1. 26 Aug, 2011 1 commit
    • fpizlo@apple.com's avatar
      The GC does not have a facility for profiling the kinds of objects · d6bcd37d
      fpizlo@apple.com authored
      that occupy the heap
      https://bugs.webkit.org/show_bug.cgi?id=66849
      
      Reviewed by Geoffrey Garen.
      
      Destructor calls and object scans are now optionally counted, per
      vtable. When the heap is destroyed and profiling is enabled, the
      counts are dumped, with care taken to print the names of classes
      (modulo C++ mangling) sorted in descending commonality.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.exp:
      * JavaScriptCore.pro:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * heap/Heap.cpp:
      (JSC::Heap::destroy):
      * heap/Heap.h:
      * heap/MarkStack.cpp:
      (JSC::SlotVisitor::visitChildren):
      (JSC::SlotVisitor::drain):
      * heap/MarkStack.h:
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::callDestructor):
      * heap/MarkedBlock.h:
      * heap/VTableSpectrum.cpp: Added.
      (JSC::VTableSpectrum::VTableSpectrum):
      (JSC::VTableSpectrum::~VTableSpectrum):
      (JSC::VTableSpectrum::countVPtr):
      (JSC::VTableSpectrum::count):
      (JSC::VTableAndCount::VTableAndCount):
      (JSC::VTableAndCount::operator<):
      (JSC::VTableSpectrum::dump):
      * heap/VTableSpectrum.h: Added.
      * wtf/Platform.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@93918 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d6bcd37d
  2. 02 Aug, 2011 1 commit
    • fpizlo@apple.com's avatar
      JSC GC uses dummy cells to avoid having to remember which cells · d9a81f43
      fpizlo@apple.com authored
      it has already destroyed
      https://bugs.webkit.org/show_bug.cgi?id=65556
      
      Reviewed by Oliver Hunt.
      
      This gets rid of dummy cells, and ensures that it's not necessary
      to invoke a destructor on cells that have already been swept.  In
      the common case, a block knows that either all of its free cells
      still need to have destructors called, or none of them do, which
      minimizes the amount of branching that needs to happen per cell
      when performing a sweep.
      
      This is performance neutral on SunSpider and V8.  It is meant as
      a stepping stone to simplify the implementation of more
      sophisticated sweeping algorithms.
      
      * heap/Heap.cpp:
      (JSC::CountFunctor::ClearMarks::operator()):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::initForCellSize):
      (JSC::MarkedBlock::callDestructor):
      (JSC::MarkedBlock::specializedReset):
      (JSC::MarkedBlock::reset):
      (JSC::MarkedBlock::specializedSweep):
      (JSC::MarkedBlock::sweep):
      (JSC::MarkedBlock::produceFreeList):
      (JSC::MarkedBlock::lazySweep):
      (JSC::MarkedBlock::blessNewBlockForFastPath):
      (JSC::MarkedBlock::blessNewBlockForSlowPath):
      (JSC::MarkedBlock::canonicalizeBlock):
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::FreeCell::setNoObject):
      (JSC::MarkedBlock::setDestructorState):
      (JSC::MarkedBlock::destructorState):
      (JSC::MarkedBlock::notifyMayHaveFreshFreeCells):
      * runtime/JSCell.cpp:
      * runtime/JSCell.h:
      (JSC::JSCell::JSCell::JSCell):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::clearBuiltinStructures):
      * runtime/JSGlobalData.h:
      * runtime/Structure.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@92233 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d9a81f43
  3. 31 Jul, 2011 1 commit
    • fpizlo@apple.com's avatar
      The JSC garbage collector returns memory to the operating system too · 07148b12
      fpizlo@apple.com authored
      eagerly.
      https://bugs.webkit.org/show_bug.cgi?id=65382
      
      Reviewed by Oliver Hunt.
      
      This introduces a memory reuse model similar to the one in FastMalloc.
      A periodic scavenger thread runs in the background and returns half the
      free memory to the OS on each timer fire.  New block allocations first
      attempt to get the memory from the collector's internal pool, reverting
      to OS allocation only when this pool is empty.
      
      * heap/Heap.cpp:
      (JSC::Heap::Heap):
      (JSC::Heap::~Heap):
      (JSC::Heap::destroy):
      (JSC::Heap::waitForRelativeTimeWhileHoldingLock):
      (JSC::Heap::waitForRelativeTime):
      (JSC::Heap::blockFreeingThreadStartFunc):
      (JSC::Heap::blockFreeingThreadMain):
      (JSC::Heap::allocateBlock):
      (JSC::Heap::freeBlocks):
      (JSC::Heap::releaseFreeBlocks):
      * heap/Heap.h:
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::destroy):
      (JSC::MarkedBlock::MarkedBlock):
      (JSC::MarkedBlock::initForCellSize):
      (JSC::MarkedBlock::reset):
      * heap/MarkedBlock.h:
      * wtf/Platform.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@92084 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      07148b12
  4. 29 Jul, 2011 1 commit
    • fpizlo@apple.com's avatar
      JSC GC zombie support no longer works, and is likely no longer needed. · 2f1f3943
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=65404
      
      Reviewed by Darin Adler.
      
      This removes zombies, because they no longer work, are not tested, are
      probably not needed, and are getting in the way of GC optimization
      work.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * heap/Handle.h:
      (JSC::HandleConverter::operator->):
      (JSC::HandleConverter::operator*):
      * heap/HandleHeap.cpp:
      (JSC::HandleHeap::isValidWeakNode):
      * heap/Heap.cpp:
      (JSC::Heap::destroy):
      (JSC::Heap::collect):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::sweep):
      * heap/MarkedBlock.h:
      (JSC::MarkedBlock::clearMarks):
      * interpreter/Register.h:
      (JSC::Register::Register):
      (JSC::Register::operator=):
      * runtime/ArgList.h:
      (JSC::MarkedArgumentBuffer::append):
      (JSC::ArgList::ArgList):
      * runtime/JSCell.cpp:
      (JSC::isZombie):
      * runtime/JSCell.h:
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::clearBuiltinStructures):
      * runtime/JSGlobalData.h:
      * runtime/JSValue.h:
      * runtime/JSValueInlineMethods.h:
      (JSC::JSValue::JSValue):
      * runtime/JSZombie.cpp: Removed.
      * runtime/JSZombie.h: Removed.
      * runtime/WriteBarrier.h:
      (JSC::WriteBarrierBase::setEarlyValue):
      (JSC::WriteBarrierBase::operator*):
      (JSC::WriteBarrierBase::setWithoutWriteBarrier):
      * wtf/Platform.h:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@92046 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2f1f3943
  5. 18 Jul, 2011 1 commit
  6. 14 Jul, 2011 1 commit
    • commit-queue@webkit.org's avatar
      GC allocation fast path has too many operations. · e8dceaf2
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=64493
      
      Patch by Filip Pizlo <fpizlo@apple.com> on 2011-07-14
      Reviewed by Darin Adler.
      
      Changed the timing of the lazy sweep so that it occurs when we land on
      a previously-unsweeped block, rather than whenever we land on an unsweeped
      cell.  After the per-block lazy sweep occurs, the block is turned into a
      singly linked list of free cells.  The allocation fast path is now just a
      load-branch-store to remove a cell from the head of the list.
      
      Additionally, this changes the way new blocks are allocated.  Previously,
      they would be populated with dummy cells.  With this patch, they are
      turned into a free list, which means that there will never be destructor
      calls for allocations in fresh blocks.
      
      These changes result in a 1.9% speed-up on V8, and a 0.6% speed-up on
      SunSpider.  There are no observed statistically significant slow-downs
      on any individual benchmark.
      
      * JavaScriptCore.exp:
      * heap/Heap.cpp:
      (JSC::Heap::allocateSlowCase):
      (JSC::Heap::collect):
      (JSC::Heap::canonicalizeBlocks):
      (JSC::Heap::resetAllocator):
      * heap/Heap.h:
      (JSC::Heap::forEachProtectedCell):
      (JSC::Heap::forEachCell):
      (JSC::Heap::forEachBlock):
      (JSC::Heap::allocate):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::MarkedBlock):
      (JSC::MarkedBlock::lazySweep):
      (JSC::MarkedBlock::blessNewBlockForFastPath):
      (JSC::MarkedBlock::blessNewBlockForSlowPath):
      (JSC::MarkedBlock::canonicalizeBlock):
      * heap/MarkedBlock.h:
      * heap/NewSpace.cpp:
      (JSC::NewSpace::addBlock):
      (JSC::NewSpace::canonicalizeBlocks):
      * heap/NewSpace.h:
      (JSC::NewSpace::allocate):
      (JSC::NewSpace::SizeClass::SizeClass):
      (JSC::NewSpace::SizeClass::canonicalizeBlock):
      * heap/OldSpace.cpp:
      (JSC::OldSpace::addBlock):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@91039 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e8dceaf2
  7. 09 Jun, 2011 1 commit
    • ggaren@apple.com's avatar
      2011-06-09 Geoffrey Garen <ggaren@apple.com> · f68b13e7
      ggaren@apple.com authored
              Reviewed by Oliver Hunt.
      
              Added OldSpace to the project
              https://bugs.webkit.org/show_bug.cgi?id=62417
              
              Currently unused.
              
              Added OldSpace, the ability to iterate NewSpace vs OldSpace, and a
              per-block flag for testing whether you're in NewSpace vs OldSpace.
      
              * CMakeLists.txt:
              * GNUmakefile.list.am:
              * JavaScriptCore.gypi:
              * JavaScriptCore.pro:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
              * JavaScriptCore.xcodeproj/project.pbxproj: Build!
      
              * heap/MarkedBlock.cpp:
              (JSC::MarkedBlock::MarkedBlock):
              * heap/MarkedBlock.h:
              (JSC::MarkedBlock::inNewSpace):
              (JSC::MarkedBlock::setInNewSpace): Added inNewSpace flag, for use in
              write barrier.
      
              * heap/NewSpace.cpp:
              (JSC::NewSpace::addBlock):
              (JSC::NewSpace::removeBlock):
              * heap/NewSpace.h:
              (JSC::NewSpace::forEachBlock): Added forEachBlock, to use for
              NewSpace-specific operations.
      
              * heap/OldSpace.cpp: Added.
              (JSC::OldSpace::OldSpace):
              (JSC::OldSpace::addBlock):
              (JSC::OldSpace::removeBlock):
              * heap/OldSpace.h: Added.
              (JSC::OldSpace::forEachBlock): New class for holding promoted blocks.
              Not in use yet.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@88519 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f68b13e7
  8. 29 May, 2011 1 commit
    • ggaren@apple.com's avatar
      2011-05-29 Geoffrey Garen <ggaren@apple.com> · 58c6e459
      ggaren@apple.com authored
              Reviewed by Sam Weinig.
      
              Some heap refactoring
              https://bugs.webkit.org/show_bug.cgi?id=61704
              
              SunSpider says no change.
      
              * JavaScriptCore.exp: Export!
      
              * heap/Heap.cpp: COLLECT_ON_EVERY_ALLOCATION can actually do so now.
      
              (JSC::Heap::Heap): Changed Heap sub-objects to point to the heap.
      
              (JSC::Heap::allocate): Changed inline allocation code to only select the
              size class, since this can be optimized out at compile time -- everything
              else is now inlined into this out-of-line function.
              
              No need to duplicate ASSERTs made in our caller.
      
              * heap/Heap.h:
              (JSC::Heap::heap):
              (JSC::Heap::isMarked):
              (JSC::Heap::testAndSetMarked):
              (JSC::Heap::testAndClearMarked):
              (JSC::Heap::setMarked): Call directly into MarkedBlock instead of adding
              a layer of indirection through MarkedSpace.
      
              (JSC::Heap::allocate): See above.
      
              * heap/MarkedBlock.cpp:
              (JSC::MarkedBlock::create):
              (JSC::MarkedBlock::MarkedBlock):
              * heap/MarkedBlock.h: Changed Heap sub-objects to point to the heap.
      
              * heap/MarkedSpace.cpp:
              (JSC::MarkedSpace::MarkedSpace):
              (JSC::MarkedSpace::allocateBlock):
              * heap/MarkedSpace.h:
              (JSC::MarkedSpace::allocate): Updated to match changes above.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@87653 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      58c6e459
  9. 26 May, 2011 3 commits
  10. 20 May, 2011 1 commit
  11. 14 May, 2011 2 commits
    • oliver@apple.com's avatar
      2011-05-13 Oliver Hunt <oliver@apple.com> · 4103716d
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              This patch makes the checks performed under GC_VALIDATION
              much more aggressive, and adds the checks to more places
              in order to allow us to catch GC bugs much closer to the
              point of failure.
      
              * JavaScriptCore.exp:
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * debugger/DebuggerActivation.cpp:
              (JSC::DebuggerActivation::visitChildren):
              * heap/MarkedBlock.cpp:
              (JSC::MarkedBlock::MarkedBlock):
              * heap/MarkedSpace.cpp:
              * runtime/Arguments.cpp:
              (JSC::Arguments::visitChildren):
              * runtime/Executable.cpp:
              (JSC::EvalExecutable::visitChildren):
              (JSC::ProgramExecutable::visitChildren):
              (JSC::FunctionExecutable::visitChildren):
              * runtime/Executable.h:
              * runtime/GetterSetter.cpp:
              (JSC::GetterSetter::visitChildren):
              * runtime/GetterSetter.h:
              * runtime/JSAPIValueWrapper.h:
              (JSC::JSAPIValueWrapper::createStructure):
              (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
              * runtime/JSActivation.cpp:
              (JSC::JSActivation::visitChildren):
              * runtime/JSArray.cpp:
              (JSC::JSArray::visitChildren):
              * runtime/JSCell.cpp:
              (JSC::slowValidateCell):
              * runtime/JSCell.h:
              (JSC::JSCell::JSCell::unvalidatedStructure):
              (JSC::JSCell::JSCell::JSCell):
              * runtime/JSFunction.cpp:
              (JSC::JSFunction::visitChildren):
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::visitChildren):
              (JSC::slowValidateCell):
              * runtime/JSONObject.h:
              * runtime/JSObject.cpp:
              (JSC::JSObject::visitChildren):
              * runtime/JSPropertyNameIterator.cpp:
              (JSC::JSPropertyNameIterator::visitChildren):
              * runtime/JSPropertyNameIterator.h:
              * runtime/JSStaticScopeObject.cpp:
              (JSC::JSStaticScopeObject::visitChildren):
              * runtime/JSString.h:
              (JSC::RopeBuilder::JSString):
              * runtime/JSWrapperObject.cpp:
              (JSC::JSWrapperObject::visitChildren):
              * runtime/NativeErrorConstructor.cpp:
              (JSC::NativeErrorConstructor::visitChildren):
              * runtime/PropertyMapHashTable.h:
              (JSC::PropertyMapEntry::PropertyMapEntry):
              * runtime/RegExpObject.cpp:
              (JSC::RegExpObject::visitChildren):
              * runtime/ScopeChain.cpp:
              (JSC::ScopeChainNode::visitChildren):
              * runtime/ScopeChain.h:
              (JSC::ScopeChainNode::ScopeChainNode):
              * runtime/Structure.cpp:
              (JSC::Structure::Structure):
              (JSC::Structure::addPropertyTransition):
              (JSC::Structure::visitChildren):
              * runtime/Structure.h:
              (JSC::JSCell::classInfo):
              * runtime/StructureChain.cpp:
              (JSC::StructureChain::visitChildren):
              * runtime/StructureChain.h:
              * runtime/WriteBarrier.h:
              (JSC::validateCell):
              (JSC::JSCell):
              (JSC::JSGlobalObject):
              (JSC::WriteBarrierBase::set):
              (JSC::WriteBarrierBase::setMayBeNull):
              (JSC::WriteBarrierBase::setEarlyValue):
              (JSC::WriteBarrierBase::get):
              (JSC::WriteBarrierBase::operator*):
              (JSC::WriteBarrierBase::operator->):
              (JSC::WriteBarrierBase::unvalidatedGet):
              (JSC::WriteBarrier::WriteBarrier):
              * wtf/Assertions.h:
      2011-05-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              This makes GC_VALIDATION much more aggressive in webcore,
              adding logic to every visitChildren method to ensure that
              the structure still has correct flags.
      
              Additionally every function generated for the dom bindings
              makes use of the new GC_VALIDATION object assertions to further
              ensure that the object appears to be sensible.
      
              * bindings/js/JSAttrCustom.cpp:
              (WebCore::JSAttr::visitChildren):
              * bindings/js/JSAudioContextCustom.cpp:
              (WebCore::JSAudioContext::visitChildren):
              * bindings/js/JSCSSRuleCustom.cpp:
              (WebCore::JSCSSRule::visitChildren):
              * bindings/js/JSCSSStyleDeclarationCustom.cpp:
              (WebCore::JSCSSStyleDeclaration::visitChildren):
              * bindings/js/JSCanvasRenderingContextCustom.cpp:
              (WebCore::JSCanvasRenderingContext::visitChildren):
              * bindings/js/JSDOMGlobalObject.cpp:
              (WebCore::JSDOMGlobalObject::visitChildren):
              (WebCore::JSDOMGlobalObject::setInjectedScript):
              * bindings/js/JSDOMWindowCustom.cpp:
              (WebCore::JSDOMWindow::visitChildren):
              * bindings/js/JSDOMWindowShell.cpp:
              (WebCore::JSDOMWindowShell::visitChildren):
              * bindings/js/JSEventListener.cpp:
              (WebCore::JSEventListener::JSEventListener):
              * bindings/js/JSEventListener.h:
              (WebCore::JSEventListener::jsFunction):
              * bindings/js/JSJavaScriptAudioNodeCustom.cpp:
              (WebCore::JSJavaScriptAudioNode::visitChildren):
              * bindings/js/JSMessageChannelCustom.cpp:
              (WebCore::JSMessageChannel::visitChildren):
              * bindings/js/JSMessagePortCustom.cpp:
              (WebCore::JSMessagePort::visitChildren):
              * bindings/js/JSNamedNodeMapCustom.cpp:
              (WebCore::JSNamedNodeMap::visitChildren):
              * bindings/js/JSNodeCustom.cpp:
              (WebCore::JSNode::visitChildren):
              * bindings/js/JSNodeFilterCustom.cpp:
              (WebCore::JSNodeFilter::visitChildren):
              * bindings/js/JSNodeIteratorCustom.cpp:
              (WebCore::JSNodeIterator::visitChildren):
              * bindings/js/JSSVGElementInstanceCustom.cpp:
              (WebCore::JSSVGElementInstance::visitChildren):
              * bindings/js/JSSharedWorkerCustom.cpp:
              (WebCore::JSSharedWorker::visitChildren):
              * bindings/js/JSStyleSheetCustom.cpp:
              (WebCore::JSStyleSheet::visitChildren):
              * bindings/js/JSTreeWalkerCustom.cpp:
              (WebCore::JSTreeWalker::visitChildren):
              * bindings/js/JSWebGLRenderingContextCustom.cpp:
              (WebCore::JSWebGLRenderingContext::visitChildren):
              * bindings/js/JSWorkerContextCustom.cpp:
              (WebCore::JSWorkerContext::visitChildren):
              * bindings/js/JSXMLHttpRequestCustom.cpp:
              (WebCore::JSXMLHttpRequest::visitChildren):
              * bindings/js/JSXPathResultCustom.cpp:
              (WebCore::JSXPathResult::visitChildren):
              * bindings/scripts/CodeGeneratorJS.pm:
      2011-05-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              Add GC_VALIDATION calls to all the JSNPObject methods.
      
              * WebProcess/Plugins/Netscape/JSNPObject.cpp:
              (WebKit::JSNPObject::invalidate):
              (WebKit::JSNPObject::callMethod):
              (WebKit::JSNPObject::callObject):
              (WebKit::JSNPObject::callConstructor):
              (WebKit::JSNPObject::getCallData):
              (WebKit::JSNPObject::getConstructData):
              (WebKit::JSNPObject::getOwnPropertySlot):
              (WebKit::JSNPObject::getOwnPropertyDescriptor):
              (WebKit::JSNPObject::put):
              (WebKit::JSNPObject::getOwnPropertyNames):
              (WebKit::JSNPObject::propertyGetter):
              (WebKit::JSNPObject::methodGetter):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86499 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4103716d
    • ossy@webkit.org's avatar
      Unreviewed, rolling out r86469 and r86471, because they made hundreds tests crash on Qt. · 8c10d800
      ossy@webkit.org authored
      Make GC validation more aggressive
      https://bugs.webkit.org/show_bug.cgi?id=60802
      
      Source/JavaScriptCore:
      
      * JavaScriptCore.exp:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * debugger/DebuggerActivation.cpp:
      (JSC::DebuggerActivation::visitChildren):
      * heap/MarkedBlock.cpp:
      (JSC::MarkedBlock::MarkedBlock):
      * heap/MarkedSpace.cpp:
      * runtime/Arguments.cpp:
      (JSC::Arguments::visitChildren):
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::visitChildren):
      (JSC::ProgramExecutable::visitChildren):
      (JSC::FunctionExecutable::visitChildren):
      * runtime/Executable.h:
      (JSC::ProgramExecutable::createStructure):
      (JSC::FunctionExecutable::createStructure):
      * runtime/GetterSetter.cpp:
      (JSC::GetterSetter::visitChildren):
      * runtime/GetterSetter.h:
      (JSC::GetterSetter::createStructure):
      * runtime/JSAPIValueWrapper.h:
      (JSC::JSAPIValueWrapper::createStructure):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::visitChildren):
      * runtime/JSArray.cpp:
      (JSC::JSArray::visitChildren):
      * runtime/JSCell.cpp:
      * runtime/JSCell.h:
      (JSC::JSCell::JSCell::JSCell):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::visitChildren):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSONObject.h:
      (JSC::JSONObject::createStructure):
      * runtime/JSObject.cpp:
      (JSC::JSObject::visitChildren):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::visitChildren):
      * runtime/JSPropertyNameIterator.h:
      * runtime/JSStaticScopeObject.cpp:
      (JSC::JSStaticScopeObject::visitChildren):
      * runtime/JSString.h:
      (JSC::RopeBuilder::createStructure):
      * runtime/JSWrapperObject.cpp:
      (JSC::JSWrapperObject::visitChildren):
      * runtime/NativeErrorConstructor.cpp:
      (JSC::NativeErrorConstructor::visitChildren):
      * runtime/PropertyMapHashTable.h:
      (JSC::PropertyMapEntry::PropertyMapEntry):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::visitChildren):
      * runtime/ScopeChain.cpp:
      (JSC::ScopeChainNode::visitChildren):
      * runtime/ScopeChain.h:
      (JSC::ScopeChainNode::ScopeChainNode):
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::visitChildren):
      * runtime/Structure.h:
      (JSC::Structure::createStructure):
      (JSC::JSCell::classInfo):
      * runtime/StructureChain.cpp:
      (JSC::StructureChain::visitChildren):
      * runtime/StructureChain.h:
      * runtime/WriteBarrier.h:
      (JSC::WriteBarrierBase::set):
      (JSC::WriteBarrierBase::get):
      (JSC::WriteBarrierBase::operator*):
      (JSC::WriteBarrierBase::operator->):
      (JSC::WriteBarrier::WriteBarrier):
      * wtf/Assertions.h:
      
      Source/WebCore:
      
      * bindings/js/JSAttrCustom.cpp:
      (WebCore::JSAttr::visitChildren):
      * bindings/js/JSAudioContextCustom.cpp:
      (WebCore::JSAudioContext::visitChildren):
      * bindings/js/JSCSSRuleCustom.cpp:
      (WebCore::JSCSSRule::visitChildren):
      * bindings/js/JSCSSStyleDeclarationCustom.cpp:
      (WebCore::JSCSSStyleDeclaration::visitChildren):
      * bindings/js/JSCanvasRenderingContextCustom.cpp:
      (WebCore::JSCanvasRenderingContext::visitChildren):
      * bindings/js/JSDOMGlobalObject.cpp:
      (WebCore::JSDOMGlobalObject::visitChildren):
      (WebCore::JSDOMGlobalObject::setInjectedScript):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::visitChildren):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::visitChildren):
      * bindings/js/JSEventListener.cpp:
      (WebCore::JSEventListener::JSEventListener):
      * bindings/js/JSEventListener.h:
      (WebCore::JSEventListener::jsFunction):
      * bindings/js/JSJavaScriptAudioNodeCustom.cpp:
      (WebCore::JSJavaScriptAudioNode::visitChildren):
      * bindings/js/JSMessageChannelCustom.cpp:
      (WebCore::JSMessageChannel::visitChildren):
      * bindings/js/JSMessagePortCustom.cpp:
      (WebCore::JSMessagePort::visitChildren):
      * bindings/js/JSNamedNodeMapCustom.cpp:
      (WebCore::JSNamedNodeMap::visitChildren):
      * bindings/js/JSNodeCustom.cpp:
      (WebCore::JSNode::visitChildren):
      * bindings/js/JSNodeFilterCustom.cpp:
      (WebCore::JSNodeFilter::visitChildren):
      * bindings/js/JSNodeIteratorCustom.cpp:
      (WebCore::JSNodeIterator::visitChildren):
      * bindings/js/JSSVGElementInstanceCustom.cpp:
      (WebCore::JSSVGElementInstance::visitChildren):
      * bindings/js/JSSharedWorkerCustom.cpp:
      (WebCore::JSSharedWorker::visitChildren):
      * bindings/js/JSStyleSheetCustom.cpp:
      (WebCore::JSStyleSheet::visitChildren):
      * bindings/js/JSTreeWalkerCustom.cpp:
      (WebCore::JSTreeWalker::visitChildren):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::JSWebGLRenderingContext::visitChildren):
      * bindings/js/JSWorkerContextCustom.cpp:
      (WebCore::JSWorkerContext::visitChildren):
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::visitChildren):
      * bindings/js/JSXPathResultCustom.cpp:
      (WebCore::JSXPathResult::visitChildren):
      * bindings/scripts/CodeGeneratorJS.pm:
      
      Source/WebKit2:
      
      * WebProcess/Plugins/Netscape/JSNPObject.cpp:
      (WebKit::JSNPObject::invalidate):
      (WebKit::JSNPObject::callMethod):
      (WebKit::JSNPObject::callObject):
      (WebKit::JSNPObject::callConstructor):
      (WebKit::JSNPObject::getCallData):
      (WebKit::JSNPObject::getConstructData):
      (WebKit::JSNPObject::getOwnPropertySlot):
      (WebKit::JSNPObject::getOwnPropertyDescriptor):
      (WebKit::JSNPObject::put):
      (WebKit::JSNPObject::getOwnPropertyNames):
      (WebKit::JSNPObject::propertyGetter):
      (WebKit::JSNPObject::methodGetter):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86482 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8c10d800
  12. 13 May, 2011 1 commit
    • oliver@apple.com's avatar
      2011-05-13 Oliver Hunt <oliver@apple.com> · d369c8cd
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              This patch makes the checks performed under GC_VALIDATION
              much more aggressive, and adds the checks to more places
              in order to allow us to catch GC bugs much closer to the
              point of failure.
      
              * JavaScriptCore.exp:
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * debugger/DebuggerActivation.cpp:
              (JSC::DebuggerActivation::visitChildren):
              * heap/MarkedBlock.cpp:
              (JSC::MarkedBlock::MarkedBlock):
              * heap/MarkedSpace.cpp:
              * runtime/Arguments.cpp:
              (JSC::Arguments::visitChildren):
              * runtime/Executable.cpp:
              (JSC::EvalExecutable::visitChildren):
              (JSC::ProgramExecutable::visitChildren):
              (JSC::FunctionExecutable::visitChildren):
              * runtime/Executable.h:
              * runtime/GetterSetter.cpp:
              (JSC::GetterSetter::visitChildren):
              * runtime/GetterSetter.h:
              * runtime/JSAPIValueWrapper.h:
              (JSC::JSAPIValueWrapper::createStructure):
              (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
              * runtime/JSActivation.cpp:
              (JSC::JSActivation::visitChildren):
              * runtime/JSArray.cpp:
              (JSC::JSArray::visitChildren):
              * runtime/JSCell.cpp:
              (JSC::slowValidateCell):
              * runtime/JSCell.h:
              (JSC::JSCell::JSCell::unvalidatedStructure):
              (JSC::JSCell::JSCell::JSCell):
              * runtime/JSFunction.cpp:
              (JSC::JSFunction::visitChildren):
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::visitChildren):
              (JSC::slowValidateCell):
              * runtime/JSONObject.h:
              * runtime/JSObject.cpp:
              (JSC::JSObject::visitChildren):
              * runtime/JSPropertyNameIterator.cpp:
              (JSC::JSPropertyNameIterator::visitChildren):
              * runtime/JSPropertyNameIterator.h:
              * runtime/JSStaticScopeObject.cpp:
              (JSC::JSStaticScopeObject::visitChildren):
              * runtime/JSString.h:
              (JSC::RopeBuilder::JSString):
              * runtime/JSWrapperObject.cpp:
              (JSC::JSWrapperObject::visitChildren):
              * runtime/NativeErrorConstructor.cpp:
              (JSC::NativeErrorConstructor::visitChildren):
              * runtime/PropertyMapHashTable.h:
              (JSC::PropertyMapEntry::PropertyMapEntry):
              * runtime/RegExpObject.cpp:
              (JSC::RegExpObject::visitChildren):
              * runtime/ScopeChain.cpp:
              (JSC::ScopeChainNode::visitChildren):
              * runtime/ScopeChain.h:
              (JSC::ScopeChainNode::ScopeChainNode):
              * runtime/Structure.cpp:
              (JSC::Structure::Structure):
              (JSC::Structure::addPropertyTransition):
              (JSC::Structure::visitChildren):
              * runtime/Structure.h:
              (JSC::JSCell::classInfo):
              * runtime/StructureChain.cpp:
              (JSC::StructureChain::visitChildren):
              * runtime/StructureChain.h:
              * runtime/WriteBarrier.h:
              (JSC::validateCell):
              (JSC::JSCell):
              (JSC::JSGlobalObject):
              (JSC::WriteBarrierBase::set):
              (JSC::WriteBarrierBase::setMayBeNull):
              (JSC::WriteBarrierBase::setEarlyValue):
              (JSC::WriteBarrierBase::get):
              (JSC::WriteBarrierBase::operator*):
              (JSC::WriteBarrierBase::operator->):
              (JSC::WriteBarrierBase::unvalidatedGet):
              (JSC::WriteBarrier::WriteBarrier):
              * wtf/Assertions.h:
      2011-05-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              This makes GC_VALIDATION much more aggressive in webcore,
              adding logic to every visitChildren method to ensure that
              the structure still has correct flags.
      
              Additionally every function generated for the dom bindings
              makes use of the new GC_VALIDATION object assertions to further
              ensure that the object appears to be sensible.
      
              * bindings/js/JSAttrCustom.cpp:
              (WebCore::JSAttr::visitChildren):
              * bindings/js/JSAudioContextCustom.cpp:
              (WebCore::JSAudioContext::visitChildren):
              * bindings/js/JSCSSRuleCustom.cpp:
              (WebCore::JSCSSRule::visitChildren):
              * bindings/js/JSCSSStyleDeclarationCustom.cpp:
              (WebCore::JSCSSStyleDeclaration::visitChildren):
              * bindings/js/JSCanvasRenderingContextCustom.cpp:
              (WebCore::JSCanvasRenderingContext::visitChildren):
              * bindings/js/JSDOMGlobalObject.cpp:
              (WebCore::JSDOMGlobalObject::visitChildren):
              (WebCore::JSDOMGlobalObject::setInjectedScript):
              * bindings/js/JSDOMWindowCustom.cpp:
              (WebCore::JSDOMWindow::visitChildren):
              * bindings/js/JSDOMWindowShell.cpp:
              (WebCore::JSDOMWindowShell::visitChildren):
              * bindings/js/JSEventListener.cpp:
              (WebCore::JSEventListener::JSEventListener):
              * bindings/js/JSEventListener.h:
              (WebCore::JSEventListener::jsFunction):
              * bindings/js/JSJavaScriptAudioNodeCustom.cpp:
              (WebCore::JSJavaScriptAudioNode::visitChildren):
              * bindings/js/JSMessageChannelCustom.cpp:
              (WebCore::JSMessageChannel::visitChildren):
              * bindings/js/JSMessagePortCustom.cpp:
              (WebCore::JSMessagePort::visitChildren):
              * bindings/js/JSNamedNodeMapCustom.cpp:
              (WebCore::JSNamedNodeMap::visitChildren):
              * bindings/js/JSNodeCustom.cpp:
              (WebCore::JSNode::visitChildren):
              * bindings/js/JSNodeFilterCustom.cpp:
              (WebCore::JSNodeFilter::visitChildren):
              * bindings/js/JSNodeIteratorCustom.cpp:
              (WebCore::JSNodeIterator::visitChildren):
              * bindings/js/JSSVGElementInstanceCustom.cpp:
              (WebCore::JSSVGElementInstance::visitChildren):
              * bindings/js/JSSharedWorkerCustom.cpp:
              (WebCore::JSSharedWorker::visitChildren):
              * bindings/js/JSStyleSheetCustom.cpp:
              (WebCore::JSStyleSheet::visitChildren):
              * bindings/js/JSTreeWalkerCustom.cpp:
              (WebCore::JSTreeWalker::visitChildren):
              * bindings/js/JSWebGLRenderingContextCustom.cpp:
              (WebCore::JSWebGLRenderingContext::visitChildren):
              * bindings/js/JSWorkerContextCustom.cpp:
              (WebCore::JSWorkerContext::visitChildren):
              * bindings/js/JSXMLHttpRequestCustom.cpp:
              (WebCore::JSXMLHttpRequest::visitChildren):
              * bindings/js/JSXPathResultCustom.cpp:
              (WebCore::JSXPathResult::visitChildren):
              * bindings/scripts/CodeGeneratorJS.pm:
      2011-05-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make GC validation more aggressive
              https://bugs.webkit.org/show_bug.cgi?id=60802
      
              Add GC_VALIDATION calls to all the JSNPObject methods.
      
              * WebProcess/Plugins/Netscape/JSNPObject.cpp:
              (WebKit::JSNPObject::invalidate):
              (WebKit::JSNPObject::callMethod):
              (WebKit::JSNPObject::callObject):
              (WebKit::JSNPObject::callConstructor):
              (WebKit::JSNPObject::getCallData):
              (WebKit::JSNPObject::getConstructData):
              (WebKit::JSNPObject::getOwnPropertySlot):
              (WebKit::JSNPObject::getOwnPropertyDescriptor):
              (WebKit::JSNPObject::put):
              (WebKit::JSNPObject::getOwnPropertyNames):
              (WebKit::JSNPObject::propertyGetter):
              (WebKit::JSNPObject::methodGetter):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@86469 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d369c8cd
  13. 15 Apr, 2011 2 commits
  14. 13 Apr, 2011 1 commit
    • oliver@apple.com's avatar
      2011-04-13 Oliver Hunt <oliver@apple.com> · bb8da910
      oliver@apple.com authored
              Reviewed by Geoff Garen.
      
              GC allocate Structure
              https://bugs.webkit.org/show_bug.cgi?id=58483
      
              Additional structures are allocated beyond the expected threshold
              so we preflight the test to get them allocated.
      
              * fast/dom/gc-10.html:
      2011-04-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoff Garen.
      
              GC allocate Structure
              https://bugs.webkit.org/show_bug.cgi?id=58483
      
              Turn Structure into a GC allocated object.  Most of this patch
              is the mechanical change of replacing variations on RefPtr<Structure>
              with either Structure* (for arguments and locals), WriteBarrier<Structure>
              for the few cases where Structures are held by GC allocated objects
              and Strong<Structure> for the root structure objects in GlobalData.
      
              * API/JSCallbackConstructor.cpp:
              (JSC::JSCallbackConstructor::JSCallbackConstructor):
              * API/JSCallbackConstructor.h:
              (JSC::JSCallbackConstructor::createStructure):
              * API/JSCallbackFunction.h:
              (JSC::JSCallbackFunction::createStructure):
              * API/JSCallbackObject.h:
              (JSC::JSCallbackObject::createStructure):
              * API/JSCallbackObjectFunctions.h:
              (JSC::::JSCallbackObject):
              * API/JSContextRef.cpp:
              * JavaScriptCore.JSVALUE32_64only.exp:
              * JavaScriptCore.JSVALUE64only.exp:
              * JavaScriptCore.exp:
              * bytecode/CodeBlock.cpp:
              (JSC::CodeBlock::~CodeBlock):
              (JSC::CodeBlock::markStructures):
              (JSC::CodeBlock::markAggregate):
              * bytecode/CodeBlock.h:
              (JSC::MethodCallLinkInfo::setSeen):
              (JSC::GlobalResolveInfo::GlobalResolveInfo):
              * bytecode/Instruction.h:
              (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
              (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
              (JSC::PolymorphicAccessStructureList::markAggregate):
              (JSC::Instruction::Instruction):
              * bytecode/StructureStubInfo.cpp:
              (JSC::StructureStubInfo::deref):
              (JSC::StructureStubInfo::markAggregate):
              * bytecode/StructureStubInfo.h:
              (JSC::StructureStubInfo::initGetByIdSelf):
              (JSC::StructureStubInfo::initGetByIdProto):
              (JSC::StructureStubInfo::initGetByIdChain):
              (JSC::StructureStubInfo::initPutByIdTransition):
              (JSC::StructureStubInfo::initPutByIdReplace):
              * debugger/DebuggerActivation.cpp:
              (JSC::DebuggerActivation::DebuggerActivation):
              * debugger/DebuggerActivation.h:
              (JSC::DebuggerActivation::createStructure):
              * heap/Handle.h:
              * heap/MarkStack.cpp:
              (JSC::MarkStack::markChildren):
              (JSC::MarkStack::drain):
              * heap/MarkedBlock.cpp:
              (JSC::MarkedBlock::MarkedBlock):
              (JSC::MarkedBlock::sweep):
              * heap/Strong.h:
              (JSC::Strong::Strong):
              (JSC::Strong::set):
              * interpreter/Interpreter.cpp:
              (JSC::Interpreter::resolveGlobal):
              (JSC::Interpreter::resolveGlobalDynamic):
              (JSC::Interpreter::tryCachePutByID):
              (JSC::Interpreter::uncachePutByID):
              (JSC::Interpreter::tryCacheGetByID):
              (JSC::Interpreter::uncacheGetByID):
              (JSC::Interpreter::privateExecute):
              * jit/JIT.h:
              * jit/JITPropertyAccess.cpp:
              (JSC::JIT::privateCompilePutByIdTransition):
              (JSC::JIT::patchMethodCallProto):
              (JSC::JIT::privateCompileGetByIdProto):
              (JSC::JIT::privateCompileGetByIdSelfList):
              (JSC::JIT::privateCompileGetByIdProtoList):
              (JSC::JIT::privateCompileGetByIdChainList):
              (JSC::JIT::privateCompileGetByIdChain):
              * jit/JITPropertyAccess32_64.cpp:
              (JSC::JIT::privateCompilePutByIdTransition):
              (JSC::JIT::patchMethodCallProto):
              (JSC::JIT::privateCompileGetByIdProto):
              (JSC::JIT::privateCompileGetByIdSelfList):
              (JSC::JIT::privateCompileGetByIdProtoList):
              (JSC::JIT::privateCompileGetByIdChainList):
              (JSC::JIT::privateCompileGetByIdChain):
              * jit/JITStubs.cpp:
              (JSC::JITThunks::tryCachePutByID):
              (JSC::JITThunks::tryCacheGetByID):
              (JSC::DEFINE_STUB_FUNCTION):
              (JSC::getPolymorphicAccessStructureListSlot):
              * jit/JSInterfaceJIT.h:
              (JSC::JSInterfaceJIT::storePtrWithWriteBarrier):
              * jsc.cpp:
              (cleanupGlobalData):
              * runtime/Arguments.h:
              (JSC::Arguments::createStructure):
              (JSC::Arguments::Arguments):
              (JSC::JSActivation::copyRegisters):
              * runtime/ArrayConstructor.cpp:
              (JSC::ArrayConstructor::ArrayConstructor):
              (JSC::constructArrayWithSizeQuirk):
              * runtime/ArrayConstructor.h:
              * runtime/ArrayPrototype.cpp:
              (JSC::ArrayPrototype::ArrayPrototype):
              (JSC::arrayProtoFuncSplice):
              * runtime/ArrayPrototype.h:
              (JSC::ArrayPrototype::createStructure):
              * runtime/BatchedTransitionOptimizer.h:
              (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
              * runtime/BooleanConstructor.cpp:
              (JSC::BooleanConstructor::BooleanConstructor):
              * runtime/BooleanConstructor.h:
              * runtime/BooleanObject.cpp:
              (JSC::BooleanObject::BooleanObject):
              * runtime/BooleanObject.h:
              (JSC::BooleanObject::createStructure):
              * runtime/BooleanPrototype.cpp:
              (JSC::BooleanPrototype::BooleanPrototype):
              * runtime/BooleanPrototype.h:
              * runtime/DateConstructor.cpp:
              (JSC::DateConstructor::DateConstructor):
              * runtime/DateConstructor.h:
              * runtime/DateInstance.cpp:
              (JSC::DateInstance::DateInstance):
              * runtime/DateInstance.h:
              (JSC::DateInstance::createStructure):
              * runtime/DatePrototype.cpp:
              (JSC::DatePrototype::DatePrototype):
              * runtime/DatePrototype.h:
              (JSC::DatePrototype::createStructure):
              * runtime/Error.cpp:
              (JSC::StrictModeTypeErrorFunction::StrictModeTypeErrorFunction):
              * runtime/ErrorConstructor.cpp:
              (JSC::ErrorConstructor::ErrorConstructor):
              * runtime/ErrorConstructor.h:
              * runtime/ErrorInstance.cpp:
              (JSC::ErrorInstance::ErrorInstance):
              (JSC::ErrorInstance::create):
              * runtime/ErrorInstance.h:
              (JSC::ErrorInstance::createStructure):
              * runtime/ErrorPrototype.cpp:
              (JSC::ErrorPrototype::ErrorPrototype):
              * runtime/ErrorPrototype.h:
              * runtime/ExceptionHelpers.cpp:
              (JSC::InterruptedExecutionError::InterruptedExecutionError):
              (JSC::TerminatedExecutionError::TerminatedExecutionError):
              * runtime/Executable.cpp:
              * runtime/Executable.h:
              (JSC::ExecutableBase::ExecutableBase):
              (JSC::ExecutableBase::createStructure):
              (JSC::NativeExecutable::createStructure):
              (JSC::NativeExecutable::NativeExecutable):
              (JSC::ScriptExecutable::ScriptExecutable):
              (JSC::EvalExecutable::createStructure):
              (JSC::ProgramExecutable::createStructure):
              (JSC::FunctionExecutable::createStructure):
              * runtime/FunctionConstructor.cpp:
              (JSC::FunctionConstructor::FunctionConstructor):
              * runtime/FunctionConstructor.h:
              * runtime/FunctionPrototype.cpp:
              (JSC::FunctionPrototype::FunctionPrototype):
              * runtime/FunctionPrototype.h:
              (JSC::FunctionPrototype::createStructure):
              * runtime/GetterSetter.h:
              (JSC::GetterSetter::GetterSetter):
              (JSC::GetterSetter::createStructure):
              * runtime/InitializeThreading.cpp:
              (JSC::initializeThreadingOnce):
              * runtime/InternalFunction.cpp:
              (JSC::InternalFunction::InternalFunction):
              * runtime/InternalFunction.h:
              (JSC::InternalFunction::createStructure):
              * runtime/JSAPIValueWrapper.h:
              (JSC::JSAPIValueWrapper::createStructure):
              (JSC::JSAPIValueWrapper::JSAPIValueWrapper):
              * runtime/JSActivation.cpp:
              (JSC::JSActivation::JSActivation):
              * runtime/JSActivation.h:
              (JSC::JSActivation::createStructure):
              * runtime/JSArray.cpp:
              (JSC::JSArray::JSArray):
              * runtime/JSArray.h:
              (JSC::JSArray::createStructure):
              * runtime/JSByteArray.cpp:
              (JSC::JSByteArray::JSByteArray):
              (JSC::JSByteArray::createStructure):
              * runtime/JSByteArray.h:
              (JSC::JSByteArray::JSByteArray):
              * runtime/JSCell.cpp:
              (JSC::isZombie):
              * runtime/JSCell.h:
              (JSC::JSCell::JSCell::JSCell):
              (JSC::JSCell::JSCell::addressOfStructure):
              (JSC::JSCell::JSCell::structure):
              (JSC::JSCell::JSCell::markChildren):
              (JSC::JSCell::JSValue::isZombie):
              * runtime/JSFunction.cpp:
              (JSC::JSFunction::JSFunction):
              * runtime/JSFunction.h:
              (JSC::JSFunction::createStructure):
              * runtime/JSGlobalData.cpp:
              (JSC::JSGlobalData::storeVPtrs):
              (JSC::JSGlobalData::JSGlobalData):
              (JSC::JSGlobalData::clearBuiltinStructures):
              (JSC::JSGlobalData::createLeaked):
              * runtime/JSGlobalData.h:
              (JSC::allocateGlobalHandle):
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::reset):
              (JSC::JSGlobalObject::markChildren):
              (JSC::JSGlobalObject::copyGlobalsFrom):
              * runtime/JSGlobalObject.h:
              (JSC::JSGlobalObject::JSGlobalObject):
              (JSC::JSGlobalObject::createStructure):
              (JSC::Structure::prototypeChain):
              (JSC::Structure::isValid):
              (JSC::constructEmptyArray):
              * runtime/JSNotAnObject.h:
              (JSC::JSNotAnObject::JSNotAnObject):
              (JSC::JSNotAnObject::createStructure):
              * runtime/JSONObject.cpp:
              (JSC::JSONObject::JSONObject):
              * runtime/JSONObject.h:
              (JSC::JSONObject::createStructure):
              * runtime/JSObject.cpp:
              (JSC::JSObject::defineGetter):
              (JSC::JSObject::defineSetter):
              (JSC::JSObject::seal):
              (JSC::JSObject::freeze):
              (JSC::JSObject::preventExtensions):
              (JSC::JSObject::removeDirect):
              (JSC::JSObject::createInheritorID):
              * runtime/JSObject.h:
              (JSC::JSObject::createStructure):
              (JSC::JSObject::JSObject):
              (JSC::JSNonFinalObject::createStructure):
              (JSC::JSNonFinalObject::JSNonFinalObject):
              (JSC::JSFinalObject::create):
              (JSC::JSFinalObject::createStructure):
              (JSC::JSFinalObject::JSFinalObject):
              (JSC::constructEmptyObject):
              (JSC::createEmptyObjectStructure):
              (JSC::JSObject::~JSObject):
              (JSC::JSObject::setPrototype):
              (JSC::JSObject::setStructure):
              (JSC::JSObject::inheritorID):
              (JSC::JSObject::putDirectInternal):
              (JSC::JSObject::transitionTo):
              (JSC::JSObject::markChildrenDirect):
              * runtime/JSObjectWithGlobalObject.cpp:
              (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
              * runtime/JSObjectWithGlobalObject.h:
              (JSC::JSObjectWithGlobalObject::createStructure):
              (JSC::JSObjectWithGlobalObject::JSObjectWithGlobalObject):
              * runtime/JSPropertyNameIterator.cpp:
              (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
              (JSC::JSPropertyNameIterator::create):
              (JSC::JSPropertyNameIterator::get):
              * runtime/JSPropertyNameIterator.h:
              (JSC::JSPropertyNameIterator::createStructure):
              (JSC::JSPropertyNameIterator::setCachedStructure):
              (JSC::Structure::setEnumerationCache):
              * runtime/JSStaticScopeObject.h:
              (JSC::JSStaticScopeObject::JSStaticScopeObject):
              (JSC::JSStaticScopeObject::createStructure):
              * runtime/JSString.h:
              (JSC::RopeBuilder::JSString):
              (JSC::RopeBuilder::createStructure):
              * runtime/JSType.h:
              * runtime/JSTypeInfo.h:
              (JSC::TypeInfo::TypeInfo):
              * runtime/JSValue.h:
              * runtime/JSVariableObject.h:
              (JSC::JSVariableObject::createStructure):
              (JSC::JSVariableObject::JSVariableObject):
              (JSC::JSVariableObject::copyRegisterArray):
              * runtime/JSWrapperObject.h:
              (JSC::JSWrapperObject::createStructure):
              (JSC::JSWrapperObject::JSWrapperObject):
              * runtime/JSZombie.cpp:
              * runtime/JSZombie.h:
              (JSC::JSZombie::JSZombie):
              (JSC::JSZombie::createStructure):
              * runtime/MathObject.cpp:
              (JSC::MathObject::MathObject):
              * runtime/MathObject.h:
              (JSC::MathObject::createStructure):
              * runtime/NativeErrorConstructor.cpp:
              (JSC::NativeErrorConstructor::NativeErrorConstructor):
              (JSC::NativeErrorConstructor::markChildren):
              * runtime/NativeErrorConstructor.h:
              (JSC::NativeErrorConstructor::createStructure):
              * runtime/NativeErrorPrototype.cpp:
              (JSC::NativeErrorPrototype::NativeErrorPrototype):
              * runtime/NativeErrorPrototype.h:
              * runtime/NumberConstructor.cpp:
              (JSC::NumberConstructor::NumberConstructor):
              * runtime/NumberConstructor.h:
              (JSC::NumberConstructor::createStructure):
              * runtime/NumberObject.cpp:
              (JSC::NumberObject::NumberObject):
              * runtime/NumberObject.h:
              (JSC::NumberObject::createStructure):
              * runtime/NumberPrototype.cpp:
              (JSC::NumberPrototype::NumberPrototype):
              * runtime/NumberPrototype.h:
              * runtime/ObjectConstructor.cpp:
              (JSC::ObjectConstructor::ObjectConstructor):
              * runtime/ObjectConstructor.h:
              (JSC::ObjectConstructor::createStructure):
              * runtime/ObjectPrototype.cpp:
              (JSC::ObjectPrototype::ObjectPrototype):
              * runtime/ObjectPrototype.h:
              * runtime/PropertyMapHashTable.h:
              (JSC::PropertyTable::PropertyTable):
              * runtime/RegExpConstructor.cpp:
              (JSC::RegExpConstructor::RegExpConstructor):
              (JSC::RegExpMatchesArray::RegExpMatchesArray):
              * runtime/RegExpConstructor.h:
              (JSC::RegExpConstructor::createStructure):
              * runtime/RegExpObject.cpp:
              (JSC::RegExpObject::RegExpObject):
              * runtime/RegExpObject.h:
              (JSC::RegExpObject::createStructure):
              * runtime/RegExpPrototype.cpp:
              (JSC::RegExpPrototype::RegExpPrototype):
              * runtime/RegExpPrototype.h:
              * runtime/ScopeChain.h:
              (JSC::ScopeChainNode::ScopeChainNode):
              (JSC::ScopeChainNode::createStructure):
              * runtime/StrictEvalActivation.cpp:
              (JSC::StrictEvalActivation::StrictEvalActivation):
              * runtime/StringConstructor.cpp:
              (JSC::StringConstructor::StringConstructor):
              * runtime/StringConstructor.h:
              * runtime/StringObject.cpp:
              (JSC::StringObject::StringObject):
              * runtime/StringObject.h:
              (JSC::StringObject::createStructure):
              * runtime/StringObjectThatMasqueradesAsUndefined.h:
              (JSC::StringObjectThatMasqueradesAsUndefined::StringObjectThatMasqueradesAsUndefined):
              (JSC::StringObjectThatMasqueradesAsUndefined::createStructure):
              * runtime/StringPrototype.cpp:
              (JSC::StringPrototype::StringPrototype):
              * runtime/StringPrototype.h:
              (JSC::StringPrototype::createStructure):
              * runtime/Structure.cpp:
              (JSC::StructureTransitionTable::remove):
              (JSC::StructureTransitionTable::add):
              (JSC::Structure::Structure):
              (JSC::Structure::~Structure):
              (JSC::Structure::materializePropertyMap):
              (JSC::Structure::addPropertyTransitionToExistingStructure):
              (JSC::Structure::addPropertyTransition):
              (JSC::Structure::removePropertyTransition):
              (JSC::Structure::changePrototypeTransition):
              (JSC::Structure::despecifyFunctionTransition):
              (JSC::Structure::getterSetterTransition):
              (JSC::Structure::toDictionaryTransition):
              (JSC::Structure::toCacheableDictionaryTransition):
              (JSC::Structure::toUncacheableDictionaryTransition):
              (JSC::Structure::sealTransition):
              (JSC::Structure::freezeTransition):
              (JSC::Structure::preventExtensionsTransition):
              (JSC::Structure::flattenDictionaryStructure):
              (JSC::Structure::copyPropertyTable):
              (JSC::Structure::put):
              (JSC::Structure::markChildren):
              * runtime/Structure.h:
              (JSC::Structure::create):
              (JSC::Structure::setPrototypeWithoutTransition):
              (JSC::Structure::createStructure):
              (JSC::JSCell::createDummyStructure):
              (JSC::StructureTransitionTable::WeakGCMapFinalizerCallback::keyForFinalizer):
              * runtime/StructureChain.cpp:
              (JSC::StructureChain::StructureChain):
              (JSC::StructureChain::markChildren):
              * runtime/StructureChain.h:
              (JSC::StructureChain::create):
              (JSC::StructureChain::head):
              (JSC::StructureChain::createStructure):
              * runtime/StructureTransitionTable.h:
              (JSC::StructureTransitionTable::WeakGCMapFinalizerCallback::finalizerContextFor):
              (JSC::StructureTransitionTable::~StructureTransitionTable):
              (JSC::StructureTransitionTable::slot):
              (JSC::StructureTransitionTable::setMap):
              (JSC::StructureTransitionTable::singleTransition):
              (JSC::StructureTransitionTable::clearSingleTransition):
              (JSC::StructureTransitionTable::setSingleTransition):
              * runtime/WeakGCMap.h:
              (JSC::DefaultWeakGCMapFinalizerCallback::finalizerContextFor):
              (JSC::DefaultWeakGCMapFinalizerCallback::keyForFinalizer):
              (JSC::WeakGCMap::contains):
              (JSC::WeakGCMap::find):
              (JSC::WeakGCMap::remove):
              (JSC::WeakGCMap::add):
              (JSC::WeakGCMap::set):
              (JSC::WeakGCMap::finalize):
              * runtime/WriteBarrier.h:
              (JSC::writeBarrier):
              (JSC::WriteBarrierBase::set):
              (JSC::WriteBarrierBase::operator*):
              (JSC::WriteBarrierBase::operator->):
              (JSC::WriteBarrierBase::setWithoutWriteBarrier):
      2011-04-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoff Garen.
      
              GC allocate Structure
              https://bugs.webkit.org/show_bug.cgi?id=58483
      
              Fix up JSG to correctly mark Structure, et al.
      
              * JSRun.cpp:
              (JSGlueGlobalObject::JSGlueGlobalObject):
              * JSRun.h:
              * JSUtils.cpp:
              (JSObjectKJSValue):
              * UserObjectImp.cpp:
              (UserObjectImp::UserObjectImp):
              * UserObjectImp.h:
              (UserObjectImp::createStructure):
      2011-04-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoff Garen.
      
              GC allocate Structure
              https://bugs.webkit.org/show_bug.cgi?id=58483
      
              Update WebCore for Structure being a GC allocated object
      
              * WebCore.exp.in:
              * bindings/js/JSAudioConstructor.h:
              (WebCore::JSAudioConstructor::createStructure):
              * bindings/js/JSDOMBinding.cpp:
              (WebCore::cacheDOMStructure):
              * bindings/js/JSDOMBinding.h:
              (WebCore::DOMObjectWithGlobalPointer::createStructure):
              (WebCore::DOMObjectWithGlobalPointer::DOMObjectWithGlobalPointer):
              (WebCore::DOMConstructorObject::createStructure):
              (WebCore::DOMConstructorObject::DOMConstructorObject):
              (WebCore::DOMConstructorWithDocument::DOMConstructorWithDocument):
              * bindings/js/JSDOMGlobalObject.cpp:
              (WebCore::JSDOMGlobalObject::JSDOMGlobalObject):
              (WebCore::JSDOMGlobalObject::markChildren):
              * bindings/js/JSDOMGlobalObject.h:
              (WebCore::JSDOMGlobalObject::createStructure):
              * bindings/js/JSDOMWindowBase.cpp:
              (WebCore::JSDOMWindowBase::JSDOMWindowBase):
              * bindings/js/JSDOMWindowBase.h:
              (WebCore::JSDOMWindowBase::createStructure):
              * bindings/js/JSDOMWindowShell.cpp:
              (WebCore::JSDOMWindowShell::JSDOMWindowShell):
              (WebCore::JSDOMWindowShell::setWindow):
              * bindings/js/JSDOMWindowShell.h:
              (WebCore::JSDOMWindowShell::createStructure):
              * bindings/js/JSDOMWrapper.h:
              (WebCore::DOMObject::DOMObject):
              * bindings/js/JSEventListener.cpp:
              (WebCore::JSEventListener::JSEventListener):
              * bindings/js/JSImageConstructor.h:
              (WebCore::JSImageConstructor::createStructure):
              * bindings/js/JSImageDataCustom.cpp:
              (WebCore::toJS):
              * bindings/js/JSOptionConstructor.h:
              (WebCore::JSOptionConstructor::createStructure):
              * bindings/js/JSWorkerContextBase.cpp:
              (WebCore::JSWorkerContextBase::JSWorkerContextBase):
              * bindings/js/JSWorkerContextBase.h:
              (WebCore::JSWorkerContextBase::createStructure):
              * bindings/js/ScriptCachedFrameData.h:
              * bindings/js/SerializedScriptValue.h:
              * bindings/js/WorkerScriptController.cpp:
              (WebCore::WorkerScriptController::initScript):
              * bindings/scripts/CodeGeneratorJS.pm:
              * bridge/c/CRuntimeObject.h:
              (JSC::Bindings::CRuntimeObject::createStructure):
              * bridge/c/c_instance.cpp:
              (JSC::Bindings::CRuntimeMethod::createStructure):
              * bridge/jni/jsc/JavaInstanceJSC.cpp:
              (JavaRuntimeMethod::createStructure):
              * bridge/jni/jsc/JavaRuntimeObject.h:
              (JSC::Bindings::JavaRuntimeObject::createStructure):
              * bridge/objc/ObjCRuntimeObject.h:
              (JSC::Bindings::ObjCRuntimeObject::createStructure):
              * bridge/objc/objc_instance.mm:
              (ObjCRuntimeMethod::createStructure):
              * bridge/objc/objc_runtime.h:
              (JSC::Bindings::ObjcFallbackObjectImp::createStructure):
              * bridge/runtime_array.cpp:
              (JSC::RuntimeArray::RuntimeArray):
              * bridge/runtime_array.h:
              (JSC::RuntimeArray::createStructure):
              * bridge/runtime_method.cpp:
              (JSC::RuntimeMethod::RuntimeMethod):
              * bridge/runtime_method.h:
              (JSC::RuntimeMethod::createStructure):
              * bridge/runtime_object.cpp:
              (JSC::Bindings::RuntimeObject::RuntimeObject):
              * bridge/runtime_object.h:
              (JSC::Bindings::RuntimeObject::createStructure):
              * history/HistoryItem.h:
      2011-04-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoff Garen.
      
              GC allocate Structure
              https://bugs.webkit.org/show_bug.cgi?id=58483
      
              Update WebKit for the world of GC allocated Structure
      
              * Plugins/Hosted/NetscapePluginInstanceProxy.h:
              * Plugins/Hosted/ProxyInstance.mm:
              (WebKit::ProxyRuntimeMethod::createStructure):
              * Plugins/Hosted/ProxyRuntimeObject.h:
              (WebKit::ProxyRuntimeObject::createStructure):
      2011-04-13  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoff Garen.
      
              GC allocate Structure
              https://bugs.webkit.org/show_bug.cgi?id=58483
      
              Update WK2 for the world of GC allocated Structure
      
              * WebProcess/Plugins/Netscape/JSNPMethod.h:
              (WebKit::JSNPMethod::createStructure):
              * WebProcess/Plugins/Netscape/JSNPObject.h:
              (WebKit::JSNPObject::createStructure):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@83808 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bb8da910
  15. 11 Apr, 2011 1 commit
    • ggaren@apple.com's avatar
      2011-04-11 Geoffrey Garen <ggaren@apple.com> · 0b32d098
      ggaren@apple.com authored
              Rubber-stamped by Sam Weinig.
              
              Moved remaining heap implementation files to the heap folder.
      
              * Android.mk:
              * CMakeLists.txt:
              * GNUmakefile.list.am:
              * JavaScriptCore.gypi:
              * JavaScriptCore.pro:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * heap/ConservativeRoots.cpp: Copied from runtime/ConservativeSet.cpp.
              * heap/ConservativeRoots.h: Copied from runtime/ConservativeSet.h.
              * heap/Handle.h:
              * heap/Heap.cpp:
              * heap/MachineStackMarker.cpp: Copied from runtime/MachineStackMarker.cpp.
              * heap/MachineStackMarker.h: Copied from runtime/MachineStackMarker.h.
              * heap/MarkStack.cpp: Copied from runtime/MarkStack.cpp.
              * heap/MarkStack.h: Copied from runtime/MarkStack.h.
              * heap/MarkStackPosix.cpp: Copied from runtime/MarkStackPosix.cpp.
              * heap/MarkStackSymbian.cpp: Copied from runtime/MarkStackSymbian.cpp.
              * heap/MarkStackWin.cpp: Copied from runtime/MarkStackWin.cpp.
              * heap/MarkedBlock.cpp: Copied from runtime/MarkedBlock.cpp.
              * heap/MarkedBlock.h: Copied from runtime/MarkedBlock.h.
              * heap/MarkedSpace.cpp: Copied from runtime/MarkedSpace.cpp.
              * heap/MarkedSpace.h: Copied from runtime/MarkedSpace.h.
              * interpreter/RegisterFile.cpp:
              * runtime/ConservativeSet.cpp: Removed.
              * runtime/ConservativeSet.h: Removed.
              * runtime/MachineStackMarker.cpp: Removed.
              * runtime/MachineStackMarker.h: Removed.
              * runtime/MarkStack.cpp: Removed.
              * runtime/MarkStack.h: Removed.
              * runtime/MarkStackPosix.cpp: Removed.
              * runtime/MarkStackSymbian.cpp: Removed.
              * runtime/MarkStackWin.cpp: Removed.
              * runtime/MarkedBlock.cpp: Removed.
              * runtime/MarkedBlock.h: Removed.
              * runtime/MarkedSpace.cpp: Removed.
              * runtime/MarkedSpace.h: Removed.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@83506 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0b32d098
  16. 04 Apr, 2011 1 commit
    • oliver@apple.com's avatar
      2011-04-01 Oliver Hunt <oliver@apple.com> · 59144210
      oliver@apple.com authored
              Reviewed by Geoffrey Garen.
      
              Make StructureChain GC allocated
              https://bugs.webkit.org/show_bug.cgi?id=56695
      
              Make StructureChain GC allocated, and make the various owners
              mark it correctly.
      
              * JavaScriptCore.exp:
              * bytecode/CodeBlock.cpp:
              (JSC::CodeBlock::dump):
              (JSC::CodeBlock::derefStructures):
              (JSC::CodeBlock::refStructures):
              (JSC::CodeBlock::markAggregate):
              * bytecode/Instruction.h:
              (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
              (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
              (JSC::PolymorphicAccessStructureList::derefStructures):
              (JSC::PolymorphicAccessStructureList::markAggregate):
              (JSC::Instruction::Instruction):
              * bytecode/StructureStubInfo.cpp:
              (JSC::StructureStubInfo::deref):
              (JSC::StructureStubInfo::markAggregate):
              * bytecode/StructureStubInfo.h:
              (JSC::StructureStubInfo::initGetByIdChain):
              (JSC::StructureStubInfo::initPutByIdTransition):
              * bytecompiler/BytecodeGenerator.cpp:
              (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
              (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
              * collector/handles/Handle.h:
              (JSC::HandleConverter::operator->):
              (JSC::HandleConverter::operator*):
              * interpreter/Interpreter.cpp:
              (JSC::Interpreter::privateExecute):
              * jit/JITOpcodes.cpp:
              (JSC::JIT::emit_op_jneq_ptr):
              * jit/JITOpcodes32_64.cpp:
              (JSC::JIT::emit_op_jneq_ptr):
              * jit/JITPropertyAccess.cpp:
              (JSC::JIT::privateCompileGetByIdChainList):
              * jit/JITPropertyAccess32_64.cpp:
              (JSC::JIT::privateCompileGetByIdChainList):
              * jit/JITStubs.cpp:
              (JSC::JITThunks::tryCachePutByID):
              (JSC::JITThunks::tryCacheGetByID):
              (JSC::getPolymorphicAccessStructureListSlot):
              (JSC::DEFINE_STUB_FUNCTION):
              * runtime/JSCell.h:
              * runtime/JSGlobalData.cpp:
              (JSC::JSGlobalData::JSGlobalData):
              * runtime/JSGlobalData.h:
              * runtime/JSGlobalObject.cpp:
              (JSC::markIfNeeded):
              * runtime/JSGlobalObject.h:
              (JSC::Structure::prototypeChain):
              * runtime/JSObject.h:
              (JSC::JSObject::putDirectInternal):
              (JSC::JSObject::markChildrenDirect):
              * runtime/JSPropertyNameIterator.cpp:
              (JSC::JSPropertyNameIterator::create):
              (JSC::JSPropertyNameIterator::get):
              (JSC::JSPropertyNameIterator::markChildren):
              * runtime/JSPropertyNameIterator.h:
              (JSC::JSPropertyNameIterator::setCachedPrototypeChain):
              * runtime/JSZombie.cpp:
              (JSC::JSZombie::leakedZombieStructure):
              * runtime/JSZombie.h:
              * runtime/MarkStack.h:
              (JSC::MarkStack::append):
              * runtime/MarkedBlock.cpp:
              (JSC::MarkedBlock::sweep):
              * runtime/Structure.cpp:
              (JSC::Structure::addPropertyTransition):
              * runtime/Structure.h:
              (JSC::Structure::markAggregate):
              * runtime/StructureChain.cpp:
              (JSC::StructureChain::StructureChain):
              (JSC::StructureChain::~StructureChain):
              (JSC::StructureChain::markChildren):
              * runtime/StructureChain.h:
              (JSC::StructureChain::create):
              (JSC::StructureChain::createStructure):
              * runtime/WriteBarrier.h:
              (JSC::WriteBarrierBase::get):
              (JSC::WriteBarrierBase::operator*):
              (JSC::WriteBarrierBase::operator->):
      2011-04-01  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Geoffrey Garen.
      
              Make StructureChain GC allocated
              https://bugs.webkit.org/show_bug.cgi?id=56695
      
              Update for new Structure marking function
      
              * bindings/js/JSDOMGlobalObject.cpp:
              (WebCore::JSDOMGlobalObject::markChildren):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@82849 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      59144210
  17. 14 Mar, 2011 1 commit
    • oliver@apple.com's avatar
      2011-03-11 Oliver Hunt <oliver@apple.com> · 9d4f0eca
      oliver@apple.com authored
              Reviewed by Gavin Barraclough.
      
              Ensure all values are correctly tagged in the registerfile
              https://bugs.webkit.org/show_bug.cgi?id=56214
      
              This patch makes sure that all JSCell pointers written to
              the registerfile are correctly tagged as JSCells, and replaces
              raw int usage with the immediate representation.
      
              For performance, register pressure, and general saneness reasons
              I've added abstractions for reading and writing the tag
              and payload of integer registers directly for the JSVALUE64
              encoding.
      
              * interpreter/Register.h:
              (JSC::Register::withInt):
              (JSC::Register::withCallee):
              (JSC::Register::operator=):
              (JSC::Register::i):
              (JSC::Register::activation):
              (JSC::Register::function):
              (JSC::Register::propertyNameIterator):
              (JSC::Register::scopeChain):
              * jit/JIT.h:
              * jit/JITCall.cpp:
              (JSC::JIT::compileOpCallInitializeCallFrame):
              (JSC::JIT::compileOpCallVarargs):
              (JSC::JIT::compileOpCall):
              * jit/JITCall32_64.cpp:
              (JSC::JIT::compileOpCallInitializeCallFrame):
              (JSC::JIT::compileOpCallVarargs):
              (JSC::JIT::compileOpCall):
              (JSC::JIT::compileOpCallSlowCase):
              * jit/JITInlineMethods.h:
              (JSC::JIT::emitPutToCallFrameHeader):
              (JSC::JIT::emitPutCellToCallFrameHeader):
              (JSC::JIT::emitPutIntToCallFrameHeader):
              * jit/JITOpcodes.cpp:
              (JSC::JIT::privateCompileCTINativeCall):
              (JSC::JIT::emit_op_get_pnames):
              (JSC::JIT::emit_op_next_pname):
              (JSC::JIT::emit_op_load_varargs):
              (JSC::JIT::emitSlow_op_load_varargs):
              * jit/JITOpcodes32_64.cpp:
              (JSC::JIT::privateCompileCTINativeCall):
              (JSC::JIT::emit_op_get_pnames):
              (JSC::JIT::emit_op_next_pname):
              * jit/JSInterfaceJIT.h:
              (JSC::JSInterfaceJIT::intPayloadFor):
              (JSC::JSInterfaceJIT::intTagFor):
              * jit/SpecializedThunkJIT.h:
              (JSC::SpecializedThunkJIT::returnJSValue):
              (JSC::SpecializedThunkJIT::returnDouble):
              (JSC::SpecializedThunkJIT::returnInt32):
              (JSC::SpecializedThunkJIT::returnJSCell):
      2011-03-11  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Gavin Barraclough.
      
              Ensure all values are correctly tagged in the registerfile
              https://bugs.webkit.org/show_bug.cgi?id=56214
      
              Make sure everything builds still.
      
              * bridge/c/c_class.cpp:
              * bridge/c/c_runtime.cpp:
              * bridge/jni/JavaMethod.cpp:
              * plugins/PluginViewNone.cpp:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@81040 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9d4f0eca
  18. 12 Mar, 2011 1 commit
    • loislo@chromium.org's avatar
      2011-03-12 Sheriff Bot <webkit.review.bot@gmail.com> · 03e7251c
      loislo@chromium.org authored
              Unreviewed, rolling out r80919.
              http://trac.webkit.org/changeset/80919
              https://bugs.webkit.org/show_bug.cgi?id=56251
      
              all windows bots failed to compile this change (Requested by
              loislo on #webkit).
      
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * bytecode/StructureStubInfo.cpp:
              * interpreter/Register.h:
              (JSC::Register::withInt):
              (JSC::Register::withCallee):
              (JSC::Register::operator=):
              (JSC::Register::i):
              (JSC::Register::activation):
              (JSC::Register::function):
              (JSC::Register::propertyNameIterator):
              (JSC::Register::scopeChain):
              * jit/JIT.h:
              * jit/JITCall.cpp:
              (JSC::JIT::compileOpCallInitializeCallFrame):
              (JSC::JIT::compileOpCallVarargs):
              (JSC::JIT::compileOpCall):
              * jit/JITCall32_64.cpp:
              (JSC::JIT::compileOpCallInitializeCallFrame):
              (JSC::JIT::compileOpCallVarargs):
              (JSC::JIT::compileOpCall):
              (JSC::JIT::compileOpCallSlowCase):
              * jit/JITInlineMethods.h:
              (JSC::JIT::emitPutToCallFrameHeader):
              * jit/JITOpcodes.cpp:
              (JSC::JIT::privateCompileCTINativeCall):
              (JSC::JIT::emit_op_get_pnames):
              (JSC::JIT::emit_op_next_pname):
              (JSC::JIT::emit_op_load_varargs):
              (JSC::JIT::emitSlow_op_load_varargs):
              * jit/JITOpcodes32_64.cpp:
              (JSC::JIT::privateCompileCTINativeCall):
              (JSC::JIT::emit_op_get_pnames):
              (JSC::JIT::emit_op_next_pname):
              * jit/JSInterfaceJIT.h:
              (JSC::JSInterfaceJIT::payloadFor):
              * jit/SpecializedThunkJIT.h:
              (JSC::SpecializedThunkJIT::returnJSValue):
              (JSC::SpecializedThunkJIT::returnDouble):
              (JSC::SpecializedThunkJIT::returnInt32):
              (JSC::SpecializedThunkJIT::returnJSCell):
              * runtime/ArgList.cpp:
              * runtime/DateConversion.cpp:
              * runtime/GCActivityCallbackCF.cpp:
              * runtime/Identifier.cpp:
              * runtime/JSActivation.h:
              (JSC::asActivation):
              * runtime/JSLock.cpp:
              * runtime/JSNumberCell.cpp:
              * runtime/JSObject.h:
              * runtime/JSPropertyNameIterator.h:
              * runtime/JSValue.h:
              * runtime/JSZombie.cpp:
              * runtime/MarkedBlock.cpp:
              * runtime/MarkedSpace.cpp:
              * runtime/PropertyNameArray.cpp:
              * runtime/ScopeChain.h:
              (JSC::ExecState::globalThisValue):
              * wtf/DateMath.cpp:
      2011-03-12  Sheriff Bot  <webkit.review.bot@gmail.com>
      
              Unreviewed, rolling out r80919.
              http://trac.webkit.org/changeset/80919
              https://bugs.webkit.org/show_bug.cgi?id=56251
      
              all windows bots failed to compile this change (Requested by
              loislo on #webkit).
      
              * bridge/c/c_class.cpp:
              * bridge/c/c_runtime.cpp:
              * bridge/jni/JavaMethod.cpp:
              * plugins/PluginViewNone.cpp:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@80938 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      03e7251c
  19. 11 Mar, 2011 1 commit
    • oliver@apple.com's avatar
      2011-03-11 Oliver Hunt <oliver@apple.com> · 88d8cfa7
      oliver@apple.com authored
              Reviewed by Gavin Barraclough.
      
              Ensure all values are correctly tagged in the registerfile
              https://bugs.webkit.org/show_bug.cgi?id=56214
      
              This patch makes sure that all JSCell pointers written to
              the registerfile are correctly tagged as JSCells, and replaces
              raw int usage with the immediate representation.
      
              For performance, register pressure, and general saneness reasons
              I've added abstractions for reading and writing the tag
              and payload of integer registers directly for the JSVALUE64
              encoding.
      
              * interpreter/Register.h:
              (JSC::Register::withInt):
              (JSC::Register::withCallee):
              (JSC::Register::operator=):
              (JSC::Register::i):
              (JSC::Register::activation):
              (JSC::Register::function):
              (JSC::Register::propertyNameIterator):
              (JSC::Register::scopeChain):
              * jit/JIT.h:
              * jit/JITCall.cpp:
              (JSC::JIT::compileOpCallInitializeCallFrame):
              (JSC::JIT::compileOpCallVarargs):
              (JSC::JIT::compileOpCall):
              * jit/JITCall32_64.cpp:
              (JSC::JIT::compileOpCallInitializeCallFrame):
              (JSC::JIT::compileOpCallVarargs):
              (JSC::JIT::compileOpCall):
              (JSC::JIT::compileOpCallSlowCase):
              * jit/JITInlineMethods.h:
              (JSC::JIT::emitPutToCallFrameHeader):
              (JSC::JIT::emitPutCellToCallFrameHeader):
              (JSC::JIT::emitPutIntToCallFrameHeader):
              * jit/JITOpcodes.cpp:
              (JSC::JIT::privateCompileCTINativeCall):
              (JSC::JIT::emit_op_get_pnames):
              (JSC::JIT::emit_op_next_pname):
              (JSC::JIT::emit_op_load_varargs):
              (JSC::JIT::emitSlow_op_load_varargs):
              * jit/JITOpcodes32_64.cpp:
              (JSC::JIT::privateCompileCTINativeCall):
              (JSC::JIT::emit_op_get_pnames):
              (JSC::JIT::emit_op_next_pname):
              * jit/JSInterfaceJIT.h:
              (JSC::JSInterfaceJIT::intPayloadFor):
              (JSC::JSInterfaceJIT::intTagFor):
              * jit/SpecializedThunkJIT.h:
              (JSC::SpecializedThunkJIT::returnJSValue):
              (JSC::SpecializedThunkJIT::returnDouble):
              (JSC::SpecializedThunkJIT::returnInt32):
              (JSC::SpecializedThunkJIT::returnJSCell):
      2011-03-11  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Gavin Barraclough.
      
              Ensure all values are correctly tagged in the registerfile
              https://bugs.webkit.org/show_bug.cgi?id=56214
      
              Make sure everything builds still.
      
              * bridge/c/c_class.cpp:
              * bridge/c/c_runtime.cpp:
              * bridge/jni/JavaMethod.cpp:
              * plugins/PluginViewNone.cpp:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@80919 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      88d8cfa7
  20. 10 Mar, 2011 1 commit
    • oliver@apple.com's avatar
      2011-03-10 Oliver Hunt <oliver@apple.com> · 1bf01d62
      oliver@apple.com authored
              Reviewed by Gavin Barraclough.
      
              Fix allocation of native function with a cached thunk
              https://bugs.webkit.org/show_bug.cgi?id=56127
      
              Fix this race condition found while fixing zombies.
      
              * collector/handles/HandleHeap.cpp:
              (JSC::HandleHeap::clearWeakPointers):
              * runtime/Heap.cpp:
              (JSC::Heap::reset):
              * runtime/JSFunction.cpp:
              (JSC::JSFunction::JSFunction):
              (JSC::JSFunction::markChildren):
              * runtime/JSValue.h:
              (JSC::JSValue::decode):
              * runtime/JSZombie.cpp:
              (JSC::JSZombie::leakedZombieStructure):
              * runtime/JSZombie.h:
              (JSC::JSZombie::createStructure):
              * runtime/MarkedBlock.cpp:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@80751 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1bf01d62
  21. 28 Feb, 2011 1 commit
    • oliver@apple.com's avatar
      2011-02-28 Oliver Hunt <oliver@apple.com> · 97cdbd4c
      oliver@apple.com authored
              Reviewed by Gavin Barraclough.
      
              Make ScopeChainNode GC allocated
              https://bugs.webkit.org/show_bug.cgi?id=55283
      
              Simplify lifetime and other issues with the scopechain
              by making it gc allocated.  This allows us to simplify
              function exit and unwinding, as well as making the
              current iterative refcounting go away.
      
              * JavaScriptCore.exp:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
              * bytecode/CodeBlock.cpp:
              (JSC::CodeBlock::createActivation):
              * bytecode/StructureStubInfo.cpp:
              * bytecompiler/BytecodeGenerator.cpp:
              (JSC::BytecodeGenerator::generate):
              (JSC::BytecodeGenerator::BytecodeGenerator):
              (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
              (JSC::BytecodeGenerator::emitJumpIfNotFunctionApply):
              * bytecompiler/BytecodeGenerator.h:
              * debugger/Debugger.cpp:
              (JSC::Recompiler::operator()):
              * debugger/DebuggerCallFrame.h:
              (JSC::DebuggerCallFrame::scopeChain):
              * interpreter/CachedCall.h:
              (JSC::CachedCall::CachedCall):
              * interpreter/CallFrame.h:
              * interpreter/Interpreter.cpp:
              (JSC::depth):
              (JSC::Interpreter::unwindCallFrame):
              (JSC::Interpreter::throwException):
              (JSC::Interpreter::execute):
              (JSC::Interpreter::executeCall):
              (JSC::Interpreter::executeConstruct):
              (JSC::Interpreter::privateExecute):
              * jit/JITCall.cpp:
              (JSC::JIT::compileOpCallInitializeCallFrame):
              (JSC::JIT::compileOpCall):
              * jit/JITCall32_64.cpp:
              (JSC::JIT::compileOpCallInitializeCallFrame):
              (JSC::JIT::emit_op_ret):
              (JSC::JIT::emit_op_ret_object_or_this):
              (JSC::JIT::compileOpCall):
              * jit/JITOpcodes.cpp:
              (JSC::JIT::emit_op_end):
              (JSC::JIT::emit_op_ret):
              (JSC::JIT::emit_op_ret_object_or_this):
              * jit/JITOpcodes32_64.cpp:
              (JSC::JIT::emit_op_end):
              * jit/JITStubs.cpp:
              (JSC::DEFINE_STUB_FUNCTION):
              * jit/JITStubs.h:
              * runtime/ArgList.cpp:
              * runtime/Completion.cpp:
              (JSC::evaluate):
              * runtime/Completion.h:
              * runtime/DateConversion.cpp:
              * runtime/Executable.cpp:
              (JSC::EvalExecutable::compileInternal):
              (JSC::ProgramExecutable::compileInternal):
              (JSC::FunctionExecutable::compileForCallInternal):
              (JSC::FunctionExecutable::compileForConstructInternal):
              * runtime/FunctionConstructor.cpp:
              (JSC::constructFunction):
              * runtime/GCActivityCallbackCF.cpp:
              * runtime/Identifier.cpp:
              * runtime/JSCell.h:
              * runtime/JSChunk.cpp: Added.
              * runtime/JSChunk.h: Added.
              * runtime/JSFunction.cpp:
              (JSC::JSFunction::JSFunction):
              (JSC::JSFunction::markChildren):
              (JSC::JSFunction::getCallData):
              (JSC::JSFunction::getOwnPropertySlot):
              (JSC::JSFunction::getConstructData):
              * runtime/JSFunction.h:
              (JSC::JSFunction::scope):
              (JSC::JSFunction::setScope):
              * runtime/JSGlobalData.cpp:
              (JSC::JSGlobalData::JSGlobalData):
              * runtime/JSGlobalData.h:
              * runtime/JSGlobalObject.cpp:
              (JSC::JSGlobalObject::init):
              (JSC::JSGlobalObject::markChildren):
              * runtime/JSGlobalObject.h:
              (JSC::JSGlobalObject::JSGlobalObjectData::JSGlobalObjectData):
              (JSC::JSGlobalObject::globalScopeChain):
              * runtime/JSGlobalObjectFunctions.cpp:
              (JSC::globalFuncEval):
              * runtime/JSLock.cpp:
              * runtime/JSNumberCell.cpp:
              * runtime/JSZombie.cpp:
              * runtime/MarkedBlock.cpp:
              * runtime/MarkedSpace.cpp:
              * runtime/PropertyNameArray.cpp:
              * runtime/ScopeChain.cpp:
              (JSC::ScopeChainNode::print):
              (JSC::ScopeChainNode::localDepth):
              (JSC::ScopeChainNode::markChildren):
              * runtime/ScopeChain.h:
              (JSC::ScopeChainNode::ScopeChainNode):
              (JSC::ScopeChainNode::createStructure):
              (JSC::ScopeChainNode::push):
              (JSC::ScopeChainNode::pop):
              (JSC::ScopeChainIterator::ScopeChainIterator):
              (JSC::ScopeChainIterator::operator*):
              (JSC::ScopeChainIterator::operator->):
              (JSC::ScopeChainIterator::operator++):
              (JSC::ScopeChainNode::begin):
              (JSC::ScopeChainNode::end):
              (JSC::ExecState::globalData):
              (JSC::ExecState::lexicalGlobalObject):
              (JSC::ExecState::globalThisValue):
              * runtime/ScopeChainMark.h:
              * wtf/DateMath.cpp:
      2011-02-28  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Gavin Barraclough.
      
              Make ScopeChainNode GC allocated
              https://bugs.webkit.org/show_bug.cgi?id=55283
      
              Update WebCore to deal with the absence of the ScopeChain
              class.
      
              * ForwardingHeaders/runtime/ScopeChain.h: Added.
              * bindings/js/JSHTMLElementCustom.cpp:
              (WebCore::JSHTMLElement::pushEventHandlerScope):
              * bindings/js/JSJavaScriptCallFrameCustom.cpp:
              (WebCore::JSJavaScriptCallFrame::scopeChain):
              (WebCore::JSJavaScriptCallFrame::scopeType):
              * bindings/js/JSLazyEventListener.cpp:
              (WebCore::JSLazyEventListener::initializeJSFunction):
              * bindings/js/JSMainThreadExecState.h:
              (WebCore::JSMainThreadExecState::evaluate):
              * bindings/js/JSNodeCustom.cpp:
              (WebCore::JSNode::pushEventHandlerScope):
              * bindings/js/JavaScriptCallFrame.cpp:
              (WebCore::JavaScriptCallFrame::scopeChain):
              * bindings/js/JavaScriptCallFrame.h:
              * bindings/scripts/CodeGeneratorJS.pm:
              * bridge/c/c_class.cpp:
              * bridge/c/c_runtime.cpp:
              * bridge/jni/JNIBridge.cpp:
              * bridge/qt/qt_runtime.cpp:
              (JSC::Bindings::QtConnectionObject::execute):
              * plugins/PluginViewNone.cpp:
      2011-02-28  Oliver Hunt  <oliver@apple.com>
      
              Reviewed by Gavin Barraclough.
      
              Make ScopeChainNode GC allocated
              https://bugs.webkit.org/show_bug.cgi?id=55283
      
              More updates for the absence of the ScopeChain class
      
              * WebView/WebScriptDebugDelegate.mm:
              (-[WebScriptCallFrame scopeChain]):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@79904 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      97cdbd4c
  22. 23 Feb, 2011 2 commits
    • ggaren@apple.com's avatar
      2011-02-23 Geoffrey Garen <ggaren@apple.com> · 6c4d6cef
      ggaren@apple.com authored
              Reviewed by Oliver Hunt.
      
              Moved the "nextAtom" allocation pointer into MarkedBlock for better encapsulation
              https://bugs.webkit.org/show_bug.cgi?id=55079
              
              SunSpider reports no change.
      
              * runtime/Heap.cpp:
              (JSC::Heap::reset): Moved Zombie sweeping here, up from MarkedSpace,
              since we want Heap to logically control MarkedSpace. MarkedSpace should
              never choose to sweep itself.
      
              * runtime/JSCell.h:
              (JSC::JSCell::MarkedBlock::allocate): Updated for nextAtom becoming a
              member of MarkedBlock. No need to reset nextAtom to firstAtom() when
              we reach the end of a block, since there's now an explicit reset pass
              during GC.
      
              * runtime/MarkedBlock.cpp:
              (JSC::MarkedBlock::MarkedBlock):
              * runtime/MarkedBlock.h:
              (JSC::MarkedBlock::reset): Added the nextAtom data member, and reordered
              some data members to improve cache locality.
      
              * runtime/MarkedSpace.cpp:
              (JSC::MarkedSpace::MarkedSpace):
              (JSC::MarkedSpace::allocate):
              (JSC::MarkedSpace::reset):
              * runtime/MarkedSpace.h:
              (JSC::CollectorHeap::CollectorHeap): Removed nextAtom, and added an
              explicit reset pass.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@79492 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6c4d6cef
    • ggaren@apple.com's avatar
      2011-02-23 Geoffrey Garen <ggaren@apple.com> · 01240f06
      ggaren@apple.com authored
              Reviewed by Darin Adler.
              
              Rolled back in r79367 with SnowLeopard Release bot crash fixed.
              https://bugs.webkit.org/show_bug.cgi?id=54999
              
              The crash was caused by failure to update the "nextBlock" pointer when
              removing a block from the list while shrinking. The fix is to update the
              "nextBlock" pointer.
              
              This crash was very rare because it only happened in cases where the very
              first block in the heap contained no marked cells.
      2011-02-23  Geoffrey Garen  <ggaren@apple.com>
      
              Reviewed by Darin Adler.
      
              Rolled back in r79367 with SnowLeopard Release bot crash fixed.
              https://bugs.webkit.org/show_bug.cgi?id=54999
      2011-02-23  Geoffrey Garen  <ggaren@apple.com>
      
              Reviewed by Darin Adler.
      
              Rolled back in r79367 with SnowLeopard Release bot crash fixed.
              https://bugs.webkit.org/show_bug.cgi?id=54999
      
              * ForwardingHeaders/wtf/DoublyLinkedList.h: Added.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@79472 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      01240f06
  23. 22 Feb, 2011 2 commits
    • rniwa@webkit.org's avatar
      2011-02-22 Sheriff Bot <webkit.review.bot@gmail.com> · ad2ee31d
      rniwa@webkit.org authored
              Unreviewed, rolling out r79367.
              http://trac.webkit.org/changeset/79367
              https://bugs.webkit.org/show_bug.cgi?id=55012
      
              all layout tests are crashing on Snow Leopard (Requested by
              rniwa on #webkit).
      
              * GNUmakefile.am:
              * JavaScriptCore.gypi:
              * JavaScriptCore.vcproj/WTF/WTF.vcproj:
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * runtime/MarkedBlock.cpp:
              (JSC::MarkedBlock::MarkedBlock):
              * runtime/MarkedBlock.h:
              * runtime/MarkedSpace.cpp:
              (JSC::MarkedSpace::destroy):
              (JSC::MarkedSpace::allocateBlock):
              (JSC::MarkedSpace::freeBlock):
              (JSC::MarkedSpace::allocate):
              (JSC::MarkedSpace::shrink):
              (JSC::MarkedSpace::reset):
              * runtime/MarkedSpace.h:
              (JSC::CollectorHeap::collectorBlock):
              * wtf/CMakeLists.txt:
              * wtf/DoublyLinkedList.h: Removed.
      2011-02-22  Sheriff Bot  <webkit.review.bot@gmail.com>
      
              Unreviewed, rolling out r79367.
              http://trac.webkit.org/changeset/79367
              https://bugs.webkit.org/show_bug.cgi?id=55012
      
              all layout tests are crashing on Snow Leopard (Requested by
              rniwa on #webkit).
      
              * ForwardingHeaders/wtf/DoublyLinkedList.h: Removed.
      2011-02-22  Sheriff Bot  <webkit.review.bot@gmail.com>
      
              Unreviewed, rolling out r79367.
              http://trac.webkit.org/changeset/79367
              https://bugs.webkit.org/show_bug.cgi?id=55012
      
              all layout tests are crashing on Snow Leopard (Requested by
              rniwa on #webkit).
      
              * ForwardingHeaders/wtf/DoublyLinkedList.h: Removed.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@79390 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ad2ee31d
    • ggaren@apple.com's avatar
      2011-02-22 Geoffrey Garen <ggaren@apple.com> · f03d166e
      ggaren@apple.com authored
              Reviewed by Oliver Hunt.
      
              Manage MarkedBlocks in a linked list instead of a vector, so arbitrary removal is O(1)
              https://bugs.webkit.org/show_bug.cgi?id=54999
              
              SunSpider reports no change.
      
              * GNUmakefile.am:
              * JavaScriptCore.gypi:
              * JavaScriptCore.vcproj/WTF/WTF.vcproj:
              * JavaScriptCore.xcodeproj/project.pbxproj: So many build systems, so little time.
              * wtf/CMakeLists.txt:
      
              * runtime/MarkedBlock.cpp:
              (JSC::MarkedBlock::MarkedBlock):
              * runtime/MarkedBlock.h:
              (JSC::MarkedBlock::setPrev):
              (JSC::MarkedBlock::setNext):
              (JSC::MarkedBlock::prev):
              (JSC::MarkedBlock::next): Added linked list data members and accessors.
      
              * runtime/MarkedSpace.cpp:
              (JSC::MarkedSpace::destroy):
              (JSC::MarkedSpace::allocateBlock): Stop using vector, since it doesn't exist anymore.
      
              (JSC::MarkedSpace::freeBlocks): New helper function for updating relevant
              data structures when freeing blocks.
      
              (JSC::MarkedSpace::allocate): Updated for nextBlock being a pointer and
              not a vector index.
      
              (JSC::MarkedSpace::shrink): Construct a temporary list of empties and
              then free them, to avoid modifying our hash table while iterating it.
              This wasn't a concern before because we were using indirect array
              indexing, not direct pointer indexing.
      
              (JSC::MarkedSpace::reset): Updated for nextBlock being a pointer and
              not a vector index.
      
              * runtime/MarkedSpace.h:
              (JSC::CollectorHeap::CollectorHeap): Changed data type from vector to linked list.
      
              * wtf/DoublyLinkedList.h: Added. New linked list class.
              (WTF::::DoublyLinkedList):
              (WTF::::isEmpty):
              (WTF::::head):
              (WTF::::append):
              (WTF::::remove):
      2011-02-22  Geoffrey Garen  <ggaren@apple.com>
      
              Reviewed by Oliver Hunt.
      
              Manage MarkedBlocks in a linked list instead of a vector, so arbitrary removal is O(1)
              https://bugs.webkit.org/show_bug.cgi?id=54999
              
              New WTF header.
      
              * ForwardingHeaders/wtf/DoublyLinkedList.h: Copied from ForwardingHeaders/wtf/FixedArray.h.
      2011-02-22  Geoffrey Garen  <ggaren@apple.com>
      
              Reviewed by Oliver Hunt.
      
              Manage MarkedBlocks in a linked list instead of a vector, so arbitrary removal is O(1)
              https://bugs.webkit.org/show_bug.cgi?id=54999
              
              New WTF header.
      
              * ForwardingHeaders/wtf/DoublyLinkedList.h: Copied from ForwardingHeaders/wtf/FixedArray.h.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@79367 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f03d166e
  24. 17 Feb, 2011 4 commits
    • ggaren@apple.com's avatar
      2011-02-17 Geoffrey Garen <ggaren@apple.com> · bb88135b
      ggaren@apple.com authored
              Reviewed by Sam Weinig.
      
              Made object allocation secretly variable-sized (Shhhh!)
              https://bugs.webkit.org/show_bug.cgi?id=54721
              
              SunSpider reports no change.
              
              Internally, MarkedBlock now makes variable-sized allocations, even
              though MarkedSpace doesn't take advantage of this yet.
      
              * runtime/MarkedBlock.cpp:
              (JSC::MarkedBlock::MarkedBlock): No need to ASSERT that allocations are
              fixed-sized.
      
              * runtime/MarkedBlock.h: Shrunk the atom size so we can allocate things
              that are not multiples of 64 bytes.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@78958 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      bb88135b
    • ggaren@apple.com's avatar
      2011-02-17 Geoffrey Garen <ggaren@apple.com> · 7bc9c5a0
      ggaren@apple.com authored
              Reviewed by Sam Weinig.
      
              Fixed some math errors when when using variable-sized cells
              https://bugs.webkit.org/show_bug.cgi?id=54717
              
              SunSpider reports no change.
              
              Computer Science Barbie says, "Math is not so hard afterall!"
      
              * runtime/JSCell.h:
              (JSC::JSCell::MarkedBlock::allocate): Round up when calculating the
              minimum number of atoms required for a cell, since rounding down
              will get you splinched.
      
              * runtime/MarkedBlock.cpp:
              (JSC::MarkedBlock::MarkedBlock):
              (JSC::MarkedBlock::sweep):
              * runtime/MarkedBlock.h:
              (JSC::MarkedBlock::forEach): Changed a bunch of != tests to < tests
              because m_endAtom is actually a fuzzy end -- iterating from firstAtom()
              may not hit m_endAtom exactly.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@78957 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7bc9c5a0
    • ggaren@apple.com's avatar
      2011-02-17 Geoffrey Garen <ggaren@apple.com> · 7e180265
      ggaren@apple.com authored
              Reviewed by Sam Weinig.
      
              Removed the invariant that the last cell in a block is always marked
              https://bugs.webkit.org/show_bug.cgi?id=54713
              
              SunSpider reports no change.
              
              This adds one branch to allocation, but simplifies the mark invariant,
              especially in a world of variable-sized cells. Now, it really is true
              that any cell whose mark bit is set is a valid, live cell whose
              constructor has run and whose destructor has not run.
      
              * runtime/JSCell.h: 
              (JSC::JSCell::MarkedBlock::allocate): Changed this do-while into a while
              since we can no longer rely on a set mark bit to break out of this loop
              before it reaches the end of the block.
      
              * runtime/MarkedBlock.cpp:
              (JSC::MarkedBlock::MarkedBlock):
              (JSC::MarkedBlock::sweep): 
              * runtime/MarkedBlock.h:
              (JSC::MarkedBlock::isEmpty):
              (JSC::MarkedBlock::clearMarks):
              (JSC::MarkedBlock::markCount):
              (JSC::MarkedBlock::forEach): No need to set a special last mark bit.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@78954 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7e180265
    • ggaren@apple.com's avatar
      2011-02-17 Geoffrey Garen <ggaren@apple.com> · 3e492232
      ggaren@apple.com authored
              Reviewed by Oliver Hunt.
      
              Made MarkedBlock variable-sized
              https://bugs.webkit.org/show_bug.cgi?id=54692
              
              SunSpider reports no change.
              
              Each MarkedBlock is now composed of a set of fixed-sized atoms, with one
              mark bit per atom. A given cell may be composed of one or more atoms.
              
              * runtime/Heap.cpp:
              (JSC::Heap::allocate): Made fixed-sizedness a property of MarkedSpace,
              bubbling it up from MarkedBlock, since MarkedBlock now supports variable-
              sizedness.
      
              * runtime/JSCell.h:
              (JSC::JSCell::MarkedBlock::allocate): Removed use of CELLS_PER_BLOCK and
              (implicit) one constants -- these quantities are not constant anymore.
              Updated for switch from cell to atom.
      
              * runtime/MarkedBlock.cpp:
              (JSC::MarkedBlock::create):
              (JSC::MarkedBlock::destroy):
              (JSC::MarkedBlock::MarkedBlock):
              (JSC::MarkedBlock::sweep):
              * runtime/MarkedBlock.h:
              (JSC::MarkedBlock::firstAtom):
              (JSC::MarkedBlock::atoms):
              (JSC::MarkedBlock::isAtomAligned):
              (JSC::MarkedBlock::blockFor):
              (JSC::MarkedBlock::isEmpty):
              (JSC::MarkedBlock::clearMarks):
              (JSC::MarkedBlock::size):
              (JSC::MarkedBlock::capacity):
              (JSC::MarkedBlock::atomNumber):
              (JSC::MarkedBlock::isMarked):
              (JSC::MarkedBlock::testAndSetMarked):
              (JSC::MarkedBlock::setMarked):
              (JSC::MarkedBlock::forEach): Same as above. Also removed use of CELL_SIZE
              and BLOCK_SIZE, and switched away from calling arbitrary pointers cells.
      
              * runtime/MarkedSpace.cpp:
              (JSC::MarkedSpace::MarkedSpace):
              (JSC::MarkedSpace::allocateBlock):
              (JSC::MarkedSpace::allocate):
              (JSC::MarkedSpace::reset):
              * runtime/MarkedSpace.h:
              (JSC::CollectorHeap::CollectorHeap):
              (JSC::MarkedSpace::contains): Updated for renames. Made fixed-sizedness
              a property of MarkedSpace.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@78924 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3e492232
  25. 15 Feb, 2011 1 commit
    • ggaren@apple.com's avatar
      2011-02-15 Geoffrey Garen <ggaren@apple.com> · d57b23ce
      ggaren@apple.com authored
              Reviewed by Darin Adler.
      
              Moved MarkedBlock data members to the head of the block
              https://bugs.webkit.org/show_bug.cgi?id=54482
              
              This allows for a variable-sized tail, to accommodate oversized blocks.
      
              SunSpider reports no change.
              
              * runtime/JSCell.h:
              (JSC::JSCell::MarkedBlock::allocate):
              * runtime/MarkedBlock.cpp:
              (JSC::MarkedBlock::destroy):
              (JSC::MarkedBlock::MarkedBlock):
              (JSC::MarkedBlock::sweep):
              * runtime/MarkedBlock.h: Added missing element to the CELLS_PER_BLOCK
              calculation. This kind of error is why we want to migrate to the system
              described below.
      
              (JSC::roundUpToMultipleOf):
              (JSC::MarkedBlock::firstCell):
              (JSC::MarkedBlock::cells):
              (JSC::MarkedBlock::cellNumber): Use subtraction instead of masking to
              calculate cell number. The mask is no longer correct because the first
              cell is not at the head of the block.
      
              (JSC::MarkedBlock::forEach): Replaced m_cells data member with a cells()
              accessor. We want to use sizeof(MarkedBlock) to calculate the size of the
              block header, so we can't have an explicit data member to represent the block tail.
              
              Also replaced iteration from zero with iteration from startCell(), since
              the first N cells are now occupied by the header.
      
              * runtime/MarkedSpace.cpp:
              (JSC::MarkedSpace::MarkedSpace):
              (JSC::MarkedSpace::reset): Replaced iteration from zero as above.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@78605 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d57b23ce
  26. 14 Feb, 2011 1 commit
    • ggaren@apple.com's avatar
      Some MarkedBlock refactoring. · 65d47224
      ggaren@apple.com authored
              
      Rubber-stamped by Gavin Barraclough.
      
      Made cells private.
              
      Renamed cells => m_cells
              marked => m_marks.
      
      * runtime/JSCell.h:
      (JSC::JSCell::MarkedBlock::allocate):
      * runtime/MarkedBlock.cpp:
      (JSC::MarkedBlock::destroy):
      (JSC::MarkedBlock::MarkedBlock):
      (JSC::MarkedBlock::sweep):
      * runtime/MarkedBlock.h:
      (JSC::MarkedBlock::isEmpty):
      (JSC::MarkedBlock::clearMarks):
      (JSC::MarkedBlock::markCount):
      (JSC::MarkedBlock::isMarked):
      (JSC::MarkedBlock::testAndSetMarked):
      (JSC::MarkedBlock::setMarked):
      (JSC::MarkedBlock::forEach):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@78501 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      65d47224
  27. 10 Feb, 2011 3 commits
    • ggaren@apple.com's avatar
      2011-02-10 Geoffrey Garen <ggaren@apple.com> · 12a5a423
      ggaren@apple.com authored
              Reviewed by Sam Weinig.
      
              A little more encapsulation for MarkedBlock: Made all constants private
              so clients don't know whether allocations are fixed-sized or not
              https://bugs.webkit.org/show_bug.cgi?id=54270
              
              SunSpider reports no change.
      
              * runtime/CollectorHeapIterator.h:
              (JSC::CollectorHeapIterator::advance): Updated for removal of HeapConstants.
      
              * runtime/Error.cpp: Switched to using ASSERT_CLASS_FITS_IN_CELL, like
              all other classes.
      
              * runtime/Heap.cpp:
              (JSC::Heap::allocate): Updated for removal of HeapConstants.
              (JSC::Heap::reset): Updated to use size(), instead of calculating size
              on our own.
      
              * runtime/Heap.h: Moved the ASSERT here to MarkedBlock, since it enforces
              on special knowledge of fixed-sizery, which only MarkedBlock is supposed
              to know about.
      
              * runtime/JSCell.h:
              (JSC::JSCell::MarkedBlock::allocate): Updated for removal of HeapConstants.
              Also changed to reset nextCell to 0 at the end of a block, since that
              seems more consistent.
      
              * runtime/JSGlobalData.cpp:
              (JSC::JSGlobalData::storeVPtrs): Changed to use a fixed array of char.
              This hard-coded size is a little wonky, but the compiler will tell us
              if it's ever wrong, so I think it's OK.
      
              * runtime/MarkedBlock.cpp:
              (JSC::MarkedBlock::destroy):
              (JSC::MarkedBlock::MarkedBlock):
              (JSC::MarkedBlock::sweep): Updated for removal of HeapConstants.
      
              * runtime/MarkedBlock.h:
              (JSC::MarkedBlock::isEmpty):
              (JSC::MarkedBlock::clearMarks):
              (JSC::MarkedBlock::size):
              (JSC::MarkedBlock::capacity): Made constants private to this class.
              Removed HeapConstants. Added size() and capacity() functions.
      
              * runtime/MarkedSpace.cpp:
              (JSC::MarkedSpace::allocate):
              (JSC::MarkedSpace::objectCount):
              (JSC::MarkedSpace::size):
              (JSC::MarkedSpace::capacity):
              * runtime/MarkedSpace.h: Use MarkedBlock helper functions instead of
              direct knowledge of MarkedBlock internals.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@78312 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      12a5a423
    • ggaren@apple.com's avatar
      2011-02-10 Geoffrey Garen <ggaren@apple.com> · 03c4f9dd
      ggaren@apple.com authored
              Reviewed by Oliver Hunt.
      
              A little more encapsulation for MarkedBlock: Moved allocate() and sweep() into MarkedBlock
              https://bugs.webkit.org/show_bug.cgi?id=54253
              
              SunSpider reports no change.
      
              * runtime/CollectorHeapIterator.h: Removed DeadObjectIterator, since it
              is now unused.
      
              * runtime/Heap.cpp:
              (JSC::Heap::reset): Moved the call to shrink() here, since it seems a
              little more clear for MarkedSpace's client to tell it explicitly when to
              shrink.
      
              * runtime/JSCell.h:
              (JSC::JSCell::MarkedBlock::allocate): Split out from MarkedSpace::allocate.
      
              * runtime/MarkedBlock.cpp:
              (JSC::MarkedBlock::sweep): Split out from MarkedSpace::sweep, and
              converted to more directly iterate a MarkedBlock based on knowing its
              internal structure.
      
              * runtime/MarkedBlock.h:
              * runtime/MarkedSpace.cpp:
              (JSC::MarkedSpace::allocate):
              (JSC::MarkedSpace::sweep):
              * runtime/MarkedSpace.h: Split out the code mentioned above.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@78284 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      03c4f9dd
    • mitz@apple.com's avatar
      LLVM Compiler build fix. · 23a63445
      mitz@apple.com authored
      * runtime/MarkedBlock.cpp:
      (JSC::MarkedBlock::create):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@78237 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      23a63445
  28. 09 Feb, 2011 1 commit
  29. 02 Feb, 2011 1 commit
    • ggaren@apple.com's avatar
      2011-02-01 Geoffrey Garen <ggaren@apple.com> · 4e08b9b5
      ggaren@apple.com authored
              Reviewed by Sam Weinig.
      
              A little more Heap refactoring
              https://bugs.webkit.org/show_bug.cgi?id=53577
              
              SunSpider reports no change.
              
              Split out MarkedBlock into its own file / class.
              
              Did the following renames:
                  isCellMarked => isMarked
                  checkMarkCell => testAndSetMarked
                  markCell => setMarked
                  cellOffset => cellNumber
                  collectorBlock => blockFor
      
              * Android.mk:
              * CMakeLists.txt:
              * GNUmakefile.am:
              * JavaScriptCore.gypi:
              * JavaScriptCore.pro:
              * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
              * JavaScriptCore.xcodeproj/project.pbxproj:
              * runtime/Heap.cpp:
              (JSC::WeakGCHandlePool::update):
              * runtime/Heap.h:
              (JSC::Heap::isMarked):
              (JSC::Heap::testAndSetMarked):
              (JSC::Heap::setMarked):
              * runtime/JSArray.h:
              (JSC::MarkStack::markChildren):
              (JSC::MarkStack::drain):
              * runtime/JSCell.h:
              (JSC::JSCell::MarkStack::internalAppend):
              * runtime/MarkedBlock.cpp: Added.
              * runtime/MarkedBlock.h: Added.
              (JSC::MarkedBlock::blockFor):
              (JSC::MarkedBlock::cellNumber):
              (JSC::MarkedBlock::isMarked):
              (JSC::MarkedBlock::testAndSetMarked):
              (JSC::MarkedBlock::setMarked):
              (JSC::MarkedBlock::isCellAligned):
              (JSC::MarkedBlock::isPossibleCell):
              * runtime/MarkedSpace.h:
              (JSC::MarkedSpace::isMarked):
              (JSC::MarkedSpace::testAndSetMarked):
              (JSC::MarkedSpace::setMarked):
              * runtime/SmallStrings.cpp:
              (JSC::isMarked):
              * runtime/WeakGCMap.h:
              (JSC::WeakGCMap::isValid):
              (JSC::::get):
              (JSC::::take):
              (JSC::::set):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77391 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4e08b9b5