1. 08 Jun, 2012 1 commit
    • ggaren@apple.com's avatar
      Unreviewed, rolling back in part1 of r118646. · 218a16a3
      ggaren@apple.com authored
      This patch includes everything necessary for lazy finalization, but
      keeps eager finalization enabled for the time being.
      
      Weak pointer finalization should be lazy
      https://bugs.webkit.org/show_bug.cgi?id=87599
      
      Reviewed by Sam Weinig.
      
      * heap/MarkedBlock.cpp:
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::resetAllocator):
      * heap/MarkedSpace.cpp:
      (JSC::MarkedSpace::resetAllocators):
      * heap/MarkedSpace.h:
      (JSC::MarkedSpace::resetAllocators): Don't force allocator reset anymore.
      It will happen automatically when a weak set is swept. It's simpler to
      have only one canonical way for this to happen, and it wasn't buying
      us anything to do it eagerly.
      * heap/WeakBlock.cpp:
      (JSC::WeakBlock::sweep): Don't short-circuit a sweep unless we know
      the sweep would be a no-op. If even one finalizer is pending, we need to
      run it, since we won't get another chance.
      * heap/WeakSet.cpp:
      (JSC::WeakSet::sweep): This loop can be simpler now that
      WeakBlock::sweep() does what we mean.
      Reset our allocator after a sweep because this is the optimal time to
      start trying to recycle old weak pointers.
      (JSC::WeakSet::tryFindAllocator): Don't sweep when searching for an
      allocator because we've swept already, and forcing a new sweep would be
      wasteful.
      * heap/WeakSet.h:
      (JSC::WeakSet::shrink): Be sure to reset our allocator after a shrink
      because the shrink may have removed the block the allocator was going to
      allocate out of.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@119878 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      218a16a3
  2. 04 Jun, 2012 1 commit
    • ggaren@apple.com's avatar
      Unreviewed. · 825cc10a
      ggaren@apple.com authored
      Rolled out r119364 because it's still causing crashes (when running
      v8-earley in release builds of DRT)
      
      This time for sure!
      
      * heap/Heap.cpp:
      (JSC::Heap::collect):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::sweep):
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::resetAllocator):
      (JSC):
      * heap/MarkedSpace.cpp:
      (JSC::ResetAllocator::operator()):
      (JSC):
      (JSC::MarkedSpace::resetAllocators):
      (JSC::MarkedSpace::sweepWeakSets):
      * heap/MarkedSpace.h:
      (MarkedSpace):
      * heap/WeakBlock.cpp:
      (JSC::WeakBlock::sweep):
      * heap/WeakSet.cpp:
      (JSC::WeakSet::sweep):
      (JSC::WeakSet::tryFindAllocator):
      * heap/WeakSet.h:
      (JSC::WeakSet::shrink):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@119453 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      825cc10a
  3. 03 Jun, 2012 1 commit
    • ggaren@apple.com's avatar
      Weak pointer finalization should be lazy · 02dec62d
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=87599
      
      Reviewed by Sam Weinig.
      
      This time for sure!
      
      * heap/Heap.cpp:
      (JSC::Heap::collect): Don't sweep eagerly -- we'll sweep lazily instead.
      
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::sweep): Sweep our weak set before we sweep our other
      destructors -- this is our last chance to run weak set finalizers before
      we recycle our memory.
      
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::resetAllocator):
      * heap/MarkedSpace.cpp:
      (JSC::MarkedSpace::resetAllocators):
      * heap/MarkedSpace.h:
      (JSC::MarkedSpace::resetAllocators): Don't force allocator reset anymore.
      It will happen automatically when a weak set is swept. It's simpler to
      have only one canonical way for this to happen, and it wasn't buying
      us anything to do it eagerly.
      
      * heap/WeakBlock.cpp:
      (JSC::WeakBlock::sweep): Don't short-circuit a sweep unless we know
      the sweep would be a no-op. If even one finalizer is pending, we need to
      run it, since we won't get another chance.
      
      * heap/WeakSet.cpp:
      (JSC::WeakSet::sweep): This loop can be simpler now that
      WeakBlock::sweep() does what we mean.
      
      Reset our allocator after a sweep because this is the optimal time to
      start trying to recycle old weak pointers.
      
      (JSC::WeakSet::tryFindAllocator): Don't sweep when searching for an
      allocator because we've swept already, and forcing a new sweep would be
      wasteful.
      
      * heap/WeakSet.h:
      (JSC::WeakSet::shrink): Be sure to reset our allocator after a shrink
      because the shrink may have removed the block the allocator was going to
      allocate out of.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@119364 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      02dec62d
  4. 24 May, 2012 1 commit
    • ggaren@apple.com's avatar
      Made WeakSet per-block instead of per-heap · 39281e26
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=87401
      
      Reviewed by Oliver Hunt.
      
      This allows us fast access to the set of all weak pointers for a block,
      which is a step toward lazy finalization.
      
      No performance change.
      
      * heap/Heap.cpp:
      (JSC::Heap::Heap):
      (JSC::Heap::lastChanceToFinalize): Removed the per-heap weak set, since
      it's per-block now.
      
      (JSC::Heap::markRoots): Delegate weak set visiting to the marked space,
      since it knows how to iterate all blocks.
      
      (JSC::Heap::collect): Moved the reaping outside of markRoots, since it
      doesn't mark anything.
      
      Make sure to reset allocators after shrinking, since shrinking may
      deallocate the current allocator.
      
      * heap/Heap.h:
      (Heap): No more per-heap weak set, since it's per-block now.
      
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::MarkedBlock):
      * heap/MarkedBlock.h:
      (MarkedBlock):
      (JSC::MarkedBlock::lastChanceToFinalize): Migrated finalization logic
      here from the heap, so the heap doesn't need to know about our internal
      data structures like our weak set.
      
      (JSC::MarkedBlock::heap):
      (JSC::MarkedBlock::weakSet):
      (JSC::MarkedBlock::shrink):
      (JSC::MarkedBlock::resetAllocator):
      (JSC::MarkedBlock::visitWeakSet):
      (JSC::MarkedBlock::reapWeakSet):
      (JSC::MarkedBlock::sweepWeakSet):
      * heap/MarkedSpace.cpp:
      (JSC::VisitWeakSet::VisitWeakSet):
      (JSC::VisitWeakSet::operator()):
      (VisitWeakSet):
      (JSC):
      (JSC::ReapWeakSet::operator()):
      (JSC::SweepWeakSet::operator()):
      (JSC::LastChanceToFinalize::operator()):
      (JSC::MarkedSpace::lastChanceToFinalize):
      (JSC::ResetAllocator::operator()):
      (JSC::MarkedSpace::resetAllocators):
      (JSC::MarkedSpace::visitWeakSets):
      (JSC::MarkedSpace::reapWeakSets):
      (JSC::MarkedSpace::sweepWeakSets):
      (JSC::Shrink::operator()):
      (JSC::MarkedSpace::shrink):
      * heap/MarkedSpace.h:
      (MarkedSpace): Make sure to account for our weak sets when sweeping,
      shrinking, etc.
      
      * heap/WeakSet.cpp:
      (JSC):
      * heap/WeakSet.h:
      (WeakSet):
      (JSC::WeakSet::heap):
      (JSC):
      (JSC::WeakSet::lastChanceToFinalize):
      (JSC::WeakSet::visit):
      (JSC::WeakSet::reap):
      (JSC::WeakSet::shrink):
      (JSC::WeakSet::resetAllocator): Inlined some things since they're called
      once per block now instead of once per heap.
      
      * heap/WeakSetInlines.h:
      (JSC::WeakSet::allocate): Use the per-block weak set since there is no
      per-heap weak set anymore.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@118416 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      39281e26
  5. 23 May, 2012 3 commits
    • ggaren@apple.com's avatar
      Refactored WeakBlock to use malloc, clarify behavior · 7070d420
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=87318
      
      Reviewed by Filip Pizlo.
      
      We want to use malloc so we can make these smaller than 4KB,
      since an individual MarkedBlock will usually have fewer than
      4KB worth of weak pointers.
      
      * heap/Heap.cpp:
      (JSC::Heap::markRoots): Renamed visitLiveWeakImpls to visit, since
      we no longer need to distinguish from "visitDeadWeakImpls".
      
      Renamed "visitDeadWeakImpls" to "reap" because we're not actually
      doing any visiting -- we're just tagging things as dead.
      
      * heap/WeakBlock.cpp:
      (JSC::WeakBlock::create):
      (JSC::WeakBlock::destroy):
      (JSC::WeakBlock::WeakBlock): Malloc!
      
      (JSC::WeakBlock::visit):
      (JSC::WeakBlock::reap): Renamed as above.
      
      * heap/WeakBlock.h:
      (WeakBlock): Reduced to 3KB, as explained above.
      
      * heap/WeakSet.cpp:
      (JSC::WeakSet::visit):
      (JSC::WeakSet::reap):
      * heap/WeakSet.h:
      (WeakSet): Updated for renames, and to match WebKit style.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@118269 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7070d420
    • ggaren@apple.com's avatar
      Refactored heap tear-down to use normal value semantics (i.e., destructors) · 96fa0e7e
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=87302
      
      Reviewed by Oliver Hunt.
      
      This is a step toward incremental DOM finalization.
      
      * heap/CopiedSpace.cpp:
      (JSC::CopiedSpace::~CopiedSpace):
      * heap/CopiedSpace.h:
      (CopiedSpace): Just use our destructor, instead of relying on the heap
      to send us a special message at a special time.
      
      * heap/Heap.cpp:
      (JSC::Heap::Heap): Use OwnPtr for m_markListSet because this is not Sparta.
      
      (JSC::Heap::~Heap): No need for delete or freeAllBlocks because normal
      destructors do this work automatically now.
      
      (JSC::Heap::lastChanceToFinalize): Just call lastChanceToFinalize on our
      sub-objects, and assume it does the right thing. This improves encapsulation,
      so we can add items requiring finalization to our sub-objects.
      
      * heap/Heap.h: Moved m_blockAllocator to get the right destruction order.
      
      * heap/MarkedSpace.cpp:
      (Take):
      (JSC):
      (JSC::Take::Take):
      (JSC::Take::operator()):
      (JSC::Take::returnValue): Moved to the top of the file so it can be used
      in another function.
      
      (JSC::MarkedSpace::~MarkedSpace): Delete all outstanding memory, like a good
      destructor should.
      
      (JSC::MarkedSpace::lastChanceToFinalize): Moved some code here from the heap,
      since it pertains to our internal implementation details.
      
      * heap/MarkedSpace.h:
      (MarkedSpace):
      * heap/WeakBlock.cpp:
      (JSC::WeakBlock::lastChanceToFinalize):
      * heap/WeakBlock.h:
      (WeakBlock):
      * heap/WeakSet.cpp:
      (JSC::WeakSet::lastChanceToFinalize):
      * heap/WeakSet.h:
      (WeakSet): Stop using a special freeAllBlocks() callback and just implement
      lastChanceToFinalize.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@118238 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      96fa0e7e
    • ggaren@apple.com's avatar
      Encapsulated some calculations for whether portions of the heap are empty · d6376d2b
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=87210
      
      Reviewed by Gavin Barraclough.
      
      This is a step toward incremental DOM finalization.
      
      * heap/Heap.cpp:
      (JSC::Heap::~Heap): Explicitly call freeAllBlocks() instead of relying
      implicitly on all blocks thinking they're empty. In future, we may
      choose to tear down the heap without first setting all data structures
      to "empty".
      
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::isEmpty):
      (JSC::MarkedBlock::gatherDirtyCells): Renamed markCountIsZero to isEmpty,
      in preparation for making it check for outstanding finalizers in addition
      to marked cells.
      
      * heap/MarkedSpace.cpp:
      (Take):
      (JSC::Take::Take):
      (JSC::Take::operator()):
      (JSC::Take::returnValue):
      (JSC::MarkedSpace::shrink):
      (JSC::MarkedSpace::freeAllBlocks): Refactored the "Take" functor to support
      a conditional isEmpty check, so it dould be shared by shrink() and freeAllBlocks().
      
      * heap/WeakBlock.cpp:
      (JSC::WeakBlock::WeakBlock):
      (JSC::WeakBlock::visitLiveWeakImpls):
      (JSC::WeakBlock::visitDeadWeakImpls):
      * heap/WeakBlock.h:
      (WeakBlock):
      (JSC::WeakBlock::isEmpty):
      * heap/WeakSet.cpp:
      (JSC::WeakSet::sweep):
      (JSC::WeakSet::shrink): Use isEmpty(), in preparation for changes in
      its implementation.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@118210 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d6376d2b
  6. 27 Apr, 2012 1 commit
    • ggaren@apple.com's avatar
      Stop using aligned allocation for WeakBlock · 87daa5c7
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=85124
      
      Reviewed by Anders Carlsson.
      
      We don't actually use the alignment for anything.
      
      * heap/WeakBlock.cpp:
      (JSC::WeakBlock::create):
      (JSC::WeakBlock::WeakBlock): Switched from aligned allocation to regular
      allocation.
      
      * heap/WeakBlock.h:
      (WeakBlock): Don't use HeapBlock because HeapBlock requires aligned
      allocation. This change required me to add some declarations that we used
      to inherit from HeapBlock.
      
      (WeakBlock::blockFor): Removed. This function relied on aligned allocation
      but didn't do anything for us.
      
      (WeakBlock::deallocate): Removed. WeakBlock doesn't own any of the deallocation
      logic, so it shouldn't own the function.
      
      * heap/WeakSet.cpp:
      (JSC::WeakSet::~WeakSet):
      (JSC::WeakSet::finalizeAll):
      (JSC::WeakSet::visitLiveWeakImpls):
      (JSC::WeakSet::visitDeadWeakImpls):
      (JSC::WeakSet::sweep):
      (JSC::WeakSet::shrink):
      (JSC::WeakSet::resetAllocator):
      (JSC::WeakSet::tryFindAllocator):
      * heap/WeakSet.h:
      (WeakSet): Updated declarations to reflect WeakBlock not inheriting from
      HeapBlock. This allowed me to remove some casts, which was nice.
      
      (JSC::WeakSet::deallocate): Directly set the deallocated flag instead of
      asking WeakBlock to do it for us.  We don't need to have a WeakBlock
      pointer to set the flag, so stop asking for one.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@115538 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      87daa5c7
  7. 26 Apr, 2012 1 commit
  8. 24 Apr, 2012 1 commit
  9. 19 Apr, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      We're collecting pathologically due to small allocations · 8b5cfd3b
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=84404
      
      Reviewed by Geoffrey Garen.
      
      No change in performance on run-jsc-benchmarks.
      
      * dfg/DFGSpeculativeJIT.h: Replacing m_firstFreeCell with m_freeList.
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
      * heap/CopiedSpace.cpp: Getting rid of any water mark related stuff, since it's no 
      longer useful. 
      (JSC::CopiedSpace::CopiedSpace):
      (JSC::CopiedSpace::tryAllocateSlowCase): We now only call didAllocate here rather than 
      carrying out a somewhat complicated accounting job for our old water mark throughout CopiedSpace.
      (JSC::CopiedSpace::tryAllocateOversize):  Call the new didAllocate to notify the Heap of 
      newly allocated stuff.
      (JSC::CopiedSpace::tryReallocateOversize):
      (JSC::CopiedSpace::doneFillingBlock):
      (JSC::CopiedSpace::doneCopying):
      (JSC::CopiedSpace::destroy):
      * heap/CopiedSpace.h:
      (CopiedSpace):
      * heap/CopiedSpaceInlineMethods.h:
      (JSC::CopiedSpace::startedCopying):
      * heap/Heap.cpp: Removed water mark related stuff, replaced with new bytesAllocated and 
      bytesAllocatedLimit to track how much memory has been allocated since the last collection.
      (JSC::Heap::Heap):
      (JSC::Heap::reportExtraMemoryCostSlowCase):
      (JSC::Heap::collect): We now set the new limit of bytes that we can allocate before triggering 
      a collection to be the size of the Heap after the previous collection. Thus, we still have our 
      2x allocation amount.
      (JSC::Heap::didAllocate): Notifies the GC activity timer of how many bytes have been allocated 
      thus far and then adds the new number of bytes to the current total.
      (JSC):
      * heap/Heap.h: Removed water mark related stuff.
      (JSC::Heap::notifyIsSafeToCollect):
      (Heap):
      (JSC::Heap::shouldCollect):
      (JSC):
      * heap/MarkedAllocator.cpp: 
      (JSC::MarkedAllocator::tryAllocateHelper): Refactored to use MarkedBlock's new FreeList struct.
      (JSC::MarkedAllocator::allocateSlowCase):
      (JSC::MarkedAllocator::addBlock):
      * heap/MarkedAllocator.h: 
      (MarkedAllocator):
      (JSC::MarkedAllocator::MarkedAllocator):
      (JSC::MarkedAllocator::allocate): 
      (JSC::MarkedAllocator::zapFreeList): Refactored to take in a FreeList instead of a FreeCell.
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::specializedSweep):
      (JSC::MarkedBlock::sweep):
      (JSC::MarkedBlock::sweepHelper):
      (JSC::MarkedBlock::zapFreeList):
      * heap/MarkedBlock.h:
      (FreeList): Added a new struct that keeps track of the current MarkedAllocator's
      free list including the number of bytes of stuff in the free list so that when the free list is 
      exhausted, the correct amount can be reported to Heap.
      (MarkedBlock):
      (JSC::MarkedBlock::FreeList::FreeList):
      (JSC):
      * heap/MarkedSpace.cpp: Removing all water mark related stuff.
      (JSC::MarkedSpace::MarkedSpace):
      (JSC::MarkedSpace::resetAllocators):
      * heap/MarkedSpace.h:
      (MarkedSpace):
      (JSC):
      * heap/WeakSet.cpp:
      (JSC::WeakSet::findAllocator): Refactored to use the didAllocate interface with the Heap. This 
      function still needs work though now that the Heap knows how many bytes have been allocated 
      since the last collection.
      * jit/JITInlineMethods.h: Refactored to use MarkedBlock's new FreeList struct.
      (JSC::JIT::emitAllocateBasicJSObject): Ditto.
      * llint/LowLevelInterpreter.asm: Ditto.
      * runtime/GCActivityCallback.cpp: 
      (JSC::DefaultGCActivityCallback::didAllocate): 
      * runtime/GCActivityCallback.h:
      (JSC::GCActivityCallback::didAllocate): Renamed willAllocate to didAllocate to indicate that 
      the allocation that is being reported has already taken place.
      (DefaultGCActivityCallback):
      * runtime/GCActivityCallbackCF.cpp:
      (JSC):
      (JSC::DefaultGCActivityCallback::didAllocate): Refactored to return early if the amount of 
      allocation since the last collection is not above a threshold (initially arbitrarily chosen to 
      be 128KB). 
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@114698 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8b5cfd3b
  10. 06 Apr, 2012 1 commit
    • ggaren@apple.com's avatar
      Renamed · 61b97001
      ggaren@apple.com authored
              WeakHeap => WeakSet
              HandleHeap => HandleSet
      
      Reviewed by Sam Weinig.
      
      These sets do have internal allocators, but it's confusing to call them
      heaps because they're sub-objects of an object called "heap".
      
      * heap/HandleHeap.cpp: Removed.
      * heap/HandleHeap.h: Removed.
      * heap/HandleSet.cpp: Copied from JavaScriptCore/heap/HandleHeap.cpp.
      * heap/WeakHeap.cpp: Removed.
      * heap/WeakHeap.h: Removed.
      * heap/WeakSet.cpp: Copied from JavaScriptCore/heap/WeakHeap.cpp.
      * heap/WeakSet.h: Copied from JavaScriptCore/heap/WeakHeap.h.
      
      Plus global rename using grep.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@113508 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      61b97001
  11. 03 Apr, 2012 1 commit
    • ggaren@apple.com's avatar
      First step toward incremental Weak<T> finalization · 76215811
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=82670
      
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore: 
      
      This patch implements a Weak<T> heap that is compatible with incremental
      finalization, while making as few behavior changes as possible. The behavior
      changes it makes are:
      
      (*) Weak<T>'s raw JSValue no longer reverts to JSValue() automatically --
      instead, a separate flag indicates that the JSValue is no longer valid.
      (This is required so that the JSValue can be preserved for later finalization.)
      Objects dealing with WeakImpls directly must change to check the flag.
      
      (*) Weak<T> is no longer a subclass of Handle<T>.
      
      (*) DOM GC performance is different -- 9% faster in the geometric mean,
      but 15% slower in one specific case:
              gc-dom1.html: 6%  faster
              gc-dom2.html: 23% faster
              gc-dom3.html: 17% faster
              gc-dom4.html: 15% *slower*
      
      The key features of this new heap are:
      
      (*) Each block knows its own state, independent of any other blocks.
      
      (*) Each block caches its own sweep result.
      
      (*) The heap visits dead Weak<T>s at the end of GC. (It doesn't
      mark them yet, since that would be a behavior change.)
      
      * API/JSCallbackObject.cpp:
      (JSC::JSCallbackObjectData::finalize):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::init): Updated to use the new WeakHeap API.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri: Paid the build system tax since I added some new files.
      
      * heap/Handle.h: Made WeakBlock a friend and exposed slot() as public,
      so we can keep passing a Handle<T> to finalizers, to avoid more surface
      area change in this patch. A follow-up patch should change the type we
      pass to finalizers.
      
      * heap/HandleHeap.cpp:
      (JSC):
      (JSC::HandleHeap::writeBarrier):
      (JSC::HandleHeap::isLiveNode):
      * heap/HandleHeap.h:
      (JSC):
      (HandleHeap):
      (Node):
      (JSC::HandleHeap::Node::Node): Removed all code related to Weak<T>, since
      we have a separate WeakHeap now.
      
      * heap/Heap.cpp:
      (JSC::Heap::Heap): Removed m_extraCost because extra cost is accounted
      for through our watermark now. Removed m_waterMark because it was unused.
      
      (JSC::Heap::destroy): Updated for addition of WeakHeap.
      
      (JSC::Heap::reportExtraMemoryCostSlowCase): Changed from using its own
      variable to participating in the watermark strategy. I wanted to standardize
      WeakHeap and all other Heap clients on this strategy, to make sure it's
      accurate.
       
      (JSC::Heap::markRoots): Updated for addition of WeakHeap. Added WeakHeap
      dead visit pass, as explained above.
      
      (JSC::Heap::collect):
      (JSC::Heap::resetAllocators): Updated for addition of WeakHeap.
      
      (JSC::Heap::addFinalizer):
      (JSC::Heap::FinalizerOwner::finalize): Updated for new Weak<T> API.
      
      * heap/Heap.h:
      (JSC::Heap::weakHeap):
      (Heap):
      (JSC::Heap::addToWaterMark): Added a way to participate in the watermarking
      strategy, since this is the best way for WeakHeap to report its memory
      cost. (I plan to update this in a follow-up patch to make it more accurate,
      but for now it is not less accurate than it used to be.)
      
      * heap/MarkedSpace.cpp:
      (JSC::MarkedSpace::MarkedSpace):
      (JSC::MarkedSpace::resetAllocators):
      * heap/MarkedSpace.h:
      (MarkedSpace):
      (JSC::MarkedSpace::addToWaterMark):
      (JSC::MarkedSpace::didConsumeFreeList): Removed m_nurseryWaterMark because
      it was unused, and I didn't want to update WeakHeap to keep an usused
      variable working. Added API for above.
      
      * heap/PassWeak.h:
      (JSC):
      (WeakImplAccessor):
      (PassWeak):
      (JSC::::operator):
      (JSC::::get):
      (JSC::::was):
      (JSC::::PassWeak):
      (JSC::::~PassWeak):
      (JSC::UnspecifiedBoolType):
      (JSC::::leakImpl):
      (JSC::adoptWeak):
      * heap/Strong.h:
      (JSC::Strong::operator!):
      (Strong):
      (JSC::Strong::operator UnspecifiedBoolType*):
      (JSC::Strong::get):
      * heap/Weak.h:
      (Weak):
      (JSC::::Weak):
      (JSC):
      (JSC::::isHashTableDeletedValue):
      (JSC::::~Weak):
      (JSC::::swap):
      (JSC::=):
      (JSC::::operator):
      (JSC::UnspecifiedBoolType):
      (JSC::::release):
      (JSC::::clear):
      (JSC::::hashTableDeletedValue): Lots of code changes here, but they boil
      down to two things:
      
      (*) Allocate WeakImpls from the WeakHeap instead of Handles from the HandleHeap.
      
      (*) Explicitly check WeakImpl::state() for non-liveness before returning
      a value (explained above).
      
      These files implement the new Weak<T> heap behavior described above:
      
      * heap/WeakBlock.cpp: Added.
      * heap/WeakBlock.h: Added.
      * heap/WeakHandleOwner.cpp: Added.
      * heap/WeakHandleOwner.h: Added.
      * heap/WeakHeap.cpp: Added.
      * heap/WeakHeap.h: Added.
      * heap/WeakImpl.h: Added.
      
      One interesting difference from the old heap is that we don't allow
      clients to overwrite a WeakImpl after allocating it, and we don't recycle
      WeakImpls prior to garbage collection. This is required for lazy finalization,
      but it will also help us esablish a useful invariant in the future: allocating
      a WeakImpl will be a binding contract to run a finalizer at some point in the
      future, even if the WeakImpl is later deallocated.
      
      * jit/JITStubs.cpp:
      (JSC::JITThunks::hostFunctionStub): Check the Weak<T> for ! instead of
      its JSValue, since that's our API contract now, and the JSValue might
      be stale.
      
      * runtime/JSCell.h:
      (JSC::jsCast): Allow casting NULL pointers because it's useful and harmless.
      
      * runtime/Structure.cpp:
      (JSC::StructureTransitionTable::add): I can't remember why I did this.
      
      * runtime/StructureTransitionTable.h:
      * runtime/WeakGCMap.h: I had to update these classes because they allocate
      and deallocate weak pointers manually. They should probably stop doing that.
      
      Source/WebCore: 
      
      Updated WebCore for Weak<T> API changes.
      
      * bindings/js/DOMWrapperWorld.cpp:
      (WebCore::JSStringOwner::finalize): We're not allowed to get() a dead Weak<T>
      anymore, so use the debug-only was() helper function instead.
      
      * bindings/js/JSDOMBinding.h:
      (WebCore::uncacheWrapper): Ditto.
      
      * bindings/js/JSNodeCustom.h:
      (WebCore::setInlineCachedWrapper):
      (WebCore::clearInlineCachedWrapper): We're not allowed to get() a dead
      Weak<T>, so I had to push down these ASSERTs into ScriptWrappable.
      
      * bindings/js/JSNodeFilterCondition.cpp:
      (WebCore::JSNodeFilterCondition::acceptNode): Updated for non-Handle-ness
      of Weak<T>.
      
      * bindings/js/ScriptWrappable.h:
      (WebCore::ScriptWrappable::setWrapper):
      (WebCore::ScriptWrappable::clearWrapper): Use was(), as above.
      
      Source/WebKit2: 
      
      Updated for API change.
      
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::finalize):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@113141 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      76215811