Changeset 115579 in webkit for trunk/Source/JavaScriptCore

Timestamp:

Apr 28, 2012, 1:51:27 PM (13 years ago)

Author:

[email protected]

Message:

Clarified JSGlobalData (JavaScript VM) lifetime
​https://bugs.webkit.org/show_bug.cgi?id=85142

Reviewed by Anders Carlsson.

Source/JavaScriptCore:

This was so confusing that I didn't feel like I could reason about
memory lifetime in the heap without fixing it.

The rules are:

(1) JSGlobalData owns the virtual machine and all memory in it.

(2) Deleting a JSGlobalData frees the virtual machine and all memory
in it.

(Caveat emptor: if you delete the virtual machine while you're running
JIT code or accessing GC objects, you're gonna have a bad time.)

(I opted not to make arbitrary sub-objects keep the virtual machine
alive automatically because:

(a) doing that right would be complex and slow;

(b) in the case of an exiting thread or process, there's no
clear way to give the garbage collector a chance to try again
later;

(c) continuing to run the garbage collector after we've been
asked to shut down the virtual machine seems rude;

(d) we've never really supported that feature, anyway.)

(3) Normal ref-counting will do. No need to call a battery of
specialty functions to tear down a JSGlobalData. Its foibles
notwithstanding, C++ does in fact know how to execute destructors in
order.

• API/JSContextRef.cpp:

(JSGlobalContextCreate): Removed compatibility shim for older
operating systems because it's no longer used.

(JSGlobalContextRelease): Now that we can rely on JSGlobalData to "do
the right thing", this code is much simpler. We still have one special
case to notify the garbage collector if we're removing the last
reference to the global object, since this can improve memory behavior.

• heap/CopiedSpace.cpp:

(JSC::CopiedSpace::freeAllBlocks):

• heap/CopiedSpace.h:

(CopiedSpace): Renamed "destroy" => "freeAllBlocks" because true
destruction-time behaviors should be limited to our C++ destructor.

• heap/Heap.cpp:

(JSC::Heap::~Heap):
(JSC):
(JSC::Heap::lastChanceToFinalize):

• heap/Heap.h:

(Heap):
(JSC::Heap::heap): Renamed "destroy" => "lastChanceToFinalize" because
true destruction-time behaviors should be limited to our C++
destructor.

Reorganized the code, putting code that must run before any objects
get torn down into lastChanceToFinalize, and code that just tears down
objects into our destructor.

• heap/Local.h:

(JSC::LocalStack::LocalStack):
(JSC::LocalStack::push):
(LocalStack): See rule (2).

• jsc.cpp:

(functionQuit):
(main):
(printUsageStatement):
(parseArguments):
(jscmain):

• testRegExp.cpp:

(main):
(printUsageStatement):
(parseArguments):
(realMain): See rule (3).

I removed the feature of ensuring orderly tear-down when calling quit()
or running in --help mode because it didn't seem very useful and
making it work with Windows structured exception handling and
NO_RETURN didn't seem like a fun way to spend a Saturday.

• runtime/JSGlobalData.h:
• runtime/JSGlobalData.cpp:

(JSC::JSGlobalData::JSGlobalData): Moved heap to be the first data
member in JSGlobalData to ensure that it's destructed last, so other
objects that reference it destruct without crashing. This allowed me
to remove clearBuiltinStructures() altogether, and helped guarantee
rule (3).

(JSC::JSGlobalData::~JSGlobalData): Explicitly call
lastChanceToFinalize() at the head of our destructor to ensure that
all pending finalizers run while the virtual machine is still in a
valid state. Trying to resurrect (re-ref) the virtual machine at this
point is not valid, but all other operations are.

Changed a null to a 0xbbadbeef to clarify just how bad this beef is.

• runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):

• runtime/JSGlobalObject.h:

(JSGlobalObject):
(JSC::JSGlobalObject::globalData): See rule (3).

Source/WebCore:

• bindings/js/WorkerScriptController.cpp:

(WebCore::WorkerScriptController::~WorkerScriptController): Slightly
simpler than before. We can't just rely on our default destructor
because we need to hold the JSLock when we tear down the VM.

• bridge/NP_jsobject.cpp:

(_NPN_InvokeDefault):
(_NPN_Invoke):
(_NPN_Evaluate):
(_NPN_Construct): Don't RefPtr<> the JSGlobalData because it makes it
seem like you know something the rest of our code doesn't know. The
plugin JSGlobalData is immortal, anyway.

I also removed some timeout checker related code because that feature
doesn't work anymore, so it was effectively dead code.

Source/WebKit/mac:

• Plugins/Hosted/NetscapePluginInstanceProxy.mm:

(WebKit::NetscapePluginInstanceProxy::invoke):
(WebKit::NetscapePluginInstanceProxy::invokeDefault):
(WebKit::NetscapePluginInstanceProxy::construct):

Location:

trunk/Source/JavaScriptCore

Files:

• API/JSContextRef.cpp (modified) (3 diffs)
• ChangeLog (modified) (1 diff)
• heap/CopiedSpace.cpp (modified) (1 diff)
• heap/CopiedSpace.h (modified) (1 diff)
• heap/Heap.cpp (modified) (3 diffs)
• heap/Heap.h (modified) (3 diffs)
• heap/Local.h (modified) (3 diffs)
• jsc.cpp (modified) (10 diffs)
• runtime/JSGlobalData.cpp (modified) (3 diffs)
• runtime/JSGlobalData.h (modified) (3 diffs)
• runtime/JSGlobalObject.cpp (modified) (1 diff)
• runtime/JSGlobalObject.h (modified) (2 diffs)
• testRegExp.cpp (modified) (7 diffs)

trunk/Source/JavaScriptCore/API/JSContextRef.cpp

@@ -39 +39 @@
 #include <wtf/text/StringHash.h>
 
-
-#if OS(DARWIN)
-#include <mach-o/dyld.h>
-
-static const int32_t webkitFirstVersionWithConcurrentGlobalContexts = 0x2100500; // 528.5.0
-#endif
-
 using namespace JSC;
+
+// From the API's perspective, a context group remains alive iff
+//     (a) it has been JSContextGroupRetained
+//     OR
+//     (b) one of its contexts has been JSContextRetained
 
 JSContextGroupRef JSContextGroupCreate()
@@ -65 +63 @@
 }
 
+// From the API's perspective, a global context remains alive iff it has been JSGlobalContextRetained.
+
 JSGlobalContextRef JSGlobalContextCreate(JSClassRef globalObjectClass)
 {
     initializeThreading();
-#if OS(DARWIN)
-    // When running on Tiger or Leopard, or if the application was linked before JSGlobalContextCreate was changed
-    // to use a unique JSGlobalData, we use a shared one for compatibility.
-#ifndef BUILDING_ON_LEOPARD
-    if (NSVersionOfLinkTimeLibrary("JavaScriptCore") <= webkitFirstVersionWithConcurrentGlobalContexts) {
-#else
-    {
-#endif
-        JSLock lock(LockForReal);
-        return JSGlobalContextCreateInGroup(toRef(&JSGlobalData::sharedInstance()), globalObjectClass);
-    }
-#endif // OS(DARWIN)
-
     return JSGlobalContextCreateInGroup(0, globalObjectClass);
 }
@@ -126 +113 @@
 
     JSGlobalData& globalData = exec->globalData();
-    JSGlobalObject* dgo = exec->dynamicGlobalObject();
     IdentifierTable* savedIdentifierTable = wtfThreadData().setCurrentIdentifierTable(globalData.identifierTable);
 
-    // One reference is held by JSGlobalObject, another added by JSGlobalContextRetain().
-    bool releasingContextGroup = globalData.refCount() == 2;
-    bool releasingGlobalObject = Heap::heap(dgo)->unprotect(dgo);
-    // If this is the last reference to a global data, it should also
-    // be the only remaining reference to the global object too!
-    ASSERT(!releasingContextGroup || releasingGlobalObject);
-
-    // An API 'JSGlobalContextRef' retains two things - a global object and a
-    // global data (or context group, in API terminology).
-    // * If this is the last reference to any contexts in the given context group,
-    //   call destroy on the heap (the global data is being  freed).
-    // * If this was the last reference to the global object, then unprotecting
-    //   it may release a lot of GC memory - tickle the activity callback to
-    //   garbage collect soon.
-    // * If there are more references remaining the the global object, then do nothing
-    //   (specifically that is more protects, which we assume come from other JSGlobalContextRefs).
-    if (releasingContextGroup) {
-        globalData.clearBuiltinStructures();
-        globalData.heap.destroy();
-    } else if (releasingGlobalObject) {
+    bool protectCountIsZero = Heap::heap(exec->dynamicGlobalObject())->unprotect(exec->dynamicGlobalObject());
+    if (protectCountIsZero) {
         globalData.heap.activityCallback()->synchronize();
         globalData.heap.reportAbandonedObjectGraph();
     }
-
     globalData.deref();
 

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2012-04-28  Geoffrey Garen  <[email protected]>
+
+        Clarified JSGlobalData (JavaScript VM) lifetime
+        https://bugs.webkit.org/show_bug.cgi?id=85142
+
+        Reviewed by Anders Carlsson.
+
+        This was so confusing that I didn't feel like I could reason about 
+        memory lifetime in the heap without fixing it.
+
+        The rules are:
+
+        (1) JSGlobalData owns the virtual machine and all memory in it.
+
+        (2) Deleting a JSGlobalData frees the virtual machine and all memory 
+        in it.
+
+        (Caveat emptor: if you delete the virtual machine while you're running 
+        JIT code or accessing GC objects, you're gonna have a bad time.)
+
+        (I opted not to make arbitrary sub-objects keep the virtual machine 
+        alive automatically because:
+
+                (a) doing that right would be complex and slow;
+
+                (b) in the case of an exiting thread or process, there's no 
+                clear way to give the garbage collector a chance to try again 
+                later; 
+
+                (c) continuing to run the garbage collector after we've been 
+                asked to shut down the virtual machine seems rude;
+
+                (d) we've never really supported that feature, anyway.)
+
+        (3) Normal ref-counting will do. No need to call a battery of 
+        specialty functions to tear down a JSGlobalData. Its foibles 
+        notwithstanding, C++ does in fact know how to execute destructors in 
+        order.
+
+        * API/JSContextRef.cpp:
+        (JSGlobalContextCreate): Removed compatibility shim for older 
+        operating systems because it's no longer used.
+
+        (JSGlobalContextRelease): Now that we can rely on JSGlobalData to "do 
+        the right thing", this code is much simpler. We still have one special 
+        case to notify the garbage collector if we're removing the last 
+        reference to the global object, since this can improve memory behavior.
+
+        * heap/CopiedSpace.cpp:
+        (JSC::CopiedSpace::freeAllBlocks):
+        * heap/CopiedSpace.h:
+        (CopiedSpace): Renamed "destroy" => "freeAllBlocks" because true 
+        destruction-time behaviors should be limited to our C++ destructor.
+
+        * heap/Heap.cpp:
+        (JSC::Heap::~Heap):
+        (JSC):
+        (JSC::Heap::lastChanceToFinalize):
+        * heap/Heap.h:
+        (Heap):
+        (JSC::Heap::heap): Renamed "destroy" => "lastChanceToFinalize" because 
+        true destruction-time behaviors should be limited to our C++ 
+        destructor.
+
+        Reorganized the code, putting code that must run before any objects 
+        get torn down into lastChanceToFinalize, and code that just tears down 
+        objects into our destructor.
+
+        * heap/Local.h:
+        (JSC::LocalStack::LocalStack):
+        (JSC::LocalStack::push):
+        (LocalStack): See rule (2).
+
+        * jsc.cpp:
+        (functionQuit):
+        (main):
+        (printUsageStatement):
+        (parseArguments):
+        (jscmain):
+        * testRegExp.cpp:
+        (main):
+        (printUsageStatement):
+        (parseArguments):
+        (realMain): See rule (3).
+
+        I removed the feature of ensuring orderly tear-down when calling quit()
+        or running in --help mode because it didn't seem very useful and 
+        making it work with Windows structured exception handling and 
+        NO_RETURN didn't seem like a fun way to spend a Saturday.
+
+        * runtime/JSGlobalData.h:
+        * runtime/JSGlobalData.cpp:
+        (JSC::JSGlobalData::JSGlobalData): Moved heap to be the first data 
+        member in JSGlobalData to ensure that it's destructed last, so other 
+        objects that reference it destruct without crashing. This allowed me 
+        to remove clearBuiltinStructures() altogether, and helped guarantee 
+        rule (3).
+
+        (JSC::JSGlobalData::~JSGlobalData): Explicitly call 
+        lastChanceToFinalize() at the head of our destructor to ensure that 
+        all pending finalizers run while the virtual machine is still in a 
+        valid state. Trying to resurrect (re-ref) the virtual machine at this 
+        point is not valid, but all other operations are.
+
+        Changed a null to a 0xbbadbeef to clarify just how bad this beef is.
+
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::init):
+        * runtime/JSGlobalObject.h:
+        (JSGlobalObject):
+        (JSC::JSGlobalObject::globalData): See rule (3).
+
 2012-04-27  Geoffrey Garen  <[email protected]>
 

trunk/Source/JavaScriptCore/heap/CopiedSpace.cpp

@@ -250 +250 @@
 }
 
-void CopiedSpace::destroy()
+void CopiedSpace::freeAllBlocks()
 {
     while (!m_toSpace->isEmpty()) {

trunk/Source/JavaScriptCore/heap/CopiedSpace.h

@@ -70 +70 @@
     size_t capacity();
 
-    void destroy();
+    void freeAllBlocks();
 
     static CopiedBlock* blockFor(void*);

trunk/Source/JavaScriptCore/heap/Heap.cpp

@@ -342 +342 @@
 Heap::~Heap()
 {
-    // Destroy our block freeing thread.
+    delete m_markListSet;
+
+    m_objectSpace.shrink();
+    m_storageSpace.freeAllBlocks();
+    releaseFreeBlocks();
     {
         MutexLocker locker(m_freeBlockLock);
@@ -350 +354 @@
     waitForThreadCompletion(m_blockFreeingThread);
 
-    // The destroy function must already have been called, so assert this.
-    ASSERT(!m_globalData);
-}
-
-void Heap::destroy()
-{
-    JSLock lock(SilenceAssertionsOnly);
-
-    if (!m_globalData)
-        return;
-
+    ASSERT(!size());
+    ASSERT(!capacity());
+}
+
+// The JSGlobalData is being destroyed and the collector will never run again.
+// Run all pending finalizers now because we won't get another chance.
+void Heap::lastChanceToFinalize()
+{
     ASSERT(!m_globalData->dynamicGlobalObject);
     ASSERT(m_operationInProgress == NoOperation);
-    
-    // The global object is not GC protected at this point, so sweeping may delete it
-    // (and thus the global data) before other objects that may use the global data.
-    RefPtr<JSGlobalData> protect(m_globalData);
-
-#if ENABLE(JIT)
-    m_globalData->jitStubs->clearHostFunctionStubs();
-#endif
-
-    delete m_markListSet;
-    m_markListSet = 0;
-
+
+    // FIXME: Make this a release-mode crash once we're sure no one's doing this.
+    if (size_t size = m_protectedValues.size())
+        LOG_ERROR("JavaScriptCore heap deallocated while %ld values were still protected", size);
+
+    m_weakSet.finalizeAll();
     canonicalizeCellLivenessData();
     clearMarks();
-
-    m_weakSet.finalizeAll();
+    sweep();
     m_globalData->smallStrings.finalizeSmallStrings();
-    m_objectSpace.shrink();
-    m_storageSpace.destroy();
-    ASSERT(!size());
 
 #if ENABLE(SIMPLE_HEAP_PROFILING)
@@ -388 +379 @@
     m_destroyedTypeCounts.dump(WTF::dataFile(), "Destroyed Type Counts");
 #endif
-    
-    releaseFreeBlocks();
-
-    m_globalData = 0;
 }
 

trunk/Source/JavaScriptCore/heap/Heap.h

@@ -75 +75 @@
         friend class JIT;
         friend class MarkStackThreadSharedData;
-        static Heap* heap(JSValue); // 0 for immediate values
-        static Heap* heap(JSCell*);
+        static Heap* heap(const JSValue); // 0 for immediate values
+        static Heap* heap(const JSCell*);
 
         static bool isMarked(const void*);
@@ -88 +88 @@
         Heap(JSGlobalData*, HeapSize);
         ~Heap();
-        JS_EXPORT_PRIVATE void destroy(); // JSGlobalData must call destroy() before ~Heap().
+        JS_EXPORT_PRIVATE void lastChanceToFinalize();
 
         JSGlobalData* globalData() const { return m_globalData; }
@@ -267 +267 @@
     }
 
-    inline Heap* Heap::heap(JSCell* cell)
+    inline Heap* Heap::heap(const JSCell* cell)
     {
         return MarkedBlock::blockFor(cell)->heap();
     }
 
-    inline Heap* Heap::heap(JSValue v)
+    inline Heap* Heap::heap(const JSValue v)
     {
         if (!v.isCell())

trunk/Source/JavaScriptCore/heap/Local.h

@@ -103 +103 @@
 public:
     LocalStack(JSGlobalData& globalData)
-        : m_globalData(&globalData)
+        : m_globalData(globalData)
         , m_count(0)
     {
@@ -123 +123 @@
     {
         if (m_count == m_stack.size())
-            m_stack.append(Local<T>(*m_globalData, value));
+            m_stack.append(Local<T>(m_globalData, value));
         else
             m_stack[m_count] = value;
@@ -133 +133 @@
 
 private:
-    RefPtr<JSGlobalData> m_globalData;
+    JSGlobalData& m_globalData;
     Vector<Local<T>, inlineCapacity> m_stack;
     unsigned m_count;

trunk/Source/JavaScriptCore/jsc.cpp

@@ -81 +81 @@
 using namespace WTF;
 
-static void cleanupGlobalData(JSGlobalData*);
 static bool fillBufferWithContentsOfFile(const UString& fileName, Vector<char>& buffer);
 
@@ -418 +417 @@
 }
 
-EncodedJSValue JSC_HOST_CALL functionQuit(ExecState* exec)
-{
-    // Technically, destroying the heap in the middle of JS execution is a no-no,
-    // but we want to maintain compatibility with the Mozilla test suite, so
-    // we pretend that execution has terminated to avoid ASSERTs, then tear down the heap.
-    exec->globalData().dynamicGlobalObject = 0;
-
-    cleanupGlobalData(&exec->globalData());
+EncodedJSValue JSC_HOST_CALL functionQuit(ExecState*)
+{
     exit(EXIT_SUCCESS);
 
@@ -447 +440 @@
 #endif
 
-int jscmain(int argc, char** argv, JSGlobalData*);
+int jscmain(int argc, char** argv);
 
 int main(int argc, char** argv)
@@ -492 +485 @@
     // Structured Exception Handling
     int res = 0;
-    JSGlobalData* globalData = JSGlobalData::create(ThreadStackTypeLarge, LargeHeap).leakRef();
     TRY
-        res = jscmain(argc, argv, globalData);
+        res = jscmain(argc, argv);
     EXCEPT(res = 3)
-
-    cleanupGlobalData(globalData);
     return res;
-}
-
-static void cleanupGlobalData(JSGlobalData* globalData)
-{
-    JSLock lock(SilenceAssertionsOnly);
-    globalData->clearBuiltinStructures();
-    globalData->heap.destroy();
-    globalData->deref();
 }
 
@@ -614 +596 @@
 }
 
-static NO_RETURN void printUsageStatement(JSGlobalData* globalData, bool help = false)
+static NO_RETURN void printUsageStatement(bool help = false)
 {
     fprintf(stderr, "Usage: jsc [options] [files] [-- arguments]\n");
@@ -626 +608 @@
 #endif
 
-    cleanupGlobalData(globalData);
     exit(help ? EXIT_SUCCESS : EXIT_FAILURE);
 }
 
-static void parseArguments(int argc, char** argv, CommandLine& options, JSGlobalData* globalData)
+static void parseArguments(int argc, char** argv, CommandLine& options)
 {
     int i = 1;
@@ -637 +618 @@
         if (!strcmp(arg, "-f")) {
             if (++i == argc)
-                printUsageStatement(globalData);
+                printUsageStatement();
             options.scripts.append(Script(true, argv[i]));
             continue;
@@ -643 +624 @@
         if (!strcmp(arg, "-e")) {
             if (++i == argc)
-                printUsageStatement(globalData);
+                printUsageStatement();
             options.scripts.append(Script(false, argv[i]));
             continue;
@@ -669 +650 @@
         }
         if (!strcmp(arg, "-h") || !strcmp(arg, "--help"))
-            printUsageStatement(globalData, true);
+            printUsageStatement(true);
         options.scripts.append(Script(true, argv[i]));
     }
@@ -680 +661 @@
 }
 
-int jscmain(int argc, char** argv, JSGlobalData* globalData)
+int jscmain(int argc, char** argv)
 {
     JSLock lock(SilenceAssertionsOnly);
 
+    RefPtr<JSGlobalData> globalData = JSGlobalData::create(ThreadStackTypeLarge, LargeHeap);
+
     CommandLine options;
-    parseArguments(argc, argv, options, globalData);
+    parseArguments(argc, argv, options);
 
     GlobalObject* globalObject = GlobalObject::create(*globalData, GlobalObject::createStructure(*globalData, jsNull()), options.arguments);

trunk/Source/JavaScriptCore/runtime/JSGlobalData.cpp

@@ -90 +90 @@
 
 JSGlobalData::JSGlobalData(GlobalDataType globalDataType, ThreadStackType threadStackType, HeapSize heapSize)
-    : globalDataType(globalDataType)
+    : heap(this, heapSize)
+    , globalDataType(globalDataType)
     , clientData(0)
     , topCallFrame(CallFrame::noCaller())
@@ -120 +121 @@
     , keywords(adoptPtr(new Keywords(this)))
     , interpreter(0)
-    , heap(this, heapSize)
     , jsArrayClassInfo(&JSArray::s_info)
     , jsFinalObjectClassInfo(&JSFinalObject::s_info)
@@ -211 +211 @@
 }
 
-void JSGlobalData::clearBuiltinStructures()
-{
-    structureStructure.clear();
-    debuggerActivationStructure.clear();
-    activationStructure.clear();
-    interruptedExecutionErrorStructure.clear();
-    terminatedExecutionErrorStructure.clear();
-    staticScopeStructure.clear();
-    strictEvalActivationStructure.clear();
-    stringStructure.clear();
-    notAnObjectStructure.clear();
-    propertyNameIteratorStructure.clear();
-    getterSetterStructure.clear();
-    apiWrapperStructure.clear();
-    scopeChainNodeStructure.clear();
-    executableStructure.clear();
-    nativeExecutableStructure.clear();
-    evalExecutableStructure.clear();
-    programExecutableStructure.clear();
-    functionExecutableStructure.clear();
-    regExpStructure.clear();
-    structureChainStructure.clear();
-}
-
 JSGlobalData::~JSGlobalData()
 {
-    // By the time this is destroyed, heap.destroy() must already have been called.
+    heap.lastChanceToFinalize();
 
     delete interpreter;
 #ifndef NDEBUG
-    // Zeroing out to make the behavior more predictable when someone attempts to use a deleted instance.
-    interpreter = 0;
+    interpreter = reinterpret_cast<Interpreter*>(0xbbadbeef);
 #endif
 

trunk/Source/JavaScriptCore/runtime/JSGlobalData.h

@@ -153 +153 @@
         void makeUsableFromMultipleThreads() { heap.machineThreads().makeUsableFromMultipleThreads(); }
 
+        Heap heap; // The heap is our first data member to ensure that it's destructed after all the objects that reference it.
+
         GlobalDataType globalDataType;
         ClientData* clientData;
@@ -253 +255 @@
         TimeoutChecker timeoutChecker;
         Terminator terminator;
-        Heap heap;
 
         JSValue exception;
@@ -330 +331 @@
 #endif
         JS_EXPORT_PRIVATE void dumpRegExpTrace();
-        JS_EXPORT_PRIVATE void clearBuiltinStructures();
 
         bool isCollectorBusy() { return heap.isBusy(); }

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

@@ -134 +134 @@
     structure()->disableSpecificFunctionTracking();
 
-    m_globalData = Heap::heap(this)->globalData();
-    m_globalScopeChain.set(*m_globalData, this, ScopeChainNode::create(0, this, m_globalData.get(), this, thisValue));
+    m_globalScopeChain.set(globalData(), this, ScopeChainNode::create(0, this, &globalData(), this, thisValue));
 
     JSGlobalObject::globalExec()->init(0, 0, m_globalScopeChain.get(), CallFrame::noCaller(), 0, 0);

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h

@@ -87 +87 @@
     protected:
 
-        RefPtr<JSGlobalData> m_globalData;
-
         size_t m_registerArraySize;
         Register m_globalCallFrame[RegisterFile::CallFrameHeaderSize];
@@ -303 +301 @@
         void resetPrototype(JSGlobalData&, JSValue prototype);
 
-        JSGlobalData& globalData() const { return *m_globalData.get(); }
+        JSGlobalData& globalData() const { return *Heap::heap(this)->globalData(); }
 
         static Structure* createStructure(JSGlobalData& globalData, JSValue prototype)

trunk/Source/JavaScriptCore/testRegExp.cpp

@@ -55 +55 @@
 using namespace WTF;
 
-static void cleanupGlobalData(JSGlobalData*);
-
 struct CommandLine {
     CommandLine()
@@ -160 +158 @@
 #endif
 
-int realMain(int argc, char** argv, JSGlobalData*);
+int realMain(int argc, char** argv);
 
 int main(int argc, char** argv)
@@ -194 +192 @@
     // Structured Exception Handling
     int res = 0;
-    JSGlobalData* globalData = JSGlobalData::create(ThreadStackTypeLarge, LargeHeap).leakRef();
     TRY
-        res = realMain(argc, argv, globalData);
+        res = realMain(argc, argv);
     EXCEPT(res = 3)
-
-    cleanupGlobalData(globalData);
     return res;
-}
-
-static void cleanupGlobalData(JSGlobalData* globalData)
-{
-    JSLock lock(SilenceAssertionsOnly);
-    globalData->clearBuiltinStructures();
-    globalData->heap.destroy();
-    globalData->deref();
 }
 
@@ -481 +468 @@
 #define RUNNING_FROM_XCODE 0
 
-static NO_RETURN void printUsageStatement(JSGlobalData* globalData, bool help = false)
+static NO_RETURN void printUsageStatement(bool help = false)
 {
     fprintf(stderr, "Usage: regexp_test [options] file\n");
@@ -487 +474 @@
     fprintf(stderr, "  -v|--verbose  Verbose output\n");
 
-    cleanupGlobalData(globalData);
     exit(help ? EXIT_SUCCESS : EXIT_FAILURE);
 }
 
-static void parseArguments(int argc, char** argv, CommandLine& options, JSGlobalData* globalData)
+static void parseArguments(int argc, char** argv, CommandLine& options)
 {
     int i = 1;
@@ -497 +483 @@
         const char* arg = argv[i];
         if (!strcmp(arg, "-h") || !strcmp(arg, "--help"))
-            printUsageStatement(globalData, true);
+            printUsageStatement(true);
         if (!strcmp(arg, "-v") || !strcmp(arg, "--verbose"))
             options.verbose = true;
@@ -508 +494 @@
 }
 
-int realMain(int argc, char** argv, JSGlobalData* globalData)
+int realMain(int argc, char** argv)
 {
     JSLock lock(SilenceAssertionsOnly);
 
+    RefPtr<JSGlobalData> globalData = JSGlobalData::create(ThreadStackTypeLarge, LargeHeap);
+
     CommandLine options;
-    parseArguments(argc, argv, options, globalData);
+    parseArguments(argc, argv, options);
 
     GlobalObject* globalObject = GlobalObject::create(*globalData, GlobalObject::createStructure(*globalData, jsNull()), options.arguments);