Changeset 253443 in webkit for trunk/Source/JavaScriptCore/heap/CellAttributes.h

Timestamp:

Dec 12, 2019, 1:33:55 PM (5 years ago)

Author:

[email protected]

Message:

[JSC] Lock-down JSGlobalObject and derived classes in IsoSubspace
​https://bugs.webkit.org/show_bug.cgi?id=205108

Reviewed by Mark Lam.

Source/JavaScriptCore:

This patch puts JSGlobalLexicalEnvironment and JSGlobalObject (and its derived classes including JSDOMWindow etc.) in IsoSubspace.
We were using addFinalizer feature to call destructors for these objects since they do not inherit JSDestructibleObject. But now
each derived classes has its IsoSubspace. So we do not need to use finalizer feature: just setting specialized HeapCellType works.

• API/JSAPIGlobalObject.h:
• API/JSCallbackObject.cpp:
• API/glib/JSAPIWrapperGlobalObject.cpp:
• JavaScriptCore.xcodeproj/project.pbxproj:
• bytecode/SuperSampler.h:
• heap/CellAttributes.h:
• heap/FreeList.h:
• heap/IsoHeapCellType.cpp:

(JSC::IsoHeapCellType::IsoHeapCellType):

• heap/IsoHeapCellType.h:
• heap/MarkedBlock.cpp:

(JSC::MarkedBlock::Handle::setIsFreeListed): Deleted.

• heap/MarkedBlockInlines.h:

(JSC::MarkedBlock::Handle::setIsFreeListed):

• jsc.cpp:

(GlobalObject::create): Deleted.
(GlobalObject::createStructure): Deleted.
(GlobalObject::javaScriptRuntimeFlags): Deleted.
(GlobalObject::finishCreation): Deleted.
(GlobalObject::addFunction): Deleted.

• runtime/JSGlobalLexicalEnvironment.h:
• runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::subspaceFor):

• runtime/JSSegmentedVariableObject.cpp:

(JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
(JSC::JSSegmentedVariableObject::finishCreation):
(JSC::JSSegmentedVariableObject::destroy): Deleted.

• runtime/JSSegmentedVariableObject.h:

(JSC::JSSegmentedVariableObject::subspaceFor):
(JSC::JSSegmentedVariableObject::classInfo const): Deleted.

• runtime/VM.cpp:

(JSC::VM::VM):

• runtime/VM.h:
• testRegExp.cpp:

(GlobalObject::create): Deleted.
(GlobalObject::createStructure): Deleted.
(GlobalObject::finishCreation): Deleted.

Source/WebCore:

We put derived classes of JSGlobalObject in IsoSubspace in WebCore side too.

• bindings/js/JSDOMGlobalObject.h:
• bindings/js/JSDOMWindowBase.h:
• bindings/js/JSDOMWrapper.cpp:

(WebCore::globalObjectOutputConstraintSubspaceFor): Deleted.

• bindings/js/JSDOMWrapper.h:
• bindings/js/JSRemoteDOMWindowBase.h:
• bindings/js/JSWindowProxy.h:
• bindings/js/JSWorkerGlobalScopeBase.h:

(WebCore::JSWorkerGlobalScopeBase::subspaceFor):

• bindings/js/JSWorkletGlobalScopeBase.h:

(WebCore::JSWorkletGlobalScopeBase::subspaceFor):

• bindings/js/WebCoreJSClientData.cpp:

(WebCore::JSVMClientData::JSVMClientData):

• bindings/js/WebCoreJSClientData.h:

(WebCore::JSVMClientData::subspaceForJSDOMWindow):
(WebCore::JSVMClientData::subspaceForJSDedicatedWorkerGlobalScope):
(WebCore::JSVMClientData::subspaceForJSRemoteDOMWindow):
(WebCore::JSVMClientData::subspaceForJSWorkerGlobalScope):
(WebCore::JSVMClientData::subspaceForJSServiceWorkerGlobalScope):
(WebCore::JSVMClientData::subspaceForJSPaintWorkletGlobalScope):
(WebCore::JSVMClientData::subspaceForJSWorkletGlobalScope):
(WebCore::JSVMClientData::forEachOutputConstraintSpace):
(WebCore::JSVMClientData::globalObjectOutputConstraintSpace): Deleted.

• bindings/scripts/CodeGeneratorJS.pm:

(GenerateHeader):
(GenerateImplementation):
(GeneratePrototypeDeclaration):

• bindings/scripts/test/JS/JSInterfaceName.cpp:
• bindings/scripts/test/JS/JSMapLike.cpp:
• bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
• bindings/scripts/test/JS/JSReadOnlySetLike.cpp:
• bindings/scripts/test/JS/JSSetLike.cpp:
• bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
• bindings/scripts/test/JS/JSTestCEReactions.cpp:
• bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
• bindings/scripts/test/JS/JSTestCallTracer.cpp:
• bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
• bindings/scripts/test/JS/JSTestDOMJIT.cpp:
• bindings/scripts/test/JS/JSTestEnabledBySetting.cpp:
• bindings/scripts/test/JS/JSTestEnabledForContext.cpp:
• bindings/scripts/test/JS/JSTestEventConstructor.cpp:
• bindings/scripts/test/JS/JSTestEventTarget.cpp:
• bindings/scripts/test/JS/JSTestException.cpp:
• bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
• bindings/scripts/test/JS/JSTestGlobalObject.cpp:

(WebCore::JSTestGlobalObject::subspaceForImpl):

• bindings/scripts/test/JS/JSTestGlobalObject.h:

(WebCore::JSTestGlobalObject::subspaceFor):

• bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.cpp:
• bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.cpp:
• bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.cpp:
• bindings/scripts/test/JS/JSTestInterface.cpp:
• bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
• bindings/scripts/test/JS/JSTestIterable.cpp:
• bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
• bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
• bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.cpp:
• bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.cpp:
• bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.cpp:
• bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
• bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.cpp:
• bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.cpp:
• bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.cpp:
• bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.cpp:
• bindings/scripts/test/JS/JSTestNamedGetterCallWith.cpp:
• bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.cpp:
• bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.cpp:
• bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.cpp:
• bindings/scripts/test/JS/JSTestNamedSetterThrowingException.cpp:
• bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.cpp:
• bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.cpp:
• bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.cpp:
• bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.cpp:
• bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.cpp:
• bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.cpp:
• bindings/scripts/test/JS/JSTestNode.cpp:
• bindings/scripts/test/JS/JSTestObj.cpp:
• bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
• bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
• bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
• bindings/scripts/test/JS/JSTestPluginInterface.cpp:
• bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
• bindings/scripts/test/JS/JSTestSerialization.cpp:
• bindings/scripts/test/JS/JSTestSerializationIndirectInheritance.cpp:
• bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
• bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
• bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
• bindings/scripts/test/JS/JSTestStringifier.cpp:
• bindings/scripts/test/JS/JSTestStringifierAnonymousOperation.cpp:
• bindings/scripts/test/JS/JSTestStringifierNamedOperation.cpp:
• bindings/scripts/test/JS/JSTestStringifierOperationImplementedAs.cpp:
• bindings/scripts/test/JS/JSTestStringifierOperationNamedToString.cpp:
• bindings/scripts/test/JS/JSTestStringifierReadOnlyAttribute.cpp:
• bindings/scripts/test/JS/JSTestStringifierReadWriteAttribute.cpp:
• bindings/scripts/test/JS/JSTestTypedefs.cpp:
• bridge/runtime_method.h:

File:

• trunk/Source/JavaScriptCore/heap/CellAttributes.h (modified) (1 diff)

trunk/Source/JavaScriptCore/heap/CellAttributes.h

@@ -41 +41 @@
     }
     
-    void dump(PrintStream& out) const;
+    JS_EXPORT_PRIVATE void dump(PrintStream& out) const;
     
     DestructionMode destruction { DoesNotNeedDestruction };