authored
      They broke the 32-bit Lion build.
      
      Original bugs is <http://webkit.org/b/75812> <rdar://problem/10079694>.
      
      Source/JavaScriptCore:
      
      * CMakeLists.txt:
      * GNUmakefile.am:
      * GNUmakefile.list.am:
      * JavaScriptCore.pri:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
      * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/LinkBuffer.h:
      * assembler/MacroAssemblerCodeRef.h:
      * bytecode/BytecodeConventions.h: Removed.
      * bytecode/CallLinkStatus.cpp:
      * bytecode/CallLinkStatus.h:
      * bytecode/CodeBlock.cpp:
      * bytecode/CodeBlock.h:
      * bytecode/GetByIdStatus.cpp:
      * bytecode/GetByIdStatus.h:
      * bytecode/Instruction.h:
      * bytecode/LLIntCallLinkInfo.h: Removed.
      * bytecode/MethodCallLinkStatus.cpp:
      * bytecode/Opcode.cpp:
      * bytecode/Opcode.h:
      * bytecode/PutByIdStatus.cpp:
      * bytecode/PutByIdStatus.h:
      * bytecompiler/BytecodeGenerator.cpp:
      * dfg/DFGByteCodeParser.cpp:
      * dfg/DFGCapabilities.h:
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOperations.cpp:
      * heap/Heap.h:
      * heap/MarkStack.cpp:
      * heap/MarkedAllocator.h:
      * heap/MarkedSpace.h:
      * interpreter/CallFrame.cpp:
      * interpreter/CallFrame.h:
      * interpreter/Interpreter.cpp:
      * interpreter/Interpreter.h:
      * interpreter/RegisterFile.h:
      * jit/ExecutableAllocator.h:
      * jit/HostCallReturnValue.cpp: Removed.
      * jit/HostCallReturnValue.h: Removed.
      * jit/JIT.cpp:
      * jit/JITCode.h:
      * jit/JITDriver.h:
      * jit/JITExceptions.cpp:
      * jit/JITInlineMethods.h:
      * jit/JITStubs.cpp:
      * jit/JITStubs.h:
      * jit/JSInterfaceJIT.h:
      * llint/LLIntCommon.h: Removed.
      * llint/LLIntData.cpp: Removed.
      * llint/LLIntData.h: Removed.
      * llint/LLIntEntrypoints.cpp: Removed.
      * llint/LLIntEntrypoints.h: Removed.
      * llint/LLIntExceptions.cpp: Removed.
      * llint/LLIntExceptions.h: Removed.
      * llint/LLIntOfflineAsmConfig.h: Removed.
      * llint/LLIntOffsetsExtractor.cpp: Removed.
      * llint/LLIntSlowPaths.cpp: Removed.
      * llint/LLIntSlowPaths.h: Removed.
      * llint/LLIntThunks.cpp: Removed.
      * llint/LLIntThunks.h: Removed.
      * llint/LowLevelInterpreter.asm: Removed.
      * llint/LowLevelInterpreter.cpp: Removed.
      * llint/LowLevelInterpreter.h: Removed.
      * offlineasm/armv7.rb: Removed.
      * offlineasm/asm.rb: Removed.
      * offlineasm/ast.rb: Removed.
      * offlineasm/backends.rb: Removed.
      * offlineasm/generate_offset_extractor.rb: Removed.
      * offlineasm/instructions.rb: Removed.
      * offlineasm/offset_extractor_constants.rb: Removed.
      * offlineasm/offsets.rb: Removed.
      * offlineasm/opt.rb: Removed.
      * offlineasm/parser.rb: Removed.
      * offlineasm/registers.rb: Removed.
      * offlineasm/self_hash.rb: Removed.
      * offlineasm/settings.rb: Removed.
      * offlineasm/transform.rb: Removed.
      * offlineasm/x86.rb: Removed.
      * runtime/CodeSpecializationKind.h: Removed.
      * runtime/CommonSlowPaths.h:
      * runtime/Executable.cpp:
      * runtime/Executable.h:
      * runtime/ExecutionHarness.h: Removed.
      * runtime/JSArray.h:
      * runtime/JSCell.h:
      * runtime/JSFunction.h:
      * runtime/JSGlobalData.cpp:
      * runtime/JSGlobalData.h:
      * runtime/JSGlobalObject.h:
      * runtime/JSObject.h:
      * runtime/JSPropertyNameIterator.h:
      * runtime/JSString.h:
      * runtime/JSTypeInfo.h:
      * runtime/JSValue.cpp:
      * runtime/JSValue.h:
      * runtime/JSVariableObject.h:
      * runtime/Options.cpp:
      * runtime/Options.h:
      * runtime/ScopeChain.h:
      * runtime/Structure.cpp:
      * runtime/Structure.h:
      * runtime/StructureChain.h:
      * wtf/InlineASM.h:
      * wtf/Platform.h:
      * wtf/SentinelLinkedList.h:
      * wtf/text/StringImpl.h:
      
      Source/WebCore:
      
      * CMakeLists.txt:
      
      Source/WebKit:
      
      * CMakeLists.txt:
      
      Tools:
      
      * DumpRenderTree/efl/CMakeLists.txt:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108358 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e089d623
  13. 20 Feb, 2012 1 commit
    • fpizlo@apple.com's avatar
      JSC should be a triple-tier VM · 091129f4
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=75812
      <rdar://problem/10079694>
      
      Source/JavaScriptCore: 
      
      Reviewed by Gavin Barraclough.
              
      Implemented an interpreter that uses the JIT's calling convention. This
      interpreter is called LLInt, or the Low Level Interpreter. JSC will now
      will start by executing code in LLInt and will only tier up to the old
      JIT after the code is proven hot.
              
      LLInt is written in a modified form of our macro assembly. This new macro
      assembly is compiled by an offline assembler (see offlineasm), which
      implements many modern conveniences such as a Turing-complete CPS-based
      macro language and direct access to relevant C++ type information
      (basically offsets of fields and sizes of structs/classes).
              
      Code executing in LLInt appears to the rest of the JSC world "as if" it
      were executing in the old JIT. Hence, things like exception handling and
      cross-execution-engine calls just work and require pretty much no
      additional overhead.
              
      This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
      V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
      V8, and Kraken, but appear to get a double-digit improvement on real-world
      websites due to a huge reduction in the amount of JIT'ing.
              
      * CMakeLists.txt:
      * GNUmakefile.am:
      * GNUmakefile.list.am:
      * JavaScriptCore.pri:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
      * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/LinkBuffer.h:
      * assembler/MacroAssemblerCodeRef.h:
      (MacroAssemblerCodePtr):
      (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
      * bytecode/BytecodeConventions.h: Added.
      * bytecode/CallLinkStatus.cpp:
      (JSC::CallLinkStatus::computeFromLLInt):
      (JSC):
      (JSC::CallLinkStatus::computeFor):
      * bytecode/CallLinkStatus.h:
      (JSC::CallLinkStatus::isSet):
      (JSC::CallLinkStatus::operator!):
      (CallLinkStatus):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::~CodeBlock):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::stronglyVisitStrongReferences):
      (JSC):
      (JSC::CodeBlock::unlinkCalls):
      (JSC::CodeBlock::unlinkIncomingCalls):
      (JSC::CodeBlock::bytecodeOffset):
      (JSC::ProgramCodeBlock::jettison):
      (JSC::EvalCodeBlock::jettison):
      (JSC::FunctionCodeBlock::jettison):
      (JSC::ProgramCodeBlock::jitCompileImpl):
      (JSC::EvalCodeBlock::jitCompileImpl):
      (JSC::FunctionCodeBlock::jitCompileImpl):
      * bytecode/CodeBlock.h:
      (JSC):
      (CodeBlock):
      (JSC::CodeBlock::baselineVersion):
      (JSC::CodeBlock::linkIncomingCall):
      (JSC::CodeBlock::bytecodeOffset):
      (JSC::CodeBlock::jitCompile):
      (JSC::CodeBlock::hasOptimizedReplacement):
      (JSC::CodeBlock::addPropertyAccessInstruction):
      (JSC::CodeBlock::addGlobalResolveInstruction):
      (JSC::CodeBlock::addLLIntCallLinkInfo):
      (JSC::CodeBlock::addGlobalResolveInfo):
      (JSC::CodeBlock::numberOfMethodCallLinkInfos):
      (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
      (JSC::CodeBlock::likelyToTakeSlowCase):
      (JSC::CodeBlock::couldTakeSlowCase):
      (JSC::CodeBlock::likelyToTakeSpecialFastCase):
      (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
      (JSC::CodeBlock::likelyToTakeAnySlowCase):
      (JSC::CodeBlock::addFrequentExitSite):
      (JSC::CodeBlock::dontJITAnytimeSoon):
      (JSC::CodeBlock::jitAfterWarmUp):
      (JSC::CodeBlock::jitSoon):
      (JSC::CodeBlock::llintExecuteCounter):
      (ProgramCodeBlock):
      (EvalCodeBlock):
      (FunctionCodeBlock):
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeFromLLInt):
      (JSC):
      (JSC::GetByIdStatus::computeFor):
      * bytecode/GetByIdStatus.h:
      (JSC::GetByIdStatus::GetByIdStatus):
      (JSC::GetByIdStatus::wasSeenInJIT):
      (GetByIdStatus):
      * bytecode/Instruction.h:
      (JSC):
      (JSC::Instruction::Instruction):
      (Instruction):
      * bytecode/LLIntCallLinkInfo.h: Added.
      (JSC):
      (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo):
      (LLIntCallLinkInfo):
      (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo):
      (JSC::LLIntCallLinkInfo::isLinked):
      (JSC::LLIntCallLinkInfo::unlink):
      * bytecode/MethodCallLinkStatus.cpp:
      (JSC::MethodCallLinkStatus::computeFor):
      * bytecode/Opcode.cpp:
      (JSC):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/PutByIdStatus.cpp:
      (JSC::PutByIdStatus::computeFromLLInt):
      (JSC):
      (JSC::PutByIdStatus::computeFor):
      * bytecode/PutByIdStatus.h:
      (PutByIdStatus):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveWithBase):
      (JSC::BytecodeGenerator::emitGetById):
      (JSC::BytecodeGenerator::emitPutById):
      (JSC::BytecodeGenerator::emitDirectPutById):
      (JSC::BytecodeGenerator::emitCall):
      (JSC::BytecodeGenerator::emitConstruct):
      (JSC::BytecodeGenerator::emitCatch):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOperations.cpp:
      * heap/Heap.h:
      (JSC):
      (JSC::Heap::firstAllocatorWithoutDestructors):
      (Heap):
      * heap/MarkStack.cpp:
      (JSC::visitChildren):
      * heap/MarkedAllocator.h:
      (JSC):
      (MarkedAllocator):
      * heap/MarkedSpace.h:
      (JSC):
      (MarkedSpace):
      (JSC::MarkedSpace::firstAllocator):
      * interpreter/CallFrame.cpp:
      (JSC):
      (JSC::CallFrame::bytecodeOffsetForNonDFGCode):
      (JSC::CallFrame::setBytecodeOffsetForNonDFGCode):
      (JSC::CallFrame::currentVPC):
      (JSC::CallFrame::setCurrentVPC):
      (JSC::CallFrame::trueCallerFrame):
      * interpreter/CallFrame.h:
      (JSC::ExecState::hasReturnPC):
      (JSC::ExecState::clearReturnPC):
      (ExecState):
      (JSC::ExecState::bytecodeOffsetForNonDFGCode):
      (JSC::ExecState::currentVPC):
      (JSC::ExecState::setCurrentVPC):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::Interpreter):
      (JSC::Interpreter::~Interpreter):
      (JSC):
      (JSC::Interpreter::initialize):
      (JSC::Interpreter::isOpcode):
      (JSC::Interpreter::unwindCallFrame):
      (JSC::getCallerInfo):
      (JSC::Interpreter::privateExecute):
      (JSC::Interpreter::retrieveLastCaller):
      * interpreter/Interpreter.h:
      (JSC):
      (Interpreter):
      (JSC::Interpreter::getOpcode):
      (JSC::Interpreter::getOpcodeID):
      (JSC::Interpreter::classicEnabled):
      * interpreter/RegisterFile.h:
      (JSC):
      (RegisterFile):
      * jit/ExecutableAllocator.h:
      (JSC):
      * jit/HostCallReturnValue.cpp: Added.
      (JSC):
      (JSC::getHostCallReturnValueWithExecState):
      * jit/HostCallReturnValue.h: Added.
      (JSC):
      (JSC::initializeHostCallReturnValue):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      (JSC::JIT::privateCompile):
      * jit/JITCode.h:
      (JSC::JITCode::isOptimizingJIT):
      (JITCode):
      (JSC::JITCode::isBaselineCode):
      (JSC::JITCode::JITCode):
      * jit/JITDriver.h:
      (JSC::jitCompileIfAppropriate):
      (JSC::jitCompileFunctionIfAppropriate):
      * jit/JITExceptions.cpp:
      (JSC::jitThrow):
      * jit/JITInlineMethods.h:
      (JSC::JIT::updateTopCallFrame):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC):
      * jit/JITStubs.h:
      (JSC):
      * jit/JSInterfaceJIT.h:
      * llint: Added.
      * llint/LLIntCommon.h: Added.
      * llint/LLIntData.cpp: Added.
      (LLInt):
      (JSC::LLInt::Data::Data):
      (JSC::LLInt::Data::performAssertions):
      (JSC::LLInt::Data::~Data):
      * llint/LLIntData.h: Added.
      (JSC):
      (LLInt):
      (Data):
      (JSC::LLInt::Data::exceptionInstructions):
      (JSC::LLInt::Data::opcodeMap):
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntEntrypoints.cpp: Added.
      (LLInt):
      (JSC::LLInt::getFunctionEntrypoint):
      (JSC::LLInt::getEvalEntrypoint):
      (JSC::LLInt::getProgramEntrypoint):
      * llint/LLIntEntrypoints.h: Added.
      (JSC):
      (LLInt):
      (JSC::LLInt::getEntrypoint):
      * llint/LLIntExceptions.cpp: Added.
      (LLInt):
      (JSC::LLInt::interpreterThrowInCaller):
      (JSC::LLInt::returnToThrowForThrownException):
      (JSC::LLInt::returnToThrow):
      (JSC::LLInt::callToThrow):
      * llint/LLIntExceptions.h: Added.
      (JSC):
      (LLInt):
      * llint/LLIntOfflineAsmConfig.h: Added.
      * llint/LLIntOffsetsExtractor.cpp: Added.
      (JSC):
      (LLIntOffsetsExtractor):
      (JSC::LLIntOffsetsExtractor::dummy):
      (main):
      * llint/LLIntSlowPaths.cpp: Added.
      (LLInt):
      (JSC::LLInt::llint_trace_operand):
      (JSC::LLInt::llint_trace_value):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::traceFunctionPrologue):
      (JSC::LLInt::shouldJIT):
      (JSC::LLInt::entryOSR):
      (JSC::LLInt::resolveGlobal):
      (JSC::LLInt::getByVal):
      (JSC::LLInt::handleHostCall):
      (JSC::LLInt::setUpCall):
      (JSC::LLInt::genericCall):
      * llint/LLIntSlowPaths.h: Added.
      (JSC):
      (LLInt):
      * llint/LLIntThunks.cpp: Added.
      (LLInt):
      (JSC::LLInt::generateThunkWithJumpTo):
      (JSC::LLInt::functionForCallEntryThunkGenerator):
      (JSC::LLInt::functionForConstructEntryThunkGenerator):
      (JSC::LLInt::functionForCallArityCheckThunkGenerator):
      (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
      (JSC::LLInt::evalEntryThunkGenerator):
      (JSC::LLInt::programEntryThunkGenerator):
      * llint/LLIntThunks.h: Added.
      (JSC):
      (LLInt):
      * llint/LowLevelInterpreter.asm: Added.
      * llint/LowLevelInterpreter.cpp: Added.
      * llint/LowLevelInterpreter.h: Added.
      * offlineasm: Added.
      * offlineasm/armv7.rb: Added.
      * offlineasm/asm.rb: Added.
      * offlineasm/ast.rb: Added.
      * offlineasm/backends.rb: Added.
      * offlineasm/generate_offset_extractor.rb: Added.
      * offlineasm/instructions.rb: Added.
      * offlineasm/offset_extractor_constants.rb: Added.
      * offlineasm/offsets.rb: Added.
      * offlineasm/opt.rb: Added.
      * offlineasm/parser.rb: Added.
      * offlineasm/registers.rb: Added.
      * offlineasm/self_hash.rb: Added.
      * offlineasm/settings.rb: Added.
      * offlineasm/transform.rb: Added.
      * offlineasm/x86.rb: Added.
      * runtime/CodeSpecializationKind.h: Added.
      (JSC):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::arityCheckFor):
      (CommonSlowPaths):
      * runtime/Executable.cpp:
      (JSC::jettisonCodeBlock):
      (JSC):
      (JSC::EvalExecutable::jitCompile):
      (JSC::samplingDescription):
      (JSC::EvalExecutable::compileInternal):
      (JSC::ProgramExecutable::jitCompile):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::FunctionExecutable::baselineCodeBlockFor):
      (JSC::FunctionExecutable::jitCompileForCall):
      (JSC::FunctionExecutable::jitCompileForConstruct):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
      * runtime/Executable.h:
      (JSC):
      (EvalExecutable):
      (ProgramExecutable):
      (FunctionExecutable):
      (JSC::FunctionExecutable::jitCompileFor):
      * runtime/ExecutionHarness.h: Added.
      (JSC):
      (JSC::prepareForExecution):
      (JSC::prepareFunctionForExecution):
      * runtime/JSArray.h:
      (JSC):
      (JSArray):
      * runtime/JSCell.h:
      (JSC):
      (JSCell):
      * runtime/JSFunction.h:
      (JSC):
      (JSFunction):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSC):
      (JSGlobalData):
      * runtime/JSGlobalObject.h:
      (JSC):
      (JSGlobalObject):
      * runtime/JSObject.h:
      (JSC):
      (JSObject):
      (JSFinalObject):
      * runtime/JSPropertyNameIterator.h:
      (JSC):
      (JSPropertyNameIterator):
      * runtime/JSString.h:
      (JSC):
      (JSString):
      * runtime/JSTypeInfo.h:
      (JSC):
      (TypeInfo):
      * runtime/JSValue.cpp:
      (JSC::JSValue::description):
      * runtime/JSValue.h:
      (LLInt):
      (JSValue):
      * runtime/JSVariableObject.h:
      (JSC):
      (JSVariableObject):
      * runtime/Options.cpp:
      (Options):
      (JSC::Options::initializeOptions):
      * runtime/Options.h:
      (Options):
      * runtime/ScopeChain.h:
      (JSC):
      (ScopeChainNode):
      * runtime/Structure.cpp:
      (JSC::Structure::addPropertyTransition):
      * runtime/Structure.h:
      (JSC):
      (Structure):
      * runtime/StructureChain.h:
      (JSC):
      (StructureChain):
      * wtf/InlineASM.h:
      * wtf/Platform.h:
      * wtf/SentinelLinkedList.h:
      (SentinelLinkedList):
      (WTF::SentinelLinkedList::isEmpty):
      * wtf/text/StringImpl.h:
      (JSC):
      (StringImpl):
      
      Source/WebCore: 
      
      Reviewed by Gavin Barraclough.
              
      No new tests, because there is no change in behavior.
      
      * CMakeLists.txt:
      
      Source/WebKit: 
      
      Reviewed by Gavin Barraclough.
      
      Changed EFL's build system to include a new directory in JavaScriptCore.
              
      * CMakeLists.txt:
      
      Tools: 
      
      Reviewed by Gavin Barraclough.
      
      Changed EFL's build system to include a new directory in JavaScriptCore.
      
      * DumpRenderTree/efl/CMakeLists.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108309 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      091129f4
  14. 10 Feb, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Split MarkedSpace into destructor and destructor-free subspaces · c2748329
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=77761
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject): Switched over to use destructor-free space.
      * heap/Heap.h:
      (JSC::Heap::allocatorForObjectWithoutDestructor): Added to give clients (e.g. the JIT) the ability to 
      pick which subspace they want to allocate out of.
      (JSC::Heap::allocatorForObjectWithDestructor): Ditto.
      (Heap):
      (JSC::Heap::allocateWithDestructor): Added private function for CellAllocator to use.
      (JSC):
      (JSC::Heap::allocateWithoutDestructor): Ditto.
      * heap/MarkedAllocator.cpp: Added the cellsNeedDestruction flag to allocators so that they can allocate 
      their MarkedBlocks correctly.
      (JSC::MarkedAllocator::allocateBlock):
      * heap/MarkedAllocator.h:
      (JSC::MarkedAllocator::cellsNeedDestruction):
      (MarkedAllocator):
      (JSC::MarkedAllocator::MarkedAllocator):
      (JSC):
      (JSC::MarkedAllocator::init): Replaced custom set functions, which were only used upon initialization, with
      an init function that does all of that stuff in fewer lines.
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::create):
      (JSC::MarkedBlock::recycle):
      (JSC::MarkedBlock::MarkedBlock):
      (JSC::MarkedBlock::callDestructor): Templatized, along with specializedSweep and sweepHelper, to make 
      checking the m_cellsNeedDestructor flag faster and cleaner looking.
      (JSC):
      (JSC::MarkedBlock::specializedSweep):
      (JSC::MarkedBlock::sweep):
      (JSC::MarkedBlock::sweepHelper):
      * heap/MarkedBlock.h:
      (MarkedBlock):
      (JSC::MarkedBlock::cellsNeedDestruction):
      (JSC):
      * heap/MarkedSpace.cpp:
      (JSC::MarkedSpace::MarkedSpace):
      (JSC::MarkedSpace::resetAllocators):
      (JSC::MarkedSpace::canonicalizeCellLivenessData):
      (JSC::TakeIfUnmarked::operator()):
      * heap/MarkedSpace.h:
      (MarkedSpace):
      (Subspace):
      (JSC::MarkedSpace::allocatorFor): Needed function to differentiate between the two broad subspaces of 
      allocators.
      (JSC):
      (JSC::MarkedSpace::destructorAllocatorFor): Ditto.
      (JSC::MarkedSpace::allocateWithoutDestructor): Ditto.
      (JSC::MarkedSpace::allocateWithDestructor): Ditto.
      (JSC::MarkedSpace::forEachBlock):
      * jit/JIT.h:
      * jit/JITInlineMethods.h: Modified to use the proper allocator for JSFinalObjects and others.
      (JSC::JIT::emitAllocateBasicJSObject):
      (JSC::JIT::emitAllocateJSFinalObject):
      (JSC::JIT::emitAllocateJSFunction):
      * runtime/JSArray.cpp:
      (JSC):
      * runtime/JSArray.h:
      (JSArray):
      (JSC::JSArray::create):
      (JSC):
      (JSC::JSArray::tryCreateUninitialized):
      * runtime/JSCell.h:
      (JSCell):
      (JSC):
      (NeedsDestructor): Template struct that calculates at compile time whether the class in question requires 
      destruction or not using the compiler type trait __has_trivial_destructor. allocateCell then checks this 
      constant to decide whether to allocate in the destructor or destructor-free parts of the heap.
      (JSC::allocateCell): 
      * runtime/JSFunction.cpp:
      (JSC):
      * runtime/JSFunction.h:
      (JSFunction):
      * runtime/JSObject.cpp:
      (JSC):
      * runtime/JSObject.h:
      (JSNonFinalObject):
      (JSC):
      (JSFinalObject):
      (JSC::JSFinalObject::create):
      
      Source/WebCore: 
      
      No new tests.
      
      * bindings/js/JSDOMWindowShell.cpp: Removed old operator new, which was just used in the create
      function so that we can use allocateCell instead.
      (WebCore):
      * bindings/js/JSDOMWindowShell.h:
      (WebCore::JSDOMWindowShell::create):
      (JSDOMWindowShell):
      * bindings/scripts/CodeGeneratorJS.pm: Added destructor back to root JS DOM nodes (e.g. JSNode, etc)
      because their destroy functions need to be called, so we don't want the NeedsDestructor struct to 
      think they don't need destruction due to having empty/trivial destructors.
      Removed ASSERT_HAS_TRIVIAL_DESTRUCTOR from all JS DOM wrapper auto-generated objects because their 
      ancestors now have non-trivial destructors. 
      (GenerateHeader):
      (GenerateImplementation):
      (GenerateConstructorDefinition):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@107445 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c2748329
  15. 03 Feb, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Build fix · ce85b93f
      mhahnenberg@apple.com authored
      Unreviewed build fix
      
      Forgot to add a couple files.
      
      * heap/MarkedAllocator.cpp: Added.
      (JSC):
      (JSC::MarkedAllocator::tryAllocateHelper):
      (JSC::MarkedAllocator::tryAllocate):
      (JSC::MarkedAllocator::allocateSlowCase):
      (JSC::MarkedAllocator::allocateBlock):
      (JSC::MarkedAllocator::addBlock):
      (JSC::MarkedAllocator::removeBlock):
      * heap/MarkedAllocator.h: Added.
      (JSC):
      (DFG):
      (MarkedAllocator):
      (JSC::MarkedAllocator::cellSize):
      (JSC::MarkedAllocator::heap):
      (JSC::MarkedAllocator::setHeap):
      (JSC::MarkedAllocator::setCellSize):
      (JSC::MarkedAllocator::setMarkedSpace):
      (JSC::MarkedAllocator::MarkedAllocator):
      (JSC::MarkedAllocator::allocate):
      (JSC::MarkedAllocator::reset):
      (JSC::MarkedAllocator::zapFreeList):
      (JSC::MarkedAllocator::forEachBlock):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@106677 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ce85b93f