Changeset 113141 in webkit for trunk/Source/JavaScriptCore/heap/HandleHeap.h

Timestamp:

Apr 3, 2012, 10:28:13 PM (13 years ago)

Author:

[email protected]

Message:

First step toward incremental Weak<T> finalization
​https://bugs.webkit.org/show_bug.cgi?id=82670

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch implements a Weak<T> heap that is compatible with incremental
finalization, while making as few behavior changes as possible. The behavior
changes it makes are:

(*) Weak<T>'s raw JSValue no longer reverts to JSValue() automatically --
instead, a separate flag indicates that the JSValue is no longer valid.
(This is required so that the JSValue can be preserved for later finalization.)
Objects dealing with WeakImpls directly must change to check the flag.

(*) Weak<T> is no longer a subclass of Handle<T>.

(*) DOM GC performance is different -- 9% faster in the geometric mean,
but 15% slower in one specific case:

gc-dom1.html: 6% faster
gc-dom2.html: 23% faster
gc-dom3.html: 17% faster
gc-dom4.html: 15% *slower*

The key features of this new heap are:

(*) Each block knows its own state, independent of any other blocks.

(*) Each block caches its own sweep result.

(*) The heap visits dead Weak<T>s at the end of GC. (It doesn't
mark them yet, since that would be a behavior change.)

• API/JSCallbackObject.cpp:

(JSC::JSCallbackObjectData::finalize):

• API/JSCallbackObjectFunctions.h:

(JSC::::init): Updated to use the new WeakHeap API.

• CMakeLists.txt:
• GNUmakefile.list.am:
• JavaScriptCore.gypi:
• JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
• JavaScriptCore.xcodeproj/project.pbxproj:
• Target.pri: Paid the build system tax since I added some new files.

• heap/Handle.h: Made WeakBlock a friend and exposed slot() as public,

so we can keep passing a Handle<T> to finalizers, to avoid more surface
area change in this patch. A follow-up patch should change the type we
pass to finalizers.

• heap/HandleHeap.cpp:

(JSC):
(JSC::HandleHeap::writeBarrier):
(JSC::HandleHeap::isLiveNode):

• heap/HandleHeap.h:

(JSC):
(HandleHeap):
(Node):
(JSC::HandleHeap::Node::Node): Removed all code related to Weak<T>, since
we have a separate WeakHeap now.

• heap/Heap.cpp:

(JSC::Heap::Heap): Removed m_extraCost because extra cost is accounted
for through our watermark now. Removed m_waterMark because it was unused.

(JSC::Heap::destroy): Updated for addition of WeakHeap.

(JSC::Heap::reportExtraMemoryCostSlowCase): Changed from using its own
variable to participating in the watermark strategy. I wanted to standardize
WeakHeap and all other Heap clients on this strategy, to make sure it's
accurate.

(JSC::Heap::markRoots): Updated for addition of WeakHeap. Added WeakHeap
dead visit pass, as explained above.

(JSC::Heap::collect):
(JSC::Heap::resetAllocators): Updated for addition of WeakHeap.

(JSC::Heap::addFinalizer):
(JSC::Heap::FinalizerOwner::finalize): Updated for new Weak<T> API.

• heap/Heap.h:

(JSC::Heap::weakHeap):
(Heap):
(JSC::Heap::addToWaterMark): Added a way to participate in the watermarking
strategy, since this is the best way for WeakHeap to report its memory
cost. (I plan to update this in a follow-up patch to make it more accurate,
but for now it is not less accurate than it used to be.)

• heap/MarkedSpace.cpp:

(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::resetAllocators):

• heap/MarkedSpace.h:

(MarkedSpace):
(JSC::MarkedSpace::addToWaterMark):
(JSC::MarkedSpace::didConsumeFreeList): Removed m_nurseryWaterMark because
it was unused, and I didn't want to update WeakHeap to keep an usused
variable working. Added API for above.

• heap/PassWeak.h:

(JSC):
(WeakImplAccessor):
(PassWeak):
(JSC::::operator):
(JSC::::get):
(JSC::::was):
(JSC::::PassWeak):
(JSC::::~PassWeak):
(JSC::UnspecifiedBoolType):
(JSC::::leakImpl):
(JSC::adoptWeak):

• heap/Strong.h:

(JSC::Strong::operator!):
(Strong):
(JSC::Strong::operator UnspecifiedBoolType*):
(JSC::Strong::get):

• heap/Weak.h:

(Weak):
(JSC::::Weak):
(JSC):
(JSC::::isHashTableDeletedValue):
(JSC::::~Weak):
(JSC::::swap):
(JSC::=):
(JSC::::operator):
(JSC::UnspecifiedBoolType):
(JSC::::release):
(JSC::::clear):
(JSC::::hashTableDeletedValue): Lots of code changes here, but they boil
down to two things:

(*) Allocate WeakImpls from the WeakHeap instead of Handles from the HandleHeap.

(*) Explicitly check WeakImpl::state() for non-liveness before returning
a value (explained above).

These files implement the new Weak<T> heap behavior described above:

• heap/WeakBlock.cpp: Added.
• heap/WeakBlock.h: Added.
• heap/WeakHandleOwner.cpp: Added.
• heap/WeakHandleOwner.h: Added.
• heap/WeakHeap.cpp: Added.
• heap/WeakHeap.h: Added.
• heap/WeakImpl.h: Added.

One interesting difference from the old heap is that we don't allow
clients to overwrite a WeakImpl after allocating it, and we don't recycle
WeakImpls prior to garbage collection. This is required for lazy finalization,
but it will also help us esablish a useful invariant in the future: allocating
a WeakImpl will be a binding contract to run a finalizer at some point in the
future, even if the WeakImpl is later deallocated.

• jit/JITStubs.cpp:

(JSC::JITThunks::hostFunctionStub): Check the Weak<T> for ! instead of
its JSValue, since that's our API contract now, and the JSValue might
be stale.

• runtime/JSCell.h:

(JSC::jsCast): Allow casting NULL pointers because it's useful and harmless.

• runtime/Structure.cpp:

(JSC::StructureTransitionTable::add): I can't remember why I did this.

• runtime/StructureTransitionTable.h:
• runtime/WeakGCMap.h: I had to update these classes because they allocate

and deallocate weak pointers manually. They should probably stop doing that.

Source/WebCore:

Updated WebCore for Weak<T> API changes.

• bindings/js/DOMWrapperWorld.cpp:

(WebCore::JSStringOwner::finalize): We're not allowed to get() a dead Weak<T>
anymore, so use the debug-only was() helper function instead.

• bindings/js/JSDOMBinding.h:

(WebCore::uncacheWrapper): Ditto.

• bindings/js/JSNodeCustom.h:

(WebCore::setInlineCachedWrapper):
(WebCore::clearInlineCachedWrapper): We're not allowed to get() a dead
Weak<T>, so I had to push down these ASSERTs into ScriptWrappable.

• bindings/js/JSNodeFilterCondition.cpp:

(WebCore::JSNodeFilterCondition::acceptNode): Updated for non-Handle-ness
of Weak<T>.

• bindings/js/ScriptWrappable.h:

(WebCore::ScriptWrappable::setWrapper):
(WebCore::ScriptWrappable::clearWrapper): Use was(), as above.

Source/WebKit2:

Updated for API change.

• WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:

(WebKit::NPRuntimeObjectMap::finalize):

File:

• trunk/Source/JavaScriptCore/heap/HandleHeap.h (modified) (10 diffs)

trunk/Source/JavaScriptCore/heap/HandleHeap.h

@@ -41 +41 @@
 class SlotVisitor;
 
-class JS_EXPORT_PRIVATE WeakHandleOwner {
-public:
-    virtual ~WeakHandleOwner();
-    virtual bool isReachableFromOpaqueRoots(Handle<Unknown>, void* context, SlotVisitor&);
-    virtual void finalize(Handle<Unknown>, void* context);
-};
-
 class HandleHeap {
 public:
@@ -59 +52 @@
     void deallocate(HandleSlot);
 
-    void makeWeak(HandleSlot, WeakHandleOwner* = 0, void* context = 0);
-    HandleSlot copyWeak(HandleSlot);
-
     void visitStrongHandles(HeapRootVisitor&);
-    void visitWeakHandles(HeapRootVisitor&);
-    void finalizeWeakHandles();
 
     JS_EXPORT_PRIVATE void writeBarrier(HandleSlot, const JSValue&);
-
-#if !ASSERT_DISABLED
-    bool hasWeakOwner(HandleSlot, WeakHandleOwner*);
-    bool hasFinalizer(HandleSlot);
-#endif
 
     unsigned protectedGlobalObjectCount();
@@ -86 +69 @@
         HandleHeap* handleHeap();
 
-        void makeWeak(WeakHandleOwner*, void* context);
-        bool isWeak();
-        
-        WeakHandleOwner* weakOwner();
-        void* weakOwnerContext();
-
         void setPrev(Node*);
         Node* prev();
@@ -99 +76 @@
 
     private:
-        WeakHandleOwner* emptyWeakOwner();
-
         JSValue m_value;
         HandleHeap* m_handleHeap;
-        WeakHandleOwner* m_weakOwner;
-        void* m_weakOwnerContext;
         Node* m_prev;
         Node* m_next;
@@ -115 +88 @@
     
 #if ENABLE(GC_VALIDATION) || !ASSERT_DISABLED
-    bool isValidWeakNode(Node*);
     bool isLiveNode(Node*);
 #endif
@@ -123 +95 @@
 
     SentinelLinkedList<Node> m_strongList;
-    SentinelLinkedList<Node> m_weakList;
     SentinelLinkedList<Node> m_immediateList;
     SinglyLinkedList<Node> m_freeList;
@@ -176 +147 @@
 }
 
-inline HandleSlot HandleHeap::copyWeak(HandleSlot other)
-{
-    Node* node = toNode(allocate());
-    node->makeWeak(toNode(other)->weakOwner(), toNode(other)->weakOwnerContext());
-    writeBarrier(node->slot(), *other);
-    *node->slot() = *other;
-    return toHandle(node);
-}
-
-inline void HandleHeap::makeWeak(HandleSlot handle, WeakHandleOwner* weakOwner, void* context)
-{
-    // Forbid assignment to handles during the finalization phase, since it would violate many GC invariants.
-    // File a bug with stack trace if you hit this.
-    if (m_nextToFinalize)
-        CRASH();
-    Node* node = toNode(handle);
-    node->makeWeak(weakOwner, context);
-
-    SentinelLinkedList<Node>::remove(node);
-    if (!*handle || !handle->isCell()) {
-        m_immediateList.push(node);
-        return;
-    }
-
-    m_weakList.push(node);
-}
-
-#if !ASSERT_DISABLED
-inline bool HandleHeap::hasWeakOwner(HandleSlot handle, WeakHandleOwner* weakOwner)
-{
-    return toNode(handle)->weakOwner() == weakOwner;
-}
-
-inline bool HandleHeap::hasFinalizer(HandleSlot handle)
-{
-    return toNode(handle)->weakOwner();
-}
-#endif
-
 inline HandleHeap::Node::Node(HandleHeap* handleHeap)
     : m_handleHeap(handleHeap)
-    , m_weakOwner(0)
-    , m_weakOwnerContext(0)
     , m_prev(0)
     , m_next(0)
@@ -226 +156 @@
 inline HandleHeap::Node::Node(WTF::SentinelTag)
     : m_handleHeap(0)
-    , m_weakOwner(0)
-    , m_weakOwnerContext(0)
     , m_prev(0)
     , m_next(0)
@@ -243 +171 @@
 }
 
-inline void HandleHeap::Node::makeWeak(WeakHandleOwner* weakOwner, void* context)
-{
-    m_weakOwner = weakOwner ? weakOwner : emptyWeakOwner();
-    m_weakOwnerContext = context;
-}
-
-inline bool HandleHeap::Node::isWeak()
-{
-    return m_weakOwner; // True for emptyWeakOwner().
-}
-
-inline WeakHandleOwner* HandleHeap::Node::weakOwner()
-{
-    return m_weakOwner == emptyWeakOwner() ? 0 : m_weakOwner; // 0 for emptyWeakOwner().
-}
-
-inline void* HandleHeap::Node::weakOwnerContext()
-{
-    ASSERT(weakOwner());
-    return m_weakOwnerContext;
-}
-
 inline void HandleHeap::Node::setPrev(Node* prev)
 {
@@ -283 +189 @@
 {
     return m_next;
-}
-
-// Sentinel to indicate that a node is weak, but its owner has no meaningful
-// callbacks. This allows us to optimize by skipping such nodes.
-inline WeakHandleOwner* HandleHeap::Node::emptyWeakOwner()
-{
-    return reinterpret_cast<WeakHandleOwner*>(-1);
 }