<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[199445] releases/WebKitGTK/webkit-2.12/Source/bmalloc</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/199445">199445</a></dd>
<dt>Author</dt> <dd>carlosgc@webkit.org</dd>
<dt>Date</dt> <dd>2016-04-13 02:36:38 -0700 (Wed, 13 Apr 2016)</dd>
</dl>

<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/198675">r198675</a> - bmalloc: small and large objects should share memory
https://bugs.webkit.org/show_bug.cgi?id=155866

Reviewed by Andreas Kling.

This patch cuts our VM footprint in half. (VM footprint usually doesn't
matter, but on iOS there's an artificial VM limit around 700MB, and if
you hit it you jetsam / crash.)

It's also a step toward honoring the hardware page size at runtime,
which will reduce memory usage on iOS.

This patch is a small improvement in peak memory usage because it allows
small and large objects to recycle each other's memory. The tradeoff is
that we require more metadata, which causes more memory usage after
shrinking down from peak memory usage. In the end, we have some memory
wins and some losses, and a small win in the mean on our standard memory
benchmarks.

* bmalloc.xcodeproj/project.pbxproj: Removed SuperChunk.

* bmalloc/Allocator.cpp:
(bmalloc::Allocator::reallocate): Adopt a new Heap API for shrinking
large objects because it's a little more complicated than it used to be.

Don't check for equality in the XLarge case because we don't do it in
other cases, and it's unlikely that we'll be called for no reason.

* bmalloc/BumpAllocator.h:
(bmalloc::BumpAllocator::allocate): Don't ASSERT isSmall because that's
an old concept from when small and large objects were in distinct memory
regions.

* bmalloc/Deallocator.cpp:
(bmalloc::Deallocator::deallocateSlowCase): Large objects are not
segregated anymore.

(bmalloc::Deallocator::deallocateLarge): Deleted.

* bmalloc/Deallocator.h:
(bmalloc::Deallocator::deallocateFastCase): Don't ASSERT isSmall(). See
above.

* bmalloc/Heap.cpp:
(bmalloc::Heap::scavenge):
(bmalloc::Heap::scavengeSmallPage):
(bmalloc::Heap::scavengeSmallPages): New helpers for returning cached
small pages to the large object heap.

(bmalloc::Heap::allocateSmallPage): Allocate small pages from the large
object heap. This is how we accomplish sharing.

(bmalloc::Heap::deallocateSmallLine): Handle large objects since we can
encounter them on this code path now.

(bmalloc::Heap::splitAndAllocate): Fixed a bug where we would sometimes
not split even though we could.

Allocating a large object also requires ref'ing its small line so that
we can alias memory between small and large objects.

(bmalloc::Heap::allocateLarge): Return cached small pages before
allocating a large object that would fit in a cached small page. This
allows some large allocations to reuse small object memory.

(bmalloc::Heap::shrinkLarge): New helper.

(bmalloc::Heap::deallocateLarge): Deleted.

* bmalloc/Heap.h:

* bmalloc/LargeChunk.h:
(bmalloc::LargeChunk::pageBegin):
(bmalloc::LargeChunk::pageEnd):
(bmalloc::LargeChunk::lines):
(bmalloc::LargeChunk::pages):
(bmalloc::LargeChunk::begin):
(bmalloc::LargeChunk::end):
(bmalloc::LargeChunk::LargeChunk):
(bmalloc::LargeChunk::get):
(bmalloc::LargeChunk::endTag):
(bmalloc::LargeChunk::offset):
(bmalloc::LargeChunk::object):
(bmalloc::LargeChunk::page):
(bmalloc::LargeChunk::line):
(bmalloc::SmallLine::begin):
(bmalloc::SmallLine::end):
(bmalloc::SmallPage::begin):
(bmalloc::SmallPage::end):
(bmalloc::Object::Object):
(bmalloc::Object::begin):
(bmalloc::Object::pageBegin):
(bmalloc::Object::line):
(bmalloc::Object::page): I merged all the SmallChunk metadata and code
into LargeChunk. Now we use a single class to track both small and large
metadata, so we can share memory between small and large objects.

I'm going to rename this class to Chunk in a follow-up patch.

* bmalloc/Object.h:
(bmalloc::Object::chunk): Updated for LargeChunk transition.

* bmalloc/ObjectType.cpp:
(bmalloc::objectType):
* bmalloc/ObjectType.h:
(bmalloc::isXLarge):
(bmalloc::isSmall): Deleted. The difference between small and large
objects is now stored in metadata and is not a property of their
virtual address range.

* bmalloc/SegregatedFreeList.h: One more entry because we cover all of
what used to be the super chunk in a large chunk now.

* bmalloc/Sizes.h: Removed bit masking helpers because we don't use
address masks to distinguish small vs large object type anymore.

* bmalloc/SmallChunk.h: Removed.

* bmalloc/SmallPage.h:
(bmalloc::SmallPage::SmallPage): Store object type per page because any
given page can be used for large objects or small objects.

* bmalloc/SuperChunk.h: Removed.

* bmalloc/VMHeap.cpp:
(bmalloc::VMHeap::VMHeap):
(bmalloc::VMHeap::allocateLargeChunk):
(bmalloc::VMHeap::allocateSmallChunk): Deleted.
(bmalloc::VMHeap::allocateSuperChunk): Deleted.
* bmalloc/VMHeap.h:
(bmalloc::VMHeap::allocateLargeObject):
(bmalloc::VMHeap::deallocateLargeObject):
(bmalloc::VMHeap::allocateSmallPage): Deleted.
(bmalloc::VMHeap::deallocateSmallPage): Deleted. Removed super chunk and
small chunk support.

* bmalloc/Zone.cpp:
(bmalloc::enumerator):
* bmalloc/Zone.h:
(bmalloc::Zone::largeChunks):
(bmalloc::Zone::addLargeChunk):
(bmalloc::Zone::superChunks): Deleted.
(bmalloc::Zone::addSuperChunk): Deleted. Removed super chunk and
small chunk support.</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit212SourcebmallocChangeLog">releases/WebKitGTK/webkit-2.12/Source/bmalloc/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourcebmallocbmallocAllocatorcpp">releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Allocator.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourcebmallocbmallocBumpAllocatorh">releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/BumpAllocator.h</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourcebmallocbmallocDeallocatorcpp">releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Deallocator.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourcebmallocbmallocDeallocatorh">releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Deallocator.h</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourcebmallocbmallocHeapcpp">releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Heap.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourcebmallocbmallocHeaph">releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Heap.h</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourcebmallocbmallocLargeChunkh">releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/LargeChunk.h</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourcebmallocbmallocObjecth">releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Object.h</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourcebmallocbmallocObjectTypecpp">releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/ObjectType.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourcebmallocbmallocObjectTypeh">releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/ObjectType.h</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourcebmallocbmallocSegregatedFreeListh">releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/SegregatedFreeList.h</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourcebmallocbmallocSizesh">releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Sizes.h</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourcebmallocbmallocSmallPageh">releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/SmallPage.h</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourcebmallocbmallocVMHeapcpp">releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/VMHeap.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourcebmallocbmallocVMHeaph">releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/VMHeap.h</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourcebmallocbmallocZonecpp">releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Zone.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourcebmallocbmallocZoneh">releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Zone.h</a></li>
<li><a href="#releasesWebKitGTKwebkit212Sourcebmallocbmallocxcodeprojprojectpbxproj">releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc.xcodeproj/project.pbxproj</a></li>
</ul>

<h3>Removed Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit212SourcebmallocbmallocSmallChunkh">releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/SmallChunk.h</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourcebmallocbmallocSuperChunkh">releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/SuperChunk.h</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="releasesWebKitGTKwebkit212SourcebmallocChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/ChangeLog (199444 => 199445)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/ChangeLog        2016-04-13 09:26:28 UTC (rev 199444)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/ChangeLog        2016-04-13 09:36:38 UTC (rev 199445)
</span><span class="lines">@@ -1,3 +1,150 @@
</span><ins>+2016-03-24  Geoffrey Garen  &lt;ggaren@apple.com&gt;
+
+        bmalloc: small and large objects should share memory
+        https://bugs.webkit.org/show_bug.cgi?id=155866
+
+        Reviewed by Andreas Kling.
+
+        This patch cuts our VM footprint in half. (VM footprint usually doesn't
+        matter, but on iOS there's an artificial VM limit around 700MB, and if
+        you hit it you jetsam / crash.)
+
+        It's also a step toward honoring the hardware page size at runtime,
+        which will reduce memory usage on iOS.
+
+        This patch is a small improvement in peak memory usage because it allows
+        small and large objects to recycle each other's memory. The tradeoff is
+        that we require more metadata, which causes more memory usage after
+        shrinking down from peak memory usage. In the end, we have some memory
+        wins and some losses, and a small win in the mean on our standard memory
+        benchmarks.
+
+        * bmalloc.xcodeproj/project.pbxproj: Removed SuperChunk.
+
+        * bmalloc/Allocator.cpp:
+        (bmalloc::Allocator::reallocate): Adopt a new Heap API for shrinking
+        large objects because it's a little more complicated than it used to be.
+
+        Don't check for equality in the XLarge case because we don't do it in
+        other cases, and it's unlikely that we'll be called for no reason.
+
+        * bmalloc/BumpAllocator.h:
+        (bmalloc::BumpAllocator::allocate): Don't ASSERT isSmall because that's
+        an old concept from when small and large objects were in distinct memory
+        regions.
+
+        * bmalloc/Deallocator.cpp:
+        (bmalloc::Deallocator::deallocateSlowCase): Large objects are not
+        segregated anymore.
+
+        (bmalloc::Deallocator::deallocateLarge): Deleted.
+
+        * bmalloc/Deallocator.h:
+        (bmalloc::Deallocator::deallocateFastCase): Don't ASSERT isSmall(). See
+        above.
+
+        * bmalloc/Heap.cpp:
+        (bmalloc::Heap::scavenge):
+        (bmalloc::Heap::scavengeSmallPage):
+        (bmalloc::Heap::scavengeSmallPages): New helpers for returning cached
+        small pages to the large object heap.
+
+        (bmalloc::Heap::allocateSmallPage): Allocate small pages from the large
+        object heap. This is how we accomplish sharing.
+
+        (bmalloc::Heap::deallocateSmallLine): Handle large objects since we can
+        encounter them on this code path now.
+
+        (bmalloc::Heap::splitAndAllocate): Fixed a bug where we would sometimes
+        not split even though we could.
+
+        Allocating a large object also requires ref'ing its small line so that
+        we can alias memory between small and large objects.
+
+        (bmalloc::Heap::allocateLarge): Return cached small pages before
+        allocating a large object that would fit in a cached small page. This
+        allows some large allocations to reuse small object memory.
+
+        (bmalloc::Heap::shrinkLarge): New helper.
+
+        (bmalloc::Heap::deallocateLarge): Deleted.
+
+        * bmalloc/Heap.h:
+
+        * bmalloc/LargeChunk.h:
+        (bmalloc::LargeChunk::pageBegin):
+        (bmalloc::LargeChunk::pageEnd):
+        (bmalloc::LargeChunk::lines):
+        (bmalloc::LargeChunk::pages):
+        (bmalloc::LargeChunk::begin):
+        (bmalloc::LargeChunk::end):
+        (bmalloc::LargeChunk::LargeChunk):
+        (bmalloc::LargeChunk::get):
+        (bmalloc::LargeChunk::endTag):
+        (bmalloc::LargeChunk::offset):
+        (bmalloc::LargeChunk::object):
+        (bmalloc::LargeChunk::page):
+        (bmalloc::LargeChunk::line):
+        (bmalloc::SmallLine::begin):
+        (bmalloc::SmallLine::end):
+        (bmalloc::SmallPage::begin):
+        (bmalloc::SmallPage::end):
+        (bmalloc::Object::Object):
+        (bmalloc::Object::begin):
+        (bmalloc::Object::pageBegin):
+        (bmalloc::Object::line):
+        (bmalloc::Object::page): I merged all the SmallChunk metadata and code
+        into LargeChunk. Now we use a single class to track both small and large
+        metadata, so we can share memory between small and large objects.
+
+        I'm going to rename this class to Chunk in a follow-up patch.
+
+        * bmalloc/Object.h:
+        (bmalloc::Object::chunk): Updated for LargeChunk transition.
+
+        * bmalloc/ObjectType.cpp:
+        (bmalloc::objectType):
+        * bmalloc/ObjectType.h:
+        (bmalloc::isXLarge):
+        (bmalloc::isSmall): Deleted. The difference between small and large
+        objects is now stored in metadata and is not a property of their
+        virtual address range.
+
+        * bmalloc/SegregatedFreeList.h: One more entry because we cover all of
+        what used to be the super chunk in a large chunk now.
+
+        * bmalloc/Sizes.h: Removed bit masking helpers because we don't use
+        address masks to distinguish small vs large object type anymore.
+
+        * bmalloc/SmallChunk.h: Removed.
+
+        * bmalloc/SmallPage.h:
+        (bmalloc::SmallPage::SmallPage): Store object type per page because any
+        given page can be used for large objects or small objects.
+
+        * bmalloc/SuperChunk.h: Removed.
+
+        * bmalloc/VMHeap.cpp:
+        (bmalloc::VMHeap::VMHeap):
+        (bmalloc::VMHeap::allocateLargeChunk):
+        (bmalloc::VMHeap::allocateSmallChunk): Deleted.
+        (bmalloc::VMHeap::allocateSuperChunk): Deleted.
+        * bmalloc/VMHeap.h:
+        (bmalloc::VMHeap::allocateLargeObject):
+        (bmalloc::VMHeap::deallocateLargeObject):
+        (bmalloc::VMHeap::allocateSmallPage): Deleted.
+        (bmalloc::VMHeap::deallocateSmallPage): Deleted. Removed super chunk and
+        small chunk support.
+
+        * bmalloc/Zone.cpp:
+        (bmalloc::enumerator):
+        * bmalloc/Zone.h:
+        (bmalloc::Zone::largeChunks):
+        (bmalloc::Zone::addLargeChunk):
+        (bmalloc::Zone::superChunks): Deleted.
+        (bmalloc::Zone::addSuperChunk): Deleted. Removed super chunk and
+        small chunk support.
+
</ins><span class="cx"> 2016-03-23  Geoffrey Garen  &lt;ggaren@apple.com&gt;
</span><span class="cx"> 
</span><span class="cx">         bmalloc: Added an Object helper class
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourcebmallocbmallocAllocatorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Allocator.cpp (199444 => 199445)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Allocator.cpp        2016-04-13 09:26:28 UTC (rev 199444)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Allocator.cpp        2016-04-13 09:36:38 UTC (rev 199445)
</span><span class="lines">@@ -114,40 +114,33 @@
</span><span class="cx"> 
</span><span class="cx">     size_t oldSize = 0;
</span><span class="cx">     switch (objectType(object)) {
</span><del>-    case Small: {
</del><ins>+    case ObjectType::Small: {
</ins><span class="cx">         size_t sizeClass = Object(object).page()-&gt;sizeClass();
</span><span class="cx">         oldSize = objectSize(sizeClass);
</span><span class="cx">         break;
</span><span class="cx">     }
</span><del>-    case Large: {
-        std::unique_lock&lt;StaticMutex&gt; lock(PerProcess&lt;Heap&gt;::mutex());
</del><ins>+    case ObjectType::Large: {
</ins><span class="cx">         LargeObject largeObject(object);
</span><span class="cx">         oldSize = largeObject.size();
</span><span class="cx"> 
</span><span class="cx">         if (newSize &lt; oldSize &amp;&amp; newSize &gt; smallMax) {
</span><del>-            newSize = roundUpToMultipleOf&lt;largeAlignment&gt;(newSize);
</del><span class="cx">             if (oldSize - newSize &gt;= largeMin) {
</span><del>-                std::pair&lt;LargeObject, LargeObject&gt; split = largeObject.split(newSize);
-                
-                lock.unlock();
-                m_deallocator.deallocate(split.second.begin());
-                lock.lock();
</del><ins>+                std::lock_guard&lt;StaticMutex&gt; lock(PerProcess&lt;Heap&gt;::mutex());
+                newSize = roundUpToMultipleOf&lt;largeAlignment&gt;(newSize);
+                PerProcess&lt;Heap&gt;::getFastCase()-&gt;shrinkLarge(lock, largeObject, newSize);
+                return object;
</ins><span class="cx">             }
</span><del>-            return object;
</del><span class="cx">         }
</span><span class="cx">         break;
</span><span class="cx">     }
</span><del>-    case XLarge: {
-        BASSERT(objectType(nullptr) == XLarge);
</del><ins>+    case ObjectType::XLarge: {
+        BASSERT(objectType(nullptr) == ObjectType::XLarge);
</ins><span class="cx">         if (!object)
</span><span class="cx">             break;
</span><span class="cx"> 
</span><span class="cx">         std::unique_lock&lt;StaticMutex&gt; lock(PerProcess&lt;Heap&gt;::mutex());
</span><span class="cx">         oldSize = PerProcess&lt;Heap&gt;::getFastCase()-&gt;xLargeSize(lock, object);
</span><span class="cx"> 
</span><del>-        if (newSize == oldSize)
-            return object;
-
</del><span class="cx">         if (newSize &lt; oldSize &amp;&amp; newSize &gt; largeMax) {
</span><span class="cx">             PerProcess&lt;Heap&gt;::getFastCase()-&gt;shrinkXLarge(lock, Range(object, oldSize), newSize);
</span><span class="cx">             return object;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourcebmallocbmallocBumpAllocatorh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/BumpAllocator.h (199444 => 199445)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/BumpAllocator.h        2016-04-13 09:26:28 UTC (rev 199444)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/BumpAllocator.h        2016-04-13 09:36:38 UTC (rev 199445)
</span><span class="lines">@@ -76,7 +76,6 @@
</span><span class="cx">     --m_remaining;
</span><span class="cx">     char* result = m_ptr;
</span><span class="cx">     m_ptr += m_size;
</span><del>-    BASSERT(isSmall(result));
</del><span class="cx">     return result;
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourcebmallocbmallocDeallocatorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Deallocator.cpp (199444 => 199445)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Deallocator.cpp        2016-04-13 09:26:28 UTC (rev 199444)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Deallocator.cpp        2016-04-13 09:36:38 UTC (rev 199445)
</span><span class="lines">@@ -30,7 +30,6 @@
</span><span class="cx"> #include &quot;Inline.h&quot;
</span><span class="cx"> #include &quot;Object.h&quot;
</span><span class="cx"> #include &quot;PerProcess.h&quot;
</span><del>-#include &quot;SmallChunk.h&quot;
</del><span class="cx"> #include &lt;algorithm&gt;
</span><span class="cx"> #include &lt;cstdlib&gt;
</span><span class="cx"> #include &lt;sys/mman.h&gt;
</span><span class="lines">@@ -60,12 +59,6 @@
</span><span class="cx">         processObjectLog();
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-void Deallocator::deallocateLarge(void* object)
-{
-    std::lock_guard&lt;StaticMutex&gt; lock(PerProcess&lt;Heap&gt;::mutex());
-    PerProcess&lt;Heap&gt;::getFastCase()-&gt;deallocateLarge(lock, object);
-}
-
</del><span class="cx"> void Deallocator::deallocateXLarge(void* object)
</span><span class="cx"> {
</span><span class="cx">     std::unique_lock&lt;StaticMutex&gt; lock(PerProcess&lt;Heap&gt;::mutex());
</span><span class="lines">@@ -97,20 +90,15 @@
</span><span class="cx">         return;
</span><span class="cx">     }
</span><span class="cx"> 
</span><del>-    BASSERT(objectType(nullptr) == XLarge);
</del><span class="cx">     if (!object)
</span><span class="cx">         return;
</span><span class="cx"> 
</span><del>-    if (isSmall(object)) {
-        processObjectLog();
-        m_objectLog.push(object);
-        return;
-    }
</del><ins>+    if (isXLarge(object))
+        return deallocateXLarge(object);
</ins><span class="cx"> 
</span><del>-    if (!isXLarge(object))
-        return deallocateLarge(object);
-    
-    return deallocateXLarge(object);
</del><ins>+    BASSERT(m_objectLog.size() == m_objectLog.capacity());
+    processObjectLog();
+    m_objectLog.push(object);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } // namespace bmalloc
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourcebmallocbmallocDeallocatorh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Deallocator.h (199444 => 199445)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Deallocator.h        2016-04-13 09:26:28 UTC (rev 199444)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Deallocator.h        2016-04-13 09:36:38 UTC (rev 199445)
</span><span class="lines">@@ -51,7 +51,6 @@
</span><span class="cx">     bool deallocateFastCase(void*);
</span><span class="cx">     void deallocateSlowCase(void*);
</span><span class="cx"> 
</span><del>-    void deallocateLarge(void*);
</del><span class="cx">     void deallocateXLarge(void*);
</span><span class="cx"> 
</span><span class="cx">     FixedVector&lt;void*, deallocatorLogCapacity&gt; m_objectLog;
</span><span class="lines">@@ -60,11 +59,10 @@
</span><span class="cx"> 
</span><span class="cx"> inline bool Deallocator::deallocateFastCase(void* object)
</span><span class="cx"> {
</span><del>-    if (!isSmall(object))
</del><ins>+    BASSERT(isXLarge(nullptr));
+    if (isXLarge(object))
</ins><span class="cx">         return false;
</span><span class="cx"> 
</span><del>-    BASSERT(object);
-
</del><span class="cx">     if (m_objectLog.size() == m_objectLog.capacity())
</span><span class="cx">         return false;
</span><span class="cx"> 
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourcebmallocbmallocHeapcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Heap.cpp (199444 => 199445)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Heap.cpp        2016-04-13 09:26:28 UTC (rev 199444)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Heap.cpp        2016-04-13 09:36:38 UTC (rev 199445)
</span><span class="lines">@@ -28,7 +28,6 @@
</span><span class="cx"> #include &quot;LargeChunk.h&quot;
</span><span class="cx"> #include &quot;LargeObject.h&quot;
</span><span class="cx"> #include &quot;PerProcess.h&quot;
</span><del>-#include &quot;SmallChunk.h&quot;
</del><span class="cx"> #include &quot;SmallLine.h&quot;
</span><span class="cx"> #include &quot;SmallPage.h&quot;
</span><span class="cx"> #include &lt;thread&gt;
</span><span class="lines">@@ -84,21 +83,36 @@
</span><span class="cx"> {
</span><span class="cx">     waitUntilFalse(lock, sleepDuration, m_isAllocatingPages);
</span><span class="cx"> 
</span><del>-    scavengeSmallPages(lock, sleepDuration);
</del><ins>+    lock.unlock();
+    {
+        std::lock_guard&lt;StaticMutex&gt; lock(PerProcess&lt;Heap&gt;::mutex());
+        scavengeSmallPages(lock);
+    }
+    lock.lock();
+
</ins><span class="cx">     scavengeLargeObjects(lock, sleepDuration);
</span><span class="cx">     scavengeXLargeObjects(lock, sleepDuration);
</span><span class="cx"> 
</span><span class="cx">     sleep(lock, sleepDuration);
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-void Heap::scavengeSmallPages(std::unique_lock&lt;StaticMutex&gt;&amp; lock, std::chrono::milliseconds sleepDuration)
</del><ins>+void Heap::scavengeSmallPage(std::lock_guard&lt;StaticMutex&gt;&amp; lock)
</ins><span class="cx"> {
</span><del>-    while (!m_smallPages.isEmpty()) {
-        m_vmHeap.deallocateSmallPage(lock, m_smallPages.pop());
-        waitUntilFalse(lock, sleepDuration, m_isAllocatingPages);
-    }
</del><ins>+    SmallPage* page = m_smallPages.pop();
+
+    // Transform small object page back into a large object.
+    page-&gt;setObjectType(ObjectType::Large);
+
+    LargeObject largeObject(page-&gt;begin()-&gt;begin());
+    deallocateLarge(lock, largeObject);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><ins>+void Heap::scavengeSmallPages(std::lock_guard&lt;StaticMutex&gt;&amp; lock)
+{
+    while (!m_smallPages.isEmpty())
+        scavengeSmallPage(lock);
+}
+
</ins><span class="cx"> void Heap::scavengeLargeObjects(std::unique_lock&lt;StaticMutex&gt;&amp; lock, std::chrono::milliseconds sleepDuration)
</span><span class="cx"> {
</span><span class="cx">     while (LargeObject largeObject = m_largeObjects.takeGreedy()) {
</span><span class="lines">@@ -179,26 +193,34 @@
</span><span class="cx"> {
</span><span class="cx">     if (!m_smallPagesWithFreeLines[sizeClass].isEmpty())
</span><span class="cx">         return m_smallPagesWithFreeLines[sizeClass].popFront();
</span><ins>+    
+    if (!m_smallPages.isEmpty()) {
+        SmallPage* page = m_smallPages.pop();
+        page-&gt;setSizeClass(sizeClass);
+        return page;
+    }
</ins><span class="cx"> 
</span><del>-    SmallPage* page = [this, &amp;lock]() {
-        if (!m_smallPages.isEmpty())
-            return m_smallPages.pop();
</del><ins>+    size_t unalignedSize = largeMin + vmPageSize - largeAlignment + vmPageSize;
+    LargeObject largeObject = allocateLarge(lock, vmPageSize, vmPageSize, unalignedSize);
</ins><span class="cx"> 
</span><del>-        m_isAllocatingPages = true;
-        SmallPage* page = m_vmHeap.allocateSmallPage(lock);
-        return page;
-    }();
</del><ins>+    // Transform our large object into a small object page. We deref here
+    // because our small objects will keep their own refcounts on the line.
+    Object object(largeObject.begin());
+    object.line()-&gt;deref(lock);
+    object.page()-&gt;setObjectType(ObjectType::Small);
</ins><span class="cx"> 
</span><del>-    page-&gt;setSizeClass(sizeClass);
-    return page;
</del><ins>+    object.page()-&gt;setSizeClass(sizeClass);
+    return object.page();
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void Heap::deallocateSmallLine(std::lock_guard&lt;StaticMutex&gt;&amp; lock, Object object)
</span><span class="cx"> {
</span><span class="cx">     BASSERT(!object.line()-&gt;refCount(lock));
</span><span class="cx">     SmallPage* page = object.page();
</span><ins>+    if (page-&gt;objectType() == ObjectType::Large)
+        return deallocateLarge(lock, LargeObject(object.begin()));
+
</ins><span class="cx">     page-&gt;deref(lock);
</span><del>-
</del><span class="cx">     if (!page-&gt;hasFreeLines(lock)) {
</span><span class="cx">         page-&gt;setHasFreeLines(lock, true);
</span><span class="cx">         m_smallPagesWithFreeLines[page-&gt;sizeClass()].push(page);
</span><span class="lines">@@ -215,19 +237,22 @@
</span><span class="cx">     m_scavenger.run();
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-inline LargeObject&amp; Heap::splitAndAllocate(LargeObject&amp; largeObject, size_t size)
</del><ins>+inline LargeObject&amp; Heap::splitAndAllocate(std::lock_guard&lt;StaticMutex&gt;&amp; lock, LargeObject&amp; largeObject, size_t size)
</ins><span class="cx"> {
</span><span class="cx">     BASSERT(largeObject.isFree());
</span><span class="cx"> 
</span><span class="cx">     LargeObject nextLargeObject;
</span><span class="cx"> 
</span><del>-    if (largeObject.size() - size &gt; largeMin) {
</del><ins>+    if (largeObject.size() - size &gt;= largeMin) {
</ins><span class="cx">         std::pair&lt;LargeObject, LargeObject&gt; split = largeObject.split(size);
</span><span class="cx">         largeObject = split.first;
</span><span class="cx">         nextLargeObject = split.second;
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     largeObject.setFree(false);
</span><ins>+    Object object(largeObject.begin());
+    object.line()-&gt;ref(lock);
+    BASSERT(object.page()-&gt;objectType() == ObjectType::Large);
</ins><span class="cx"> 
</span><span class="cx">     if (nextLargeObject) {
</span><span class="cx">         BASSERT(!nextLargeObject.nextCanMerge());
</span><span class="lines">@@ -237,7 +262,7 @@
</span><span class="cx">     return largeObject;
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-inline LargeObject&amp; Heap::splitAndAllocate(LargeObject&amp; largeObject, size_t alignment, size_t size)
</del><ins>+inline LargeObject&amp; Heap::splitAndAllocate(std::lock_guard&lt;StaticMutex&gt;&amp; lock, LargeObject&amp; largeObject, size_t alignment, size_t size)
</ins><span class="cx"> {
</span><span class="cx">     LargeObject prevLargeObject;
</span><span class="cx">     LargeObject nextLargeObject;
</span><span class="lines">@@ -252,13 +277,16 @@
</span><span class="cx"> 
</span><span class="cx">     BASSERT(largeObject.isFree());
</span><span class="cx"> 
</span><del>-    if (largeObject.size() - size &gt; largeMin) {
</del><ins>+    if (largeObject.size() - size &gt;= largeMin) {
</ins><span class="cx">         std::pair&lt;LargeObject, LargeObject&gt; split = largeObject.split(size);
</span><span class="cx">         largeObject = split.first;
</span><span class="cx">         nextLargeObject = split.second;
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     largeObject.setFree(false);
</span><ins>+    Object object(largeObject.begin());
+    object.line()-&gt;ref(lock);
+    BASSERT(object.page()-&gt;objectType() == ObjectType::Large);
</ins><span class="cx"> 
</span><span class="cx">     if (prevLargeObject) {
</span><span class="cx">         LargeObject merged = prevLargeObject.merge();
</span><span class="lines">@@ -278,6 +306,9 @@
</span><span class="cx">     BASSERT(size &lt;= largeMax);
</span><span class="cx">     BASSERT(size &gt;= largeMin);
</span><span class="cx">     BASSERT(size == roundUpToMultipleOf&lt;largeAlignment&gt;(size));
</span><ins>+    
+    if (size &lt;= vmPageSize)
+        scavengeSmallPages(lock);
</ins><span class="cx"> 
</span><span class="cx">     LargeObject largeObject = m_largeObjects.take(size);
</span><span class="cx">     if (!largeObject)
</span><span class="lines">@@ -290,7 +321,7 @@
</span><span class="cx">         largeObject.setVMState(VMState::Physical);
</span><span class="cx">     }
</span><span class="cx"> 
</span><del>-    largeObject = splitAndAllocate(largeObject, size);
</del><ins>+    largeObject = splitAndAllocate(lock, largeObject, size);
</ins><span class="cx"> 
</span><span class="cx">     return largeObject.begin();
</span><span class="cx"> }
</span><span class="lines">@@ -307,6 +338,9 @@
</span><span class="cx">     BASSERT(alignment &gt;= largeAlignment);
</span><span class="cx">     BASSERT(isPowerOfTwo(alignment));
</span><span class="cx"> 
</span><ins>+    if (size &lt;= vmPageSize)
+        scavengeSmallPages(lock);
+
</ins><span class="cx">     LargeObject largeObject = m_largeObjects.take(alignment, size, unalignedSize);
</span><span class="cx">     if (!largeObject)
</span><span class="cx">         largeObject = m_vmHeap.allocateLargeObject(lock, alignment, size, unalignedSize);
</span><span class="lines">@@ -318,14 +352,21 @@
</span><span class="cx">         largeObject.setVMState(VMState::Physical);
</span><span class="cx">     }
</span><span class="cx"> 
</span><del>-    largeObject = splitAndAllocate(largeObject, alignment, size);
</del><ins>+    largeObject = splitAndAllocate(lock, largeObject, alignment, size);
</ins><span class="cx"> 
</span><span class="cx">     return largeObject.begin();
</span><span class="cx"> }
</span><span class="cx"> 
</span><ins>+void Heap::shrinkLarge(std::lock_guard&lt;StaticMutex&gt;&amp; lock, LargeObject&amp; largeObject, size_t newSize)
+{
+    std::pair&lt;LargeObject, LargeObject&gt; split = largeObject.split(newSize);
+    deallocateLarge(lock, split.second);
+}
+
</ins><span class="cx"> void Heap::deallocateLarge(std::lock_guard&lt;StaticMutex&gt;&amp;, const LargeObject&amp; largeObject)
</span><span class="cx"> {
</span><span class="cx">     BASSERT(!largeObject.isFree());
</span><ins>+    BASSERT(Object(largeObject.begin()).page()-&gt;objectType() == ObjectType::Large);
</ins><span class="cx">     largeObject.setFree(true);
</span><span class="cx">     
</span><span class="cx">     LargeObject merged = largeObject.merge();
</span><span class="lines">@@ -333,12 +374,6 @@
</span><span class="cx">     m_scavenger.run();
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-void Heap::deallocateLarge(std::lock_guard&lt;StaticMutex&gt;&amp; lock, void* object)
-{
-    LargeObject largeObject(object);
-    deallocateLarge(lock, largeObject);
-}
-
</del><span class="cx"> void* Heap::allocateXLarge(std::lock_guard&lt;StaticMutex&gt;&amp; lock, size_t alignment, size_t size)
</span><span class="cx"> {
</span><span class="cx">     void* result = tryAllocateXLarge(lock, alignment, size);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourcebmallocbmallocHeaph"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Heap.h (199444 => 199445)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Heap.h        2016-04-13 09:26:28 UTC (rev 199444)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Heap.h        2016-04-13 09:36:38 UTC (rev 199445)
</span><span class="lines">@@ -33,7 +33,6 @@
</span><span class="cx"> #include &quot;Mutex.h&quot;
</span><span class="cx"> #include &quot;Object.h&quot;
</span><span class="cx"> #include &quot;SegregatedFreeList.h&quot;
</span><del>-#include &quot;SmallChunk.h&quot;
</del><span class="cx"> #include &quot;SmallLine.h&quot;
</span><span class="cx"> #include &quot;SmallPage.h&quot;
</span><span class="cx"> #include &quot;VMHeap.h&quot;
</span><span class="lines">@@ -59,7 +58,7 @@
</span><span class="cx"> 
</span><span class="cx">     void* allocateLarge(std::lock_guard&lt;StaticMutex&gt;&amp;, size_t);
</span><span class="cx">     void* allocateLarge(std::lock_guard&lt;StaticMutex&gt;&amp;, size_t alignment, size_t, size_t unalignedSize);
</span><del>-    void deallocateLarge(std::lock_guard&lt;StaticMutex&gt;&amp;, void*);
</del><ins>+    void shrinkLarge(std::lock_guard&lt;StaticMutex&gt;&amp;, LargeObject&amp;, size_t);
</ins><span class="cx"> 
</span><span class="cx">     void* allocateXLarge(std::lock_guard&lt;StaticMutex&gt;&amp;, size_t);
</span><span class="cx">     void* allocateXLarge(std::lock_guard&lt;StaticMutex&gt;&amp;, size_t alignment, size_t);
</span><span class="lines">@@ -80,8 +79,8 @@
</span><span class="cx">     void deallocateSmallLine(std::lock_guard&lt;StaticMutex&gt;&amp;, Object);
</span><span class="cx">     void deallocateLarge(std::lock_guard&lt;StaticMutex&gt;&amp;, const LargeObject&amp;);
</span><span class="cx"> 
</span><del>-    LargeObject&amp; splitAndAllocate(LargeObject&amp;, size_t);
-    LargeObject&amp; splitAndAllocate(LargeObject&amp;, size_t, size_t);
</del><ins>+    LargeObject&amp; splitAndAllocate(std::lock_guard&lt;StaticMutex&gt;&amp;, LargeObject&amp;, size_t);
+    LargeObject&amp; splitAndAllocate(std::lock_guard&lt;StaticMutex&gt;&amp;, LargeObject&amp;, size_t, size_t);
</ins><span class="cx">     void mergeLarge(BeginTag*&amp;, EndTag*&amp;, Range&amp;);
</span><span class="cx">     void mergeLargeLeft(EndTag*&amp;, BeginTag*&amp;, Range&amp;, bool&amp; inVMHeap);
</span><span class="cx">     void mergeLargeRight(EndTag*&amp;, BeginTag*&amp;, Range&amp;, bool&amp; inVMHeap);
</span><span class="lines">@@ -89,7 +88,8 @@
</span><span class="cx">     XLargeRange splitAndAllocate(XLargeRange&amp;, size_t alignment, size_t);
</span><span class="cx"> 
</span><span class="cx">     void concurrentScavenge();
</span><del>-    void scavengeSmallPages(std::unique_lock&lt;StaticMutex&gt;&amp;, std::chrono::milliseconds);
</del><ins>+    void scavengeSmallPage(std::lock_guard&lt;StaticMutex&gt;&amp;);
+    void scavengeSmallPages(std::lock_guard&lt;StaticMutex&gt;&amp;);
</ins><span class="cx">     void scavengeLargeObjects(std::unique_lock&lt;StaticMutex&gt;&amp;, std::chrono::milliseconds);
</span><span class="cx">     void scavengeXLargeObjects(std::unique_lock&lt;StaticMutex&gt;&amp;, std::chrono::milliseconds);
</span><span class="cx"> 
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourcebmallocbmallocLargeChunkh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/LargeChunk.h (199444 => 199445)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/LargeChunk.h        2016-04-13 09:26:28 UTC (rev 199444)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/LargeChunk.h        2016-04-13 09:36:38 UTC (rev 199445)
</span><span class="lines">@@ -28,8 +28,11 @@
</span><span class="cx"> 
</span><span class="cx"> #include &quot;BeginTag.h&quot;
</span><span class="cx"> #include &quot;EndTag.h&quot;
</span><ins>+#include &quot;Object.h&quot;
</ins><span class="cx"> #include &quot;ObjectType.h&quot;
</span><span class="cx"> #include &quot;Sizes.h&quot;
</span><ins>+#include &quot;SmallLine.h&quot;
+#include &quot;SmallPage.h&quot;
</ins><span class="cx"> #include &quot;VMAllocate.h&quot;
</span><span class="cx"> #include &lt;array&gt;
</span><span class="cx"> 
</span><span class="lines">@@ -37,12 +40,25 @@
</span><span class="cx"> 
</span><span class="cx"> class LargeChunk {
</span><span class="cx"> public:
</span><del>-    LargeChunk();
</del><span class="cx">     static LargeChunk* get(void*);
</span><span class="cx"> 
</span><span class="cx">     static BeginTag* beginTag(void*);
</span><span class="cx">     static EndTag* endTag(void*, size_t);
</span><span class="cx"> 
</span><ins>+    LargeChunk(std::lock_guard&lt;StaticMutex&gt;&amp;);
+
+    size_t offset(void*);
+
+    void* object(size_t offset);
+    SmallPage* page(size_t offset);
+    SmallLine* line(size_t offset);
+
+    SmallPage* pageBegin() { return Object(m_memory).page(); }
+    SmallPage* pageEnd() { return m_pages.end(); }
+    
+    SmallLine* lines() { return m_lines.begin(); }
+    SmallPage* pages() { return m_pages.begin(); }
+
</ins><span class="cx">     char* begin() { return m_memory; }
</span><span class="cx">     char* end() { return reinterpret_cast&lt;char*&gt;(this) + largeChunkSize; }
</span><span class="cx"> 
</span><span class="lines">@@ -64,17 +80,21 @@
</span><span class="cx">     //
</span><span class="cx">     // We use the X's for boundary tags and the O's for edge sentinels.
</span><span class="cx"> 
</span><ins>+    std::array&lt;SmallLine, largeChunkSize / smallLineSize&gt; m_lines;
+    std::array&lt;SmallPage, largeChunkSize / vmPageSize&gt; m_pages;
</ins><span class="cx">     std::array&lt;BoundaryTag, boundaryTagCount&gt; m_boundaryTags;
</span><del>-    char m_memory[] __attribute__((aligned(largeAlignment+0)));
</del><ins>+    char m_memory[] __attribute__((aligned(2 * smallMax + 0)));
</ins><span class="cx"> };
</span><span class="cx"> 
</span><del>-static_assert(largeChunkMetadataSize == sizeof(LargeChunk), &quot;Our largeChunkMetadataSize math in Sizes.h is wrong&quot;);
-static_assert(largeChunkMetadataSize + largeObjectMax == largeChunkSize, &quot;largeObjectMax is too small or too big&quot;);
</del><ins>+static_assert(sizeof(LargeChunk) + largeMax &lt;= largeChunkSize, &quot;largeMax is too big&quot;);
+static_assert(
+    sizeof(LargeChunk) % vmPageSize + 2 * smallMax &lt;= vmPageSize,
+    &quot;the first page of object memory in a small chunk must be able to allocate smallMax&quot;);
</ins><span class="cx"> 
</span><del>-inline LargeChunk::LargeChunk()
</del><ins>+inline LargeChunk::LargeChunk(std::lock_guard&lt;StaticMutex&gt;&amp; lock)
</ins><span class="cx"> {
</span><span class="cx">     Range range(begin(), end() - begin());
</span><del>-    BASSERT(range.size() == largeObjectMax);
</del><ins>+    BASSERT(range.size() &lt;= largeObjectMax);
</ins><span class="cx"> 
</span><span class="cx">     BeginTag* beginTag = LargeChunk::beginTag(range.begin());
</span><span class="cx">     beginTag-&gt;setRange(range);
</span><span class="lines">@@ -97,11 +117,17 @@
</span><span class="cx">     BASSERT(rightSentinel &gt;= m_boundaryTags.begin());
</span><span class="cx">     BASSERT(rightSentinel &lt; m_boundaryTags.end());
</span><span class="cx">     rightSentinel-&gt;initSentinel();
</span><ins>+
+    // Track the memory used for metadata by allocating imaginary objects.
+    for (char* it = reinterpret_cast&lt;char*&gt;(this); it &lt; m_memory; it += smallLineSize) {
+        Object object(it);
+        object.line()-&gt;ref(lock);
+        object.page()-&gt;ref(lock);
+    }
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> inline LargeChunk* LargeChunk::get(void* object)
</span><span class="cx"> {
</span><del>-    BASSERT(!isSmall(object));
</del><span class="cx">     return static_cast&lt;LargeChunk*&gt;(mask(object, largeChunkMask));
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -114,8 +140,6 @@
</span><span class="cx"> 
</span><span class="cx"> inline EndTag* LargeChunk::endTag(void* object, size_t size)
</span><span class="cx"> {
</span><del>-    BASSERT(!isSmall(object));
-
</del><span class="cx">     LargeChunk* chunk = get(object);
</span><span class="cx">     char* end = static_cast&lt;char*&gt;(object) + size;
</span><span class="cx"> 
</span><span class="lines">@@ -127,6 +151,89 @@
</span><span class="cx">     return static_cast&lt;EndTag*&gt;(&amp;chunk-&gt;m_boundaryTags[boundaryTagNumber]);
</span><span class="cx"> }
</span><span class="cx"> 
</span><ins>+inline size_t LargeChunk::offset(void* object)
+{
+    BASSERT(object &gt;= this);
+    BASSERT(object &lt; reinterpret_cast&lt;char*&gt;(this) + largeChunkSize);
+    return static_cast&lt;char*&gt;(object) - reinterpret_cast&lt;char*&gt;(this);
+}
+
+inline void* LargeChunk::object(size_t offset)
+{
+    return reinterpret_cast&lt;char*&gt;(this) + offset;
+}
+
+inline SmallPage* LargeChunk::page(size_t offset)
+{
+    size_t pageNumber = offset / vmPageSize;
+    return &amp;m_pages[pageNumber];
+}
+
+inline SmallLine* LargeChunk::line(size_t offset)
+{
+    size_t lineNumber = offset / smallLineSize;
+    return &amp;m_lines[lineNumber];
+}
+
+inline char* SmallLine::begin()
+{
+    LargeChunk* chunk = LargeChunk::get(this);
+    size_t lineNumber = this - chunk-&gt;lines();
+    size_t offset = lineNumber * smallLineSize;
+    return &amp;reinterpret_cast&lt;char*&gt;(chunk)[offset];
+}
+
+inline char* SmallLine::end()
+{
+    return begin() + smallLineSize;
+}
+
+inline SmallLine* SmallPage::begin()
+{
+    LargeChunk* chunk = LargeChunk::get(this);
+    size_t pageNumber = this - chunk-&gt;pages();
+    size_t lineNumber = pageNumber * smallLineCount;
+    return &amp;chunk-&gt;lines()[lineNumber];
+}
+
+inline SmallLine* SmallPage::end()
+{
+    return begin() + smallLineCount;
+}
+
+inline Object::Object(void* object)
+    : m_chunk(LargeChunk::get(object))
+    , m_offset(m_chunk-&gt;offset(object))
+{
+}
+
+inline Object::Object(LargeChunk* chunk, void* object)
+    : m_chunk(chunk)
+    , m_offset(m_chunk-&gt;offset(object))
+{
+    BASSERT(chunk == LargeChunk::get(object));
+}
+
+inline void* Object::begin()
+{
+    return m_chunk-&gt;object(m_offset);
+}
+
+inline void* Object::pageBegin()
+{
+    return m_chunk-&gt;object(roundDownToMultipleOf(vmPageSize, m_offset));
+}
+
+inline SmallLine* Object::line()
+{
+    return m_chunk-&gt;line(m_offset);
+}
+
+inline SmallPage* Object::page()
+{
+    return m_chunk-&gt;page(m_offset);
+}
+
</ins><span class="cx"> }; // namespace bmalloc
</span><span class="cx"> 
</span><span class="cx"> #endif // LargeChunk
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourcebmallocbmallocObjecth"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Object.h (199444 => 199445)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Object.h        2016-04-13 09:26:28 UTC (rev 199444)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Object.h        2016-04-13 09:36:38 UTC (rev 199445)
</span><span class="lines">@@ -28,22 +28,24 @@
</span><span class="cx"> 
</span><span class="cx"> namespace bmalloc {
</span><span class="cx"> 
</span><del>-class SmallChunk;
</del><ins>+class LargeChunk;
</ins><span class="cx"> class SmallLine;
</span><span class="cx"> class SmallPage;
</span><span class="cx"> 
</span><span class="cx"> class Object {
</span><span class="cx"> public:
</span><span class="cx">     Object(void*);
</span><del>-    Object(SmallChunk*, void*);
</del><ins>+    Object(LargeChunk*, void*);
</ins><span class="cx">     
</span><del>-    SmallChunk* chunk() { return m_chunk; }
</del><ins>+    LargeChunk* chunk() { return m_chunk; }
+    void* begin();
+    void* pageBegin();
</ins><span class="cx"> 
</span><span class="cx">     SmallLine* line();
</span><span class="cx">     SmallPage* page();
</span><span class="cx"> 
</span><span class="cx"> private:
</span><del>-    SmallChunk* m_chunk;
</del><ins>+    LargeChunk* m_chunk;
</ins><span class="cx">     size_t m_offset;
</span><span class="cx"> };
</span><span class="cx"> 
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourcebmallocbmallocObjectTypecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/ObjectType.cpp (199444 => 199445)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/ObjectType.cpp        2016-04-13 09:26:28 UTC (rev 199444)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/ObjectType.cpp        2016-04-13 09:36:38 UTC (rev 199445)
</span><span class="lines">@@ -23,20 +23,19 @@
</span><span class="cx">  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
</span><span class="cx">  */
</span><span class="cx"> 
</span><del>-#include &quot;LargeChunk.h&quot;
</del><span class="cx"> #include &quot;ObjectType.h&quot;
</span><span class="cx"> 
</span><ins>+#include &quot;LargeChunk.h&quot;
+#include &quot;Object.h&quot;
+
</ins><span class="cx"> namespace bmalloc {
</span><span class="cx"> 
</span><span class="cx"> ObjectType objectType(void* object)
</span><span class="cx"> {
</span><del>-    if (isSmall(object))
-        return Small;
</del><ins>+    if (isXLarge(object))
+        return ObjectType::XLarge;
</ins><span class="cx">     
</span><del>-    if (!isXLarge(object))
-        return Large;
-    
-    return XLarge;
</del><ins>+    return Object(object).page()-&gt;objectType();
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } // namespace bmalloc
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourcebmallocbmallocObjectTypeh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/ObjectType.h (199444 => 199445)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/ObjectType.h        2016-04-13 09:26:28 UTC (rev 199444)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/ObjectType.h        2016-04-13 09:36:38 UTC (rev 199445)
</span><span class="lines">@@ -31,15 +31,10 @@
</span><span class="cx"> 
</span><span class="cx"> namespace bmalloc {
</span><span class="cx"> 
</span><del>-enum ObjectType { Small, Large, XLarge };
</del><ins>+enum class ObjectType : unsigned char { Small, Large, XLarge };
</ins><span class="cx"> 
</span><span class="cx"> ObjectType objectType(void*);
</span><span class="cx"> 
</span><del>-inline bool isSmall(void* object)
-{
-    return test(object, smallMask);
-}
-
</del><span class="cx"> inline bool isXLarge(void* object)
</span><span class="cx"> {
</span><span class="cx">     return !test(object, ~xLargeMask);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourcebmallocbmallocSegregatedFreeListh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/SegregatedFreeList.h (199444 => 199445)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/SegregatedFreeList.h        2016-04-13 09:26:28 UTC (rev 199444)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/SegregatedFreeList.h        2016-04-13 09:36:38 UTC (rev 199445)
</span><span class="lines">@@ -61,7 +61,7 @@
</span><span class="cx">     FreeList&amp; select(size_t);
</span><span class="cx"> 
</span><span class="cx">     VMState::HasPhysical m_hasPhysical;
</span><del>-    std::array&lt;FreeList, 15&gt; m_freeLists;
</del><ins>+    std::array&lt;FreeList, 16&gt; m_freeLists;
</ins><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> } // namespace bmalloc
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourcebmallocbmallocSizesh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Sizes.h (199444 => 199445)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Sizes.h        2016-04-13 09:26:28 UTC (rev 199444)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Sizes.h        2016-04-13 09:36:38 UTC (rev 199445)
</span><span class="lines">@@ -51,42 +51,28 @@
</span><span class="cx"> #else
</span><span class="cx">     static const size_t vmPageSize = 4 * kB;
</span><span class="cx"> #endif
</span><del>-    static const size_t vmPageMask = ~(vmPageSize - 1);
</del><span class="cx">     
</span><del>-    static const size_t superChunkSize = 2 * MB;
-    static const size_t superChunkMask = ~(superChunkSize - 1);
-
-    static const size_t smallChunkSize = superChunkSize / 2;
-    static const size_t smallChunkOffset = superChunkSize / 2;
-    static const size_t smallChunkMask = ~(smallChunkSize - 1ul);
-
</del><span class="cx">     static const size_t smallLineSize = 256;
</span><span class="cx">     static const size_t smallLineCount = vmPageSize / smallLineSize;
</span><span class="cx"> 
</span><span class="cx">     static const size_t smallMax = 1 * kB;
</span><span class="cx">     static const size_t maskSizeClassMax = 512;
</span><span class="cx"> 
</span><del>-    static const size_t largeChunkSize = superChunkSize / 2;
-    static const size_t largeChunkOffset = 0;
</del><ins>+    static const size_t largeChunkSize = 2 * MB;
</ins><span class="cx">     static const size_t largeChunkMask = ~(largeChunkSize - 1ul);
</span><span class="cx"> 
</span><span class="cx">     static const size_t largeAlignment = 64;
</span><span class="cx">     static const size_t largeMin = smallMax;
</span><del>-    static const size_t largeChunkMetadataSize = 4 * kB; // sizeof(LargeChunk)
-    static const size_t largeObjectMax = largeChunkSize - largeChunkMetadataSize;
</del><ins>+    static const size_t largeObjectMax = largeChunkSize;
</ins><span class="cx">     static const size_t largeMax = largeObjectMax / 2;
</span><span class="cx"> 
</span><del>-    static const size_t xLargeAlignment = superChunkSize;
</del><ins>+    static const size_t xLargeAlignment = largeChunkSize;
</ins><span class="cx">     static const size_t xLargeMask = ~(xLargeAlignment - 1);
</span><span class="cx">     static const size_t xLargeMax = std::numeric_limits&lt;size_t&gt;::max() - xLargeAlignment; // Make sure that rounding up to xLargeAlignment does not overflow.
</span><span class="cx"> 
</span><span class="cx">     static const size_t freeListSearchDepth = 16;
</span><span class="cx">     static const size_t freeListGrowFactor = 2;
</span><span class="cx"> 
</span><del>-    static const uintptr_t typeMask = (superChunkSize - 1) &amp; ~((superChunkSize / 2) - 1); // 2 taggable chunks
-    static const uintptr_t largeMask = typeMask &amp; (superChunkSize + largeChunkOffset);
-    static const uintptr_t smallMask = typeMask &amp; (superChunkSize + smallChunkOffset);
-
</del><span class="cx">     static const size_t deallocatorLogCapacity = 256;
</span><span class="cx">     static const size_t bumpRangeCacheCapacity = 3;
</span><span class="cx">     
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourcebmallocbmallocSmallChunkh"></a>
<div class="delfile"><h4>Deleted: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/SmallChunk.h (199444 => 199445)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/SmallChunk.h        2016-04-13 09:26:28 UTC (rev 199444)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/SmallChunk.h        2016-04-13 09:36:38 UTC (rev 199445)
</span><span class="lines">@@ -1,157 +0,0 @@
</span><del>-/*
- * Copyright (C) 2014-2016 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#ifndef SmallChunk_h
-#define SmallChunk_h
-
-#include &quot;Object.h&quot;
-#include &quot;Sizes.h&quot;
-#include &quot;SmallLine.h&quot;
-#include &quot;SmallPage.h&quot;
-#include &quot;VMAllocate.h&quot;
-
-namespace bmalloc {
-
-class SmallChunk {
-public:
-    SmallChunk(std::lock_guard&lt;StaticMutex&gt;&amp;);
-
-    static SmallChunk* get(void*);
-    size_t offset(void*);
-
-    void* object(size_t offset);
-    SmallPage* page(size_t offset);
-    SmallLine* line(size_t offset);
-
-    SmallPage* begin() { return Object(m_memory).page(); }
-    SmallPage* end() { return m_pages.end(); }
-    
-    SmallLine* lines() { return m_lines.begin(); }
-    SmallPage* pages() { return m_pages.begin(); }
-    
-private:
-    std::array&lt;SmallLine, smallChunkSize / smallLineSize&gt; m_lines;
-    std::array&lt;SmallPage, smallChunkSize / vmPageSize&gt; m_pages;
-    char m_memory[] __attribute__((aligned(2 * smallMax + 0)));
-};
-
-static_assert(!(vmPageSize % smallLineSize), &quot;vmPageSize must be an even multiple of line size&quot;);
-static_assert(!(smallChunkSize % smallLineSize), &quot;chunk size must be an even multiple of line size&quot;);
-static_assert(
-    sizeof(SmallChunk) % vmPageSize + 2 * smallMax &lt;= vmPageSize,
-    &quot;the first page of object memory in a small chunk must be able to allocate smallMax&quot;);
-
-inline SmallChunk::SmallChunk(std::lock_guard&lt;StaticMutex&gt;&amp; lock)
-{
-    // Track the memory used for metadata by allocating imaginary objects.
-    for (char* it = reinterpret_cast&lt;char*&gt;(this); it &lt; m_memory; it += smallLineSize) {
-        Object object(it);
-        object.line()-&gt;ref(lock);
-        object.page()-&gt;ref(lock);
-    }
-}
-
-inline SmallChunk* SmallChunk::get(void* object)
-{
-    BASSERT(isSmall(object));
-    return static_cast&lt;SmallChunk*&gt;(mask(object, smallChunkMask));
-}
-
-inline size_t SmallChunk::offset(void* object)
-{
-    BASSERT(object &gt;= this);
-    BASSERT(object &lt; reinterpret_cast&lt;char*&gt;(this) + smallChunkSize);
-    return static_cast&lt;char*&gt;(object) - reinterpret_cast&lt;char*&gt;(this);
-}
-
-inline void* SmallChunk::object(size_t offset)
-{
-    return reinterpret_cast&lt;char*&gt;(this) + offset;
-}
-
-inline SmallPage* SmallChunk::page(size_t offset)
-{
-    size_t pageNumber = offset / vmPageSize;
-    return &amp;m_pages[pageNumber];
-}
-
-inline SmallLine* SmallChunk::line(size_t offset)
-{
-    size_t lineNumber = offset / smallLineSize;
-    return &amp;m_lines[lineNumber];
-}
-
-inline char* SmallLine::begin()
-{
-    SmallChunk* chunk = SmallChunk::get(this);
-    size_t lineNumber = this - chunk-&gt;lines();
-    size_t offset = lineNumber * smallLineSize;
-    return &amp;reinterpret_cast&lt;char*&gt;(chunk)[offset];
-}
-
-inline char* SmallLine::end()
-{
-    return begin() + smallLineSize;
-}
-
-inline SmallLine* SmallPage::begin()
-{
-    SmallChunk* chunk = SmallChunk::get(this);
-    size_t pageNumber = this - chunk-&gt;pages();
-    size_t lineNumber = pageNumber * smallLineCount;
-    return &amp;chunk-&gt;lines()[lineNumber];
-}
-
-inline SmallLine* SmallPage::end()
-{
-    return begin() + smallLineCount;
-}
-
-inline Object::Object(void* object)
-    : m_chunk(SmallChunk::get(object))
-    , m_offset(m_chunk-&gt;offset(object))
-{
-}
-
-inline Object::Object(SmallChunk* chunk, void* object)
-    : m_chunk(chunk)
-    , m_offset(m_chunk-&gt;offset(object))
-{
-    BASSERT(chunk == SmallChunk::get(object));
-}
-
-inline SmallLine* Object::line()
-{
-    return m_chunk-&gt;line(m_offset);
-}
-
-inline SmallPage* Object::page()
-{
-    return m_chunk-&gt;page(m_offset);
-}
-
-}; // namespace bmalloc
-
-#endif // Chunk
</del></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourcebmallocbmallocSmallPageh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/SmallPage.h (199444 => 199445)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/SmallPage.h        2016-04-13 09:26:28 UTC (rev 199444)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/SmallPage.h        2016-04-13 09:36:38 UTC (rev 199445)
</span><span class="lines">@@ -38,6 +38,7 @@
</span><span class="cx"> public:
</span><span class="cx">     SmallPage()
</span><span class="cx">         : m_hasFreeLines(true)
</span><ins>+        , m_objectType(ObjectType::Large)
</ins><span class="cx">     {
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="lines">@@ -48,6 +49,9 @@
</span><span class="cx">     size_t sizeClass() { return m_sizeClass; }
</span><span class="cx">     void setSizeClass(size_t sizeClass) { m_sizeClass = sizeClass; }
</span><span class="cx">     
</span><ins>+    ObjectType objectType() const { return m_objectType; }
+    void setObjectType(ObjectType objectType) { m_objectType = objectType; }
+
</ins><span class="cx">     bool hasFreeLines(std::lock_guard&lt;StaticMutex&gt;&amp;) const { return m_hasFreeLines; }
</span><span class="cx">     void setHasFreeLines(std::lock_guard&lt;StaticMutex&gt;&amp;, bool hasFreeLines) { m_hasFreeLines = hasFreeLines; }
</span><span class="cx">     
</span><span class="lines">@@ -58,6 +62,7 @@
</span><span class="cx">     unsigned char m_hasFreeLines: 1;
</span><span class="cx">     unsigned char m_refCount: 7;
</span><span class="cx">     unsigned char m_sizeClass;
</span><ins>+    ObjectType m_objectType;
</ins><span class="cx"> 
</span><span class="cx"> static_assert(
</span><span class="cx">     sizeClassCount &lt;= std::numeric_limits&lt;decltype(m_sizeClass)&gt;::max(),
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourcebmallocbmallocSuperChunkh"></a>
<div class="delfile"><h4>Deleted: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/SuperChunk.h (199444 => 199445)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/SuperChunk.h        2016-04-13 09:26:28 UTC (rev 199444)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/SuperChunk.h        2016-04-13 09:36:38 UTC (rev 199445)
</span><span class="lines">@@ -1,61 +0,0 @@
</span><del>-/*
- * Copyright (C) 2015 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
- */
-
-#ifndef SuperChunk_h
-#define SuperChunk_h
-
-#include &quot;LargeChunk.h&quot;
-#include &quot;SmallChunk.h&quot;
-
-namespace bmalloc {
-
-class SuperChunk {
-public:
-    SuperChunk();
-
-    void* smallChunk();
-    void* largeChunk();
-};
-
-inline SuperChunk::SuperChunk()
-{
-    BASSERT(!test(this, ~superChunkMask));
-    BASSERT(!test(smallChunk(), ~smallChunkMask));
-    BASSERT(!test(largeChunk(), ~largeChunkMask));
-}
-
-inline void* SuperChunk::smallChunk()
-{
-    return reinterpret_cast&lt;char*&gt;(this) + smallChunkOffset;
-}
-
-inline void* SuperChunk::largeChunk()
-{
-    return reinterpret_cast&lt;char*&gt;(this) + largeChunkOffset;
-}
-
-} // namespace bmalloc
-
-#endif // SuperChunk_h
</del></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourcebmallocbmallocVMHeapcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/VMHeap.cpp (199444 => 199445)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/VMHeap.cpp        2016-04-13 09:26:28 UTC (rev 199444)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/VMHeap.cpp        2016-04-13 09:36:38 UTC (rev 199445)
</span><span class="lines">@@ -25,7 +25,6 @@
</span><span class="cx"> 
</span><span class="cx"> #include &quot;LargeObject.h&quot;
</span><span class="cx"> #include &quot;PerProcess.h&quot;
</span><del>-#include &quot;SuperChunk.h&quot;
</del><span class="cx"> #include &quot;VMHeap.h&quot;
</span><span class="cx"> #include &lt;thread&gt;
</span><span class="cx"> 
</span><span class="lines">@@ -36,36 +35,16 @@
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-void VMHeap::allocateSmallChunk(std::lock_guard&lt;StaticMutex&gt;&amp; lock)
-{
-    if (!m_smallChunks.size())
-        allocateSuperChunk(lock);
-
-    // We initialize chunks lazily to avoid dirtying their metadata pages.
-    SmallChunk* smallChunk = new (m_smallChunks.pop()-&gt;smallChunk()) SmallChunk(lock);
-    for (auto* it = smallChunk-&gt;begin(); it &lt; smallChunk-&gt;end(); ++it)
-        m_smallPages.push(it);
-}
-
</del><span class="cx"> LargeObject VMHeap::allocateLargeChunk(std::lock_guard&lt;StaticMutex&gt;&amp; lock)
</span><span class="cx"> {
</span><del>-    if (!m_largeChunks.size())
-        allocateSuperChunk(lock);
</del><ins>+    LargeChunk* largeChunk =
+        new (vmAllocate(largeChunkSize, largeChunkSize)) LargeChunk(lock);
</ins><span class="cx"> 
</span><del>-    // We initialize chunks lazily to avoid dirtying their metadata pages.
-    LargeChunk* largeChunk = new (m_largeChunks.pop()-&gt;largeChunk()) LargeChunk;
-    return LargeObject(largeChunk-&gt;begin());
-}
-
-void VMHeap::allocateSuperChunk(std::lock_guard&lt;StaticMutex&gt;&amp;)
-{
-    SuperChunk* superChunk =
-        new (vmAllocate(superChunkSize, superChunkSize)) SuperChunk;
-    m_smallChunks.push(superChunk);
-    m_largeChunks.push(superChunk);
</del><span class="cx"> #if BOS(DARWIN)
</span><del>-    m_zone.addSuperChunk(superChunk);
</del><ins>+    m_zone.addLargeChunk(largeChunk);
</ins><span class="cx"> #endif
</span><ins>+
+    return LargeObject(largeChunk-&gt;begin());
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } // namespace bmalloc
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourcebmallocbmallocVMHeaph"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/VMHeap.h (199444 => 199445)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/VMHeap.h        2016-04-13 09:26:28 UTC (rev 199444)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/VMHeap.h        2016-04-13 09:36:38 UTC (rev 199445)
</span><span class="lines">@@ -32,7 +32,6 @@
</span><span class="cx"> #include &quot;LargeObject.h&quot;
</span><span class="cx"> #include &quot;Range.h&quot;
</span><span class="cx"> #include &quot;SegregatedFreeList.h&quot;
</span><del>-#include &quot;SmallChunk.h&quot;
</del><span class="cx"> #include &quot;VMState.h&quot;
</span><span class="cx"> #include &quot;Vector.h&quot;
</span><span class="cx"> #if BOS(DARWIN)
</span><span class="lines">@@ -44,45 +43,26 @@
</span><span class="cx"> class BeginTag;
</span><span class="cx"> class EndTag;
</span><span class="cx"> class Heap;
</span><del>-class SuperChunk;
</del><span class="cx"> 
</span><span class="cx"> class VMHeap {
</span><span class="cx"> public:
</span><span class="cx">     VMHeap();
</span><span class="cx"> 
</span><del>-    SmallPage* allocateSmallPage(std::lock_guard&lt;StaticMutex&gt;&amp;);
</del><span class="cx">     LargeObject allocateLargeObject(std::lock_guard&lt;StaticMutex&gt;&amp;, size_t);
</span><span class="cx">     LargeObject allocateLargeObject(std::lock_guard&lt;StaticMutex&gt;&amp;, size_t, size_t, size_t);
</span><span class="cx"> 
</span><del>-    void deallocateSmallPage(std::unique_lock&lt;StaticMutex&gt;&amp;, SmallPage*);
</del><span class="cx">     void deallocateLargeObject(std::unique_lock&lt;StaticMutex&gt;&amp;, LargeObject);
</span><span class="cx">     
</span><span class="cx"> private:
</span><del>-    void allocateSmallChunk(std::lock_guard&lt;StaticMutex&gt;&amp;);
</del><span class="cx">     LargeObject allocateLargeChunk(std::lock_guard&lt;StaticMutex&gt;&amp;);
</span><del>-    void allocateSuperChunk(std::lock_guard&lt;StaticMutex&gt;&amp;);
</del><span class="cx"> 
</span><del>-    List&lt;SmallPage&gt; m_smallPages;
</del><span class="cx">     SegregatedFreeList m_largeObjects;
</span><span class="cx"> 
</span><del>-    Vector&lt;SuperChunk*&gt; m_smallChunks;
-    Vector&lt;SuperChunk*&gt; m_largeChunks;
-
</del><span class="cx"> #if BOS(DARWIN)
</span><span class="cx">     Zone m_zone;
</span><span class="cx"> #endif
</span><span class="cx"> };
</span><span class="cx"> 
</span><del>-inline SmallPage* VMHeap::allocateSmallPage(std::lock_guard&lt;StaticMutex&gt;&amp; lock)
-{
-    if (m_smallPages.isEmpty())
-        allocateSmallChunk(lock);
-
-    SmallPage* page = m_smallPages.pop();
-    vmAllocatePhysicalPages(page-&gt;begin()-&gt;begin(), vmPageSize);
-    return page;
-}
-
</del><span class="cx"> inline LargeObject VMHeap::allocateLargeObject(std::lock_guard&lt;StaticMutex&gt;&amp; lock, size_t size)
</span><span class="cx"> {
</span><span class="cx">     if (LargeObject largeObject = m_largeObjects.take(size))
</span><span class="lines">@@ -101,15 +81,6 @@
</span><span class="cx">     return allocateLargeChunk(lock);
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-inline void VMHeap::deallocateSmallPage(std::unique_lock&lt;StaticMutex&gt;&amp; lock, SmallPage* page)
-{
-    lock.unlock();
-    vmDeallocatePhysicalPages(page-&gt;begin()-&gt;begin(), vmPageSize);
-    lock.lock();
-    
-    m_smallPages.push(page);
-}
-
</del><span class="cx"> inline void VMHeap::deallocateLargeObject(std::unique_lock&lt;StaticMutex&gt;&amp; lock, LargeObject largeObject)
</span><span class="cx"> {
</span><span class="cx">     // Multiple threads might scavenge concurrently, meaning that new merging opportunities
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourcebmallocbmallocZonecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Zone.cpp (199444 => 199445)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Zone.cpp        2016-04-13 09:26:28 UTC (rev 199444)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Zone.cpp        2016-04-13 09:36:38 UTC (rev 199445)
</span><span class="lines">@@ -88,8 +88,8 @@
</span><span class="cx"> static kern_return_t enumerator(task_t task, void* context, unsigned type_mask, vm_address_t zone_address, memory_reader_t reader, vm_range_recorder_t recorder)
</span><span class="cx"> {
</span><span class="cx">     Zone remoteZone(task, reader, zone_address);
</span><del>-    for (auto* superChunk : remoteZone.superChunks()) {
-        vm_range_t range = { reinterpret_cast&lt;vm_address_t&gt;(superChunk), superChunkSize };
</del><ins>+    for (auto* largeChunk : remoteZone.largeChunks()) {
+        vm_range_t range = { reinterpret_cast&lt;vm_address_t&gt;(largeChunk), largeChunkSize };
</ins><span class="cx"> 
</span><span class="cx">         if ((type_mask &amp; MALLOC_PTR_REGION_RANGE_TYPE))
</span><span class="cx">             (*recorder)(task, context, MALLOC_PTR_REGION_RANGE_TYPE, &amp;range, 1);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourcebmallocbmallocZoneh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Zone.h (199444 => 199445)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Zone.h        2016-04-13 09:26:28 UTC (rev 199444)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc/Zone.h        2016-04-13 09:36:38 UTC (rev 199445)
</span><span class="lines">@@ -31,7 +31,7 @@
</span><span class="cx"> 
</span><span class="cx"> namespace bmalloc {
</span><span class="cx"> 
</span><del>-class SuperChunk;
</del><ins>+class LargeChunk;
</ins><span class="cx"> 
</span><span class="cx"> class Zone : public malloc_zone_t {
</span><span class="cx"> public:
</span><span class="lines">@@ -41,30 +41,30 @@
</span><span class="cx">     Zone();
</span><span class="cx">     Zone(task_t, memory_reader_t, vm_address_t);
</span><span class="cx"> 
</span><del>-    void addSuperChunk(SuperChunk*);
-    FixedVector&lt;SuperChunk*, capacity&gt;&amp; superChunks() { return m_superChunks; }
</del><ins>+    void addLargeChunk(LargeChunk*);
+    FixedVector&lt;LargeChunk*, capacity&gt;&amp; largeChunks() { return m_largeChunks; }
</ins><span class="cx">     
</span><span class="cx"> private:
</span><span class="cx">     // This vector has two purposes:
</span><del>-    //     (1) It stores the list of SuperChunks so that we can enumerate
-    //         each SuperChunk and request that it be scanned if reachable.
-    //     (2) It roots a pointer to each SuperChunk in a global non-malloc
-    //         VM region, making each SuperChunk appear reachable, and therefore
</del><ins>+    //     (1) It stores the list of LargeChunks so that we can enumerate
+    //         each LargeChunk and request that it be scanned if reachable.
+    //     (2) It roots a pointer to each LargeChunk in a global non-malloc
+    //         VM region, making each LargeChunk appear reachable, and therefore
</ins><span class="cx">     //         ensuring that the leaks tool will scan it. (The leaks tool
</span><span class="cx">     //         conservatively scans all writeable VM regions that are not malloc
</span><span class="cx">     //         regions, and then scans malloc regions using the introspection API.)
</span><span class="cx">     // This prevents the leaks tool from reporting false positive leaks for
</span><span class="cx">     // objects pointed to from bmalloc memory -- though it also prevents the
</span><span class="cx">     // leaks tool from finding any leaks in bmalloc memory.
</span><del>-    FixedVector&lt;SuperChunk*, capacity&gt; m_superChunks;
</del><ins>+    FixedVector&lt;LargeChunk*, capacity&gt; m_largeChunks;
</ins><span class="cx"> };
</span><span class="cx"> 
</span><del>-inline void Zone::addSuperChunk(SuperChunk* superChunk)
</del><ins>+inline void Zone::addLargeChunk(LargeChunk* largeChunk)
</ins><span class="cx"> {
</span><del>-    if (m_superChunks.size() == m_superChunks.capacity())
</del><ins>+    if (m_largeChunks.size() == m_largeChunks.capacity())
</ins><span class="cx">         return;
</span><span class="cx">     
</span><del>-    m_superChunks.push(superChunk);
</del><ins>+    m_largeChunks.push(largeChunk);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } // namespace bmalloc
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212Sourcebmallocbmallocxcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc.xcodeproj/project.pbxproj (199444 => 199445)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc.xcodeproj/project.pbxproj        2016-04-13 09:26:28 UTC (rev 199444)
+++ releases/WebKitGTK/webkit-2.12/Source/bmalloc/bmalloc.xcodeproj/project.pbxproj        2016-04-13 09:36:38 UTC (rev 199445)
</span><span class="lines">@@ -17,7 +17,6 @@
</span><span class="cx">                 143CB81D19022BC900B16A45 /* StaticMutex.h in Headers */ = {isa = PBXBuildFile; fileRef = 143CB81B19022BC900B16A45 /* StaticMutex.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx">                 143EF9AF1A9FABF6004F5C77 /* FreeList.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 143EF9AD1A9FABF6004F5C77 /* FreeList.cpp */; };
</span><span class="cx">                 143EF9B01A9FABF6004F5C77 /* FreeList.h in Headers */ = {isa = PBXBuildFile; fileRef = 143EF9AE1A9FABF6004F5C77 /* FreeList.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><del>-                1440AFC91A95142400837FAA /* SuperChunk.h in Headers */ = {isa = PBXBuildFile; fileRef = 1440AFC81A95142400837FAA /* SuperChunk.h */; settings = {ATTRIBUTES = (Private, ); }; };
</del><span class="cx">                 1440AFCB1A95261100837FAA /* Zone.h in Headers */ = {isa = PBXBuildFile; fileRef = 1440AFCA1A95261100837FAA /* Zone.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx">                 1440AFCD1A9527AF00837FAA /* Zone.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1440AFCC1A9527AF00837FAA /* Zone.cpp */; };
</span><span class="cx">                 1448C30018F3754600502839 /* mbmalloc.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1448C2FF18F3754300502839 /* mbmalloc.cpp */; };
</span><span class="lines">@@ -42,7 +41,6 @@
</span><span class="cx">                 14DD789918F48D4A00950702 /* Cache.h in Headers */ = {isa = PBXBuildFile; fileRef = 144469E517A46BFE00F9EA1D /* Cache.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx">                 14DD789A18F48D4A00950702 /* Deallocator.h in Headers */ = {isa = PBXBuildFile; fileRef = 145F685A179DC90200D65598 /* Deallocator.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx">                 14DD789C18F48D4A00950702 /* BumpAllocator.h in Headers */ = {isa = PBXBuildFile; fileRef = 1413E462189DE1CD00546D68 /* BumpAllocator.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><del>-                14DD78BB18F48D6B00950702 /* SmallChunk.h in Headers */ = {isa = PBXBuildFile; fileRef = 147AAA8C18CD36A7002201E4 /* SmallChunk.h */; settings = {ATTRIBUTES = (Private, ); }; };
</del><span class="cx">                 14DD78BC18F48D6B00950702 /* SmallLine.h in Headers */ = {isa = PBXBuildFile; fileRef = 1452478618BC757C00F80098 /* SmallLine.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx">                 14DD78BD18F48D6B00950702 /* SmallPage.h in Headers */ = {isa = PBXBuildFile; fileRef = 143E29ED18CAE90500FE8A0F /* SmallPage.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx">                 14DD78C518F48D7500950702 /* Algorithm.h in Headers */ = {isa = PBXBuildFile; fileRef = 1421A87718EE462A00B4DD68 /* Algorithm.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="lines">@@ -95,7 +93,6 @@
</span><span class="cx">                 143E29ED18CAE90500FE8A0F /* SmallPage.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SmallPage.h; path = bmalloc/SmallPage.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="cx">                 143EF9AD1A9FABF6004F5C77 /* FreeList.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FreeList.cpp; path = bmalloc/FreeList.cpp; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="cx">                 143EF9AE1A9FABF6004F5C77 /* FreeList.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FreeList.h; path = bmalloc/FreeList.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><del>-                1440AFC81A95142400837FAA /* SuperChunk.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SuperChunk.h; path = bmalloc/SuperChunk.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</del><span class="cx">                 1440AFCA1A95261100837FAA /* Zone.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = Zone.h; path = bmalloc/Zone.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="cx">                 1440AFCC1A9527AF00837FAA /* Zone.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = Zone.cpp; path = bmalloc/Zone.cpp; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="cx">                 144469E417A46BFE00F9EA1D /* Cache.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; lineEnding = 0; name = Cache.cpp; path = bmalloc/Cache.cpp; sourceTree = &quot;&lt;group&gt;&quot;; xcLanguageSpecificationIdentifier = xcode.lang.cpp; };
</span><span class="lines">@@ -123,7 +120,6 @@
</span><span class="cx">                 1479E21217A1A255006D4E9D /* Vector.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; name = Vector.h; path = bmalloc/Vector.h; sourceTree = &quot;&lt;group&gt;&quot;; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; };
</span><span class="cx">                 1479E21417A1A63E006D4E9D /* VMAllocate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; lineEnding = 0; name = VMAllocate.h; path = bmalloc/VMAllocate.h; sourceTree = &quot;&lt;group&gt;&quot;; xcLanguageSpecificationIdentifier = xcode.lang.objcpp; };
</span><span class="cx">                 147AAA8818CD17CE002201E4 /* LargeChunk.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = LargeChunk.h; path = bmalloc/LargeChunk.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><del>-                147AAA8C18CD36A7002201E4 /* SmallChunk.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SmallChunk.h; path = bmalloc/SmallChunk.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</del><span class="cx">                 1485655E18A43AF900ED6942 /* BoundaryTag.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = BoundaryTag.h; path = bmalloc/BoundaryTag.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="cx">                 1485656018A43DBA00ED6942 /* ObjectType.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ObjectType.h; path = bmalloc/ObjectType.h; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="cx">                 14895D8F1A3A319C0006235D /* Environment.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = Environment.cpp; path = bmalloc/Environment.cpp; sourceTree = &quot;&lt;group&gt;&quot;; };
</span><span class="lines">@@ -208,7 +204,6 @@
</span><span class="cx">                 147AAA9A18CE5FD3002201E4 /* heap: small */ = {
</span><span class="cx">                         isa = PBXGroup;
</span><span class="cx">                         children = (
</span><del>-                                147AAA8C18CD36A7002201E4 /* SmallChunk.h */,
</del><span class="cx">                                 1452478618BC757C00F80098 /* SmallLine.h */,
</span><span class="cx">                                 143E29ED18CAE90500FE8A0F /* SmallPage.h */,
</span><span class="cx">                         );
</span><span class="lines">@@ -270,7 +265,6 @@
</span><span class="cx">                                 14105E8318E14374003A106E /* ObjectType.cpp */,
</span><span class="cx">                                 1485656018A43DBA00ED6942 /* ObjectType.h */,
</span><span class="cx">                                 145F6874179DF84100D65598 /* Sizes.h */,
</span><del>-                                1440AFC81A95142400837FAA /* SuperChunk.h */,
</del><span class="cx">                                 144F7BFB18BFC517003537F3 /* VMHeap.cpp */,
</span><span class="cx">                                 144F7BFC18BFC517003537F3 /* VMHeap.h */,
</span><span class="cx">                                 1440AFCA1A95261100837FAA /* Zone.h */,
</span><span class="lines">@@ -339,11 +333,9 @@
</span><span class="cx">                                 14DD78C718F48D7500950702 /* BAssert.h in Headers */,
</span><span class="cx">                                 14DD78D018F48D7500950702 /* VMAllocate.h in Headers */,
</span><span class="cx">                                 14EB79EA1C7C1BC4005E834F /* XLargeRange.h in Headers */,
</span><del>-                                1440AFC91A95142400837FAA /* SuperChunk.h in Headers */,
</del><span class="cx">                                 143EF9B01A9FABF6004F5C77 /* FreeList.h in Headers */,
</span><span class="cx">                                 14DD78CE18F48D7500950702 /* Syscall.h in Headers */,
</span><span class="cx">                                 14DD78C618F48D7500950702 /* AsyncTask.h in Headers */,
</span><del>-                                14DD78BB18F48D6B00950702 /* SmallChunk.h in Headers */,
</del><span class="cx">                                 14DD78C918F48D7500950702 /* Inline.h in Headers */,
</span><span class="cx">                                 14895D921A3A319C0006235D /* Environment.h in Headers */,
</span><span class="cx">                                 1400274A18F89C2300115C97 /* VMHeap.h in Headers */,
</span></span></pre>
</div>
</div>

</body>
</html>