[JSC] Lock-down JSGlobalObject and derived classes in IsoSubspace
https://bugs.webkit.org/show_bug.cgi?id=205108
Reviewed by Mark Lam.
Source/JavaScriptCore:
This patch puts JSGlobalLexicalEnvironment and JSGlobalObject (and its derived classes including JSDOMWindow etc.) in IsoSubspace.
We were using addFinalizer feature to call destructors for these objects since they do not inherit JSDestructibleObject. But now
each derived classes has its IsoSubspace. So we do not need to use finalizer feature: just setting specialized HeapCellType works.
- API/JSAPIGlobalObject.h:
- API/JSCallbackObject.cpp:
- API/glib/JSAPIWrapperGlobalObject.cpp:
- JavaScriptCore.xcodeproj/project.pbxproj:
- bytecode/SuperSampler.h:
- heap/CellAttributes.h:
- heap/FreeList.h:
- heap/IsoHeapCellType.cpp:
(JSC::IsoHeapCellType::IsoHeapCellType):
- heap/IsoHeapCellType.h:
- heap/MarkedBlock.cpp:
(JSC::MarkedBlock::Handle::setIsFreeListed): Deleted.
- heap/MarkedBlockInlines.h:
(JSC::MarkedBlock::Handle::setIsFreeListed):
(GlobalObject::create): Deleted.
(GlobalObject::createStructure): Deleted.
(GlobalObject::javaScriptRuntimeFlags): Deleted.
(GlobalObject::finishCreation): Deleted.
(GlobalObject::addFunction): Deleted.
- runtime/JSGlobalLexicalEnvironment.h:
- runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::subspaceFor):
- runtime/JSSegmentedVariableObject.cpp:
(JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
(JSC::JSSegmentedVariableObject::finishCreation):
(JSC::JSSegmentedVariableObject::destroy): Deleted.
- runtime/JSSegmentedVariableObject.h:
(JSC::JSSegmentedVariableObject::subspaceFor):
(JSC::JSSegmentedVariableObject::classInfo const): Deleted.
(JSC::VM::VM):
- runtime/VM.h:
- testRegExp.cpp:
(GlobalObject::create): Deleted.
(GlobalObject::createStructure): Deleted.
(GlobalObject::finishCreation): Deleted.
Source/WebCore:
We put derived classes of JSGlobalObject in IsoSubspace in WebCore side too.
- bindings/js/JSDOMGlobalObject.h:
- bindings/js/JSDOMWindowBase.h:
- bindings/js/JSDOMWrapper.cpp:
(WebCore::globalObjectOutputConstraintSubspaceFor): Deleted.
- bindings/js/JSDOMWrapper.h:
- bindings/js/JSRemoteDOMWindowBase.h:
- bindings/js/JSWindowProxy.h:
- bindings/js/JSWorkerGlobalScopeBase.h:
(WebCore::JSWorkerGlobalScopeBase::subspaceFor):
- bindings/js/JSWorkletGlobalScopeBase.h:
(WebCore::JSWorkletGlobalScopeBase::subspaceFor):
- bindings/js/WebCoreJSClientData.cpp:
(WebCore::JSVMClientData::JSVMClientData):
- bindings/js/WebCoreJSClientData.h:
(WebCore::JSVMClientData::subspaceForJSDOMWindow):
(WebCore::JSVMClientData::subspaceForJSDedicatedWorkerGlobalScope):
(WebCore::JSVMClientData::subspaceForJSRemoteDOMWindow):
(WebCore::JSVMClientData::subspaceForJSWorkerGlobalScope):
(WebCore::JSVMClientData::subspaceForJSServiceWorkerGlobalScope):
(WebCore::JSVMClientData::subspaceForJSPaintWorkletGlobalScope):
(WebCore::JSVMClientData::subspaceForJSWorkletGlobalScope):
(WebCore::JSVMClientData::forEachOutputConstraintSpace):
(WebCore::JSVMClientData::globalObjectOutputConstraintSpace): Deleted.
- bindings/scripts/CodeGeneratorJS.pm:
(GenerateHeader):
(GenerateImplementation):
(GeneratePrototypeDeclaration):
- bindings/scripts/test/JS/JSInterfaceName.cpp:
- bindings/scripts/test/JS/JSMapLike.cpp:
- bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
- bindings/scripts/test/JS/JSReadOnlySetLike.cpp:
- bindings/scripts/test/JS/JSSetLike.cpp:
- bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
- bindings/scripts/test/JS/JSTestCEReactions.cpp:
- bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
- bindings/scripts/test/JS/JSTestCallTracer.cpp:
- bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
- bindings/scripts/test/JS/JSTestDOMJIT.cpp:
- bindings/scripts/test/JS/JSTestEnabledBySetting.cpp:
- bindings/scripts/test/JS/JSTestEnabledForContext.cpp:
- bindings/scripts/test/JS/JSTestEventConstructor.cpp:
- bindings/scripts/test/JS/JSTestEventTarget.cpp:
- bindings/scripts/test/JS/JSTestException.cpp:
- bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
- bindings/scripts/test/JS/JSTestGlobalObject.cpp:
(WebCore::JSTestGlobalObject::subspaceForImpl):
- bindings/scripts/test/JS/JSTestGlobalObject.h:
(WebCore::JSTestGlobalObject::subspaceFor):
- bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.cpp:
- bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.cpp:
- bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.cpp:
- bindings/scripts/test/JS/JSTestInterface.cpp:
- bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
- bindings/scripts/test/JS/JSTestIterable.cpp:
- bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
- bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
- bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.cpp:
- bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.cpp:
- bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.cpp:
- bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
- bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.cpp:
- bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.cpp:
- bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.cpp:
- bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.cpp:
- bindings/scripts/test/JS/JSTestNamedGetterCallWith.cpp:
- bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.cpp:
- bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.cpp:
- bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.cpp:
- bindings/scripts/test/JS/JSTestNamedSetterThrowingException.cpp:
- bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.cpp:
- bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.cpp:
- bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.cpp:
- bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.cpp:
- bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.cpp:
- bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.cpp:
- bindings/scripts/test/JS/JSTestNode.cpp:
- bindings/scripts/test/JS/JSTestObj.cpp:
- bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
- bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
- bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
- bindings/scripts/test/JS/JSTestPluginInterface.cpp:
- bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
- bindings/scripts/test/JS/JSTestSerialization.cpp:
- bindings/scripts/test/JS/JSTestSerializationIndirectInheritance.cpp:
- bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
- bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
- bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
- bindings/scripts/test/JS/JSTestStringifier.cpp:
- bindings/scripts/test/JS/JSTestStringifierAnonymousOperation.cpp:
- bindings/scripts/test/JS/JSTestStringifierNamedOperation.cpp:
- bindings/scripts/test/JS/JSTestStringifierOperationImplementedAs.cpp:
- bindings/scripts/test/JS/JSTestStringifierOperationNamedToString.cpp:
- bindings/scripts/test/JS/JSTestStringifierReadOnlyAttribute.cpp:
- bindings/scripts/test/JS/JSTestStringifierReadWriteAttribute.cpp:
- bindings/scripts/test/JS/JSTestTypedefs.cpp:
- bridge/runtime_method.h:
