Changeset 253423 in webkit for trunk/Source/JavaScriptCore/heap

Timestamp:

Dec 12, 2019, 1:36:13 AM (5 years ago)

Author:

[email protected]

Message:

[JSC] IsoHeapCellType should have destroy function member instead of specializing template function
​https://bugs.webkit.org/show_bug.cgi?id=205152

Reviewed by Saam Barati.

We were specializing MarkedBlock::Handle::specializedSweep in 5 different ways for each IsoSubspace-ed cell.
This bloats binary. Instead of specializing it with CellType, we specialize it with one functor, which invokes
function pointer held by IsoHeapCellType. This requires one indirect function call per cell. But this is OK since,

1. We were using JSDestructibleObject's cell->classInfo->methodTable.destroy function call to dispatch destruction, before IsoSubspace replaces them with IsoHeapCellType-based destruction. Compared to that, the new one is still saving one pointer chasing basically (classInfo dereference, we assume cell deference is no cost since it will be done anyway).
2. We still keep JSString's destroy function inlining by using IsoInlinedHeapCellType. This is important since it is critical to performance and we had JSStringHeapCellType before we replaced it with IsoHeapCellType. But IsoInlinedHeapCellType specialization is for only one class so generated binary size is the same to the old code using JSStringHeapCellType.

This saves 480KB binary-size in JavaScriptCore. And more importantly, after this patch, adding IsoSubspace
will not bloat code, so we can simply put things into IsoSubspace.

This patch also removes using namespace JSC; in global code in JavaScriptCore except for API codes, since
it starts causing build failure due to unified builds: API defines JSType enum in a global scope, which is
different from our JSC::JSType. If we do using namespace JSC; in a global scope, it can lead to ambiguity of
looking up.

• API/JSHeapFinalizerPrivate.cpp:

(JSContextGroupAddHeapFinalizer):
(JSContextGroupRemoveHeapFinalizer):

• API/JSHeapFinalizerPrivate.h:
• JavaScriptCore.xcodeproj/project.pbxproj:
• Sources.txt:
• assembler/AbstractMacroAssembler.cpp:
• bindings/ScriptFunctionCall.cpp:
• bindings/ScriptObject.cpp:
• bindings/ScriptValue.cpp:
• heap/IsoHeapCellType.cpp: Copied from Source/JavaScriptCore/assembler/AbstractMacroAssembler.cpp.

(JSC::IsoHeapCellType::finishSweep):
(JSC::IsoHeapCellType::destroy):

• heap/IsoHeapCellType.h:
• heap/IsoInlinedHeapCellType.h: Copied from Source/JavaScriptCore/heap/IsoHeapCellType.h.
• heap/MutatorState.cpp:
• heap/Synchronousness.cpp:
• inspector/InjectedScriptHost.cpp:
• inspector/InjectedScriptManager.cpp:
• inspector/JSGlobalObjectConsoleClient.cpp:
• inspector/JSGlobalObjectInspectorController.cpp:
• inspector/JSGlobalObjectScriptDebugServer.cpp:
• inspector/JSInjectedScriptHost.cpp:
• inspector/JSInjectedScriptHostPrototype.cpp:
• inspector/JSJavaScriptCallFrame.cpp:
• inspector/JSJavaScriptCallFramePrototype.cpp:
• inspector/JavaScriptCallFrame.cpp:
• inspector/PerGlobalObjectWrapperWorld.cpp:
• inspector/ScriptCallStackFactory.cpp:
• inspector/ScriptDebugServer.cpp:
• inspector/agents/InspectorHeapAgent.cpp:
• inspector/agents/InspectorScriptProfilerAgent.cpp:
• inspector/agents/JSGlobalObjectAuditAgent.cpp:
• inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
• inspector/agents/JSGlobalObjectRuntimeAgent.cpp:
• runtime/VM.cpp:

(JSC::VM::VM):

• runtime/VM.h:

Location:

trunk/Source/JavaScriptCore/heap

Files:

• IsoHeapCellType.cpp (copied) (copied from trunk/Source/JavaScriptCore/API/JSHeapFinalizerPrivate.h ) (2 diffs)
• IsoHeapCellType.h (modified) (1 diff)
• IsoInlinedHeapCellType.h (copied) (copied from trunk/Source/JavaScriptCore/heap/IsoHeapCellType.h ) (1 diff)
• MutatorState.cpp (modified) (1 diff)
• Synchronousness.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/heap/IsoHeapCellType.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2017 Apple Inc.  All rights reserved.
+ * Copyright (C) 2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -21 +21 @@
  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifndef JSHeapFinalizerPrivate_h
-#define JSHeapFinalizerPrivate_h
+#include "config.h"
+#include "IsoHeapCellType.h"
 
-#include <JavaScriptCore/JSContextRef.h>
-#include <stdbool.h>
+#include "JSCInlines.h"
+#include "MarkedBlockInlines.h"
 
-#ifdef __cplusplus
-extern "C" {
-#endif
+namespace JSC {
 
-typedef void (*JSHeapFinalizer)(JSContextGroupRef, void *userData);
+void IsoHeapCellType::finishSweep(MarkedBlock::Handle& handle, FreeList* freeList)
+{
+    handle.finishSweepKnowingHeapCellType(freeList, *this);
+}
 
-JS_EXPORT void JSContextGroupAddHeapFinalizer(JSContextGroupRef, JSHeapFinalizer, void *userData);
-JS_EXPORT void JSContextGroupRemoveHeapFinalizer(JSContextGroupRef, JSHeapFinalizer, void *userData);
+void IsoHeapCellType::destroy(VM&, JSCell* cell)
+{
+    m_destroy(cell);
+}
 
-#ifdef __cplusplus
-}
-#endif
+} // namespace JSC
 
-#endif // JSHeapFinalizerPrivate_h
-

trunk/Source/JavaScriptCore/heap/IsoHeapCellType.h

@@ -29 +29 @@
 namespace JSC {
 
-template<typename CellType>
 class IsoHeapCellType final : public HeapCellType {
 public:
-    IsoHeapCellType()
-        : HeapCellType(CellAttributes(CellType::needsDestruction ? NeedsDestruction : DoesNotNeedDestruction, HeapCell::JSCell))
+    using DestroyFunctionPtr = void (*)(JSCell*);
+
+    IsoHeapCellType(DestructionMode destructionMode, DestroyFunctionPtr destroyFunction)
+        : HeapCellType(CellAttributes(destructionMode, HeapCell::JSCell))
+        , m_destroy(destroyFunction)
     {
     }
 
-    struct DestroyFunc {
-        ALWAYS_INLINE void operator()(VM&, JSCell* cell) const
-        {
-            CellType::destroy(cell);
-        }
-    };
-
-    void finishSweep(MarkedBlock::Handle& handle, FreeList* freeList) override
+    template<typename CellType>
+    static std::unique_ptr<IsoHeapCellType> create()
     {
-        handle.finishSweepKnowingHeapCellType(freeList, DestroyFunc());
+        return makeUnique<IsoHeapCellType>(CellType::needsDestruction ? NeedsDestruction : DoesNotNeedDestruction, &CellType::destroy);
     }
 
-    void destroy(VM&, JSCell* cell) override
+    void finishSweep(MarkedBlock::Handle&, FreeList*) override;
+    void destroy(VM&, JSCell*) override;
+
+    ALWAYS_INLINE void operator()(VM&, JSCell* cell) const
     {
-        CellType::destroy(cell);
+        m_destroy(cell);
     }
+
+private:
+    DestroyFunctionPtr WTF_VTBL_FUNCPTR_PTRAUTH_STR("IsoHeapCellType.destroy") m_destroy;
 };
 
 } // namespace JSC
-

trunk/Source/JavaScriptCore/heap/IsoInlinedHeapCellType.h

@@ -30 +30 @@
 
 template<typename CellType>
-class IsoHeapCellType final : public HeapCellType {
+class IsoInlinedHeapCellType final : public HeapCellType {
 public:
-    IsoHeapCellType()
+    IsoInlinedHeapCellType()
         : HeapCellType(CellAttributes(CellType::needsDestruction ? NeedsDestruction : DoesNotNeedDestruction, HeapCell::JSCell))
     {

trunk/Source/JavaScriptCore/heap/MutatorState.cpp

@@ -29 +29 @@
 #include <wtf/PrintStream.h>
 
+namespace WTF {
+
 using namespace JSC;
-
-namespace WTF {
 
 void printInternal(PrintStream& out, MutatorState state)

trunk/Source/JavaScriptCore/heap/Synchronousness.cpp

@@ -29 +29 @@
 #include <wtf/PrintStream.h>
 
+namespace WTF {
+
 using namespace JSC;
-
-namespace WTF {
 
 void printInternal(PrintStream& out, Synchronousness synchronousness)