1. 28 Nov, 2007 1 commit
    • mjs@apple.com's avatar
      JavaScriptCore: · d342e879
      mjs@apple.com authored
              Reviewed by Darin and Geoff.
      
              - Fixed "Stack overflow crash in JavaScript garbage collector mark pass"
              http://bugs.webkit.org/show_bug.cgi?id=12216
              
              Implement mark stack. This version is not suitable for prime time because it makes a
              huge allocation on every collect, and potentially makes marking of detached subtrees
              slow. But it is an 0.4% SunSpider speedup even without much tweaking.
              
              The basic approach is to replace mark() methods with
              markChildren(MarkStack&) methods. Reachable references are pushed
              onto a mark stack (which encapsulates ignoring already-marked
              references). 
              
              Objects are no longer responsible for actually setting their own
              mark bits, the collector does that. This means that for objects on
              the number heap we don't have to call markChildren() at all since
              we know there aren't any.
              
              The mark phase of collect pushes roots onto the mark stack
              and drains it as often as possible.
              
              To make this approach viable requires a constant-size mark stack
              and a slow fallback approach for when the stack size is exceeded,
              plus optimizations to make the required stack small in common
              cases. This should be doable.
      
              * JavaScriptCore.exp: Export new symbols.
              * JavaScriptCore.xcodeproj/project.pbxproj: Add new file.
              * kjs/collector.cpp:
              (KJS::Collector::heapAllocate):
              (KJS::drainMarkStack): Helper for all of the below.
              (KJS::Collector::markStackObjectsConservatively): Use mark stack.
              (KJS::Collector::markCurrentThreadConservatively): ditto
              (KJS::Collector::markOtherThreadConservatively): ditto
              (KJS::Collector::markProtectedObjects): ditto
              (KJS::Collector::markMainThreadOnlyObjects): ditto
              (KJS::Collector::collect): ditto
              * kjs/collector.h:
              (KJS::Collector::cellMayHaveRefs): Helper for MarkStack.
      
              * kjs/MarkStack.h: Added. The actual mark stack implementation.
              (KJS::MarkStack::push):
              (KJS::MarkStack::pushAtom):
              (KJS::MarkStack::pop):
              (KJS::MarkStack::isEmpty):
              (KJS::MarkStack::reserveCapacity):
      
              Changed mark() methods to markChildren() methods:
              
              * kjs/ExecState.cpp:
              (KJS::ExecState::markChildren):
              * kjs/ExecState.h:
              * kjs/JSWrapperObject.cpp:
              (KJS::JSWrapperObject::markChildren):
              * kjs/JSWrapperObject.h:
              * kjs/array_instance.cpp:
              (KJS::ArrayInstance::markChildren):
              * kjs/array_instance.h:
              * kjs/bool_object.cpp:
              (BooleanInstance::markChildren):
              * kjs/bool_object.h:
              * kjs/error_object.cpp:
              * kjs/error_object.h:
              * kjs/function.cpp:
              (KJS::FunctionImp::markChildren):
              (KJS::Arguments::Arguments):
              (KJS::Arguments::markChildren):
              (KJS::ActivationImp::markChildren):
              * kjs/function.h:
              * kjs/internal.cpp:
              (KJS::GetterSetterImp::markChildren):
              * kjs/interpreter.cpp:
              (KJS::Interpreter::markRoots):
              * kjs/interpreter.h:
              * kjs/list.cpp:
              (KJS::List::markProtectedListsSlowCase):
              * kjs/list.h:
              (KJS::List::markProtectedLists):
              * kjs/object.cpp:
              (KJS::JSObject::markChildren):
              * kjs/object.h:
              (KJS::ScopeChain::markChildren):
              * kjs/property_map.cpp:
              (KJS::PropertyMap::markChildren):
              * kjs/property_map.h:
              * kjs/scope_chain.h:
              * kjs/string_object.cpp:
              (KJS::StringInstance::markChildren):
              * kjs/string_object.h:
      
      JavaScriptGlue:
      
              Reviewed by Darin and Geoff.
      
              Fixups for JavaScriptCore mark stack.
      
              * JSObject.cpp:
              (JSUserObject::Mark):
              * JSObject.h:
              * JSValueWrapper.cpp:
              (JSValueWrapper::JSObjectMark):
              * JSValueWrapper.h:
              * UserObjectImp.cpp:
              * UserObjectImp.h:
      
      WebCore:
      
              Reviewed by Darin and Geoff.
      
              Implement mark stack. This version is not suitable for prime time because it makes a
              huge allocation on every collect, and potentially makes marking of detached subtrees
              slow. But it is a .2% - .4% speedup even without much tweaking.
      
              I replaced mark() methods with markChildren() as usual. One
              optimization that is lost is avoiding walking detached DOM
              subtrees more than once to mark them; since marking is not
              recursive there's no obvious way to bracket operation on the tree
              any more.
      
              * bindings/js/JSDocumentCustom.cpp:
              (WebCore::JSDocument::markChildren):
              * bindings/js/JSNodeCustom.cpp:
              (WebCore::JSNode::markChildren):
              * bindings/js/JSNodeFilterCondition.cpp:
              * bindings/js/JSNodeFilterCondition.h:
              * bindings/js/JSNodeFilterCustom.cpp:
              (WebCore::JSNodeFilter::markChildren):
              * bindings/js/JSNodeIteratorCustom.cpp:
              (WebCore::JSNodeIterator::markChildren):
              * bindings/js/JSTreeWalkerCustom.cpp:
              (WebCore::JSTreeWalker::markChildren):
              * bindings/js/JSXMLHttpRequest.cpp:
              (KJS::JSXMLHttpRequest::markChildren):
              * bindings/js/JSXMLHttpRequest.h:
              * bindings/js/kjs_binding.cpp:
              (KJS::ScriptInterpreter::markDOMNodesForDocument):
              * bindings/js/kjs_binding.h:
              * bindings/js/kjs_events.cpp:
              (WebCore::JSUnprotectedEventListener::markChildren):
              * bindings/js/kjs_events.h:
              * bindings/js/kjs_window.cpp:
              (KJS::Window::markChildren):
              * bindings/js/kjs_window.h:
              * bindings/scripts/CodeGeneratorJS.pm:
              * dom/Node.cpp:
              (WebCore::Node::Node):
              * dom/Node.h:
              * dom/NodeFilter.h:
              * dom/NodeFilterCondition.h:
      
      LayoutTests:
      
              Not reviewed.
              
              - Test cases for "Stack overflow crash in JavaScript garbage collector mark pass"
              http://bugs.webkit.org/show_bug.cgi?id=12216
      
              I have fixed this with the mark stack work.
              
              * fast/js/gc-breadth-2-expected.txt: Added.
              * fast/js/gc-breadth-2.html: Added.
              * fast/js/gc-breadth-expected.txt: Added.
              * fast/js/gc-breadth.html: Added.
              * fast/js/gc-depth-expected.txt: Added.
              * fast/js/gc-depth.html: Added.
              * fast/js/resources/gc-breadth-2.js: Added.
              * fast/js/resources/gc-breadth.js: Added.
              * fast/js/resources/gc-depth.js: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@28106 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d342e879
  2. 12 Nov, 2007 1 commit
  3. 05 Nov, 2007 1 commit
    • ggaren's avatar
      JavaScriptCore: · 879ab75a
      ggaren authored
              Reviewed by Darin Adler.
              
              http://bugs.webkit.org/show_bug.cgi?id=15835
      
              Switched List implementation from a custom heap allocator to an inline
              Vector, for a disappointing .5% SunSpider speedup.
              
              Also renamed List::slice to List::getSlice because "get" is the 
              conventional prefix for functions returning a value through an out 
              parameter.
      
              * kjs/array_object.cpp:
              (KJS::ArrayProtoFunc::callAsFunction): Removed some redundant function
              calls and memory accesses.
      
              * kjs/bool_object.cpp:
              (BooleanObjectImp::construct): Removed questionable use of iterator.
      
              * kjs/list.cpp:
              * kjs/list.h: New List class, implemented in terms of Vector. Two 
              interesting differences:
                  1. The inline capacity is 8, not 5. Many of the Lists constructed 
                  during a SunSpider run are larger than 5; almost none are larger
                  than 8.
      
                  2. The growth factor is 4, not 2. Since we can guarantee that Lists
                  aren't long-lived, we can grow them more aggressively, to avoid
                  excessive copying.
      
              * kjs/regexp_object.cpp:
              (RegExpObjectImp::construct): Removed redundant function calls.
      
              * kjs/string_object.cpp:
              (KJS::StringObjectImp::construct): Removed questionable use of iterator.
      
              * wtf/Vector.h:
              (WTF::::uncheckedAppend): Added a fast, unchecked version of append.
      
      WebCore:
      
              Reviewed by Darin Adler.
              
              http://bugs.webkit.org/show_bug.cgi?id=15835
      
              Small adaptations to new KJS::List class.
      
              * bindings/js/kjs_window.cpp:
              (KJS::WindowFunc::callAsFunction):
              (KJS::ScheduledAction::ScheduledAction):
      
      WebKit:
      
              Reviewed by Darin Adler.
              
              http://bugs.webkit.org/show_bug.cgi?id=15835
      
              Small adaptations to new KJS::List class.
      
              * ForwardingHeaders/kjs/value.h: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@27448 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      879ab75a
  4. 03 Nov, 2007 1 commit
    • weinig@apple.com's avatar
      JavaScriptCore: · a845d282
      weinig@apple.com authored
              Reviewed by Oliver.
      
              Remove dummy variable from ClassInfo reducing the size of the struct by 1 word.
              The variable had been kept around for binary compatibility, but since nothing
              else is there is no point in continuing to keep it around.
      
              * API/JSCallbackConstructor.cpp:
              (KJS::):
              * API/JSCallbackFunction.cpp:
              (KJS::):
              * API/JSCallbackObject.cpp:
              (KJS::):
              * bindings/objc/objc_runtime.mm:
              * bindings/runtime_array.cpp:
              * bindings/runtime_object.cpp:
              * kjs/array_instance.cpp:
              (KJS::):
              * kjs/array_object.cpp:
              (KJS::):
              * kjs/bool_object.cpp:
              * kjs/date_object.cpp:
              (KJS::):
              * kjs/error_object.cpp:
              * kjs/function.cpp:
              (KJS::):
              * kjs/internal.cpp:
              (KJS::):
              * kjs/lookup.h:
              * kjs/math_object.cpp:
              * kjs/number_object.cpp:
              * kjs/object.h:
              * kjs/regexp_object.cpp:
              * kjs/string_object.cpp:
              (KJS::):
      
      WebCore:
      
              Reviewed by Oliver.
      
              Remove dummy variable from ClassInfo reducing the size of the struct by 1 word.
              The variable had been kept around for binary compatibility, but since nothing
              else is there is no point in continuing to keep it around.
      
              * bindings/js/JSDOMExceptionConstructor.cpp:
              (WebCore::):
              * bindings/js/JSHTMLInputElementBase.cpp:
              (WebCore::):
              * bindings/js/JSNamedNodesCollection.cpp:
              (WebCore::):
              * bindings/js/JSXMLHttpRequest.cpp:
              (KJS::):
              * bindings/js/JSXSLTProcessor.cpp:
              (KJS::):
              * bindings/js/kjs_css.cpp:
              (WebCore::):
              * bindings/js/kjs_events.cpp:
              (WebCore::):
              * bindings/js/kjs_navigator.cpp:
              (KJS::):
              * bindings/js/kjs_window.cpp:
              (KJS::):
              * bindings/scripts/CodeGeneratorJS.pm:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@27413 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a845d282
  5. 02 Nov, 2007 1 commit
    • darin@apple.com's avatar
      JavaScriptCore: · 387d7a0e
      darin@apple.com authored
              Reviewed by Maciej.
      
              - http://bugs.webkit.org/show_bug.cgi?id=15807
                HashMap needs a take() function that combines get and remove
      
              * wtf/HashMap.h: Added take function. Simplistic implementation for now,
              but still does only one hash table lookup.
      
              * kjs/array_instance.cpp: (KJS::ArrayInstance::put): Use take rather than
              a find followed by a remove.
      
      WebCore:
      
              Reviewed by Maciej.
      
              - use the new HashMap::take function where appropriate
      
              * bindings/js/kjs_binding.cpp:
              (KJS::addWrapper): Made an inline rather than a macro; inlines good, macros bad.
              (KJS::removeWrapper): Ditto.
              (KJS::removeWrappers): Ditto.
              (KJS::ScriptInterpreter::putDOMObject): Use the inline instead of the macro.
              (KJS::ScriptInterpreter::forgetDOMObject): Ditto. This involves using take instead
              of remove -- in theory ever so slightly less efficient, but I think it's fine.
              (KJS::ScriptInterpreter::forgetDOMNodeForDocument): Ditto.
              (KJS::ScriptInterpreter::putDOMNodeForDocument): Use the inline instead of the macro.
              (KJS::ScriptInterpreter::forgetAllDOMNodesForDocument): Use take instead of find/remove.
              (KJS::ScriptInterpreter::updateDOMNodeDocument): Use the inlines instead of the macros.
      
              * bindings/js/kjs_window.cpp: (KJS::Window::clearTimeout): Use take instead of find/remove.
              * bridge/mac/AXObjectCacheMac.mm: (WebCore::AXObjectCache::remove): Ditto.
              * page/AnimationController.cpp: (WebCore::AnimationControllerPrivate::clear): Ditto.
              * rendering/RenderBlock.cpp:
              (WebCore::RenderBlock::~RenderBlock): Ditto.
              (WebCore::RenderBlock::setDesiredColumnCountAndWidth): Ditto.
              * rendering/RootInlineBox.cpp: Ditto.(WebCore::RootInlineBox::detachEllipsisBox): Ditto.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@27385 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      387d7a0e
  6. 25 Oct, 2007 2 commits
    • mjs's avatar
      Reviewed by Adam. · 07781951
      mjs authored
              
              - add header includes needed on platforms that don't use AllInOneFile.cpp
      
              * API/JSCallbackObject.cpp:
              * kjs/Context.cpp:
              * kjs/ExecState.cpp:
              * kjs/array_instance.cpp:
              * kjs/function_object.cpp:
              * kjs/interpreter.cpp:
              * kjs/nodes.cpp:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@27027 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      07781951
    • eseidel's avatar
      2007-10-24 Eric Seidel <eric@webkit.org> · 5417cd59
      eseidel authored
              Reviewed by Maciej.
              
              Add a JSGlobalObject class and remove the InterpreterMap
              http://bugs.webkit.org/show_bug.cgi?id=15681
              
              This required making JSCallbackObject a template class to allow for
              JSGlobalObjects with JSCallbackObject functionality.
              
              SunSpider claims this was a 0.5% speedup.
      
              * API/JSCallbackObject.cpp:
              (KJS::):
              * API/JSCallbackObject.h:
              * API/JSCallbackObjectFunctions.h: Copied from API/JSCallbackObject.cpp.
              (KJS::::JSCallbackObject):
              (KJS::::init):
              (KJS::::~JSCallbackObject):
              (KJS::::initializeIfNeeded):
              (KJS::::className):
              (KJS::::getOwnPropertySlot):
              (KJS::::put):
              (KJS::::deleteProperty):
              (KJS::::implementsConstruct):
              (KJS::::construct):
              (KJS::::implementsHasInstance):
              (KJS::::hasInstance):
              (KJS::::implementsCall):
              (KJS::::callAsFunction):
              (KJS::::getPropertyNames):
              (KJS::::toNumber):
              (KJS::::toString):
              (KJS::::setPrivate):
              (KJS::::getPrivate):
              (KJS::::inherits):
              (KJS::::cachedValueGetter):
              (KJS::::staticValueGetter):
              (KJS::::staticFunctionGetter):
              (KJS::::callbackGetter):
              * API/JSClassRef.cpp:
              (OpaqueJSClass::prototype):
              * API/JSContextRef.cpp:
              (JSGlobalContextCreate):
              * API/JSObjectRef.cpp:
              (JSObjectMake):
              (JSObjectGetPrivate):
              (JSObjectSetPrivate):
              * API/JSValueRef.cpp:
              (JSValueIsObjectOfClass):
              * JavaScriptCore.exp:
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * bindings/c/c_utility.cpp:
              (KJS::Bindings::convertValueToNPVariant):
              * bindings/jni/jni_jsobject.cpp:
              * bindings/objc/objc_utility.mm:
              (KJS::Bindings::convertValueToObjcValue):
              * kjs/Context.cpp:
              (KJS::Context::Context):
              * kjs/ExecState.cpp:
              (KJS::ExecState::lexicalInterpreter):
              * kjs/JSGlobalObject.h: Added.
              (KJS::JSGlobalObject::JSGlobalObject):
              (KJS::JSGlobalObject::isGlobalObject):
              (KJS::JSGlobalObject::interpreter):
              (KJS::JSGlobalObject::setInterpreter):
              * kjs/array_instance.cpp:
              * kjs/context.h:
              * kjs/function.cpp:
              (KJS::FunctionImp::callAsFunction):
              (KJS::GlobalFuncImp::callAsFunction):
              * kjs/interpreter.cpp:
              (KJS::Interpreter::Interpreter):
              (KJS::Interpreter::init):
              (KJS::Interpreter::~Interpreter):
              (KJS::Interpreter::globalObject):
              (KJS::Interpreter::initGlobalObject):
              (KJS::Interpreter::evaluate):
              * kjs/interpreter.h:
              * kjs/lookup.h:
              (KJS::cacheGlobalObject):
              * kjs/object.h:
              (KJS::JSObject::isGlobalObject):
              * kjs/testkjs.cpp:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@27022 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5417cd59
  7. 22 Oct, 2007 3 commits
    • darin's avatar
      Reviewed by Brady. · 4387f7ff
      darin authored
              - fix crash seen when running JavaScriptCore tests
      
              * kjs/array_instance.cpp: (KJS::ArrayInstance::mark):
              Copy and paste error: I accidentally had code here that was
              making a copy of the HashMap -- that's illegal inside a mark
              function and was unnecessary. The other callsite was modifying
              the map as it iterated it, but this function is not.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@26897 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4387f7ff
    • bdash's avatar
      2007-10-22 Mark Rowe <mrowe@apple.com> · fe11edf9
      bdash authored
              Gtk build fix.
      
              * kjs/array_instance.cpp:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@26883 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      fe11edf9
    • darin's avatar
      JavaScriptCore: · f860d02f
      darin authored
              Reviewed by Maciej.
      
              - http://bugs.webkit.org/show_bug.cgi?id=15606
                make cut-off for sparse vs. dense arrays smarter for speed with large arrays
      
              Makes the morph test in SunSpider 26% faster, and the overall
              benchmark 3% faster.
      
              This also fixes some small problems we had with the distinction
              between nonexistent and undefined values in arrays.
      
              * kjs/array_instance.h: Tweaked formatting and naming.
              * kjs/array_instance.cpp: Copied from kjs/array_object.cpp.
              (KJS::storageSize): Added. Computes the size of the storage given a vector length.
              (KJS::increasedVectorLength): Added. Implements the rule for resizing the vector.
              (KJS::isDenseEnoughForVector): Added.
              (KJS::ArrayInstance::ArrayInstance): Initialize the new fields.
              (KJS::ArrayInstance::~ArrayInstance): Since m_storage is now never 0, delete it.
              (KJS::ArrayInstance::getItem): Updated for name changes.
              (KJS::ArrayInstance::lengthGetter): Ditto.
              (KJS::ArrayInstance::inlineGetOwnPropertySlot): Added. Allows both versions of
              getOwnPropertySlot to share more code.
              (KJS::ArrayInstance::getOwnPropertySlot): Just refactored, no code change.
              (KJS::ArrayInstance::put): Added logic for extending the vector as long as the
              array is dense enough. Also keep m_numValuesInVector up to date.
              (KJS::ArrayInstance::deleteProperty): Added code to keep m_numValuesInVector
              up to date.
              (KJS::ArrayInstance::getPropertyNames): Fixed bug where this would omit names
              for array indices with undefined values.
              (KJS::ArrayInstance::increaseVectorLength): Renamed from resizeStorage. Also
              simplified to only handle getting larger.
              (KJS::ArrayInstance::setLength): Added code to update m_numValuesInVector, to
              zero out the unused part of the vector and to delete the map if it's no longer
              needed.
              (KJS::ArrayInstance::mark): Tweaked formatting.
              (KJS::compareByStringForQSort): Ditto.
              (KJS::ArrayInstance::sort): Ditto.
              (KJS::CompareWithCompareFunctionArguments::CompareWithCompareFunctionArguments):
              Ditto.
              (KJS::compareWithCompareFunctionForQSort): Ditto.
              (KJS::ArrayInstance::compactForSorting): Fixed bug where this would turn
              undefined values into nonexistent values in some cases.
      
              * kjs/array_object.h: Removed MAX_ARRAY_INDEX.
              * kjs/array_object.cpp: Removed ArrayInstance. Moved to a separate file.
      
              * JavaScriptCore.pri: Added array_instance.cpp.
              * JavaScriptCore.xcodeproj/project.pbxproj: Ditto.
              * kjs/AllInOneFile.cpp: Ditto.
      
      LayoutTests:
      
              * fast/js/kde/resources/Array.js: Added tests to cover missing value behavior
              (not the same as undefined values in arrays). This matches the ECMA JavaScript
              specification, but doesn't exactly match Firefox.
              * fast/js/kde/Array-expected.txt: Updated with results.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@26881 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f860d02f