<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[205717] releases/WebKitGTK/webkit-2.14</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/205717">205717</a></dd>
<dt>Author</dt> <dd>carlosgc@webkit.org</dd>
<dt>Date</dt> <dd>2016-09-09 01:55:20 -0700 (Fri, 09 Sep 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/205462">r205462</a> - Butterflies should be allocated in Auxiliary MarkedSpace instead of CopiedSpace and we should rewrite as much of the GC as needed to make this not a regression
https://bugs.webkit.org/show_bug.cgi?id=160125
Reviewed by Geoffrey Garen and Keith Miller.
JSTests:
Most of the things I did properly covered by existing tests, but I found some simple cases of
unshifting that had sketchy coverage.
* stress/array-storage-array-unshift.js: Added.
* stress/contiguous-array-unshift.js: Added.
* stress/double-array-unshift.js: Added.
* stress/int32-array-unshift.js: Added.
Source/bmalloc:
I needed to tryMemalign, so I added such a thing.
* bmalloc/Allocator.cpp:
(bmalloc::Allocator::allocate):
(bmalloc::Allocator::tryAllocate):
(bmalloc::Allocator::allocateImpl):
* bmalloc/Allocator.h:
* bmalloc/Cache.h:
(bmalloc::Cache::tryAllocate):
* bmalloc/bmalloc.h:
(bmalloc::api::tryMemalign):
Source/JavaScriptCore:
In order to make the GC concurrent (bug 149432), we would either need to enable concurrent
copying or we would need to not copy. Concurrent copying carries a 1-2% throughput overhead
from the barriers alone. Considering that MarkedSpace does a decent job of avoiding
fragmentation, it's unlikely that it's worth paying 1-2% throughput for copying. So, we want
to get rid of copied space. This change moves copied space's biggest client over to marked
space.
Moving butterflies to marked space means having them use the new Auxiliary HeapCell
allocation path. This is a fairly mechanical change, but it caused performance regressions
everywhere, so this change also fixes MarkedSpace's performance issues.
At a high level the mechanical changes are:
- We use AuxiliaryBarrier instead of CopyBarrier.
- We use tryAllocateAuxiliary instead of tryAllocateStorage. I got rid of the silly
CheckedBoolean stuff, since it's so much more trouble than it's worth.
- The JITs have to emit inlined marked space allocations instead of inline copy space
allocations.
- Everyone has to get used to zeroing their butterflies after allocation instead of relying
on them being pre-zeroed by the GC. Copied space would zero things for you, while marked
space doesn't.
That's about 1/3 of this change. But this led to performance problems, which I fixed with
optimizations that amounted to a major MarkedSpace rewrite:
- MarkedSpace always causes internal fragmentation for array allocations because the vector
length we choose when we resize usually leads to a cell size that doesn't correspond to any
size class. I got around this by making array allocations usually round up vectorLength to
the maximum allowed by the size class that we would have allocated in. Also,
ensureLengthSlow() and friends first make sure that the requested length can't just be
fulfilled with the current allocation size. This safeguard means that not every array
allocation has to do size class queries. For example, the fast path of new Array(length)
never does any size class queries, under the assumption that (1) the speed gained from
avoiding an ensureLengthSlow() call, which then just changes the vectorLength by doing the
size class query, is too small to offset the speed lost by doing the query on every
allocation and (2) new Array(length) is a pretty good hint that resizing is not very
likely.
- Size classes in MarkedSpace were way too precise, which led to external fragmentation. This
changes MarkedSpace size classes to use a linear progression for very small sizes followed
by a geometric progression that naturally transitions to a hyperbolic progression. We want
hyperbolic sizes when we get close to blockSize: for example the largest size we want is
payloadSize / 2 rounded down, to ensure we get exactly two cells with minimal slop. The
next size down should be payloadSize / 3 rounded down, and so on. After the last precise
size (80 bytes), we proceed using a geometric progression, but round up each size to
minimize slop at the end of the block. This naturally causes the geometric progression to
turn hyperbolic for large sizes. The size class configuration happens at VM start-up, so
it can be controlled with runtime options. I found that a base of 1.4 works pretty well.
- Large allocations caused massive internal fragmentation, since the smallest large
allocation had to use exactly blockSize, and the largest small allocation used
blockSize / 2. The next size up - the first large allocation size to require two blocks -
also had 50% internal fragmentation. This is because we required large allocations to be
blockSize aligned, so that MarkedBlock::blockFor() would work. I decided to rewrite all of
that. Cells no longer have to be owned by a MarkedBlock. They can now alternatively be
owned by a LargeAllocation. These two things are abstracted as CellContainer. You know that
a cell is owned by a LargeAllocation if the MarkedBlock::atomSize / 2 bit is set.
Basically, large allocations are deliberately misaligned by 8 bytes. This actually works
out great since (1) typed arrays won't use large allocations anyway since they have their
own malloc fallback and (2) large array butterflies already have a 8 byte header, which
means that the 8 byte base misalignment aligns the large array payload on a 16 byte
boundary. I took extreme care to make sure that the isLargeAllocation bit checks are as
rare as possible; for example, ExecState::vm() skips the check because we know that callees
must be small allocations. It's also possible to use template tricks to do one check for
cell container kind, and then invoke a function specialized for MarkedBlock or a function
specialized for LargeAllocation. LargeAllocation includes stubs for all MarkedBlock methods
that get used from functions that are template-specialized like this. That's mostly to
speed up the GC marking code. Most other code can use CellContainer API or HeapCell API
directly. That's another thing: HeapCell, the common base of JSCell and auxiliary
allocations, is now smart enough to do a lot of things for you, like HeapCell::vm(),
HeapCell::heap(), HeapCell::isLargeAllocation(), and HeapCell::cellContainer(). The size
cutoff for large allocations is runtime-configurable, so long as you don't choose something
so small that callees end up large. I found that 400 bytes is roughly optimal. This means
that the MarkedBlock size classes end up being:
16, 32, 48, 64, 80, 112, 160, 224, 320
The next size class would have been 432, but that's above the 400 byte cutoff. All of this
is configurable with --sizeClassProgression and --largeAllocationCutoff. You can see what
size classes you end up with by doing --dumpSizeClasses=true.
- Copied space uses 64KB blocks, while marked space used to use 16KB blocks. Allocating a lot
of stuff in 16KB blocks was slower than allocating it in 64KB blocks because the GC had a
lot of per-block overhead. I removed this overhead: It's now 2x faster to scan all
MarkedBlocks because the list that contains the interesting meta-data is allocated on the
side, for better locality during a sequential walk. It's no longer necessary to scan
MarkedBlocks to find WeakSets, since the sets of WeakSets for eden scan and full scan are
maintained on-the-fly. It's no longer necessary to scan all MarkedBlocks to clear mark
bits because we now use versioned mark bits: to clear then, just increment the 64-bit
heap version. It's no longer necessary to scan retired MarkedBlocks while allocating
because marking retires them on-the-fly. It's no longer necessary to sort all blocks in
the IncrementalSweeper's snapshot because blocks now know if they are in the snapshot. Put
together, these optimizations allowed me to reduce block size to 16KB without losing much
performance. There is some small perf loss on JetStream/splay, but not enough to hurt
JetStream overall. I tried reducing block sizes further, to 4KB, since that is a
progression on membuster. That's not possible yet, since there is still enough per-block
overhead yet that such a reduction hurts JetStream too much. I filed a bug about improving
this further: https://bugs.webkit.org/show_bug.cgi?id=161581.
- Even after all of that, copying butterflies was still faster because it allowed us to skip
sweeping dead space. A good GC allocates over dead bytes without explicitly freeing them,
so the GC pause is O(size of live), not O(size of live + dead). O(dead) is usually much
larger than O(live), especially in an eden collection. Copying satisfies this premise while
mark+sweep does not. So, I invented a new kind of allocator: bump'n'pop. Previously, our
MarkedSpace allocator was a freelist pop. That's simple and easy to inline but requires
that we walk the block to build a free list. This means walking dead space. The new
allocator allows totally free MarkedBlocks to simply set up a bump-pointer arena instead.
The allocator is a hybrid of bump-pointer and freelist pop. It tries bump first. The bump
pointer always bumps by cellSize, so the result of filling a block with bumping looks as if
we had used freelist popping to fill it. Additionally, each MarkedBlock now has a bit to
quickly tell if the block is entirely free. This makes sweeping O(1) whenever a MarkedBlock
is completely empty, which is the common case because of the generational hypothesis: the
number of objects that survive an eden collection is a tiny fraction of the number of
objects that had been allocated, and this fraction is so small that there are typically
fewer than one survivors per MarkedBlock. This change was enough to make this change a net
win over tip-of-tree.
- FTL now shares the same allocation fast paths as everything else, which is great, because
bump'n'pop has gnarly control flow. We don't really want B3 to have to think about that
control flow, since it won't be able to improve the machine code we write ourselves. GC
fast paths are best written in assembly. So, I've empowered B3 to have even better support
for Patchpoint terminals. It's now totally fine for a Patchpoint terminal to be non-Void.
So, the new FTL allocation fast paths are just Patchpoint terminals that call through to
AssemblyHelpers::emitAllocate(). B3 still reasons about things like constant-folding the
size class calculation and constant-hoisting the allocator. Also, I gave the FTL the
ability to constant-fold some allocator logic (in case we first assume that we're doing a
variable-length allocation but then realize that the length is known). I think it makes
sense to have constant folding rules in FTL::Output, or whatever the B3 IR builder is,
since this makes lowering easier (you can constant fold during lowering more easily) and it
reduces the amount of malloc traffic. In the future, we could teach B3 how to better
constant-fold this code. That would require allowing loads to be constant-folded, which is
doable but hella tricky.
- It used to be that if a logical object allocation required two physical allocations (first
the butterfly and then the cell), then the JIT would emit the code in such a way that a
failure in the second fast path would cause us to forget the successful first physical
allocation. This was pointlessly wasteful. It turns out that it's very cheap to devote a
register to storing either the butterfly or null, because the butterfly register is anyway
going to be free inside the first allocation. The only overhead here is zeroing the
butterfly register. With that in place, we can just pass the butterfly-or-null to the slow
path, which can then either allocate a butterfly or not. So now we never waste a successful
allocation. This patch implements such a solution both in DFG (where it's easy to do this
since we control registers already) and in FTL (where it's annoying, because mutable
"butterfly-or-null" variables are hard to say in SSA; also I realized that we had code
duplicated the JSArray allocation utility, so I deduplicated it). This came up because in
one version of this patch, this wastage would resonate with some Kraken benchmark: the
benchmark would always allocate N small things followed by one bigger thing. The problem
was I accidentally adjusted the various fixed overheads in MarkedBlock in such a way that
the JSObject size class, which both the small and big thing shared for their cell, could
hold exactly N cells per MarkedBlock. Then the benchmark would always call slow path when
it allocated the big thing. So, it would end up having to allocate the big thing's large
butterfly twice, every single time! Ouch!
- It used to be that we zeroed CopiedBlocks using memset, and so array allocations enjoyed
amortization of the cost of zeroing. This doesn't work anymore - it's now up to the client
of the allocator to initialize the object to whatever state they need. It used to be that
we would just use a dumb loop. I initially changed this so that we would end up in memset
for large allocations, but this didn't actually help performance that much. I got a much
better result by playing with different memsets written in assembly. First I wrote one
using non-temporal stores. That was a small speed-up over memset. Then I tried the classic
"rep stos" approach, and holy cow that version was fast. It's a ~20% speed-up on array
allocation microbenchmarks. So, this patch adds code paths to do "rep stos" on x86_64, or
memset, or use a loop, as appropriate, for both "contiguous" arrays (holes are zero) and
double arrays (holes are PNaN). Note that the JIT always emits either a loop or a flat slab
of stores (if the size is known), but those paths in the JIT won't trigger for
NewArrayWithSize() if the size is large, since that takes us to the
operationNewArrayWithSize() slow path, which calls into JSArray::create(). That's why the
optimizations here are all in JSArray::create() - that's the hot place for large arrays
that need to be filled with holes.
All of this put together gives us neutral perf on JetStream, membuster, and PLT3, a ~1%
regression on Speedometer, and up to a 4% regression Kraken. The Kraken regression is
because Kraken was allocating exactly 1024 element arrays at a rate of 400MB/sec. This is a
best-case scenario for bump allocation. I think that we should fix bmalloc to make up the
difference, but take the hit for now because it's a crazy corner case. By comparison, the
alternative approach of using a copy barrier would have cost us 1-2%. That's the real
apples-to-apples comparison if your premise is that we should have a concurrent GC. After we
finish removing copied space, we will be barrier-ready for concurrent GC: we already have a
marking barrier and we simply won't need a copying barrier. This change gets us there for
the purposes of our benchmarks, since the remaining clients of copied space are not very
important. On the other hand, if we keep copying, then getting barrier-ready would mean
adding back the copy barrier, which costs more perf.
We might get bigger speed-ups once we remove CopiedSpace altogether. That requires moving
typed arrays and a few other weird things over to Aux MarkedSpace.
This also includes some header sanitization. The introduction of AuxiliaryBarrier, HeapCell,
and CellContainer meant that I had to include those files from everywhere. Fortunately,
just including JSCInlines.h (instead of manually including the files that includes) is
usually enough. So, I made most of JSC's cpp files include JSCInlines.h, which is something
that we were already basically doing. In places where JSCInlines.h would be too much, I just
included HeapInlines.h. This got weird, because we previously included HeapInlines.h from
JSObject.h. That's bad because it led to some circular dependencies, so I fixed it - but that
meant having to manually include HeapInlines.h from the places that previously got it
implicitly via JSObject.h. But that led to more problems for some reason: I started getting
build errors because non-JSC files were having trouble including Opcode.h. That's just silly,
since Opcode.h is meant to be an internal JSC header. So, I made it an internal header and
made it impossible to include it from outside JSC. This was a lot of work, but it was
necessary to get the patch to build on all ports. It's also a net win. There were many places
in WebCore that were transitively including a *ton* of JSC headers just because of the
JSObject.h->HeapInlines.h edge and a bunch of dependency edges that arose from some public
(for WebCore) JSC headers needing Interpreter.h or Opcode.h for bad reasons.
* API/JSManagedValue.mm:
(-[JSManagedValue initWithValue:]):
* API/JSTypedArray.cpp:
* API/ObjCCallbackFunction.mm:
* API/tests/testapi.mm:
(testObjectiveCAPI):
(testWeakValue): Deleted.
* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Scripts/builtins/builtins_generate_combined_implementation.py:
(BuiltinsCombinedImplementationGenerator.generate_secondary_header_includes):
* Scripts/builtins/builtins_generate_internals_wrapper_implementation.py:
(BuiltinsInternalsWrapperImplementationGenerator.generate_secondary_header_includes):
* Scripts/builtins/builtins_generate_separate_implementation.py:
(BuiltinsSeparateImplementationGenerator.generate_secondary_header_includes):
* assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::JumpList::link):
(JSC::AbstractMacroAssembler::JumpList::linkTo):
* assembler/MacroAssembler.h:
* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::add32):
* assembler/MacroAssemblerCodeRef.cpp: Added.
(JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
(JSC::MacroAssemblerCodePtr::dumpWithName):
(JSC::MacroAssemblerCodePtr::dump):
(JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
(JSC::MacroAssemblerCodeRef::dump):
* assembler/MacroAssemblerCodeRef.h:
(JSC::MacroAssemblerCodePtr::createLLIntCodePtr): Deleted.
(JSC::MacroAssemblerCodePtr::dumpWithName): Deleted.
(JSC::MacroAssemblerCodePtr::dump): Deleted.
(JSC::MacroAssemblerCodeRef::createLLIntCodeRef): Deleted.
(JSC::MacroAssemblerCodeRef::dump): Deleted.
* b3/B3BasicBlock.cpp:
(JSC::B3::BasicBlock::appendBoolConstant):
* b3/B3BasicBlock.h:
* b3/B3DuplicateTails.cpp:
* b3/B3StackmapGenerationParams.h:
* b3/testb3.cpp:
(JSC::B3::testPatchpointTerminalReturnValue):
(JSC::B3::run):
* bindings/ScriptValue.cpp:
* bytecode/AdaptiveInferredPropertyValueWatchpointBase.cpp:
* bytecode/BytecodeBasicBlock.cpp:
* bytecode/BytecodeLivenessAnalysis.cpp:
* bytecode/BytecodeUseDef.h:
* bytecode/CallLinkInfo.cpp:
(JSC::CallLinkInfo::callTypeFor):
* bytecode/CallLinkInfo.h:
(JSC::CallLinkInfo::callTypeFor): Deleted.
* bytecode/CallLinkStatus.cpp:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::clearLLIntGetByIdCache):
(JSC::CodeBlock::predictedMachineCodeSize):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::jitCodeMap): Deleted.
(JSC::clearLLIntGetByIdCache): Deleted.
* bytecode/ExecutionCounter.h:
* bytecode/Instruction.h:
* bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
(JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
* bytecode/ObjectAllocationProfile.h:
(JSC::ObjectAllocationProfile::isNull):
(JSC::ObjectAllocationProfile::initialize):
* bytecode/Opcode.h:
(JSC::padOpcodeName):
* bytecode/PolymorphicAccess.cpp:
(JSC::AccessCase::generateImpl):
(JSC::PolymorphicAccess::regenerate):
* bytecode/PolymorphicAccess.h:
* bytecode/PreciseJumpTargets.cpp:
* bytecode/StructureStubInfo.cpp:
* bytecode/StructureStubInfo.h:
* bytecode/UnlinkedCodeBlock.cpp:
(JSC::UnlinkedCodeBlock::vm): Deleted.
* bytecode/UnlinkedCodeBlock.h:
* bytecode/UnlinkedInstructionStream.cpp:
* bytecode/UnlinkedInstructionStream.h:
* dfg/DFGOperations.cpp:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::emitAllocateRawObject):
(JSC::DFG::SpeculativeJIT::compileMakeRope):
(JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
(JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::emitAllocateJSCell):
(JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileAllocateNewArrayWithSize):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileAllocateNewArrayWithSize):
* dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
* ftl/FTLAbstractHeapRepository.h:
* ftl/FTLCompile.cpp:
* ftl/FTLJITFinalizer.cpp:
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCreateDirectArguments):
(JSC::FTL::DFG::LowerDFGToB3::compileCreateRest):
(JSC::FTL::DFG::LowerDFGToB3::allocateArrayWithSize):
(JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSize):
(JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
(JSC::FTL::DFG::LowerDFGToB3::initializeArrayElements):
(JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorageWithSizeImpl):
(JSC::FTL::DFG::LowerDFGToB3::allocateHeapCell):
(JSC::FTL::DFG::LowerDFGToB3::allocateCell):
(JSC::FTL::DFG::LowerDFGToB3::allocateObject):
(JSC::FTL::DFG::LowerDFGToB3::allocatorForSize):
(JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedObject):
(JSC::FTL::DFG::LowerDFGToB3::allocateJSArray):
(JSC::FTL::DFG::LowerDFGToB3::compileAllocateArrayWithSize): Deleted.
* ftl/FTLOutput.cpp:
(JSC::FTL::Output::constBool):
(JSC::FTL::Output::add):
(JSC::FTL::Output::shl):
(JSC::FTL::Output::aShr):
(JSC::FTL::Output::lShr):
(JSC::FTL::Output::zeroExt):
(JSC::FTL::Output::equal):
(JSC::FTL::Output::notEqual):
(JSC::FTL::Output::above):
(JSC::FTL::Output::aboveOrEqual):
(JSC::FTL::Output::below):
(JSC::FTL::Output::belowOrEqual):
(JSC::FTL::Output::greaterThan):
(JSC::FTL::Output::greaterThanOrEqual):
(JSC::FTL::Output::lessThan):
(JSC::FTL::Output::lessThanOrEqual):
(JSC::FTL::Output::select):
(JSC::FTL::Output::appendSuccessor):
(JSC::FTL::Output::addIncomingToPhi):
* ftl/FTLOutput.h:
* ftl/FTLValueFromBlock.h:
(JSC::FTL::ValueFromBlock::operator bool):
(JSC::FTL::ValueFromBlock::ValueFromBlock): Deleted.
* ftl/FTLWeightedTarget.h:
(JSC::FTL::WeightedTarget::frequentedBlock):
* heap/CellContainer.h: Added.
(JSC::CellContainer::CellContainer):
(JSC::CellContainer::operator bool):
(JSC::CellContainer::isMarkedBlock):
(JSC::CellContainer::isLargeAllocation):
(JSC::CellContainer::markedBlock):
(JSC::CellContainer::largeAllocation):
* heap/CellContainerInlines.h: Added.
(JSC::CellContainer::isMarked):
(JSC::CellContainer::isMarkedOrNewlyAllocated):
(JSC::CellContainer::noteMarked):
(JSC::CellContainer::cellSize):
(JSC::CellContainer::weakSet):
(JSC::CellContainer::flipIfNecessary):
* heap/ConservativeRoots.cpp:
(JSC::ConservativeRoots::ConservativeRoots):
(JSC::ConservativeRoots::~ConservativeRoots):
(JSC::ConservativeRoots::grow):
(JSC::ConservativeRoots::genericAddPointer):
(JSC::ConservativeRoots::genericAddSpan):
* heap/ConservativeRoots.h:
(JSC::ConservativeRoots::roots):
* heap/CopyToken.h:
* heap/FreeList.cpp: Added.
(JSC::FreeList::dump):
* heap/FreeList.h: Added.
(JSC::FreeList::FreeList):
(JSC::FreeList::list):
(JSC::FreeList::bump):
(JSC::FreeList::operator==):
(JSC::FreeList::operator!=):
(JSC::FreeList::operator bool):
(JSC::FreeList::allocationWillFail):
(JSC::FreeList::allocationWillSucceed):
* heap/GCTypeMap.h: Added.
(JSC::GCTypeMap::operator[]):
* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::lastChanceToFinalize):
(JSC::Heap::finalizeUnconditionalFinalizers):
(JSC::Heap::markRoots):
(JSC::Heap::copyBackingStores):
(JSC::Heap::gatherStackRoots):
(JSC::Heap::gatherJSStackRoots):
(JSC::Heap::gatherScratchBufferRoots):
(JSC::Heap::clearLivenessData):
(JSC::Heap::visitSmallStrings):
(JSC::Heap::visitConservativeRoots):
(JSC::Heap::removeDeadCompilerWorklistEntries):
(JSC::Heap::gatherExtraHeapSnapshotData):
(JSC::Heap::removeDeadHeapSnapshotNodes):
(JSC::Heap::visitProtectedObjects):
(JSC::Heap::visitArgumentBuffers):
(JSC::Heap::visitException):
(JSC::Heap::visitStrongHandles):
(JSC::Heap::visitHandleStack):
(JSC::Heap::visitSamplingProfiler):
(JSC::Heap::traceCodeBlocksAndJITStubRoutines):
(JSC::Heap::converge):
(JSC::Heap::visitWeakHandles):
(JSC::Heap::updateObjectCounts):
(JSC::Heap::clearUnmarkedExecutables):
(JSC::Heap::deleteUnmarkedCompiledCode):
(JSC::Heap::collectAllGarbage):
(JSC::Heap::collect):
(JSC::Heap::collectWithoutAnySweep):
(JSC::Heap::collectImpl):
(JSC::Heap::suspendCompilerThreads):
(JSC::Heap::willStartCollection):
(JSC::Heap::flushOldStructureIDTables):
(JSC::Heap::flushWriteBarrierBuffer):
(JSC::Heap::stopAllocation):
(JSC::Heap::prepareForMarking):
(JSC::Heap::reapWeakHandles):
(JSC::Heap::pruneStaleEntriesFromWeakGCMaps):
(JSC::Heap::sweepArrayBuffers):
(JSC::MarkedBlockSnapshotFunctor::MarkedBlockSnapshotFunctor):
(JSC::MarkedBlockSnapshotFunctor::operator()):
(JSC::Heap::snapshotMarkedSpace):
(JSC::Heap::deleteSourceProviderCaches):
(JSC::Heap::notifyIncrementalSweeper):
(JSC::Heap::writeBarrierCurrentlyExecutingCodeBlocks):
(JSC::Heap::resetAllocators):
(JSC::Heap::updateAllocationLimits):
(JSC::Heap::didFinishCollection):
(JSC::Heap::resumeCompilerThreads):
(JSC::Zombify::visit):
(JSC::Heap::forEachCodeBlockImpl):
* heap/Heap.h:
(JSC::Heap::allocatorForObjectWithoutDestructor):
(JSC::Heap::allocatorForObjectWithDestructor):
(JSC::Heap::allocatorForAuxiliaryData):
(JSC::Heap::jitStubRoutines):
(JSC::Heap::codeBlockSet):
(JSC::Heap::storageAllocator): Deleted.
* heap/HeapCell.h:
(JSC::HeapCell::isZapped): Deleted.
* heap/HeapCellInlines.h: Added.
(JSC::HeapCell::isLargeAllocation):
(JSC::HeapCell::cellContainer):
(JSC::HeapCell::markedBlock):
(JSC::HeapCell::largeAllocation):
(JSC::HeapCell::heap):
(JSC::HeapCell::vm):
(JSC::HeapCell::cellSize):
(JSC::HeapCell::allocatorAttributes):
(JSC::HeapCell::destructionMode):
(JSC::HeapCell::cellKind):
* heap/HeapInlines.h:
(JSC::Heap::heap):
(JSC::Heap::isLive):
(JSC::Heap::isMarked):
(JSC::Heap::testAndSetMarked):
(JSC::Heap::setMarked):
(JSC::Heap::cellSize):
(JSC::Heap::forEachCodeBlock):
(JSC::Heap::allocateObjectOfType):
(JSC::Heap::subspaceForObjectOfType):
(JSC::Heap::allocatorForObjectOfType):
(JSC::Heap::allocateAuxiliary):
(JSC::Heap::tryAllocateAuxiliary):
(JSC::Heap::tryReallocateAuxiliary):
(JSC::Heap::isPointerGCObject): Deleted.
(JSC::Heap::isValueGCObject): Deleted.
* heap/HeapOperation.cpp: Added.
(WTF::printInternal):
* heap/HeapOperation.h:
* heap/HeapUtil.h: Added.
(JSC::HeapUtil::findGCObjectPointersForMarking):
(JSC::HeapUtil::isPointerGCObjectJSCell):
(JSC::HeapUtil::isValueGCObject):
* heap/IncrementalSweeper.cpp:
(JSC::IncrementalSweeper::sweepNextBlock):
* heap/IncrementalSweeper.h:
* heap/LargeAllocation.cpp: Added.
(JSC::LargeAllocation::tryCreate):
(JSC::LargeAllocation::LargeAllocation):
(JSC::LargeAllocation::lastChanceToFinalize):
(JSC::LargeAllocation::shrink):
(JSC::LargeAllocation::visitWeakSet):
(JSC::LargeAllocation::reapWeakSet):
(JSC::LargeAllocation::flip):
(JSC::LargeAllocation::isEmpty):
(JSC::LargeAllocation::sweep):
(JSC::LargeAllocation::destroy):
(JSC::LargeAllocation::dump):
* heap/LargeAllocation.h: Added.
(JSC::LargeAllocation::fromCell):
(JSC::LargeAllocation::cell):
(JSC::LargeAllocation::isLargeAllocation):
(JSC::LargeAllocation::heap):
(JSC::LargeAllocation::vm):
(JSC::LargeAllocation::weakSet):
(JSC::LargeAllocation::clearNewlyAllocated):
(JSC::LargeAllocation::isNewlyAllocated):
(JSC::LargeAllocation::isMarked):
(JSC::LargeAllocation::isMarkedOrNewlyAllocated):
(JSC::LargeAllocation::isLive):
(JSC::LargeAllocation::hasValidCell):
(JSC::LargeAllocation::cellSize):
(JSC::LargeAllocation::aboveLowerBound):
(JSC::LargeAllocation::belowUpperBound):
(JSC::LargeAllocation::contains):
(JSC::LargeAllocation::attributes):
(JSC::LargeAllocation::flipIfNecessary):
(JSC::LargeAllocation::flipIfNecessaryConcurrently):
(JSC::LargeAllocation::testAndSetMarked):
(JSC::LargeAllocation::setMarked):
(JSC::LargeAllocation::clearMarked):
(JSC::LargeAllocation::noteMarked):
(JSC::LargeAllocation::headerSize):
* heap/MarkedAllocator.cpp:
(JSC::MarkedAllocator::MarkedAllocator):
(JSC::MarkedAllocator::isPagedOut):
(JSC::MarkedAllocator::retire):
(JSC::MarkedAllocator::filterNextBlock):
(JSC::MarkedAllocator::setNextBlockToSweep):
(JSC::MarkedAllocator::tryAllocateWithoutCollectingImpl):
(JSC::MarkedAllocator::tryAllocateWithoutCollecting):
(JSC::MarkedAllocator::allocateSlowCase):
(JSC::MarkedAllocator::tryAllocateSlowCase):
(JSC::MarkedAllocator::allocateSlowCaseImpl):
(JSC::blockHeaderSize):
(JSC::MarkedAllocator::blockSizeForBytes):
(JSC::MarkedAllocator::tryAllocateBlock):
(JSC::MarkedAllocator::addBlock):
(JSC::MarkedAllocator::removeBlock):
(JSC::MarkedAllocator::stopAllocating):
(JSC::MarkedAllocator::reset):
(JSC::MarkedAllocator::lastChanceToFinalize):
(JSC::MarkedAllocator::setFreeList):
(JSC::isListPagedOut): Deleted.
(JSC::MarkedAllocator::tryAllocateHelper): Deleted.
(JSC::MarkedAllocator::tryPopFreeList): Deleted.
(JSC::MarkedAllocator::tryAllocate): Deleted.
(JSC::MarkedAllocator::allocateBlock): Deleted.
* heap/MarkedAllocator.h:
(JSC::MarkedAllocator::takeLastActiveBlock):
(JSC::MarkedAllocator::offsetOfFreeList):
(JSC::MarkedAllocator::offsetOfCellSize):
(JSC::MarkedAllocator::tryAllocate):
(JSC::MarkedAllocator::allocate):
(JSC::MarkedAllocator::forEachBlock):
(JSC::MarkedAllocator::offsetOfFreeListHead): Deleted.
(JSC::MarkedAllocator::MarkedAllocator): Deleted.
(JSC::MarkedAllocator::init): Deleted.
(JSC::MarkedAllocator::stopAllocating): Deleted.
* heap/MarkedBlock.cpp:
(JSC::MarkedBlock::tryCreate):
(JSC::MarkedBlock::Handle::Handle):
(JSC::MarkedBlock::Handle::~Handle):
(JSC::MarkedBlock::MarkedBlock):
(JSC::MarkedBlock::Handle::specializedSweep):
(JSC::MarkedBlock::Handle::sweep):
(JSC::MarkedBlock::Handle::sweepHelperSelectScribbleMode):
(JSC::MarkedBlock::Handle::sweepHelperSelectStateAndSweepMode):
(JSC::MarkedBlock::Handle::unsweepWithNoNewlyAllocated):
(JSC::SetNewlyAllocatedFunctor::SetNewlyAllocatedFunctor):
(JSC::SetNewlyAllocatedFunctor::operator()):
(JSC::MarkedBlock::Handle::stopAllocating):
(JSC::MarkedBlock::Handle::lastChanceToFinalize):
(JSC::MarkedBlock::Handle::resumeAllocating):
(JSC::MarkedBlock::Handle::zap):
(JSC::MarkedBlock::Handle::forEachFreeCell):
(JSC::MarkedBlock::flipIfNecessary):
(JSC::MarkedBlock::Handle::flipIfNecessary):
(JSC::MarkedBlock::flipIfNecessarySlow):
(JSC::MarkedBlock::flipIfNecessaryConcurrentlySlow):
(JSC::MarkedBlock::clearMarks):
(JSC::MarkedBlock::assertFlipped):
(JSC::MarkedBlock::needsFlip):
(JSC::MarkedBlock::Handle::needsFlip):
(JSC::MarkedBlock::Handle::willRemoveBlock):
(JSC::MarkedBlock::Handle::didConsumeFreeList):
(JSC::MarkedBlock::markCount):
(JSC::MarkedBlock::Handle::isEmpty):
(JSC::MarkedBlock::clearHasAnyMarked):
(JSC::MarkedBlock::noteMarkedSlow):
(WTF::printInternal):
(JSC::MarkedBlock::create): Deleted.
(JSC::MarkedBlock::destroy): Deleted.
(JSC::MarkedBlock::callDestructor): Deleted.
(JSC::MarkedBlock::specializedSweep): Deleted.
(JSC::MarkedBlock::sweep): Deleted.
(JSC::MarkedBlock::sweepHelper): Deleted.
(JSC::MarkedBlock::stopAllocating): Deleted.
(JSC::MarkedBlock::clearMarksWithCollectionType): Deleted.
(JSC::MarkedBlock::lastChanceToFinalize): Deleted.
(JSC::MarkedBlock::resumeAllocating): Deleted.
(JSC::MarkedBlock::didRetireBlock): Deleted.
* heap/MarkedBlock.h:
(JSC::MarkedBlock::VoidFunctor::returnValue):
(JSC::MarkedBlock::CountFunctor::CountFunctor):
(JSC::MarkedBlock::CountFunctor::count):
(JSC::MarkedBlock::CountFunctor::returnValue):
(JSC::MarkedBlock::Handle::hasAnyNewlyAllocated):
(JSC::MarkedBlock::Handle::isOnBlocksToSweep):
(JSC::MarkedBlock::Handle::setIsOnBlocksToSweep):
(JSC::MarkedBlock::Handle::state):
(JSC::MarkedBlock::needsDestruction):
(JSC::MarkedBlock::handle):
(JSC::MarkedBlock::Handle::block):
(JSC::MarkedBlock::firstAtom):
(JSC::MarkedBlock::atoms):
(JSC::MarkedBlock::isAtomAligned):
(JSC::MarkedBlock::Handle::cellAlign):
(JSC::MarkedBlock::blockFor):
(JSC::MarkedBlock::Handle::allocator):
(JSC::MarkedBlock::Handle::heap):
(JSC::MarkedBlock::Handle::vm):
(JSC::MarkedBlock::vm):
(JSC::MarkedBlock::Handle::weakSet):
(JSC::MarkedBlock::weakSet):
(JSC::MarkedBlock::Handle::shrink):
(JSC::MarkedBlock::Handle::visitWeakSet):
(JSC::MarkedBlock::Handle::reapWeakSet):
(JSC::MarkedBlock::Handle::cellSize):
(JSC::MarkedBlock::cellSize):
(JSC::MarkedBlock::Handle::attributes):
(JSC::MarkedBlock::attributes):
(JSC::MarkedBlock::Handle::needsDestruction):
(JSC::MarkedBlock::Handle::destruction):
(JSC::MarkedBlock::Handle::cellKind):
(JSC::MarkedBlock::Handle::markCount):
(JSC::MarkedBlock::Handle::size):
(JSC::MarkedBlock::atomNumber):
(JSC::MarkedBlock::flipIfNecessary):
(JSC::MarkedBlock::flipIfNecessaryConcurrently):
(JSC::MarkedBlock::Handle::flipIfNecessary):
(JSC::MarkedBlock::Handle::flipIfNecessaryConcurrently):
(JSC::MarkedBlock::Handle::flipForEdenCollection):
(JSC::MarkedBlock::assertFlipped):
(JSC::MarkedBlock::Handle::assertFlipped):
(JSC::MarkedBlock::isMarked):
(JSC::MarkedBlock::testAndSetMarked):
(JSC::MarkedBlock::Handle::isNewlyAllocated):
(JSC::MarkedBlock::Handle::setNewlyAllocated):
(JSC::MarkedBlock::Handle::clearNewlyAllocated):
(JSC::MarkedBlock::Handle::isMarkedOrNewlyAllocated):
(JSC::MarkedBlock::isMarkedOrNewlyAllocated):
(JSC::MarkedBlock::Handle::isLive):
(JSC::MarkedBlock::isAtom):
(JSC::MarkedBlock::Handle::isLiveCell):
(JSC::MarkedBlock::Handle::forEachCell):
(JSC::MarkedBlock::Handle::forEachLiveCell):
(JSC::MarkedBlock::Handle::forEachDeadCell):
(JSC::MarkedBlock::Handle::needsSweeping):
(JSC::MarkedBlock::Handle::isAllocated):
(JSC::MarkedBlock::Handle::isMarked):
(JSC::MarkedBlock::Handle::isFreeListed):
(JSC::MarkedBlock::hasAnyMarked):
(JSC::MarkedBlock::noteMarked):
(WTF::MarkedBlockHash::hash):
(JSC::MarkedBlock::FreeList::FreeList): Deleted.
(JSC::MarkedBlock::allocator): Deleted.
(JSC::MarkedBlock::heap): Deleted.
(JSC::MarkedBlock::shrink): Deleted.
(JSC::MarkedBlock::visitWeakSet): Deleted.
(JSC::MarkedBlock::reapWeakSet): Deleted.
(JSC::MarkedBlock::willRemoveBlock): Deleted.
(JSC::MarkedBlock::didConsumeFreeList): Deleted.
(JSC::MarkedBlock::markCount): Deleted.
(JSC::MarkedBlock::isEmpty): Deleted.
(JSC::MarkedBlock::destruction): Deleted.
(JSC::MarkedBlock::cellKind): Deleted.
(JSC::MarkedBlock::size): Deleted.
(JSC::MarkedBlock::capacity): Deleted.
(JSC::MarkedBlock::setMarked): Deleted.
(JSC::MarkedBlock::clearMarked): Deleted.
(JSC::MarkedBlock::isNewlyAllocated): Deleted.
(JSC::MarkedBlock::setNewlyAllocated): Deleted.
(JSC::MarkedBlock::clearNewlyAllocated): Deleted.
(JSC::MarkedBlock::isLive): Deleted.
(JSC::MarkedBlock::isLiveCell): Deleted.
(JSC::MarkedBlock::forEachCell): Deleted.
(JSC::MarkedBlock::forEachLiveCell): Deleted.
(JSC::MarkedBlock::forEachDeadCell): Deleted.
(JSC::MarkedBlock::needsSweeping): Deleted.
(JSC::MarkedBlock::isAllocated): Deleted.
(JSC::MarkedBlock::isMarkedOrRetired): Deleted.
* heap/MarkedSpace.cpp:
(JSC::MarkedSpace::initializeSizeClassForStepSize):
(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::~MarkedSpace):
(JSC::MarkedSpace::lastChanceToFinalize):
(JSC::MarkedSpace::allocate):
(JSC::MarkedSpace::tryAllocate):
(JSC::MarkedSpace::allocateLarge):
(JSC::MarkedSpace::tryAllocateLarge):
(JSC::MarkedSpace::sweep):
(JSC::MarkedSpace::sweepLargeAllocations):
(JSC::MarkedSpace::zombifySweep):
(JSC::MarkedSpace::resetAllocators):
(JSC::MarkedSpace::visitWeakSets):
(JSC::MarkedSpace::reapWeakSets):
(JSC::MarkedSpace::stopAllocating):
(JSC::MarkedSpace::prepareForMarking):
(JSC::MarkedSpace::resumeAllocating):
(JSC::MarkedSpace::isPagedOut):
(JSC::MarkedSpace::freeBlock):
(JSC::MarkedSpace::freeOrShrinkBlock):
(JSC::MarkedSpace::shrink):
(JSC::MarkedSpace::clearNewlyAllocated):
(JSC::VerifyMarked::operator()):
(JSC::MarkedSpace::flip):
(JSC::MarkedSpace::objectCount):
(JSC::MarkedSpace::size):
(JSC::MarkedSpace::capacity):
(JSC::MarkedSpace::addActiveWeakSet):
(JSC::MarkedSpace::didAddBlock):
(JSC::MarkedSpace::didAllocateInBlock):
(JSC::MarkedSpace::forEachAllocator): Deleted.
(JSC::VerifyMarkedOrRetired::operator()): Deleted.
(JSC::MarkedSpace::clearMarks): Deleted.
* heap/MarkedSpace.h:
(JSC::MarkedSpace::sizeClassToIndex):
(JSC::MarkedSpace::indexToSizeClass):
(JSC::MarkedSpace::version):
(JSC::MarkedSpace::blocksWithNewObjects):
(JSC::MarkedSpace::largeAllocations):
(JSC::MarkedSpace::largeAllocationsNurseryOffset):
(JSC::MarkedSpace::largeAllocationsOffsetForThisCollection):
(JSC::MarkedSpace::largeAllocationsForThisCollectionBegin):
(JSC::MarkedSpace::largeAllocationsForThisCollectionEnd):
(JSC::MarkedSpace::largeAllocationsForThisCollectionSize):
(JSC::MarkedSpace::forEachLiveCell):
(JSC::MarkedSpace::forEachDeadCell):
(JSC::MarkedSpace::allocatorFor):
(JSC::MarkedSpace::destructorAllocatorFor):
(JSC::MarkedSpace::auxiliaryAllocatorFor):
(JSC::MarkedSpace::allocateWithoutDestructor):
(JSC::MarkedSpace::allocateWithDestructor):
(JSC::MarkedSpace::allocateAuxiliary):
(JSC::MarkedSpace::tryAllocateAuxiliary):
(JSC::MarkedSpace::forEachBlock):
(JSC::MarkedSpace::forEachAllocator):
(JSC::MarkedSpace::optimalSizeFor):
(JSC::MarkedSpace::didAddBlock): Deleted.
(JSC::MarkedSpace::didAllocateInBlock): Deleted.
(JSC::MarkedSpace::objectCount): Deleted.
(JSC::MarkedSpace::size): Deleted.
(JSC::MarkedSpace::capacity): Deleted.
* heap/SlotVisitor.cpp:
(JSC::SlotVisitor::SlotVisitor):
(JSC::SlotVisitor::didStartMarking):
(JSC::SlotVisitor::reset):
(JSC::SlotVisitor::append):
(JSC::SlotVisitor::appendJSCellOrAuxiliary):
(JSC::SlotVisitor::setMarkedAndAppendToMarkStack):
(JSC::SlotVisitor::appendToMarkStack):
(JSC::SlotVisitor::markAuxiliary):
(JSC::SlotVisitor::noteLiveAuxiliaryCell):
(JSC::SlotVisitor::visitChildren):
* heap/SlotVisitor.h:
* heap/WeakBlock.cpp:
(JSC::WeakBlock::create):
(JSC::WeakBlock::WeakBlock):
(JSC::WeakBlock::visit):
(JSC::WeakBlock::reap):
* heap/WeakBlock.h:
(JSC::WeakBlock::disconnectContainer):
(JSC::WeakBlock::disconnectMarkedBlock): Deleted.
* heap/WeakSet.cpp:
(JSC::WeakSet::~WeakSet):
(JSC::WeakSet::sweep):
(JSC::WeakSet::shrink):
(JSC::WeakSet::addAllocator):
* heap/WeakSet.h:
(JSC::WeakSet::container):
(JSC::WeakSet::setContainer):
(JSC::WeakSet::WeakSet):
(JSC::WeakSet::visit):
(JSC::WeakSet::shrink): Deleted.
* heap/WeakSetInlines.h:
(JSC::WeakSet::allocate):
* inspector/InjectedScriptManager.cpp:
* inspector/JSGlobalObjectInspectorController.cpp:
* inspector/JSJavaScriptCallFrame.cpp:
* inspector/ScriptDebugServer.cpp:
* inspector/agents/InspectorDebuggerAgent.cpp:
* interpreter/CachedCall.h:
(JSC::CachedCall::CachedCall):
* interpreter/Interpreter.cpp:
(JSC::loadVarargs):
(JSC::StackFrame::sourceID): Deleted.
(JSC::StackFrame::sourceURL): Deleted.
(JSC::StackFrame::functionName): Deleted.
(JSC::StackFrame::computeLineAndColumn): Deleted.
(JSC::StackFrame::toString): Deleted.
* interpreter/Interpreter.h:
(JSC::StackFrame::isNative): Deleted.
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::emitAllocateWithNonNullAllocator):
(JSC::AssemblyHelpers::emitAllocate):
(JSC::AssemblyHelpers::emitAllocateJSCell):
(JSC::AssemblyHelpers::emitAllocateJSObject):
(JSC::AssemblyHelpers::emitAllocateJSObjectWithKnownSize):
(JSC::AssemblyHelpers::emitAllocateVariableSized):
* jit/GCAwareJITStubRoutine.cpp:
(JSC::GCAwareJITStubRoutine::GCAwareJITStubRoutine):
* jit/JIT.cpp:
(JSC::JIT::compileCTINativeCall):
(JSC::JIT::link):
* jit/JIT.h:
(JSC::JIT::compileCTINativeCall): Deleted.
* jit/JITExceptions.cpp:
(JSC::genericUnwind):
* jit/JITExceptions.h:
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_new_object):
(JSC::JIT::emitSlow_op_new_object):
(JSC::JIT::emit_op_create_this):
(JSC::JIT::emitSlow_op_create_this):
* jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_new_object):
(JSC::JIT::emitSlow_op_new_object):
(JSC::JIT::emit_op_create_this):
(JSC::JIT::emitSlow_op_create_this):
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitWriteBarrier):
* jit/JITThunks.cpp:
* jit/JITThunks.h:
* jsc.cpp:
(functionDescribeArray):
(main):
* llint/LLIntData.cpp:
(JSC::LLInt::Data::performAssertions):
* llint/LLIntExceptions.cpp:
* llint/LLIntThunks.cpp:
* llint/LLIntThunks.h:
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter.cpp:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* parser/ModuleAnalyzer.cpp:
* parser/NodeConstructors.h:
* parser/Nodes.h:
* profiler/ProfilerBytecode.cpp:
* profiler/ProfilerBytecode.h:
* profiler/ProfilerBytecodeSequence.cpp:
* runtime/ArrayConventions.h:
(JSC::indexingHeaderForArrayStorage):
(JSC::baseIndexingHeaderForArrayStorage):
(JSC::indexingHeaderForArray): Deleted.
(JSC::baseIndexingHeaderForArray): Deleted.
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncSplice):
(JSC::concatAppendOne):
(JSC::arrayProtoPrivateFuncConcatMemcpy):
* runtime/ArrayStorage.h:
(JSC::ArrayStorage::vectorLength):
(JSC::ArrayStorage::totalSizeFor):
(JSC::ArrayStorage::totalSize):
(JSC::ArrayStorage::availableVectorLength):
(JSC::ArrayStorage::optimalVectorLength):
(JSC::ArrayStorage::sizeFor): Deleted.
* runtime/AuxiliaryBarrier.h: Added.
(JSC::AuxiliaryBarrier::AuxiliaryBarrier):
(JSC::AuxiliaryBarrier::clear):
(JSC::AuxiliaryBarrier::get):
(JSC::AuxiliaryBarrier::slot):
(JSC::AuxiliaryBarrier::operator bool):
(JSC::AuxiliaryBarrier::setWithoutBarrier):
* runtime/AuxiliaryBarrierInlines.h: Added.
(JSC::AuxiliaryBarrier<T>::AuxiliaryBarrier):
(JSC::AuxiliaryBarrier<T>::set):
* runtime/Butterfly.h:
* runtime/ButterflyInlines.h:
(JSC::Butterfly::availableContiguousVectorLength):
(JSC::Butterfly::optimalContiguousVectorLength):
(JSC::Butterfly::createUninitialized):
(JSC::Butterfly::growArrayRight):
* runtime/ClonedArguments.cpp:
(JSC::ClonedArguments::createEmpty):
* runtime/CommonSlowPathsExceptions.cpp:
* runtime/CommonSlowPathsExceptions.h:
* runtime/DataView.cpp:
* runtime/DirectArguments.h:
* runtime/ECMAScriptSpecInternalFunctions.cpp:
* runtime/Error.cpp:
* runtime/Error.h:
* runtime/ErrorInstance.cpp:
* runtime/ErrorInstance.h:
* runtime/Exception.cpp:
* runtime/Exception.h:
* runtime/GeneratorFrame.cpp:
* runtime/GeneratorPrototype.cpp:
* runtime/InternalFunction.cpp:
(JSC::InternalFunction::InternalFunction):
* runtime/IntlCollator.cpp:
* runtime/IntlCollatorConstructor.cpp:
* runtime/IntlCollatorPrototype.cpp:
* runtime/IntlDateTimeFormat.cpp:
* runtime/IntlDateTimeFormatConstructor.cpp:
* runtime/IntlDateTimeFormatPrototype.cpp:
* runtime/IntlNumberFormat.cpp:
* runtime/IntlNumberFormatConstructor.cpp:
* runtime/IntlNumberFormatPrototype.cpp:
* runtime/IntlObject.cpp:
* runtime/IteratorPrototype.cpp:
* runtime/JSArray.cpp:
(JSC::JSArray::tryCreateUninitialized):
(JSC::JSArray::setLengthWritable):
(JSC::JSArray::unshiftCountSlowCase):
(JSC::JSArray::setLengthWithArrayStorage):
(JSC::JSArray::appendMemcpy):
(JSC::JSArray::setLength):
(JSC::JSArray::pop):
(JSC::JSArray::push):
(JSC::JSArray::fastSlice):
(JSC::JSArray::shiftCountWithArrayStorage):
(JSC::JSArray::shiftCountWithAnyIndexingType):
(JSC::JSArray::unshiftCountWithArrayStorage):
(JSC::JSArray::fillArgList):
(JSC::JSArray::copyToArguments):
* runtime/JSArray.h:
(JSC::createContiguousArrayButterfly):
(JSC::createArrayButterfly):
(JSC::JSArray::create):
(JSC::JSArray::tryCreateUninitialized): Deleted.
* runtime/JSArrayBufferView.h:
* runtime/JSCInlines.h:
* runtime/JSCJSValue.cpp:
(JSC::JSValue::dumpInContextAssumingStructure):
* runtime/JSCallee.cpp:
(JSC::JSCallee::JSCallee):
* runtime/JSCell.cpp:
(JSC::JSCell::estimatedSize):
* runtime/JSCell.h:
(JSC::JSCell::cellStateOffset): Deleted.
* runtime/JSCellInlines.h:
(JSC::ExecState::vm):
(JSC::JSCell::classInfo):
(JSC::JSCell::callDestructor):
(JSC::JSCell::vm): Deleted.
* runtime/JSFunction.cpp:
(JSC::JSFunction::create):
(JSC::JSFunction::allocateAndInitializeRareData):
(JSC::JSFunction::initializeRareData):
(JSC::JSFunction::getOwnPropertySlot):
(JSC::JSFunction::put):
(JSC::JSFunction::deleteProperty):
(JSC::JSFunction::defineOwnProperty):
(JSC::JSFunction::setFunctionName):
(JSC::JSFunction::reifyLength):
(JSC::JSFunction::reifyName):
(JSC::JSFunction::reifyLazyPropertyIfNeeded):
(JSC::JSFunction::reifyBoundNameIfNeeded):
* runtime/JSFunction.h:
* runtime/JSFunctionInlines.h:
(JSC::JSFunction::createWithInvalidatedReallocationWatchpoint):
(JSC::JSFunction::JSFunction):
* runtime/JSGenericTypedArrayViewInlines.h:
(JSC::JSGenericTypedArrayView<Adaptor>::slowDownAndWasteMemory):
* runtime/JSInternalPromise.cpp:
* runtime/JSInternalPromiseConstructor.cpp:
* runtime/JSInternalPromiseDeferred.cpp:
* runtime/JSInternalPromisePrototype.cpp:
* runtime/JSJob.cpp:
* runtime/JSMapIterator.cpp:
* runtime/JSModuleNamespaceObject.cpp:
* runtime/JSModuleRecord.cpp:
* runtime/JSObject.cpp:
(JSC::JSObject::visitButterfly):
(JSC::JSObject::notifyPresenceOfIndexedAccessors):
(JSC::JSObject::createInitialIndexedStorage):
(JSC::JSObject::createInitialUndecided):
(JSC::JSObject::createInitialInt32):
(JSC::JSObject::createInitialDouble):
(JSC::JSObject::createInitialContiguous):
(JSC::JSObject::createArrayStorage):
(JSC::JSObject::createInitialArrayStorage):
(JSC::JSObject::convertUndecidedToInt32):
(JSC::JSObject::convertUndecidedToContiguous):
(JSC::JSObject::convertUndecidedToArrayStorage):
(JSC::JSObject::convertInt32ToDouble):
(JSC::JSObject::convertInt32ToArrayStorage):
(JSC::JSObject::convertDoubleToArrayStorage):
(JSC::JSObject::convertContiguousToArrayStorage):
(JSC::JSObject::putByIndexBeyondVectorLength):
(JSC::JSObject::putDirectIndexBeyondVectorLength):
(JSC::JSObject::getNewVectorLength):
(JSC::JSObject::increaseVectorLength):
(JSC::JSObject::ensureLengthSlow):
(JSC::JSObject::growOutOfLineStorage):
(JSC::JSObject::copyButterfly): Deleted.
(JSC::JSObject::copyBackingStore): Deleted.
* runtime/JSObject.h:
(JSC::JSObject::globalObject):
(JSC::JSObject::putDirectInternal):
(JSC::JSObject::setStructureAndReallocateStorageIfNecessary): Deleted.
* runtime/JSObjectInlines.h:
* runtime/JSPromise.cpp:
* runtime/JSPromiseConstructor.cpp:
* runtime/JSPromiseDeferred.cpp:
* runtime/JSPromisePrototype.cpp:
* runtime/JSPropertyNameIterator.cpp:
* runtime/JSScope.cpp:
(JSC::JSScope::resolve):
* runtime/JSScope.h:
(JSC::JSScope::globalObject):
(JSC::JSScope::vm): Deleted.
* runtime/JSSetIterator.cpp:
* runtime/JSStringIterator.cpp:
* runtime/JSTemplateRegistryKey.cpp:
* runtime/JSTypedArrayViewConstructor.cpp:
* runtime/JSTypedArrayViewPrototype.cpp:
* runtime/JSWeakMap.cpp:
* runtime/JSWeakSet.cpp:
* runtime/MapConstructor.cpp:
* runtime/MapIteratorPrototype.cpp:
* runtime/MapPrototype.cpp:
* runtime/NativeErrorConstructor.cpp:
* runtime/NativeStdFunctionCell.cpp:
* runtime/Operations.h:
(JSC::scribbleFreeCells):
(JSC::scribble):
* runtime/Options.h:
* runtime/PropertyTable.cpp:
* runtime/ProxyConstructor.cpp:
* runtime/ProxyObject.cpp:
* runtime/ProxyRevoke.cpp:
* runtime/RegExp.cpp:
(JSC::RegExp::match):
(JSC::RegExp::matchConcurrently):
(JSC::RegExp::matchCompareWithInterpreter):
* runtime/RegExp.h:
* runtime/RegExpConstructor.h:
* runtime/RegExpInlines.h:
(JSC::RegExp::matchInline):
* runtime/RegExpMatchesArray.h:
(JSC::tryCreateUninitializedRegExpMatchesArray):
(JSC::createRegExpMatchesArray):
* runtime/RegExpPrototype.cpp:
(JSC::genericSplit):
* runtime/RuntimeType.cpp:
* runtime/SamplingProfiler.cpp:
(JSC::SamplingProfiler::processUnverifiedStackTraces):
* runtime/SetConstructor.cpp:
* runtime/SetIteratorPrototype.cpp:
* runtime/SetPrototype.cpp:
* runtime/StackFrame.cpp: Added.
(JSC::StackFrame::sourceID):
(JSC::StackFrame::sourceURL):
(JSC::StackFrame::functionName):
(JSC::StackFrame::computeLineAndColumn):
(JSC::StackFrame::toString):
* runtime/StackFrame.h: Added.
(JSC::StackFrame::isNative):
* runtime/StringConstructor.cpp:
* runtime/StringIteratorPrototype.cpp:
* runtime/StructureInlines.h:
(JSC::Structure::propertyTable):
* runtime/TemplateRegistry.cpp:
* runtime/TestRunnerUtils.cpp:
(JSC::finalizeStatsAtEndOfTesting):
* runtime/TestRunnerUtils.h:
* runtime/TypeProfilerLog.cpp:
* runtime/TypeSet.cpp:
* runtime/VM.cpp:
(JSC::VM::VM):
(JSC::VM::ensureStackCapacityForCLoop):
(JSC::VM::isSafeToRecurseSoftCLoop):
* runtime/VM.h:
* runtime/VMEntryScope.h:
* runtime/VMInlines.h:
(JSC::VM::ensureStackCapacityFor):
(JSC::VM::isSafeToRecurseSoft):
* runtime/WeakMapConstructor.cpp:
* runtime/WeakMapData.cpp:
* runtime/WeakMapPrototype.cpp:
* runtime/WeakSetConstructor.cpp:
* runtime/WeakSetPrototype.cpp:
* testRegExp.cpp:
(testOneRegExp):
* tools/JSDollarVM.cpp:
* tools/JSDollarVMPrototype.cpp:
(JSC::JSDollarVMPrototype::isInObjectSpace):
Source/WebCore:
No new tests because no new WebCore behavior.
Just rewiring #includes.
* ForwardingHeaders/heap/HeapInlines.h: Added.
* ForwardingHeaders/interpreter/Interpreter.h: Removed.
* ForwardingHeaders/runtime/AuxiliaryBarrierInlines.h: Added.
* Modules/indexeddb/IDBCursorWithValue.cpp:
* Modules/indexeddb/client/TransactionOperation.cpp:
* Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
* Modules/indexeddb/server/UniqueIDBDatabase.cpp:
* bindings/js/JSApplePayPaymentAuthorizedEventCustom.cpp:
* bindings/js/JSApplePayPaymentMethodSelectedEventCustom.cpp:
* bindings/js/JSApplePayShippingContactSelectedEventCustom.cpp:
* bindings/js/JSApplePayShippingMethodSelectedEventCustom.cpp:
* bindings/js/JSClientRectCustom.cpp:
* bindings/js/JSDOMBinding.cpp:
* bindings/js/JSDOMBinding.h:
* bindings/js/JSDeviceMotionEventCustom.cpp:
* bindings/js/JSDeviceOrientationEventCustom.cpp:
* bindings/js/JSErrorEventCustom.cpp:
* bindings/js/JSIDBCursorWithValueCustom.cpp:
* bindings/js/JSIDBIndexCustom.cpp:
* bindings/js/JSPopStateEventCustom.cpp:
* bindings/js/JSWebGL2RenderingContextCustom.cpp:
* bindings/js/JSWorkerGlobalScopeCustom.cpp:
* bindings/js/WorkerScriptController.cpp:
* contentextensions/ContentExtensionParser.cpp:
* dom/ErrorEvent.cpp:
* html/HTMLCanvasElement.cpp:
* html/MediaDocument.cpp:
* inspector/CommandLineAPIModule.cpp:
* loader/EmptyClients.cpp:
* page/CaptionUserPreferences.cpp:
* page/Frame.cpp:
* page/PageGroup.cpp:
* page/UserContentController.cpp:
* platform/mock/mediasource/MockBox.cpp:
* testing/GCObservation.cpp:
Source/WebKit2:
Just rewiring some #includes.
* UIProcess/ViewGestureController.cpp:
* UIProcess/WebPageProxy.cpp:
* UIProcess/WebProcessPool.cpp:
* UIProcess/WebProcessProxy.cpp:
* WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp:
* WebProcess/Plugins/Netscape/JSNPObject.cpp:
Source/WTF:
I needed tryFastAlignedMalloc() so I added it.
* wtf/FastMalloc.cpp:
(WTF::tryFastAlignedMalloc):
* wtf/FastMalloc.h:
* wtf/ParkingLot.cpp:
(WTF::ParkingLot::forEachImpl):
(WTF::ParkingLot::forEach): Deleted.
* wtf/ParkingLot.h:
(WTF::ParkingLot::parkConditionally):
(WTF::ParkingLot::unparkOne):
(WTF::ParkingLot::forEach):
* wtf/ScopedLambda.h:
(WTF::scopedLambdaRef):
* wtf/SentinelLinkedList.h:
(WTF::SentinelLinkedList::forEach):
(WTF::RawNode>::takeFrom):
* wtf/SimpleStats.h:
(WTF::SimpleStats::operator bool):
(WTF::SimpleStats::operator!): Deleted.
Tools:
* DumpRenderTree/TestRunner.cpp:
* DumpRenderTree/mac/DumpRenderTree.mm:
(DumpRenderTreeMain):
* Scripts/run-jsc-stress-tests:
* TestWebKitAPI/Tests/WTF/Vector.cpp:
(TestWebKitAPI::TEST):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit214JSTestsChangeLog">releases/WebKitGTK/webkit-2.14/JSTests/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreAPIJSManagedValuemm">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/API/JSManagedValue.mm</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreAPIJSTypedArraycpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/API/JSTypedArray.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreAPIObjCCallbackFunctionmm">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/API/ObjCCallbackFunction.mm</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreAPIteststestapimm">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/API/tests/testapi.mm</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreCMakeListstxt">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/CMakeLists.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreChangeLog">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreScriptsbuiltinsbuiltins_generate_combined_implementationpy">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/Scripts/builtins/builtins_generate_combined_implementation.py</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreScriptsbuiltinsbuiltins_generate_internals_wrapper_implementationpy">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/Scripts/builtins/builtins_generate_internals_wrapper_implementation.py</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreScriptsbuiltinsbuiltins_generate_separate_implementationpy">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_implementation.py</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreassemblerAbstractMacroAssemblerh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreassemblerMacroAssemblerh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/assembler/MacroAssembler.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreassemblerMacroAssemblerARM64h">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/assembler/MacroAssemblerARM64.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreassemblerMacroAssemblerCodeRefh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/assembler/MacroAssemblerCodeRef.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreb3B3BasicBlockcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/b3/B3BasicBlock.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreb3B3BasicBlockh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/b3/B3BasicBlock.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreb3B3DuplicateTailscpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/b3/B3DuplicateTails.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreb3B3StackmapGenerationParamsh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/b3/B3StackmapGenerationParams.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreb3testb3cpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/b3/testb3.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebindingsScriptValuecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bindings/ScriptValue.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeAdaptiveInferredPropertyValueWatchpointBasecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/AdaptiveInferredPropertyValueWatchpointBase.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeBytecodeLivenessAnalysiscpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/BytecodeLivenessAnalysis.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeBytecodeRewritercpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/BytecodeRewriter.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeBytecodeUseDefh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/BytecodeUseDef.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeCallLinkInfocpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/CallLinkInfo.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeCallLinkInfoh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/CallLinkInfo.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeCallLinkStatuscpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/CallLinkStatus.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeCodeBlockcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/CodeBlock.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeCodeBlockh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/CodeBlock.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeExecutionCounterh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/ExecutionCounter.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeInstructionh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/Instruction.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeLLIntPrototypeLoadAdaptiveStructureWatchpointcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeObjectAllocationProfileh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/ObjectAllocationProfile.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeOpcodeh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/Opcode.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodePolymorphicAccesscpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodePolymorphicAccessh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/PolymorphicAccess.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeStructureStubInfocpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/StructureStubInfo.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeStructureStubInfoh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/StructureStubInfo.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeSuperSamplercpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/SuperSampler.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeSuperSamplerh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/SuperSampler.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeUnlinkedCodeBlockcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeUnlinkedCodeBlockh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeUnlinkedInstructionStreamcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/UnlinkedInstructionStream.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeUnlinkedInstructionStreamh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/UnlinkedInstructionStream.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoredfgDFGCallArrayAllocatorSlowPathGeneratorh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGCallArrayAllocatorSlowPathGenerator.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoredfgDFGOperationscpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGOperations.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoredfgDFGOperationsh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGOperations.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoredfgDFGSpeculativeJITcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoredfgDFGSpeculativeJITh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoredfgDFGSpeculativeJIT64cpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoredfgDFGStrengthReductionPhasecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreftlFTLAbstractHeapRepositoryh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreftlFTLCompilecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLCompile.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreftlFTLJITFinalizercpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreftlFTLLowerDFGToB3cpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreftlFTLOutputcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLOutput.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreftlFTLOutputh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLOutput.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreftlFTLValueFromBlockh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLValueFromBlock.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreftlFTLWeightedTargeth">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLWeightedTarget.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapConservativeRootscpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/ConservativeRoots.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapConservativeRootsh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/ConservativeRoots.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapCopyTokenh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/CopyToken.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapHeapcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/Heap.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapHeaph">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/Heap.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapHeapCellh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapCell.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapHeapInlinesh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapInlines.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapHeapOperationh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapOperation.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapIncrementalSweepercpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/IncrementalSweeper.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapIncrementalSweeperh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/IncrementalSweeper.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapMarkedAllocatorcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedAllocator.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapMarkedAllocatorh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedAllocator.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapMarkedBlockcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedBlock.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapMarkedBlockh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedBlock.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapMarkedSpacecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedSpace.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapMarkedSpaceh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedSpace.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapSlotVisitorcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/SlotVisitor.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapSlotVisitorh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/SlotVisitor.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapWeakBlockcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/WeakBlock.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapWeakBlockh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/WeakBlock.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapWeakSetcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/WeakSet.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapWeakSeth">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/WeakSet.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapWeakSetInlinesh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/WeakSetInlines.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreinspectorInjectedScriptManagercpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/inspector/InjectedScriptManager.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreinspectorJSGlobalObjectInspectorControllercpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/inspector/JSGlobalObjectInspectorController.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreinspectorJSJavaScriptCallFramecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/inspector/JSJavaScriptCallFrame.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreinspectorScriptDebugServercpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/inspector/ScriptDebugServer.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreinspectoragentsInspectorDebuggerAgentcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/inspector/agents/InspectorDebuggerAgent.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreinterpreterCachedCallh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/interpreter/CachedCall.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreinterpreterInterpretercpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/interpreter/Interpreter.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreinterpreterInterpreterh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/interpreter/Interpreter.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorejitAssemblyHelpersh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/AssemblyHelpers.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorejitCCallHelpersh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/CCallHelpers.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorejitGCAwareJITStubRoutinecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorejitJITcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JIT.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorejitJITh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JIT.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorejitJITExceptionscpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITExceptions.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorejitJITExceptionsh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITExceptions.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorejitJITOpcodescpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITOpcodes.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorejitJITOpcodes32_64cpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorejitJITOperationscpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITOperations.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorejitJITOperationsh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITOperations.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorejitJITPropertyAccesscpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITPropertyAccess.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorejitJITThunkscpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITThunks.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorejitJITThunksh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITThunks.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorejsccpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jsc.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorellintLLIntDatacpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LLIntData.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorellintLLIntExceptionscpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LLIntExceptions.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorellintLLIntThunkscpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LLIntThunks.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorellintLLIntThunksh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LLIntThunks.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorellintLowLevelInterpreterasm">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LowLevelInterpreter.asm</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorellintLowLevelInterpretercpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorellintLowLevelInterpreter32_64asm">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCorellintLowLevelInterpreter64asm">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreparserModuleAnalyzercpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/parser/ModuleAnalyzer.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreparserNodeConstructorsh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/parser/NodeConstructors.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreparserNodesh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/parser/Nodes.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreprofilerProfilerBytecodecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/profiler/ProfilerBytecode.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreprofilerProfilerBytecodeh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/profiler/ProfilerBytecode.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreprofilerProfilerBytecodeSequencecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/profiler/ProfilerBytecodeSequence.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeArrayConventionsh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ArrayConventions.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeArrayPrototypecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ArrayPrototype.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeArrayStorageh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ArrayStorage.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeButterflyh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Butterfly.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeButterflyInlinesh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ButterflyInlines.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeClonedArgumentscpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ClonedArguments.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeCommonSlowPathsExceptionscpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/CommonSlowPathsExceptions.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeCommonSlowPathsExceptionsh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/CommonSlowPathsExceptions.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeDataViewcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/DataView.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeDirectArgumentsh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/DirectArguments.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeECMAScriptSpecInternalFunctionscpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ECMAScriptSpecInternalFunctions.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeErrorcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Error.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeErrorh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Error.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeErrorInstancecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ErrorInstance.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeErrorInstanceh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ErrorInstance.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeExceptioncpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Exception.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeExceptionh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Exception.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeGeneratorPrototypecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/GeneratorPrototype.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeInternalFunctioncpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/InternalFunction.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeIntlCollatorcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlCollator.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeIntlCollatorConstructorcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlCollatorConstructor.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeIntlCollatorPrototypecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeIntlDateTimeFormatcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlDateTimeFormat.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeIntlDateTimeFormatConstructorcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlDateTimeFormatConstructor.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeIntlDateTimeFormatPrototypecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlDateTimeFormatPrototype.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeIntlNumberFormatcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlNumberFormat.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeIntlNumberFormatConstructorcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlNumberFormatConstructor.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeIntlNumberFormatPrototypecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlNumberFormatPrototype.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeIntlObjectcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlObject.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeIteratorPrototypecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IteratorPrototype.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSArraycpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSArray.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSArrayh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSArray.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSArrayBufferViewh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSArrayBufferView.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSCInlinesh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCInlines.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSCJSValuecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCJSValue.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSCalleecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCallee.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSCellcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCell.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSCellh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCell.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSCellInlinesh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCellInlines.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSFunctioncpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSFunction.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSFunctionh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSFunction.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSFunctionInlinesh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSFunctionInlines.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSGenericTypedArrayViewInlinesh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSInternalPromisecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSInternalPromise.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSInternalPromiseConstructorcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSInternalPromiseConstructor.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSInternalPromiseDeferredcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSInternalPromiseDeferred.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSInternalPromisePrototypecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSInternalPromisePrototype.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSJobcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSJob.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSMapIteratorcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSMapIterator.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSModuleNamespaceObjectcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSModuleNamespaceObject.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSModuleRecordcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSModuleRecord.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSObjectcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSObject.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSObjecth">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSObject.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSObjectInlinesh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSObjectInlines.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSPromisecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSPromise.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSPromiseConstructorcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSPromiseConstructor.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSPromiseDeferredcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSPromiseDeferred.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSPromisePrototypecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSPromisePrototype.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSPropertyNameIteratorcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSPropertyNameIterator.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSScopecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSScope.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSScopeh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSScope.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSSetIteratorcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSSetIterator.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSStringIteratorcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSStringIterator.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSTemplateRegistryKeycpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSTemplateRegistryKey.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSTypedArrayViewConstructorcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSTypedArrayViewConstructor.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSTypedArrayViewPrototypecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSWeakMapcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSWeakMap.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSWeakSetcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSWeakSet.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeMapConstructorcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/MapConstructor.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeMapIteratorPrototypecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/MapIteratorPrototype.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeMapPrototypecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/MapPrototype.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeNativeErrorConstructorcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/NativeErrorConstructor.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeNativeStdFunctionCellcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/NativeStdFunctionCell.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeOperationsh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Operations.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeOptionscpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Options.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeOptionsh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Options.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimePropertyTablecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/PropertyTable.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeProxyConstructorcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ProxyConstructor.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeProxyObjectcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ProxyObject.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeProxyRevokecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ProxyRevoke.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeRegExpcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExp.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeRegExph">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExp.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeRegExpConstructorh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExpConstructor.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeRegExpInlinesh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExpInlines.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeRegExpMatchesArrayh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExpMatchesArray.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeRegExpPrototypecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExpPrototype.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeRuntimeTypecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RuntimeType.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeSamplingProfilercpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/SamplingProfiler.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeSetConstructorcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/SetConstructor.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeSetIteratorPrototypecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/SetIteratorPrototype.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeSetPrototypecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/SetPrototype.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeStringConstructorcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/StringConstructor.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeStringIteratorPrototypecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/StringIteratorPrototype.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeStructureInlinesh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/StructureInlines.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeTemplateRegistrycpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/TemplateRegistry.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeTestRunnerUtilscpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/TestRunnerUtils.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeTestRunnerUtilsh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/TestRunnerUtils.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeThrowScopecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ThrowScope.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeTypeProfilerLogcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/TypeProfilerLog.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeTypeSetcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/TypeSet.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeVMcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/VM.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeVMh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/VM.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeVMEntryScopeh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/VMEntryScope.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeVMInlinesh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/VMInlines.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeWeakMapConstructorcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/WeakMapConstructor.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeWeakMapDatacpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/WeakMapData.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeWeakMapPrototypecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/WeakMapPrototype.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeWeakSetConstructorcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/WeakSetConstructor.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeWeakSetPrototypecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/WeakSetPrototype.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoretestRegExpcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/testRegExp.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoretoolsJSDollarVMcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/tools/JSDollarVM.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoretoolsJSDollarVMPrototypecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/tools/JSDollarVMPrototype.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWTFChangeLog">releases/WebKitGTK/webkit-2.14/Source/WTF/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWTFwtfFastMalloccpp">releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/FastMalloc.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWTFwtfFastMalloch">releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/FastMalloc.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWTFwtfParkingLotcpp">releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/ParkingLot.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWTFwtfParkingLoth">releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/ParkingLot.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWTFwtfScopedLambdah">releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/ScopedLambda.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWTFwtfSentinelLinkedListh">releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/SentinelLinkedList.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWTFwtfSimpleStatsh">releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/SimpleStats.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCoreChangeLog">releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCoreModulesindexeddbIDBCursorWithValuecpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/Modules/indexeddb/IDBCursorWithValue.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCoreModulesindexeddbclientTransactionOperationcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/Modules/indexeddb/client/TransactionOperation.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCoreModulesindexeddbserverSQLiteIDBBackingStorecpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCoreModulesindexeddbserverUniqueIDBDatabasecpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSApplePayPaymentAuthorizedEventCustomcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSApplePayPaymentAuthorizedEventCustom.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSApplePayPaymentMethodSelectedEventCustomcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSApplePayPaymentMethodSelectedEventCustom.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSApplePayShippingContactSelectedEventCustomcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSApplePayShippingContactSelectedEventCustom.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSApplePayShippingMethodSelectedEventCustomcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSApplePayShippingMethodSelectedEventCustom.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSClientRectCustomcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSClientRectCustom.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSDOMBindingcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSDOMBinding.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSDOMBindingh">releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSDOMBinding.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSDeviceMotionEventCustomcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSDeviceMotionEventCustom.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSDeviceOrientationEventCustomcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSDeviceOrientationEventCustom.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSErrorEventCustomcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSErrorEventCustom.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSIDBCursorWithValueCustomcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSIDBCursorWithValueCustom.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSIDBIndexCustomcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSIDBIndexCustom.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSPerformanceTimingCustomcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSPerformanceTimingCustom.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSPopStateEventCustomcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSPopStateEventCustom.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSWebGL2RenderingContextCustomcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSWebGL2RenderingContextCustom.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSWorkerGlobalScopeCustomcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSWorkerGlobalScopeCustom.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorebindingsjsWorkerScriptControllercpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/WorkerScriptController.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorecontentextensionsContentExtensionParsercpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/contentextensions/ContentExtensionParser.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCoredomErrorEventcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/dom/ErrorEvent.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorehtmlHTMLCanvasElementcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/html/HTMLCanvasElement.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorehtmlMediaDocumentcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/html/MediaDocument.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCoreinspectorCommandLineAPIModulecpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/inspector/CommandLineAPIModule.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCoreloaderEmptyClientscpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/loader/EmptyClients.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorepageCaptionUserPreferencescpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/page/CaptionUserPreferences.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorepageFramecpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/page/Frame.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorepagePageGroupcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/page/PageGroup.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorepageUserContentControllercpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/page/UserContentController.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCoreplatformmockmediasourceMockBoxcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/mock/mediasource/MockBox.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCoretestingGCObservationcpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/testing/GCObservation.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebKit2ChangeLog">releases/WebKitGTK/webkit-2.14/Source/WebKit2/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebKit2UIProcessViewGestureControllercpp">releases/WebKitGTK/webkit-2.14/Source/WebKit2/UIProcess/ViewGestureController.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebKit2UIProcessWebPageProxycpp">releases/WebKitGTK/webkit-2.14/Source/WebKit2/UIProcess/WebPageProxy.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebKit2UIProcessWebProcessPoolcpp">releases/WebKitGTK/webkit-2.14/Source/WebKit2/UIProcess/WebProcessPool.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebKit2UIProcessWebProcessProxycpp">releases/WebKitGTK/webkit-2.14/Source/WebKit2/UIProcess/WebProcessProxy.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebKit2WebProcessInjectedBundleDOMInjectedBundleRangeHandlecpp">releases/WebKitGTK/webkit-2.14/Source/WebKit2/WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebKit2WebProcessPluginsNetscapeJSNPObjectcpp">releases/WebKitGTK/webkit-2.14/Source/WebKit2/WebProcess/Plugins/Netscape/JSNPObject.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourcebmallocChangeLog">releases/WebKitGTK/webkit-2.14/Source/bmalloc/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourcebmallocbmallocAllocatorcpp">releases/WebKitGTK/webkit-2.14/Source/bmalloc/bmalloc/Allocator.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourcebmallocbmallocAllocatorh">releases/WebKitGTK/webkit-2.14/Source/bmalloc/bmalloc/Allocator.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourcebmallocbmallocCacheh">releases/WebKitGTK/webkit-2.14/Source/bmalloc/bmalloc/Cache.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214Sourcebmallocbmallocbmalloch">releases/WebKitGTK/webkit-2.14/Source/bmalloc/bmalloc/bmalloc.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214ToolsChangeLog">releases/WebKitGTK/webkit-2.14/Tools/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit214ToolsDumpRenderTreeTestRunnercpp">releases/WebKitGTK/webkit-2.14/Tools/DumpRenderTree/TestRunner.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214ToolsDumpRenderTreemacDumpRenderTreemm">releases/WebKitGTK/webkit-2.14/Tools/DumpRenderTree/mac/DumpRenderTree.mm</a></li>
<li><a href="#releasesWebKitGTKwebkit214ToolsScriptsrunjscstresstests">releases/WebKitGTK/webkit-2.14/Tools/Scripts/run-jsc-stress-tests</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit214JSTestsstressarraystoragearrayunshiftjs">releases/WebKitGTK/webkit-2.14/JSTests/stress/array-storage-array-unshift.js</a></li>
<li><a href="#releasesWebKitGTKwebkit214JSTestsstresscontiguousarrayunshiftjs">releases/WebKitGTK/webkit-2.14/JSTests/stress/contiguous-array-unshift.js</a></li>
<li><a href="#releasesWebKitGTKwebkit214JSTestsstressdoublearrayunshiftjs">releases/WebKitGTK/webkit-2.14/JSTests/stress/double-array-unshift.js</a></li>
<li><a href="#releasesWebKitGTKwebkit214JSTestsstressint32arrayunshiftjs">releases/WebKitGTK/webkit-2.14/JSTests/stress/int32-array-unshift.js</a></li>
<li><a href="#releasesWebKitGTKwebkit214JSTestsstressunshiftarraystoragejs">releases/WebKitGTK/webkit-2.14/JSTests/stress/unshift-array-storage.js</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreassemblerMacroAssemblerCodeRefcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/assembler/MacroAssemblerCodeRef.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapCellContainerh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/CellContainer.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapCellContainerInlinesh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/CellContainerInlines.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapFreeListcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/FreeList.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapFreeListh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/FreeList.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapGCTypeMaph">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/GCTypeMap.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapHeapCellInlinesh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapCellInlines.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapHeapOperationcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapOperation.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapHeapUtilh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapUtil.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapLargeAllocationcpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/LargeAllocation.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreheapLargeAllocationh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/LargeAllocation.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeArrayConventionscpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ArrayConventions.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeAuxiliaryBarrierh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/AuxiliaryBarrier.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeAuxiliaryBarrierInlinesh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/AuxiliaryBarrierInlines.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeStackFramecpp">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/StackFrame.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeStackFrameh">releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/StackFrame.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCoreForwardingHeadersheapHeapInlinesh">releases/WebKitGTK/webkit-2.14/Source/WebCore/ForwardingHeaders/heap/HeapInlines.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCoreForwardingHeadersruntimeAuxiliaryBarrierInlinesh">releases/WebKitGTK/webkit-2.14/Source/WebCore/ForwardingHeaders/runtime/AuxiliaryBarrierInlines.h</a></li>
</ul>
<h3>Removed Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCoreForwardingHeadersinterpreterInterpreterh">releases/WebKitGTK/webkit-2.14/Source/WebCore/ForwardingHeaders/interpreter/Interpreter.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="releasesWebKitGTKwebkit214JSTestsChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/JSTests/ChangeLog (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/JSTests/ChangeLog 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/JSTests/ChangeLog 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,3 +1,18 @@
</span><ins>+2016-08-31 Filip Pizlo <fpizlo@apple.com>
+
+ Butterflies should be allocated in Auxiliary MarkedSpace instead of CopiedSpace and we should rewrite as much of the GC as needed to make this not a regression
+ https://bugs.webkit.org/show_bug.cgi?id=160125
+
+ Reviewed by Geoffrey Garen and Keith Miller.
+
+ Most of the things I did properly covered by existing tests, but I found some simple cases of
+ unshifting that had sketchy coverage.
+
+ * stress/array-storage-array-unshift.js: Added.
+ * stress/contiguous-array-unshift.js: Added.
+ * stress/double-array-unshift.js: Added.
+ * stress/int32-array-unshift.js: Added.
+
</ins><span class="cx"> 2016-09-01 JF Bastien <jfbastien@apple.com>
</span><span class="cx">
</span><span class="cx"> GetByIdWithThis/GetByValWithThis should have ValueProfiles so that they can predict their result types
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214JSTestsstressarraystoragearrayunshiftjs"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.14/JSTests/stress/array-storage-array-unshift.js (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/JSTests/stress/array-storage-array-unshift.js (rev 0)
+++ releases/WebKitGTK/webkit-2.14/JSTests/stress/array-storage-array-unshift.js 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,8 @@
</span><ins>+//@ runDefault
+var x = [2.5, 1.5];
+x.length = 1000000000;
+x.length = 2;
+Array.prototype.unshift.call(x, 3.5);
+if (x.toString() != "3.5,2.5,1.5")
+ throw "Error: bad result: " + describe(x);
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214JSTestsstresscontiguousarrayunshiftjs"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.14/JSTests/stress/contiguous-array-unshift.js (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/JSTests/stress/contiguous-array-unshift.js (rev 0)
+++ releases/WebKitGTK/webkit-2.14/JSTests/stress/contiguous-array-unshift.js 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,6 @@
</span><ins>+//@ runDefault
+var x = ['b', 'a'];
+Array.prototype.unshift.call(x, 'c');
+if (x.toString() != "c,b,a")
+ throw "Error: bad result: " + describe(x);
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214JSTestsstressdoublearrayunshiftjs"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.14/JSTests/stress/double-array-unshift.js (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/JSTests/stress/double-array-unshift.js (rev 0)
+++ releases/WebKitGTK/webkit-2.14/JSTests/stress/double-array-unshift.js 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,6 @@
</span><ins>+//@ runDefault
+var x = [2.5, 1.5];
+Array.prototype.unshift.call(x, 3.5);
+if (x.toString() != "3.5,2.5,1.5")
+ throw "Error: bad result: " + describe(x);
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214JSTestsstressint32arrayunshiftjs"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.14/JSTests/stress/int32-array-unshift.js (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/JSTests/stress/int32-array-unshift.js (rev 0)
+++ releases/WebKitGTK/webkit-2.14/JSTests/stress/int32-array-unshift.js 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,6 @@
</span><ins>+//@ runDefault
+var x = [2, 1];
+Array.prototype.unshift.call(x, 3);
+if (x.toString() != "3,2,1")
+ throw "Error: bad result: " + describe(x);
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214JSTestsstressunshiftarraystoragejs"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.14/JSTests/stress/unshift-array-storage.js (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/JSTests/stress/unshift-array-storage.js (rev 0)
+++ releases/WebKitGTK/webkit-2.14/JSTests/stress/unshift-array-storage.js 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+//@ runMiscFTLNoCJITTest("--scribbleFreeCells=true", "--deferGCShouldCollectWithProbability=true", "--deferGCProbability=1")
+
+// Create some array storage.
+var array = [];
+ensureArrayStorage(array);
+
+for (var i = 0; i < 1000; ++i)
+ array.push(i);
+
+array.unshift(1, 2, 3, 4); // This will crash if we aren't careful about when we GC during unshift.
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreAPIJSManagedValuemm"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/API/JSManagedValue.mm (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/API/JSManagedValue.mm 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/API/JSManagedValue.mm 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -213,6 +213,7 @@
</span><span class="cx"> m_owners = [[NSMapTable alloc] initWithKeyOptions:weakIDOptions valueOptions:integerOptions capacity:1];
</span><span class="cx">
</span><span class="cx"> JSC::JSValue jsValue = toJS(exec, [value JSValueRef]);
</span><ins>+ dataLog("Creating managed value with value ", jsValue, "\n");
</ins><span class="cx"> if (jsValue.isObject())
</span><span class="cx"> m_weakValue.setObject(JSC::jsCast<JSC::JSObject*>(jsValue.asCell()), self);
</span><span class="cx"> else if (jsValue.isString())
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreAPIJSTypedArraycpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/API/JSTypedArray.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/API/JSTypedArray.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/API/JSTypedArray.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -32,7 +32,7 @@
</span><span class="cx"> #include "ClassInfo.h"
</span><span class="cx"> #include "Error.h"
</span><span class="cx"> #include "JSArrayBufferViewInlines.h"
</span><del>-#include "JSCJSValueInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSDataView.h"
</span><span class="cx"> #include "JSGenericTypedArrayViewInlines.h"
</span><span class="cx"> #include "JSTypedArrays.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreAPIObjCCallbackFunctionmm"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/API/ObjCCallbackFunction.mm (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/API/ObjCCallbackFunction.mm 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/API/ObjCCallbackFunction.mm 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -31,9 +31,8 @@
</span><span class="cx"> #import "APICallbackFunction.h"
</span><span class="cx"> #import "APICast.h"
</span><span class="cx"> #import "Error.h"
</span><del>-#import "JSCJSValueInlines.h"
</del><span class="cx"> #import "JSCell.h"
</span><del>-#import "JSCellInlines.h"
</del><ins>+#import "JSCInlines.h"
</ins><span class="cx"> #import "JSContextInternal.h"
</span><span class="cx"> #import "JSWrapperMap.h"
</span><span class="cx"> #import "JSValueInternal.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreAPIteststestapimm"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/API/tests/testapi.mm (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/API/tests/testapi.mm 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/API/tests/testapi.mm 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -510,33 +510,6 @@
</span><span class="cx"> return nullptr;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-// This test is flaky. Since GC marks C stack and registers as roots conservatively,
-// objects not referenced logically can be accidentally marked and alive.
-// To avoid this situation as possible as we can,
-// 1. run this test first before stack is polluted,
-// 2. extract this test as a function to suppress stack height.
-static void testWeakValue()
-{
- @autoreleasepool {
- JSVirtualMachine *vm = [[JSVirtualMachine alloc] init];
- TestObject *testObject = [TestObject testObject];
- JSManagedValue *weakValue;
- @autoreleasepool {
- JSContext *context = [[JSContext alloc] initWithVirtualMachine:vm];
- context[@"testObject"] = testObject;
- weakValue = [[JSManagedValue alloc] initWithValue:context[@"testObject"]];
- }
-
- @autoreleasepool {
- JSContext *context = [[JSContext alloc] initWithVirtualMachine:vm];
- context[@"testObject"] = testObject;
- JSSynchronousGarbageCollectForDebugging([context JSGlobalContextRef]);
- checkResult(@"weak value == nil", ![weakValue value]);
- checkResult(@"root is still alive", !context[@"testObject"].isUndefined);
- }
- }
-}
-
</del><span class="cx"> static void testObjectiveCAPIMain()
</span><span class="cx"> {
</span><span class="cx"> @autoreleasepool {
</span><span class="lines">@@ -1513,7 +1486,6 @@
</span><span class="cx"> {
</span><span class="cx"> NSLog(@"Testing Objective-C API");
</span><span class="cx"> checkNegativeNSIntegers();
</span><del>- testWeakValue();
</del><span class="cx"> testObjectiveCAPIMain();
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreCMakeListstxt"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/CMakeLists.txt (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/CMakeLists.txt 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/CMakeLists.txt 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -66,6 +66,7 @@
</span><span class="cx"> assembler/MacroAssembler.cpp
</span><span class="cx"> assembler/MacroAssemblerARM.cpp
</span><span class="cx"> assembler/MacroAssemblerARMv7.cpp
</span><ins>+ assembler/MacroAssemblerCodeRef.cpp
</ins><span class="cx"> assembler/MacroAssemblerPrinter.cpp
</span><span class="cx"> assembler/MacroAssemblerX86Common.cpp
</span><span class="cx">
</span><span class="lines">@@ -447,6 +448,7 @@
</span><span class="cx"> heap/DestructionMode.cpp
</span><span class="cx"> heap/EdenGCActivityCallback.cpp
</span><span class="cx"> heap/FullGCActivityCallback.cpp
</span><ins>+ heap/FreeList.cpp
</ins><span class="cx"> heap/GCActivityCallback.cpp
</span><span class="cx"> heap/GCLogging.cpp
</span><span class="cx"> heap/HandleSet.cpp
</span><span class="lines">@@ -454,6 +456,7 @@
</span><span class="cx"> heap/Heap.cpp
</span><span class="cx"> heap/HeapCell.cpp
</span><span class="cx"> heap/HeapHelperPool.cpp
</span><ins>+ heap/HeapOperation.cpp
</ins><span class="cx"> heap/HeapProfiler.cpp
</span><span class="cx"> heap/HeapSnapshot.cpp
</span><span class="cx"> heap/HeapSnapshotBuilder.cpp
</span><span class="lines">@@ -462,6 +465,7 @@
</span><span class="cx"> heap/HeapVerifier.cpp
</span><span class="cx"> heap/IncrementalSweeper.cpp
</span><span class="cx"> heap/JITStubRoutineSet.cpp
</span><ins>+ heap/LargeAllocation.cpp
</ins><span class="cx"> heap/LiveObjectList.cpp
</span><span class="cx"> heap/MachineStackMarker.cpp
</span><span class="cx"> heap/MarkStack.cpp
</span><span class="lines">@@ -619,6 +623,7 @@
</span><span class="cx"> runtime/ArrayBufferNeuteringWatchpoint.cpp
</span><span class="cx"> runtime/ArrayBufferView.cpp
</span><span class="cx"> runtime/ArrayConstructor.cpp
</span><ins>+ runtime/ArrayConventions.cpp
</ins><span class="cx"> runtime/ArrayIteratorPrototype.cpp
</span><span class="cx"> runtime/ArrayPrototype.cpp
</span><span class="cx"> runtime/BasicBlockLocation.cpp
</span><span class="lines">@@ -799,6 +804,7 @@
</span><span class="cx"> runtime/SimpleTypedArrayController.cpp
</span><span class="cx"> runtime/SmallStrings.cpp
</span><span class="cx"> runtime/SparseArrayValueMap.cpp
</span><ins>+ runtime/StackFrame.cpp
</ins><span class="cx"> runtime/StrictEvalActivation.cpp
</span><span class="cx"> runtime/StringConstructor.cpp
</span><span class="cx"> runtime/StringIteratorPrototype.cpp
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ChangeLog (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ChangeLog 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ChangeLog 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,3 +1,1098 @@
</span><ins>+2016-08-31 Filip Pizlo <fpizlo@apple.com>
+
+ Butterflies should be allocated in Auxiliary MarkedSpace instead of CopiedSpace and we should rewrite as much of the GC as needed to make this not a regression
+ https://bugs.webkit.org/show_bug.cgi?id=160125
+
+ Reviewed by Geoffrey Garen and Keith Miller.
+
+ In order to make the GC concurrent (bug 149432), we would either need to enable concurrent
+ copying or we would need to not copy. Concurrent copying carries a 1-2% throughput overhead
+ from the barriers alone. Considering that MarkedSpace does a decent job of avoiding
+ fragmentation, it's unlikely that it's worth paying 1-2% throughput for copying. So, we want
+ to get rid of copied space. This change moves copied space's biggest client over to marked
+ space.
+
+ Moving butterflies to marked space means having them use the new Auxiliary HeapCell
+ allocation path. This is a fairly mechanical change, but it caused performance regressions
+ everywhere, so this change also fixes MarkedSpace's performance issues.
+
+ At a high level the mechanical changes are:
+
+ - We use AuxiliaryBarrier instead of CopyBarrier.
+
+ - We use tryAllocateAuxiliary instead of tryAllocateStorage. I got rid of the silly
+ CheckedBoolean stuff, since it's so much more trouble than it's worth.
+
+ - The JITs have to emit inlined marked space allocations instead of inline copy space
+ allocations.
+
+ - Everyone has to get used to zeroing their butterflies after allocation instead of relying
+ on them being pre-zeroed by the GC. Copied space would zero things for you, while marked
+ space doesn't.
+
+ That's about 1/3 of this change. But this led to performance problems, which I fixed with
+ optimizations that amounted to a major MarkedSpace rewrite:
+
+ - MarkedSpace always causes internal fragmentation for array allocations because the vector
+ length we choose when we resize usually leads to a cell size that doesn't correspond to any
+ size class. I got around this by making array allocations usually round up vectorLength to
+ the maximum allowed by the size class that we would have allocated in. Also,
+ ensureLengthSlow() and friends first make sure that the requested length can't just be
+ fulfilled with the current allocation size. This safeguard means that not every array
+ allocation has to do size class queries. For example, the fast path of new Array(length)
+ never does any size class queries, under the assumption that (1) the speed gained from
+ avoiding an ensureLengthSlow() call, which then just changes the vectorLength by doing the
+ size class query, is too small to offset the speed lost by doing the query on every
+ allocation and (2) new Array(length) is a pretty good hint that resizing is not very
+ likely.
+
+ - Size classes in MarkedSpace were way too precise, which led to external fragmentation. This
+ changes MarkedSpace size classes to use a linear progression for very small sizes followed
+ by a geometric progression that naturally transitions to a hyperbolic progression. We want
+ hyperbolic sizes when we get close to blockSize: for example the largest size we want is
+ payloadSize / 2 rounded down, to ensure we get exactly two cells with minimal slop. The
+ next size down should be payloadSize / 3 rounded down, and so on. After the last precise
+ size (80 bytes), we proceed using a geometric progression, but round up each size to
+ minimize slop at the end of the block. This naturally causes the geometric progression to
+ turn hyperbolic for large sizes. The size class configuration happens at VM start-up, so
+ it can be controlled with runtime options. I found that a base of 1.4 works pretty well.
+
+ - Large allocations caused massive internal fragmentation, since the smallest large
+ allocation had to use exactly blockSize, and the largest small allocation used
+ blockSize / 2. The next size up - the first large allocation size to require two blocks -
+ also had 50% internal fragmentation. This is because we required large allocations to be
+ blockSize aligned, so that MarkedBlock::blockFor() would work. I decided to rewrite all of
+ that. Cells no longer have to be owned by a MarkedBlock. They can now alternatively be
+ owned by a LargeAllocation. These two things are abstracted as CellContainer. You know that
+ a cell is owned by a LargeAllocation if the MarkedBlock::atomSize / 2 bit is set.
+ Basically, large allocations are deliberately misaligned by 8 bytes. This actually works
+ out great since (1) typed arrays won't use large allocations anyway since they have their
+ own malloc fallback and (2) large array butterflies already have a 8 byte header, which
+ means that the 8 byte base misalignment aligns the large array payload on a 16 byte
+ boundary. I took extreme care to make sure that the isLargeAllocation bit checks are as
+ rare as possible; for example, ExecState::vm() skips the check because we know that callees
+ must be small allocations. It's also possible to use template tricks to do one check for
+ cell container kind, and then invoke a function specialized for MarkedBlock or a function
+ specialized for LargeAllocation. LargeAllocation includes stubs for all MarkedBlock methods
+ that get used from functions that are template-specialized like this. That's mostly to
+ speed up the GC marking code. Most other code can use CellContainer API or HeapCell API
+ directly. That's another thing: HeapCell, the common base of JSCell and auxiliary
+ allocations, is now smart enough to do a lot of things for you, like HeapCell::vm(),
+ HeapCell::heap(), HeapCell::isLargeAllocation(), and HeapCell::cellContainer(). The size
+ cutoff for large allocations is runtime-configurable, so long as you don't choose something
+ so small that callees end up large. I found that 400 bytes is roughly optimal. This means
+ that the MarkedBlock size classes end up being:
+
+ 16, 32, 48, 64, 80, 112, 160, 224, 320
+
+ The next size class would have been 432, but that's above the 400 byte cutoff. All of this
+ is configurable with --sizeClassProgression and --largeAllocationCutoff. You can see what
+ size classes you end up with by doing --dumpSizeClasses=true.
+
+ - Copied space uses 64KB blocks, while marked space used to use 16KB blocks. Allocating a lot
+ of stuff in 16KB blocks was slower than allocating it in 64KB blocks because the GC had a
+ lot of per-block overhead. I removed this overhead: It's now 2x faster to scan all
+ MarkedBlocks because the list that contains the interesting meta-data is allocated on the
+ side, for better locality during a sequential walk. It's no longer necessary to scan
+ MarkedBlocks to find WeakSets, since the sets of WeakSets for eden scan and full scan are
+ maintained on-the-fly. It's no longer necessary to scan all MarkedBlocks to clear mark
+ bits because we now use versioned mark bits: to clear then, just increment the 64-bit
+ heap version. It's no longer necessary to scan retired MarkedBlocks while allocating
+ because marking retires them on-the-fly. It's no longer necessary to sort all blocks in
+ the IncrementalSweeper's snapshot because blocks now know if they are in the snapshot. Put
+ together, these optimizations allowed me to reduce block size to 16KB without losing much
+ performance. There is some small perf loss on JetStream/splay, but not enough to hurt
+ JetStream overall. I tried reducing block sizes further, to 4KB, since that is a
+ progression on membuster. That's not possible yet, since there is still enough per-block
+ overhead yet that such a reduction hurts JetStream too much. I filed a bug about improving
+ this further: https://bugs.webkit.org/show_bug.cgi?id=161581.
+
+ - Even after all of that, copying butterflies was still faster because it allowed us to skip
+ sweeping dead space. A good GC allocates over dead bytes without explicitly freeing them,
+ so the GC pause is O(size of live), not O(size of live + dead). O(dead) is usually much
+ larger than O(live), especially in an eden collection. Copying satisfies this premise while
+ mark+sweep does not. So, I invented a new kind of allocator: bump'n'pop. Previously, our
+ MarkedSpace allocator was a freelist pop. That's simple and easy to inline but requires
+ that we walk the block to build a free list. This means walking dead space. The new
+ allocator allows totally free MarkedBlocks to simply set up a bump-pointer arena instead.
+ The allocator is a hybrid of bump-pointer and freelist pop. It tries bump first. The bump
+ pointer always bumps by cellSize, so the result of filling a block with bumping looks as if
+ we had used freelist popping to fill it. Additionally, each MarkedBlock now has a bit to
+ quickly tell if the block is entirely free. This makes sweeping O(1) whenever a MarkedBlock
+ is completely empty, which is the common case because of the generational hypothesis: the
+ number of objects that survive an eden collection is a tiny fraction of the number of
+ objects that had been allocated, and this fraction is so small that there are typically
+ fewer than one survivors per MarkedBlock. This change was enough to make this change a net
+ win over tip-of-tree.
+
+ - FTL now shares the same allocation fast paths as everything else, which is great, because
+ bump'n'pop has gnarly control flow. We don't really want B3 to have to think about that
+ control flow, since it won't be able to improve the machine code we write ourselves. GC
+ fast paths are best written in assembly. So, I've empowered B3 to have even better support
+ for Patchpoint terminals. It's now totally fine for a Patchpoint terminal to be non-Void.
+ So, the new FTL allocation fast paths are just Patchpoint terminals that call through to
+ AssemblyHelpers::emitAllocate(). B3 still reasons about things like constant-folding the
+ size class calculation and constant-hoisting the allocator. Also, I gave the FTL the
+ ability to constant-fold some allocator logic (in case we first assume that we're doing a
+ variable-length allocation but then realize that the length is known). I think it makes
+ sense to have constant folding rules in FTL::Output, or whatever the B3 IR builder is,
+ since this makes lowering easier (you can constant fold during lowering more easily) and it
+ reduces the amount of malloc traffic. In the future, we could teach B3 how to better
+ constant-fold this code. That would require allowing loads to be constant-folded, which is
+ doable but hella tricky.
+
+ - It used to be that if a logical object allocation required two physical allocations (first
+ the butterfly and then the cell), then the JIT would emit the code in such a way that a
+ failure in the second fast path would cause us to forget the successful first physical
+ allocation. This was pointlessly wasteful. It turns out that it's very cheap to devote a
+ register to storing either the butterfly or null, because the butterfly register is anyway
+ going to be free inside the first allocation. The only overhead here is zeroing the
+ butterfly register. With that in place, we can just pass the butterfly-or-null to the slow
+ path, which can then either allocate a butterfly or not. So now we never waste a successful
+ allocation. This patch implements such a solution both in DFG (where it's easy to do this
+ since we control registers already) and in FTL (where it's annoying, because mutable
+ "butterfly-or-null" variables are hard to say in SSA; also I realized that we had code
+ duplicated the JSArray allocation utility, so I deduplicated it). This came up because in
+ one version of this patch, this wastage would resonate with some Kraken benchmark: the
+ benchmark would always allocate N small things followed by one bigger thing. The problem
+ was I accidentally adjusted the various fixed overheads in MarkedBlock in such a way that
+ the JSObject size class, which both the small and big thing shared for their cell, could
+ hold exactly N cells per MarkedBlock. Then the benchmark would always call slow path when
+ it allocated the big thing. So, it would end up having to allocate the big thing's large
+ butterfly twice, every single time! Ouch!
+
+ - It used to be that we zeroed CopiedBlocks using memset, and so array allocations enjoyed
+ amortization of the cost of zeroing. This doesn't work anymore - it's now up to the client
+ of the allocator to initialize the object to whatever state they need. It used to be that
+ we would just use a dumb loop. I initially changed this so that we would end up in memset
+ for large allocations, but this didn't actually help performance that much. I got a much
+ better result by playing with different memsets written in assembly. First I wrote one
+ using non-temporal stores. That was a small speed-up over memset. Then I tried the classic
+ "rep stos" approach, and holy cow that version was fast. It's a ~20% speed-up on array
+ allocation microbenchmarks. So, this patch adds code paths to do "rep stos" on x86_64, or
+ memset, or use a loop, as appropriate, for both "contiguous" arrays (holes are zero) and
+ double arrays (holes are PNaN). Note that the JIT always emits either a loop or a flat slab
+ of stores (if the size is known), but those paths in the JIT won't trigger for
+ NewArrayWithSize() if the size is large, since that takes us to the
+ operationNewArrayWithSize() slow path, which calls into JSArray::create(). That's why the
+ optimizations here are all in JSArray::create() - that's the hot place for large arrays
+ that need to be filled with holes.
+
+ All of this put together gives us neutral perf on JetStream, membuster, and PLT3, a ~1%
+ regression on Speedometer, and up to a 4% regression Kraken. The Kraken regression is
+ because Kraken was allocating exactly 1024 element arrays at a rate of 400MB/sec. This is a
+ best-case scenario for bump allocation. I think that we should fix bmalloc to make up the
+ difference, but take the hit for now because it's a crazy corner case. By comparison, the
+ alternative approach of using a copy barrier would have cost us 1-2%. That's the real
+ apples-to-apples comparison if your premise is that we should have a concurrent GC. After we
+ finish removing copied space, we will be barrier-ready for concurrent GC: we already have a
+ marking barrier and we simply won't need a copying barrier. This change gets us there for
+ the purposes of our benchmarks, since the remaining clients of copied space are not very
+ important. On the other hand, if we keep copying, then getting barrier-ready would mean
+ adding back the copy barrier, which costs more perf.
+
+ We might get bigger speed-ups once we remove CopiedSpace altogether. That requires moving
+ typed arrays and a few other weird things over to Aux MarkedSpace.
+
+ This also includes some header sanitization. The introduction of AuxiliaryBarrier, HeapCell,
+ and CellContainer meant that I had to include those files from everywhere. Fortunately,
+ just including JSCInlines.h (instead of manually including the files that includes) is
+ usually enough. So, I made most of JSC's cpp files include JSCInlines.h, which is something
+ that we were already basically doing. In places where JSCInlines.h would be too much, I just
+ included HeapInlines.h. This got weird, because we previously included HeapInlines.h from
+ JSObject.h. That's bad because it led to some circular dependencies, so I fixed it - but that
+ meant having to manually include HeapInlines.h from the places that previously got it
+ implicitly via JSObject.h. But that led to more problems for some reason: I started getting
+ build errors because non-JSC files were having trouble including Opcode.h. That's just silly,
+ since Opcode.h is meant to be an internal JSC header. So, I made it an internal header and
+ made it impossible to include it from outside JSC. This was a lot of work, but it was
+ necessary to get the patch to build on all ports. It's also a net win. There were many places
+ in WebCore that were transitively including a *ton* of JSC headers just because of the
+ JSObject.h->HeapInlines.h edge and a bunch of dependency edges that arose from some public
+ (for WebCore) JSC headers needing Interpreter.h or Opcode.h for bad reasons.
+
+ * API/JSManagedValue.mm:
+ (-[JSManagedValue initWithValue:]):
+ * API/JSTypedArray.cpp:
+ * API/ObjCCallbackFunction.mm:
+ * API/tests/testapi.mm:
+ (testObjectiveCAPI):
+ (testWeakValue): Deleted.
+ * CMakeLists.txt:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * Scripts/builtins/builtins_generate_combined_implementation.py:
+ (BuiltinsCombinedImplementationGenerator.generate_secondary_header_includes):
+ * Scripts/builtins/builtins_generate_internals_wrapper_implementation.py:
+ (BuiltinsInternalsWrapperImplementationGenerator.generate_secondary_header_includes):
+ * Scripts/builtins/builtins_generate_separate_implementation.py:
+ (BuiltinsSeparateImplementationGenerator.generate_secondary_header_includes):
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::JumpList::link):
+ (JSC::AbstractMacroAssembler::JumpList::linkTo):
+ * assembler/MacroAssembler.h:
+ * assembler/MacroAssemblerARM64.h:
+ (JSC::MacroAssemblerARM64::add32):
+ * assembler/MacroAssemblerCodeRef.cpp: Added.
+ (JSC::MacroAssemblerCodePtr::createLLIntCodePtr):
+ (JSC::MacroAssemblerCodePtr::dumpWithName):
+ (JSC::MacroAssemblerCodePtr::dump):
+ (JSC::MacroAssemblerCodeRef::createLLIntCodeRef):
+ (JSC::MacroAssemblerCodeRef::dump):
+ * assembler/MacroAssemblerCodeRef.h:
+ (JSC::MacroAssemblerCodePtr::createLLIntCodePtr): Deleted.
+ (JSC::MacroAssemblerCodePtr::dumpWithName): Deleted.
+ (JSC::MacroAssemblerCodePtr::dump): Deleted.
+ (JSC::MacroAssemblerCodeRef::createLLIntCodeRef): Deleted.
+ (JSC::MacroAssemblerCodeRef::dump): Deleted.
+ * b3/B3BasicBlock.cpp:
+ (JSC::B3::BasicBlock::appendBoolConstant):
+ * b3/B3BasicBlock.h:
+ * b3/B3DuplicateTails.cpp:
+ * b3/B3StackmapGenerationParams.h:
+ * b3/testb3.cpp:
+ (JSC::B3::testPatchpointTerminalReturnValue):
+ (JSC::B3::run):
+ * bindings/ScriptValue.cpp:
+ * bytecode/AdaptiveInferredPropertyValueWatchpointBase.cpp:
+ * bytecode/BytecodeBasicBlock.cpp:
+ * bytecode/BytecodeLivenessAnalysis.cpp:
+ * bytecode/BytecodeUseDef.h:
+ * bytecode/CallLinkInfo.cpp:
+ (JSC::CallLinkInfo::callTypeFor):
+ * bytecode/CallLinkInfo.h:
+ (JSC::CallLinkInfo::callTypeFor): Deleted.
+ * bytecode/CallLinkStatus.cpp:
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::finishCreation):
+ (JSC::CodeBlock::clearLLIntGetByIdCache):
+ (JSC::CodeBlock::predictedMachineCodeSize):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::jitCodeMap): Deleted.
+ (JSC::clearLLIntGetByIdCache): Deleted.
+ * bytecode/ExecutionCounter.h:
+ * bytecode/Instruction.h:
+ * bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp:
+ (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal):
+ * bytecode/ObjectAllocationProfile.h:
+ (JSC::ObjectAllocationProfile::isNull):
+ (JSC::ObjectAllocationProfile::initialize):
+ * bytecode/Opcode.h:
+ (JSC::padOpcodeName):
+ * bytecode/PolymorphicAccess.cpp:
+ (JSC::AccessCase::generateImpl):
+ (JSC::PolymorphicAccess::regenerate):
+ * bytecode/PolymorphicAccess.h:
+ * bytecode/PreciseJumpTargets.cpp:
+ * bytecode/StructureStubInfo.cpp:
+ * bytecode/StructureStubInfo.h:
+ * bytecode/UnlinkedCodeBlock.cpp:
+ (JSC::UnlinkedCodeBlock::vm): Deleted.
+ * bytecode/UnlinkedCodeBlock.h:
+ * bytecode/UnlinkedInstructionStream.cpp:
+ * bytecode/UnlinkedInstructionStream.h:
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::emitAllocateRawObject):
+ (JSC::DFG::SpeculativeJIT::compileMakeRope):
+ (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
+ (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::emitAllocateJSCell):
+ (JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::compileAllocateNewArrayWithSize):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::compileAllocateNewArrayWithSize):
+ * dfg/DFGStrengthReductionPhase.cpp:
+ (JSC::DFG::StrengthReductionPhase::handleNode):
+ * ftl/FTLAbstractHeapRepository.h:
+ * ftl/FTLCompile.cpp:
+ * ftl/FTLJITFinalizer.cpp:
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::compileCreateDirectArguments):
+ (JSC::FTL::DFG::LowerDFGToB3::compileCreateRest):
+ (JSC::FTL::DFG::LowerDFGToB3::allocateArrayWithSize):
+ (JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSize):
+ (JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
+ (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
+ (JSC::FTL::DFG::LowerDFGToB3::initializeArrayElements):
+ (JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorageWithSizeImpl):
+ (JSC::FTL::DFG::LowerDFGToB3::allocateHeapCell):
+ (JSC::FTL::DFG::LowerDFGToB3::allocateCell):
+ (JSC::FTL::DFG::LowerDFGToB3::allocateObject):
+ (JSC::FTL::DFG::LowerDFGToB3::allocatorForSize):
+ (JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedObject):
+ (JSC::FTL::DFG::LowerDFGToB3::allocateJSArray):
+ (JSC::FTL::DFG::LowerDFGToB3::compileAllocateArrayWithSize): Deleted.
+ * ftl/FTLOutput.cpp:
+ (JSC::FTL::Output::constBool):
+ (JSC::FTL::Output::add):
+ (JSC::FTL::Output::shl):
+ (JSC::FTL::Output::aShr):
+ (JSC::FTL::Output::lShr):
+ (JSC::FTL::Output::zeroExt):
+ (JSC::FTL::Output::equal):
+ (JSC::FTL::Output::notEqual):
+ (JSC::FTL::Output::above):
+ (JSC::FTL::Output::aboveOrEqual):
+ (JSC::FTL::Output::below):
+ (JSC::FTL::Output::belowOrEqual):
+ (JSC::FTL::Output::greaterThan):
+ (JSC::FTL::Output::greaterThanOrEqual):
+ (JSC::FTL::Output::lessThan):
+ (JSC::FTL::Output::lessThanOrEqual):
+ (JSC::FTL::Output::select):
+ (JSC::FTL::Output::appendSuccessor):
+ (JSC::FTL::Output::addIncomingToPhi):
+ * ftl/FTLOutput.h:
+ * ftl/FTLValueFromBlock.h:
+ (JSC::FTL::ValueFromBlock::operator bool):
+ (JSC::FTL::ValueFromBlock::ValueFromBlock): Deleted.
+ * ftl/FTLWeightedTarget.h:
+ (JSC::FTL::WeightedTarget::frequentedBlock):
+ * heap/CellContainer.h: Added.
+ (JSC::CellContainer::CellContainer):
+ (JSC::CellContainer::operator bool):
+ (JSC::CellContainer::isMarkedBlock):
+ (JSC::CellContainer::isLargeAllocation):
+ (JSC::CellContainer::markedBlock):
+ (JSC::CellContainer::largeAllocation):
+ * heap/CellContainerInlines.h: Added.
+ (JSC::CellContainer::isMarked):
+ (JSC::CellContainer::isMarkedOrNewlyAllocated):
+ (JSC::CellContainer::noteMarked):
+ (JSC::CellContainer::cellSize):
+ (JSC::CellContainer::weakSet):
+ (JSC::CellContainer::flipIfNecessary):
+ * heap/ConservativeRoots.cpp:
+ (JSC::ConservativeRoots::ConservativeRoots):
+ (JSC::ConservativeRoots::~ConservativeRoots):
+ (JSC::ConservativeRoots::grow):
+ (JSC::ConservativeRoots::genericAddPointer):
+ (JSC::ConservativeRoots::genericAddSpan):
+ * heap/ConservativeRoots.h:
+ (JSC::ConservativeRoots::roots):
+ * heap/CopyToken.h:
+ * heap/FreeList.cpp: Added.
+ (JSC::FreeList::dump):
+ * heap/FreeList.h: Added.
+ (JSC::FreeList::FreeList):
+ (JSC::FreeList::list):
+ (JSC::FreeList::bump):
+ (JSC::FreeList::operator==):
+ (JSC::FreeList::operator!=):
+ (JSC::FreeList::operator bool):
+ (JSC::FreeList::allocationWillFail):
+ (JSC::FreeList::allocationWillSucceed):
+ * heap/GCTypeMap.h: Added.
+ (JSC::GCTypeMap::operator[]):
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::lastChanceToFinalize):
+ (JSC::Heap::finalizeUnconditionalFinalizers):
+ (JSC::Heap::markRoots):
+ (JSC::Heap::copyBackingStores):
+ (JSC::Heap::gatherStackRoots):
+ (JSC::Heap::gatherJSStackRoots):
+ (JSC::Heap::gatherScratchBufferRoots):
+ (JSC::Heap::clearLivenessData):
+ (JSC::Heap::visitSmallStrings):
+ (JSC::Heap::visitConservativeRoots):
+ (JSC::Heap::removeDeadCompilerWorklistEntries):
+ (JSC::Heap::gatherExtraHeapSnapshotData):
+ (JSC::Heap::removeDeadHeapSnapshotNodes):
+ (JSC::Heap::visitProtectedObjects):
+ (JSC::Heap::visitArgumentBuffers):
+ (JSC::Heap::visitException):
+ (JSC::Heap::visitStrongHandles):
+ (JSC::Heap::visitHandleStack):
+ (JSC::Heap::visitSamplingProfiler):
+ (JSC::Heap::traceCodeBlocksAndJITStubRoutines):
+ (JSC::Heap::converge):
+ (JSC::Heap::visitWeakHandles):
+ (JSC::Heap::updateObjectCounts):
+ (JSC::Heap::clearUnmarkedExecutables):
+ (JSC::Heap::deleteUnmarkedCompiledCode):
+ (JSC::Heap::collectAllGarbage):
+ (JSC::Heap::collect):
+ (JSC::Heap::collectWithoutAnySweep):
+ (JSC::Heap::collectImpl):
+ (JSC::Heap::suspendCompilerThreads):
+ (JSC::Heap::willStartCollection):
+ (JSC::Heap::flushOldStructureIDTables):
+ (JSC::Heap::flushWriteBarrierBuffer):
+ (JSC::Heap::stopAllocation):
+ (JSC::Heap::prepareForMarking):
+ (JSC::Heap::reapWeakHandles):
+ (JSC::Heap::pruneStaleEntriesFromWeakGCMaps):
+ (JSC::Heap::sweepArrayBuffers):
+ (JSC::MarkedBlockSnapshotFunctor::MarkedBlockSnapshotFunctor):
+ (JSC::MarkedBlockSnapshotFunctor::operator()):
+ (JSC::Heap::snapshotMarkedSpace):
+ (JSC::Heap::deleteSourceProviderCaches):
+ (JSC::Heap::notifyIncrementalSweeper):
+ (JSC::Heap::writeBarrierCurrentlyExecutingCodeBlocks):
+ (JSC::Heap::resetAllocators):
+ (JSC::Heap::updateAllocationLimits):
+ (JSC::Heap::didFinishCollection):
+ (JSC::Heap::resumeCompilerThreads):
+ (JSC::Zombify::visit):
+ (JSC::Heap::forEachCodeBlockImpl):
+ * heap/Heap.h:
+ (JSC::Heap::allocatorForObjectWithoutDestructor):
+ (JSC::Heap::allocatorForObjectWithDestructor):
+ (JSC::Heap::allocatorForAuxiliaryData):
+ (JSC::Heap::jitStubRoutines):
+ (JSC::Heap::codeBlockSet):
+ (JSC::Heap::storageAllocator): Deleted.
+ * heap/HeapCell.h:
+ (JSC::HeapCell::isZapped): Deleted.
+ * heap/HeapCellInlines.h: Added.
+ (JSC::HeapCell::isLargeAllocation):
+ (JSC::HeapCell::cellContainer):
+ (JSC::HeapCell::markedBlock):
+ (JSC::HeapCell::largeAllocation):
+ (JSC::HeapCell::heap):
+ (JSC::HeapCell::vm):
+ (JSC::HeapCell::cellSize):
+ (JSC::HeapCell::allocatorAttributes):
+ (JSC::HeapCell::destructionMode):
+ (JSC::HeapCell::cellKind):
+ * heap/HeapInlines.h:
+ (JSC::Heap::heap):
+ (JSC::Heap::isLive):
+ (JSC::Heap::isMarked):
+ (JSC::Heap::testAndSetMarked):
+ (JSC::Heap::setMarked):
+ (JSC::Heap::cellSize):
+ (JSC::Heap::forEachCodeBlock):
+ (JSC::Heap::allocateObjectOfType):
+ (JSC::Heap::subspaceForObjectOfType):
+ (JSC::Heap::allocatorForObjectOfType):
+ (JSC::Heap::allocateAuxiliary):
+ (JSC::Heap::tryAllocateAuxiliary):
+ (JSC::Heap::tryReallocateAuxiliary):
+ (JSC::Heap::isPointerGCObject): Deleted.
+ (JSC::Heap::isValueGCObject): Deleted.
+ * heap/HeapOperation.cpp: Added.
+ (WTF::printInternal):
+ * heap/HeapOperation.h:
+ * heap/HeapUtil.h: Added.
+ (JSC::HeapUtil::findGCObjectPointersForMarking):
+ (JSC::HeapUtil::isPointerGCObjectJSCell):
+ (JSC::HeapUtil::isValueGCObject):
+ * heap/IncrementalSweeper.cpp:
+ (JSC::IncrementalSweeper::sweepNextBlock):
+ * heap/IncrementalSweeper.h:
+ * heap/LargeAllocation.cpp: Added.
+ (JSC::LargeAllocation::tryCreate):
+ (JSC::LargeAllocation::LargeAllocation):
+ (JSC::LargeAllocation::lastChanceToFinalize):
+ (JSC::LargeAllocation::shrink):
+ (JSC::LargeAllocation::visitWeakSet):
+ (JSC::LargeAllocation::reapWeakSet):
+ (JSC::LargeAllocation::flip):
+ (JSC::LargeAllocation::isEmpty):
+ (JSC::LargeAllocation::sweep):
+ (JSC::LargeAllocation::destroy):
+ (JSC::LargeAllocation::dump):
+ * heap/LargeAllocation.h: Added.
+ (JSC::LargeAllocation::fromCell):
+ (JSC::LargeAllocation::cell):
+ (JSC::LargeAllocation::isLargeAllocation):
+ (JSC::LargeAllocation::heap):
+ (JSC::LargeAllocation::vm):
+ (JSC::LargeAllocation::weakSet):
+ (JSC::LargeAllocation::clearNewlyAllocated):
+ (JSC::LargeAllocation::isNewlyAllocated):
+ (JSC::LargeAllocation::isMarked):
+ (JSC::LargeAllocation::isMarkedOrNewlyAllocated):
+ (JSC::LargeAllocation::isLive):
+ (JSC::LargeAllocation::hasValidCell):
+ (JSC::LargeAllocation::cellSize):
+ (JSC::LargeAllocation::aboveLowerBound):
+ (JSC::LargeAllocation::belowUpperBound):
+ (JSC::LargeAllocation::contains):
+ (JSC::LargeAllocation::attributes):
+ (JSC::LargeAllocation::flipIfNecessary):
+ (JSC::LargeAllocation::flipIfNecessaryConcurrently):
+ (JSC::LargeAllocation::testAndSetMarked):
+ (JSC::LargeAllocation::setMarked):
+ (JSC::LargeAllocation::clearMarked):
+ (JSC::LargeAllocation::noteMarked):
+ (JSC::LargeAllocation::headerSize):
+ * heap/MarkedAllocator.cpp:
+ (JSC::MarkedAllocator::MarkedAllocator):
+ (JSC::MarkedAllocator::isPagedOut):
+ (JSC::MarkedAllocator::retire):
+ (JSC::MarkedAllocator::filterNextBlock):
+ (JSC::MarkedAllocator::setNextBlockToSweep):
+ (JSC::MarkedAllocator::tryAllocateWithoutCollectingImpl):
+ (JSC::MarkedAllocator::tryAllocateWithoutCollecting):
+ (JSC::MarkedAllocator::allocateSlowCase):
+ (JSC::MarkedAllocator::tryAllocateSlowCase):
+ (JSC::MarkedAllocator::allocateSlowCaseImpl):
+ (JSC::blockHeaderSize):
+ (JSC::MarkedAllocator::blockSizeForBytes):
+ (JSC::MarkedAllocator::tryAllocateBlock):
+ (JSC::MarkedAllocator::addBlock):
+ (JSC::MarkedAllocator::removeBlock):
+ (JSC::MarkedAllocator::stopAllocating):
+ (JSC::MarkedAllocator::reset):
+ (JSC::MarkedAllocator::lastChanceToFinalize):
+ (JSC::MarkedAllocator::setFreeList):
+ (JSC::isListPagedOut): Deleted.
+ (JSC::MarkedAllocator::tryAllocateHelper): Deleted.
+ (JSC::MarkedAllocator::tryPopFreeList): Deleted.
+ (JSC::MarkedAllocator::tryAllocate): Deleted.
+ (JSC::MarkedAllocator::allocateBlock): Deleted.
+ * heap/MarkedAllocator.h:
+ (JSC::MarkedAllocator::takeLastActiveBlock):
+ (JSC::MarkedAllocator::offsetOfFreeList):
+ (JSC::MarkedAllocator::offsetOfCellSize):
+ (JSC::MarkedAllocator::tryAllocate):
+ (JSC::MarkedAllocator::allocate):
+ (JSC::MarkedAllocator::forEachBlock):
+ (JSC::MarkedAllocator::offsetOfFreeListHead): Deleted.
+ (JSC::MarkedAllocator::MarkedAllocator): Deleted.
+ (JSC::MarkedAllocator::init): Deleted.
+ (JSC::MarkedAllocator::stopAllocating): Deleted.
+ * heap/MarkedBlock.cpp:
+ (JSC::MarkedBlock::tryCreate):
+ (JSC::MarkedBlock::Handle::Handle):
+ (JSC::MarkedBlock::Handle::~Handle):
+ (JSC::MarkedBlock::MarkedBlock):
+ (JSC::MarkedBlock::Handle::specializedSweep):
+ (JSC::MarkedBlock::Handle::sweep):
+ (JSC::MarkedBlock::Handle::sweepHelperSelectScribbleMode):
+ (JSC::MarkedBlock::Handle::sweepHelperSelectStateAndSweepMode):
+ (JSC::MarkedBlock::Handle::unsweepWithNoNewlyAllocated):
+ (JSC::SetNewlyAllocatedFunctor::SetNewlyAllocatedFunctor):
+ (JSC::SetNewlyAllocatedFunctor::operator()):
+ (JSC::MarkedBlock::Handle::stopAllocating):
+ (JSC::MarkedBlock::Handle::lastChanceToFinalize):
+ (JSC::MarkedBlock::Handle::resumeAllocating):
+ (JSC::MarkedBlock::Handle::zap):
+ (JSC::MarkedBlock::Handle::forEachFreeCell):
+ (JSC::MarkedBlock::flipIfNecessary):
+ (JSC::MarkedBlock::Handle::flipIfNecessary):
+ (JSC::MarkedBlock::flipIfNecessarySlow):
+ (JSC::MarkedBlock::flipIfNecessaryConcurrentlySlow):
+ (JSC::MarkedBlock::clearMarks):
+ (JSC::MarkedBlock::assertFlipped):
+ (JSC::MarkedBlock::needsFlip):
+ (JSC::MarkedBlock::Handle::needsFlip):
+ (JSC::MarkedBlock::Handle::willRemoveBlock):
+ (JSC::MarkedBlock::Handle::didConsumeFreeList):
+ (JSC::MarkedBlock::markCount):
+ (JSC::MarkedBlock::Handle::isEmpty):
+ (JSC::MarkedBlock::clearHasAnyMarked):
+ (JSC::MarkedBlock::noteMarkedSlow):
+ (WTF::printInternal):
+ (JSC::MarkedBlock::create): Deleted.
+ (JSC::MarkedBlock::destroy): Deleted.
+ (JSC::MarkedBlock::callDestructor): Deleted.
+ (JSC::MarkedBlock::specializedSweep): Deleted.
+ (JSC::MarkedBlock::sweep): Deleted.
+ (JSC::MarkedBlock::sweepHelper): Deleted.
+ (JSC::MarkedBlock::stopAllocating): Deleted.
+ (JSC::MarkedBlock::clearMarksWithCollectionType): Deleted.
+ (JSC::MarkedBlock::lastChanceToFinalize): Deleted.
+ (JSC::MarkedBlock::resumeAllocating): Deleted.
+ (JSC::MarkedBlock::didRetireBlock): Deleted.
+ * heap/MarkedBlock.h:
+ (JSC::MarkedBlock::VoidFunctor::returnValue):
+ (JSC::MarkedBlock::CountFunctor::CountFunctor):
+ (JSC::MarkedBlock::CountFunctor::count):
+ (JSC::MarkedBlock::CountFunctor::returnValue):
+ (JSC::MarkedBlock::Handle::hasAnyNewlyAllocated):
+ (JSC::MarkedBlock::Handle::isOnBlocksToSweep):
+ (JSC::MarkedBlock::Handle::setIsOnBlocksToSweep):
+ (JSC::MarkedBlock::Handle::state):
+ (JSC::MarkedBlock::needsDestruction):
+ (JSC::MarkedBlock::handle):
+ (JSC::MarkedBlock::Handle::block):
+ (JSC::MarkedBlock::firstAtom):
+ (JSC::MarkedBlock::atoms):
+ (JSC::MarkedBlock::isAtomAligned):
+ (JSC::MarkedBlock::Handle::cellAlign):
+ (JSC::MarkedBlock::blockFor):
+ (JSC::MarkedBlock::Handle::allocator):
+ (JSC::MarkedBlock::Handle::heap):
+ (JSC::MarkedBlock::Handle::vm):
+ (JSC::MarkedBlock::vm):
+ (JSC::MarkedBlock::Handle::weakSet):
+ (JSC::MarkedBlock::weakSet):
+ (JSC::MarkedBlock::Handle::shrink):
+ (JSC::MarkedBlock::Handle::visitWeakSet):
+ (JSC::MarkedBlock::Handle::reapWeakSet):
+ (JSC::MarkedBlock::Handle::cellSize):
+ (JSC::MarkedBlock::cellSize):
+ (JSC::MarkedBlock::Handle::attributes):
+ (JSC::MarkedBlock::attributes):
+ (JSC::MarkedBlock::Handle::needsDestruction):
+ (JSC::MarkedBlock::Handle::destruction):
+ (JSC::MarkedBlock::Handle::cellKind):
+ (JSC::MarkedBlock::Handle::markCount):
+ (JSC::MarkedBlock::Handle::size):
+ (JSC::MarkedBlock::atomNumber):
+ (JSC::MarkedBlock::flipIfNecessary):
+ (JSC::MarkedBlock::flipIfNecessaryConcurrently):
+ (JSC::MarkedBlock::Handle::flipIfNecessary):
+ (JSC::MarkedBlock::Handle::flipIfNecessaryConcurrently):
+ (JSC::MarkedBlock::Handle::flipForEdenCollection):
+ (JSC::MarkedBlock::assertFlipped):
+ (JSC::MarkedBlock::Handle::assertFlipped):
+ (JSC::MarkedBlock::isMarked):
+ (JSC::MarkedBlock::testAndSetMarked):
+ (JSC::MarkedBlock::Handle::isNewlyAllocated):
+ (JSC::MarkedBlock::Handle::setNewlyAllocated):
+ (JSC::MarkedBlock::Handle::clearNewlyAllocated):
+ (JSC::MarkedBlock::Handle::isMarkedOrNewlyAllocated):
+ (JSC::MarkedBlock::isMarkedOrNewlyAllocated):
+ (JSC::MarkedBlock::Handle::isLive):
+ (JSC::MarkedBlock::isAtom):
+ (JSC::MarkedBlock::Handle::isLiveCell):
+ (JSC::MarkedBlock::Handle::forEachCell):
+ (JSC::MarkedBlock::Handle::forEachLiveCell):
+ (JSC::MarkedBlock::Handle::forEachDeadCell):
+ (JSC::MarkedBlock::Handle::needsSweeping):
+ (JSC::MarkedBlock::Handle::isAllocated):
+ (JSC::MarkedBlock::Handle::isMarked):
+ (JSC::MarkedBlock::Handle::isFreeListed):
+ (JSC::MarkedBlock::hasAnyMarked):
+ (JSC::MarkedBlock::noteMarked):
+ (WTF::MarkedBlockHash::hash):
+ (JSC::MarkedBlock::FreeList::FreeList): Deleted.
+ (JSC::MarkedBlock::allocator): Deleted.
+ (JSC::MarkedBlock::heap): Deleted.
+ (JSC::MarkedBlock::shrink): Deleted.
+ (JSC::MarkedBlock::visitWeakSet): Deleted.
+ (JSC::MarkedBlock::reapWeakSet): Deleted.
+ (JSC::MarkedBlock::willRemoveBlock): Deleted.
+ (JSC::MarkedBlock::didConsumeFreeList): Deleted.
+ (JSC::MarkedBlock::markCount): Deleted.
+ (JSC::MarkedBlock::isEmpty): Deleted.
+ (JSC::MarkedBlock::destruction): Deleted.
+ (JSC::MarkedBlock::cellKind): Deleted.
+ (JSC::MarkedBlock::size): Deleted.
+ (JSC::MarkedBlock::capacity): Deleted.
+ (JSC::MarkedBlock::setMarked): Deleted.
+ (JSC::MarkedBlock::clearMarked): Deleted.
+ (JSC::MarkedBlock::isNewlyAllocated): Deleted.
+ (JSC::MarkedBlock::setNewlyAllocated): Deleted.
+ (JSC::MarkedBlock::clearNewlyAllocated): Deleted.
+ (JSC::MarkedBlock::isLive): Deleted.
+ (JSC::MarkedBlock::isLiveCell): Deleted.
+ (JSC::MarkedBlock::forEachCell): Deleted.
+ (JSC::MarkedBlock::forEachLiveCell): Deleted.
+ (JSC::MarkedBlock::forEachDeadCell): Deleted.
+ (JSC::MarkedBlock::needsSweeping): Deleted.
+ (JSC::MarkedBlock::isAllocated): Deleted.
+ (JSC::MarkedBlock::isMarkedOrRetired): Deleted.
+ * heap/MarkedSpace.cpp:
+ (JSC::MarkedSpace::initializeSizeClassForStepSize):
+ (JSC::MarkedSpace::MarkedSpace):
+ (JSC::MarkedSpace::~MarkedSpace):
+ (JSC::MarkedSpace::lastChanceToFinalize):
+ (JSC::MarkedSpace::allocate):
+ (JSC::MarkedSpace::tryAllocate):
+ (JSC::MarkedSpace::allocateLarge):
+ (JSC::MarkedSpace::tryAllocateLarge):
+ (JSC::MarkedSpace::sweep):
+ (JSC::MarkedSpace::sweepLargeAllocations):
+ (JSC::MarkedSpace::zombifySweep):
+ (JSC::MarkedSpace::resetAllocators):
+ (JSC::MarkedSpace::visitWeakSets):
+ (JSC::MarkedSpace::reapWeakSets):
+ (JSC::MarkedSpace::stopAllocating):
+ (JSC::MarkedSpace::prepareForMarking):
+ (JSC::MarkedSpace::resumeAllocating):
+ (JSC::MarkedSpace::isPagedOut):
+ (JSC::MarkedSpace::freeBlock):
+ (JSC::MarkedSpace::freeOrShrinkBlock):
+ (JSC::MarkedSpace::shrink):
+ (JSC::MarkedSpace::clearNewlyAllocated):
+ (JSC::VerifyMarked::operator()):
+ (JSC::MarkedSpace::flip):
+ (JSC::MarkedSpace::objectCount):
+ (JSC::MarkedSpace::size):
+ (JSC::MarkedSpace::capacity):
+ (JSC::MarkedSpace::addActiveWeakSet):
+ (JSC::MarkedSpace::didAddBlock):
+ (JSC::MarkedSpace::didAllocateInBlock):
+ (JSC::MarkedSpace::forEachAllocator): Deleted.
+ (JSC::VerifyMarkedOrRetired::operator()): Deleted.
+ (JSC::MarkedSpace::clearMarks): Deleted.
+ * heap/MarkedSpace.h:
+ (JSC::MarkedSpace::sizeClassToIndex):
+ (JSC::MarkedSpace::indexToSizeClass):
+ (JSC::MarkedSpace::version):
+ (JSC::MarkedSpace::blocksWithNewObjects):
+ (JSC::MarkedSpace::largeAllocations):
+ (JSC::MarkedSpace::largeAllocationsNurseryOffset):
+ (JSC::MarkedSpace::largeAllocationsOffsetForThisCollection):
+ (JSC::MarkedSpace::largeAllocationsForThisCollectionBegin):
+ (JSC::MarkedSpace::largeAllocationsForThisCollectionEnd):
+ (JSC::MarkedSpace::largeAllocationsForThisCollectionSize):
+ (JSC::MarkedSpace::forEachLiveCell):
+ (JSC::MarkedSpace::forEachDeadCell):
+ (JSC::MarkedSpace::allocatorFor):
+ (JSC::MarkedSpace::destructorAllocatorFor):
+ (JSC::MarkedSpace::auxiliaryAllocatorFor):
+ (JSC::MarkedSpace::allocateWithoutDestructor):
+ (JSC::MarkedSpace::allocateWithDestructor):
+ (JSC::MarkedSpace::allocateAuxiliary):
+ (JSC::MarkedSpace::tryAllocateAuxiliary):
+ (JSC::MarkedSpace::forEachBlock):
+ (JSC::MarkedSpace::forEachAllocator):
+ (JSC::MarkedSpace::optimalSizeFor):
+ (JSC::MarkedSpace::didAddBlock): Deleted.
+ (JSC::MarkedSpace::didAllocateInBlock): Deleted.
+ (JSC::MarkedSpace::objectCount): Deleted.
+ (JSC::MarkedSpace::size): Deleted.
+ (JSC::MarkedSpace::capacity): Deleted.
+ * heap/SlotVisitor.cpp:
+ (JSC::SlotVisitor::SlotVisitor):
+ (JSC::SlotVisitor::didStartMarking):
+ (JSC::SlotVisitor::reset):
+ (JSC::SlotVisitor::append):
+ (JSC::SlotVisitor::appendJSCellOrAuxiliary):
+ (JSC::SlotVisitor::setMarkedAndAppendToMarkStack):
+ (JSC::SlotVisitor::appendToMarkStack):
+ (JSC::SlotVisitor::markAuxiliary):
+ (JSC::SlotVisitor::noteLiveAuxiliaryCell):
+ (JSC::SlotVisitor::visitChildren):
+ * heap/SlotVisitor.h:
+ * heap/WeakBlock.cpp:
+ (JSC::WeakBlock::create):
+ (JSC::WeakBlock::WeakBlock):
+ (JSC::WeakBlock::visit):
+ (JSC::WeakBlock::reap):
+ * heap/WeakBlock.h:
+ (JSC::WeakBlock::disconnectContainer):
+ (JSC::WeakBlock::disconnectMarkedBlock): Deleted.
+ * heap/WeakSet.cpp:
+ (JSC::WeakSet::~WeakSet):
+ (JSC::WeakSet::sweep):
+ (JSC::WeakSet::shrink):
+ (JSC::WeakSet::addAllocator):
+ * heap/WeakSet.h:
+ (JSC::WeakSet::container):
+ (JSC::WeakSet::setContainer):
+ (JSC::WeakSet::WeakSet):
+ (JSC::WeakSet::visit):
+ (JSC::WeakSet::shrink): Deleted.
+ * heap/WeakSetInlines.h:
+ (JSC::WeakSet::allocate):
+ * inspector/InjectedScriptManager.cpp:
+ * inspector/JSGlobalObjectInspectorController.cpp:
+ * inspector/JSJavaScriptCallFrame.cpp:
+ * inspector/ScriptDebugServer.cpp:
+ * inspector/agents/InspectorDebuggerAgent.cpp:
+ * interpreter/CachedCall.h:
+ (JSC::CachedCall::CachedCall):
+ * interpreter/Interpreter.cpp:
+ (JSC::loadVarargs):
+ (JSC::StackFrame::sourceID): Deleted.
+ (JSC::StackFrame::sourceURL): Deleted.
+ (JSC::StackFrame::functionName): Deleted.
+ (JSC::StackFrame::computeLineAndColumn): Deleted.
+ (JSC::StackFrame::toString): Deleted.
+ * interpreter/Interpreter.h:
+ (JSC::StackFrame::isNative): Deleted.
+ * jit/AssemblyHelpers.h:
+ (JSC::AssemblyHelpers::emitAllocateWithNonNullAllocator):
+ (JSC::AssemblyHelpers::emitAllocate):
+ (JSC::AssemblyHelpers::emitAllocateJSCell):
+ (JSC::AssemblyHelpers::emitAllocateJSObject):
+ (JSC::AssemblyHelpers::emitAllocateJSObjectWithKnownSize):
+ (JSC::AssemblyHelpers::emitAllocateVariableSized):
+ * jit/GCAwareJITStubRoutine.cpp:
+ (JSC::GCAwareJITStubRoutine::GCAwareJITStubRoutine):
+ * jit/JIT.cpp:
+ (JSC::JIT::compileCTINativeCall):
+ (JSC::JIT::link):
+ * jit/JIT.h:
+ (JSC::JIT::compileCTINativeCall): Deleted.
+ * jit/JITExceptions.cpp:
+ (JSC::genericUnwind):
+ * jit/JITExceptions.h:
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_new_object):
+ (JSC::JIT::emitSlow_op_new_object):
+ (JSC::JIT::emit_op_create_this):
+ (JSC::JIT::emitSlow_op_create_this):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_new_object):
+ (JSC::JIT::emitSlow_op_new_object):
+ (JSC::JIT::emit_op_create_this):
+ (JSC::JIT::emitSlow_op_create_this):
+ * jit/JITOperations.cpp:
+ * jit/JITOperations.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emitWriteBarrier):
+ * jit/JITThunks.cpp:
+ * jit/JITThunks.h:
+ * jsc.cpp:
+ (functionDescribeArray):
+ (main):
+ * llint/LLIntData.cpp:
+ (JSC::LLInt::Data::performAssertions):
+ * llint/LLIntExceptions.cpp:
+ * llint/LLIntThunks.cpp:
+ * llint/LLIntThunks.h:
+ * llint/LowLevelInterpreter.asm:
+ * llint/LowLevelInterpreter.cpp:
+ * llint/LowLevelInterpreter32_64.asm:
+ * llint/LowLevelInterpreter64.asm:
+ * parser/ModuleAnalyzer.cpp:
+ * parser/NodeConstructors.h:
+ * parser/Nodes.h:
+ * profiler/ProfilerBytecode.cpp:
+ * profiler/ProfilerBytecode.h:
+ * profiler/ProfilerBytecodeSequence.cpp:
+ * runtime/ArrayConventions.h:
+ (JSC::indexingHeaderForArrayStorage):
+ (JSC::baseIndexingHeaderForArrayStorage):
+ (JSC::indexingHeaderForArray): Deleted.
+ (JSC::baseIndexingHeaderForArray): Deleted.
+ * runtime/ArrayPrototype.cpp:
+ (JSC::arrayProtoFuncSplice):
+ (JSC::concatAppendOne):
+ (JSC::arrayProtoPrivateFuncConcatMemcpy):
+ * runtime/ArrayStorage.h:
+ (JSC::ArrayStorage::vectorLength):
+ (JSC::ArrayStorage::totalSizeFor):
+ (JSC::ArrayStorage::totalSize):
+ (JSC::ArrayStorage::availableVectorLength):
+ (JSC::ArrayStorage::optimalVectorLength):
+ (JSC::ArrayStorage::sizeFor): Deleted.
+ * runtime/AuxiliaryBarrier.h: Added.
+ (JSC::AuxiliaryBarrier::AuxiliaryBarrier):
+ (JSC::AuxiliaryBarrier::clear):
+ (JSC::AuxiliaryBarrier::get):
+ (JSC::AuxiliaryBarrier::slot):
+ (JSC::AuxiliaryBarrier::operator bool):
+ (JSC::AuxiliaryBarrier::setWithoutBarrier):
+ * runtime/AuxiliaryBarrierInlines.h: Added.
+ (JSC::AuxiliaryBarrier<T>::AuxiliaryBarrier):
+ (JSC::AuxiliaryBarrier<T>::set):
+ * runtime/Butterfly.h:
+ * runtime/ButterflyInlines.h:
+ (JSC::Butterfly::availableContiguousVectorLength):
+ (JSC::Butterfly::optimalContiguousVectorLength):
+ (JSC::Butterfly::createUninitialized):
+ (JSC::Butterfly::growArrayRight):
+ * runtime/ClonedArguments.cpp:
+ (JSC::ClonedArguments::createEmpty):
+ * runtime/CommonSlowPathsExceptions.cpp:
+ * runtime/CommonSlowPathsExceptions.h:
+ * runtime/DataView.cpp:
+ * runtime/DirectArguments.h:
+ * runtime/ECMAScriptSpecInternalFunctions.cpp:
+ * runtime/Error.cpp:
+ * runtime/Error.h:
+ * runtime/ErrorInstance.cpp:
+ * runtime/ErrorInstance.h:
+ * runtime/Exception.cpp:
+ * runtime/Exception.h:
+ * runtime/GeneratorFrame.cpp:
+ * runtime/GeneratorPrototype.cpp:
+ * runtime/InternalFunction.cpp:
+ (JSC::InternalFunction::InternalFunction):
+ * runtime/IntlCollator.cpp:
+ * runtime/IntlCollatorConstructor.cpp:
+ * runtime/IntlCollatorPrototype.cpp:
+ * runtime/IntlDateTimeFormat.cpp:
+ * runtime/IntlDateTimeFormatConstructor.cpp:
+ * runtime/IntlDateTimeFormatPrototype.cpp:
+ * runtime/IntlNumberFormat.cpp:
+ * runtime/IntlNumberFormatConstructor.cpp:
+ * runtime/IntlNumberFormatPrototype.cpp:
+ * runtime/IntlObject.cpp:
+ * runtime/IteratorPrototype.cpp:
+ * runtime/JSArray.cpp:
+ (JSC::JSArray::tryCreateUninitialized):
+ (JSC::JSArray::setLengthWritable):
+ (JSC::JSArray::unshiftCountSlowCase):
+ (JSC::JSArray::setLengthWithArrayStorage):
+ (JSC::JSArray::appendMemcpy):
+ (JSC::JSArray::setLength):
+ (JSC::JSArray::pop):
+ (JSC::JSArray::push):
+ (JSC::JSArray::fastSlice):
+ (JSC::JSArray::shiftCountWithArrayStorage):
+ (JSC::JSArray::shiftCountWithAnyIndexingType):
+ (JSC::JSArray::unshiftCountWithArrayStorage):
+ (JSC::JSArray::fillArgList):
+ (JSC::JSArray::copyToArguments):
+ * runtime/JSArray.h:
+ (JSC::createContiguousArrayButterfly):
+ (JSC::createArrayButterfly):
+ (JSC::JSArray::create):
+ (JSC::JSArray::tryCreateUninitialized): Deleted.
+ * runtime/JSArrayBufferView.h:
+ * runtime/JSCInlines.h:
+ * runtime/JSCJSValue.cpp:
+ (JSC::JSValue::dumpInContextAssumingStructure):
+ * runtime/JSCallee.cpp:
+ (JSC::JSCallee::JSCallee):
+ * runtime/JSCell.cpp:
+ (JSC::JSCell::estimatedSize):
+ * runtime/JSCell.h:
+ (JSC::JSCell::cellStateOffset): Deleted.
+ * runtime/JSCellInlines.h:
+ (JSC::ExecState::vm):
+ (JSC::JSCell::classInfo):
+ (JSC::JSCell::callDestructor):
+ (JSC::JSCell::vm): Deleted.
+ * runtime/JSFunction.cpp:
+ (JSC::JSFunction::create):
+ (JSC::JSFunction::allocateAndInitializeRareData):
+ (JSC::JSFunction::initializeRareData):
+ (JSC::JSFunction::getOwnPropertySlot):
+ (JSC::JSFunction::put):
+ (JSC::JSFunction::deleteProperty):
+ (JSC::JSFunction::defineOwnProperty):
+ (JSC::JSFunction::setFunctionName):
+ (JSC::JSFunction::reifyLength):
+ (JSC::JSFunction::reifyName):
+ (JSC::JSFunction::reifyLazyPropertyIfNeeded):
+ (JSC::JSFunction::reifyBoundNameIfNeeded):
+ * runtime/JSFunction.h:
+ * runtime/JSFunctionInlines.h:
+ (JSC::JSFunction::createWithInvalidatedReallocationWatchpoint):
+ (JSC::JSFunction::JSFunction):
+ * runtime/JSGenericTypedArrayViewInlines.h:
+ (JSC::JSGenericTypedArrayView<Adaptor>::slowDownAndWasteMemory):
+ * runtime/JSInternalPromise.cpp:
+ * runtime/JSInternalPromiseConstructor.cpp:
+ * runtime/JSInternalPromiseDeferred.cpp:
+ * runtime/JSInternalPromisePrototype.cpp:
+ * runtime/JSJob.cpp:
+ * runtime/JSMapIterator.cpp:
+ * runtime/JSModuleNamespaceObject.cpp:
+ * runtime/JSModuleRecord.cpp:
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::visitButterfly):
+ (JSC::JSObject::notifyPresenceOfIndexedAccessors):
+ (JSC::JSObject::createInitialIndexedStorage):
+ (JSC::JSObject::createInitialUndecided):
+ (JSC::JSObject::createInitialInt32):
+ (JSC::JSObject::createInitialDouble):
+ (JSC::JSObject::createInitialContiguous):
+ (JSC::JSObject::createArrayStorage):
+ (JSC::JSObject::createInitialArrayStorage):
+ (JSC::JSObject::convertUndecidedToInt32):
+ (JSC::JSObject::convertUndecidedToContiguous):
+ (JSC::JSObject::convertUndecidedToArrayStorage):
+ (JSC::JSObject::convertInt32ToDouble):
+ (JSC::JSObject::convertInt32ToArrayStorage):
+ (JSC::JSObject::convertDoubleToArrayStorage):
+ (JSC::JSObject::convertContiguousToArrayStorage):
+ (JSC::JSObject::putByIndexBeyondVectorLength):
+ (JSC::JSObject::putDirectIndexBeyondVectorLength):
+ (JSC::JSObject::getNewVectorLength):
+ (JSC::JSObject::increaseVectorLength):
+ (JSC::JSObject::ensureLengthSlow):
+ (JSC::JSObject::growOutOfLineStorage):
+ (JSC::JSObject::copyButterfly): Deleted.
+ (JSC::JSObject::copyBackingStore): Deleted.
+ * runtime/JSObject.h:
+ (JSC::JSObject::globalObject):
+ (JSC::JSObject::putDirectInternal):
+ (JSC::JSObject::setStructureAndReallocateStorageIfNecessary): Deleted.
+ * runtime/JSObjectInlines.h:
+ * runtime/JSPromise.cpp:
+ * runtime/JSPromiseConstructor.cpp:
+ * runtime/JSPromiseDeferred.cpp:
+ * runtime/JSPromisePrototype.cpp:
+ * runtime/JSPropertyNameIterator.cpp:
+ * runtime/JSScope.cpp:
+ (JSC::JSScope::resolve):
+ * runtime/JSScope.h:
+ (JSC::JSScope::globalObject):
+ (JSC::JSScope::vm): Deleted.
+ * runtime/JSSetIterator.cpp:
+ * runtime/JSStringIterator.cpp:
+ * runtime/JSTemplateRegistryKey.cpp:
+ * runtime/JSTypedArrayViewConstructor.cpp:
+ * runtime/JSTypedArrayViewPrototype.cpp:
+ * runtime/JSWeakMap.cpp:
+ * runtime/JSWeakSet.cpp:
+ * runtime/MapConstructor.cpp:
+ * runtime/MapIteratorPrototype.cpp:
+ * runtime/MapPrototype.cpp:
+ * runtime/NativeErrorConstructor.cpp:
+ * runtime/NativeStdFunctionCell.cpp:
+ * runtime/Operations.h:
+ (JSC::scribbleFreeCells):
+ (JSC::scribble):
+ * runtime/Options.h:
+ * runtime/PropertyTable.cpp:
+ * runtime/ProxyConstructor.cpp:
+ * runtime/ProxyObject.cpp:
+ * runtime/ProxyRevoke.cpp:
+ * runtime/RegExp.cpp:
+ (JSC::RegExp::match):
+ (JSC::RegExp::matchConcurrently):
+ (JSC::RegExp::matchCompareWithInterpreter):
+ * runtime/RegExp.h:
+ * runtime/RegExpConstructor.h:
+ * runtime/RegExpInlines.h:
+ (JSC::RegExp::matchInline):
+ * runtime/RegExpMatchesArray.h:
+ (JSC::tryCreateUninitializedRegExpMatchesArray):
+ (JSC::createRegExpMatchesArray):
+ * runtime/RegExpPrototype.cpp:
+ (JSC::genericSplit):
+ * runtime/RuntimeType.cpp:
+ * runtime/SamplingProfiler.cpp:
+ (JSC::SamplingProfiler::processUnverifiedStackTraces):
+ * runtime/SetConstructor.cpp:
+ * runtime/SetIteratorPrototype.cpp:
+ * runtime/SetPrototype.cpp:
+ * runtime/StackFrame.cpp: Added.
+ (JSC::StackFrame::sourceID):
+ (JSC::StackFrame::sourceURL):
+ (JSC::StackFrame::functionName):
+ (JSC::StackFrame::computeLineAndColumn):
+ (JSC::StackFrame::toString):
+ * runtime/StackFrame.h: Added.
+ (JSC::StackFrame::isNative):
+ * runtime/StringConstructor.cpp:
+ * runtime/StringIteratorPrototype.cpp:
+ * runtime/StructureInlines.h:
+ (JSC::Structure::propertyTable):
+ * runtime/TemplateRegistry.cpp:
+ * runtime/TestRunnerUtils.cpp:
+ (JSC::finalizeStatsAtEndOfTesting):
+ * runtime/TestRunnerUtils.h:
+ * runtime/TypeProfilerLog.cpp:
+ * runtime/TypeSet.cpp:
+ * runtime/VM.cpp:
+ (JSC::VM::VM):
+ (JSC::VM::ensureStackCapacityForCLoop):
+ (JSC::VM::isSafeToRecurseSoftCLoop):
+ * runtime/VM.h:
+ * runtime/VMEntryScope.h:
+ * runtime/VMInlines.h:
+ (JSC::VM::ensureStackCapacityFor):
+ (JSC::VM::isSafeToRecurseSoft):
+ * runtime/WeakMapConstructor.cpp:
+ * runtime/WeakMapData.cpp:
+ * runtime/WeakMapPrototype.cpp:
+ * runtime/WeakSetConstructor.cpp:
+ * runtime/WeakSetPrototype.cpp:
+ * testRegExp.cpp:
+ (testOneRegExp):
+ * tools/JSDollarVM.cpp:
+ * tools/JSDollarVMPrototype.cpp:
+ (JSC::JSDollarVMPrototype::isInObjectSpace):
+
</ins><span class="cx"> 2016-09-03 Joseph Pecoraro <pecoraro@apple.com>
</span><span class="cx">
</span><span class="cx"> Use ASCIILiteral in some more places
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -88,6 +88,11 @@
</span><span class="cx"> 0F04396D1B03DC0B009598B7 /* DFGCombinedLiveness.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F04396B1B03DC0B009598B7 /* DFGCombinedLiveness.cpp */; };
</span><span class="cx"> 0F04396E1B03DC0B009598B7 /* DFGCombinedLiveness.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F04396C1B03DC0B009598B7 /* DFGCombinedLiveness.h */; };
</span><span class="cx"> 0F05C3B41683CF9200BAF45B /* DFGArrayifySlowPathGenerator.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F05C3B21683CF8F00BAF45B /* DFGArrayifySlowPathGenerator.h */; };
</span><ins>+ 0F070A471D543A8B006E7232 /* CellContainer.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F070A421D543A89006E7232 /* CellContainer.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0F070A481D543A90006E7232 /* CellContainerInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F070A431D543A89006E7232 /* CellContainerInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0F070A491D543A93006E7232 /* HeapCellInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F070A441D543A89006E7232 /* HeapCellInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0F070A4A1D543A95006E7232 /* LargeAllocation.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F070A451D543A89006E7232 /* LargeAllocation.cpp */; };
+ 0F070A4B1D543A98006E7232 /* LargeAllocation.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F070A461D543A89006E7232 /* LargeAllocation.h */; settings = {ATTRIBUTES = (Private, ); }; };
</ins><span class="cx"> 0F0776BF14FF002B00102332 /* JITCompilationEffort.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F0776BD14FF002800102332 /* JITCompilationEffort.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F0A75221B94BFA900110660 /* InferredType.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F0A75201B94BFA900110660 /* InferredType.cpp */; };
</span><span class="cx"> 0F0A75231B94BFA900110660 /* InferredType.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F0A75211B94BFA900110660 /* InferredType.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="lines">@@ -323,6 +328,8 @@
</span><span class="cx"> 0F38B01817CFE75500B144D3 /* DFGCompilationKey.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F38B01417CFE75500B144D3 /* DFGCompilationKey.h */; };
</span><span class="cx"> 0F38B01917CFE75500B144D3 /* DFGCompilationMode.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F38B01517CFE75500B144D3 /* DFGCompilationMode.cpp */; };
</span><span class="cx"> 0F38B01A17CFE75500B144D3 /* DFGCompilationMode.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F38B01617CFE75500B144D3 /* DFGCompilationMode.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><ins>+ 0F38D2A21D44196800680499 /* AuxiliaryBarrier.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F38D2A01D44196600680499 /* AuxiliaryBarrier.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0F38D2A31D44196D00680499 /* AuxiliaryBarrierInlines.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F38D2A11D44196600680499 /* AuxiliaryBarrierInlines.h */; settings = {ATTRIBUTES = (Private, ); }; };
</ins><span class="cx"> 0F392C891B46188400844728 /* DFGOSRExitFuzz.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F392C871B46188400844728 /* DFGOSRExitFuzz.cpp */; };
</span><span class="cx"> 0F392C8A1B46188400844728 /* DFGOSRExitFuzz.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F392C881B46188400844728 /* DFGOSRExitFuzz.h */; };
</span><span class="cx"> 0F3A1BF91A9ECB7D000DE01A /* DFGPutStackSinkingPhase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F3A1BF71A9ECB7D000DE01A /* DFGPutStackSinkingPhase.cpp */; };
</span><span class="lines">@@ -364,9 +371,9 @@
</span><span class="cx"> 0F4680CA14BBB16C00BFE272 /* LLIntCommon.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4680C514BBB16900BFE272 /* LLIntCommon.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F4680CB14BBB17200BFE272 /* LLIntOfflineAsmConfig.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4680C614BBB16900BFE272 /* LLIntOfflineAsmConfig.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F4680CC14BBB17A00BFE272 /* LowLevelInterpreter.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F4680C714BBB16900BFE272 /* LowLevelInterpreter.cpp */; };
</span><del>- 0F4680CD14BBB17D00BFE272 /* LowLevelInterpreter.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4680C814BBB16900BFE272 /* LowLevelInterpreter.h */; settings = {ATTRIBUTES = (Private, ); }; };
</del><ins>+ 0F4680CD14BBB17D00BFE272 /* LowLevelInterpreter.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4680C814BBB16900BFE272 /* LowLevelInterpreter.h */; };
</ins><span class="cx"> 0F4680D214BBD16500BFE272 /* LLIntData.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F4680CE14BBB3D100BFE272 /* LLIntData.cpp */; };
</span><del>- 0F4680D314BBD16700BFE272 /* LLIntData.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4680CF14BBB3D100BFE272 /* LLIntData.h */; settings = {ATTRIBUTES = (Private, ); }; };
</del><ins>+ 0F4680D314BBD16700BFE272 /* LLIntData.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4680CF14BBB3D100BFE272 /* LLIntData.h */; };
</ins><span class="cx"> 0F4680D414BBD24900BFE272 /* HostCallReturnValue.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F4680D014BBC5F800BFE272 /* HostCallReturnValue.cpp */; };
</span><span class="cx"> 0F4680D514BBD24B00BFE272 /* HostCallReturnValue.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4680D114BBC5F800BFE272 /* HostCallReturnValue.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F485321187750560083B687 /* DFGArithMode.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F48531F187750560083B687 /* DFGArithMode.cpp */; };
</span><span class="lines">@@ -386,6 +393,8 @@
</span><span class="cx"> 0F4F29DF18B6AD1C0057BC15 /* DFGStaticExecutionCountEstimationPhase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F4F29DD18B6AD1C0057BC15 /* DFGStaticExecutionCountEstimationPhase.cpp */; };
</span><span class="cx"> 0F4F29E018B6AD1C0057BC15 /* DFGStaticExecutionCountEstimationPhase.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F4F29DE18B6AD1C0057BC15 /* DFGStaticExecutionCountEstimationPhase.h */; };
</span><span class="cx"> 0F50AF3C193E8B3900674EE8 /* DFGStructureClobberState.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F50AF3B193E8B3900674EE8 /* DFGStructureClobberState.h */; };
</span><ins>+ 0F5513A61D5A682C00C32BD8 /* FreeList.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5513A51D5A682A00C32BD8 /* FreeList.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0F5513A81D5A68CD00C32BD8 /* FreeList.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F5513A71D5A68CB00C32BD8 /* FreeList.cpp */; };
</ins><span class="cx"> 0F5541B11613C1FB00CE3E25 /* SpecialPointer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F5541AF1613C1FB00CE3E25 /* SpecialPointer.cpp */; };
</span><span class="cx"> 0F5541B21613C1FB00CE3E25 /* SpecialPointer.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5541B01613C1FB00CE3E25 /* SpecialPointer.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F55989817C86C5800A1E543 /* ToNativeFromValue.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F55989717C86C5600A1E543 /* ToNativeFromValue.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="lines">@@ -458,6 +467,9 @@
</span><span class="cx"> 0F6B8AE51C4EFE1700969052 /* B3FixSSA.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F6B8AE11C4EFE1700969052 /* B3FixSSA.h */; };
</span><span class="cx"> 0F6C73501AC9F99F00BE1682 /* VariableWriteFireDetail.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F6C734E1AC9F99F00BE1682 /* VariableWriteFireDetail.cpp */; };
</span><span class="cx"> 0F6C73511AC9F99F00BE1682 /* VariableWriteFireDetail.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F6C734F1AC9F99F00BE1682 /* VariableWriteFireDetail.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><ins>+ 0F6DB7E91D6124B500CDBF8E /* StackFrame.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F6DB7E81D6124B200CDBF8E /* StackFrame.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 0F6DB7EA1D6124B800CDBF8E /* StackFrame.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F6DB7E71D6124B200CDBF8E /* StackFrame.cpp */; };
+ 0F6DB7EC1D617D1100CDBF8E /* MacroAssemblerCodeRef.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F6DB7EB1D617D0F00CDBF8E /* MacroAssemblerCodeRef.cpp */; };
</ins><span class="cx"> 0F6E845A19030BEF00562741 /* DFGVariableAccessData.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F6E845919030BEF00562741 /* DFGVariableAccessData.cpp */; };
</span><span class="cx"> 0F6FC750196110A800E1D02D /* ComplexGetStatus.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F6FC74E196110A800E1D02D /* ComplexGetStatus.cpp */; };
</span><span class="cx"> 0F6FC751196110A800E1D02D /* ComplexGetStatus.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F6FC74F196110A800E1D02D /* ComplexGetStatus.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="lines">@@ -493,6 +505,8 @@
</span><span class="cx"> 0F8335B71639C1E6001443B5 /* ArrayAllocationProfile.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F8335B41639C1E3001443B5 /* ArrayAllocationProfile.cpp */; };
</span><span class="cx"> 0F8335B81639C1EA001443B5 /* ArrayAllocationProfile.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F8335B51639C1E3001443B5 /* ArrayAllocationProfile.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F8364B7164B0C110053329A /* DFGBranchDirection.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F8364B5164B0C0E0053329A /* DFGBranchDirection.h */; };
</span><ins>+ 0F86A26D1D6F796500CB0C92 /* HeapOperation.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F86A26C1D6F796200CB0C92 /* HeapOperation.cpp */; };
+ 0F86A26F1D6F7B3300CB0C92 /* GCTypeMap.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F86A26E1D6F7B3100CB0C92 /* GCTypeMap.h */; };
</ins><span class="cx"> 0F86AE201C5311C5006BE8EC /* B3ComputeDivisionMagic.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F86AE1F1C5311C5006BE8EC /* B3ComputeDivisionMagic.h */; };
</span><span class="cx"> 0F885E111849A3BE00F1E3FA /* BytecodeUseDef.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F885E101849A3BE00F1E3FA /* BytecodeUseDef.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0F893BDB1936E23C001211F4 /* DFGStructureAbstractValue.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F893BDA1936E23C001211F4 /* DFGStructureAbstractValue.cpp */; };
</span><span class="lines">@@ -573,6 +587,7 @@
</span><span class="cx"> 0FA7A8EB18B413C80052371D /* Reg.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FA7A8E918B413C80052371D /* Reg.cpp */; };
</span><span class="cx"> 0FA7A8EC18B413C80052371D /* Reg.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FA7A8EA18B413C80052371D /* Reg.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0FA7A8EE18CE4FD80052371D /* ScratchRegisterAllocator.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FA7A8ED18CE4FD80052371D /* ScratchRegisterAllocator.cpp */; };
</span><ins>+ 0FADE6731D4D23BE00768457 /* HeapUtil.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FADE6721D4D23BC00768457 /* HeapUtil.h */; };
</ins><span class="cx"> 0FAF7EFD165BA91B000C8455 /* JITDisassembler.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FAF7EFA165BA919000C8455 /* JITDisassembler.cpp */; };
</span><span class="cx"> 0FAF7EFE165BA91F000C8455 /* JITDisassembler.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FAF7EFB165BA919000C8455 /* JITDisassembler.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0FB105851675480F00F8AB6E /* ExitKind.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FB105821675480C00F8AB6E /* ExitKind.cpp */; };
</span><span class="lines">@@ -593,6 +608,7 @@
</span><span class="cx"> 0FB3878F1BFBC44D00E3AB1E /* AirOptimizeBlockOrder.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FB3878C1BFBC44D00E3AB1E /* AirOptimizeBlockOrder.cpp */; };
</span><span class="cx"> 0FB387901BFBC44D00E3AB1E /* AirOptimizeBlockOrder.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FB3878D1BFBC44D00E3AB1E /* AirOptimizeBlockOrder.h */; };
</span><span class="cx"> 0FB387921BFD31A100E3AB1E /* FTLCompile.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FB387911BFD31A100E3AB1E /* FTLCompile.cpp */; };
</span><ins>+ 0FB415841D78FB4C00DF8D09 /* ArrayConventions.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FB415831D78F98200DF8D09 /* ArrayConventions.cpp */; };
</ins><span class="cx"> 0FB438A319270B1D00E1FBC9 /* StructureSet.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FB438A219270B1D00E1FBC9 /* StructureSet.cpp */; };
</span><span class="cx"> 0FB4FB731BC843140025CA5A /* FTLLazySlowPath.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FB4FB701BC843140025CA5A /* FTLLazySlowPath.cpp */; };
</span><span class="cx"> 0FB4FB741BC843140025CA5A /* FTLLazySlowPath.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FB4FB711BC843140025CA5A /* FTLLazySlowPath.h */; };
</span><span class="lines">@@ -989,7 +1005,7 @@
</span><span class="cx"> 14280865107EC11A0013E7B2 /* BooleanPrototype.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BC7952340E15EB5600A898AB /* BooleanPrototype.cpp */; };
</span><span class="cx"> 14280870107EC1340013E7B2 /* JSWrapperObject.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 65C7A1710A8EAACB00FA37EA /* JSWrapperObject.cpp */; };
</span><span class="cx"> 14280875107EC13E0013E7B2 /* JSLock.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 65EA4C99092AF9E20093D800 /* JSLock.cpp */; };
</span><del>- 1429D77C0ED20D7300B89619 /* Interpreter.h in Headers */ = {isa = PBXBuildFile; fileRef = 1429D77B0ED20D7300B89619 /* Interpreter.h */; settings = {ATTRIBUTES = (Private, ); }; };
</del><ins>+ 1429D77C0ED20D7300B89619 /* Interpreter.h in Headers */ = {isa = PBXBuildFile; fileRef = 1429D77B0ED20D7300B89619 /* Interpreter.h */; };
</ins><span class="cx"> 1429D7D40ED2128200B89619 /* Interpreter.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1429D7D30ED2128200B89619 /* Interpreter.cpp */; };
</span><span class="cx"> 1429D8780ED21ACD00B89619 /* ExceptionHelpers.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1429D8770ED21ACD00B89619 /* ExceptionHelpers.cpp */; };
</span><span class="cx"> 1429D8DD0ED2205B00B89619 /* CallFrame.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1429D8DB0ED2205B00B89619 /* CallFrame.cpp */; };
</span><span class="lines">@@ -1447,7 +1463,7 @@
</span><span class="cx"> 969A07980ED1D3AE00F1F681 /* EvalCodeCache.h in Headers */ = {isa = PBXBuildFile; fileRef = 969A07920ED1D3AE00F1F681 /* EvalCodeCache.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 969A07990ED1D3AE00F1F681 /* Instruction.h in Headers */ = {isa = PBXBuildFile; fileRef = 969A07930ED1D3AE00F1F681 /* Instruction.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 969A079A0ED1D3AE00F1F681 /* Opcode.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 969A07940ED1D3AE00F1F681 /* Opcode.cpp */; };
</span><del>- 969A079B0ED1D3AE00F1F681 /* Opcode.h in Headers */ = {isa = PBXBuildFile; fileRef = 969A07950ED1D3AE00F1F681 /* Opcode.h */; settings = {ATTRIBUTES = (Private, ); }; };
</del><ins>+ 969A079B0ED1D3AE00F1F681 /* Opcode.h in Headers */ = {isa = PBXBuildFile; fileRef = 969A07950ED1D3AE00F1F681 /* Opcode.h */; };
</ins><span class="cx"> 978801401471AD920041B016 /* JSDateMath.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 9788FC221471AD0C0068CE2D /* JSDateMath.cpp */; };
</span><span class="cx"> 978801411471AD920041B016 /* JSDateMath.h in Headers */ = {isa = PBXBuildFile; fileRef = 9788FC231471AD0C0068CE2D /* JSDateMath.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 990DA67F1C8E316A00295159 /* generate_objc_protocol_type_conversions_implementation.py in Headers */ = {isa = PBXBuildFile; fileRef = 990DA67E1C8E311D00295159 /* generate_objc_protocol_type_conversions_implementation.py */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="lines">@@ -2311,6 +2327,11 @@
</span><span class="cx"> 0F04396B1B03DC0B009598B7 /* DFGCombinedLiveness.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGCombinedLiveness.cpp; path = dfg/DFGCombinedLiveness.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0F04396C1B03DC0B009598B7 /* DFGCombinedLiveness.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGCombinedLiveness.h; path = dfg/DFGCombinedLiveness.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F05C3B21683CF8F00BAF45B /* DFGArrayifySlowPathGenerator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGArrayifySlowPathGenerator.h; path = dfg/DFGArrayifySlowPathGenerator.h; sourceTree = "<group>"; };
</span><ins>+ 0F070A421D543A89006E7232 /* CellContainer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CellContainer.h; sourceTree = "<group>"; };
+ 0F070A431D543A89006E7232 /* CellContainerInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CellContainerInlines.h; sourceTree = "<group>"; };
+ 0F070A441D543A89006E7232 /* HeapCellInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = HeapCellInlines.h; sourceTree = "<group>"; };
+ 0F070A451D543A89006E7232 /* LargeAllocation.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = LargeAllocation.cpp; sourceTree = "<group>"; };
+ 0F070A461D543A89006E7232 /* LargeAllocation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LargeAllocation.h; sourceTree = "<group>"; };
</ins><span class="cx"> 0F0776BD14FF002800102332 /* JITCompilationEffort.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JITCompilationEffort.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F0A75201B94BFA900110660 /* InferredType.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = InferredType.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0F0A75211B94BFA900110660 /* InferredType.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = InferredType.h; sourceTree = "<group>"; };
</span><span class="lines">@@ -2545,6 +2566,8 @@
</span><span class="cx"> 0F38B01417CFE75500B144D3 /* DFGCompilationKey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGCompilationKey.h; path = dfg/DFGCompilationKey.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F38B01517CFE75500B144D3 /* DFGCompilationMode.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGCompilationMode.cpp; path = dfg/DFGCompilationMode.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0F38B01617CFE75500B144D3 /* DFGCompilationMode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGCompilationMode.h; path = dfg/DFGCompilationMode.h; sourceTree = "<group>"; };
</span><ins>+ 0F38D2A01D44196600680499 /* AuxiliaryBarrier.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AuxiliaryBarrier.h; sourceTree = "<group>"; };
+ 0F38D2A11D44196600680499 /* AuxiliaryBarrierInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AuxiliaryBarrierInlines.h; sourceTree = "<group>"; };
</ins><span class="cx"> 0F392C871B46188400844728 /* DFGOSRExitFuzz.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGOSRExitFuzz.cpp; path = dfg/DFGOSRExitFuzz.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0F392C881B46188400844728 /* DFGOSRExitFuzz.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGOSRExitFuzz.h; path = dfg/DFGOSRExitFuzz.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F3A1BF71A9ECB7D000DE01A /* DFGPutStackSinkingPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGPutStackSinkingPhase.cpp; path = dfg/DFGPutStackSinkingPhase.cpp; sourceTree = "<group>"; };
</span><span class="lines">@@ -2606,6 +2629,8 @@
</span><span class="cx"> 0F4F29DD18B6AD1C0057BC15 /* DFGStaticExecutionCountEstimationPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGStaticExecutionCountEstimationPhase.cpp; path = dfg/DFGStaticExecutionCountEstimationPhase.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0F4F29DE18B6AD1C0057BC15 /* DFGStaticExecutionCountEstimationPhase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGStaticExecutionCountEstimationPhase.h; path = dfg/DFGStaticExecutionCountEstimationPhase.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F50AF3B193E8B3900674EE8 /* DFGStructureClobberState.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGStructureClobberState.h; path = dfg/DFGStructureClobberState.h; sourceTree = "<group>"; };
</span><ins>+ 0F5513A51D5A682A00C32BD8 /* FreeList.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = FreeList.h; sourceTree = "<group>"; };
+ 0F5513A71D5A68CB00C32BD8 /* FreeList.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FreeList.cpp; sourceTree = "<group>"; };
</ins><span class="cx"> 0F5541AF1613C1FB00CE3E25 /* SpecialPointer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SpecialPointer.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0F5541B01613C1FB00CE3E25 /* SpecialPointer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SpecialPointer.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F55989717C86C5600A1E543 /* ToNativeFromValue.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ToNativeFromValue.h; sourceTree = "<group>"; };
</span><span class="lines">@@ -2680,6 +2705,9 @@
</span><span class="cx"> 0F6B8AE11C4EFE1700969052 /* B3FixSSA.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = B3FixSSA.h; path = b3/B3FixSSA.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F6C734E1AC9F99F00BE1682 /* VariableWriteFireDetail.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = VariableWriteFireDetail.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0F6C734F1AC9F99F00BE1682 /* VariableWriteFireDetail.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = VariableWriteFireDetail.h; sourceTree = "<group>"; };
</span><ins>+ 0F6DB7E71D6124B200CDBF8E /* StackFrame.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = StackFrame.cpp; sourceTree = "<group>"; };
+ 0F6DB7E81D6124B200CDBF8E /* StackFrame.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StackFrame.h; sourceTree = "<group>"; };
+ 0F6DB7EB1D617D0F00CDBF8E /* MacroAssemblerCodeRef.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MacroAssemblerCodeRef.cpp; sourceTree = "<group>"; };
</ins><span class="cx"> 0F6E845919030BEF00562741 /* DFGVariableAccessData.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGVariableAccessData.cpp; path = dfg/DFGVariableAccessData.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0F6FC74E196110A800E1D02D /* ComplexGetStatus.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ComplexGetStatus.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0F6FC74F196110A800E1D02D /* ComplexGetStatus.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ComplexGetStatus.h; sourceTree = "<group>"; };
</span><span class="lines">@@ -2713,6 +2741,8 @@
</span><span class="cx"> 0F8335B41639C1E3001443B5 /* ArrayAllocationProfile.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ArrayAllocationProfile.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0F8335B51639C1E3001443B5 /* ArrayAllocationProfile.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ArrayAllocationProfile.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F8364B5164B0C0E0053329A /* DFGBranchDirection.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGBranchDirection.h; path = dfg/DFGBranchDirection.h; sourceTree = "<group>"; };
</span><ins>+ 0F86A26C1D6F796200CB0C92 /* HeapOperation.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = HeapOperation.cpp; sourceTree = "<group>"; };
+ 0F86A26E1D6F7B3100CB0C92 /* GCTypeMap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GCTypeMap.h; sourceTree = "<group>"; };
</ins><span class="cx"> 0F86AE1F1C5311C5006BE8EC /* B3ComputeDivisionMagic.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = B3ComputeDivisionMagic.h; path = b3/B3ComputeDivisionMagic.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F885E101849A3BE00F1E3FA /* BytecodeUseDef.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BytecodeUseDef.h; sourceTree = "<group>"; };
</span><span class="cx"> 0F893BDA1936E23C001211F4 /* DFGStructureAbstractValue.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGStructureAbstractValue.cpp; path = dfg/DFGStructureAbstractValue.cpp; sourceTree = "<group>"; };
</span><span class="lines">@@ -2792,6 +2822,7 @@
</span><span class="cx"> 0FA7A8E918B413C80052371D /* Reg.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Reg.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0FA7A8EA18B413C80052371D /* Reg.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Reg.h; sourceTree = "<group>"; };
</span><span class="cx"> 0FA7A8ED18CE4FD80052371D /* ScratchRegisterAllocator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ScratchRegisterAllocator.cpp; sourceTree = "<group>"; };
</span><ins>+ 0FADE6721D4D23BC00768457 /* HeapUtil.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = HeapUtil.h; sourceTree = "<group>"; };
</ins><span class="cx"> 0FAF7EFA165BA919000C8455 /* JITDisassembler.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JITDisassembler.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0FAF7EFB165BA919000C8455 /* JITDisassembler.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JITDisassembler.h; sourceTree = "<group>"; };
</span><span class="cx"> 0FB105821675480C00F8AB6E /* ExitKind.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ExitKind.cpp; sourceTree = "<group>"; };
</span><span class="lines">@@ -2812,6 +2843,7 @@
</span><span class="cx"> 0FB3878C1BFBC44D00E3AB1E /* AirOptimizeBlockOrder.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = AirOptimizeBlockOrder.cpp; path = b3/air/AirOptimizeBlockOrder.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0FB3878D1BFBC44D00E3AB1E /* AirOptimizeBlockOrder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AirOptimizeBlockOrder.h; path = b3/air/AirOptimizeBlockOrder.h; sourceTree = "<group>"; };
</span><span class="cx"> 0FB387911BFD31A100E3AB1E /* FTLCompile.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLCompile.cpp; path = ftl/FTLCompile.cpp; sourceTree = "<group>"; };
</span><ins>+ 0FB415831D78F98200DF8D09 /* ArrayConventions.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ArrayConventions.cpp; sourceTree = "<group>"; };
</ins><span class="cx"> 0FB438A219270B1D00E1FBC9 /* StructureSet.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = StructureSet.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0FB4B51016B3A964003F696B /* DFGMinifiedID.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGMinifiedID.h; path = dfg/DFGMinifiedID.h; sourceTree = "<group>"; };
</span><span class="cx"> 0FB4B51916B62772003F696B /* DFGAllocator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGAllocator.h; path = dfg/DFGAllocator.h; sourceTree = "<group>"; };
</span><span class="lines">@@ -5233,6 +5265,8 @@
</span><span class="cx"> children = (
</span><span class="cx"> 0F9630351D4192C3005609D9 /* AllocatorAttributes.cpp */,
</span><span class="cx"> 0F9630361D4192C3005609D9 /* AllocatorAttributes.h */,
</span><ins>+ 0F070A421D543A89006E7232 /* CellContainer.h */,
+ 0F070A431D543A89006E7232 /* CellContainerInlines.h */,
</ins><span class="cx"> 0F1C3DD91BBCE09E00E523E4 /* CellState.h */,
</span><span class="cx"> 0FD8A31117D4326C00CA2C40 /* CodeBlockSet.cpp */,
</span><span class="cx"> 0FD8A31217D4326C00CA2C40 /* CodeBlockSet.h */,
</span><span class="lines">@@ -5257,6 +5291,8 @@
</span><span class="cx"> 0F9630381D4192C3005609D9 /* DestructionMode.h */,
</span><span class="cx"> 2A83638318D7D0EE0000EBCC /* EdenGCActivityCallback.cpp */,
</span><span class="cx"> 2A83638418D7D0EE0000EBCC /* EdenGCActivityCallback.h */,
</span><ins>+ 0F5513A71D5A68CB00C32BD8 /* FreeList.cpp */,
+ 0F5513A51D5A682A00C32BD8 /* FreeList.h */,
</ins><span class="cx"> 2A83638718D7D0FE0000EBCC /* FullGCActivityCallback.cpp */,
</span><span class="cx"> 2A83638818D7D0FE0000EBCC /* FullGCActivityCallback.h */,
</span><span class="cx"> 2AACE63A18CA5A0300ED0191 /* GCActivityCallback.cpp */,
</span><span class="lines">@@ -5270,6 +5306,7 @@
</span><span class="cx"> 2AABCDE618EF294200002096 /* GCLogging.h */,
</span><span class="cx"> 2A343F7418A1748B0039B085 /* GCSegmentedArray.h */,
</span><span class="cx"> 2A343F7718A1749D0039B085 /* GCSegmentedArrayInlines.h */,
</span><ins>+ 0F86A26E1D6F7B3100CB0C92 /* GCTypeMap.h */,
</ins><span class="cx"> 142E312B134FF0A600AFADB5 /* Handle.h */,
</span><span class="cx"> C28318FF16FE4B7D00157BFD /* HandleBlock.h */,
</span><span class="cx"> C283190116FE533E00157BFD /* HandleBlockInlines.h */,
</span><span class="lines">@@ -5282,11 +5319,13 @@
</span><span class="cx"> 14BA7A9613AADFF8005B7C2C /* Heap.h */,
</span><span class="cx"> DC3D2B0B1D34376E00BA918C /* HeapCell.cpp */,
</span><span class="cx"> DC3D2B091D34316100BA918C /* HeapCell.h */,
</span><ins>+ 0F070A441D543A89006E7232 /* HeapCellInlines.h */,
</ins><span class="cx"> 0F32BD0E1BB34F190093A57F /* HeapHelperPool.cpp */,
</span><span class="cx"> 0F32BD0F1BB34F190093A57F /* HeapHelperPool.h */,
</span><span class="cx"> C2DA778218E259990066FCB6 /* HeapInlines.h */,
</span><span class="cx"> 2AD8932917E3868F00668276 /* HeapIterationScope.h */,
</span><span class="cx"> A5339EC81BB4B4510054F005 /* HeapObserver.h */,
</span><ins>+ 0F86A26C1D6F796200CB0C92 /* HeapOperation.cpp */,
</ins><span class="cx"> 2A6F462517E959CE00C45C98 /* HeapOperation.h */,
</span><span class="cx"> A5398FA91C750D950060A963 /* HeapProfiler.cpp */,
</span><span class="cx"> A5398FAA1C750D950060A963 /* HeapProfiler.h */,
</span><span class="lines">@@ -5299,6 +5338,7 @@
</span><span class="cx"> C24D31E1161CD695002AA4DB /* HeapStatistics.h */,
</span><span class="cx"> C2E526BB1590EF000054E48D /* HeapTimer.cpp */,
</span><span class="cx"> C2E526BC1590EF000054E48D /* HeapTimer.h */,
</span><ins>+ 0FADE6721D4D23BC00768457 /* HeapUtil.h */,
</ins><span class="cx"> FE7BA60D1A1A7CEC00F1F7B4 /* HeapVerifier.cpp */,
</span><span class="cx"> FE7BA60E1A1A7CEC00F1F7B4 /* HeapVerifier.h */,
</span><span class="cx"> C25F8BCB157544A900245B71 /* IncrementalSweeper.cpp */,
</span><span class="lines">@@ -5305,6 +5345,8 @@
</span><span class="cx"> C25F8BCC157544A900245B71 /* IncrementalSweeper.h */,
</span><span class="cx"> 0F766D2915A8CC34008F363E /* JITStubRoutineSet.cpp */,
</span><span class="cx"> 0F766D2A15A8CC34008F363E /* JITStubRoutineSet.h */,
</span><ins>+ 0F070A451D543A89006E7232 /* LargeAllocation.cpp */,
+ 0F070A461D543A89006E7232 /* LargeAllocation.h */,
</ins><span class="cx"> 0F431736146BAC65007E3890 /* ListableHandler.h */,
</span><span class="cx"> FE3913511B794AC900EDAF71 /* LiveObjectData.h */,
</span><span class="cx"> FE3913521B794AC900EDAF71 /* LiveObjectList.cpp */,
</span><span class="lines">@@ -5656,6 +5698,7 @@
</span><span class="cx"> A7A8AF2817ADB5F3005AB174 /* ArrayBufferView.h */,
</span><span class="cx"> BC7952060E15E8A800A898AB /* ArrayConstructor.cpp */,
</span><span class="cx"> BC7952070E15E8A800A898AB /* ArrayConstructor.h */,
</span><ins>+ 0FB415831D78F98200DF8D09 /* ArrayConventions.cpp */,
</ins><span class="cx"> 0FB7F38915ED8E3800F167B2 /* ArrayConventions.h */,
</span><span class="cx"> A7BDAEC217F4EA1400F6140C /* ArrayIteratorPrototype.cpp */,
</span><span class="cx"> A7BDAEC317F4EA1400F6140C /* ArrayIteratorPrototype.h */,
</span><span class="lines">@@ -5662,6 +5705,8 @@
</span><span class="cx"> F692A84D0255597D01FF60F7 /* ArrayPrototype.cpp */,
</span><span class="cx"> F692A84E0255597D01FF60F7 /* ArrayPrototype.h */,
</span><span class="cx"> 0FB7F38A15ED8E3800F167B2 /* ArrayStorage.h */,
</span><ins>+ 0F38D2A01D44196600680499 /* AuxiliaryBarrier.h */,
+ 0F38D2A11D44196600680499 /* AuxiliaryBarrierInlines.h */,
</ins><span class="cx"> 52678F8C1A031009006A306D /* BasicBlockLocation.cpp */,
</span><span class="cx"> 52678F8D1A031009006A306D /* BasicBlockLocation.h */,
</span><span class="cx"> 147B83AA0E6DB8C9004775A4 /* BatchedTransitionOptimizer.h */,
</span><span class="lines">@@ -5826,7 +5871,6 @@
</span><span class="cx"> 70DC3E081B2DF2C700054299 /* IteratorPrototype.h */,
</span><span class="cx"> 93ADFCE60CCBD7AC00D30B08 /* JSArray.cpp */,
</span><span class="cx"> 938772E5038BFE19008635CE /* JSArray.h */,
</span><del>- 539FB8B91C99DA7C00940FA1 /* JSArrayInlines.h */,
</del><span class="cx"> 0F2B66B417B6B5AB00A7AE3F /* JSArrayBuffer.cpp */,
</span><span class="cx"> 0F2B66B517B6B5AB00A7AE3F /* JSArrayBuffer.h */,
</span><span class="cx"> 0F2B66B617B6B5AB00A7AE3F /* JSArrayBufferConstructor.cpp */,
</span><span class="lines">@@ -5836,6 +5880,7 @@
</span><span class="cx"> 0F2B66BA17B6B5AB00A7AE3F /* JSArrayBufferView.cpp */,
</span><span class="cx"> 0F2B66BB17B6B5AB00A7AE3F /* JSArrayBufferView.h */,
</span><span class="cx"> 0F2B66BC17B6B5AB00A7AE3F /* JSArrayBufferViewInlines.h */,
</span><ins>+ 539FB8B91C99DA7C00940FA1 /* JSArrayInlines.h */,
</ins><span class="cx"> 86FA9E8F142BBB2D001773B7 /* JSBoundFunction.cpp */,
</span><span class="cx"> 86FA9E90142BBB2E001773B7 /* JSBoundFunction.h */,
</span><span class="cx"> 657CF45619BF6662004ACBF2 /* JSCallee.cpp */,
</span><span class="lines">@@ -5904,6 +5949,8 @@
</span><span class="cx"> A74DEF90182D991400522C22 /* JSMapIterator.h */,
</span><span class="cx"> E3D239C61B829C1C00BBEF67 /* JSModuleEnvironment.cpp */,
</span><span class="cx"> E3D239C71B829C1C00BBEF67 /* JSModuleEnvironment.h */,
</span><ins>+ 1879510614C540FFB561C124 /* JSModuleLoader.cpp */,
+ 77B25CB2C3094A92A38E1DB3 /* JSModuleLoader.h */,
</ins><span class="cx"> E318CBBE1B8AEF5100A2929D /* JSModuleNamespaceObject.cpp */,
</span><span class="cx"> E318CBBF1B8AEF5100A2929D /* JSModuleNamespaceObject.h */,
</span><span class="cx"> E39DA4A41B7E8B7C0084F33A /* JSModuleRecord.cpp */,
</span><span class="lines">@@ -6096,6 +6143,8 @@
</span><span class="cx"> 0F0CD4C315F6B6B50032F1C0 /* SparseArrayValueMap.cpp */,
</span><span class="cx"> 0FB7F39215ED8E3800F167B2 /* SparseArrayValueMap.h */,
</span><span class="cx"> 0F3AC751183EA1040032029F /* StackAlignment.h */,
</span><ins>+ 0F6DB7E71D6124B200CDBF8E /* StackFrame.cpp */,
+ 0F6DB7E81D6124B200CDBF8E /* StackFrame.h */,
</ins><span class="cx"> A730B6111250068F009D25B1 /* StrictEvalActivation.cpp */,
</span><span class="cx"> A730B6101250068F009D25B1 /* StrictEvalActivation.h */,
</span><span class="cx"> BC18C3C00E16EE3300B34460 /* StringConstructor.cpp */,
</span><span class="lines">@@ -6184,8 +6233,6 @@
</span><span class="cx"> 709FB8661AE335C60039D069 /* WeakSetPrototype.h */,
</span><span class="cx"> A7DCB77912E3D90500911940 /* WriteBarrier.h */,
</span><span class="cx"> C2B6D75218A33793004A9301 /* WriteBarrierInlines.h */,
</span><del>- 77B25CB2C3094A92A38E1DB3 /* JSModuleLoader.h */,
- 1879510614C540FFB561C124 /* JSModuleLoader.cpp */,
</del><span class="cx"> );
</span><span class="cx"> path = runtime;
</span><span class="cx"> sourceTree = "<group>";
</span><span class="lines">@@ -6628,6 +6675,7 @@
</span><span class="cx"> 8640923C156EED3B00566CB2 /* MacroAssemblerARM64.h */,
</span><span class="cx"> A729009B17976C6000317298 /* MacroAssemblerARMv7.cpp */,
</span><span class="cx"> 86ADD1440FDDEA980006EEC2 /* MacroAssemblerARMv7.h */,
</span><ins>+ 0F6DB7EB1D617D0F00CDBF8E /* MacroAssemblerCodeRef.cpp */,
</ins><span class="cx"> 863B23DF0FC60E6200703AA4 /* MacroAssemblerCodeRef.h */,
</span><span class="cx"> 86C568DE11A213EE0007F7F0 /* MacroAssemblerMIPS.h */,
</span><span class="cx"> FE68C6351B90DDD90042BCB3 /* MacroAssemblerPrinter.cpp */,
</span><span class="lines">@@ -7239,6 +7287,7 @@
</span><span class="cx"> 99DA00A91BD5993100F4575C /* builtins_generate_separate_header.py in Headers */,
</span><span class="cx"> 0F338E111BF0276C0013C88F /* B3OpaqueByproduct.h in Headers */,
</span><span class="cx"> FEA0C4031CDD7D1D00481991 /* FunctionWhitelist.h in Headers */,
</span><ins>+ 0F6DB7E91D6124B500CDBF8E /* StackFrame.h in Headers */,
</ins><span class="cx"> E3A421431D6F58930007C617 /* PreciseJumpTargetsInlines.h in Headers */,
</span><span class="cx"> 99DA00AA1BD5993100F4575C /* builtins_generate_separate_implementation.py in Headers */,
</span><span class="cx"> 99DA00A31BD5993100F4575C /* builtins_generator.py in Headers */,
</span><span class="lines">@@ -7331,6 +7380,7 @@
</span><span class="cx"> 0F338E1C1BF286EA0013C88F /* B3BlockInsertionSet.h in Headers */,
</span><span class="cx"> 0F9495881C57F47500413A48 /* B3StackSlot.h in Headers */,
</span><span class="cx"> C4F4B6F31A05C944005CAB76 /* cpp_generator_templates.py in Headers */,
</span><ins>+ 0F38D2A21D44196800680499 /* AuxiliaryBarrier.h in Headers */,
</ins><span class="cx"> 5DE6E5B30E1728EC00180407 /* create_hash_table in Headers */,
</span><span class="cx"> 9959E92B1BD17FA4001AA413 /* cssmin.py in Headers */,
</span><span class="cx"> 2A111246192FCE79005EE18D /* CustomGetterSetter.h in Headers */,
</span><span class="lines">@@ -7460,6 +7510,7 @@
</span><span class="cx"> A7D9A29817A0BC7400EE2618 /* DFGLICMPhase.h in Headers */,
</span><span class="cx"> 99D6A1161BEAD34D00E25C37 /* RemoteAutomationTarget.h in Headers */,
</span><span class="cx"> 79C4B15E1BA2158F00FD592E /* DFGLiveCatchVariablePreservationPhase.h in Headers */,
</span><ins>+ 0F86A26F1D6F7B3300CB0C92 /* GCTypeMap.h in Headers */,
</ins><span class="cx"> A7D89CFC17A0B8CC00773AD8 /* DFGLivenessAnalysisPhase.h in Headers */,
</span><span class="cx"> 0FF0F19B16B729FA005DF95B /* DFGLongLivedState.h in Headers */,
</span><span class="cx"> 0F338DF21BE93AD10013C88F /* B3StackmapValue.h in Headers */,
</span><span class="lines">@@ -7556,6 +7607,7 @@
</span><span class="cx"> 0FFFC96014EF90BD00C72532 /* DFGVirtualRegisterAllocationPhase.h in Headers */,
</span><span class="cx"> 0FC97F4218202119002C9B26 /* DFGWatchpointCollectionPhase.h in Headers */,
</span><span class="cx"> 0FDB2CE8174830A2007B3C1B /* DFGWorklist.h in Headers */,
</span><ins>+ 0F070A491D543A93006E7232 /* HeapCellInlines.h in Headers */,
</ins><span class="cx"> 0FE050181AA9091100D33B33 /* DirectArguments.h in Headers */,
</span><span class="cx"> 0FE050161AA9091100D33B33 /* DirectArgumentsOffset.h in Headers */,
</span><span class="cx"> 0FF42731158EBD54004CB9FF /* Disassembler.h in Headers */,
</span><span class="lines">@@ -7686,6 +7738,7 @@
</span><span class="cx"> 0FE0501A1AA9091100D33B33 /* GenericArgumentsInlines.h in Headers */,
</span><span class="cx"> FE3A06C01C11041A00390FDD /* JITRightShiftGenerator.h in Headers */,
</span><span class="cx"> 708EBE241CE8F35800453146 /* IntlObjectInlines.h in Headers */,
</span><ins>+ 0F070A481D543A90006E7232 /* CellContainerInlines.h in Headers */,
</ins><span class="cx"> FE6029D91D6E1E4F0030204D /* ThrowScopeLocation.h in Headers */,
</span><span class="cx"> 0FE0501B1AA9091100D33B33 /* GenericOffset.h in Headers */,
</span><span class="cx"> 0F2B66E017B6B5AB00A7AE3F /* GenericTypedArrayView.h in Headers */,
</span><span class="lines">@@ -7773,6 +7826,7 @@
</span><span class="cx"> A1587D6E1B4DC14100D69849 /* IntlDateTimeFormat.h in Headers */,
</span><span class="cx"> FE187A0F1C030D6C0038BBCA /* SnippetOperand.h in Headers */,
</span><span class="cx"> A1587D701B4DC14100D69849 /* IntlDateTimeFormatConstructor.h in Headers */,
</span><ins>+ 0FADE6731D4D23BE00768457 /* HeapUtil.h in Headers */,
</ins><span class="cx"> A1587D751B4DC1C600D69849 /* IntlDateTimeFormatConstructor.lut.h in Headers */,
</span><span class="cx"> A5398FAB1C750DA40060A963 /* HeapProfiler.h in Headers */,
</span><span class="cx"> A1587D721B4DC14100D69849 /* IntlDateTimeFormatPrototype.h in Headers */,
</span><span class="lines">@@ -7897,6 +7951,7 @@
</span><span class="cx"> C25D709C16DE99F400FCA6BC /* JSManagedValue.h in Headers */,
</span><span class="cx"> 2A4BB7F318A41179008A0FCD /* JSManagedValueInternal.h in Headers */,
</span><span class="cx"> A700874217CBE8EB00C3E643 /* JSMap.h in Headers */,
</span><ins>+ 0F38D2A31D44196D00680499 /* AuxiliaryBarrierInlines.h in Headers */,
</ins><span class="cx"> A74DEF96182D991400522C22 /* JSMapIterator.h in Headers */,
</span><span class="cx"> 9959E92D1BD17FA4001AA413 /* jsmin.py in Headers */,
</span><span class="cx"> E3D239C91B829C1C00BBEF67 /* JSModuleEnvironment.h in Headers */,
</span><span class="lines">@@ -7934,6 +7989,7 @@
</span><span class="cx"> BC18C4270E16F5CD00B34460 /* JSString.h in Headers */,
</span><span class="cx"> 86E85539111B9968001AF51E /* JSStringBuilder.h in Headers */,
</span><span class="cx"> 70EC0EC31AA0D7DA00B6AAFA /* JSStringIterator.h in Headers */,
</span><ins>+ 0F070A471D543A8B006E7232 /* CellContainer.h in Headers */,
</ins><span class="cx"> 2600B5A7152BAAA70091EE5F /* JSStringJoiner.h in Headers */,
</span><span class="cx"> BC18C4280E16F5CD00B34460 /* JSStringRef.h in Headers */,
</span><span class="cx"> 43AB26C61C1A535900D82AE6 /* B3MathExtras.h in Headers */,
</span><span class="lines">@@ -8004,6 +8060,7 @@
</span><span class="cx"> 14B723B812D7DA6F003BD5ED /* MachineStackMarker.h in Headers */,
</span><span class="cx"> 86C36EEA0EE1289D00B3DF59 /* MacroAssembler.h in Headers */,
</span><span class="cx"> 43422A671C16267800E2EB98 /* B3ReduceDoubleToFloat.h in Headers */,
</span><ins>+ 0F070A4B1D543A98006E7232 /* LargeAllocation.h in Headers */,
</ins><span class="cx"> 86D3B2C610156BDE002865E7 /* MacroAssemblerARM.h in Headers */,
</span><span class="cx"> A1A009C01831A22D00CF8711 /* MacroAssemblerARM64.h in Headers */,
</span><span class="cx"> 86ADD1460FDDEA980006EEC2 /* MacroAssemblerARMv7.h in Headers */,
</span><span class="lines">@@ -8051,6 +8108,7 @@
</span><span class="cx"> BC18C4440E16F5CD00B34460 /* NumberPrototype.h in Headers */,
</span><span class="cx"> 996B73211BDA08EF00331B84 /* NumberPrototype.lut.h in Headers */,
</span><span class="cx"> 142D3939103E4560007DCB52 /* NumericStrings.h in Headers */,
</span><ins>+ 0F5513A61D5A682C00C32BD8 /* FreeList.h in Headers */,
</ins><span class="cx"> A5EA710C19F6DE820098F5EC /* objc_generator.py in Headers */,
</span><span class="cx"> C4F4B6F61A05C984005CAB76 /* objc_generator_templates.py in Headers */,
</span><span class="cx"> 86F3EEBD168CDE930077B92A /* ObjCCallbackFunction.h in Headers */,
</span><span class="lines">@@ -8832,6 +8890,7 @@
</span><span class="cx"> 0FEC856F1BDACDC70080FF74 /* AirArg.cpp in Sources */,
</span><span class="cx"> 0F4DE1CE1C4C1B54004D6C11 /* AirFixObviousSpills.cpp in Sources */,
</span><span class="cx"> 0FEC85711BDACDC70080FF74 /* AirBasicBlock.cpp in Sources */,
</span><ins>+ 0F070A4A1D543A95006E7232 /* LargeAllocation.cpp in Sources */,
</ins><span class="cx"> 0FEC85731BDACDC70080FF74 /* AirCCallSpecial.cpp in Sources */,
</span><span class="cx"> 0FEC85751BDACDC70080FF74 /* AirCode.cpp in Sources */,
</span><span class="cx"> 0F4570381BE44C910062A629 /* AirEliminateDeadCode.cpp in Sources */,
</span><span class="lines">@@ -9092,6 +9151,7 @@
</span><span class="cx"> A78A977A179738B8009DF744 /* DFGPlan.cpp in Sources */,
</span><span class="cx"> 0FBE0F7416C1DB090082C5E8 /* DFGPredictionInjectionPhase.cpp in Sources */,
</span><span class="cx"> 0FFFC95D14EF90B300C72532 /* DFGPredictionPropagationPhase.cpp in Sources */,
</span><ins>+ 0F86A26D1D6F796500CB0C92 /* HeapOperation.cpp in Sources */,
</ins><span class="cx"> 0F3E01AA19D353A500F61B7F /* DFGPrePostNumbering.cpp in Sources */,
</span><span class="cx"> 0F2B9CEC19D0BA7D00B1D1B5 /* DFGPromotedHeapLocation.cpp in Sources */,
</span><span class="cx"> 0FB17662196B8F9E0091052A /* DFGPureValue.cpp in Sources */,
</span><span class="lines">@@ -9253,6 +9313,7 @@
</span><span class="cx"> 0FE34C191C4B39AE0003A512 /* AirLogRegisterPressure.cpp in Sources */,
</span><span class="cx"> A1B9E2391B4E0D6700BC7FED /* IntlCollator.cpp in Sources */,
</span><span class="cx"> A1B9E23B1B4E0D6700BC7FED /* IntlCollatorConstructor.cpp in Sources */,
</span><ins>+ 0F6DB7EA1D6124B800CDBF8E /* StackFrame.cpp in Sources */,
</ins><span class="cx"> A1B9E23D1B4E0D6700BC7FED /* IntlCollatorPrototype.cpp in Sources */,
</span><span class="cx"> A1587D6D1B4DC14100D69849 /* IntlDateTimeFormat.cpp in Sources */,
</span><span class="cx"> A1587D6F1B4DC14100D69849 /* IntlDateTimeFormatConstructor.cpp in Sources */,
</span><span class="lines">@@ -9276,14 +9337,17 @@
</span><span class="cx"> 146FE51211A710430087AE66 /* JITCall32_64.cpp in Sources */,
</span><span class="cx"> 0F8F94441667635400D61971 /* JITCode.cpp in Sources */,
</span><span class="cx"> 0FAF7EFD165BA91B000C8455 /* JITDisassembler.cpp in Sources */,
</span><ins>+ 0F6DB7EC1D617D1100CDBF8E /* MacroAssemblerCodeRef.cpp in Sources */,
</ins><span class="cx"> 0F46808314BA573100BFE272 /* JITExceptions.cpp in Sources */,
</span><span class="cx"> 0FB14E1E18124ACE009B6B4D /* JITInlineCacheGenerator.cpp in Sources */,
</span><span class="cx"> BCDD51EB0FB8DF74004A8BDC /* JITOpcodes.cpp in Sources */,
</span><span class="cx"> A71236E51195F33C00BD2174 /* JITOpcodes32_64.cpp in Sources */,
</span><span class="cx"> 0F24E54C17EE274900ABB217 /* JITOperations.cpp in Sources */,
</span><ins>+ 0F5513A81D5A68CD00C32BD8 /* FreeList.cpp in Sources */,
</ins><span class="cx"> FE99B24A1C24C3D700C82159 /* JITNegGenerator.cpp in Sources */,
</span><span class="cx"> 86CC85C40EE7A89400288682 /* JITPropertyAccess.cpp in Sources */,
</span><span class="cx"> A7C1E8E4112E72EF00A37F98 /* JITPropertyAccess32_64.cpp in Sources */,
</span><ins>+ 0FB415841D78FB4C00DF8D09 /* ArrayConventions.cpp in Sources */,
</ins><span class="cx"> 0F766D2815A8CC1E008F363E /* JITStubRoutine.cpp in Sources */,
</span><span class="cx"> 0F766D2B15A8CC38008F363E /* JITStubRoutineSet.cpp in Sources */,
</span><span class="cx"> FE4238901BE18C3C00514737 /* JITSubGenerator.cpp in Sources */,
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreScriptsbuiltinsbuiltins_generate_combined_implementationpy"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/Scripts/builtins/builtins_generate_combined_implementation.py (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/Scripts/builtins/builtins_generate_combined_implementation.py 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/Scripts/builtins/builtins_generate_combined_implementation.py 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -72,6 +72,9 @@
</span><span class="cx"> ("JavaScriptCore", "builtins/BuiltinExecutables.h"),
</span><span class="cx"> ),
</span><span class="cx"> (["JavaScriptCore", "WebCore"],
</span><ins>+ ("JavaScriptCore", "heap/HeapInlines.h"),
+ ),
+ (["JavaScriptCore", "WebCore"],
</ins><span class="cx"> ("JavaScriptCore", "runtime/Executable.h"),
</span><span class="cx"> ),
</span><span class="cx"> (["JavaScriptCore", "WebCore"],
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreScriptsbuiltinsbuiltins_generate_internals_wrapper_implementationpy"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/Scripts/builtins/builtins_generate_internals_wrapper_implementation.py (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/Scripts/builtins/builtins_generate_internals_wrapper_implementation.py 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/Scripts/builtins/builtins_generate_internals_wrapper_implementation.py 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -68,6 +68,9 @@
</span><span class="cx"> ("WebCore", "WebCoreJSClientData.h"),
</span><span class="cx"> ),
</span><span class="cx"> (["WebCore"],
</span><ins>+ ("JavaScriptCore", "heap/HeapInlines.h"),
+ ),
+ (["WebCore"],
</ins><span class="cx"> ("JavaScriptCore", "heap/SlotVisitorInlines.h"),
</span><span class="cx"> ),
</span><span class="cx"> (["WebCore"],
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreScriptsbuiltinsbuiltins_generate_separate_implementationpy"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_implementation.py (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_implementation.py 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/Scripts/builtins/builtins_generate_separate_implementation.py 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -84,6 +84,9 @@
</span><span class="cx"> ("JavaScriptCore", "builtins/BuiltinExecutables.h"),
</span><span class="cx"> ),
</span><span class="cx"> (["JavaScriptCore", "WebCore"],
</span><ins>+ ("JavaScriptCore", "heap/HeapInlines.h"),
+ ),
+ (["JavaScriptCore", "WebCore"],
</ins><span class="cx"> ("JavaScriptCore", "runtime/Executable.h"),
</span><span class="cx"> ),
</span><span class="cx"> (["JavaScriptCore", "WebCore"],
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreassemblerAbstractMacroAssemblerh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -725,20 +725,18 @@
</span><span class="cx"> append(jump);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- void link(AbstractMacroAssemblerType* masm)
</del><ins>+ void link(AbstractMacroAssemblerType* masm) const
</ins><span class="cx"> {
</span><span class="cx"> size_t size = m_jumps.size();
</span><span class="cx"> for (size_t i = 0; i < size; ++i)
</span><span class="cx"> m_jumps[i].link(masm);
</span><del>- m_jumps.clear();
</del><span class="cx"> }
</span><span class="cx">
</span><del>- void linkTo(Label label, AbstractMacroAssemblerType* masm)
</del><ins>+ void linkTo(Label label, AbstractMacroAssemblerType* masm) const
</ins><span class="cx"> {
</span><span class="cx"> size_t size = m_jumps.size();
</span><span class="cx"> for (size_t i = 0; i < size; ++i)
</span><span class="cx"> m_jumps[i].linkTo(label, masm);
</span><del>- m_jumps.clear();
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void append(Jump jump)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreassemblerMacroAssemblerh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/assembler/MacroAssembler.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/assembler/MacroAssembler.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/assembler/MacroAssembler.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,6 +28,8 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(ASSEMBLER)
</span><span class="cx">
</span><ins>+#include "JSCJSValue.h"
+
</ins><span class="cx"> #if CPU(ARM_THUMB2)
</span><span class="cx"> #include "MacroAssemblerARMv7.h"
</span><span class="cx"> namespace JSC { typedef MacroAssemblerARMv7 MacroAssemblerBase; };
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreassemblerMacroAssemblerARM64h"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/assembler/MacroAssemblerARM64.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/assembler/MacroAssemblerARM64.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/assembler/MacroAssemblerARM64.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -166,7 +166,10 @@
</span><span class="cx"> m_assembler.add<32>(dest, src, UInt12(imm.m_value));
</span><span class="cx"> else if (isUInt12(-imm.m_value))
</span><span class="cx"> m_assembler.sub<32>(dest, src, UInt12(-imm.m_value));
</span><del>- else {
</del><ins>+ else if (src != dest) {
+ move(imm, dest);
+ add32(src, dest);
+ } else {
</ins><span class="cx"> move(imm, getCachedDataTempRegisterIDAndInvalidate());
</span><span class="cx"> m_assembler.add<32>(dest, src, dataTempRegister);
</span><span class="cx"> }
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreassemblerMacroAssemblerCodeRefcppfromrev205702releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeLLIntPrototypeLoadAdaptiveStructureWatchpointcpp"></a>
<div class="copfile"><h4>Copied: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/assembler/MacroAssemblerCodeRef.cpp (from rev 205702, releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp) (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/assembler/MacroAssemblerCodeRef.cpp (rev 0)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/assembler/MacroAssemblerCodeRef.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,68 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "MacroAssemblerCodeRef.h"
+
+#include "JSCInlines.h"
+#include "LLIntData.h"
+
+namespace JSC {
+
+MacroAssemblerCodePtr MacroAssemblerCodePtr::createLLIntCodePtr(OpcodeID codeId)
+{
+ return createFromExecutableAddress(LLInt::getCodePtr(codeId));
+}
+
+void MacroAssemblerCodePtr::dumpWithName(const char* name, PrintStream& out) const
+{
+ if (!m_value) {
+ out.print(name, "(null)");
+ return;
+ }
+ if (executableAddress() == dataLocation()) {
+ out.print(name, "(", RawPointer(executableAddress()), ")");
+ return;
+ }
+ out.print(name, "(executable = ", RawPointer(executableAddress()), ", dataLocation = ", RawPointer(dataLocation()), ")");
+}
+
+void MacroAssemblerCodePtr::dump(PrintStream& out) const
+{
+ dumpWithName("CodePtr", out);
+}
+
+MacroAssemblerCodeRef MacroAssemblerCodeRef::createLLIntCodeRef(OpcodeID codeId)
+{
+ return createSelfManagedCodeRef(MacroAssemblerCodePtr::createFromExecutableAddress(LLInt::getCodePtr(codeId)));
+}
+
+void MacroAssemblerCodeRef::dump(PrintStream& out) const
+{
+ m_codePtr.dumpWithName("CodeRef", out);
+}
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreassemblerMacroAssemblerCodeRefh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/assembler/MacroAssemblerCodeRef.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/assembler/MacroAssemblerCodeRef.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/assembler/MacroAssemblerCodeRef.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,7 +28,6 @@
</span><span class="cx">
</span><span class="cx"> #include "Disassembler.h"
</span><span class="cx"> #include "ExecutableAllocator.h"
</span><del>-#include "LLIntData.h"
</del><span class="cx"> #include <wtf/DataLog.h>
</span><span class="cx"> #include <wtf/PassRefPtr.h>
</span><span class="cx"> #include <wtf/PrintStream.h>
</span><span class="lines">@@ -53,6 +52,8 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><ins>+enum OpcodeID : unsigned;
+
</ins><span class="cx"> // FunctionPtr:
</span><span class="cx"> //
</span><span class="cx"> // FunctionPtr should be used to wrap pointers to C/C++ functions in JSC
</span><span class="lines">@@ -273,10 +274,7 @@
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- static MacroAssemblerCodePtr createLLIntCodePtr(OpcodeID codeId)
- {
- return createFromExecutableAddress(LLInt::getCodePtr(codeId));
- }
</del><ins>+ static MacroAssemblerCodePtr createLLIntCodePtr(OpcodeID codeId);
</ins><span class="cx">
</span><span class="cx"> explicit MacroAssemblerCodePtr(ReturnAddressPtr ra)
</span><span class="cx"> : m_value(ra.value())
</span><span class="lines">@@ -299,23 +297,9 @@
</span><span class="cx"> return m_value == other.m_value;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- void dumpWithName(const char* name, PrintStream& out) const
- {
- if (!m_value) {
- out.print(name, "(null)");
- return;
- }
- if (executableAddress() == dataLocation()) {
- out.print(name, "(", RawPointer(executableAddress()), ")");
- return;
- }
- out.print(name, "(executable = ", RawPointer(executableAddress()), ", dataLocation = ", RawPointer(dataLocation()), ")");
- }
</del><ins>+ void dumpWithName(const char* name, PrintStream& out) const;
</ins><span class="cx">
</span><del>- void dump(PrintStream& out) const
- {
- dumpWithName("CodePtr", out);
- }
</del><ins>+ void dump(PrintStream& out) const;
</ins><span class="cx">
</span><span class="cx"> enum EmptyValueTag { EmptyValue };
</span><span class="cx"> enum DeletedValueTag { DeletedValue };
</span><span class="lines">@@ -389,10 +373,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // Helper for creating self-managed code refs from LLInt.
</span><del>- static MacroAssemblerCodeRef createLLIntCodeRef(OpcodeID codeId)
- {
- return createSelfManagedCodeRef(MacroAssemblerCodePtr::createFromExecutableAddress(LLInt::getCodePtr(codeId)));
- }
</del><ins>+ static MacroAssemblerCodeRef createLLIntCodeRef(OpcodeID codeId);
</ins><span class="cx">
</span><span class="cx"> ExecutableMemoryHandle* executableMemory() const
</span><span class="cx"> {
</span><span class="lines">@@ -418,10 +399,7 @@
</span><span class="cx">
</span><span class="cx"> explicit operator bool() const { return !!m_codePtr; }
</span><span class="cx">
</span><del>- void dump(PrintStream& out) const
- {
- m_codePtr.dumpWithName("CodeRef", out);
- }
</del><ins>+ void dump(PrintStream& out) const;
</ins><span class="cx">
</span><span class="cx"> private:
</span><span class="cx"> MacroAssemblerCodePtr m_codePtr;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreb3B3BasicBlockcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/b3/B3BasicBlock.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/b3/B3BasicBlock.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/b3/B3BasicBlock.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -85,6 +85,11 @@
</span><span class="cx"> return appendIntConstant(proc, likeValue->origin(), likeValue->type(), value);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+Value* BasicBlock::appendBoolConstant(Procedure& proc, Origin origin, bool value)
+{
+ return appendIntConstant(proc, origin, Int32, value ? 1 : 0);
+}
+
</ins><span class="cx"> void BasicBlock::clearSuccessors()
</span><span class="cx"> {
</span><span class="cx"> m_successors.clear();
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreb3B3BasicBlockh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/b3/B3BasicBlock.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/b3/B3BasicBlock.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/b3/B3BasicBlock.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -82,6 +82,7 @@
</span><span class="cx">
</span><span class="cx"> JS_EXPORT_PRIVATE Value* appendIntConstant(Procedure&, Origin, Type, int64_t value);
</span><span class="cx"> Value* appendIntConstant(Procedure&, Value* likeValue, int64_t value);
</span><ins>+ Value* appendBoolConstant(Procedure&, Origin, bool);
</ins><span class="cx">
</span><span class="cx"> void removeLast(Procedure&);
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreb3B3DuplicateTailscpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/b3/B3DuplicateTails.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/b3/B3DuplicateTails.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/b3/B3DuplicateTails.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -71,8 +71,12 @@
</span><span class="cx"> IndexSet<BasicBlock> candidates;
</span><span class="cx">
</span><span class="cx"> for (BasicBlock* block : m_proc) {
</span><del>- if (block->size() > m_maxSize || block->numSuccessors() > m_maxSuccessors)
</del><ins>+ if (block->size() > m_maxSize)
</ins><span class="cx"> continue;
</span><ins>+ if (block->numSuccessors() > m_maxSuccessors)
+ continue;
+ if (block->last()->type() != Void) // Demoting doesn't handle terminals with values.
+ continue;
</ins><span class="cx">
</span><span class="cx"> candidates.add(block);
</span><span class="cx"> }
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreb3B3StackmapGenerationParamsh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/b3/B3StackmapGenerationParams.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/b3/B3StackmapGenerationParams.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/b3/B3StackmapGenerationParams.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -92,7 +92,7 @@
</span><span class="cx"> // This is computed lazily, so it won't work if you capture StackmapGenerationParams by value.
</span><span class="cx"> // Returns true if the successor at the given index is going to be emitted right after the
</span><span class="cx"> // patchpoint.
</span><del>- bool fallsThroughToSuccessor(unsigned successorIndex) const;
</del><ins>+ JS_EXPORT_PRIVATE bool fallsThroughToSuccessor(unsigned successorIndex) const;
</ins><span class="cx">
</span><span class="cx"> // This is provided for convenience; it means that you don't have to capture it if you don't want to.
</span><span class="cx"> JS_EXPORT_PRIVATE Procedure& proc() const;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreb3testb3cpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/b3/testb3.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/b3/testb3.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/b3/testb3.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -12920,6 +12920,80 @@
</span><span class="cx"> CHECK(terminal.args[2].kind() == Air::Arg::BitImm || terminal.args[2].kind() == Air::Arg::BitImm64);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void testPatchpointTerminalReturnValue(bool successIsRare)
+{
+ // This is a unit test for how FTL's heap allocation fast paths behave.
+ Procedure proc;
+
+ BasicBlock* root = proc.addBlock();
+ BasicBlock* success = proc.addBlock();
+ BasicBlock* slowPath = proc.addBlock();
+ BasicBlock* continuation = proc.addBlock();
+
+ Value* arg = root->appendNew<Value>(
+ proc, Trunc, Origin(),
+ root->appendNew<ArgumentRegValue>(proc, Origin(), GPRInfo::argumentGPR0));
+
+ PatchpointValue* patchpoint = root->appendNew<PatchpointValue>(proc, Int32, Origin());
+ patchpoint->effects.terminal = true;
+ patchpoint->clobber(RegisterSet::macroScratchRegisters());
+
+ if (successIsRare) {
+ root->appendSuccessor(FrequentedBlock(success, FrequencyClass::Rare));
+ root->appendSuccessor(slowPath);
+ } else {
+ root->appendSuccessor(success);
+ root->appendSuccessor(FrequentedBlock(slowPath, FrequencyClass::Rare));
+ }
+
+ patchpoint->appendSomeRegister(arg);
+
+ patchpoint->setGenerator(
+ [&] (CCallHelpers& jit, const StackmapGenerationParams& params) {
+ AllowMacroScratchRegisterUsage allowScratch(jit);
+
+ CCallHelpers::Jump jumpToSlow =
+ jit.branch32(CCallHelpers::Above, params[1].gpr(), CCallHelpers::TrustedImm32(42));
+
+ jit.add32(CCallHelpers::TrustedImm32(31), params[1].gpr(), params[0].gpr());
+
+ CCallHelpers::Jump jumpToSuccess;
+ if (!params.fallsThroughToSuccessor(0))
+ jumpToSuccess = jit.jump();
+
+ Vector<Box<CCallHelpers::Label>> labels = params.successorLabels();
+
+ params.addLatePath(
+ [=] (CCallHelpers& jit) {
+ jumpToSlow.linkTo(*labels[1], &jit);
+ if (jumpToSuccess.isSet())
+ jumpToSuccess.linkTo(*labels[0], &jit);
+ });
+ });
+
+ UpsilonValue* successUpsilon = success->appendNew<UpsilonValue>(proc, Origin(), patchpoint);
+ success->appendNew<Value>(proc, Jump, Origin());
+ success->setSuccessors(continuation);
+
+ UpsilonValue* slowPathUpsilon = slowPath->appendNew<UpsilonValue>(
+ proc, Origin(), slowPath->appendNew<Const32Value>(proc, Origin(), 666));
+ slowPath->appendNew<Value>(proc, Jump, Origin());
+ slowPath->setSuccessors(continuation);
+
+ Value* phi = continuation->appendNew<Value>(proc, Phi, Int32, Origin());
+ successUpsilon->setPhi(phi);
+ slowPathUpsilon->setPhi(phi);
+ continuation->appendNew<Value>(proc, Return, Origin(), phi);
+
+ auto code = compile(proc);
+ CHECK_EQ(invoke<int>(*code, 0), 31);
+ CHECK_EQ(invoke<int>(*code, 1), 32);
+ CHECK_EQ(invoke<int>(*code, 41), 72);
+ CHECK_EQ(invoke<int>(*code, 42), 73);
+ CHECK_EQ(invoke<int>(*code, 43), 666);
+ CHECK_EQ(invoke<int>(*code, -1), 666);
+}
+
</ins><span class="cx"> // Make sure the compiler does not try to optimize anything out.
</span><span class="cx"> NEVER_INLINE double zero()
</span><span class="cx"> {
</span><span class="lines">@@ -14337,6 +14411,8 @@
</span><span class="cx"> RUN(testEntrySwitchLoop());
</span><span class="cx">
</span><span class="cx"> RUN(testSomeEarlyRegister());
</span><ins>+ RUN(testPatchpointTerminalReturnValue(true));
+ RUN(testPatchpointTerminalReturnValue(false));
</ins><span class="cx">
</span><span class="cx"> if (isX86()) {
</span><span class="cx"> RUN(testBranchBitAndImmFusion(Identity, Int64, 1, Air::BranchTest32, Air::Arg::Tmp));
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebindingsScriptValuecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bindings/ScriptValue.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bindings/ScriptValue.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bindings/ScriptValue.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -32,9 +32,8 @@
</span><span class="cx">
</span><span class="cx"> #include "APICast.h"
</span><span class="cx"> #include "InspectorValues.h"
</span><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSLock.h"
</span><del>-#include "JSObjectInlines.h"
-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> using namespace JSC;
</span><span class="cx"> using namespace Inspector;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeAdaptiveInferredPropertyValueWatchpointBasecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/AdaptiveInferredPropertyValueWatchpointBase.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/AdaptiveInferredPropertyValueWatchpointBase.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/AdaptiveInferredPropertyValueWatchpointBase.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,8 +26,7 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "AdaptiveInferredPropertyValueWatchpointBase.h"
</span><span class="cx">
</span><del>-#include "JSCellInlines.h"
-#include "StructureInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeBytecodeLivenessAnalysiscpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/BytecodeLivenessAnalysis.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/BytecodeLivenessAnalysis.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/BytecodeLivenessAnalysis.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -32,6 +32,7 @@
</span><span class="cx"> #include "CodeBlock.h"
</span><span class="cx"> #include "FullBytecodeLiveness.h"
</span><span class="cx"> #include "InterpreterInlines.h"
</span><ins>+#include "PreciseJumpTargets.h"
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeBytecodeRewritercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/BytecodeRewriter.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/BytecodeRewriter.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/BytecodeRewriter.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -27,6 +27,7 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "BytecodeRewriter.h"
</span><span class="cx">
</span><ins>+#include "HeapInlines.h"
</ins><span class="cx"> #include "PreciseJumpTargetsInlines.h"
</span><span class="cx"> #include <wtf/BubbleSort.h>
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeBytecodeUseDefh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/BytecodeUseDef.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/BytecodeUseDef.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/BytecodeUseDef.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -27,6 +27,7 @@
</span><span class="cx"> #define BytecodeUseDef_h
</span><span class="cx">
</span><span class="cx"> #include "CodeBlock.h"
</span><ins>+#include "Interpreter.h"
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeCallLinkInfocpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/CallLinkInfo.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/CallLinkInfo.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/CallLinkInfo.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -30,6 +30,7 @@
</span><span class="cx"> #include "DFGOperations.h"
</span><span class="cx"> #include "DFGThunks.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><ins>+#include "Opcode.h"
</ins><span class="cx"> #include "Repatch.h"
</span><span class="cx"> #include <wtf/ListDump.h>
</span><span class="cx">
</span><span class="lines">@@ -36,6 +37,22 @@
</span><span class="cx"> #if ENABLE(JIT)
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><ins>+CallLinkInfo::CallType CallLinkInfo::callTypeFor(OpcodeID opcodeID)
+{
+ if (opcodeID == op_call || opcodeID == op_call_eval)
+ return Call;
+ if (opcodeID == op_call_varargs)
+ return CallVarargs;
+ if (opcodeID == op_construct)
+ return Construct;
+ if (opcodeID == op_construct_varargs)
+ return ConstructVarargs;
+ if (opcodeID == op_tail_call)
+ return TailCall;
+ ASSERT(opcodeID == op_tail_call_varargs || op_tail_call_forward_arguments);
+ return TailCallVarargs;
+}
+
</ins><span class="cx"> CallLinkInfo::CallLinkInfo()
</span><span class="cx"> : m_hasSeenShouldRepatch(false)
</span><span class="cx"> , m_hasSeenClosure(false)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeCallLinkInfoh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/CallLinkInfo.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/CallLinkInfo.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/CallLinkInfo.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -31,7 +31,6 @@
</span><span class="cx"> #include "CodeSpecializationKind.h"
</span><span class="cx"> #include "JITWriteBarrier.h"
</span><span class="cx"> #include "JSFunction.h"
</span><del>-#include "Opcode.h"
</del><span class="cx"> #include "PolymorphicCallStubRoutine.h"
</span><span class="cx"> #include "WriteBarrier.h"
</span><span class="cx"> #include <wtf/SentinelLinkedList.h>
</span><span class="lines">@@ -40,26 +39,13 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(JIT)
</span><span class="cx">
</span><ins>+enum OpcodeID : unsigned;
</ins><span class="cx"> struct CallFrameShuffleData;
</span><span class="cx">
</span><span class="cx"> class CallLinkInfo : public BasicRawSentinelNode<CallLinkInfo> {
</span><span class="cx"> public:
</span><span class="cx"> enum CallType { None, Call, CallVarargs, Construct, ConstructVarargs, TailCall, TailCallVarargs };
</span><del>- static CallType callTypeFor(OpcodeID opcodeID)
- {
- if (opcodeID == op_call || opcodeID == op_call_eval)
- return Call;
- if (opcodeID == op_call_varargs)
- return CallVarargs;
- if (opcodeID == op_construct)
- return Construct;
- if (opcodeID == op_construct_varargs)
- return ConstructVarargs;
- if (opcodeID == op_tail_call)
- return TailCall;
- ASSERT(opcodeID == op_tail_call_varargs || op_tail_call_forward_arguments);
- return TailCallVarargs;
- }
</del><ins>+ static CallType callTypeFor(OpcodeID opcodeID);
</ins><span class="cx">
</span><span class="cx"> static bool isVarargsCallType(CallType callType)
</span><span class="cx"> {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeCallLinkStatuscpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/CallLinkStatus.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/CallLinkStatus.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/CallLinkStatus.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -30,6 +30,7 @@
</span><span class="cx"> #include "CodeBlock.h"
</span><span class="cx"> #include "DFGJITCode.h"
</span><span class="cx"> #include "InlineCallFrame.h"
</span><ins>+#include "Interpreter.h"
</ins><span class="cx"> #include "LLIntCallLinkInfo.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><span class="cx"> #include <wtf/CommaPrinter.h>
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/CodeBlock.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/CodeBlock.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/CodeBlock.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -52,6 +52,7 @@
</span><span class="cx"> #include "JSFunction.h"
</span><span class="cx"> #include "JSLexicalEnvironment.h"
</span><span class="cx"> #include "JSModuleEnvironment.h"
</span><ins>+#include "LLIntData.h"
</ins><span class="cx"> #include "LLIntEntrypoint.h"
</span><span class="cx"> #include "LLIntPrototypeLoadAdaptiveStructureWatchpoint.h"
</span><span class="cx"> #include "LowLevelInterpreter.h"
</span><span class="lines">@@ -70,6 +71,7 @@
</span><span class="cx"> #include "VMInlines.h"
</span><span class="cx"> #include <wtf/BagToHashMap.h>
</span><span class="cx"> #include <wtf/CommaPrinter.h>
</span><ins>+#include <wtf/SimpleStats.h>
</ins><span class="cx"> #include <wtf/StringExtras.h>
</span><span class="cx"> #include <wtf/StringPrintStream.h>
</span><span class="cx"> #include <wtf/text/UniquedStringImpl.h>
</span><span class="lines">@@ -1876,7 +1878,7 @@
</span><span class="cx"> m_rareData->m_stringSwitchJumpTables = other.m_rareData->m_stringSwitchJumpTables;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- heap()->m_codeBlocks.add(this);
</del><ins>+ heap()->m_codeBlocks->add(this);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> CodeBlock::CodeBlock(VM* vm, Structure* structure, ScriptExecutable* ownerExecutable, UnlinkedCodeBlock* unlinkedCodeBlock,
</span><span class="lines">@@ -2342,7 +2344,7 @@
</span><span class="cx"> if (Options::dumpGeneratedBytecodes())
</span><span class="cx"> dumpBytecode();
</span><span class="cx">
</span><del>- heap()->m_codeBlocks.add(this);
</del><ins>+ heap()->m_codeBlocks->add(this);
</ins><span class="cx"> heap()->reportExtraMemoryAllocated(m_instructions.size() * sizeof(Instruction));
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -2379,7 +2381,7 @@
</span><span class="cx"> {
</span><span class="cx"> Base::finishCreation(vm);
</span><span class="cx">
</span><del>- heap()->m_codeBlocks.add(this);
</del><ins>+ heap()->m_codeBlocks->add(this);
</ins><span class="cx"> }
</span><span class="cx"> #endif
</span><span class="cx">
</span><span class="lines">@@ -2783,6 +2785,14 @@
</span><span class="cx"> codeBlock->determineLiveness(visitor);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void CodeBlock::clearLLIntGetByIdCache(Instruction* instruction)
+{
+ instruction[0].u.opcode = LLInt::getOpcode(op_get_by_id);
+ instruction[4].u.pointer = nullptr;
+ instruction[5].u.pointer = nullptr;
+ instruction[6].u.pointer = nullptr;
+}
+
</ins><span class="cx"> void CodeBlock::finalizeLLIntInlineCaches()
</span><span class="cx"> {
</span><span class="cx"> #if ENABLE(WEBASSEMBLY)
</span><span class="lines">@@ -4184,12 +4194,12 @@
</span><span class="cx"> if (!m_vm)
</span><span class="cx"> return 0;
</span><span class="cx">
</span><del>- if (!m_vm->machineCodeBytesPerBytecodeWordForBaselineJIT)
</del><ins>+ if (!*m_vm->machineCodeBytesPerBytecodeWordForBaselineJIT)
</ins><span class="cx"> return 0; // It's as good of a prediction as we'll get.
</span><span class="cx">
</span><span class="cx"> // Be conservative: return a size that will be an overestimation 84% of the time.
</span><del>- double multiplier = m_vm->machineCodeBytesPerBytecodeWordForBaselineJIT.mean() +
- m_vm->machineCodeBytesPerBytecodeWordForBaselineJIT.standardDeviation();
</del><ins>+ double multiplier = m_vm->machineCodeBytesPerBytecodeWordForBaselineJIT->mean() +
+ m_vm->machineCodeBytesPerBytecodeWordForBaselineJIT->standardDeviation();
</ins><span class="cx">
</span><span class="cx"> // Be paranoid: silently reject bogus multipiers. Silently doing the "wrong" thing
</span><span class="cx"> // here is OK, since this whole method is just a heuristic.
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeCodeBlockh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/CodeBlock.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/CodeBlock.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/CodeBlock.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -293,6 +293,8 @@
</span><span class="cx"> {
</span><span class="cx"> return m_jitCodeMap.get();
</span><span class="cx"> }
</span><ins>+
+ static void clearLLIntGetByIdCache(Instruction*);
</ins><span class="cx">
</span><span class="cx"> unsigned bytecodeOffset(Instruction* returnAddress)
</span><span class="cx"> {
</span><span class="lines">@@ -1283,14 +1285,6 @@
</span><span class="cx"> };
</span><span class="cx"> #endif
</span><span class="cx">
</span><del>-inline void clearLLIntGetByIdCache(Instruction* instruction)
-{
- instruction[0].u.opcode = LLInt::getOpcode(op_get_by_id);
- instruction[4].u.pointer = nullptr;
- instruction[5].u.pointer = nullptr;
- instruction[6].u.pointer = nullptr;
-}
-
</del><span class="cx"> inline Register& ExecState::r(int index)
</span><span class="cx"> {
</span><span class="cx"> CodeBlock* codeBlock = this->codeBlock();
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeExecutionCounterh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/ExecutionCounter.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/ExecutionCounter.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/ExecutionCounter.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,7 +29,6 @@
</span><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx"> #include "Options.h"
</span><span class="cx"> #include <wtf/PrintStream.h>
</span><del>-#include <wtf/SimpleStats.h>
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeInstructionh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/Instruction.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/Instruction.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/Instruction.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -31,7 +31,6 @@
</span><span class="cx">
</span><span class="cx"> #include "BasicBlockLocation.h"
</span><span class="cx"> #include "MacroAssembler.h"
</span><del>-#include "Opcode.h"
</del><span class="cx"> #include "PutByIdFlags.h"
</span><span class="cx"> #include "SymbolTable.h"
</span><span class="cx"> #include "TypeLocation.h"
</span><span class="lines">@@ -52,6 +51,12 @@
</span><span class="cx"> struct LLIntCallLinkInfo;
</span><span class="cx"> struct ValueProfile;
</span><span class="cx">
</span><ins>+#if ENABLE(COMPUTED_GOTO_OPCODES)
+typedef void* Opcode;
+#else
+typedef OpcodeID Opcode;
+#endif
+
</ins><span class="cx"> struct Instruction {
</span><span class="cx"> Instruction()
</span><span class="cx"> {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeLLIntPrototypeLoadAdaptiveStructureWatchpointcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,7 +28,7 @@
</span><span class="cx">
</span><span class="cx"> #include "CodeBlock.h"
</span><span class="cx"> #include "Instruction.h"
</span><del>-#include "StructureInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="lines">@@ -59,7 +59,7 @@
</span><span class="cx">
</span><span class="cx"> StringFireDetail stringDetail(out.toCString().data());
</span><span class="cx">
</span><del>- clearLLIntGetByIdCache(m_getByIdInstruction);
</del><ins>+ CodeBlock::clearLLIntGetByIdCache(m_getByIdInstruction);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeObjectAllocationProfileh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/ObjectAllocationProfile.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/ObjectAllocationProfile.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/ObjectAllocationProfile.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -45,7 +45,7 @@
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><del>- bool isNull() { return !m_allocator; }
</del><ins>+ bool isNull() { return !m_structure; }
</ins><span class="cx">
</span><span class="cx"> void initialize(VM& vm, JSCell* owner, JSObject* prototype, unsigned inferredInlineCapacity)
</span><span class="cx"> {
</span><span class="lines">@@ -80,14 +80,15 @@
</span><span class="cx"> ASSERT(inlineCapacity <= JSFinalObject::maxInlineCapacity());
</span><span class="cx">
</span><span class="cx"> size_t allocationSize = JSFinalObject::allocationSize(inlineCapacity);
</span><del>- MarkedAllocator* allocator = &vm.heap.allocatorForObjectWithoutDestructor(allocationSize);
- ASSERT(allocator->cellSize());
-
</del><ins>+ MarkedAllocator* allocator = vm.heap.allocatorForObjectWithoutDestructor(allocationSize);
+
</ins><span class="cx"> // Take advantage of extra inline capacity available in the size class.
</span><del>- size_t slop = (allocator->cellSize() - allocationSize) / sizeof(WriteBarrier<Unknown>);
- inlineCapacity += slop;
- if (inlineCapacity > JSFinalObject::maxInlineCapacity())
- inlineCapacity = JSFinalObject::maxInlineCapacity();
</del><ins>+ if (allocator) {
+ size_t slop = (allocator->cellSize() - allocationSize) / sizeof(WriteBarrier<Unknown>);
+ inlineCapacity += slop;
+ if (inlineCapacity > JSFinalObject::maxInlineCapacity())
+ inlineCapacity = JSFinalObject::maxInlineCapacity();
+ }
</ins><span class="cx">
</span><span class="cx"> Structure* structure = vm.prototypeMap.emptyObjectStructureForPrototype(prototype, inlineCapacity);
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeOpcodeh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/Opcode.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/Opcode.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/Opcode.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -55,7 +55,7 @@
</span><span class="cx">
</span><span class="cx">
</span><span class="cx"> #define OPCODE_ID_ENUM(opcode, length) opcode,
</span><del>- typedef enum { FOR_EACH_OPCODE_ID(OPCODE_ID_ENUM) } OpcodeID;
</del><ins>+ enum OpcodeID : unsigned { FOR_EACH_OPCODE_ID(OPCODE_ID_ENUM) };
</ins><span class="cx"> #undef OPCODE_ID_ENUM
</span><span class="cx">
</span><span class="cx"> const int maxOpcodeLength = 9;
</span><span class="lines">@@ -75,10 +75,19 @@
</span><span class="cx"> const int opcodeLengths[numOpcodeIDs] = { FOR_EACH_OPCODE_ID(OPCODE_ID_LENGTH_MAP) };
</span><span class="cx"> #undef OPCODE_ID_LENGTH_MAP
</span><span class="cx">
</span><ins>+#if COMPILER(GCC)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wtype-limits"
+#endif
+
</ins><span class="cx"> #define VERIFY_OPCODE_ID(id, size) COMPILE_ASSERT(id <= numOpcodeIDs, ASSERT_THAT_JS_OPCODE_IDS_ARE_VALID);
</span><span class="cx"> FOR_EACH_OPCODE_ID(VERIFY_OPCODE_ID);
</span><span class="cx"> #undef VERIFY_OPCODE_ID
</span><span class="cx">
</span><ins>+#if COMPILER(GCC)
+#pragma GCC diagnostic pop
+#endif
+
</ins><span class="cx"> #if ENABLE(COMPUTED_GOTO_OPCODES)
</span><span class="cx"> typedef void* Opcode;
</span><span class="cx"> #else
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodePolymorphicAccesscpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1206,19 +1206,18 @@
</span><span class="cx"> size_t newSize = newStructure()->outOfLineCapacity() * sizeof(JSValue);
</span><span class="cx">
</span><span class="cx"> if (allocatingInline) {
</span><del>- CopiedAllocator* copiedAllocator = &vm.heap.storageAllocator();
-
- if (!reallocating) {
- jit.loadPtr(&copiedAllocator->m_currentRemaining, scratchGPR);
- slowPath.append(
- jit.branchSubPtr(
- CCallHelpers::Signed, CCallHelpers::TrustedImm32(newSize), scratchGPR));
- jit.storePtr(scratchGPR, &copiedAllocator->m_currentRemaining);
- jit.negPtr(scratchGPR);
- jit.addPtr(
- CCallHelpers::AbsoluteAddress(&copiedAllocator->m_currentPayloadEnd), scratchGPR);
- jit.addPtr(CCallHelpers::TrustedImm32(sizeof(JSValue)), scratchGPR);
- } else {
</del><ins>+ MarkedAllocator* allocator = vm.heap.allocatorForAuxiliaryData(newSize);
+
+ if (!allocator) {
+ // Yuck, this case would suck!
+ slowPath.append(jit.jump());
+ }
+
+ jit.move(CCallHelpers::TrustedImmPtr(allocator), scratchGPR2);
+ jit.emitAllocate(scratchGPR, allocator, scratchGPR2, scratchGPR3, slowPath);
+ jit.addPtr(CCallHelpers::TrustedImm32(newSize + sizeof(IndexingHeader)), scratchGPR);
+
+ if (reallocating) {
</ins><span class="cx"> // Handle the case where we are reallocating (i.e. the old structure/butterfly
</span><span class="cx"> // already had out-of-line property storage).
</span><span class="cx"> size_t oldSize = structure()->outOfLineCapacity() * sizeof(JSValue);
</span><span class="lines">@@ -1225,15 +1224,7 @@
</span><span class="cx"> ASSERT(newSize > oldSize);
</span><span class="cx">
</span><span class="cx"> jit.loadPtr(CCallHelpers::Address(baseGPR, JSObject::butterflyOffset()), scratchGPR3);
</span><del>- jit.loadPtr(&copiedAllocator->m_currentRemaining, scratchGPR);
- slowPath.append(
- jit.branchSubPtr(
- CCallHelpers::Signed, CCallHelpers::TrustedImm32(newSize), scratchGPR));
- jit.storePtr(scratchGPR, &copiedAllocator->m_currentRemaining);
- jit.negPtr(scratchGPR);
- jit.addPtr(
- CCallHelpers::AbsoluteAddress(&copiedAllocator->m_currentPayloadEnd), scratchGPR);
- jit.addPtr(CCallHelpers::TrustedImm32(sizeof(JSValue)), scratchGPR);
</del><ins>+
</ins><span class="cx"> // We have scratchGPR = new storage, scratchGPR3 = old storage,
</span><span class="cx"> // scratchGPR2 = available
</span><span class="cx"> for (size_t offset = 0; offset < oldSize; offset += sizeof(void*)) {
</span><span class="lines">@@ -1659,6 +1650,7 @@
</span><span class="cx"> // Cascade through the list, preferring newer entries.
</span><span class="cx"> for (unsigned i = cases.size(); i--;) {
</span><span class="cx"> fallThrough.link(&jit);
</span><ins>+ fallThrough.clear();
</ins><span class="cx"> cases[i]->generateWithGuard(state, fallThrough);
</span><span class="cx"> }
</span><span class="cx"> state.failAndRepatch.append(fallThrough);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodePolymorphicAccessh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/PolymorphicAccess.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/PolymorphicAccess.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/PolymorphicAccess.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,10 +29,10 @@
</span><span class="cx"> #if ENABLE(JIT)
</span><span class="cx">
</span><span class="cx"> #include "CodeOrigin.h"
</span><ins>+#include "JITStubRoutine.h"
</ins><span class="cx"> #include "JSFunctionInlines.h"
</span><span class="cx"> #include "MacroAssembler.h"
</span><span class="cx"> #include "ObjectPropertyConditionSet.h"
</span><del>-#include "Opcode.h"
</del><span class="cx"> #include "ScratchRegisterAllocator.h"
</span><span class="cx"> #include "Structure.h"
</span><span class="cx"> #include <wtf/Vector.h>
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeStructureStubInfocpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/StructureStubInfo.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/StructureStubInfo.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/StructureStubInfo.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -27,6 +27,7 @@
</span><span class="cx"> #include "StructureStubInfo.h"
</span><span class="cx">
</span><span class="cx"> #include "JSObject.h"
</span><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "PolymorphicAccess.h"
</span><span class="cx"> #include "Repatch.h"
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeStructureStubInfoh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/StructureStubInfo.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/StructureStubInfo.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/StructureStubInfo.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -31,7 +31,6 @@
</span><span class="cx"> #include "JITStubRoutine.h"
</span><span class="cx"> #include "MacroAssembler.h"
</span><span class="cx"> #include "ObjectPropertyConditionSet.h"
</span><del>-#include "Opcode.h"
</del><span class="cx"> #include "Options.h"
</span><span class="cx"> #include "RegisterSet.h"
</span><span class="cx"> #include "Structure.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeSuperSamplercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/SuperSampler.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/SuperSampler.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/SuperSampler.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -30,6 +30,7 @@
</span><span class="cx"> #include "Options.h"
</span><span class="cx"> #include <wtf/CurrentTime.h>
</span><span class="cx"> #include <wtf/DataLog.h>
</span><ins>+#include <wtf/Lock.h>
</ins><span class="cx"> #include <wtf/Threading.h>
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="lines">@@ -36,6 +37,7 @@
</span><span class="cx">
</span><span class="cx"> volatile uint32_t g_superSamplerCount;
</span><span class="cx">
</span><ins>+static StaticLock lock;
</ins><span class="cx"> static double in;
</span><span class="cx"> static double out;
</span><span class="cx">
</span><span class="lines">@@ -51,10 +53,13 @@
</span><span class="cx"> const int printingPeriod = 1000;
</span><span class="cx"> for (;;) {
</span><span class="cx"> for (int ms = 0; ms < printingPeriod; ms += sleepQuantum) {
</span><del>- if (g_superSamplerCount)
- in++;
- else
- out++;
</del><ins>+ {
+ LockHolder locker(lock);
+ if (g_superSamplerCount)
+ in++;
+ else
+ out++;
+ }
</ins><span class="cx"> sleepMS(sleepQuantum);
</span><span class="cx"> }
</span><span class="cx"> printSuperSamplerState();
</span><span class="lines">@@ -64,11 +69,19 @@
</span><span class="cx"> });
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void resetSuperSamplerState()
+{
+ LockHolder locker(lock);
+ in = 0;
+ out = 0;
+}
+
</ins><span class="cx"> void printSuperSamplerState()
</span><span class="cx"> {
</span><span class="cx"> if (!Options::useSuperSampler())
</span><span class="cx"> return;
</span><span class="cx">
</span><ins>+ LockHolder locker(lock);
</ins><span class="cx"> double percentage = 100.0 * in / (in + out);
</span><span class="cx"> if (percentage != percentage)
</span><span class="cx"> percentage = 0.0;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeSuperSamplerh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/SuperSampler.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/SuperSampler.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/SuperSampler.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -53,6 +53,7 @@
</span><span class="cx"> bool m_doSample;
</span><span class="cx"> };
</span><span class="cx">
</span><ins>+JS_EXPORT_PRIVATE void resetSuperSamplerState();
</ins><span class="cx"> JS_EXPORT_PRIVATE void printSuperSamplerState();
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeUnlinkedCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -90,11 +90,6 @@
</span><span class="cx"> ASSERT(m_constructorKind == static_cast<unsigned>(info.constructorKind()));
</span><span class="cx"> }
</span><span class="cx">
</span><del>-VM* UnlinkedCodeBlock::vm() const
-{
- return MarkedBlock::blockFor(this)->vm();
-}
-
</del><span class="cx"> void UnlinkedCodeBlock::visitChildren(JSCell* cell, SlotVisitor& visitor)
</span><span class="cx"> {
</span><span class="cx"> UnlinkedCodeBlock* thisObject = jsCast<UnlinkedCodeBlock*>(cell);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeUnlinkedCodeBlockh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -284,8 +284,6 @@
</span><span class="cx"> void addExceptionHandler(const UnlinkedHandlerInfo& handler) { createRareDataIfNecessary(); return m_rareData->m_exceptionHandlers.append(handler); }
</span><span class="cx"> UnlinkedHandlerInfo& exceptionHandler(int index) { ASSERT(m_rareData); return m_rareData->m_exceptionHandlers[index]; }
</span><span class="cx">
</span><del>- VM* vm() const;
-
</del><span class="cx"> UnlinkedArrayProfile addArrayProfile() { return m_arrayProfileCount++; }
</span><span class="cx"> unsigned numberOfArrayProfiles() { return m_arrayProfileCount; }
</span><span class="cx"> UnlinkedArrayAllocationProfile addArrayAllocationProfile() { return m_arrayAllocationProfileCount++; }
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeUnlinkedInstructionStreamcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/UnlinkedInstructionStream.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/UnlinkedInstructionStream.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/UnlinkedInstructionStream.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,6 +26,8 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "UnlinkedInstructionStream.h"
</span><span class="cx">
</span><ins>+#include "Opcode.h"
+
</ins><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="cx"> static void append8(unsigned char*& ptr, unsigned char value)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeUnlinkedInstructionStreamh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/UnlinkedInstructionStream.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/UnlinkedInstructionStream.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/UnlinkedInstructionStream.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -27,6 +27,7 @@
</span><span class="cx"> #ifndef UnlinkedInstructionStream_h
</span><span class="cx"> #define UnlinkedInstructionStream_h
</span><span class="cx">
</span><ins>+#include "Opcode.h"
</ins><span class="cx"> #include "UnlinkedCodeBlock.h"
</span><span class="cx"> #include <wtf/RefCountedArray.h>
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoredfgDFGCallArrayAllocatorSlowPathGeneratorh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGCallArrayAllocatorSlowPathGenerator.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGCallArrayAllocatorSlowPathGenerator.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGCallArrayAllocatorSlowPathGenerator.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -38,7 +38,7 @@
</span><span class="cx"> class CallArrayAllocatorSlowPathGenerator : public JumpingSlowPathGenerator<MacroAssembler::JumpList> {
</span><span class="cx"> public:
</span><span class="cx"> CallArrayAllocatorSlowPathGenerator(
</span><del>- MacroAssembler::JumpList from, SpeculativeJIT* jit, P_JITOperation_EStZ function,
</del><ins>+ MacroAssembler::JumpList from, SpeculativeJIT* jit, P_JITOperation_EStZB function,
</ins><span class="cx"> GPRReg resultGPR, GPRReg storageGPR, Structure* structure, size_t size)
</span><span class="cx"> : JumpingSlowPathGenerator<MacroAssembler::JumpList>(from, jit)
</span><span class="cx"> , m_function(function)
</span><span class="lines">@@ -57,7 +57,7 @@
</span><span class="cx"> linkFrom(jit);
</span><span class="cx"> for (unsigned i = 0; i < m_plans.size(); ++i)
</span><span class="cx"> jit->silentSpill(m_plans[i]);
</span><del>- jit->callOperation(m_function, m_resultGPR, m_structure, m_size);
</del><ins>+ jit->callOperation(m_function, m_resultGPR, m_structure, m_size, m_storageGPR);
</ins><span class="cx"> GPRReg canTrample = SpeculativeJIT::pickCanTrample(m_resultGPR);
</span><span class="cx"> for (unsigned i = m_plans.size(); i--;)
</span><span class="cx"> jit->silentFill(m_plans[i], canTrample);
</span><span class="lines">@@ -67,7 +67,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> private:
</span><del>- P_JITOperation_EStZ m_function;
</del><ins>+ P_JITOperation_EStZB m_function;
</ins><span class="cx"> GPRReg m_resultGPR;
</span><span class="cx"> GPRReg m_storageGPR;
</span><span class="cx"> Structure* m_structure;
</span><span class="lines">@@ -78,8 +78,8 @@
</span><span class="cx"> class CallArrayAllocatorWithVariableSizeSlowPathGenerator : public JumpingSlowPathGenerator<MacroAssembler::JumpList> {
</span><span class="cx"> public:
</span><span class="cx"> CallArrayAllocatorWithVariableSizeSlowPathGenerator(
</span><del>- MacroAssembler::JumpList from, SpeculativeJIT* jit, P_JITOperation_EStZ function,
- GPRReg resultGPR, Structure* contiguousStructure, Structure* arrayStorageStructure, GPRReg sizeGPR)
</del><ins>+ MacroAssembler::JumpList from, SpeculativeJIT* jit, P_JITOperation_EStZB function,
+ GPRReg resultGPR, Structure* contiguousStructure, Structure* arrayStorageStructure, GPRReg sizeGPR, GPRReg storageGPR)
</ins><span class="cx"> : JumpingSlowPathGenerator<MacroAssembler::JumpList>(from, jit)
</span><span class="cx"> , m_function(function)
</span><span class="cx"> , m_resultGPR(resultGPR)
</span><span class="lines">@@ -86,6 +86,7 @@
</span><span class="cx"> , m_contiguousStructure(contiguousStructure)
</span><span class="cx"> , m_arrayStorageOrContiguousStructure(arrayStorageStructure)
</span><span class="cx"> , m_sizeGPR(sizeGPR)
</span><ins>+ , m_storageGPR(storageGPR)
</ins><span class="cx"> {
</span><span class="cx"> jit->silentSpillAllRegistersImpl(false, m_plans, resultGPR);
</span><span class="cx"> }
</span><span class="lines">@@ -96,7 +97,7 @@
</span><span class="cx"> linkFrom(jit);
</span><span class="cx"> for (unsigned i = 0; i < m_plans.size(); ++i)
</span><span class="cx"> jit->silentSpill(m_plans[i]);
</span><del>- GPRReg scratchGPR = AssemblyHelpers::selectScratchGPR(m_sizeGPR);
</del><ins>+ GPRReg scratchGPR = AssemblyHelpers::selectScratchGPR(m_sizeGPR, m_storageGPR);
</ins><span class="cx"> if (m_contiguousStructure != m_arrayStorageOrContiguousStructure) {
</span><span class="cx"> MacroAssembler::Jump bigLength = jit->m_jit.branch32(MacroAssembler::AboveOrEqual, m_sizeGPR, MacroAssembler::TrustedImm32(MIN_ARRAY_STORAGE_CONSTRUCTION_LENGTH));
</span><span class="cx"> jit->m_jit.move(MacroAssembler::TrustedImmPtr(m_contiguousStructure), scratchGPR);
</span><span class="lines">@@ -106,7 +107,7 @@
</span><span class="cx"> done.link(&jit->m_jit);
</span><span class="cx"> } else
</span><span class="cx"> jit->m_jit.move(MacroAssembler::TrustedImmPtr(m_contiguousStructure), scratchGPR);
</span><del>- jit->callOperation(m_function, m_resultGPR, scratchGPR, m_sizeGPR);
</del><ins>+ jit->callOperation(m_function, m_resultGPR, scratchGPR, m_sizeGPR, m_storageGPR);
</ins><span class="cx"> GPRReg canTrample = SpeculativeJIT::pickCanTrample(m_resultGPR);
</span><span class="cx"> for (unsigned i = m_plans.size(); i--;)
</span><span class="cx"> jit->silentFill(m_plans[i], canTrample);
</span><span class="lines">@@ -115,11 +116,12 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> private:
</span><del>- P_JITOperation_EStZ m_function;
</del><ins>+ P_JITOperation_EStZB m_function;
</ins><span class="cx"> GPRReg m_resultGPR;
</span><span class="cx"> Structure* m_contiguousStructure;
</span><span class="cx"> Structure* m_arrayStorageOrContiguousStructure;
</span><span class="cx"> GPRReg m_sizeGPR;
</span><ins>+ GPRReg m_storageGPR;
</ins><span class="cx"> Vector<SilentRegisterSavePlan, 2> m_plans;
</span><span class="cx"> };
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoredfgDFGOperationscpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGOperations.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGOperations.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGOperations.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -933,17 +933,20 @@
</span><span class="cx"> return bitwise_cast<char*>(JSArray::create(*vm, arrayStructure));
</span><span class="cx"> }
</span><span class="cx">
</span><del>-char* JIT_OPERATION operationNewArrayWithSize(ExecState* exec, Structure* arrayStructure, int32_t size)
</del><ins>+char* JIT_OPERATION operationNewArrayWithSize(ExecState* exec, Structure* arrayStructure, int32_t size, Butterfly* butterfly)
</ins><span class="cx"> {
</span><del>- VM* vm = &exec->vm();
- NativeCallFrameTracer tracer(vm, exec);
- auto scope = DECLARE_THROW_SCOPE(*vm);
</del><ins>+ VM& vm = exec->vm();
+ NativeCallFrameTracer tracer(&vm, exec);
+ auto scope = DECLARE_THROW_SCOPE(vm);
</ins><span class="cx">
</span><span class="cx"> if (UNLIKELY(size < 0))
</span><span class="cx"> return bitwise_cast<char*>(throwException(exec, scope, createRangeError(exec, ASCIILiteral("Array size is not a small enough positive integer."))));
</span><span class="cx">
</span><del>- JSArray* result = JSArray::create(*vm, arrayStructure, size);
- result->butterfly(); // Ensure that the backing store is in to-space.
</del><ins>+ JSArray* result;
+ if (butterfly)
+ result = JSArray::createWithButterfly(vm, arrayStructure, butterfly);
+ else
+ result = JSArray::create(vm, arrayStructure, size);
</ins><span class="cx"> return bitwise_cast<char*>(result);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1629,13 +1632,13 @@
</span><span class="cx"> return 0;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-char* JIT_OPERATION operationNewRawObject(ExecState* exec, Structure* structure, int32_t length)
</del><ins>+char* JIT_OPERATION operationNewRawObject(ExecState* exec, Structure* structure, int32_t length, Butterfly* butterfly)
</ins><span class="cx"> {
</span><span class="cx"> VM& vm = exec->vm();
</span><span class="cx"> NativeCallFrameTracer tracer(&vm, exec);
</span><span class="cx">
</span><del>- Butterfly* butterfly;
- if (structure->outOfLineCapacity() || hasIndexedProperties(structure->indexingType())) {
</del><ins>+ if (!butterfly
+ && (structure->outOfLineCapacity() || hasIndexedProperties(structure->indexingType()))) {
</ins><span class="cx"> IndexingHeader header;
</span><span class="cx"> header.setVectorLength(length);
</span><span class="cx"> header.setPublicLength(0);
</span><span class="lines">@@ -1644,8 +1647,7 @@
</span><span class="cx"> vm, nullptr, 0, structure->outOfLineCapacity(),
</span><span class="cx"> hasIndexedProperties(structure->indexingType()), header,
</span><span class="cx"> length * sizeof(EncodedJSValue));
</span><del>- } else
- butterfly = nullptr;
</del><ins>+ }
</ins><span class="cx">
</span><span class="cx"> JSObject* result = JSObject::createRawObject(exec, structure, butterfly);
</span><span class="cx"> result->butterfly(); // Ensure that the butterfly is in to-space.
</span><span class="lines">@@ -1652,13 +1654,15 @@
</span><span class="cx"> return bitwise_cast<char*>(result);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-JSCell* JIT_OPERATION operationNewObjectWithButterfly(ExecState* exec, Structure* structure)
</del><ins>+JSCell* JIT_OPERATION operationNewObjectWithButterfly(ExecState* exec, Structure* structure, Butterfly* butterfly)
</ins><span class="cx"> {
</span><span class="cx"> VM& vm = exec->vm();
</span><span class="cx"> NativeCallFrameTracer tracer(&vm, exec);
</span><span class="cx">
</span><del>- Butterfly* butterfly = Butterfly::create(
- vm, nullptr, 0, structure->outOfLineCapacity(), false, IndexingHeader(), 0);
</del><ins>+ if (!butterfly) {
+ butterfly = Butterfly::create(
+ vm, nullptr, 0, structure->outOfLineCapacity(), false, IndexingHeader(), 0);
+ }
</ins><span class="cx">
</span><span class="cx"> JSObject* result = JSObject::createRawObject(exec, structure, butterfly);
</span><span class="cx"> result->butterfly(); // Ensure that the butterfly is in to-space.
</span><span class="lines">@@ -1665,7 +1669,7 @@
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-JSCell* JIT_OPERATION operationNewObjectWithButterflyWithIndexingHeaderAndVectorLength(ExecState* exec, Structure* structure, unsigned length)
</del><ins>+JSCell* JIT_OPERATION operationNewObjectWithButterflyWithIndexingHeaderAndVectorLength(ExecState* exec, Structure* structure, unsigned length, Butterfly* butterfly)
</ins><span class="cx"> {
</span><span class="cx"> VM& vm = exec->vm();
</span><span class="cx"> NativeCallFrameTracer tracer(&vm, exec);
</span><span class="lines">@@ -1673,10 +1677,14 @@
</span><span class="cx"> IndexingHeader header;
</span><span class="cx"> header.setVectorLength(length);
</span><span class="cx"> header.setPublicLength(0);
</span><del>- Butterfly* butterfly = Butterfly::create(
- vm, nullptr, 0, structure->outOfLineCapacity(), true, header,
- sizeof(EncodedJSValue) * length);
-
</del><ins>+ if (butterfly)
+ *butterfly->indexingHeader() = header;
+ else {
+ butterfly = Butterfly::create(
+ vm, nullptr, 0, structure->outOfLineCapacity(), true, header,
+ sizeof(EncodedJSValue) * length);
+ }
+
</ins><span class="cx"> // Paradoxically this may allocate a JSArray. That's totally cool.
</span><span class="cx"> JSObject* result = JSObject::createRawObject(exec, structure, butterfly);
</span><span class="cx"> result->butterfly(); // Ensure that the butterfly is in to-space.
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoredfgDFGOperationsh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGOperations.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGOperations.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGOperations.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -70,7 +70,7 @@
</span><span class="cx"> char* JIT_OPERATION operationNewArray(ExecState*, Structure*, void*, size_t) WTF_INTERNAL;
</span><span class="cx"> char* JIT_OPERATION operationNewArrayBuffer(ExecState*, Structure*, size_t, size_t) WTF_INTERNAL;
</span><span class="cx"> char* JIT_OPERATION operationNewEmptyArray(ExecState*, Structure*) WTF_INTERNAL;
</span><del>-char* JIT_OPERATION operationNewArrayWithSize(ExecState*, Structure*, int32_t) WTF_INTERNAL;
</del><ins>+char* JIT_OPERATION operationNewArrayWithSize(ExecState*, Structure*, int32_t, Butterfly*) WTF_INTERNAL;
</ins><span class="cx"> char* JIT_OPERATION operationNewInt8ArrayWithSize(ExecState*, Structure*, int32_t) WTF_INTERNAL;
</span><span class="cx"> char* JIT_OPERATION operationNewInt8ArrayWithOneArgument(ExecState*, Structure*, EncodedJSValue) WTF_INTERNAL;
</span><span class="cx"> char* JIT_OPERATION operationNewInt16ArrayWithSize(ExecState*, Structure*, int32_t) WTF_INTERNAL;
</span><span class="lines">@@ -176,9 +176,9 @@
</span><span class="cx">
</span><span class="cx"> size_t JIT_OPERATION operationDefaultHasInstance(ExecState*, JSCell* value, JSCell* proto);
</span><span class="cx">
</span><del>-char* JIT_OPERATION operationNewRawObject(ExecState*, Structure*, int32_t) WTF_INTERNAL;
-JSCell* JIT_OPERATION operationNewObjectWithButterfly(ExecState*, Structure*) WTF_INTERNAL;
-JSCell* JIT_OPERATION operationNewObjectWithButterflyWithIndexingHeaderAndVectorLength(ExecState*, Structure*, unsigned length) WTF_INTERNAL;
</del><ins>+char* JIT_OPERATION operationNewRawObject(ExecState*, Structure*, int32_t, Butterfly*) WTF_INTERNAL;
+JSCell* JIT_OPERATION operationNewObjectWithButterfly(ExecState*, Structure*, Butterfly*) WTF_INTERNAL;
+JSCell* JIT_OPERATION operationNewObjectWithButterflyWithIndexingHeaderAndVectorLength(ExecState*, Structure*, unsigned length, Butterfly*) WTF_INTERNAL;
</ins><span class="cx">
</span><span class="cx"> void JIT_OPERATION operationProcessTypeProfilerLogDFG(ExecState*) WTF_INTERNAL;
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoredfgDFGSpeculativeJITcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -94,7 +94,7 @@
</span><span class="cx"> GPRReg scratch2GPR = scratch2.gpr();
</span><span class="cx">
</span><span class="cx"> ASSERT(vectorLength >= numElements);
</span><del>- vectorLength = std::max(BASE_VECTOR_LEN, vectorLength);
</del><ins>+ vectorLength = Butterfly::optimalContiguousVectorLength(structure, vectorLength);
</ins><span class="cx">
</span><span class="cx"> JITCompiler::JumpList slowCases;
</span><span class="cx">
</span><span class="lines">@@ -103,24 +103,31 @@
</span><span class="cx"> size += vectorLength * sizeof(JSValue) + sizeof(IndexingHeader);
</span><span class="cx"> size += outOfLineCapacity * sizeof(JSValue);
</span><span class="cx">
</span><ins>+ m_jit.move(TrustedImmPtr(0), storageGPR);
+
</ins><span class="cx"> if (size) {
</span><del>- slowCases.append(
- emitAllocateBasicStorage(TrustedImm32(size), storageGPR));
- if (hasIndexingHeader)
- m_jit.subPtr(TrustedImm32(vectorLength * sizeof(JSValue)), storageGPR);
- else
- m_jit.addPtr(TrustedImm32(sizeof(IndexingHeader)), storageGPR);
- } else
- m_jit.move(TrustedImmPtr(0), storageGPR);
</del><ins>+ if (MarkedAllocator* allocator = m_jit.vm()->heap.allocatorForAuxiliaryData(size)) {
+ m_jit.move(TrustedImmPtr(allocator), scratchGPR);
+ m_jit.emitAllocate(storageGPR, allocator, scratchGPR, scratch2GPR, slowCases);
+
+ m_jit.addPtr(
+ TrustedImm32(outOfLineCapacity * sizeof(JSValue) + sizeof(IndexingHeader)),
+ storageGPR);
+
+ if (hasIndexingHeader)
+ m_jit.store32(TrustedImm32(vectorLength), MacroAssembler::Address(storageGPR, Butterfly::offsetOfVectorLength()));
+ } else
+ slowCases.append(m_jit.jump());
+ }
</ins><span class="cx">
</span><span class="cx"> size_t allocationSize = JSFinalObject::allocationSize(inlineCapacity);
</span><del>- MarkedAllocator* allocatorPtr = &m_jit.vm()->heap.allocatorForObjectWithoutDestructor(allocationSize);
- m_jit.move(TrustedImmPtr(allocatorPtr), scratchGPR);
- emitAllocateJSObject(resultGPR, scratchGPR, TrustedImmPtr(structure), storageGPR, scratch2GPR, slowCases);
</del><ins>+ MarkedAllocator* allocatorPtr = m_jit.vm()->heap.allocatorForObjectWithoutDestructor(allocationSize);
+ if (allocatorPtr) {
+ m_jit.move(TrustedImmPtr(allocatorPtr), scratchGPR);
+ emitAllocateJSObject(resultGPR, allocatorPtr, scratchGPR, TrustedImmPtr(structure), storageGPR, scratch2GPR, slowCases);
+ } else
+ slowCases.append(m_jit.jump());
</ins><span class="cx">
</span><del>- if (hasIndexingHeader)
- m_jit.store32(TrustedImm32(vectorLength), MacroAssembler::Address(storageGPR, Butterfly::offsetOfVectorLength()));
-
</del><span class="cx"> // I want a slow path that also loads out the storage pointer, and that's
</span><span class="cx"> // what this custom CallArrayAllocatorSlowPathGenerator gives me. It's a lot
</span><span class="cx"> // of work for a very small piece of functionality. :-/
</span><span class="lines">@@ -128,14 +135,20 @@
</span><span class="cx"> slowCases, this, operationNewRawObject, resultGPR, storageGPR,
</span><span class="cx"> structure, vectorLength));
</span><span class="cx">
</span><del>- if (hasDouble(structure->indexingType()) && numElements < vectorLength) {
</del><ins>+ if (numElements < vectorLength) {
</ins><span class="cx"> #if USE(JSVALUE64)
</span><del>- m_jit.move(TrustedImm64(bitwise_cast<int64_t>(PNaN)), scratchGPR);
</del><ins>+ if (hasDouble(structure->indexingType()))
+ m_jit.move(TrustedImm64(bitwise_cast<int64_t>(PNaN)), scratchGPR);
+ else
+ m_jit.move(TrustedImm64(JSValue::encode(JSValue())), scratchGPR);
</ins><span class="cx"> for (unsigned i = numElements; i < vectorLength; ++i)
</span><span class="cx"> m_jit.store64(scratchGPR, MacroAssembler::Address(storageGPR, sizeof(double) * i));
</span><span class="cx"> #else
</span><span class="cx"> EncodedValueDescriptor value;
</span><del>- value.asInt64 = JSValue::encode(JSValue(JSValue::EncodeAsDouble, PNaN));
</del><ins>+ if (hasDouble(structure->indexingType()))
+ value.asInt64 = JSValue::encode(JSValue(JSValue::EncodeAsDouble, PNaN));
+ else
+ value.asInt64 = JSValue::encode(JSValue());
</ins><span class="cx"> for (unsigned i = numElements; i < vectorLength; ++i) {
</span><span class="cx"> m_jit.store32(TrustedImm32(value.asBits.tag), MacroAssembler::Address(storageGPR, sizeof(double) * i + OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
</span><span class="cx"> m_jit.store32(TrustedImm32(value.asBits.payload), MacroAssembler::Address(storageGPR, sizeof(double) * i + OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
</span><span class="lines">@@ -3823,9 +3836,10 @@
</span><span class="cx"> GPRReg scratchGPR = scratch.gpr();
</span><span class="cx">
</span><span class="cx"> JITCompiler::JumpList slowPath;
</span><del>- MarkedAllocator& markedAllocator = m_jit.vm()->heap.allocatorForObjectWithDestructor(sizeof(JSRopeString));
- m_jit.move(TrustedImmPtr(&markedAllocator), allocatorGPR);
- emitAllocateJSCell(resultGPR, allocatorGPR, TrustedImmPtr(m_jit.vm()->stringStructure.get()), scratchGPR, slowPath);
</del><ins>+ MarkedAllocator* markedAllocator = m_jit.vm()->heap.allocatorForObjectWithDestructor(sizeof(JSRopeString));
+ RELEASE_ASSERT(markedAllocator);
+ m_jit.move(TrustedImmPtr(markedAllocator), allocatorGPR);
+ emitAllocateJSCell(resultGPR, markedAllocator, allocatorGPR, TrustedImmPtr(m_jit.vm()->stringStructure.get()), scratchGPR, slowPath);
</ins><span class="cx">
</span><span class="cx"> m_jit.storePtr(TrustedImmPtr(0), JITCompiler::Address(resultGPR, JSString::offsetOfValue()));
</span><span class="cx"> for (unsigned i = 0; i < numOpGPRs; ++i)
</span><span class="lines">@@ -6908,7 +6922,14 @@
</span><span class="cx">
</span><span class="cx"> void SpeculativeJIT::compileAllocatePropertyStorage(Node* node)
</span><span class="cx"> {
</span><del>- if (node->transition()->previous->couldHaveIndexingHeader()) {
</del><ins>+ ASSERT(!node->transition()->previous->outOfLineCapacity());
+ ASSERT(initialOutOfLineCapacity == node->transition()->next->outOfLineCapacity());
+
+ size_t size = initialOutOfLineCapacity * sizeof(JSValue);
+
+ MarkedAllocator* allocator = m_jit.vm()->heap.allocatorForAuxiliaryData(size);
+
+ if (!allocator || node->transition()->previous->couldHaveIndexingHeader()) {
</ins><span class="cx"> SpeculateCellOperand base(this, node->child1());
</span><span class="cx">
</span><span class="cx"> GPRReg baseGPR = base.gpr();
</span><span class="lines">@@ -6925,18 +6946,18 @@
</span><span class="cx">
</span><span class="cx"> SpeculateCellOperand base(this, node->child1());
</span><span class="cx"> GPRTemporary scratch1(this);
</span><ins>+ GPRTemporary scratch2(this);
+ GPRTemporary scratch3(this);
</ins><span class="cx">
</span><span class="cx"> GPRReg baseGPR = base.gpr();
</span><span class="cx"> GPRReg scratchGPR1 = scratch1.gpr();
</span><ins>+ GPRReg scratchGPR2 = scratch2.gpr();
+ GPRReg scratchGPR3 = scratch3.gpr();
</ins><span class="cx">
</span><del>- ASSERT(!node->transition()->previous->outOfLineCapacity());
- ASSERT(initialOutOfLineCapacity == node->transition()->next->outOfLineCapacity());
-
- JITCompiler::Jump slowPath =
- emitAllocateBasicStorage(
- TrustedImm32(initialOutOfLineCapacity * sizeof(JSValue)), scratchGPR1);
-
- m_jit.addPtr(JITCompiler::TrustedImm32(sizeof(IndexingHeader)), scratchGPR1);
</del><ins>+ m_jit.move(JITCompiler::TrustedImmPtr(allocator), scratchGPR2);
+ JITCompiler::JumpList slowPath;
+ m_jit.emitAllocate(scratchGPR1, allocator, scratchGPR2, scratchGPR3, slowPath);
+ m_jit.addPtr(JITCompiler::TrustedImm32(size + sizeof(IndexingHeader)), scratchGPR1);
</ins><span class="cx">
</span><span class="cx"> addSlowPathGenerator(
</span><span class="cx"> slowPathCall(slowPath, this, operationAllocatePropertyStorageWithInitialCapacity, scratchGPR1));
</span><span class="lines">@@ -6951,8 +6972,10 @@
</span><span class="cx"> size_t oldSize = node->transition()->previous->outOfLineCapacity() * sizeof(JSValue);
</span><span class="cx"> size_t newSize = oldSize * outOfLineGrowthFactor;
</span><span class="cx"> ASSERT(newSize == node->transition()->next->outOfLineCapacity() * sizeof(JSValue));
</span><ins>+
+ MarkedAllocator* allocator = m_jit.vm()->heap.allocatorForAuxiliaryData(newSize);
</ins><span class="cx">
</span><del>- if (node->transition()->previous->couldHaveIndexingHeader()) {
</del><ins>+ if (!allocator || node->transition()->previous->couldHaveIndexingHeader()) {
</ins><span class="cx"> SpeculateCellOperand base(this, node->child1());
</span><span class="cx">
</span><span class="cx"> GPRReg baseGPR = base.gpr();
</span><span class="lines">@@ -6971,17 +6994,20 @@
</span><span class="cx"> StorageOperand oldStorage(this, node->child2());
</span><span class="cx"> GPRTemporary scratch1(this);
</span><span class="cx"> GPRTemporary scratch2(this);
</span><ins>+ GPRTemporary scratch3(this);
</ins><span class="cx">
</span><span class="cx"> GPRReg baseGPR = base.gpr();
</span><span class="cx"> GPRReg oldStorageGPR = oldStorage.gpr();
</span><span class="cx"> GPRReg scratchGPR1 = scratch1.gpr();
</span><span class="cx"> GPRReg scratchGPR2 = scratch2.gpr();
</span><ins>+ GPRReg scratchGPR3 = scratch3.gpr();
+
+ JITCompiler::JumpList slowPath;
+ m_jit.move(JITCompiler::TrustedImmPtr(allocator), scratchGPR2);
+ m_jit.emitAllocate(scratchGPR1, allocator, scratchGPR2, scratchGPR3, slowPath);
+
+ m_jit.addPtr(JITCompiler::TrustedImm32(newSize + sizeof(IndexingHeader)), scratchGPR1);
</ins><span class="cx">
</span><del>- JITCompiler::Jump slowPath =
- emitAllocateBasicStorage(TrustedImm32(newSize), scratchGPR1);
-
- m_jit.addPtr(JITCompiler::TrustedImm32(sizeof(IndexingHeader)), scratchGPR1);
-
</del><span class="cx"> addSlowPathGenerator(
</span><span class="cx"> slowPathCall(slowPath, this, operationAllocatePropertyStorage, scratchGPR1, newSize / sizeof(JSValue)));
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoredfgDFGSpeculativeJITh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1003,6 +1003,26 @@
</span><span class="cx"> m_jit.setupArgumentsWithExecState(arg1, arg2);
</span><span class="cx"> return appendCallSetResult(operation, result);
</span><span class="cx"> }
</span><ins>+ JITCompiler::Call callOperation(P_JITOperation_EStZB operation, GPRReg result, Structure* structure, GPRReg arg2, GPRReg butterfly)
+ {
+ m_jit.setupArgumentsWithExecState(TrustedImmPtr(structure), arg2, butterfly);
+ return appendCallSetResult(operation, result);
+ }
+ JITCompiler::Call callOperation(P_JITOperation_EStZB operation, GPRReg result, Structure* structure, size_t arg2, GPRReg butterfly)
+ {
+ m_jit.setupArgumentsWithExecState(TrustedImmPtr(structure), TrustedImm32(arg2), butterfly);
+ return appendCallSetResult(operation, result);
+ }
+ JITCompiler::Call callOperation(P_JITOperation_EStZB operation, GPRReg result, GPRReg arg1, GPRReg arg2, GPRReg butterfly)
+ {
+ m_jit.setupArgumentsWithExecState(arg1, arg2, butterfly);
+ return appendCallSetResult(operation, result);
+ }
+ JITCompiler::Call callOperation(P_JITOperation_EStZB operation, GPRReg result, GPRReg arg1, GPRReg arg2, Butterfly* butterfly)
+ {
+ m_jit.setupArgumentsWithExecState(arg1, arg2, TrustedImmPtr(butterfly));
+ return appendCallSetResult(operation, result);
+ }
</ins><span class="cx"> JITCompiler::Call callOperation(P_JITOperation_EStPS operation, GPRReg result, Structure* structure, void* pointer, size_t size)
</span><span class="cx"> {
</span><span class="cx"> m_jit.setupArgumentsWithExecState(TrustedImmPtr(structure), TrustedImmPtr(pointer), TrustedImmPtr(size));
</span><span class="lines">@@ -2557,18 +2577,21 @@
</span><span class="cx">
</span><span class="cx"> // Allocator for a cell of a specific size.
</span><span class="cx"> template <typename StructureType> // StructureType can be GPR or ImmPtr.
</span><del>- void emitAllocateJSCell(GPRReg resultGPR, GPRReg allocatorGPR, StructureType structure,
</del><ins>+ void emitAllocateJSCell(
+ GPRReg resultGPR, MarkedAllocator* allocator, GPRReg allocatorGPR, StructureType structure,
</ins><span class="cx"> GPRReg scratchGPR, MacroAssembler::JumpList& slowPath)
</span><span class="cx"> {
</span><del>- m_jit.emitAllocateJSCell(resultGPR, allocatorGPR, structure, scratchGPR, slowPath);
</del><ins>+ m_jit.emitAllocateJSCell(resultGPR, allocator, allocatorGPR, structure, scratchGPR, slowPath);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // Allocator for an object of a specific size.
</span><span class="cx"> template <typename StructureType, typename StorageType> // StructureType and StorageType can be GPR or ImmPtr.
</span><del>- void emitAllocateJSObject(GPRReg resultGPR, GPRReg allocatorGPR, StructureType structure,
</del><ins>+ void emitAllocateJSObject(
+ GPRReg resultGPR, MarkedAllocator* allocator, GPRReg allocatorGPR, StructureType structure,
</ins><span class="cx"> StorageType storage, GPRReg scratchGPR, MacroAssembler::JumpList& slowPath)
</span><span class="cx"> {
</span><del>- m_jit.emitAllocateJSObject(resultGPR, allocatorGPR, structure, storage, scratchGPR, slowPath);
</del><ins>+ m_jit.emitAllocateJSObject(
+ resultGPR, allocator, allocatorGPR, structure, storage, scratchGPR, slowPath);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template <typename ClassType, typename StructureType, typename StorageType> // StructureType and StorageType can be GPR or ImmPtr.
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -3866,8 +3866,7 @@
</span><span class="cx"> bigLength.link(&m_jit);
</span><span class="cx"> m_jit.move(TrustedImmPtr(globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithArrayStorage)), structureGPR);
</span><span class="cx"> done.link(&m_jit);
</span><del>- callOperation(
- operationNewArrayWithSize, resultGPR, structureGPR, sizeGPR);
</del><ins>+ callOperation(operationNewArrayWithSize, resultGPR, structureGPR, sizeGPR, nullptr);
</ins><span class="cx"> m_jit.exceptionCheck();
</span><span class="cx"> cellResult(resultGPR, node);
</span><span class="cx"> break;
</span><span class="lines">@@ -4033,7 +4032,7 @@
</span><span class="cx"> m_jit.loadPtr(JITCompiler::Address(rareDataGPR, FunctionRareData::offsetOfObjectAllocationProfile() + ObjectAllocationProfile::offsetOfAllocator()), allocatorGPR);
</span><span class="cx"> m_jit.loadPtr(JITCompiler::Address(rareDataGPR, FunctionRareData::offsetOfObjectAllocationProfile() + ObjectAllocationProfile::offsetOfStructure()), structureGPR);
</span><span class="cx"> slowPath.append(m_jit.branchTestPtr(MacroAssembler::Zero, allocatorGPR));
</span><del>- emitAllocateJSObject(resultGPR, allocatorGPR, structureGPR, TrustedImmPtr(0), scratchGPR, slowPath);
</del><ins>+ emitAllocateJSObject(resultGPR, nullptr, allocatorGPR, structureGPR, TrustedImmPtr(0), scratchGPR, slowPath);
</ins><span class="cx">
</span><span class="cx"> addSlowPathGenerator(slowPathCall(slowPath, this, operationCreateThis, resultGPR, calleeGPR, node->inlineCapacity()));
</span><span class="cx">
</span><span class="lines">@@ -4054,10 +4053,10 @@
</span><span class="cx">
</span><span class="cx"> Structure* structure = node->structure();
</span><span class="cx"> size_t allocationSize = JSFinalObject::allocationSize(structure->inlineCapacity());
</span><del>- MarkedAllocator* allocatorPtr = &m_jit.vm()->heap.allocatorForObjectWithoutDestructor(allocationSize);
</del><ins>+ MarkedAllocator* allocatorPtr = m_jit.vm()->heap.allocatorForObjectWithoutDestructor(allocationSize);
</ins><span class="cx">
</span><span class="cx"> m_jit.move(TrustedImmPtr(allocatorPtr), allocatorGPR);
</span><del>- emitAllocateJSObject(resultGPR, allocatorGPR, TrustedImmPtr(structure), TrustedImmPtr(0), scratchGPR, slowPath);
</del><ins>+ emitAllocateJSObject(resultGPR, allocatorPtr, allocatorGPR, TrustedImmPtr(structure), TrustedImmPtr(0), scratchGPR, slowPath);
</ins><span class="cx">
</span><span class="cx"> addSlowPathGenerator(slowPathCall(slowPath, this, operationNewObject, resultGPR, structure));
</span><span class="cx">
</span><span class="lines">@@ -5364,41 +5363,47 @@
</span><span class="cx"> GPRReg scratchGPR = scratch.gpr();
</span><span class="cx"> GPRReg scratch2GPR = scratch2.gpr();
</span><span class="cx">
</span><ins>+ m_jit.move(TrustedImmPtr(0), storageGPR);
+
</ins><span class="cx"> MacroAssembler::JumpList slowCases;
</span><span class="cx"> if (shouldConvertLargeSizeToArrayStorage)
</span><span class="cx"> slowCases.append(m_jit.branch32(MacroAssembler::AboveOrEqual, sizeGPR, TrustedImm32(MIN_ARRAY_STORAGE_CONSTRUCTION_LENGTH)));
</span><del>-
</del><ins>+
</ins><span class="cx"> ASSERT((1 << 3) == sizeof(JSValue));
</span><span class="cx"> m_jit.move(sizeGPR, scratchGPR);
</span><span class="cx"> m_jit.lshift32(TrustedImm32(3), scratchGPR);
</span><span class="cx"> m_jit.add32(TrustedImm32(sizeof(IndexingHeader)), scratchGPR, resultGPR);
</span><del>- slowCases.append(
- emitAllocateBasicStorage(resultGPR, storageGPR));
- m_jit.subPtr(scratchGPR, storageGPR);
- Structure* structure = globalObject->arrayStructureForIndexingTypeDuringAllocation(indexingType);
- emitAllocateJSObject<JSArray>(resultGPR, TrustedImmPtr(structure), storageGPR, scratchGPR, scratch2GPR, slowCases);
-
</del><ins>+ m_jit.emitAllocateVariableSized(
+ storageGPR, m_jit.vm()->heap.subspaceForAuxiliaryData(), resultGPR, scratchGPR,
+ scratch2GPR, slowCases);
+ m_jit.addPtr(TrustedImm32(sizeof(IndexingHeader)), storageGPR);
+
</ins><span class="cx"> m_jit.store32(sizeGPR, MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()));
</span><span class="cx"> m_jit.store32(sizeGPR, MacroAssembler::Address(storageGPR, Butterfly::offsetOfVectorLength()));
</span><ins>+
+ JSValue hole;
+ if (hasDouble(indexingType))
+ hole = JSValue(JSValue::EncodeAsDouble, PNaN);
+ else
+ hole = JSValue();
+
+ m_jit.move(sizeGPR, scratchGPR);
+ MacroAssembler::Jump done = m_jit.branchTest32(MacroAssembler::Zero, scratchGPR);
+ MacroAssembler::Label loop = m_jit.label();
+ m_jit.sub32(TrustedImm32(1), scratchGPR);
+ m_jit.store32(TrustedImm32(hole.u.asBits.tag), MacroAssembler::BaseIndex(storageGPR, scratchGPR, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
+ m_jit.store32(TrustedImm32(hole.u.asBits.payload), MacroAssembler::BaseIndex(storageGPR, scratchGPR, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
+ m_jit.branchTest32(MacroAssembler::NonZero, scratchGPR).linkTo(loop, &m_jit);
+ done.link(&m_jit);
</ins><span class="cx">
</span><del>- if (hasDouble(indexingType)) {
- JSValue nan = JSValue(JSValue::EncodeAsDouble, PNaN);
-
- m_jit.move(sizeGPR, scratchGPR);
- MacroAssembler::Jump done = m_jit.branchTest32(MacroAssembler::Zero, scratchGPR);
- MacroAssembler::Label loop = m_jit.label();
- m_jit.sub32(TrustedImm32(1), scratchGPR);
- m_jit.store32(TrustedImm32(nan.u.asBits.tag), MacroAssembler::BaseIndex(storageGPR, scratchGPR, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
- m_jit.store32(TrustedImm32(nan.u.asBits.payload), MacroAssembler::BaseIndex(storageGPR, scratchGPR, MacroAssembler::TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
- m_jit.branchTest32(MacroAssembler::NonZero, scratchGPR).linkTo(loop, &m_jit);
- done.link(&m_jit);
- }
-
</del><ins>+ Structure* structure = globalObject->arrayStructureForIndexingTypeDuringAllocation(indexingType);
+ emitAllocateJSObject<JSArray>(resultGPR, TrustedImmPtr(structure), storageGPR, scratchGPR, scratch2GPR, slowCases);
+
</ins><span class="cx"> addSlowPathGenerator(std::make_unique<CallArrayAllocatorWithVariableSizeSlowPathGenerator>(
</span><span class="cx"> slowCases, this, operationNewArrayWithSize, resultGPR,
</span><span class="cx"> structure,
</span><span class="cx"> shouldConvertLargeSizeToArrayStorage ? globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithArrayStorage) : structure,
</span><del>- sizeGPR));
</del><ins>+ sizeGPR, storageGPR));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> #endif
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoredfgDFGSpeculativeJIT64cpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -3818,7 +3818,7 @@
</span><span class="cx"> bigLength.link(&m_jit);
</span><span class="cx"> m_jit.move(TrustedImmPtr(globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithArrayStorage)), structureGPR);
</span><span class="cx"> done.link(&m_jit);
</span><del>- callOperation(operationNewArrayWithSize, resultGPR, structureGPR, sizeGPR);
</del><ins>+ callOperation(operationNewArrayWithSize, resultGPR, structureGPR, sizeGPR, nullptr);
</ins><span class="cx"> m_jit.exceptionCheck();
</span><span class="cx"> cellResult(resultGPR, node);
</span><span class="cx"> break;
</span><span class="lines">@@ -3975,7 +3975,7 @@
</span><span class="cx"> m_jit.loadPtr(JITCompiler::Address(rareDataGPR, FunctionRareData::offsetOfObjectAllocationProfile() + ObjectAllocationProfile::offsetOfAllocator()), allocatorGPR);
</span><span class="cx"> m_jit.loadPtr(JITCompiler::Address(rareDataGPR, FunctionRareData::offsetOfObjectAllocationProfile() + ObjectAllocationProfile::offsetOfStructure()), structureGPR);
</span><span class="cx"> slowPath.append(m_jit.branchTestPtr(MacroAssembler::Zero, allocatorGPR));
</span><del>- emitAllocateJSObject(resultGPR, allocatorGPR, structureGPR, TrustedImmPtr(0), scratchGPR, slowPath);
</del><ins>+ emitAllocateJSObject(resultGPR, nullptr, allocatorGPR, structureGPR, TrustedImmPtr(0), scratchGPR, slowPath);
</ins><span class="cx">
</span><span class="cx"> addSlowPathGenerator(slowPathCall(slowPath, this, operationCreateThis, resultGPR, calleeGPR, node->inlineCapacity()));
</span><span class="cx">
</span><span class="lines">@@ -3996,10 +3996,10 @@
</span><span class="cx">
</span><span class="cx"> Structure* structure = node->structure();
</span><span class="cx"> size_t allocationSize = JSFinalObject::allocationSize(structure->inlineCapacity());
</span><del>- MarkedAllocator* allocatorPtr = &m_jit.vm()->heap.allocatorForObjectWithoutDestructor(allocationSize);
</del><ins>+ MarkedAllocator* allocatorPtr = m_jit.vm()->heap.allocatorForObjectWithoutDestructor(allocationSize);
</ins><span class="cx">
</span><span class="cx"> m_jit.move(TrustedImmPtr(allocatorPtr), allocatorGPR);
</span><del>- emitAllocateJSObject(resultGPR, allocatorGPR, TrustedImmPtr(structure), TrustedImmPtr(0), scratchGPR, slowPath);
</del><ins>+ emitAllocateJSObject(resultGPR, allocatorPtr, allocatorGPR, TrustedImmPtr(structure), TrustedImmPtr(0), scratchGPR, slowPath);
</ins><span class="cx">
</span><span class="cx"> addSlowPathGenerator(slowPathCall(slowPath, this, operationNewObject, resultGPR, structure));
</span><span class="cx">
</span><span class="lines">@@ -5236,7 +5236,7 @@
</span><span class="cx">
</span><span class="cx"> unsigned bytecodeIndex = node->origin.semantic.bytecodeIndex;
</span><span class="cx"> auto triggerIterator = m_jit.jitCode()->tierUpEntryTriggers.find(bytecodeIndex);
</span><del>- RELEASE_ASSERT(triggerIterator != m_jit.jitCode()->tierUpEntryTriggers.end());
</del><ins>+ DFG_ASSERT(m_jit.graph(), node, triggerIterator != m_jit.jitCode()->tierUpEntryTriggers.end());
</ins><span class="cx"> uint8_t* forceEntryTrigger = &(m_jit.jitCode()->tierUpEntryTriggers.find(bytecodeIndex)->value);
</span><span class="cx">
</span><span class="cx"> MacroAssembler::Jump forceOSREntry = m_jit.branchTest8(MacroAssembler::NonZero, MacroAssembler::AbsoluteAddress(forceEntryTrigger));
</span><span class="lines">@@ -5420,39 +5420,45 @@
</span><span class="cx"> GPRReg scratchGPR = scratch.gpr();
</span><span class="cx"> GPRReg scratch2GPR = scratch2.gpr();
</span><span class="cx">
</span><ins>+ m_jit.move(TrustedImmPtr(0), storageGPR);
+
</ins><span class="cx"> MacroAssembler::JumpList slowCases;
</span><span class="cx"> if (shouldConvertLargeSizeToArrayStorage)
</span><span class="cx"> slowCases.append(m_jit.branch32(MacroAssembler::AboveOrEqual, sizeGPR, TrustedImm32(MIN_ARRAY_STORAGE_CONSTRUCTION_LENGTH)));
</span><del>-
</del><ins>+
</ins><span class="cx"> ASSERT((1 << 3) == sizeof(JSValue));
</span><span class="cx"> m_jit.move(sizeGPR, scratchGPR);
</span><span class="cx"> m_jit.lshift32(TrustedImm32(3), scratchGPR);
</span><span class="cx"> m_jit.add32(TrustedImm32(sizeof(IndexingHeader)), scratchGPR, resultGPR);
</span><del>- slowCases.append(
- emitAllocateBasicStorage(resultGPR, storageGPR));
- m_jit.subPtr(scratchGPR, storageGPR);
- Structure* structure = globalObject->arrayStructureForIndexingTypeDuringAllocation(indexingType);
- emitAllocateJSObject<JSArray>(resultGPR, TrustedImmPtr(structure), storageGPR, scratchGPR, scratch2GPR, slowCases);
-
</del><ins>+ m_jit.emitAllocateVariableSized(
+ storageGPR, m_jit.vm()->heap.subspaceForAuxiliaryData(), resultGPR, scratchGPR,
+ scratch2GPR, slowCases);
+ m_jit.addPtr(TrustedImm32(sizeof(IndexingHeader)), storageGPR);
+
</ins><span class="cx"> m_jit.store32(sizeGPR, MacroAssembler::Address(storageGPR, Butterfly::offsetOfPublicLength()));
</span><span class="cx"> m_jit.store32(sizeGPR, MacroAssembler::Address(storageGPR, Butterfly::offsetOfVectorLength()));
</span><del>-
- if (hasDouble(indexingType)) {
</del><ins>+
+ if (hasDouble(indexingType))
</ins><span class="cx"> m_jit.move(TrustedImm64(bitwise_cast<int64_t>(PNaN)), scratchGPR);
</span><del>- m_jit.move(sizeGPR, scratch2GPR);
- MacroAssembler::Jump done = m_jit.branchTest32(MacroAssembler::Zero, scratch2GPR);
- MacroAssembler::Label loop = m_jit.label();
- m_jit.sub32(TrustedImm32(1), scratch2GPR);
- m_jit.store64(scratchGPR, MacroAssembler::BaseIndex(storageGPR, scratch2GPR, MacroAssembler::TimesEight));
- m_jit.branchTest32(MacroAssembler::NonZero, scratch2GPR).linkTo(loop, &m_jit);
- done.link(&m_jit);
- }
</del><ins>+ else
+ m_jit.move(TrustedImm64(JSValue::encode(JSValue())), scratchGPR);
+ m_jit.move(sizeGPR, scratch2GPR);
+ MacroAssembler::Jump done = m_jit.branchTest32(MacroAssembler::Zero, scratch2GPR);
+ MacroAssembler::Label loop = m_jit.label();
+ m_jit.sub32(TrustedImm32(1), scratch2GPR);
+ m_jit.store64(scratchGPR, MacroAssembler::BaseIndex(storageGPR, scratch2GPR, MacroAssembler::TimesEight));
+ m_jit.branchTest32(MacroAssembler::NonZero, scratch2GPR).linkTo(loop, &m_jit);
+ done.link(&m_jit);
+
+ Structure* structure = globalObject->arrayStructureForIndexingTypeDuringAllocation(indexingType);
+
+ emitAllocateJSObject<JSArray>(resultGPR, TrustedImmPtr(structure), storageGPR, scratchGPR, scratch2GPR, slowCases);
</ins><span class="cx">
</span><span class="cx"> addSlowPathGenerator(std::make_unique<CallArrayAllocatorWithVariableSizeSlowPathGenerator>(
</span><span class="cx"> slowCases, this, operationNewArrayWithSize, resultGPR,
</span><span class="cx"> structure,
</span><span class="cx"> shouldConvertLargeSizeToArrayStorage ? globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithArrayStorage) : structure,
</span><del>- sizeGPR));
</del><ins>+ sizeGPR, storageGPR));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> #endif
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoredfgDFGStrengthReductionPhasecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -40,6 +40,7 @@
</span><span class="cx"> #include "RegExpConstructor.h"
</span><span class="cx"> #include "StringPrototype.h"
</span><span class="cx"> #include <cstdlib>
</span><ins>+#include <wtf/text/StringBuilder.h>
</ins><span class="cx">
</span><span class="cx"> namespace JSC { namespace DFG {
</span><span class="cx">
</span><span class="lines">@@ -420,7 +421,7 @@
</span><span class="cx"> dataLog("Giving up because of pattern limit.\n");
</span><span class="cx"> break;
</span><span class="cx"> }
</span><del>-
</del><ins>+
</ins><span class="cx"> unsigned lastIndex;
</span><span class="cx"> if (regExp->globalOrSticky()) {
</span><span class="cx"> // This will only work if we can prove what the value of lastIndex is. To do this
</span><span class="lines">@@ -468,7 +469,7 @@
</span><span class="cx"> FrozenValue* constructorFrozenValue = m_graph.freeze(constructor);
</span><span class="cx">
</span><span class="cx"> MatchResult result;
</span><del>- Vector<int, 32> ovector;
</del><ins>+ Vector<int> ovector;
</ins><span class="cx"> // We have to call the kind of match function that the main thread would have called.
</span><span class="cx"> // Otherwise, we might not have the desired Yarr code compiled, and the match will fail.
</span><span class="cx"> if (m_node->op() == RegExpExec) {
</span><span class="lines">@@ -514,7 +515,8 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> unsigned publicLength = resultArray.size();
</span><del>- unsigned vectorLength = std::max(BASE_VECTOR_LEN, publicLength);
</del><ins>+ unsigned vectorLength =
+ Butterfly::optimalContiguousVectorLength(structure, publicLength);
</ins><span class="cx">
</span><span class="cx"> UniquedStringImpl* indexUID = vm().propertyNames->index.impl();
</span><span class="cx"> UniquedStringImpl* inputUID = vm().propertyNames->input.impl();
</span><span class="lines">@@ -649,7 +651,7 @@
</span><span class="cx"> bool ok = true;
</span><span class="cx"> do {
</span><span class="cx"> MatchResult result;
</span><del>- Vector<int, 32> ovector;
</del><ins>+ Vector<int> ovector;
</ins><span class="cx"> // Model which version of match() is called by the main thread.
</span><span class="cx"> if (replace.isEmpty() && regExp->global()) {
</span><span class="cx"> if (!regExp->matchConcurrently(vm(), string, startPosition, result)) {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreftlFTLAbstractHeapRepositoryh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -76,7 +76,6 @@
</span><span class="cx"> macro(JSString_value, JSString::offsetOfValue()) \
</span><span class="cx"> macro(JSSymbolTableObject_symbolTable, JSSymbolTableObject::offsetOfSymbolTable()) \
</span><span class="cx"> macro(JSWrapperObject_internalValue, JSWrapperObject::internalValueOffset()) \
</span><del>- macro(MarkedAllocator_freeListHead, MarkedAllocator::offsetOfFreeListHead()) \
</del><span class="cx"> macro(RegExpConstructor_cachedResult_lastRegExp, RegExpConstructor::offsetOfCachedResult() + RegExpCachedResult::offsetOfLastRegExp()) \
</span><span class="cx"> macro(RegExpConstructor_cachedResult_lastInput, RegExpConstructor::offsetOfCachedResult() + RegExpCachedResult::offsetOfLastInput()) \
</span><span class="cx"> macro(RegExpConstructor_cachedResult_result_start, RegExpConstructor::offsetOfCachedResult() + RegExpCachedResult::offsetOfResult() + OBJECT_OFFSETOF(MatchResult, start)) \
</span><span class="lines">@@ -109,8 +108,7 @@
</span><span class="cx"> macro(JSEnvironmentRecord_variables, JSEnvironmentRecord::offsetOfVariables(), sizeof(EncodedJSValue)) \
</span><span class="cx"> macro(JSPropertyNameEnumerator_cachedPropertyNamesVectorContents, 0, sizeof(WriteBarrier<JSString>)) \
</span><span class="cx"> macro(JSRopeString_fibers, JSRopeString::offsetOfFibers(), sizeof(WriteBarrier<JSString>)) \
</span><del>- macro(MarkedSpace_Subspace_impreciseAllocators, OBJECT_OFFSETOF(MarkedSpace::Subspace, impreciseAllocators), sizeof(MarkedAllocator)) \
- macro(MarkedSpace_Subspace_preciseAllocators, OBJECT_OFFSETOF(MarkedSpace::Subspace, preciseAllocators), sizeof(MarkedAllocator)) \
</del><ins>+ macro(MarkedSpace_Subspace_allocatorForSizeStep, OBJECT_OFFSETOF(MarkedSpace::Subspace, allocatorForSizeStep), sizeof(MarkedAllocator*)) \
</ins><span class="cx"> macro(ScopedArguments_overflowStorage, ScopedArguments::overflowStorageOffset(), sizeof(EncodedJSValue)) \
</span><span class="cx"> macro(WriteBarrierBuffer_bufferContents, 0, sizeof(JSCell*)) \
</span><span class="cx"> macro(characters8, 0, sizeof(LChar)) \
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreftlFTLCompilecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLCompile.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLCompile.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLCompile.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -42,6 +42,7 @@
</span><span class="cx"> #include "FTLJITCode.h"
</span><span class="cx"> #include "FTLThunks.h"
</span><span class="cx"> #include "JITSubGenerator.h"
</span><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "LinkBuffer.h"
</span><span class="cx"> #include "PCToCodeOriginMap.h"
</span><span class="cx"> #include "ScratchRegisterAllocator.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreftlFTLJITFinalizercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -32,6 +32,7 @@
</span><span class="cx"> #include "DFGPlan.h"
</span><span class="cx"> #include "FTLState.h"
</span><span class="cx"> #include "FTLThunks.h"
</span><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "ProfilerDatabase.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC { namespace FTL {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreftlFTLLowerDFGToB3cpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -3815,7 +3815,7 @@
</span><span class="cx"> size, m_out.constInt32(DirectArguments::allocationSize(minCapacity)));
</span><span class="cx">
</span><span class="cx"> fastObject = allocateVariableSizedObject<DirectArguments>(
</span><del>- size, structure, m_out.intPtrZero, slowPath);
</del><ins>+ m_out.zeroExtPtr(size), structure, m_out.intPtrZero, slowPath);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> m_out.store32(length.value, fastObject, m_heaps.DirectArguments_length);
</span><span class="lines">@@ -3915,10 +3915,11 @@
</span><span class="cx"> LBasicBlock continuation = m_out.newBlock();
</span><span class="cx"> LValue arrayLength = lowInt32(m_node->child1());
</span><span class="cx"> LBasicBlock loopStart = m_out.newBlock();
</span><del>- bool shouldLargeArraySizeCreateArrayStorage = false;
- LValue array = compileAllocateArrayWithSize(arrayLength, ArrayWithContiguous, shouldLargeArraySizeCreateArrayStorage);
-
- LValue butterfly = m_out.loadPtr(array, m_heaps.JSObject_butterfly);
</del><ins>+ JSGlobalObject* globalObject = m_graph.globalObjectFor(m_node->origin.semantic);
+ Structure* structure = globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithContiguous);
+ ArrayValues arrayValues = allocateUninitializedContiguousJSArray(arrayLength, structure);
+ LValue array = arrayValues.array;
+ LValue butterfly = arrayValues.butterfly;
</ins><span class="cx"> ValueFromBlock startLength = m_out.anchor(arrayLength);
</span><span class="cx"> LValue argumentRegion = m_out.add(getArgumentsStart(), m_out.constInt64(sizeof(Register) * m_node->numberOfArgumentsToSkip()));
</span><span class="cx"> m_out.branch(m_out.equal(arrayLength, m_out.constInt32(0)),
</span><span class="lines">@@ -3930,7 +3931,7 @@
</span><span class="cx"> m_out.addIncomingToPhi(phiOffset, m_out.anchor(currentOffset));
</span><span class="cx"> LValue loadedValue = m_out.load64(m_out.baseIndex(m_heaps.variables, argumentRegion, m_out.zeroExtPtr(currentOffset)));
</span><span class="cx"> IndexedAbstractHeap& heap = m_heaps.indexedContiguousProperties;
</span><del>- m_out.store(loadedValue, m_out.baseIndex(heap, butterfly, m_out.zeroExtPtr(currentOffset)), Output::Store64);
</del><ins>+ m_out.store64(loadedValue, m_out.baseIndex(heap, butterfly, m_out.zeroExtPtr(currentOffset)));
</ins><span class="cx"> m_out.branch(m_out.equal(currentOffset, m_out.constInt32(0)), unsure(continuation), unsure(loopStart));
</span><span class="cx">
</span><span class="cx"> m_out.appendTo(continuation, lastNext);
</span><span class="lines">@@ -3987,7 +3988,8 @@
</span><span class="cx"> if (!globalObject->isHavingABadTime() && !hasAnyArrayStorage(m_node->indexingType())) {
</span><span class="cx"> unsigned numElements = m_node->numChildren();
</span><span class="cx">
</span><del>- ArrayValues arrayValues = allocateJSArray(structure, numElements);
</del><ins>+ ArrayValues arrayValues =
+ allocateUninitializedContiguousJSArray(m_out.constInt32(numElements), structure);
</ins><span class="cx">
</span><span class="cx"> for (unsigned operandIndex = 0; operandIndex < m_node->numChildren(); ++operandIndex) {
</span><span class="cx"> Edge edge = m_graph.varArgChild(m_node, operandIndex);
</span><span class="lines">@@ -4063,7 +4065,8 @@
</span><span class="cx"> if (!globalObject->isHavingABadTime() && !hasAnyArrayStorage(m_node->indexingType())) {
</span><span class="cx"> unsigned numElements = m_node->numConstants();
</span><span class="cx">
</span><del>- ArrayValues arrayValues = allocateJSArray(structure, numElements);
</del><ins>+ ArrayValues arrayValues =
+ allocateUninitializedContiguousJSArray(m_out.constInt32(numElements), structure);
</ins><span class="cx">
</span><span class="cx"> JSValue* data = codeBlock()->constantBuffer(m_node->startConstant());
</span><span class="cx"> for (unsigned index = 0; index < m_node->numConstants(); ++index) {
</span><span class="lines">@@ -4089,88 +4092,6 @@
</span><span class="cx"> m_out.constIntPtr(m_node->numConstants())));
</span><span class="cx"> }
</span><span class="cx">
</span><del>- LValue compileAllocateArrayWithSize(LValue publicLength, IndexingType indexingType, bool shouldLargeArraySizeCreateArrayStorage = true)
- {
- JSGlobalObject* globalObject = m_graph.globalObjectFor(m_node->origin.semantic);
- Structure* structure = globalObject->arrayStructureForIndexingTypeDuringAllocation(indexingType);
- ASSERT(
- hasUndecided(structure->indexingType())
- || hasInt32(structure->indexingType())
- || hasDouble(structure->indexingType())
- || hasContiguous(structure->indexingType()));
-
- LBasicBlock fastCase = m_out.newBlock();
- LBasicBlock largeCase = shouldLargeArraySizeCreateArrayStorage ? m_out.newBlock() : nullptr;
- LBasicBlock failCase = m_out.newBlock();
- LBasicBlock continuation = m_out.newBlock();
- LBasicBlock lastNext = nullptr;
- if (shouldLargeArraySizeCreateArrayStorage) {
- m_out.branch(
- m_out.aboveOrEqual(publicLength, m_out.constInt32(MIN_ARRAY_STORAGE_CONSTRUCTION_LENGTH)),
- rarely(largeCase), usually(fastCase));
- lastNext = m_out.appendTo(fastCase, largeCase);
- }
-
-
- // We don't round up to BASE_VECTOR_LEN for new Array(blah).
- LValue vectorLength = publicLength;
-
- LValue payloadSize =
- m_out.shl(m_out.zeroExt(vectorLength, pointerType()), m_out.constIntPtr(3));
-
- LValue butterflySize = m_out.add(
- payloadSize, m_out.constIntPtr(sizeof(IndexingHeader)));
-
- LValue endOfStorage = allocateBasicStorageAndGetEnd(butterflySize, failCase);
-
- LValue butterfly = m_out.sub(endOfStorage, payloadSize);
-
- LValue object = allocateObject<JSArray>(structure, butterfly, failCase);
-
- m_out.store32(publicLength, butterfly, m_heaps.Butterfly_publicLength);
- m_out.store32(vectorLength, butterfly, m_heaps.Butterfly_vectorLength);
-
- initializeArrayElements(indexingType, vectorLength, butterfly);
-
- ValueFromBlock fastResult = m_out.anchor(object);
- m_out.jump(continuation);
-
- LValue structureValue;
- if (shouldLargeArraySizeCreateArrayStorage) {
- LBasicBlock slowCase = m_out.newBlock();
-
- m_out.appendTo(largeCase, failCase);
- ValueFromBlock largeStructure = m_out.anchor(m_out.constIntPtr(
- globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithArrayStorage)));
- m_out.jump(slowCase);
-
- m_out.appendTo(failCase, slowCase);
- ValueFromBlock failStructure = m_out.anchor(m_out.constIntPtr(structure));
- m_out.jump(slowCase);
-
- m_out.appendTo(slowCase, continuation);
- structureValue = m_out.phi(
- pointerType(), largeStructure, failStructure);
- } else {
- ASSERT(!lastNext);
- lastNext = m_out.appendTo(failCase, continuation);
- structureValue = m_out.constIntPtr(structure);
- }
-
- LValue slowResultValue = lazySlowPath(
- [=] (const Vector<Location>& locations) -> RefPtr<LazySlowPath::Generator> {
- return createLazyCallGenerator(
- operationNewArrayWithSize, locations[0].directGPR(),
- locations[1].directGPR(), locations[2].directGPR());
- },
- structureValue, publicLength);
- ValueFromBlock slowResult = m_out.anchor(slowResultValue);
- m_out.jump(continuation);
-
- m_out.appendTo(continuation, lastNext);
- return m_out.phi(pointerType(), fastResult, slowResult);
- }
-
</del><span class="cx"> void compileNewArrayWithSize()
</span><span class="cx"> {
</span><span class="cx"> LValue publicLength = lowInt32(m_node->child1());
</span><span class="lines">@@ -4180,7 +4101,11 @@
</span><span class="cx"> m_node->indexingType());
</span><span class="cx">
</span><span class="cx"> if (!globalObject->isHavingABadTime() && !hasAnyArrayStorage(m_node->indexingType())) {
</span><del>- setJSValue(compileAllocateArrayWithSize(publicLength, m_node->indexingType()));
</del><ins>+ setJSValue(
+ allocateJSArray(
+ publicLength,
+ globalObject->arrayStructureForIndexingTypeDuringAllocation(
+ m_node->indexingType())).array);
</ins><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -4189,7 +4114,7 @@
</span><span class="cx"> m_out.constIntPtr(
</span><span class="cx"> globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithArrayStorage)),
</span><span class="cx"> m_out.constIntPtr(structure));
</span><del>- setJSValue(vmCall(Int64, m_out.operation(operationNewArrayWithSize), m_callFrame, structureValue, publicLength));
</del><ins>+ setJSValue(vmCall(Int64, m_out.operation(operationNewArrayWithSize), m_callFrame, structureValue, publicLength, m_out.intPtrZero));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void compileNewTypedArray()
</span><span class="lines">@@ -4449,13 +4374,12 @@
</span><span class="cx">
</span><span class="cx"> LBasicBlock lastNext = m_out.insertNewBlocksBefore(slowPath);
</span><span class="cx">
</span><del>- MarkedAllocator& allocator =
</del><ins>+ MarkedAllocator* allocator =
</ins><span class="cx"> vm().heap.allocatorForObjectWithDestructor(sizeof(JSRopeString));
</span><ins>+ DFG_ASSERT(m_graph, m_node, allocator);
</ins><span class="cx">
</span><span class="cx"> LValue result = allocateCell(
</span><del>- m_out.constIntPtr(&allocator),
- vm().stringStructure.get(),
- slowPath);
</del><ins>+ m_out.constIntPtr(allocator), vm().stringStructure.get(), slowPath);
</ins><span class="cx">
</span><span class="cx"> m_out.storePtr(m_out.intPtrZero, result, m_heaps.JSString_value);
</span><span class="cx"> for (unsigned i = 0; i < numKids; ++i)
</span><span class="lines">@@ -7004,7 +6928,8 @@
</span><span class="cx">
</span><span class="cx"> if (structure->outOfLineCapacity() || hasIndexedProperties(structure->indexingType())) {
</span><span class="cx"> size_t allocationSize = JSFinalObject::allocationSize(structure->inlineCapacity());
</span><del>- MarkedAllocator* allocator = &vm().heap.allocatorForObjectWithoutDestructor(allocationSize);
</del><ins>+ MarkedAllocator* cellAllocator = vm().heap.allocatorForObjectWithoutDestructor(allocationSize);
+ DFG_ASSERT(m_graph, m_node, cellAllocator);
</ins><span class="cx">
</span><span class="cx"> bool hasIndexingHeader = hasIndexedProperties(structure->indexingType());
</span><span class="cx"> unsigned indexingHeaderSize = 0;
</span><span class="lines">@@ -7029,7 +6954,7 @@
</span><span class="cx"> indexingPayloadSizeInBytes =
</span><span class="cx"> m_out.mul(m_out.zeroExtPtr(vectorLength), m_out.intPtrEight);
</span><span class="cx"> }
</span><del>-
</del><ins>+
</ins><span class="cx"> LValue butterflySize = m_out.add(
</span><span class="cx"> m_out.constIntPtr(
</span><span class="cx"> structure->outOfLineCapacity() * sizeof(JSValue) + indexingHeaderSize),
</span><span class="lines">@@ -7040,16 +6965,23 @@
</span><span class="cx">
</span><span class="cx"> LBasicBlock lastNext = m_out.insertNewBlocksBefore(slowPath);
</span><span class="cx">
</span><del>- LValue endOfStorage = allocateBasicStorageAndGetEnd(butterflySize, slowPath);
</del><ins>+ ValueFromBlock noButterfly = m_out.anchor(m_out.intPtrZero);
+
+ LValue startOfStorage = allocateHeapCell(
+ allocatorForSize(vm().heap.subspaceForAuxiliaryData(), butterflySize, slowPath),
+ slowPath);
</ins><span class="cx">
</span><span class="cx"> LValue fastButterflyValue = m_out.add(
</span><del>- m_out.sub(endOfStorage, indexingPayloadSizeInBytes),
- m_out.constIntPtr(sizeof(IndexingHeader) - indexingHeaderSize));
</del><ins>+ startOfStorage,
+ m_out.constIntPtr(
+ structure->outOfLineCapacity() * sizeof(JSValue) + sizeof(IndexingHeader)));
+
+ ValueFromBlock haveButterfly = m_out.anchor(fastButterflyValue);
</ins><span class="cx">
</span><span class="cx"> m_out.store32(vectorLength, fastButterflyValue, m_heaps.Butterfly_vectorLength);
</span><span class="cx">
</span><span class="cx"> LValue fastObjectValue = allocateObject(
</span><del>- m_out.constIntPtr(allocator), structure, fastButterflyValue, slowPath);
</del><ins>+ m_out.constIntPtr(cellAllocator), structure, fastButterflyValue, slowPath);
</ins><span class="cx">
</span><span class="cx"> ValueFromBlock fastObject = m_out.anchor(fastObjectValue);
</span><span class="cx"> ValueFromBlock fastButterfly = m_out.anchor(fastButterflyValue);
</span><span class="lines">@@ -7056,6 +6988,8 @@
</span><span class="cx"> m_out.jump(continuation);
</span><span class="cx">
</span><span class="cx"> m_out.appendTo(slowPath, continuation);
</span><ins>+
+ LValue butterflyValue = m_out.phi(pointerType(), noButterfly, haveButterfly);
</ins><span class="cx">
</span><span class="cx"> LValue slowObjectValue;
</span><span class="cx"> if (hasIndexingHeader) {
</span><span class="lines">@@ -7064,16 +6998,17 @@
</span><span class="cx"> return createLazyCallGenerator(
</span><span class="cx"> operationNewObjectWithButterflyWithIndexingHeaderAndVectorLength,
</span><span class="cx"> locations[0].directGPR(), CCallHelpers::TrustedImmPtr(structure),
</span><del>- locations[1].directGPR());
</del><ins>+ locations[1].directGPR(), locations[2].directGPR());
</ins><span class="cx"> },
</span><del>- vectorLength);
</del><ins>+ vectorLength, butterflyValue);
</ins><span class="cx"> } else {
</span><span class="cx"> slowObjectValue = lazySlowPath(
</span><span class="cx"> [=] (const Vector<Location>& locations) -> RefPtr<LazySlowPath::Generator> {
</span><span class="cx"> return createLazyCallGenerator(
</span><span class="cx"> operationNewObjectWithButterfly, locations[0].directGPR(),
</span><del>- CCallHelpers::TrustedImmPtr(structure));
- });
</del><ins>+ CCallHelpers::TrustedImmPtr(structure), locations[1].directGPR());
+ },
+ butterflyValue);
</ins><span class="cx"> }
</span><span class="cx"> ValueFromBlock slowObject = m_out.anchor(slowObjectValue);
</span><span class="cx"> ValueFromBlock slowButterfly = m_out.anchor(
</span><span class="lines">@@ -7088,7 +7023,7 @@
</span><span class="cx">
</span><span class="cx"> m_out.store32(publicLength, butterfly, m_heaps.Butterfly_publicLength);
</span><span class="cx">
</span><del>- initializeArrayElements(structure->indexingType(), vectorLength, butterfly);
</del><ins>+ initializeArrayElements(structure->indexingType(), m_out.int32Zero, vectorLength, butterfly);
</ins><span class="cx">
</span><span class="cx"> HashMap<int32_t, LValue, DefaultHash<int32_t>::Hash, WTF::UnsignedWithZeroKeyHashTraits<int32_t>> indexMap;
</span><span class="cx"> Vector<int32_t> indices;
</span><span class="lines">@@ -7833,11 +7768,33 @@
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- void initializeArrayElements(IndexingType indexingType, LValue vectorLength, LValue butterfly)
</del><ins>+ void initializeArrayElements(IndexingType indexingType, LValue begin, LValue end, LValue butterfly)
</ins><span class="cx"> {
</span><del>- if (!hasDouble(indexingType)) {
- // The GC already initialized everything to JSValue() for us.
</del><ins>+ if (hasUndecided(indexingType))
</ins><span class="cx"> return;
</span><ins>+
+ if (begin == end)
+ return;
+
+ IndexedAbstractHeap* heap = m_heaps.forIndexingType(indexingType);
+ DFG_ASSERT(m_graph, m_node, heap);
+
+ LValue hole;
+ if (hasDouble(indexingType))
+ hole = m_out.constInt64(bitwise_cast<int64_t>(PNaN));
+ else
+ hole = m_out.constInt64(JSValue::encode(JSValue()));
+
+ const uint64_t unrollingLimit = 10;
+ if (begin->hasInt() && end->hasInt()) {
+ uint64_t beginConst = static_cast<uint64_t>(begin->asInt());
+ uint64_t endConst = static_cast<uint64_t>(end->asInt());
+
+ if (endConst - beginConst <= unrollingLimit) {
+ for (uint64_t i = beginConst; i < endConst; ++i)
+ m_out.store64(hole, butterfly, heap->at(i));
+ return;
+ }
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // Doubles must be initialized to PNaN.
</span><span class="lines">@@ -7844,24 +7801,21 @@
</span><span class="cx"> LBasicBlock initLoop = m_out.newBlock();
</span><span class="cx"> LBasicBlock initDone = m_out.newBlock();
</span><span class="cx">
</span><del>- ValueFromBlock originalIndex = m_out.anchor(vectorLength);
</del><ins>+ ValueFromBlock originalIndex = m_out.anchor(end);
</ins><span class="cx"> ValueFromBlock originalPointer = m_out.anchor(butterfly);
</span><del>- m_out.branch(
- m_out.notZero32(vectorLength), unsure(initLoop), unsure(initDone));
</del><ins>+ m_out.branch(m_out.notEqual(end, begin), unsure(initLoop), unsure(initDone));
</ins><span class="cx">
</span><span class="cx"> LBasicBlock initLastNext = m_out.appendTo(initLoop, initDone);
</span><span class="cx"> LValue index = m_out.phi(Int32, originalIndex);
</span><span class="cx"> LValue pointer = m_out.phi(pointerType(), originalPointer);
</span><span class="cx">
</span><del>- m_out.store64(
- m_out.constInt64(bitwise_cast<int64_t>(PNaN)),
- TypedPointer(m_heaps.indexedDoubleProperties.atAnyIndex(), pointer));
</del><ins>+ m_out.store64(hole, TypedPointer(heap->atAnyIndex(), pointer));
</ins><span class="cx">
</span><span class="cx"> LValue nextIndex = m_out.sub(index, m_out.int32One);
</span><span class="cx"> m_out.addIncomingToPhi(index, m_out.anchor(nextIndex));
</span><span class="cx"> m_out.addIncomingToPhi(pointer, m_out.anchor(m_out.add(pointer, m_out.intPtrEight)));
</span><span class="cx"> m_out.branch(
</span><del>- m_out.notZero32(nextIndex), unsure(initLoop), unsure(initDone));
</del><ins>+ m_out.notEqual(nextIndex, begin), unsure(initLoop), unsure(initDone));
</ins><span class="cx">
</span><span class="cx"> m_out.appendTo(initDone, initLastNext);
</span><span class="cx"> }
</span><span class="lines">@@ -7916,13 +7870,12 @@
</span><span class="cx"> LBasicBlock continuation = m_out.newBlock();
</span><span class="cx">
</span><span class="cx"> LBasicBlock lastNext = m_out.insertNewBlocksBefore(slowPath);
</span><del>-
- LValue endOfStorage = allocateBasicStorageAndGetEnd(
- m_out.constIntPtr(sizeInValues * sizeof(JSValue)), slowPath);
-
</del><ins>+
+ size_t sizeInBytes = sizeInValues * sizeof(JSValue);
+ MarkedAllocator* allocator = vm().heap.allocatorForAuxiliaryData(sizeInBytes);
+ LValue startOfStorage = allocateHeapCell(m_out.constIntPtr(allocator), slowPath);
</ins><span class="cx"> ValueFromBlock fastButterfly = m_out.anchor(
</span><del>- m_out.add(m_out.constIntPtr(sizeof(IndexingHeader)), endOfStorage));
-
</del><ins>+ m_out.add(m_out.constIntPtr(sizeInBytes + sizeof(IndexingHeader)), startOfStorage));
</ins><span class="cx"> m_out.jump(continuation);
</span><span class="cx">
</span><span class="cx"> m_out.appendTo(slowPath, continuation);
</span><span class="lines">@@ -8487,29 +8440,64 @@
</span><span class="cx"> setJSValue(patchpoint);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- LValue allocateCell(LValue allocator, LBasicBlock slowPath)
</del><ins>+ LValue allocateHeapCell(LValue allocator, LBasicBlock slowPath)
</ins><span class="cx"> {
</span><del>- LBasicBlock success = m_out.newBlock();
-
- LValue result;
- LValue condition;
- if (Options::forceGCSlowPaths()) {
- result = m_out.intPtrZero;
- condition = m_out.booleanFalse;
- } else {
- result = m_out.loadPtr(
- allocator, m_heaps.MarkedAllocator_freeListHead);
- condition = m_out.notNull(result);
</del><ins>+ MarkedAllocator* actualAllocator = nullptr;
+ if (allocator->hasIntPtr())
+ actualAllocator = bitwise_cast<MarkedAllocator*>(allocator->asIntPtr());
+
+ if (!actualAllocator) {
+ // This means that either we know that the allocator is null or we don't know what the
+ // allocator is. In either case, we need the null check.
+ LBasicBlock haveAllocator = m_out.newBlock();
+ LBasicBlock lastNext = m_out.insertNewBlocksBefore(haveAllocator);
+ m_out.branch(allocator, usually(haveAllocator), rarely(slowPath));
+ m_out.appendTo(haveAllocator, lastNext);
</ins><span class="cx"> }
</span><del>- m_out.branch(condition, usually(success), rarely(slowPath));
</del><span class="cx">
</span><del>- m_out.appendTo(success);
</del><ins>+ LBasicBlock continuation = m_out.newBlock();
</ins><span class="cx">
</span><del>- m_out.storePtr(
- m_out.loadPtr(result, m_heaps.JSCell_freeListNext),
- allocator, m_heaps.MarkedAllocator_freeListHead);
-
- return result;
</del><ins>+ LBasicBlock lastNext = m_out.insertNewBlocksBefore(continuation);
+
+ PatchpointValue* patchpoint = m_out.patchpoint(pointerType());
+ patchpoint->effects.terminal = true;
+ patchpoint->appendSomeRegister(allocator);
+ patchpoint->numGPScratchRegisters++;
+ patchpoint->resultConstraint = ValueRep::SomeEarlyRegister;
+
+ m_out.appendSuccessor(usually(continuation));
+ m_out.appendSuccessor(rarely(slowPath));
+
+ patchpoint->setGenerator(
+ [=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
+ CCallHelpers::JumpList jumpToSlowPath;
+
+ // We use a patchpoint to emit the allocation path because whenever we mess with
+ // allocation paths, we already reason about them at the machine code level. We know
+ // exactly what instruction sequence we want. We're confident that no compiler
+ // optimization could make this code better. So, it's best to have the code in
+ // AssemblyHelpers::emitAllocate(). That way, the same optimized path is shared by
+ // all of the compiler tiers.
+ jit.emitAllocateWithNonNullAllocator(
+ params[0].gpr(), actualAllocator, params[1].gpr(), params.gpScratch(0),
+ jumpToSlowPath);
+
+ CCallHelpers::Jump jumpToSuccess;
+ if (!params.fallsThroughToSuccessor(0))
+ jumpToSuccess = jit.jump();
+
+ Vector<Box<CCallHelpers::Label>> labels = params.successorLabels();
+
+ params.addLatePath(
+ [=] (CCallHelpers& jit) {
+ jumpToSlowPath.linkTo(*labels[1], &jit);
+ if (jumpToSuccess.isSet())
+ jumpToSuccess.linkTo(*labels[0], &jit);
+ });
+ });
+
+ m_out.appendTo(continuation, lastNext);
+ return patchpoint;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void storeStructure(LValue object, Structure* structure)
</span><span class="lines">@@ -8522,7 +8510,7 @@
</span><span class="cx">
</span><span class="cx"> LValue allocateCell(LValue allocator, Structure* structure, LBasicBlock slowPath)
</span><span class="cx"> {
</span><del>- LValue result = allocateCell(allocator, slowPath);
</del><ins>+ LValue result = allocateHeapCell(allocator, slowPath);
</ins><span class="cx"> storeStructure(result, structure);
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="lines">@@ -8539,7 +8527,7 @@
</span><span class="cx"> LValue allocateObject(
</span><span class="cx"> size_t size, Structure* structure, LValue butterfly, LBasicBlock slowPath)
</span><span class="cx"> {
</span><del>- MarkedAllocator* allocator = &vm().heap.allocatorForObjectOfType<ClassType>(size);
</del><ins>+ MarkedAllocator* allocator = vm().heap.allocatorForObjectOfType<ClassType>(size);
</ins><span class="cx"> return allocateObject(m_out.constIntPtr(allocator), structure, butterfly, slowPath);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -8550,46 +8538,60 @@
</span><span class="cx"> ClassType::allocationSize(0), structure, butterfly, slowPath);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- template<typename ClassType>
- LValue allocateVariableSizedObject(
- LValue size, Structure* structure, LValue butterfly, LBasicBlock slowPath)
</del><ins>+ LValue allocatorForSize(LValue subspace, LValue size, LBasicBlock slowPath)
</ins><span class="cx"> {
</span><del>- static_assert(!(MarkedSpace::preciseStep & (MarkedSpace::preciseStep - 1)), "MarkedSpace::preciseStep must be a power of two.");
- static_assert(!(MarkedSpace::impreciseStep & (MarkedSpace::impreciseStep - 1)), "MarkedSpace::impreciseStep must be a power of two.");
-
- LValue subspace = m_out.constIntPtr(&vm().heap.subspaceForObjectOfType<ClassType>());
</del><ins>+ static_assert(!(MarkedSpace::sizeStep & (MarkedSpace::sizeStep - 1)), "MarkedSpace::sizeStep must be a power of two.");
</ins><span class="cx">
</span><del>- LBasicBlock smallCaseBlock = m_out.newBlock();
- LBasicBlock largeOrOversizeCaseBlock = m_out.newBlock();
- LBasicBlock largeCaseBlock = m_out.newBlock();
</del><ins>+ // Try to do some constant-folding here.
+ if (subspace->hasIntPtr() && size->hasIntPtr()) {
+ MarkedSpace::Subspace* actualSubspace = bitwise_cast<MarkedSpace::Subspace*>(subspace->asIntPtr());
+ size_t actualSize = size->asIntPtr();
+
+ MarkedAllocator* actualAllocator = MarkedSpace::allocatorFor(*actualSubspace, actualSize);
+ if (!actualAllocator) {
+ LBasicBlock continuation = m_out.newBlock();
+ LBasicBlock lastNext = m_out.insertNewBlocksBefore(continuation);
+ m_out.jump(slowPath);
+ m_out.appendTo(continuation, lastNext);
+ return m_out.intPtrZero;
+ }
+
+ return m_out.constIntPtr(actualAllocator);
+ }
+
+ unsigned stepShift = getLSBSet(MarkedSpace::sizeStep);
+
</ins><span class="cx"> LBasicBlock continuation = m_out.newBlock();
</span><span class="cx">
</span><del>- LValue uproundedSize = m_out.add(size, m_out.constInt32(MarkedSpace::preciseStep - 1));
- LValue isSmall = m_out.below(uproundedSize, m_out.constInt32(MarkedSpace::preciseCutoff));
- m_out.branch(isSmall, unsure(smallCaseBlock), unsure(largeOrOversizeCaseBlock));
</del><ins>+ LBasicBlock lastNext = m_out.insertNewBlocksBefore(continuation);
</ins><span class="cx">
</span><del>- LBasicBlock lastNext = m_out.appendTo(smallCaseBlock, largeOrOversizeCaseBlock);
- TypedPointer address = m_out.baseIndex(
- m_heaps.MarkedSpace_Subspace_preciseAllocators, subspace,
- m_out.zeroExtPtr(m_out.lShr(uproundedSize, m_out.constInt32(getLSBSet(MarkedSpace::preciseStep)))));
- ValueFromBlock smallAllocator = m_out.anchor(address.value());
- m_out.jump(continuation);
</del><ins>+ LValue sizeClassIndex = m_out.lShr(
+ m_out.add(size, m_out.constIntPtr(MarkedSpace::sizeStep - 1)),
+ m_out.constInt32(stepShift));
</ins><span class="cx">
</span><del>- m_out.appendTo(largeOrOversizeCaseBlock, largeCaseBlock);
</del><span class="cx"> m_out.branch(
</span><del>- m_out.below(uproundedSize, m_out.constInt32(MarkedSpace::impreciseCutoff)),
- usually(largeCaseBlock), rarely(slowPath));
</del><ins>+ m_out.above(sizeClassIndex, m_out.constIntPtr(MarkedSpace::largeCutoff >> stepShift)),
+ rarely(slowPath), usually(continuation));
</ins><span class="cx">
</span><del>- m_out.appendTo(largeCaseBlock, continuation);
- address = m_out.baseIndex(
- m_heaps.MarkedSpace_Subspace_impreciseAllocators, subspace,
- m_out.zeroExtPtr(m_out.lShr(uproundedSize, m_out.constInt32(getLSBSet(MarkedSpace::impreciseStep)))));
- ValueFromBlock largeAllocator = m_out.anchor(address.value());
- m_out.jump(continuation);
-
</del><span class="cx"> m_out.appendTo(continuation, lastNext);
</span><del>- LValue allocator = m_out.phi(pointerType(), smallAllocator, largeAllocator);
</del><span class="cx">
</span><ins>+ return m_out.loadPtr(
+ m_out.baseIndex(
+ m_heaps.MarkedSpace_Subspace_allocatorForSizeStep,
+ subspace, m_out.sub(sizeClassIndex, m_out.intPtrOne)));
+ }
+
+ LValue allocatorForSize(MarkedSpace::Subspace& subspace, LValue size, LBasicBlock slowPath)
+ {
+ return allocatorForSize(m_out.constIntPtr(&subspace), size, slowPath);
+ }
+
+ template<typename ClassType>
+ LValue allocateVariableSizedObject(
+ LValue size, Structure* structure, LValue butterfly, LBasicBlock slowPath)
+ {
+ LValue allocator = allocatorForSize(
+ vm().heap.subspaceForObjectOfType<ClassType>(), size, slowPath);
</ins><span class="cx"> return allocateObject(allocator, structure, butterfly, slowPath);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -8622,8 +8624,12 @@
</span><span class="cx"> LValue allocateObject(Structure* structure)
</span><span class="cx"> {
</span><span class="cx"> size_t allocationSize = JSFinalObject::allocationSize(structure->inlineCapacity());
</span><del>- MarkedAllocator* allocator = &vm().heap.allocatorForObjectWithoutDestructor(allocationSize);
</del><ins>+ MarkedAllocator* allocator = vm().heap.allocatorForObjectWithoutDestructor(allocationSize);
</ins><span class="cx">
</span><ins>+ // FIXME: If the allocator is null, we could simply emit a normal C call to the allocator
+ // instead of putting it on the slow path.
+ // https://bugs.webkit.org/show_bug.cgi?id=161062
+
</ins><span class="cx"> LBasicBlock slowPath = m_out.newBlock();
</span><span class="cx"> LBasicBlock continuation = m_out.newBlock();
</span><span class="cx">
</span><span class="lines">@@ -8665,75 +8671,122 @@
</span><span class="cx"> LValue array;
</span><span class="cx"> LValue butterfly;
</span><span class="cx"> };
</span><del>- ArrayValues allocateJSArray(
- Structure* structure, unsigned numElements, LBasicBlock slowPath)
</del><ins>+
+ ArrayValues allocateJSArray(LValue publicLength, Structure* structure, bool shouldInitializeElements = true, bool shouldLargeArraySizeCreateArrayStorage = true)
</ins><span class="cx"> {
</span><ins>+ JSGlobalObject* globalObject = m_graph.globalObjectFor(m_node->origin.semantic);
+ IndexingType indexingType = structure->indexingType();
</ins><span class="cx"> ASSERT(
</span><del>- hasUndecided(structure->indexingType())
- || hasInt32(structure->indexingType())
- || hasDouble(structure->indexingType())
- || hasContiguous(structure->indexingType()));
</del><ins>+ hasUndecided(indexingType)
+ || hasInt32(indexingType)
+ || hasDouble(indexingType)
+ || hasContiguous(indexingType));
+
+ LBasicBlock fastCase = m_out.newBlock();
+ LBasicBlock largeCase = m_out.newBlock();
+ LBasicBlock failCase = m_out.newBlock();
+ LBasicBlock continuation = m_out.newBlock();
+ LBasicBlock slowCase = m_out.newBlock();
</ins><span class="cx">
</span><del>- unsigned vectorLength = std::max(BASE_VECTOR_LEN, numElements);
</del><ins>+ LBasicBlock lastNext = m_out.insertNewBlocksBefore(fastCase);
</ins><span class="cx">
</span><del>- LValue endOfStorage = allocateBasicStorageAndGetEnd(
- m_out.constIntPtr(sizeof(JSValue) * vectorLength + sizeof(IndexingHeader)),
- slowPath);
</del><ins>+ ValueFromBlock noButterfly = m_out.anchor(m_out.intPtrZero);
</ins><span class="cx">
</span><del>- LValue butterfly = m_out.sub(
- endOfStorage, m_out.constIntPtr(sizeof(JSValue) * vectorLength));
</del><ins>+ LValue predicate;
+ if (shouldLargeArraySizeCreateArrayStorage)
+ predicate = m_out.aboveOrEqual(publicLength, m_out.constInt32(MIN_ARRAY_STORAGE_CONSTRUCTION_LENGTH));
+ else
+ predicate = m_out.booleanFalse;
</ins><span class="cx">
</span><del>- LValue object = allocateObject<JSArray>(
- structure, butterfly, slowPath);
</del><ins>+ m_out.branch(predicate, rarely(largeCase), usually(fastCase));
</ins><span class="cx">
</span><del>- m_out.store32(m_out.constInt32(numElements), butterfly, m_heaps.Butterfly_publicLength);
- m_out.store32(m_out.constInt32(vectorLength), butterfly, m_heaps.Butterfly_vectorLength);
-
- if (hasDouble(structure->indexingType())) {
- for (unsigned i = numElements; i < vectorLength; ++i) {
- m_out.store64(
- m_out.constInt64(bitwise_cast<int64_t>(PNaN)),
- butterfly, m_heaps.indexedDoubleProperties[i]);
</del><ins>+ m_out.appendTo(fastCase, largeCase);
+
+ LValue vectorLength = nullptr;
+ if (publicLength->hasInt32()) {
+ unsigned publicLengthConst = static_cast<unsigned>(publicLength->asInt32());
+ if (publicLengthConst <= MAX_STORAGE_VECTOR_LENGTH) {
+ vectorLength = m_out.constInt32(
+ Butterfly::optimalContiguousVectorLength(
+ structure->outOfLineCapacity(), publicLengthConst));
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>- return ArrayValues(object, butterfly);
- }
</del><ins>+ if (!vectorLength) {
+ // We don't compute the optimal vector length for new Array(blah) where blah is not
+ // statically known, since the compute effort of doing it here is probably not worth it.
+ vectorLength = publicLength;
+ }
+
+ LValue payloadSize =
+ m_out.shl(m_out.zeroExt(vectorLength, pointerType()), m_out.constIntPtr(3));
+
+ LValue butterflySize = m_out.add(
+ payloadSize, m_out.constIntPtr(sizeof(IndexingHeader)));
+
+ LValue allocator = allocatorForSize(
+ vm().heap.subspaceForAuxiliaryData(), butterflySize, failCase);
+ LValue startOfStorage = allocateHeapCell(allocator, failCase);
+
+ LValue butterfly = m_out.add(startOfStorage, m_out.constIntPtr(sizeof(IndexingHeader)));
+
+ m_out.store32(publicLength, butterfly, m_heaps.Butterfly_publicLength);
+ m_out.store32(vectorLength, butterfly, m_heaps.Butterfly_vectorLength);
</ins><span class="cx">
</span><del>- ArrayValues allocateJSArray(Structure* structure, unsigned numElements)
- {
- LBasicBlock slowPath = m_out.newBlock();
- LBasicBlock continuation = m_out.newBlock();
</del><ins>+ initializeArrayElements(
+ indexingType,
+ shouldInitializeElements ? m_out.int32Zero : publicLength, vectorLength,
+ butterfly);
</ins><span class="cx">
</span><del>- LBasicBlock lastNext = m_out.insertNewBlocksBefore(slowPath);
</del><ins>+ ValueFromBlock haveButterfly = m_out.anchor(butterfly);
</ins><span class="cx">
</span><del>- ArrayValues fastValues = allocateJSArray(structure, numElements, slowPath);
- ValueFromBlock fastArray = m_out.anchor(fastValues.array);
- ValueFromBlock fastButterfly = m_out.anchor(fastValues.butterfly);
-
</del><ins>+ LValue object = allocateObject<JSArray>(structure, butterfly, failCase);
+
+ ValueFromBlock fastResult = m_out.anchor(object);
+ ValueFromBlock fastButterfly = m_out.anchor(butterfly);
</ins><span class="cx"> m_out.jump(continuation);
</span><span class="cx">
</span><del>- m_out.appendTo(slowPath, continuation);
</del><ins>+ m_out.appendTo(largeCase, failCase);
+ ValueFromBlock largeStructure = m_out.anchor(
+ m_out.constIntPtr(
+ globalObject->arrayStructureForIndexingTypeDuringAllocation(ArrayWithArrayStorage)));
+ m_out.jump(slowCase);
+
+ m_out.appendTo(failCase, slowCase);
+ ValueFromBlock failStructure = m_out.anchor(m_out.constIntPtr(structure));
+ m_out.jump(slowCase);
+
+ m_out.appendTo(slowCase, continuation);
+ LValue structureValue = m_out.phi(pointerType(), largeStructure, failStructure);
+ LValue butterflyValue = m_out.phi(pointerType(), noButterfly, haveButterfly);
</ins><span class="cx">
</span><del>- LValue slowArrayValue = lazySlowPath(
</del><ins>+ LValue slowResultValue = lazySlowPath(
</ins><span class="cx"> [=] (const Vector<Location>& locations) -> RefPtr<LazySlowPath::Generator> {
</span><span class="cx"> return createLazyCallGenerator(
</span><span class="cx"> operationNewArrayWithSize, locations[0].directGPR(),
</span><del>- CCallHelpers::TrustedImmPtr(structure), CCallHelpers::TrustedImm32(numElements));
- });
- ValueFromBlock slowArray = m_out.anchor(slowArrayValue);
</del><ins>+ locations[1].directGPR(), locations[2].directGPR(), locations[3].directGPR());
+ },
+ structureValue, publicLength, butterflyValue);
+ ValueFromBlock slowResult = m_out.anchor(slowResultValue);
</ins><span class="cx"> ValueFromBlock slowButterfly = m_out.anchor(
</span><del>- m_out.loadPtr(slowArrayValue, m_heaps.JSObject_butterfly));
-
</del><ins>+ m_out.loadPtr(slowResultValue, m_heaps.JSObject_butterfly));
</ins><span class="cx"> m_out.jump(continuation);
</span><span class="cx">
</span><span class="cx"> m_out.appendTo(continuation, lastNext);
</span><del>-
</del><span class="cx"> return ArrayValues(
</span><del>- m_out.phi(pointerType(), fastArray, slowArray),
</del><ins>+ m_out.phi(pointerType(), fastResult, slowResult),
</ins><span class="cx"> m_out.phi(pointerType(), fastButterfly, slowButterfly));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ ArrayValues allocateUninitializedContiguousJSArray(LValue publicLength, Structure* structure)
+ {
+ bool shouldInitializeElements = false;
+ bool shouldLargeArraySizeCreateArrayStorage = false;
+ return allocateJSArray(
+ publicLength, structure, shouldInitializeElements,
+ shouldLargeArraySizeCreateArrayStorage);
+ }
+
</ins><span class="cx"> LValue ensureShadowChickenPacket()
</span><span class="cx"> {
</span><span class="cx"> LBasicBlock slowCase = m_out.newBlock();
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreftlFTLOutputcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLOutput.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLOutput.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLOutput.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -100,7 +100,9 @@
</span><span class="cx">
</span><span class="cx"> LValue Output::constBool(bool value)
</span><span class="cx"> {
</span><del>- return m_block->appendNew<B3::Const32Value>(m_proc, origin(), value);
</del><ins>+ if (value)
+ return booleanTrue;
+ return booleanFalse;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> LValue Output::constInt32(int32_t value)
</span><span class="lines">@@ -125,6 +127,10 @@
</span><span class="cx">
</span><span class="cx"> LValue Output::add(LValue left, LValue right)
</span><span class="cx"> {
</span><ins>+ if (Value* result = left->addConstant(m_proc, right)) {
+ m_block->append(result);
+ return result;
+ }
</ins><span class="cx"> return m_block->appendNew<B3::Value>(m_proc, B3::Add, origin(), left, right);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -205,17 +211,32 @@
</span><span class="cx">
</span><span class="cx"> LValue Output::shl(LValue left, LValue right)
</span><span class="cx"> {
</span><del>- return m_block->appendNew<B3::Value>(m_proc, B3::Shl, origin(), left, castToInt32(right));
</del><ins>+ right = castToInt32(right);
+ if (Value* result = left->shlConstant(m_proc, right)) {
+ m_block->append(result);
+ return result;
+ }
+ return m_block->appendNew<B3::Value>(m_proc, B3::Shl, origin(), left, right);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> LValue Output::aShr(LValue left, LValue right)
</span><span class="cx"> {
</span><del>- return m_block->appendNew<B3::Value>(m_proc, B3::SShr, origin(), left, castToInt32(right));
</del><ins>+ right = castToInt32(right);
+ if (Value* result = left->sShrConstant(m_proc, right)) {
+ m_block->append(result);
+ return result;
+ }
+ return m_block->appendNew<B3::Value>(m_proc, B3::SShr, origin(), left, right);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> LValue Output::lShr(LValue left, LValue right)
</span><span class="cx"> {
</span><del>- return m_block->appendNew<B3::Value>(m_proc, B3::ZShr, origin(), left, castToInt32(right));
</del><ins>+ right = castToInt32(right);
+ if (Value* result = left->zShrConstant(m_proc, right)) {
+ m_block->append(result);
+ return result;
+ }
+ return m_block->appendNew<B3::Value>(m_proc, B3::ZShr, origin(), left, right);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> LValue Output::bitNot(LValue value)
</span><span class="lines">@@ -343,6 +364,8 @@
</span><span class="cx"> {
</span><span class="cx"> if (value->type() == type)
</span><span class="cx"> return value;
</span><ins>+ if (value->hasInt32())
+ return m_block->appendIntConstant(m_proc, origin(), Int64, static_cast<uint64_t>(static_cast<uint32_t>(value->asInt32())));
</ins><span class="cx"> return m_block->appendNew<B3::Value>(m_proc, B3::ZExt32, origin(), value);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -358,8 +381,11 @@
</span><span class="cx">
</span><span class="cx"> LValue Output::castToInt32(LValue value)
</span><span class="cx"> {
</span><del>- return value->type() == B3::Int32 ? value :
- m_block->appendNew<B3::Value>(m_proc, B3::Trunc, origin(), value);
</del><ins>+ if (value->type() == Int32)
+ return value;
+ if (value->hasInt64())
+ return constInt32(static_cast<int32_t>(value->asInt64()));
+ return m_block->appendNew<B3::Value>(m_proc, B3::Trunc, origin(), value);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> LValue Output::doubleToFloat(LValue value)
</span><span class="lines">@@ -453,51 +479,81 @@
</span><span class="cx">
</span><span class="cx"> LValue Output::equal(LValue left, LValue right)
</span><span class="cx"> {
</span><ins>+ TriState result = left->equalConstant(right);
+ if (result != MixedTriState)
+ return constBool(result == TrueTriState);
</ins><span class="cx"> return m_block->appendNew<B3::Value>(m_proc, B3::Equal, origin(), left, right);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> LValue Output::notEqual(LValue left, LValue right)
</span><span class="cx"> {
</span><ins>+ TriState result = left->notEqualConstant(right);
+ if (result != MixedTriState)
+ return constBool(result == TrueTriState);
</ins><span class="cx"> return m_block->appendNew<B3::Value>(m_proc, B3::NotEqual, origin(), left, right);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> LValue Output::above(LValue left, LValue right)
</span><span class="cx"> {
</span><ins>+ TriState result = left->aboveConstant(right);
+ if (result != MixedTriState)
+ return constBool(result == TrueTriState);
</ins><span class="cx"> return m_block->appendNew<B3::Value>(m_proc, B3::Above, origin(), left, right);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> LValue Output::aboveOrEqual(LValue left, LValue right)
</span><span class="cx"> {
</span><ins>+ TriState result = left->aboveEqualConstant(right);
+ if (result != MixedTriState)
+ return constBool(result == TrueTriState);
</ins><span class="cx"> return m_block->appendNew<B3::Value>(m_proc, B3::AboveEqual, origin(), left, right);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> LValue Output::below(LValue left, LValue right)
</span><span class="cx"> {
</span><ins>+ TriState result = left->belowConstant(right);
+ if (result != MixedTriState)
+ return constBool(result == TrueTriState);
</ins><span class="cx"> return m_block->appendNew<B3::Value>(m_proc, B3::Below, origin(), left, right);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> LValue Output::belowOrEqual(LValue left, LValue right)
</span><span class="cx"> {
</span><ins>+ TriState result = left->belowEqualConstant(right);
+ if (result != MixedTriState)
+ return constBool(result == TrueTriState);
</ins><span class="cx"> return m_block->appendNew<B3::Value>(m_proc, B3::BelowEqual, origin(), left, right);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> LValue Output::greaterThan(LValue left, LValue right)
</span><span class="cx"> {
</span><ins>+ TriState result = left->greaterThanConstant(right);
+ if (result != MixedTriState)
+ return constBool(result == TrueTriState);
</ins><span class="cx"> return m_block->appendNew<B3::Value>(m_proc, B3::GreaterThan, origin(), left, right);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> LValue Output::greaterThanOrEqual(LValue left, LValue right)
</span><span class="cx"> {
</span><ins>+ TriState result = left->greaterEqualConstant(right);
+ if (result != MixedTriState)
+ return constBool(result == TrueTriState);
</ins><span class="cx"> return m_block->appendNew<B3::Value>(m_proc, B3::GreaterEqual, origin(), left, right);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> LValue Output::lessThan(LValue left, LValue right)
</span><span class="cx"> {
</span><ins>+ TriState result = left->lessThanConstant(right);
+ if (result != MixedTriState)
+ return constBool(result == TrueTriState);
</ins><span class="cx"> return m_block->appendNew<B3::Value>(m_proc, B3::LessThan, origin(), left, right);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> LValue Output::lessThanOrEqual(LValue left, LValue right)
</span><span class="cx"> {
</span><ins>+ TriState result = left->lessEqualConstant(right);
+ if (result != MixedTriState)
+ return constBool(result == TrueTriState);
</ins><span class="cx"> return m_block->appendNew<B3::Value>(m_proc, B3::LessEqual, origin(), left, right);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -583,6 +639,12 @@
</span><span class="cx">
</span><span class="cx"> LValue Output::select(LValue value, LValue taken, LValue notTaken)
</span><span class="cx"> {
</span><ins>+ if (value->hasInt32()) {
+ if (value->asInt32())
+ return taken;
+ else
+ return notTaken;
+ }
</ins><span class="cx"> return m_block->appendNew<B3::Value>(m_proc, B3::Select, origin(), value, taken, notTaken);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -621,6 +683,11 @@
</span><span class="cx"> m_block->appendNewControlValue(m_proc, B3::Oops, origin());
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void Output::appendSuccessor(WeightedTarget target)
+{
+ m_block->appendSuccessor(target.frequentedBlock());
+}
+
</ins><span class="cx"> CheckValue* Output::speculate(LValue value)
</span><span class="cx"> {
</span><span class="cx"> return m_block->appendNew<B3::CheckValue>(m_proc, B3::Check, origin(), value);
</span><span class="lines">@@ -741,7 +808,8 @@
</span><span class="cx">
</span><span class="cx"> void Output::addIncomingToPhi(LValue phi, ValueFromBlock value)
</span><span class="cx"> {
</span><del>- value.value()->as<B3::UpsilonValue>()->setPhi(phi);
</del><ins>+ if (value)
+ value.value()->as<B3::UpsilonValue>()->setPhi(phi);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } } // namespace JSC::FTL
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreftlFTLOutputh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLOutput.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLOutput.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLOutput.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -398,6 +398,8 @@
</span><span class="cx"> void ret(LValue);
</span><span class="cx">
</span><span class="cx"> void unreachable();
</span><ins>+
+ void appendSuccessor(WeightedTarget);
</ins><span class="cx">
</span><span class="cx"> B3::CheckValue* speculate(LValue);
</span><span class="cx"> B3::CheckValue* speculateAdd(LValue, LValue);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreftlFTLValueFromBlockh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLValueFromBlock.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLValueFromBlock.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLValueFromBlock.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -45,6 +45,8 @@
</span><span class="cx"> , m_block(block)
</span><span class="cx"> {
</span><span class="cx"> }
</span><ins>+
+ explicit operator bool() const { return m_value || m_block; }
</ins><span class="cx">
</span><span class="cx"> LValue value() const { return m_value; }
</span><span class="cx"> LBasicBlock block() const { return m_block; }
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreftlFTLWeightedTargeth"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLWeightedTarget.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLWeightedTarget.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/ftl/FTLWeightedTarget.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -55,6 +55,11 @@
</span><span class="cx"> LBasicBlock target() const { return m_target; }
</span><span class="cx"> Weight weight() const { return m_weight; }
</span><span class="cx">
</span><ins>+ B3::FrequentedBlock frequentedBlock() const
+ {
+ return B3::FrequentedBlock(target(), weight().frequencyClass());
+ }
+
</ins><span class="cx"> private:
</span><span class="cx"> LBasicBlock m_target;
</span><span class="cx"> Weight m_weight;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapCellContainerh"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/CellContainer.h (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/CellContainer.h (rev 0)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/CellContainer.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,93 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include <wtf/StdLibExtras.h>
+
+namespace JSC {
+
+class HeapCell;
+class LargeAllocation;
+class MarkedBlock;
+class WeakSet;
+
+// This is how we abstract over either MarkedBlock& or LargeAllocation&. Put things in here as you
+// find need for them.
+
+class CellContainer {
+public:
+ CellContainer()
+ : m_encodedPointer(0)
+ {
+ }
+
+ CellContainer(MarkedBlock& markedBlock)
+ : m_encodedPointer(bitwise_cast<uintptr_t>(&markedBlock))
+ {
+ }
+
+ CellContainer(LargeAllocation& largeAllocation)
+ : m_encodedPointer(bitwise_cast<uintptr_t>(&largeAllocation) | isLargeAllocationBit)
+ {
+ }
+
+ explicit operator bool() const { return !!m_encodedPointer; }
+
+ bool isMarkedBlock() const { return m_encodedPointer && !(m_encodedPointer & isLargeAllocationBit); }
+ bool isLargeAllocation() const { return m_encodedPointer & isLargeAllocationBit; }
+
+ MarkedBlock& markedBlock() const
+ {
+ ASSERT(isMarkedBlock());
+ return *bitwise_cast<MarkedBlock*>(m_encodedPointer);
+ }
+
+ LargeAllocation& largeAllocation() const
+ {
+ ASSERT(isLargeAllocation());
+ return *bitwise_cast<LargeAllocation*>(m_encodedPointer - isLargeAllocationBit);
+ }
+
+ void flipIfNecessary(uint64_t heapVersion);
+ void flipIfNecessary();
+
+ bool isMarked() const;
+ bool isMarked(HeapCell*) const;
+ bool isMarkedOrNewlyAllocated(HeapCell*) const;
+
+ void noteMarked();
+
+ size_t cellSize() const;
+
+ WeakSet& weakSet() const;
+
+private:
+ static const uintptr_t isLargeAllocationBit = 1;
+ uintptr_t m_encodedPointer;
+};
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapCellContainerInlineshfromrev205702releasesWebKitGTKwebkit214SourceJavaScriptCorebytecodeLLIntPrototypeLoadAdaptiveStructureWatchpointcpp"></a>
<div class="copfile"><h4>Copied: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/CellContainerInlines.h (from rev 205702, releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp) (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/CellContainerInlines.h (rev 0)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/CellContainerInlines.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,89 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "CellContainer.h"
+#include "JSCell.h"
+#include "LargeAllocation.h"
+#include "MarkedBlock.h"
+
+namespace JSC {
+
+inline bool CellContainer::isMarked() const
+{
+ if (isLargeAllocation())
+ return true;
+ return markedBlock().handle().isMarked();
+}
+
+inline bool CellContainer::isMarked(HeapCell* cell) const
+{
+ if (isLargeAllocation())
+ return largeAllocation().isMarked();
+ return markedBlock().isMarked(cell);
+}
+
+inline bool CellContainer::isMarkedOrNewlyAllocated(HeapCell* cell) const
+{
+ if (isLargeAllocation())
+ return largeAllocation().isMarkedOrNewlyAllocated();
+ return markedBlock().isMarkedOrNewlyAllocated(cell);
+}
+
+inline void CellContainer::noteMarked()
+{
+ if (!isLargeAllocation())
+ markedBlock().noteMarked();
+}
+
+inline size_t CellContainer::cellSize() const
+{
+ if (isLargeAllocation())
+ return largeAllocation().cellSize();
+ return markedBlock().cellSize();
+}
+
+inline WeakSet& CellContainer::weakSet() const
+{
+ if (isLargeAllocation())
+ return largeAllocation().weakSet();
+ return markedBlock().weakSet();
+}
+
+inline void CellContainer::flipIfNecessary(uint64_t heapVersion)
+{
+ if (!isLargeAllocation())
+ markedBlock().flipIfNecessary(heapVersion);
+}
+
+inline void CellContainer::flipIfNecessary()
+{
+ if (!isLargeAllocation())
+ markedBlock().flipIfNecessary();
+}
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapConservativeRootscpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/ConservativeRoots.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/ConservativeRoots.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/ConservativeRoots.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2011 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2011, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -31,6 +31,8 @@
</span><span class="cx"> #include "CopiedSpace.h"
</span><span class="cx"> #include "CopiedSpaceInlines.h"
</span><span class="cx"> #include "HeapInlines.h"
</span><ins>+#include "HeapUtil.h"
+#include "JITStubRoutineSet.h"
</ins><span class="cx"> #include "JSCell.h"
</span><span class="cx"> #include "JSObject.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><span class="lines">@@ -39,12 +41,11 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><del>-ConservativeRoots::ConservativeRoots(MarkedBlockSet* blocks, CopiedSpace* copiedSpace)
</del><ins>+ConservativeRoots::ConservativeRoots(Heap& heap)
</ins><span class="cx"> : m_roots(m_inlineRoots)
</span><span class="cx"> , m_size(0)
</span><span class="cx"> , m_capacity(inlineCapacity)
</span><del>- , m_blocks(blocks)
- , m_copiedSpace(copiedSpace)
</del><ins>+ , m_heap(heap)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -51,34 +52,35 @@
</span><span class="cx"> ConservativeRoots::~ConservativeRoots()
</span><span class="cx"> {
</span><span class="cx"> if (m_roots != m_inlineRoots)
</span><del>- OSAllocator::decommitAndRelease(m_roots, m_capacity * sizeof(JSCell*));
</del><ins>+ OSAllocator::decommitAndRelease(m_roots, m_capacity * sizeof(HeapCell*));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void ConservativeRoots::grow()
</span><span class="cx"> {
</span><span class="cx"> size_t newCapacity = m_capacity == inlineCapacity ? nonInlineCapacity : m_capacity * 2;
</span><del>- JSCell** newRoots = static_cast<JSCell**>(OSAllocator::reserveAndCommit(newCapacity * sizeof(JSCell*)));
- memcpy(newRoots, m_roots, m_size * sizeof(JSCell*));
</del><ins>+ HeapCell** newRoots = static_cast<HeapCell**>(OSAllocator::reserveAndCommit(newCapacity * sizeof(HeapCell*)));
+ memcpy(newRoots, m_roots, m_size * sizeof(HeapCell*));
</ins><span class="cx"> if (m_roots != m_inlineRoots)
</span><del>- OSAllocator::decommitAndRelease(m_roots, m_capacity * sizeof(JSCell*));
</del><ins>+ OSAllocator::decommitAndRelease(m_roots, m_capacity * sizeof(HeapCell*));
</ins><span class="cx"> m_capacity = newCapacity;
</span><span class="cx"> m_roots = newRoots;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename MarkHook>
</span><del>-inline void ConservativeRoots::genericAddPointer(void* p, TinyBloomFilter filter, MarkHook& markHook)
</del><ins>+inline void ConservativeRoots::genericAddPointer(void* p, int64_t version, TinyBloomFilter filter, MarkHook& markHook)
</ins><span class="cx"> {
</span><span class="cx"> markHook.mark(p);
</span><span class="cx">
</span><del>- m_copiedSpace->pinIfNecessary(p);
</del><ins>+ m_heap.storageSpace().pinIfNecessary(p);
</ins><span class="cx">
</span><del>- if (!Heap::isPointerGCObject(filter, *m_blocks, p))
- return;
-
- if (m_size == m_capacity)
- grow();
-
- m_roots[m_size++] = static_cast<JSCell*>(p);
</del><ins>+ HeapUtil::findGCObjectPointersForMarking(
+ m_heap, version, filter, p,
+ [&] (void* p) {
+ if (m_size == m_capacity)
+ grow();
+
+ m_roots[m_size++] = bitwise_cast<HeapCell*>(p);
+ });
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename MarkHook>
</span><span class="lines">@@ -94,9 +96,10 @@
</span><span class="cx"> RELEASE_ASSERT(isPointerAligned(begin));
</span><span class="cx"> RELEASE_ASSERT(isPointerAligned(end));
</span><span class="cx">
</span><del>- TinyBloomFilter filter = m_blocks->filter(); // Make a local copy of filter to show the compiler it won't alias, and can be register-allocated.
</del><ins>+ TinyBloomFilter filter = m_heap.objectSpace().blocks().filter(); // Make a local copy of filter to show the compiler it won't alias, and can be register-allocated.
+ int64_t version = m_heap.objectSpace().version();
</ins><span class="cx"> for (char** it = static_cast<char**>(begin); it != static_cast<char**>(end); ++it)
</span><del>- genericAddPointer(*it, filter, markHook);
</del><ins>+ genericAddPointer(*it, version, filter, markHook);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> class DummyMarkHook {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapConservativeRootsh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/ConservativeRoots.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/ConservativeRoots.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/ConservativeRoots.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2009 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2009, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -31,12 +31,12 @@
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="cx"> class CodeBlockSet;
</span><ins>+class HeapCell;
</ins><span class="cx"> class JITStubRoutineSet;
</span><del>-class JSCell;
</del><span class="cx">
</span><span class="cx"> class ConservativeRoots {
</span><span class="cx"> public:
</span><del>- ConservativeRoots(MarkedBlockSet*, CopiedSpace*);
</del><ins>+ ConservativeRoots(Heap&);
</ins><span class="cx"> ~ConservativeRoots();
</span><span class="cx">
</span><span class="cx"> void add(void* begin, void* end);
</span><span class="lines">@@ -44,14 +44,14 @@
</span><span class="cx"> void add(void* begin, void* end, JITStubRoutineSet&, CodeBlockSet&);
</span><span class="cx">
</span><span class="cx"> size_t size();
</span><del>- JSCell** roots();
</del><ins>+ HeapCell** roots();
</ins><span class="cx">
</span><span class="cx"> private:
</span><span class="cx"> static const size_t inlineCapacity = 128;
</span><del>- static const size_t nonInlineCapacity = 8192 / sizeof(JSCell*);
</del><ins>+ static const size_t nonInlineCapacity = 8192 / sizeof(HeapCell*);
</ins><span class="cx">
</span><span class="cx"> template<typename MarkHook>
</span><del>- void genericAddPointer(void*, TinyBloomFilter, MarkHook&);
</del><ins>+ void genericAddPointer(void*, int64_t heapVersion, TinyBloomFilter, MarkHook&);
</ins><span class="cx">
</span><span class="cx"> template<typename MarkHook>
</span><span class="cx"> void genericAddSpan(void*, void* end, MarkHook&);
</span><span class="lines">@@ -58,12 +58,11 @@
</span><span class="cx">
</span><span class="cx"> void grow();
</span><span class="cx">
</span><del>- JSCell** m_roots;
</del><ins>+ HeapCell** m_roots;
</ins><span class="cx"> size_t m_size;
</span><span class="cx"> size_t m_capacity;
</span><del>- MarkedBlockSet* m_blocks;
- CopiedSpace* m_copiedSpace;
- JSCell* m_inlineRoots[inlineCapacity];
</del><ins>+ Heap& m_heap;
+ HeapCell* m_inlineRoots[inlineCapacity];
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> inline size_t ConservativeRoots::size()
</span><span class="lines">@@ -71,7 +70,7 @@
</span><span class="cx"> return m_size;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline JSCell** ConservativeRoots::roots()
</del><ins>+inline HeapCell** ConservativeRoots::roots()
</ins><span class="cx"> {
</span><span class="cx"> return m_roots;
</span><span class="cx"> }
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapCopyTokenh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/CopyToken.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/CopyToken.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/CopyToken.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013, 2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2015-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -29,7 +29,6 @@
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="cx"> enum CopyToken {
</span><del>- ButterflyCopyToken,
</del><span class="cx"> TypedArrayVectorCopyToken,
</span><span class="cx"> MapBackingStoreCopyToken,
</span><span class="cx"> DirectArgumentsOverridesCopyToken
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapFreeListcppfromrev205702releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSErrorEventCustomcpp"></a>
<div class="copfile"><h4>Copied: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/FreeList.cpp (from rev 205702, releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSErrorEventCustom.cpp) (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/FreeList.cpp (rev 0)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/FreeList.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,37 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "FreeList.h"
+
+namespace JSC {
+
+void FreeList::dump(PrintStream& out) const
+{
+ out.print("{head = ", RawPointer(head), ", payloadEnd = ", RawPointer(payloadEnd), ", remaining = ", remaining, ", originalSize = ", originalSize, "}");
+}
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapFreeListh"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/FreeList.h (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/FreeList.h (rev 0)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/FreeList.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,91 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include <wtf/PrintStream.h>
+
+namespace JSC {
+
+struct FreeCell {
+ FreeCell* next;
+};
+
+// This representation of a FreeList is convenient for the MarkedAllocator.
+
+struct FreeList {
+ FreeCell* head { nullptr };
+ char* payloadEnd { nullptr };
+ unsigned remaining { 0 };
+ unsigned originalSize { 0 };
+
+ FreeList()
+ {
+ }
+
+ static FreeList list(FreeCell* head, unsigned bytes)
+ {
+ FreeList result;
+ result.head = head;
+ result.remaining = 0;
+ result.originalSize = bytes;
+ return result;
+ }
+
+ static FreeList bump(char* payloadEnd, unsigned remaining)
+ {
+ FreeList result;
+ result.payloadEnd = payloadEnd;
+ result.remaining = remaining;
+ result.originalSize = remaining;
+ return result;
+ }
+
+ bool operator==(const FreeList& other) const
+ {
+ return head == other.head
+ && payloadEnd == other.payloadEnd
+ && remaining == other.remaining
+ && originalSize == other.originalSize;
+ }
+
+ bool operator!=(const FreeList& other) const
+ {
+ return !(*this == other);
+ }
+
+ explicit operator bool() const
+ {
+ return *this != FreeList();
+ }
+
+ bool allocationWillFail() const { return !head && !remaining; }
+ bool allocationWillSucceed() const { return !allocationWillFail(); }
+
+ void dump(PrintStream&) const;
+};
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapGCTypeMaphfromrev205702releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSApplePayShippingContactSelectedEventCustomcpp"></a>
<div class="copfile"><h4>Copied: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/GCTypeMap.h (from rev 205702, releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSApplePayShippingContactSelectedEventCustom.cpp) (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/GCTypeMap.h (rev 0)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/GCTypeMap.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,56 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "HeapOperation.h"
+#include <wtf/Assertions.h>
+
+namespace JSC {
+
+template<typename T>
+struct GCTypeMap {
+ T eden;
+ T full;
+
+ T& operator[](HeapOperation operation)
+ {
+ if (operation == FullCollection)
+ return full;
+ ASSERT(operation == EdenCollection);
+ return eden;
+ }
+
+ const T& operator[](HeapOperation operation) const
+ {
+ if (operation == FullCollection)
+ return full;
+ ASSERT(operation == EdenCollection);
+ return eden;
+ }
+};
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapHeapcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/Heap.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/Heap.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/Heap.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -31,6 +31,7 @@
</span><span class="cx"> #include "FullGCActivityCallback.h"
</span><span class="cx"> #include "GCActivityCallback.h"
</span><span class="cx"> #include "GCIncomingRefCountedSetInlines.h"
</span><ins>+#include "GCTypeMap.h"
</ins><span class="cx"> #include "HeapHelperPool.h"
</span><span class="cx"> #include "HeapIterationScope.h"
</span><span class="cx"> #include "HeapProfiler.h"
</span><span class="lines">@@ -40,6 +41,7 @@
</span><span class="cx"> #include "HeapVerifier.h"
</span><span class="cx"> #include "IncrementalSweeper.h"
</span><span class="cx"> #include "Interpreter.h"
</span><ins>+#include "JITStubRoutineSet.h"
</ins><span class="cx"> #include "JITWorklist.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><span class="cx"> #include "JSGlobalObject.h"
</span><span class="lines">@@ -47,6 +49,7 @@
</span><span class="cx"> #include "JSVirtualMachineInternal.h"
</span><span class="cx"> #include "SamplingProfiler.h"
</span><span class="cx"> #include "ShadowChicken.h"
</span><ins>+#include "SuperSampler.h"
</ins><span class="cx"> #include "TypeProfilerLog.h"
</span><span class="cx"> #include "UnlinkedCodeBlock.h"
</span><span class="cx"> #include "VM.h"
</span><span class="lines">@@ -57,6 +60,7 @@
</span><span class="cx"> #include <wtf/ParallelVectorIterator.h>
</span><span class="cx"> #include <wtf/ProcessID.h>
</span><span class="cx"> #include <wtf/RAMSize.h>
</span><ins>+#include <wtf/SimpleStats.h>
</ins><span class="cx">
</span><span class="cx"> #if USE(FOUNDATION)
</span><span class="cx"> #if __has_include(<objc/objc-internal.h>)
</span><span class="lines">@@ -74,152 +78,9 @@
</span><span class="cx"> namespace {
</span><span class="cx">
</span><span class="cx"> static const size_t largeHeapSize = 32 * MB; // About 1.5X the average webpage.
</span><del>-static const size_t smallHeapSize = 1 * MB; // Matches the FastMalloc per-thread cache.
</del><ins>+const size_t smallHeapSize = 1 * MB; // Matches the FastMalloc per-thread cache.
</ins><span class="cx">
</span><del>-#define ENABLE_GC_LOGGING 0
-
-#if ENABLE(GC_LOGGING)
-#if COMPILER(CLANG)
-#define DEFINE_GC_LOGGING_GLOBAL(type, name, arguments) \
-_Pragma("clang diagnostic push") \
-_Pragma("clang diagnostic ignored \"-Wglobal-constructors\"") \
-_Pragma("clang diagnostic ignored \"-Wexit-time-destructors\"") \
-static type name arguments; \
-_Pragma("clang diagnostic pop")
-#else
-#define DEFINE_GC_LOGGING_GLOBAL(type, name, arguments) \
-static type name arguments;
-#endif // COMPILER(CLANG)
-
-struct GCTimer {
- GCTimer(const char* name)
- : name(name)
- {
- }
- ~GCTimer()
- {
- logData(allCollectionData, "(All)");
- logData(edenCollectionData, "(Eden)");
- logData(fullCollectionData, "(Full)");
- }
-
- struct TimeRecord {
- TimeRecord()
- : time(0)
- , min(std::numeric_limits<double>::infinity())
- , max(0)
- , count(0)
- {
- }
-
- double time;
- double min;
- double max;
- size_t count;
- };
-
- void logData(const TimeRecord& data, const char* extra)
- {
- dataLogF("[%d] %s (Parent: %s) %s: %.2lfms (avg. %.2lf, min. %.2lf, max. %.2lf, count %lu)\n",
- getCurrentProcessID(),
- name,
- parent ? parent->name : "nullptr",
- extra,
- data.time * 1000,
- data.time * 1000 / data.count,
- data.min * 1000,
- data.max * 1000,
- data.count);
- }
-
- void updateData(TimeRecord& data, double duration)
- {
- if (duration < data.min)
- data.min = duration;
- if (duration > data.max)
- data.max = duration;
- data.count++;
- data.time += duration;
- }
-
- void didFinishPhase(HeapOperation collectionType, double duration)
- {
- TimeRecord& data = collectionType == EdenCollection ? edenCollectionData : fullCollectionData;
- updateData(data, duration);
- updateData(allCollectionData, duration);
- }
-
- static GCTimer* s_currentGlobalTimer;
-
- TimeRecord allCollectionData;
- TimeRecord fullCollectionData;
- TimeRecord edenCollectionData;
- const char* name;
- GCTimer* parent { nullptr };
-};
-
-GCTimer* GCTimer::s_currentGlobalTimer = nullptr;
-
-struct GCTimerScope {
- GCTimerScope(GCTimer& timer, HeapOperation collectionType)
- : timer(timer)
- , start(WTF::monotonicallyIncreasingTime())
- , collectionType(collectionType)
- {
- timer.parent = GCTimer::s_currentGlobalTimer;
- GCTimer::s_currentGlobalTimer = &timer;
- }
- ~GCTimerScope()
- {
- double delta = WTF::monotonicallyIncreasingTime() - start;
- timer.didFinishPhase(collectionType, delta);
- GCTimer::s_currentGlobalTimer = timer.parent;
- }
- GCTimer& timer;
- double start;
- HeapOperation collectionType;
-};
-
-struct GCCounter {
- GCCounter(const char* name)
- : name(name)
- , count(0)
- , total(0)
- , min(10000000)
- , max(0)
- {
- }
-
- void add(size_t amount)
- {
- count++;
- total += amount;
- if (amount < min)
- min = amount;
- if (amount > max)
- max = amount;
- }
- ~GCCounter()
- {
- dataLogF("[%d] %s: %zu values (avg. %zu, min. %zu, max. %zu)\n", getCurrentProcessID(), name, total, total / count, min, max);
- }
- const char* name;
- size_t count;
- size_t total;
- size_t min;
- size_t max;
-};
-
-#define GCPHASE(name) DEFINE_GC_LOGGING_GLOBAL(GCTimer, name##Timer, (#name)); GCTimerScope name##TimerScope(name##Timer, m_operationInProgress)
-#define GCCOUNTER(name, value) do { DEFINE_GC_LOGGING_GLOBAL(GCCounter, name##Counter, (#name)); name##Counter.add(value); } while (false)
-
-#else
-
-#define GCPHASE(name) do { } while (false)
-#define GCCOUNTER(name, value) do { } while (false)
-#endif
-
-static inline size_t minHeapSize(HeapType heapType, size_t ramSize)
</del><ins>+size_t minHeapSize(HeapType heapType, size_t ramSize)
</ins><span class="cx"> {
</span><span class="cx"> if (heapType == LargeHeap)
</span><span class="cx"> return min(largeHeapSize, ramSize / 4);
</span><span class="lines">@@ -226,7 +87,7 @@
</span><span class="cx"> return smallHeapSize;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-static inline size_t proportionalHeapSize(size_t heapSize, size_t ramSize)
</del><ins>+size_t proportionalHeapSize(size_t heapSize, size_t ramSize)
</ins><span class="cx"> {
</span><span class="cx"> // Try to stay under 1/2 RAM size to leave room for the DOM, rendering, networking, etc.
</span><span class="cx"> if (heapSize < ramSize / 4)
</span><span class="lines">@@ -236,12 +97,12 @@
</span><span class="cx"> return 1.25 * heapSize;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-static inline bool isValidSharedInstanceThreadState(VM* vm)
</del><ins>+bool isValidSharedInstanceThreadState(VM* vm)
</ins><span class="cx"> {
</span><span class="cx"> return vm->currentThreadIsHoldingAPILock();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-static inline bool isValidThreadState(VM* vm)
</del><ins>+bool isValidThreadState(VM* vm)
</ins><span class="cx"> {
</span><span class="cx"> if (vm->atomicStringTable() != wtfThreadData().atomicStringTable())
</span><span class="cx"> return false;
</span><span class="lines">@@ -252,7 +113,7 @@
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-static inline void recordType(TypeCountSet& set, JSCell* cell)
</del><ins>+void recordType(TypeCountSet& set, JSCell* cell)
</ins><span class="cx"> {
</span><span class="cx"> const char* typeName = "[unknown]";
</span><span class="cx"> const ClassInfo* info = cell->classInfo();
</span><span class="lines">@@ -261,6 +122,69 @@
</span><span class="cx"> set.add(typeName);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+bool measurePhaseTiming()
+{
+ return false;
+}
+
+HashMap<const char*, GCTypeMap<SimpleStats>>& timingStats()
+{
+ static HashMap<const char*, GCTypeMap<SimpleStats>>* result;
+ static std::once_flag once;
+ std::call_once(
+ once,
+ [] {
+ result = new HashMap<const char*, GCTypeMap<SimpleStats>>();
+ });
+ return *result;
+}
+
+SimpleStats& timingStats(const char* name, HeapOperation operation)
+{
+ return timingStats().add(name, GCTypeMap<SimpleStats>()).iterator->value[operation];
+}
+
+class TimingScope {
+public:
+ TimingScope(HeapOperation operation, const char* name)
+ : m_operation(operation)
+ , m_name(name)
+ {
+ if (measurePhaseTiming())
+ m_before = monotonicallyIncreasingTimeMS();
+ }
+
+ TimingScope(Heap& heap, const char* name)
+ : TimingScope(heap.operationInProgress(), name)
+ {
+ }
+
+ void setOperation(HeapOperation operation)
+ {
+ m_operation = operation;
+ }
+
+ void setOperation(Heap& heap)
+ {
+ setOperation(heap.operationInProgress());
+ }
+
+ ~TimingScope()
+ {
+ if (measurePhaseTiming()) {
+ double after = monotonicallyIncreasingTimeMS();
+ double timing = after - m_before;
+ SimpleStats& stats = timingStats(m_name, m_operation);
+ stats.add(timing);
+ dataLog("[GC:", m_operation, "] ", m_name, " took: ", timing, " ms (average ", stats.mean(), " ms).\n");
+ }
+ }
+private:
+ HeapOperation m_operation;
+ double m_before;
+ const char* m_name;
+};
+
</ins><span class="cx"> } // anonymous namespace
</span><span class="cx">
</span><span class="cx"> Heap::Heap(VM* vm, HeapType heapType)
</span><span class="lines">@@ -287,6 +211,8 @@
</span><span class="cx"> , m_machineThreads(this)
</span><span class="cx"> , m_slotVisitor(*this)
</span><span class="cx"> , m_handleSet(vm)
</span><ins>+ , m_codeBlocks(std::make_unique<CodeBlockSet>())
+ , m_jitStubRoutines(std::make_unique<JITStubRoutineSet>())
</ins><span class="cx"> , m_isSafeToCollect(false)
</span><span class="cx"> , m_writeBarrierBuffer(256)
</span><span class="cx"> , m_vm(vm)
</span><span class="lines">@@ -331,7 +257,7 @@
</span><span class="cx"> RELEASE_ASSERT(m_operationInProgress == NoOperation);
</span><span class="cx">
</span><span class="cx"> m_arrayBuffers.lastChanceToFinalize();
</span><del>- m_codeBlocks.lastChanceToFinalize();
</del><ins>+ m_codeBlocks->lastChanceToFinalize();
</ins><span class="cx"> m_objectSpace.lastChanceToFinalize();
</span><span class="cx"> releaseDelayedReleasedObjects();
</span><span class="cx">
</span><span class="lines">@@ -434,7 +360,6 @@
</span><span class="cx">
</span><span class="cx"> void Heap::finalizeUnconditionalFinalizers()
</span><span class="cx"> {
</span><del>- GCPHASE(FinalizeUnconditionalFinalizers);
</del><span class="cx"> m_slotVisitor.finalizeUnconditionalFinalizers();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -460,76 +385,86 @@
</span><span class="cx">
</span><span class="cx"> void Heap::markRoots(double gcStartTime, void* stackOrigin, void* stackTop, MachineThreads::RegisterState& calleeSavedRegisters)
</span><span class="cx"> {
</span><del>- GCPHASE(MarkRoots);
</del><ins>+ TimingScope markRootsTimingScope(*this, "Heap::markRoots");
+
</ins><span class="cx"> ASSERT(isValidThreadState(m_vm));
</span><span class="cx">
</span><del>- // We gather conservative roots before clearing mark bits because conservative
- // gathering uses the mark bits to determine whether a reference is valid.
- ConservativeRoots conservativeRoots(&m_objectSpace.blocks(), &m_storageSpace);
- gatherStackRoots(conservativeRoots, stackOrigin, stackTop, calleeSavedRegisters);
- gatherJSStackRoots(conservativeRoots);
- gatherScratchBufferRoots(conservativeRoots);
</del><ins>+ HeapRootVisitor heapRootVisitor(m_slotVisitor);
+
+ ConservativeRoots conservativeRoots(*this);
+ {
+ TimingScope preConvergenceTimingScope(*this, "Heap::markRoots before convergence");
+ // We gather conservative roots before clearing mark bits because conservative
+ // gathering uses the mark bits to determine whether a reference is valid.
+ {
+ TimingScope preConvergenceTimingScope(*this, "Heap::markRoots conservative scan");
+ SuperSamplerScope superSamplerScope(false);
+ gatherStackRoots(conservativeRoots, stackOrigin, stackTop, calleeSavedRegisters);
+ gatherJSStackRoots(conservativeRoots);
+ gatherScratchBufferRoots(conservativeRoots);
+ }
</ins><span class="cx">
</span><span class="cx"> #if ENABLE(DFG_JIT)
</span><del>- DFG::rememberCodeBlocks(*m_vm);
</del><ins>+ DFG::rememberCodeBlocks(*m_vm);
</ins><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> #if ENABLE(SAMPLING_PROFILER)
</span><del>- if (SamplingProfiler* samplingProfiler = m_vm->samplingProfiler()) {
- // Note that we need to own the lock from now until we're done
- // marking the SamplingProfiler's data because once we verify the
- // SamplingProfiler's stack traces, we don't want it to accumulate
- // more stack traces before we get the chance to mark it.
- // This lock is released inside visitSamplingProfiler().
- samplingProfiler->getLock().lock();
- samplingProfiler->processUnverifiedStackTraces();
- }
</del><ins>+ if (SamplingProfiler* samplingProfiler = m_vm->samplingProfiler()) {
+ // Note that we need to own the lock from now until we're done
+ // marking the SamplingProfiler's data because once we verify the
+ // SamplingProfiler's stack traces, we don't want it to accumulate
+ // more stack traces before we get the chance to mark it.
+ // This lock is released inside visitSamplingProfiler().
+ samplingProfiler->getLock().lock();
+ samplingProfiler->processUnverifiedStackTraces();
+ }
</ins><span class="cx"> #endif // ENABLE(SAMPLING_PROFILER)
</span><span class="cx">
</span><del>- if (m_operationInProgress == FullCollection) {
- m_opaqueRoots.clear();
- m_slotVisitor.clearMarkStack();
- }
</del><ins>+ if (m_operationInProgress == FullCollection) {
+ m_opaqueRoots.clear();
+ m_slotVisitor.clearMarkStack();
+ }
</ins><span class="cx">
</span><del>- clearLivenessData();
</del><ins>+ clearLivenessData();
</ins><span class="cx">
</span><del>- m_parallelMarkersShouldExit = false;
</del><ins>+ m_parallelMarkersShouldExit = false;
</ins><span class="cx">
</span><del>- m_helperClient.setFunction(
- [this] () {
- SlotVisitor* slotVisitor;
- {
- LockHolder locker(m_parallelSlotVisitorLock);
- if (m_availableParallelSlotVisitors.isEmpty()) {
- std::unique_ptr<SlotVisitor> newVisitor =
- std::make_unique<SlotVisitor>(*this);
- slotVisitor = newVisitor.get();
- m_parallelSlotVisitors.append(WTFMove(newVisitor));
- } else
- slotVisitor = m_availableParallelSlotVisitors.takeLast();
- }
</del><ins>+ m_helperClient.setFunction(
+ [this] () {
+ SlotVisitor* slotVisitor;
+ {
+ LockHolder locker(m_parallelSlotVisitorLock);
+ if (m_availableParallelSlotVisitors.isEmpty()) {
+ std::unique_ptr<SlotVisitor> newVisitor =
+ std::make_unique<SlotVisitor>(*this);
+ slotVisitor = newVisitor.get();
+ m_parallelSlotVisitors.append(WTFMove(newVisitor));
+ } else
+ slotVisitor = m_availableParallelSlotVisitors.takeLast();
+ }
</ins><span class="cx">
</span><del>- WTF::registerGCThread();
</del><ins>+ WTF::registerGCThread();
</ins><span class="cx">
</span><del>- {
- ParallelModeEnabler parallelModeEnabler(*slotVisitor);
- slotVisitor->didStartMarking();
- slotVisitor->drainFromShared(SlotVisitor::SlaveDrain);
- }
</del><ins>+ {
+ ParallelModeEnabler parallelModeEnabler(*slotVisitor);
+ slotVisitor->didStartMarking();
+ slotVisitor->drainFromShared(SlotVisitor::SlaveDrain);
+ }
</ins><span class="cx">
</span><del>- {
- LockHolder locker(m_parallelSlotVisitorLock);
- m_availableParallelSlotVisitors.append(slotVisitor);
- }
- });
</del><ins>+ {
+ LockHolder locker(m_parallelSlotVisitorLock);
+ m_availableParallelSlotVisitors.append(slotVisitor);
+ }
+ });
</ins><span class="cx">
</span><del>- m_slotVisitor.didStartMarking();
</del><ins>+ m_slotVisitor.didStartMarking();
+ }
</ins><span class="cx">
</span><del>- HeapRootVisitor heapRootVisitor(m_slotVisitor);
-
</del><span class="cx"> {
</span><ins>+ SuperSamplerScope superSamplerScope(false);
+ TimingScope convergenceTimingScope(*this, "Heap::markRoots convergence");
</ins><span class="cx"> ParallelModeEnabler enabler(m_slotVisitor);
</span><del>-
</del><ins>+
</ins><span class="cx"> m_slotVisitor.donateAndDrain();
</span><span class="cx"> visitExternalRememberedSet();
</span><span class="cx"> visitSmallStrings();
</span><span class="lines">@@ -544,6 +479,8 @@
</span><span class="cx"> traceCodeBlocksAndJITStubRoutines();
</span><span class="cx"> converge();
</span><span class="cx"> }
</span><ins>+
+ TimingScope postConvergenceTimingScope(*this, "Heap::markRoots after convergence");
</ins><span class="cx">
</span><span class="cx"> // Weak references must be marked last because their liveness depends on
</span><span class="cx"> // the liveness of the rest of the object graph.
</span><span class="lines">@@ -561,7 +498,7 @@
</span><span class="cx">
</span><span class="cx"> void Heap::copyBackingStores()
</span><span class="cx"> {
</span><del>- GCPHASE(CopyBackingStores);
</del><ins>+ SuperSamplerScope superSamplerScope(false);
</ins><span class="cx"> if (m_operationInProgress == EdenCollection)
</span><span class="cx"> m_storageSpace.startedCopying<EdenCollection>();
</span><span class="cx"> else {
</span><span class="lines">@@ -598,12 +535,6 @@
</span><span class="cx">
</span><span class="cx"> CopyWorkList& workList = block->workList();
</span><span class="cx"> for (CopyWorklistItem item : workList) {
</span><del>- if (item.token() == ButterflyCopyToken) {
- JSObject::copyBackingStore(
- item.cell(), copyVisitor, ButterflyCopyToken);
- continue;
- }
-
</del><span class="cx"> item.cell()->methodTable()->copyBackingStore(
</span><span class="cx"> item.cell(), copyVisitor, item.token());
</span><span class="cx"> }
</span><span class="lines">@@ -619,16 +550,14 @@
</span><span class="cx">
</span><span class="cx"> void Heap::gatherStackRoots(ConservativeRoots& roots, void* stackOrigin, void* stackTop, MachineThreads::RegisterState& calleeSavedRegisters)
</span><span class="cx"> {
</span><del>- GCPHASE(GatherStackRoots);
- m_jitStubRoutines.clearMarks();
- m_machineThreads.gatherConservativeRoots(roots, m_jitStubRoutines, m_codeBlocks, stackOrigin, stackTop, calleeSavedRegisters);
</del><ins>+ m_jitStubRoutines->clearMarks();
+ m_machineThreads.gatherConservativeRoots(roots, *m_jitStubRoutines, *m_codeBlocks, stackOrigin, stackTop, calleeSavedRegisters);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void Heap::gatherJSStackRoots(ConservativeRoots& roots)
</span><span class="cx"> {
</span><span class="cx"> #if !ENABLE(JIT)
</span><del>- GCPHASE(GatherJSStackRoots);
- m_vm->interpreter->cloopStack().gatherConservativeRoots(roots, m_jitStubRoutines, m_codeBlocks);
</del><ins>+ m_vm->interpreter->cloopStack().gatherConservativeRoots(roots, *m_jitStubRoutines, *m_codeBlocks);
</ins><span class="cx"> #else
</span><span class="cx"> UNUSED_PARAM(roots);
</span><span class="cx"> #endif
</span><span class="lines">@@ -637,7 +566,6 @@
</span><span class="cx"> void Heap::gatherScratchBufferRoots(ConservativeRoots& roots)
</span><span class="cx"> {
</span><span class="cx"> #if ENABLE(DFG_JIT)
</span><del>- GCPHASE(GatherScratchBufferRoots);
</del><span class="cx"> m_vm->gatherConservativeRoots(roots);
</span><span class="cx"> #else
</span><span class="cx"> UNUSED_PARAM(roots);
</span><span class="lines">@@ -646,12 +574,19 @@
</span><span class="cx">
</span><span class="cx"> void Heap::clearLivenessData()
</span><span class="cx"> {
</span><del>- GCPHASE(ClearLivenessData);
</del><ins>+ TimingScope timingScope(*this, "Heap::clearLivenessData");
</ins><span class="cx"> if (m_operationInProgress == FullCollection)
</span><del>- m_codeBlocks.clearMarksForFullCollection();
-
- m_objectSpace.clearNewlyAllocated();
- m_objectSpace.clearMarks();
</del><ins>+ m_codeBlocks->clearMarksForFullCollection();
+
+ {
+ TimingScope clearNewlyAllocatedTimingScope(*this, "m_objectSpace.clearNewlyAllocated");
+ m_objectSpace.clearNewlyAllocated();
+ }
+
+ {
+ TimingScope clearMarksTimingScope(*this, "m_objectSpace.clearMarks");
+ m_objectSpace.flip();
+ }
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void Heap::visitExternalRememberedSet()
</span><span class="lines">@@ -663,7 +598,6 @@
</span><span class="cx">
</span><span class="cx"> void Heap::visitSmallStrings()
</span><span class="cx"> {
</span><del>- GCPHASE(VisitSmallStrings);
</del><span class="cx"> if (!m_vm->smallStrings.needsToBeVisited(m_operationInProgress))
</span><span class="cx"> return;
</span><span class="cx">
</span><span class="lines">@@ -675,7 +609,6 @@
</span><span class="cx">
</span><span class="cx"> void Heap::visitConservativeRoots(ConservativeRoots& roots)
</span><span class="cx"> {
</span><del>- GCPHASE(VisitConservativeRoots);
</del><span class="cx"> m_slotVisitor.append(roots);
</span><span class="cx">
</span><span class="cx"> if (Options::logGC() == GCLogging::Verbose)
</span><span class="lines">@@ -698,7 +631,6 @@
</span><span class="cx"> void Heap::removeDeadCompilerWorklistEntries()
</span><span class="cx"> {
</span><span class="cx"> #if ENABLE(DFG_JIT)
</span><del>- GCPHASE(FinalizeDFGWorklists);
</del><span class="cx"> for (auto worklist : m_suspendedCompilerWorklists)
</span><span class="cx"> worklist->removeDeadPlans(*m_vm);
</span><span class="cx"> #endif
</span><span class="lines">@@ -732,7 +664,6 @@
</span><span class="cx">
</span><span class="cx"> void Heap::gatherExtraHeapSnapshotData(HeapProfiler& heapProfiler)
</span><span class="cx"> {
</span><del>- GCPHASE(GatherExtraHeapSnapshotData);
</del><span class="cx"> if (HeapSnapshotBuilder* builder = heapProfiler.activeSnapshotBuilder()) {
</span><span class="cx"> HeapIterationScope heapIterationScope(*this);
</span><span class="cx"> GatherHeapSnapshotData functor(*builder);
</span><span class="lines">@@ -758,7 +689,6 @@
</span><span class="cx">
</span><span class="cx"> void Heap::removeDeadHeapSnapshotNodes(HeapProfiler& heapProfiler)
</span><span class="cx"> {
</span><del>- GCPHASE(RemoveDeadHeapSnapshotNodes);
</del><span class="cx"> if (HeapSnapshot* snapshot = heapProfiler.mostRecentSnapshot()) {
</span><span class="cx"> HeapIterationScope heapIterationScope(*this);
</span><span class="cx"> RemoveDeadHeapSnapshotNodes functor(*snapshot);
</span><span class="lines">@@ -769,8 +699,6 @@
</span><span class="cx">
</span><span class="cx"> void Heap::visitProtectedObjects(HeapRootVisitor& heapRootVisitor)
</span><span class="cx"> {
</span><del>- GCPHASE(VisitProtectedObjects);
-
</del><span class="cx"> for (auto& pair : m_protectedValues)
</span><span class="cx"> heapRootVisitor.visit(&pair.key);
</span><span class="cx">
</span><span class="lines">@@ -782,7 +710,6 @@
</span><span class="cx">
</span><span class="cx"> void Heap::visitArgumentBuffers(HeapRootVisitor& visitor)
</span><span class="cx"> {
</span><del>- GCPHASE(MarkingArgumentBuffers);
</del><span class="cx"> if (!m_markListSet || !m_markListSet->size())
</span><span class="cx"> return;
</span><span class="cx">
</span><span class="lines">@@ -796,7 +723,6 @@
</span><span class="cx">
</span><span class="cx"> void Heap::visitException(HeapRootVisitor& visitor)
</span><span class="cx"> {
</span><del>- GCPHASE(MarkingException);
</del><span class="cx"> if (!m_vm->exception() && !m_vm->lastException())
</span><span class="cx"> return;
</span><span class="cx">
</span><span class="lines">@@ -811,7 +737,6 @@
</span><span class="cx">
</span><span class="cx"> void Heap::visitStrongHandles(HeapRootVisitor& visitor)
</span><span class="cx"> {
</span><del>- GCPHASE(VisitStrongHandles);
</del><span class="cx"> m_handleSet.visitStrongHandles(visitor);
</span><span class="cx">
</span><span class="cx"> if (Options::logGC() == GCLogging::Verbose)
</span><span class="lines">@@ -822,7 +747,6 @@
</span><span class="cx">
</span><span class="cx"> void Heap::visitHandleStack(HeapRootVisitor& visitor)
</span><span class="cx"> {
</span><del>- GCPHASE(VisitHandleStack);
</del><span class="cx"> m_handleStack.visit(visitor);
</span><span class="cx">
</span><span class="cx"> if (Options::logGC() == GCLogging::Verbose)
</span><span class="lines">@@ -836,7 +760,6 @@
</span><span class="cx"> #if ENABLE(SAMPLING_PROFILER)
</span><span class="cx"> if (SamplingProfiler* samplingProfiler = m_vm->samplingProfiler()) {
</span><span class="cx"> ASSERT(samplingProfiler->getLock().isLocked());
</span><del>- GCPHASE(VisitSamplingProfiler);
</del><span class="cx"> samplingProfiler->visit(m_slotVisitor);
</span><span class="cx"> if (Options::logGC() == GCLogging::Verbose)
</span><span class="cx"> dataLog("Sampling Profiler data:\n", m_slotVisitor);
</span><span class="lines">@@ -854,8 +777,7 @@
</span><span class="cx">
</span><span class="cx"> void Heap::traceCodeBlocksAndJITStubRoutines()
</span><span class="cx"> {
</span><del>- GCPHASE(TraceCodeBlocksAndJITStubRoutines);
- m_jitStubRoutines.traceMarkedStubRoutines(m_slotVisitor);
</del><ins>+ m_jitStubRoutines->traceMarkedStubRoutines(m_slotVisitor);
</ins><span class="cx">
</span><span class="cx"> if (Options::logGC() == GCLogging::Verbose)
</span><span class="cx"> dataLog("Code Blocks and JIT Stub Routines:\n", m_slotVisitor);
</span><span class="lines">@@ -865,15 +787,17 @@
</span><span class="cx">
</span><span class="cx"> void Heap::converge()
</span><span class="cx"> {
</span><del>- GCPHASE(Convergence);
</del><span class="cx"> m_slotVisitor.drainFromShared(SlotVisitor::MasterDrain);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void Heap::visitWeakHandles(HeapRootVisitor& visitor)
</span><span class="cx"> {
</span><del>- GCPHASE(VisitingLiveWeakHandles);
</del><ins>+ TimingScope timingScope(*this, "Heap::visitWeakHandles");
</ins><span class="cx"> while (true) {
</span><del>- m_objectSpace.visitWeakSets(visitor);
</del><ins>+ {
+ TimingScope timingScope(*this, "m_objectSpace.visitWeakSets");
+ m_objectSpace.visitWeakSets(visitor);
+ }
</ins><span class="cx"> harvestWeakReferences();
</span><span class="cx"> visitCompilerWorklistWeakReferences();
</span><span class="cx"> if (m_slotVisitor.isEmpty())
</span><span class="lines">@@ -892,8 +816,6 @@
</span><span class="cx">
</span><span class="cx"> void Heap::updateObjectCounts(double gcStartTime)
</span><span class="cx"> {
</span><del>- GCCOUNTER(VisitedValueCount, m_slotVisitor.visitCount() + threadVisitCount());
-
</del><span class="cx"> if (Options::logGC() == GCLogging::Verbose) {
</span><span class="cx"> size_t visitCount = m_slotVisitor.visitCount();
</span><span class="cx"> visitCount += threadVisitCount();
</span><span class="lines">@@ -1033,7 +955,6 @@
</span><span class="cx">
</span><span class="cx"> void Heap::clearUnmarkedExecutables()
</span><span class="cx"> {
</span><del>- GCPHASE(ClearUnmarkedExecutables);
</del><span class="cx"> for (unsigned i = m_executables.size(); i--;) {
</span><span class="cx"> ExecutableBase* current = m_executables[i];
</span><span class="cx"> if (isMarked(current))
</span><span class="lines">@@ -1051,10 +972,9 @@
</span><span class="cx">
</span><span class="cx"> void Heap::deleteUnmarkedCompiledCode()
</span><span class="cx"> {
</span><del>- GCPHASE(DeleteCodeBlocks);
</del><span class="cx"> clearUnmarkedExecutables();
</span><del>- m_codeBlocks.deleteUnmarkedAndUnreferenced(m_operationInProgress);
- m_jitStubRoutines.deleteUnmarkedJettisonedStubRoutines();
</del><ins>+ m_codeBlocks->deleteUnmarkedAndUnreferenced(m_operationInProgress);
+ m_jitStubRoutines->deleteUnmarkedJettisonedStubRoutines();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void Heap::addToRememberedSet(const JSCell* cell)
</span><span class="lines">@@ -1073,10 +993,11 @@
</span><span class="cx">
</span><span class="cx"> void Heap::collectAllGarbage()
</span><span class="cx"> {
</span><ins>+ SuperSamplerScope superSamplerScope(false);
</ins><span class="cx"> if (!m_isSafeToCollect)
</span><span class="cx"> return;
</span><span class="cx">
</span><del>- collect(FullCollection);
</del><ins>+ collectWithoutAnySweep(FullCollection);
</ins><span class="cx">
</span><span class="cx"> DeferGCForAWhile deferGC(*this);
</span><span class="cx"> if (UNLIKELY(Options::useImmortalObjects()))
</span><span class="lines">@@ -1090,8 +1011,17 @@
</span><span class="cx"> sweepAllLogicallyEmptyWeakBlocks();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-NEVER_INLINE void Heap::collect(HeapOperation collectionType)
</del><ins>+void Heap::collect(HeapOperation collectionType)
</ins><span class="cx"> {
</span><ins>+ SuperSamplerScope superSamplerScope(false);
+ if (!m_isSafeToCollect)
+ return;
+
+ collectWithoutAnySweep(collectionType);
+}
+
+NEVER_INLINE void Heap::collectWithoutAnySweep(HeapOperation collectionType)
+{
</ins><span class="cx"> void* stackTop;
</span><span class="cx"> ALLOCATE_AND_GET_REGISTER_STATE(registers);
</span><span class="cx">
</span><span class="lines">@@ -1102,6 +1032,9 @@
</span><span class="cx">
</span><span class="cx"> NEVER_INLINE void Heap::collectImpl(HeapOperation collectionType, void* stackOrigin, void* stackTop, MachineThreads::RegisterState& calleeSavedRegisters)
</span><span class="cx"> {
</span><ins>+ SuperSamplerScope superSamplerScope(false);
+ TimingScope collectImplTimingScope(collectionType, "Heap::collectImpl");
+
</ins><span class="cx"> #if ENABLE(ALLOCATION_LOGGING)
</span><span class="cx"> dataLogF("JSC GC starting collection.\n");
</span><span class="cx"> #endif
</span><span class="lines">@@ -1112,45 +1045,55 @@
</span><span class="cx"> before = currentTimeMS();
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (vm()->typeProfiler()) {
- DeferGCForAWhile awhile(*this);
- vm()->typeProfilerLog()->processLogEntries(ASCIILiteral("GC"));
- }
</del><ins>+ double gcStartTime;
+ {
+ TimingScope earlyTimingScope(collectionType, "Heap::collectImpl before markRoots");
</ins><span class="cx">
</span><ins>+ if (vm()->typeProfiler()) {
+ DeferGCForAWhile awhile(*this);
+ vm()->typeProfilerLog()->processLogEntries(ASCIILiteral("GC"));
+ }
+
</ins><span class="cx"> #if ENABLE(JIT)
</span><del>- {
- DeferGCForAWhile awhile(*this);
- JITWorklist::instance()->completeAllForVM(*m_vm);
- }
</del><ins>+ {
+ DeferGCForAWhile awhile(*this);
+ JITWorklist::instance()->completeAllForVM(*m_vm);
+ }
</ins><span class="cx"> #endif // ENABLE(JIT)
</span><span class="cx">
</span><del>- vm()->shadowChicken().update(*vm(), vm()->topCallFrame);
</del><ins>+ vm()->shadowChicken().update(*vm(), vm()->topCallFrame);
</ins><span class="cx">
</span><del>- RELEASE_ASSERT(!m_deferralDepth);
- ASSERT(vm()->currentThreadIsHoldingAPILock());
- RELEASE_ASSERT(vm()->atomicStringTable() == wtfThreadData().atomicStringTable());
- ASSERT(m_isSafeToCollect);
- RELEASE_ASSERT(m_operationInProgress == NoOperation);
</del><ins>+ RELEASE_ASSERT(!m_deferralDepth);
+ ASSERT(vm()->currentThreadIsHoldingAPILock());
+ RELEASE_ASSERT(vm()->atomicStringTable() == wtfThreadData().atomicStringTable());
+ ASSERT(m_isSafeToCollect);
+ RELEASE_ASSERT(m_operationInProgress == NoOperation);
</ins><span class="cx">
</span><del>- suspendCompilerThreads();
- willStartCollection(collectionType);
- GCPHASE(Collect);
</del><ins>+ suspendCompilerThreads();
+ willStartCollection(collectionType);
+
+ collectImplTimingScope.setOperation(*this);
+ earlyTimingScope.setOperation(*this);
</ins><span class="cx">
</span><del>- double gcStartTime = WTF::monotonicallyIncreasingTime();
- if (m_verifier) {
- // Verify that live objects from the last GC cycle haven't been corrupted by
- // mutators before we begin this new GC cycle.
- m_verifier->verify(HeapVerifier::Phase::BeforeGC);
</del><ins>+ gcStartTime = WTF::monotonicallyIncreasingTime();
+ if (m_verifier) {
+ // Verify that live objects from the last GC cycle haven't been corrupted by
+ // mutators before we begin this new GC cycle.
+ m_verifier->verify(HeapVerifier::Phase::BeforeGC);
</ins><span class="cx">
</span><del>- m_verifier->initializeGCCycle();
- m_verifier->gatherLiveObjects(HeapVerifier::Phase::BeforeMarking);
</del><ins>+ m_verifier->initializeGCCycle();
+ m_verifier->gatherLiveObjects(HeapVerifier::Phase::BeforeMarking);
+ }
+
+ flushOldStructureIDTables();
+ stopAllocation();
+ prepareForMarking();
+ flushWriteBarrierBuffer();
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- flushOldStructureIDTables();
- stopAllocation();
- flushWriteBarrierBuffer();
-
</del><span class="cx"> markRoots(gcStartTime, stackOrigin, stackTop, calleeSavedRegisters);
</span><ins>+
+ TimingScope lateTimingScope(*this, "Heap::collectImpl after markRoots");
</ins><span class="cx">
</span><span class="cx"> if (m_verifier) {
</span><span class="cx"> m_verifier->gatherLiveObjects(HeapVerifier::Phase::AfterMarking);
</span><span class="lines">@@ -1164,9 +1107,7 @@
</span><span class="cx"> pruneStaleEntriesFromWeakGCMaps();
</span><span class="cx"> sweepArrayBuffers();
</span><span class="cx"> snapshotMarkedSpace();
</span><del>-
</del><span class="cx"> copyBackingStores();
</span><del>-
</del><span class="cx"> finalizeUnconditionalFinalizers();
</span><span class="cx"> removeDeadCompilerWorklistEntries();
</span><span class="cx"> deleteUnmarkedCompiledCode();
</span><span class="lines">@@ -1179,7 +1120,8 @@
</span><span class="cx"> updateAllocationLimits();
</span><span class="cx"> didFinishCollection(gcStartTime);
</span><span class="cx"> resumeCompilerThreads();
</span><del>-
</del><ins>+ sweepLargeAllocations();
+
</ins><span class="cx"> if (m_verifier) {
</span><span class="cx"> m_verifier->trimDeadObjects();
</span><span class="cx"> m_verifier->verify(HeapVerifier::Phase::AfterGC);
</span><span class="lines">@@ -1191,10 +1133,14 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void Heap::sweepLargeAllocations()
+{
+ m_objectSpace.sweepLargeAllocations();
+}
+
</ins><span class="cx"> void Heap::suspendCompilerThreads()
</span><span class="cx"> {
</span><span class="cx"> #if ENABLE(DFG_JIT)
</span><del>- GCPHASE(SuspendCompilerThreads);
</del><span class="cx"> ASSERT(m_suspendedCompilerWorklists.isEmpty());
</span><span class="cx"> for (unsigned i = DFG::numberOfWorklists(); i--;) {
</span><span class="cx"> if (DFG::Worklist* worklist = DFG::worklistForIndexOrNull(i)) {
</span><span class="lines">@@ -1207,8 +1153,6 @@
</span><span class="cx">
</span><span class="cx"> void Heap::willStartCollection(HeapOperation collectionType)
</span><span class="cx"> {
</span><del>- GCPHASE(StartingCollection);
-
</del><span class="cx"> if (Options::logGC())
</span><span class="cx"> dataLog("=> ");
</span><span class="cx">
</span><span class="lines">@@ -1246,13 +1190,11 @@
</span><span class="cx">
</span><span class="cx"> void Heap::flushOldStructureIDTables()
</span><span class="cx"> {
</span><del>- GCPHASE(FlushOldStructureIDTables);
</del><span class="cx"> m_structureIDTable.flushOldTables();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void Heap::flushWriteBarrierBuffer()
</span><span class="cx"> {
</span><del>- GCPHASE(FlushWriteBarrierBuffer);
</del><span class="cx"> if (m_operationInProgress == EdenCollection) {
</span><span class="cx"> m_writeBarrierBuffer.flush(*this);
</span><span class="cx"> return;
</span><span class="lines">@@ -1262,21 +1204,23 @@
</span><span class="cx">
</span><span class="cx"> void Heap::stopAllocation()
</span><span class="cx"> {
</span><del>- GCPHASE(StopAllocation);
</del><span class="cx"> m_objectSpace.stopAllocating();
</span><span class="cx"> if (m_operationInProgress == FullCollection)
</span><span class="cx"> m_storageSpace.didStartFullCollection();
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void Heap::prepareForMarking()
+{
+ m_objectSpace.prepareForMarking();
+}
+
</ins><span class="cx"> void Heap::reapWeakHandles()
</span><span class="cx"> {
</span><del>- GCPHASE(ReapingWeakHandles);
</del><span class="cx"> m_objectSpace.reapWeakSets();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void Heap::pruneStaleEntriesFromWeakGCMaps()
</span><span class="cx"> {
</span><del>- GCPHASE(PruningStaleEntriesFromWeakGCMaps);
</del><span class="cx"> if (m_operationInProgress != FullCollection)
</span><span class="cx"> return;
</span><span class="cx"> for (auto& pruneCallback : m_weakGCMaps.values())
</span><span class="lines">@@ -1285,34 +1229,42 @@
</span><span class="cx">
</span><span class="cx"> void Heap::sweepArrayBuffers()
</span><span class="cx"> {
</span><del>- GCPHASE(SweepingArrayBuffers);
</del><span class="cx"> m_arrayBuffers.sweep();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> struct MarkedBlockSnapshotFunctor : public MarkedBlock::VoidFunctor {
</span><del>- MarkedBlockSnapshotFunctor(Vector<MarkedBlock*>& blocks)
</del><ins>+ MarkedBlockSnapshotFunctor(Vector<MarkedBlock::Handle*>& blocks)
</ins><span class="cx"> : m_index(0)
</span><span class="cx"> , m_blocks(blocks)
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><del>- void operator()(MarkedBlock* block) const { m_blocks[m_index++] = block; }
</del><ins>+ void operator()(MarkedBlock::Handle* block) const
+ {
+ block->setIsOnBlocksToSweep(true);
+ m_blocks[m_index++] = block;
+ }
</ins><span class="cx">
</span><span class="cx"> // FIXME: This is a mutable field becaue this isn't a C++ lambda.
</span><span class="cx"> // https://bugs.webkit.org/show_bug.cgi?id=159644
</span><span class="cx"> mutable size_t m_index;
</span><del>- Vector<MarkedBlock*>& m_blocks;
</del><ins>+ Vector<MarkedBlock::Handle*>& m_blocks;
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> void Heap::snapshotMarkedSpace()
</span><span class="cx"> {
</span><del>- GCPHASE(SnapshotMarkedSpace);
-
</del><ins>+ TimingScope timingScope(*this, "Heap::snapshotMarkedSpace");
+ // FIXME: This should probably be renamed. It's not actually snapshotting all of MarkedSpace.
+ // This is used by IncrementalSweeper, so it only needs to snapshot blocks. However, if we ever
+ // wanted to add other snapshotting login, we'd probably put it here.
+
</ins><span class="cx"> if (m_operationInProgress == EdenCollection) {
</span><del>- m_blockSnapshot.appendVector(m_objectSpace.blocksWithNewObjects());
- // Sort and deduplicate the block snapshot since we might be appending to an unfinished work list.
- std::sort(m_blockSnapshot.begin(), m_blockSnapshot.end());
- m_blockSnapshot.shrink(std::unique(m_blockSnapshot.begin(), m_blockSnapshot.end()) - m_blockSnapshot.begin());
</del><ins>+ for (MarkedBlock::Handle* handle : m_objectSpace.blocksWithNewObjects()) {
+ if (handle->isOnBlocksToSweep())
+ continue;
+ m_blockSnapshot.append(handle);
+ handle->setIsOnBlocksToSweep(true);
+ }
</ins><span class="cx"> } else {
</span><span class="cx"> m_blockSnapshot.resizeToFit(m_objectSpace.blocks().set().size());
</span><span class="cx"> MarkedBlockSnapshotFunctor functor(m_blockSnapshot);
</span><span class="lines">@@ -1322,14 +1274,11 @@
</span><span class="cx">
</span><span class="cx"> void Heap::deleteSourceProviderCaches()
</span><span class="cx"> {
</span><del>- GCPHASE(DeleteSourceProviderCaches);
</del><span class="cx"> m_vm->clearSourceProviderCaches();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void Heap::notifyIncrementalSweeper()
</span><span class="cx"> {
</span><del>- GCPHASE(NotifyIncrementalSweeper);
-
</del><span class="cx"> if (m_operationInProgress == FullCollection) {
</span><span class="cx"> if (!m_logicallyEmptyWeakBlocks.isEmpty())
</span><span class="cx"> m_indexOfNextLogicallyEmptyWeakBlockToSweep = 0;
</span><span class="lines">@@ -1340,20 +1289,23 @@
</span><span class="cx">
</span><span class="cx"> void Heap::writeBarrierCurrentlyExecutingCodeBlocks()
</span><span class="cx"> {
</span><del>- GCPHASE(WriteBarrierCurrentlyExecutingCodeBlocks);
- m_codeBlocks.writeBarrierCurrentlyExecutingCodeBlocks(this);
</del><ins>+ m_codeBlocks->writeBarrierCurrentlyExecutingCodeBlocks(this);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void Heap::resetAllocators()
</span><span class="cx"> {
</span><del>- GCPHASE(ResetAllocators);
</del><span class="cx"> m_objectSpace.resetAllocators();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void Heap::updateAllocationLimits()
</span><span class="cx"> {
</span><del>- GCPHASE(UpdateAllocationLimits);
</del><ins>+ static const bool verbose = false;
</ins><span class="cx">
</span><ins>+ if (verbose) {
+ dataLog("\n");
+ dataLog("bytesAllocatedThisCycle = ", m_bytesAllocatedThisCycle, "\n");
+ }
+
</ins><span class="cx"> // Calculate our current heap size threshold for the purpose of figuring out when we should
</span><span class="cx"> // run another collection. This isn't the same as either size() or capacity(), though it should
</span><span class="cx"> // be somewhere between the two. The key is to match the size calculations involved calls to
</span><span class="lines">@@ -1369,6 +1321,8 @@
</span><span class="cx"> // of fragmentation, this may be substantial. Fortunately, marked space rarely fragments because
</span><span class="cx"> // cells usually have a narrow range of sizes. So, the underestimation is probably OK.
</span><span class="cx"> currentHeapSize += m_totalBytesVisited;
</span><ins>+ if (verbose)
+ dataLog("totalBytesVisited = ", m_totalBytesVisited, ", currentHeapSize = ", currentHeapSize, "\n");
</ins><span class="cx">
</span><span class="cx"> // For copied space, we use the capacity of storage space. This is because copied space may get
</span><span class="cx"> // badly fragmented between full collections. This arises when each eden collection evacuates
</span><span class="lines">@@ -1384,10 +1338,15 @@
</span><span class="cx"> // https://bugs.webkit.org/show_bug.cgi?id=150268
</span><span class="cx"> ASSERT(m_totalBytesCopied <= m_storageSpace.size());
</span><span class="cx"> currentHeapSize += m_storageSpace.capacity();
</span><ins>+ if (verbose)
+ dataLog("storageSpace.capacity() = ", m_storageSpace.capacity(), ", currentHeapSize = ", currentHeapSize, "\n");
</ins><span class="cx">
</span><span class="cx"> // It's up to the user to ensure that extraMemorySize() ends up corresponding to allocation-time
</span><span class="cx"> // extra memory reporting.
</span><span class="cx"> currentHeapSize += extraMemorySize();
</span><ins>+
+ if (verbose)
+ dataLog("extraMemorySize() = ", extraMemorySize(), ", currentHeapSize = ", currentHeapSize, "\n");
</ins><span class="cx">
</span><span class="cx"> if (Options::gcMaxHeapSize() && currentHeapSize > Options::gcMaxHeapSize())
</span><span class="cx"> HeapStatistics::exitWithFailure();
</span><span class="lines">@@ -1397,29 +1356,38 @@
</span><span class="cx"> // the new allocation limit based on the current size of the heap, with a
</span><span class="cx"> // fixed minimum.
</span><span class="cx"> m_maxHeapSize = max(minHeapSize(m_heapType, m_ramSize), proportionalHeapSize(currentHeapSize, m_ramSize));
</span><ins>+ if (verbose)
+ dataLog("Full: maxHeapSize = ", m_maxHeapSize, "\n");
</ins><span class="cx"> m_maxEdenSize = m_maxHeapSize - currentHeapSize;
</span><ins>+ if (verbose)
+ dataLog("Full: maxEdenSize = ", m_maxEdenSize, "\n");
</ins><span class="cx"> m_sizeAfterLastFullCollect = currentHeapSize;
</span><ins>+ if (verbose)
+ dataLog("Full: sizeAfterLastFullCollect = ", currentHeapSize, "\n");
</ins><span class="cx"> m_bytesAbandonedSinceLastFullCollect = 0;
</span><ins>+ if (verbose)
+ dataLog("Full: bytesAbandonedSinceLastFullCollect = ", 0, "\n");
</ins><span class="cx"> } else {
</span><del>- static const bool verbose = false;
-
</del><span class="cx"> ASSERT(currentHeapSize >= m_sizeAfterLastCollect);
</span><del>- m_maxEdenSize = m_maxHeapSize - currentHeapSize;
</del><ins>+ // Theoretically, we shouldn't ever scan more memory than the heap size we planned to have.
+ // But we are sloppy, so we have to defend against the overflow.
+ m_maxEdenSize = currentHeapSize > m_maxHeapSize ? 0 : m_maxHeapSize - currentHeapSize;
+ if (verbose)
+ dataLog("Eden: maxEdenSize = ", m_maxEdenSize, "\n");
</ins><span class="cx"> m_sizeAfterLastEdenCollect = currentHeapSize;
</span><del>- if (verbose) {
- dataLog("Max heap size: ", m_maxHeapSize, "\n");
- dataLog("Current heap size: ", currentHeapSize, "\n");
- dataLog("Size after last eden collection: ", m_sizeAfterLastEdenCollect, "\n");
- }
</del><ins>+ if (verbose)
+ dataLog("Eden: sizeAfterLastEdenCollect = ", currentHeapSize, "\n");
</ins><span class="cx"> double edenToOldGenerationRatio = (double)m_maxEdenSize / (double)m_maxHeapSize;
</span><del>- if (verbose)
- dataLog("Eden to old generation ratio: ", edenToOldGenerationRatio, "\n");
</del><span class="cx"> double minEdenToOldGenerationRatio = 1.0 / 3.0;
</span><span class="cx"> if (edenToOldGenerationRatio < minEdenToOldGenerationRatio)
</span><span class="cx"> m_shouldDoFullCollection = true;
</span><span class="cx"> // This seems suspect at first, but what it does is ensure that the nursery size is fixed.
</span><span class="cx"> m_maxHeapSize += currentHeapSize - m_sizeAfterLastCollect;
</span><ins>+ if (verbose)
+ dataLog("Eden: maxHeapSize = ", m_maxHeapSize, "\n");
</ins><span class="cx"> m_maxEdenSize = m_maxHeapSize - currentHeapSize;
</span><ins>+ if (verbose)
+ dataLog("Eden: maxEdenSize = ", m_maxEdenSize, "\n");
</ins><span class="cx"> if (m_fullActivityCallback) {
</span><span class="cx"> ASSERT(currentHeapSize >= m_sizeAfterLastFullCollect);
</span><span class="cx"> m_fullActivityCallback->didAllocate(currentHeapSize - m_sizeAfterLastFullCollect);
</span><span class="lines">@@ -1427,6 +1395,8 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> m_sizeAfterLastCollect = currentHeapSize;
</span><ins>+ if (verbose)
+ dataLog("sizeAfterLastCollect = ", m_sizeAfterLastCollect, "\n");
</ins><span class="cx"> m_bytesAllocatedThisCycle = 0;
</span><span class="cx">
</span><span class="cx"> if (Options::logGC())
</span><span class="lines">@@ -1435,7 +1405,6 @@
</span><span class="cx">
</span><span class="cx"> void Heap::didFinishCollection(double gcStartTime)
</span><span class="cx"> {
</span><del>- GCPHASE(FinishingCollection);
</del><span class="cx"> double gcEndTime = WTF::monotonicallyIncreasingTime();
</span><span class="cx"> HeapOperation operation = m_operationInProgress;
</span><span class="cx"> if (m_operationInProgress == FullCollection)
</span><span class="lines">@@ -1471,7 +1440,6 @@
</span><span class="cx"> void Heap::resumeCompilerThreads()
</span><span class="cx"> {
</span><span class="cx"> #if ENABLE(DFG_JIT)
</span><del>- GCPHASE(ResumeCompilerThreads);
</del><span class="cx"> for (auto worklist : m_suspendedCompilerWorklists)
</span><span class="cx"> worklist->resumeAllThreads();
</span><span class="cx"> m_suspendedCompilerWorklists.clear();
</span><span class="lines">@@ -1580,7 +1548,7 @@
</span><span class="cx"> if (cell->isZapped())
</span><span class="cx"> current++;
</span><span class="cx">
</span><del>- void* limit = static_cast<void*>(reinterpret_cast<char*>(cell) + MarkedBlock::blockFor(cell)->cellSize());
</del><ins>+ void* limit = static_cast<void*>(reinterpret_cast<char*>(cell) + cell->cellSize());
</ins><span class="cx"> for (; current < limit; current++)
</span><span class="cx"> *current = zombifiedBits;
</span><span class="cx"> }
</span><span class="lines">@@ -1686,4 +1654,12 @@
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void Heap::forEachCodeBlockImpl(const ScopedLambda<bool(CodeBlock*)>& func)
+{
+ // We don't know the full set of CodeBlocks until compilation has terminated.
+ completeAllJITPlans();
+
+ return m_codeBlocks->iterate(func);
+}
+
</ins><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapHeaph"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/Heap.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/Heap.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/Heap.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -23,7 +23,6 @@
</span><span class="cx"> #define Heap_h
</span><span class="cx">
</span><span class="cx"> #include "ArrayBuffer.h"
</span><del>-#include "CodeBlockSet.h"
</del><span class="cx"> #include "CopyVisitor.h"
</span><span class="cx"> #include "GCIncomingRefCountedSet.h"
</span><span class="cx"> #include "HandleSet.h"
</span><span class="lines">@@ -30,7 +29,6 @@
</span><span class="cx"> #include "HandleStack.h"
</span><span class="cx"> #include "HeapObserver.h"
</span><span class="cx"> #include "HeapOperation.h"
</span><del>-#include "JITStubRoutineSet.h"
</del><span class="cx"> #include "ListableHandler.h"
</span><span class="cx"> #include "MachineStackMarker.h"
</span><span class="cx"> #include "MarkedAllocator.h"
</span><span class="lines">@@ -53,6 +51,7 @@
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="cx"> class CodeBlock;
</span><ins>+class CodeBlockSet;
</ins><span class="cx"> class CopiedSpace;
</span><span class="cx"> class EdenGCActivityCallback;
</span><span class="cx"> class ExecutableBase;
</span><span class="lines">@@ -65,6 +64,7 @@
</span><span class="cx"> class HeapVerifier;
</span><span class="cx"> class IncrementalSweeper;
</span><span class="cx"> class JITStubRoutine;
</span><ins>+class JITStubRoutineSet;
</ins><span class="cx"> class JSCell;
</span><span class="cx"> class JSValue;
</span><span class="cx"> class LLIntOffsetsExtractor;
</span><span class="lines">@@ -83,6 +83,8 @@
</span><span class="cx">
</span><span class="cx"> enum HeapType { SmallHeap, LargeHeap };
</span><span class="cx">
</span><ins>+class HeapUtil;
+
</ins><span class="cx"> class Heap {
</span><span class="cx"> WTF_MAKE_NONCOPYABLE(Heap);
</span><span class="cx"> public:
</span><span class="lines">@@ -89,7 +91,7 @@
</span><span class="cx"> friend class JIT;
</span><span class="cx"> friend class DFG::SpeculativeJIT;
</span><span class="cx"> static Heap* heap(const JSValue); // 0 for immediate values
</span><del>- static Heap* heap(const JSCell*);
</del><ins>+ static Heap* heap(const HeapCell*);
</ins><span class="cx">
</span><span class="cx"> // This constant determines how many blocks we iterate between checks of our
</span><span class="cx"> // deadline when calling Heap::isPagedOut. Decreasing it will cause us to detect
</span><span class="lines">@@ -99,14 +101,11 @@
</span><span class="cx">
</span><span class="cx"> static bool isLive(const void*);
</span><span class="cx"> static bool isMarked(const void*);
</span><del>- static bool testAndSetMarked(const void*);
</del><ins>+ static bool testAndSetMarked(int64_t, const void*);
</ins><span class="cx"> static void setMarked(const void*);
</span><ins>+
+ static size_t cellSize(const void*);
</ins><span class="cx">
</span><del>- // This function must be run after stopAllocation() is called and
- // before liveness data is cleared to be accurate.
- static bool isPointerGCObject(TinyBloomFilter, MarkedBlockSet&, void* pointer);
- static bool isValueGCObject(TinyBloomFilter, MarkedBlockSet&, JSValue);
-
</del><span class="cx"> void writeBarrier(const JSCell*);
</span><span class="cx"> void writeBarrier(const JSCell*, JSValue);
</span><span class="cx"> void writeBarrier(const JSCell*, JSCell*);
</span><span class="lines">@@ -147,10 +146,14 @@
</span><span class="cx"> MarkedSpace::Subspace& subspaceForObjectDestructor() { return m_objectSpace.subspaceForObjectsWithDestructor(); }
</span><span class="cx"> MarkedSpace::Subspace& subspaceForAuxiliaryData() { return m_objectSpace.subspaceForAuxiliaryData(); }
</span><span class="cx"> template<typename ClassType> MarkedSpace::Subspace& subspaceForObjectOfType();
</span><del>- MarkedAllocator& allocatorForObjectWithoutDestructor(size_t bytes) { return m_objectSpace.allocatorFor(bytes); }
- MarkedAllocator& allocatorForObjectWithDestructor(size_t bytes) { return m_objectSpace.destructorAllocatorFor(bytes); }
- template<typename ClassType> MarkedAllocator& allocatorForObjectOfType(size_t bytes);
</del><ins>+ MarkedAllocator* allocatorForObjectWithoutDestructor(size_t bytes) { return m_objectSpace.allocatorFor(bytes); }
+ MarkedAllocator* allocatorForObjectWithDestructor(size_t bytes) { return m_objectSpace.destructorAllocatorFor(bytes); }
+ template<typename ClassType> MarkedAllocator* allocatorForObjectOfType(size_t bytes);
+ MarkedAllocator* allocatorForAuxiliaryData(size_t bytes) { return m_objectSpace.auxiliaryAllocatorFor(bytes); }
</ins><span class="cx"> CopiedAllocator& storageAllocator() { return m_storageSpace.allocator(); }
</span><ins>+ void* allocateAuxiliary(JSCell* intendedOwner, size_t);
+ void* tryAllocateAuxiliary(JSCell* intendedOwner, size_t);
+ void* tryReallocateAuxiliary(JSCell* intendedOwner, void* oldBase, size_t oldSize, size_t newSize);
</ins><span class="cx"> CheckedBoolean tryAllocateStorage(JSCell* intendedOwner, size_t, void**);
</span><span class="cx"> CheckedBoolean tryReallocateStorage(JSCell* intendedOwner, void**, size_t, size_t);
</span><span class="cx"> void ascribeOwner(JSCell* intendedOwner, void*);
</span><span class="lines">@@ -230,7 +233,7 @@
</span><span class="cx"> void didAllocate(size_t);
</span><span class="cx"> bool isPagedOut(double deadline);
</span><span class="cx">
</span><del>- const JITStubRoutineSet& jitStubRoutines() { return m_jitStubRoutines; }
</del><ins>+ const JITStubRoutineSet& jitStubRoutines() { return *m_jitStubRoutines; }
</ins><span class="cx">
</span><span class="cx"> void addReference(JSCell*, ArrayBuffer*);
</span><span class="cx">
</span><span class="lines">@@ -238,7 +241,7 @@
</span><span class="cx">
</span><span class="cx"> StructureIDTable& structureIDTable() { return m_structureIDTable; }
</span><span class="cx">
</span><del>- CodeBlockSet& codeBlockSet() { return m_codeBlocks; }
</del><ins>+ CodeBlockSet& codeBlockSet() { return *m_codeBlocks; }
</ins><span class="cx">
</span><span class="cx"> #if USE(FOUNDATION)
</span><span class="cx"> template<typename T> void releaseSoon(RetainPtr<T>&&);
</span><span class="lines">@@ -267,6 +270,7 @@
</span><span class="cx"> friend class GCLogging;
</span><span class="cx"> friend class GCThread;
</span><span class="cx"> friend class HandleSet;
</span><ins>+ friend class HeapUtil;
</ins><span class="cx"> friend class HeapVerifier;
</span><span class="cx"> friend class JITStubRoutine;
</span><span class="cx"> friend class LLIntOffsetsExtractor;
</span><span class="lines">@@ -283,6 +287,8 @@
</span><span class="cx"> template<typename T> friend void* allocateCell(Heap&);
</span><span class="cx"> template<typename T> friend void* allocateCell(Heap&, size_t);
</span><span class="cx">
</span><ins>+ void collectWithoutAnySweep(HeapOperation collectionType = AnyCollection);
+
</ins><span class="cx"> void* allocateWithDestructor(size_t); // For use with objects with destructors.
</span><span class="cx"> void* allocateWithoutDestructor(size_t); // For use with objects without destructors.
</span><span class="cx"> template<typename ClassType> void* allocateObjectOfType(size_t); // Chooses one of the methods above based on type.
</span><span class="lines">@@ -304,6 +310,7 @@
</span><span class="cx"> void flushOldStructureIDTables();
</span><span class="cx"> void flushWriteBarrierBuffer();
</span><span class="cx"> void stopAllocation();
</span><ins>+ void prepareForMarking();
</ins><span class="cx">
</span><span class="cx"> void markRoots(double gcStartTime, void* stackOrigin, void* stackTop, MachineThreads::RegisterState&);
</span><span class="cx"> void gatherStackRoots(ConservativeRoots&, void* stackOrigin, void* stackTop, MachineThreads::RegisterState&);
</span><span class="lines">@@ -348,7 +355,8 @@
</span><span class="cx"> void zombifyDeadObjects();
</span><span class="cx"> void gatherExtraHeapSnapshotData(HeapProfiler&);
</span><span class="cx"> void removeDeadHeapSnapshotNodes(HeapProfiler&);
</span><del>-
</del><ins>+ void sweepLargeAllocations();
+
</ins><span class="cx"> void sweepAllLogicallyEmptyWeakBlocks();
</span><span class="cx"> bool sweepNextLogicallyEmptyWeakBlock();
</span><span class="cx">
</span><span class="lines">@@ -361,6 +369,8 @@
</span><span class="cx"> size_t threadVisitCount();
</span><span class="cx"> size_t threadBytesVisited();
</span><span class="cx"> size_t threadBytesCopied();
</span><ins>+
+ void forEachCodeBlockImpl(const ScopedLambda<bool(CodeBlock*)>&);
</ins><span class="cx">
</span><span class="cx"> const HeapType m_heapType;
</span><span class="cx"> const size_t m_ramSize;
</span><span class="lines">@@ -408,8 +418,8 @@
</span><span class="cx">
</span><span class="cx"> HandleSet m_handleSet;
</span><span class="cx"> HandleStack m_handleStack;
</span><del>- CodeBlockSet m_codeBlocks;
- JITStubRoutineSet m_jitStubRoutines;
</del><ins>+ std::unique_ptr<CodeBlockSet> m_codeBlocks;
+ std::unique_ptr<JITStubRoutineSet> m_jitStubRoutines;
</ins><span class="cx"> FinalizerOwner m_finalizerOwner;
</span><span class="cx">
</span><span class="cx"> bool m_isSafeToCollect;
</span><span class="lines">@@ -428,7 +438,7 @@
</span><span class="cx"> RefPtr<FullGCActivityCallback> m_fullActivityCallback;
</span><span class="cx"> RefPtr<GCActivityCallback> m_edenActivityCallback;
</span><span class="cx"> std::unique_ptr<IncrementalSweeper> m_sweeper;
</span><del>- Vector<MarkedBlock*> m_blockSnapshot;
</del><ins>+ Vector<MarkedBlock::Handle*> m_blockSnapshot;
</ins><span class="cx">
</span><span class="cx"> Vector<HeapObserver*> m_observers;
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapHeapCellh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapCell.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapCell.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapCell.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -25,8 +25,17 @@
</span><span class="cx">
</span><span class="cx"> #pragma once
</span><span class="cx">
</span><ins>+#include "DestructionMode.h"
+
</ins><span class="cx"> namespace JSC {
</span><span class="cx">
</span><ins>+class CellContainer;
+class Heap;
+class LargeAllocation;
+class MarkedBlock;
+class VM;
+struct AllocatorAttributes;
+
</ins><span class="cx"> class HeapCell {
</span><span class="cx"> public:
</span><span class="cx"> enum Kind : int8_t {
</span><span class="lines">@@ -38,6 +47,25 @@
</span><span class="cx">
</span><span class="cx"> void zap() { *reinterpret_cast<uintptr_t**>(this) = 0; }
</span><span class="cx"> bool isZapped() const { return !*reinterpret_cast<uintptr_t* const*>(this); }
</span><ins>+
+ bool isLargeAllocation() const;
+ CellContainer cellContainer() const;
+ MarkedBlock& markedBlock() const;
+ LargeAllocation& largeAllocation() const;
+
+ // If you want performance and you know that your cell is small, you can do this instead:
+ // ASSERT(!cell->isLargeAllocation());
+ // cell->markedBlock().vm()
+ // We currently only use this hack for callees to make ExecState::vm() fast. It's not
+ // recommended to use it for too many other things, since the large allocation cutoff is
+ // a runtime option and its default value is small (400 bytes).
+ Heap* heap() const;
+ VM* vm() const;
+
+ size_t cellSize() const;
+ AllocatorAttributes allocatorAttributes() const;
+ DestructionMode destructionMode() const;
+ Kind cellKind() const;
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapHeapCellInlinesh"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapCellInlines.h (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapCellInlines.h (rev 0)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapCellInlines.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,94 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "CellContainer.h"
+#include "HeapCell.h"
+#include "LargeAllocation.h"
+#include "MarkedBlock.h"
+
+namespace JSC {
+
+ALWAYS_INLINE bool HeapCell::isLargeAllocation() const
+{
+ return LargeAllocation::isLargeAllocation(const_cast<HeapCell*>(this));
+}
+
+ALWAYS_INLINE CellContainer HeapCell::cellContainer() const
+{
+ if (isLargeAllocation())
+ return largeAllocation();
+ return markedBlock();
+}
+
+ALWAYS_INLINE MarkedBlock& HeapCell::markedBlock() const
+{
+ return *MarkedBlock::blockFor(this);
+}
+
+ALWAYS_INLINE LargeAllocation& HeapCell::largeAllocation() const
+{
+ return *LargeAllocation::fromCell(const_cast<HeapCell*>(this));
+}
+
+ALWAYS_INLINE Heap* HeapCell::heap() const
+{
+ return &vm()->heap;
+}
+
+ALWAYS_INLINE VM* HeapCell::vm() const
+{
+ if (isLargeAllocation())
+ return largeAllocation().vm();
+ return markedBlock().vm();
+}
+
+ALWAYS_INLINE size_t HeapCell::cellSize() const
+{
+ if (isLargeAllocation())
+ return largeAllocation().cellSize();
+ return markedBlock().cellSize();
+}
+
+ALWAYS_INLINE AllocatorAttributes HeapCell::allocatorAttributes() const
+{
+ if (isLargeAllocation())
+ return largeAllocation().attributes();
+ return markedBlock().attributes();
+}
+
+ALWAYS_INLINE DestructionMode HeapCell::destructionMode() const
+{
+ return allocatorAttributes().destruction;
+}
+
+ALWAYS_INLINE HeapCell::Kind HeapCell::cellKind() const
+{
+ return allocatorAttributes().cellKind;
+}
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapHeapInlinesh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapInlines.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapInlines.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapInlines.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,6 +28,9 @@
</span><span class="cx">
</span><span class="cx"> #include "CopyBarrier.h"
</span><span class="cx"> #include "Heap.h"
</span><ins>+#include "HeapCellInlines.h"
+#include "IndexingHeader.h"
+#include "JSCallee.h"
</ins><span class="cx"> #include "JSCell.h"
</span><span class="cx"> #include "Structure.h"
</span><span class="cx"> #include <type_traits>
</span><span class="lines">@@ -59,9 +62,9 @@
</span><span class="cx"> return m_operationInProgress == FullCollection || m_operationInProgress == EdenCollection;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline Heap* Heap::heap(const JSCell* cell)
</del><ins>+ALWAYS_INLINE Heap* Heap::heap(const HeapCell* cell)
</ins><span class="cx"> {
</span><del>- return MarkedBlock::blockFor(cell)->heap();
</del><ins>+ return cell->heap();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> inline Heap* Heap::heap(const JSValue v)
</span><span class="lines">@@ -71,26 +74,53 @@
</span><span class="cx"> return heap(v.asCell());
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline bool Heap::isLive(const void* cell)
</del><ins>+inline bool Heap::isLive(const void* rawCell)
</ins><span class="cx"> {
</span><del>- return MarkedBlock::blockFor(cell)->isLiveCell(cell);
</del><ins>+ HeapCell* cell = bitwise_cast<HeapCell*>(rawCell);
+ if (cell->isLargeAllocation())
+ return cell->largeAllocation().isLive();
+ MarkedBlock& block = cell->markedBlock();
+ block.flipIfNecessary(block.vm()->heap.objectSpace().version());
+ return block.handle().isLiveCell(cell);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-inline bool Heap::isMarked(const void* cell)
</del><ins>+ALWAYS_INLINE bool Heap::isMarked(const void* rawCell)
</ins><span class="cx"> {
</span><del>- return MarkedBlock::blockFor(cell)->isMarked(cell);
</del><ins>+ HeapCell* cell = bitwise_cast<HeapCell*>(rawCell);
+ if (cell->isLargeAllocation())
+ return cell->largeAllocation().isMarked();
+ MarkedBlock& block = cell->markedBlock();
+ block.flipIfNecessary(block.vm()->heap.objectSpace().version());
+ return block.isMarked(cell);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-inline bool Heap::testAndSetMarked(const void* cell)
</del><ins>+ALWAYS_INLINE bool Heap::testAndSetMarked(int64_t version, const void* rawCell)
</ins><span class="cx"> {
</span><del>- return MarkedBlock::blockFor(cell)->testAndSetMarked(cell);
</del><ins>+ HeapCell* cell = bitwise_cast<HeapCell*>(rawCell);
+ if (cell->isLargeAllocation())
+ return cell->largeAllocation().testAndSetMarked();
+ MarkedBlock& block = cell->markedBlock();
+ block.flipIfNecessaryConcurrently(version);
+ return block.testAndSetMarked(cell);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-inline void Heap::setMarked(const void* cell)
</del><ins>+inline void Heap::setMarked(const void* rawCell)
</ins><span class="cx"> {
</span><del>- MarkedBlock::blockFor(cell)->setMarked(cell);
</del><ins>+ HeapCell* cell = bitwise_cast<HeapCell*>(rawCell);
+ if (cell->isLargeAllocation()) {
+ cell->largeAllocation().setMarked();
+ return;
+ }
+ MarkedBlock& block = cell->markedBlock();
+ block.flipIfNecessary(block.vm()->heap.objectSpace().version());
+ block.setMarked(cell);
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+ALWAYS_INLINE size_t Heap::cellSize(const void* rawCell)
+{
+ return bitwise_cast<HeapCell*>(rawCell)->cellSize();
+}
+
</ins><span class="cx"> inline void Heap::writeBarrier(const JSCell* from, JSValue to)
</span><span class="cx"> {
</span><span class="cx"> #if ENABLE(WRITE_BARRIER_PROFILING)
</span><span class="lines">@@ -165,12 +195,9 @@
</span><span class="cx"> deprecatedReportExtraMemorySlowCase(size);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-template<typename Functor> inline void Heap::forEachCodeBlock(const Functor& functor)
</del><ins>+template<typename Functor> inline void Heap::forEachCodeBlock(const Functor& func)
</ins><span class="cx"> {
</span><del>- // We don't know the full set of CodeBlocks until compilation has terminated.
- completeAllJITPlans();
-
- return m_codeBlocks.iterate<Functor>(functor);
</del><ins>+ forEachCodeBlockImpl(scopedLambdaRef<bool(CodeBlock*)>(func));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename Functor> inline void Heap::forEachProtectedCell(const Functor& functor)
</span><span class="lines">@@ -199,7 +226,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename ClassType>
</span><del>-void* Heap::allocateObjectOfType(size_t bytes)
</del><ins>+inline void* Heap::allocateObjectOfType(size_t bytes)
</ins><span class="cx"> {
</span><span class="cx"> // JSCell::classInfo() expects objects allocated with normal destructor to derive from JSDestructibleObject.
</span><span class="cx"> ASSERT((!ClassType::needsDestruction || (ClassType::StructureFlags & StructureIsImmortal) || std::is_convertible<ClassType, JSDestructibleObject>::value));
</span><span class="lines">@@ -210,7 +237,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename ClassType>
</span><del>-MarkedSpace::Subspace& Heap::subspaceForObjectOfType()
</del><ins>+inline MarkedSpace::Subspace& Heap::subspaceForObjectOfType()
</ins><span class="cx"> {
</span><span class="cx"> // JSCell::classInfo() expects objects allocated with normal destructor to derive from JSDestructibleObject.
</span><span class="cx"> ASSERT((!ClassType::needsDestruction || (ClassType::StructureFlags & StructureIsImmortal) || std::is_convertible<ClassType, JSDestructibleObject>::value));
</span><span class="lines">@@ -221,16 +248,52 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename ClassType>
</span><del>-MarkedAllocator& Heap::allocatorForObjectOfType(size_t bytes)
</del><ins>+inline MarkedAllocator* Heap::allocatorForObjectOfType(size_t bytes)
</ins><span class="cx"> {
</span><span class="cx"> // JSCell::classInfo() expects objects allocated with normal destructor to derive from JSDestructibleObject.
</span><span class="cx"> ASSERT((!ClassType::needsDestruction || (ClassType::StructureFlags & StructureIsImmortal) || std::is_convertible<ClassType, JSDestructibleObject>::value));
</span><ins>+
+ MarkedAllocator* result;
+ if (ClassType::needsDestruction)
+ result = allocatorForObjectWithDestructor(bytes);
+ else
+ result = allocatorForObjectWithoutDestructor(bytes);
</ins><span class="cx">
</span><del>- if (ClassType::needsDestruction)
- return allocatorForObjectWithDestructor(bytes);
- return allocatorForObjectWithoutDestructor(bytes);
</del><ins>+ ASSERT(result || !ClassType::info()->isSubClassOf(JSCallee::info()));
+ return result;
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+inline void* Heap::allocateAuxiliary(JSCell* intendedOwner, size_t bytes)
+{
+ void* result = m_objectSpace.allocateAuxiliary(bytes);
+#if ENABLE(ALLOCATION_LOGGING)
+ dataLogF("JSC GC allocating %lu bytes of auxiliary for %p: %p.\n", bytes, intendedOwner, result);
+#else
+ UNUSED_PARAM(intendedOwner);
+#endif
+ return result;
+}
+
+inline void* Heap::tryAllocateAuxiliary(JSCell* intendedOwner, size_t bytes)
+{
+ void* result = m_objectSpace.tryAllocateAuxiliary(bytes);
+#if ENABLE(ALLOCATION_LOGGING)
+ dataLogF("JSC GC allocating %lu bytes of auxiliary for %p: %p.\n", bytes, intendedOwner, result);
+#else
+ UNUSED_PARAM(intendedOwner);
+#endif
+ return result;
+}
+
+inline void* Heap::tryReallocateAuxiliary(JSCell* intendedOwner, void* oldBase, size_t oldSize, size_t newSize)
+{
+ void* newBase = tryAllocateAuxiliary(intendedOwner, newSize);
+ if (!newBase)
+ return nullptr;
+ memcpy(newBase, oldBase, oldSize);
+ return newBase;
+}
+
</ins><span class="cx"> inline CheckedBoolean Heap::tryAllocateStorage(JSCell* intendedOwner, size_t bytes, void** outPtr)
</span><span class="cx"> {
</span><span class="cx"> CheckedBoolean result = m_storageSpace.tryAllocate(bytes, outPtr);
</span><span class="lines">@@ -354,33 +417,6 @@
</span><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline bool Heap::isPointerGCObject(TinyBloomFilter filter, MarkedBlockSet& markedBlockSet, void* pointer)
-{
- MarkedBlock* candidate = MarkedBlock::blockFor(pointer);
- if (filter.ruleOut(bitwise_cast<Bits>(candidate))) {
- ASSERT(!candidate || !markedBlockSet.set().contains(candidate));
- return false;
- }
-
- if (!MarkedBlock::isAtomAligned(pointer))
- return false;
-
- if (!markedBlockSet.set().contains(candidate))
- return false;
-
- if (!candidate->isLiveCell(pointer))
- return false;
-
- return true;
-}
-
-inline bool Heap::isValueGCObject(TinyBloomFilter filter, MarkedBlockSet& markedBlockSet, JSValue value)
-{
- if (!value.isCell())
- return false;
- return isPointerGCObject(filter, markedBlockSet, static_cast<void*>(value.asCell()));
-}
-
</del><span class="cx"> } // namespace JSC
</span><span class="cx">
</span><span class="cx"> #endif // HeapInlines_h
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapHeapOperationcppfromrev205702releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSApplePayShippingContactSelectedEventCustomcpp"></a>
<div class="copfile"><h4>Copied: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapOperation.cpp (from rev 205702, releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSApplePayShippingContactSelectedEventCustom.cpp) (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapOperation.cpp (rev 0)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapOperation.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,60 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "HeapOperation.h"
+
+#include <wtf/PrintStream.h>
+
+namespace WTF {
+
+using namespace JSC;
+
+void printInternal(PrintStream& out, HeapOperation operation)
+{
+ switch (operation) {
+ case NoOperation:
+ out.print("None");
+ return;
+ case Allocation:
+ out.print("Alloc");
+ return;
+ case FullCollection:
+ out.print("Full");
+ return;
+ case EdenCollection:
+ out.print("Eden");
+ return;
+ case AnyCollection:
+ out.print("Any");
+ return;
+ }
+ RELEASE_ASSERT_NOT_REACHED();
+}
+
+} // namespace WTF
+
+
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapHeapOperationh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapOperation.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapOperation.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapOperation.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -32,4 +32,12 @@
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span><span class="cx">
</span><ins>+namespace WTF {
+
+class PrintStream;
+
+void printInternal(PrintStream& out, JSC::HeapOperation);
+
+} // namespace WTF
+
</ins><span class="cx"> #endif // HeapOperation_h
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapHeapUtilh"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapUtil.h (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapUtil.h (rev 0)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapUtil.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,190 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+namespace JSC {
+
+// Are you tired of waiting for all of WebKit to build because you changed the implementation of a
+// function in HeapInlines.h? Does it bother you that you're waiting on rebuilding the JS DOM
+// bindings even though your change is in a function called from only 2 .cpp files? Then HeapUtil.h
+// is for you! Everything in this class should be a static method that takes a Heap& if needed.
+// This is a friend of Heap, so you can access all of Heap's privates.
+//
+// This ends up being an issue because Heap exposes a lot of methods that ought to be inline for
+// performance or that must be inline because they are templates. This class ought to contain
+// methods that are used for the implementation of the collector, or for unusual clients that need
+// to reach deep into the collector for some reason. Don't put things in here that would cause you
+// to have to include it from more than a handful of places, since that would defeat the purpose.
+// This class isn't here to look pretty. It's to let us hack the GC more easily!
+
+class HeapUtil {
+public:
+ // This function must be run after stopAllocation() is called and
+ // before liveness data is cleared to be accurate.
+ template<typename Func>
+ static void findGCObjectPointersForMarking(
+ Heap& heap, int64_t heapVersion, TinyBloomFilter filter, void* passedPointer,
+ const Func& func)
+ {
+ const HashSet<MarkedBlock*>& set = heap.objectSpace().blocks().set();
+
+ char* pointer = static_cast<char*>(passedPointer);
+
+ // It could point to a large allocation.
+ if (heap.objectSpace().largeAllocationsForThisCollectionSize()) {
+ if (heap.objectSpace().largeAllocationsForThisCollectionBegin()[0]->aboveLowerBound(pointer)
+ && heap.objectSpace().largeAllocationsForThisCollectionEnd()[-1]->belowUpperBound(pointer)) {
+ LargeAllocation** result = approximateBinarySearch<LargeAllocation*>(
+ heap.objectSpace().largeAllocationsForThisCollectionBegin(),
+ heap.objectSpace().largeAllocationsForThisCollectionSize(),
+ LargeAllocation::fromCell(pointer),
+ [] (LargeAllocation** ptr) -> LargeAllocation* { return *ptr; });
+ if (result) {
+ if (result > heap.objectSpace().largeAllocationsForThisCollectionBegin()
+ && result[-1]->contains(pointer))
+ func(result[-1]->cell());
+ if (result[0]->contains(pointer))
+ func(result[0]->cell());
+ if (result + 1 < heap.objectSpace().largeAllocationsForThisCollectionEnd()
+ && result[1]->contains(pointer))
+ func(result[1]->cell());
+ }
+ }
+ }
+
+ MarkedBlock* candidate = MarkedBlock::blockFor(pointer);
+ // It's possible for a butterfly pointer to point past the end of a butterfly. Check this now.
+ if (pointer <= bitwise_cast<char*>(candidate) + sizeof(IndexingHeader)) {
+ // We may be interested in the last cell of the previous MarkedBlock.
+ char* previousPointer = pointer - sizeof(IndexingHeader) - 1;
+ MarkedBlock* previousCandidate = MarkedBlock::blockFor(previousPointer);
+ if (!filter.ruleOut(bitwise_cast<Bits>(previousCandidate))
+ && set.contains(previousCandidate)
+ && previousCandidate->handle().cellKind() == HeapCell::Auxiliary) {
+ previousCandidate->flipIfNecessary(heapVersion);
+ previousPointer = static_cast<char*>(previousCandidate->handle().cellAlign(previousPointer));
+ if (previousCandidate->handle().isLiveCell(previousPointer))
+ func(previousPointer);
+ }
+ }
+
+ if (filter.ruleOut(bitwise_cast<Bits>(candidate))) {
+ ASSERT(!candidate || !set.contains(candidate));
+ return;
+ }
+
+ if (!set.contains(candidate))
+ return;
+
+ candidate->flipIfNecessary(heapVersion);
+
+ auto tryPointer = [&] (void* pointer) {
+ if (candidate->handle().isLiveCell(pointer))
+ func(pointer);
+ };
+
+ if (candidate->handle().cellKind() == HeapCell::JSCell) {
+ if (!MarkedBlock::isAtomAligned(pointer))
+ return;
+
+ tryPointer(pointer);
+ return;
+ }
+
+ // A butterfly could point into the middle of an object.
+ char* alignedPointer = static_cast<char*>(candidate->handle().cellAlign(pointer));
+ tryPointer(alignedPointer);
+
+ // Also, a butterfly could point at the end of an object plus sizeof(IndexingHeader). In that
+ // case, this is pointing to the object to the right of the one we should be marking.
+ if (candidate->atomNumber(alignedPointer) > MarkedBlock::firstAtom()
+ && pointer <= alignedPointer + sizeof(IndexingHeader))
+ tryPointer(alignedPointer - candidate->cellSize());
+ }
+
+ static bool isPointerGCObjectJSCell(
+ Heap& heap, TinyBloomFilter filter, const void* pointer)
+ {
+ // It could point to a large allocation.
+ const Vector<LargeAllocation*>& largeAllocations = heap.objectSpace().largeAllocations();
+ if (!largeAllocations.isEmpty()) {
+ if (largeAllocations[0]->aboveLowerBound(pointer)
+ && largeAllocations.last()->belowUpperBound(pointer)) {
+ LargeAllocation*const* result = approximateBinarySearch<LargeAllocation*const>(
+ largeAllocations.begin(), largeAllocations.size(),
+ LargeAllocation::fromCell(pointer),
+ [] (LargeAllocation*const* ptr) -> LargeAllocation* { return *ptr; });
+ if (result) {
+ if (result > largeAllocations.begin()
+ && result[-1]->cell() == pointer
+ && result[-1]->attributes().cellKind == HeapCell::JSCell)
+ return true;
+ if (result[0]->cell() == pointer
+ && result[0]->attributes().cellKind == HeapCell::JSCell)
+ return true;
+ if (result + 1 < largeAllocations.end()
+ && result[1]->cell() == pointer
+ && result[1]->attributes().cellKind == HeapCell::JSCell)
+ return true;
+ }
+ }
+ }
+
+ const HashSet<MarkedBlock*>& set = heap.objectSpace().blocks().set();
+
+ MarkedBlock* candidate = MarkedBlock::blockFor(pointer);
+ if (filter.ruleOut(bitwise_cast<Bits>(candidate))) {
+ ASSERT(!candidate || !set.contains(candidate));
+ return false;
+ }
+
+ if (!MarkedBlock::isAtomAligned(pointer))
+ return false;
+
+ if (!set.contains(candidate))
+ return false;
+
+ if (candidate->handle().cellKind() != HeapCell::JSCell)
+ return false;
+
+ candidate->flipIfNecessary();
+ if (!candidate->handle().isLiveCell(pointer))
+ return false;
+
+ return true;
+ }
+
+ static bool isValueGCObject(
+ Heap& heap, TinyBloomFilter filter, JSValue value)
+ {
+ if (!value.isCell())
+ return false;
+ return isPointerGCObjectJSCell(heap, filter, static_cast<void*>(value.asCell()));
+ }
+};
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapIncrementalSweepercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/IncrementalSweeper.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/IncrementalSweeper.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/IncrementalSweeper.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -128,7 +128,8 @@
</span><span class="cx"> bool IncrementalSweeper::sweepNextBlock()
</span><span class="cx"> {
</span><span class="cx"> while (!m_blocksToSweep.isEmpty()) {
</span><del>- MarkedBlock* block = m_blocksToSweep.takeLast();
</del><ins>+ MarkedBlock::Handle* block = m_blocksToSweep.takeLast();
+ block->setIsOnBlocksToSweep(false);
</ins><span class="cx">
</span><span class="cx"> if (!block->needsSweeping())
</span><span class="cx"> continue;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapIncrementalSweeperh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/IncrementalSweeper.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/IncrementalSweeper.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/IncrementalSweeper.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -27,6 +27,7 @@
</span><span class="cx"> #define IncrementalSweeper_h
</span><span class="cx">
</span><span class="cx"> #include "HeapTimer.h"
</span><ins>+#include "MarkedBlock.h"
</ins><span class="cx"> #include <wtf/Vector.h>
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="lines">@@ -55,7 +56,7 @@
</span><span class="cx"> void scheduleTimer();
</span><span class="cx"> void cancelTimer();
</span><span class="cx">
</span><del>- Vector<MarkedBlock*>& m_blocksToSweep;
</del><ins>+ Vector<MarkedBlock::Handle*>& m_blocksToSweep;
</ins><span class="cx"> #endif
</span><span class="cx"> };
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapLargeAllocationcpp"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/LargeAllocation.cpp (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/LargeAllocation.cpp (rev 0)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/LargeAllocation.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,112 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "LargeAllocation.h"
+
+#include "Heap.h"
+#include "JSCInlines.h"
+#include "Operations.h"
+
+namespace JSC {
+
+LargeAllocation* LargeAllocation::tryCreate(Heap& heap, size_t size, const AllocatorAttributes& attributes)
+{
+ void* space = tryFastAlignedMalloc(alignment, headerSize() + size);
+ if (!space)
+ return nullptr;
+ if (scribbleFreeCells())
+ scribble(space, size);
+ return new (NotNull, space) LargeAllocation(heap, size, attributes);
+}
+
+LargeAllocation::LargeAllocation(Heap& heap, size_t size, const AllocatorAttributes& attributes)
+ : m_cellSize(size)
+ , m_isNewlyAllocated(true)
+ , m_hasValidCell(true)
+ , m_attributes(attributes)
+ , m_weakSet(heap.vm(), *this)
+{
+ m_isMarked.store(0);
+}
+
+void LargeAllocation::lastChanceToFinalize()
+{
+ m_weakSet.lastChanceToFinalize();
+ clearMarked();
+ clearNewlyAllocated();
+ sweep();
+}
+
+void LargeAllocation::shrink()
+{
+ m_weakSet.shrink();
+}
+
+void LargeAllocation::visitWeakSet(HeapRootVisitor& visitor)
+{
+ m_weakSet.visit(visitor);
+}
+
+void LargeAllocation::reapWeakSet()
+{
+ return m_weakSet.reap();
+}
+
+void LargeAllocation::flip()
+{
+ ASSERT(heap()->operationInProgress() == FullCollection);
+ clearMarked();
+}
+
+bool LargeAllocation::isEmpty()
+{
+ return !isMarked() && m_weakSet.isEmpty() && !isNewlyAllocated();
+}
+
+void LargeAllocation::sweep()
+{
+ m_weakSet.sweep();
+
+ if (m_hasValidCell && !isLive()) {
+ if (m_attributes.destruction == NeedsDestruction)
+ static_cast<JSCell*>(cell())->callDestructor(*vm());
+ m_hasValidCell = false;
+ }
+}
+
+void LargeAllocation::destroy()
+{
+ this->~LargeAllocation();
+ fastAlignedFree(this);
+}
+
+void LargeAllocation::dump(PrintStream& out) const
+{
+ out.print(RawPointer(this), ":(cell at ", RawPointer(cell()), " with size ", m_cellSize, " and attributes ", m_attributes, ")");
+}
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapLargeAllocationh"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/LargeAllocation.h (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/LargeAllocation.h (rev 0)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/LargeAllocation.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,153 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "MarkedBlock.h"
+#include "WeakSet.h"
+
+namespace JSC {
+
+// WebKit has a good malloc that already knows what to do for large allocations. The GC shouldn't
+// have to think about such things. That's where LargeAllocation comes in. We will allocate large
+// objects directly using malloc, and put the LargeAllocation header just before them. We can detect
+// when a HeapCell* is a LargeAllocation because it will have the MarkedBlock::atomSize / 2 bit set.
+
+class LargeAllocation {
+public:
+ static LargeAllocation* tryCreate(Heap&, size_t, const AllocatorAttributes&);
+
+ static LargeAllocation* fromCell(const void* cell)
+ {
+ return bitwise_cast<LargeAllocation*>(bitwise_cast<char*>(cell) - headerSize());
+ }
+
+ HeapCell* cell() const
+ {
+ return bitwise_cast<HeapCell*>(bitwise_cast<char*>(this) + headerSize());
+ }
+
+ static bool isLargeAllocation(HeapCell* cell)
+ {
+ return bitwise_cast<uintptr_t>(cell) & halfAlignment;
+ }
+
+ void lastChanceToFinalize();
+
+ Heap* heap() const { return m_weakSet.heap(); }
+ VM* vm() const { return m_weakSet.vm(); }
+ WeakSet& weakSet() { return m_weakSet; }
+
+ void shrink();
+
+ void visitWeakSet(HeapRootVisitor&);
+ void reapWeakSet();
+
+ void clearNewlyAllocated() { m_isNewlyAllocated = false; }
+ void flip();
+
+ bool isNewlyAllocated() const { return m_isNewlyAllocated; }
+ ALWAYS_INLINE bool isMarked() { return m_isMarked.load(std::memory_order_relaxed); }
+ bool isMarkedOrNewlyAllocated() { return isMarked() || isNewlyAllocated(); }
+ bool isLive() { return isMarkedOrNewlyAllocated(); }
+
+ bool hasValidCell() const { return m_hasValidCell; }
+
+ bool isEmpty();
+
+ size_t cellSize() const { return m_cellSize; }
+
+ bool aboveLowerBound(const void* rawPtr)
+ {
+ char* ptr = bitwise_cast<char*>(rawPtr);
+ char* begin = bitwise_cast<char*>(cell());
+ return ptr >= begin;
+ }
+
+ bool belowUpperBound(const void* rawPtr)
+ {
+ char* ptr = bitwise_cast<char*>(rawPtr);
+ char* begin = bitwise_cast<char*>(cell());
+ char* end = begin + cellSize();
+ // We cannot #include IndexingHeader.h because reasons. The fact that IndexingHeader is 8
+ // bytes is wired deep into our engine, so this isn't so bad.
+ size_t sizeOfIndexingHeader = 8;
+ return ptr <= end + sizeOfIndexingHeader;
+ }
+
+ bool contains(const void* rawPtr)
+ {
+ return aboveLowerBound(rawPtr) && belowUpperBound(rawPtr);
+ }
+
+ const AllocatorAttributes& attributes() const { return m_attributes; }
+
+ void flipIfNecessary(uint64_t) { }
+ void flipIfNecessaryConcurrently(uint64_t) { }
+
+ ALWAYS_INLINE bool testAndSetMarked()
+ {
+ // This method is usually called when the object is already marked. This avoids us
+ // having to CAS in that case. It's profitable to reduce the total amount of CAS
+ // traffic.
+ if (isMarked())
+ return true;
+ return !m_isMarked.compareExchangeStrong(false, true);
+ }
+ ALWAYS_INLINE bool testAndSetMarked(HeapCell*) { return testAndSetMarked(); }
+ void setMarked() { m_isMarked.store(true); }
+ void clearMarked() { m_isMarked.store(false); }
+
+ void noteMarked() { }
+
+ void sweep();
+
+ void destroy();
+
+ void dump(PrintStream&) const;
+
+private:
+ LargeAllocation(Heap&, size_t, const AllocatorAttributes&);
+
+ static const unsigned alignment = MarkedBlock::atomSize;
+ static const unsigned halfAlignment = alignment / 2;
+
+ static unsigned headerSize();
+
+ size_t m_cellSize;
+ bool m_isNewlyAllocated;
+ bool m_hasValidCell;
+ Atomic<bool> m_isMarked;
+ AllocatorAttributes m_attributes;
+ WeakSet m_weakSet;
+};
+
+inline unsigned LargeAllocation::headerSize()
+{
+ return ((sizeof(LargeAllocation) + halfAlignment - 1) & ~(halfAlignment - 1)) | halfAlignment;
+}
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapMarkedAllocatorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedAllocator.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedAllocator.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedAllocator.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -30,17 +30,31 @@
</span><span class="cx"> #include "Heap.h"
</span><span class="cx"> #include "IncrementalSweeper.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><ins>+#include "SuperSampler.h"
</ins><span class="cx"> #include "VM.h"
</span><span class="cx"> #include <wtf/CurrentTime.h>
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><del>-static bool isListPagedOut(double deadline, DoublyLinkedList<MarkedBlock>& list)
</del><ins>+MarkedAllocator::MarkedAllocator(Heap* heap, MarkedSpace* markedSpace, size_t cellSize, const AllocatorAttributes& attributes)
+ : m_currentBlock(0)
+ , m_lastActiveBlock(0)
+ , m_nextBlockToSweep(nullptr)
+ , m_cellSize(static_cast<unsigned>(cellSize))
+ , m_attributes(attributes)
+ , m_heap(heap)
+ , m_markedSpace(markedSpace)
</ins><span class="cx"> {
</span><ins>+}
+
+bool MarkedAllocator::isPagedOut(double deadline)
+{
</ins><span class="cx"> unsigned itersSinceLastTimeCheck = 0;
</span><del>- MarkedBlock* block = list.head();
</del><ins>+ MarkedBlock::Handle* block = m_blockList.begin();
</ins><span class="cx"> while (block) {
</span><del>- block = block->next();
</del><ins>+ block = filterNextBlock(block->next());
+ if (block)
+ block->flipIfNecessary(); // Forces us to touch the memory of the block, but has no semantic effect.
</ins><span class="cx"> ++itersSinceLastTimeCheck;
</span><span class="cx"> if (itersSinceLastTimeCheck >= Heap::s_timeCheckResolution) {
</span><span class="cx"> double currentTime = WTF::monotonicallyIncreasingTime();
</span><span class="lines">@@ -52,79 +66,104 @@
</span><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-bool MarkedAllocator::isPagedOut(double deadline)
</del><ins>+void MarkedAllocator::retire(MarkedBlock::Handle* block)
</ins><span class="cx"> {
</span><del>- if (isListPagedOut(deadline, m_blockList))
- return true;
- return false;
</del><ins>+ LockHolder locker(m_lock); // This will be called in parallel during GC.
+ if (block == m_currentBlock) {
+ // This happens when the mutator is running. We finished a full GC and marked too few things
+ // to retire. Then we started allocating in this block. Then a barrier ran, which marked an
+ // object in this block, which put it over the retirement threshold. It's OK to simply do
+ // nothing in that case.
+ return;
+ }
+ if (block == m_lastActiveBlock) {
+ // This can easily happen during marking. It would be easy to handle this case, but it's
+ // just as easy to ignore it.
+ return;
+ }
+ RELEASE_ASSERT(block->isOnList());
+ if (block == m_nextBlockToSweep)
+ m_nextBlockToSweep = filterNextBlock(block->next());
+ block->remove();
+ m_retiredBlocks.push(block);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-void MarkedAllocator::retire(MarkedBlock* block, MarkedBlock::FreeList& freeList)
</del><ins>+MarkedBlock::Handle* MarkedAllocator::filterNextBlock(MarkedBlock::Handle* block)
</ins><span class="cx"> {
</span><del>- m_blockList.remove(block);
- m_retiredBlocks.push(block);
- block->didRetireBlock(freeList);
</del><ins>+ if (block == m_blockList.end())
+ return nullptr;
+ return block;
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-inline void* MarkedAllocator::tryAllocateHelper(size_t bytes)
</del><ins>+void MarkedAllocator::setNextBlockToSweep(MarkedBlock::Handle* block)
</ins><span class="cx"> {
</span><ins>+ m_nextBlockToSweep = filterNextBlock(block);
+}
+
+void* MarkedAllocator::tryAllocateWithoutCollectingImpl()
+{
+ SuperSamplerScope superSamplerScope(false);
+
</ins><span class="cx"> if (m_currentBlock) {
</span><span class="cx"> ASSERT(m_currentBlock == m_nextBlockToSweep);
</span><span class="cx"> m_currentBlock->didConsumeFreeList();
</span><del>- m_nextBlockToSweep = m_currentBlock->next();
</del><ins>+ setNextBlockToSweep(m_currentBlock->next());
</ins><span class="cx"> }
</span><ins>+
+ setFreeList(FreeList());
</ins><span class="cx">
</span><del>- MarkedBlock* next;
- for (MarkedBlock*& block = m_nextBlockToSweep; block; block = next) {
- next = block->next();
</del><ins>+ RELEASE_ASSERT(m_nextBlockToSweep != m_blockList.end());
</ins><span class="cx">
</span><del>- MarkedBlock::FreeList freeList = block->sweep(MarkedBlock::SweepToFreeList);
</del><ins>+ MarkedBlock::Handle* next;
+ for (MarkedBlock::Handle*& block = m_nextBlockToSweep; block; block = next) {
+ next = filterNextBlock(block->next());
+
+ // It would be super weird if the blocks we are sweeping have anything allocated during this
+ // cycle.
+ ASSERT(!block->hasAnyNewlyAllocated());
</ins><span class="cx">
</span><del>- double utilization = ((double)MarkedBlock::blockSize - (double)freeList.bytes) / (double)MarkedBlock::blockSize;
- if (utilization >= Options::minMarkedBlockUtilization()) {
- ASSERT(freeList.bytes || !freeList.head);
- retire(block, freeList);
</del><ins>+ FreeList freeList = block->sweep(MarkedBlock::Handle::SweepToFreeList);
+
+ // It's possible to stumble on a complete-full block. Marking tries to retire these, but
+ // that algorithm is racy and may forget to do it sometimes.
+ if (freeList.allocationWillFail()) {
+ ASSERT(block->isFreeListed());
+ block->unsweepWithNoNewlyAllocated();
+ ASSERT(block->isMarked());
+ retire(block);
</ins><span class="cx"> continue;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (bytes > block->cellSize()) {
- block->stopAllocating(freeList);
- continue;
- }
-
</del><span class="cx"> m_currentBlock = block;
</span><del>- m_freeList = freeList;
</del><ins>+ setFreeList(freeList);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (!m_freeList.head) {
</del><ins>+ if (!m_freeList) {
</ins><span class="cx"> m_currentBlock = 0;
</span><span class="cx"> return 0;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- ASSERT(m_freeList.head);
- void* head = tryPopFreeList(bytes);
- ASSERT(head);
</del><ins>+ void* result;
+ if (m_freeList.remaining) {
+ unsigned cellSize = m_cellSize;
+ m_freeList.remaining -= cellSize;
+ result = m_freeList.payloadEnd - m_freeList.remaining - cellSize;
+ } else {
+ FreeCell* head = m_freeList.head;
+ m_freeList.head = head->next;
+ result = head;
+ }
+ RELEASE_ASSERT(result);
</ins><span class="cx"> m_markedSpace->didAllocateInBlock(m_currentBlock);
</span><del>- return head;
</del><ins>+ return result;
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-inline void* MarkedAllocator::tryPopFreeList(size_t bytes)
</del><ins>+inline void* MarkedAllocator::tryAllocateWithoutCollecting()
</ins><span class="cx"> {
</span><del>- ASSERT(m_currentBlock);
- if (bytes > m_currentBlock->cellSize())
- return 0;
-
- MarkedBlock::FreeCell* head = m_freeList.head;
- m_freeList.head = head->next;
- return head;
-}
-
-inline void* MarkedAllocator::tryAllocate(size_t bytes)
-{
</del><span class="cx"> ASSERT(!m_heap->isBusy());
</span><span class="cx"> m_heap->m_operationInProgress = Allocation;
</span><del>- void* result = tryAllocateHelper(bytes);
</del><ins>+ void* result = tryAllocateWithoutCollectingImpl();
</ins><span class="cx">
</span><span class="cx"> m_heap->m_operationInProgress = NoOperation;
</span><span class="cx"> ASSERT(result || !m_currentBlock);
</span><span class="lines">@@ -146,22 +185,34 @@
</span><span class="cx"> allocationCount = 0;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void* MarkedAllocator::allocateSlowCase(size_t bytes)
</del><ins>+void* MarkedAllocator::allocateSlowCase()
</ins><span class="cx"> {
</span><ins>+ bool crashOnFailure = true;
+ return allocateSlowCaseImpl(crashOnFailure);
+}
+
+void* MarkedAllocator::tryAllocateSlowCase()
+{
+ bool crashOnFailure = false;
+ return allocateSlowCaseImpl(crashOnFailure);
+}
+
+void* MarkedAllocator::allocateSlowCaseImpl(bool crashOnFailure)
+{
+ SuperSamplerScope superSamplerScope(false);
</ins><span class="cx"> ASSERT(m_heap->vm()->currentThreadIsHoldingAPILock());
</span><span class="cx"> doTestCollectionsIfNeeded();
</span><span class="cx">
</span><span class="cx"> ASSERT(!m_markedSpace->isIterating());
</span><del>- ASSERT(!m_freeList.head);
- m_heap->didAllocate(m_freeList.bytes);
</del><ins>+ m_heap->didAllocate(m_freeList.originalSize);
</ins><span class="cx">
</span><del>- void* result = tryAllocate(bytes);
</del><ins>+ void* result = tryAllocateWithoutCollecting();
</ins><span class="cx">
</span><span class="cx"> if (LIKELY(result != 0))
</span><span class="cx"> return result;
</span><span class="cx">
</span><span class="cx"> if (m_heap->collectIfNecessaryOrDefer()) {
</span><del>- result = tryAllocate(bytes);
</del><ins>+ result = tryAllocateWithoutCollecting();
</ins><span class="cx"> if (result)
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="lines">@@ -168,67 +219,95 @@
</span><span class="cx">
</span><span class="cx"> ASSERT(!m_heap->shouldCollect());
</span><span class="cx">
</span><del>- MarkedBlock* block = allocateBlock(bytes);
- ASSERT(block);
</del><ins>+ MarkedBlock::Handle* block = tryAllocateBlock();
+ if (!block) {
+ if (crashOnFailure)
+ RELEASE_ASSERT_NOT_REACHED();
+ else
+ return nullptr;
+ }
</ins><span class="cx"> addBlock(block);
</span><span class="cx">
</span><del>- result = tryAllocate(bytes);
</del><ins>+ result = tryAllocateWithoutCollecting();
</ins><span class="cx"> ASSERT(result);
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-MarkedBlock* MarkedAllocator::allocateBlock(size_t bytes)
</del><ins>+static size_t blockHeaderSize()
</ins><span class="cx"> {
</span><ins>+ return WTF::roundUpToMultipleOf<MarkedBlock::atomSize>(sizeof(MarkedBlock));
+}
+
+size_t MarkedAllocator::blockSizeForBytes(size_t bytes)
+{
</ins><span class="cx"> size_t minBlockSize = MarkedBlock::blockSize;
</span><del>- size_t minAllocationSize = WTF::roundUpToMultipleOf<MarkedBlock::atomSize>(sizeof(MarkedBlock)) + WTF::roundUpToMultipleOf<MarkedBlock::atomSize>(bytes);
</del><ins>+ size_t minAllocationSize = blockHeaderSize() + WTF::roundUpToMultipleOf<MarkedBlock::atomSize>(bytes);
</ins><span class="cx"> minAllocationSize = WTF::roundUpToMultipleOf(WTF::pageSize(), minAllocationSize);
</span><del>- size_t blockSize = std::max(minBlockSize, minAllocationSize);
</del><ins>+ return std::max(minBlockSize, minAllocationSize);
+}
</ins><span class="cx">
</span><del>- size_t cellSize = m_cellSize ? m_cellSize : WTF::roundUpToMultipleOf<MarkedBlock::atomSize>(bytes);
-
- return MarkedBlock::create(*m_heap, this, blockSize, cellSize, m_attributes);
</del><ins>+MarkedBlock::Handle* MarkedAllocator::tryAllocateBlock()
+{
+ SuperSamplerScope superSamplerScope(false);
+ return MarkedBlock::tryCreate(*m_heap, this, m_cellSize, m_attributes);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-void MarkedAllocator::addBlock(MarkedBlock* block)
</del><ins>+void MarkedAllocator::addBlock(MarkedBlock::Handle* block)
</ins><span class="cx"> {
</span><span class="cx"> ASSERT(!m_currentBlock);
</span><del>- ASSERT(!m_freeList.head);
</del><ins>+ ASSERT(!m_freeList);
</ins><span class="cx">
</span><span class="cx"> m_blockList.append(block);
</span><del>- m_nextBlockToSweep = block;
</del><ins>+ setNextBlockToSweep(block);
</ins><span class="cx"> m_markedSpace->didAddBlock(block);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void MarkedAllocator::removeBlock(MarkedBlock* block)
</del><ins>+void MarkedAllocator::removeBlock(MarkedBlock::Handle* block)
</ins><span class="cx"> {
</span><span class="cx"> if (m_currentBlock == block) {
</span><del>- m_currentBlock = m_currentBlock->next();
- m_freeList = MarkedBlock::FreeList();
</del><ins>+ m_currentBlock = filterNextBlock(m_currentBlock->next());
+ setFreeList(FreeList());
</ins><span class="cx"> }
</span><span class="cx"> if (m_nextBlockToSweep == block)
</span><del>- m_nextBlockToSweep = m_nextBlockToSweep->next();
</del><ins>+ setNextBlockToSweep(m_nextBlockToSweep->next());
</ins><span class="cx">
</span><span class="cx"> block->willRemoveBlock();
</span><span class="cx"> m_blockList.remove(block);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void MarkedAllocator::stopAllocating()
+{
+ if (m_heap->operationInProgress() == FullCollection)
+ m_blockList.takeFrom(m_retiredBlocks);
+
+ ASSERT(!m_lastActiveBlock);
+ if (!m_currentBlock) {
+ ASSERT(!m_freeList);
+ return;
+ }
+
+ m_currentBlock->stopAllocating(m_freeList);
+ m_lastActiveBlock = m_currentBlock;
+ m_currentBlock = 0;
+ m_freeList = FreeList();
+}
+
</ins><span class="cx"> void MarkedAllocator::reset()
</span><span class="cx"> {
</span><span class="cx"> m_lastActiveBlock = 0;
</span><span class="cx"> m_currentBlock = 0;
</span><del>- m_freeList = MarkedBlock::FreeList();
- if (m_heap->operationInProgress() == FullCollection)
- m_blockList.append(m_retiredBlocks);
</del><ins>+ setFreeList(FreeList());
</ins><span class="cx">
</span><del>- m_nextBlockToSweep = m_blockList.head();
</del><ins>+ setNextBlockToSweep(m_blockList.begin());
</ins><span class="cx">
</span><span class="cx"> if (UNLIKELY(Options::useImmortalObjects())) {
</span><del>- MarkedBlock* next;
- for (MarkedBlock*& block = m_nextBlockToSweep; block; block = next) {
- next = block->next();
</del><ins>+ MarkedBlock::Handle* next;
+ for (MarkedBlock::Handle*& block = m_nextBlockToSweep; block; block = next) {
+ next = filterNextBlock(block->next());
</ins><span class="cx">
</span><del>- MarkedBlock::FreeList freeList = block->sweep(MarkedBlock::SweepToFreeList);
- retire(block, freeList);
</del><ins>+ FreeList freeList = block->sweep(MarkedBlock::Handle::SweepToFreeList);
+ block->zap(freeList);
+ retire(block);
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="lines">@@ -235,11 +314,16 @@
</span><span class="cx">
</span><span class="cx"> void MarkedAllocator::lastChanceToFinalize()
</span><span class="cx"> {
</span><del>- m_blockList.append(m_retiredBlocks);
</del><ins>+ m_blockList.takeFrom(m_retiredBlocks);
</ins><span class="cx"> forEachBlock(
</span><del>- [&] (MarkedBlock* block) {
</del><ins>+ [&] (MarkedBlock::Handle* block) {
</ins><span class="cx"> block->lastChanceToFinalize();
</span><span class="cx"> });
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void MarkedAllocator::setFreeList(const FreeList& freeList)
+{
+ m_freeList = freeList;
+}
+
</ins><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapMarkedAllocatorh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedAllocator.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedAllocator.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedAllocator.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -27,8 +27,9 @@
</span><span class="cx"> #define MarkedAllocator_h
</span><span class="cx">
</span><span class="cx"> #include "AllocatorAttributes.h"
</span><ins>+#include "FreeList.h"
</ins><span class="cx"> #include "MarkedBlock.h"
</span><del>-#include <wtf/DoublyLinkedList.h>
</del><ins>+#include <wtf/SentinelLinkedList.h>
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="lines">@@ -40,9 +41,10 @@
</span><span class="cx"> friend class LLIntOffsetsExtractor;
</span><span class="cx">
</span><span class="cx"> public:
</span><del>- static ptrdiff_t offsetOfFreeListHead();
</del><ins>+ static ptrdiff_t offsetOfFreeList();
+ static ptrdiff_t offsetOfCellSize();
</ins><span class="cx">
</span><del>- MarkedAllocator();
</del><ins>+ MarkedAllocator(Heap*, MarkedSpace*, size_t cellSize, const AllocatorAttributes&);
</ins><span class="cx"> void lastChanceToFinalize();
</span><span class="cx"> void reset();
</span><span class="cx"> void stopAllocating();
</span><span class="lines">@@ -52,11 +54,12 @@
</span><span class="cx"> bool needsDestruction() const { return m_attributes.destruction == NeedsDestruction; }
</span><span class="cx"> DestructionMode destruction() const { return m_attributes.destruction; }
</span><span class="cx"> HeapCell::Kind cellKind() const { return m_attributes.cellKind; }
</span><del>- void* allocate(size_t);
</del><ins>+ void* allocate();
+ void* tryAllocate();
</ins><span class="cx"> Heap* heap() { return m_heap; }
</span><del>- MarkedBlock* takeLastActiveBlock()
</del><ins>+ MarkedBlock::Handle* takeLastActiveBlock()
</ins><span class="cx"> {
</span><del>- MarkedBlock* block = m_lastActiveBlock;
</del><ins>+ MarkedBlock::Handle* block = m_lastActiveBlock;
</ins><span class="cx"> m_lastActiveBlock = 0;
</span><span class="cx"> return block;
</span><span class="cx"> }
</span><span class="lines">@@ -63,86 +66,87 @@
</span><span class="cx">
</span><span class="cx"> template<typename Functor> void forEachBlock(const Functor&);
</span><span class="cx">
</span><del>- void addBlock(MarkedBlock*);
- void removeBlock(MarkedBlock*);
- void init(Heap*, MarkedSpace*, size_t cellSize, const AllocatorAttributes&);
</del><ins>+ void addBlock(MarkedBlock::Handle*);
+ void removeBlock(MarkedBlock::Handle*);
</ins><span class="cx">
</span><span class="cx"> bool isPagedOut(double deadline);
</span><ins>+
+ static size_t blockSizeForBytes(size_t);
</ins><span class="cx">
</span><span class="cx"> private:
</span><del>- JS_EXPORT_PRIVATE void* allocateSlowCase(size_t);
- void* tryAllocate(size_t);
- void* tryAllocateHelper(size_t);
- void* tryPopFreeList(size_t);
- MarkedBlock* allocateBlock(size_t);
</del><ins>+ friend class MarkedBlock;
+
+ JS_EXPORT_PRIVATE void* allocateSlowCase();
+ JS_EXPORT_PRIVATE void* tryAllocateSlowCase();
+ void* allocateSlowCaseImpl(bool crashOnFailure);
+ void* tryAllocateWithoutCollecting();
+ void* tryAllocateWithoutCollectingImpl();
+ MarkedBlock::Handle* tryAllocateBlock();
</ins><span class="cx"> ALWAYS_INLINE void doTestCollectionsIfNeeded();
</span><del>- void retire(MarkedBlock*, MarkedBlock::FreeList&);
</del><ins>+ void retire(MarkedBlock::Handle*);
</ins><span class="cx">
</span><del>- MarkedBlock::FreeList m_freeList;
- MarkedBlock* m_currentBlock;
- MarkedBlock* m_lastActiveBlock;
- MarkedBlock* m_nextBlockToSweep;
- DoublyLinkedList<MarkedBlock> m_blockList;
- DoublyLinkedList<MarkedBlock> m_retiredBlocks;
- size_t m_cellSize;
</del><ins>+ void setFreeList(const FreeList&);
+
+ MarkedBlock::Handle* filterNextBlock(MarkedBlock::Handle*);
+ void setNextBlockToSweep(MarkedBlock::Handle*);
+
+ FreeList m_freeList;
+ MarkedBlock::Handle* m_currentBlock;
+ MarkedBlock::Handle* m_lastActiveBlock;
+ MarkedBlock::Handle* m_nextBlockToSweep;
+ SentinelLinkedList<MarkedBlock::Handle, BasicRawSentinelNode<MarkedBlock::Handle>> m_blockList;
+ SentinelLinkedList<MarkedBlock::Handle, BasicRawSentinelNode<MarkedBlock::Handle>> m_retiredBlocks;
+ Lock m_lock;
+ unsigned m_cellSize;
</ins><span class="cx"> AllocatorAttributes m_attributes;
</span><span class="cx"> Heap* m_heap;
</span><span class="cx"> MarkedSpace* m_markedSpace;
</span><span class="cx"> };
</span><span class="cx">
</span><del>-inline ptrdiff_t MarkedAllocator::offsetOfFreeListHead()
</del><ins>+inline ptrdiff_t MarkedAllocator::offsetOfFreeList()
</ins><span class="cx"> {
</span><del>- return OBJECT_OFFSETOF(MarkedAllocator, m_freeList) + OBJECT_OFFSETOF(MarkedBlock::FreeList, head);
</del><ins>+ return OBJECT_OFFSETOF(MarkedAllocator, m_freeList);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-inline MarkedAllocator::MarkedAllocator()
- : m_currentBlock(0)
- , m_lastActiveBlock(0)
- , m_nextBlockToSweep(0)
- , m_cellSize(0)
- , m_heap(0)
- , m_markedSpace(0)
</del><ins>+inline ptrdiff_t MarkedAllocator::offsetOfCellSize()
</ins><span class="cx"> {
</span><ins>+ return OBJECT_OFFSETOF(MarkedAllocator, m_cellSize);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-inline void MarkedAllocator::init(Heap* heap, MarkedSpace* markedSpace, size_t cellSize, const AllocatorAttributes& attributes)
</del><ins>+ALWAYS_INLINE void* MarkedAllocator::tryAllocate()
</ins><span class="cx"> {
</span><del>- m_heap = heap;
- m_markedSpace = markedSpace;
- m_cellSize = cellSize;
- m_attributes = attributes;
-}
-
-inline void* MarkedAllocator::allocate(size_t bytes)
-{
- MarkedBlock::FreeCell* head = m_freeList.head;
- if (UNLIKELY(!head)) {
- void* result = allocateSlowCase(bytes);
-#ifndef NDEBUG
- memset(result, 0xCD, bytes);
-#endif
- return result;
</del><ins>+ unsigned remaining = m_freeList.remaining;
+ if (remaining) {
+ unsigned cellSize = m_cellSize;
+ remaining -= cellSize;
+ m_freeList.remaining = remaining;
+ return m_freeList.payloadEnd - remaining - cellSize;
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+ FreeCell* head = m_freeList.head;
+ if (UNLIKELY(!head))
+ return tryAllocateSlowCase();
+
</ins><span class="cx"> m_freeList.head = head->next;
</span><del>-#ifndef NDEBUG
- memset(head, 0xCD, bytes);
-#endif
</del><span class="cx"> return head;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline void MarkedAllocator::stopAllocating()
</del><ins>+ALWAYS_INLINE void* MarkedAllocator::allocate()
</ins><span class="cx"> {
</span><del>- ASSERT(!m_lastActiveBlock);
- if (!m_currentBlock) {
- ASSERT(!m_freeList.head);
- return;
</del><ins>+ unsigned remaining = m_freeList.remaining;
+ if (remaining) {
+ unsigned cellSize = m_cellSize;
+ remaining -= cellSize;
+ m_freeList.remaining = remaining;
+ return m_freeList.payloadEnd - remaining - cellSize;
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- m_currentBlock->stopAllocating(m_freeList);
- m_lastActiveBlock = m_currentBlock;
- m_currentBlock = 0;
- m_freeList = MarkedBlock::FreeList();
</del><ins>+ FreeCell* head = m_freeList.head;
+ if (UNLIKELY(!head))
+ return allocateSlowCase();
+
+ m_freeList.head = head->next;
+ return head;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> inline void MarkedAllocator::resumeAllocating()
</span><span class="lines">@@ -157,16 +161,8 @@
</span><span class="cx">
</span><span class="cx"> template <typename Functor> inline void MarkedAllocator::forEachBlock(const Functor& functor)
</span><span class="cx"> {
</span><del>- MarkedBlock* next;
- for (MarkedBlock* block = m_blockList.head(); block; block = next) {
- next = block->next();
- functor(block);
- }
-
- for (MarkedBlock* block = m_retiredBlocks.head(); block; block = next) {
- next = block->next();
- functor(block);
- }
</del><ins>+ m_blockList.forEach(functor);
+ m_retiredBlocks.forEach(functor);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapMarkedBlockcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedBlock.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedBlock.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedBlock.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,6 +29,7 @@
</span><span class="cx"> #include "JSCell.h"
</span><span class="cx"> #include "JSDestructibleObject.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><ins>+#include "SuperSampler.h"
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="lines">@@ -35,7 +36,7 @@
</span><span class="cx"> static const bool computeBalance = false;
</span><span class="cx"> static size_t balance;
</span><span class="cx">
</span><del>-MarkedBlock* MarkedBlock::create(Heap& heap, MarkedAllocator* allocator, size_t capacity, size_t cellSize, const AllocatorAttributes& attributes)
</del><ins>+MarkedBlock::Handle* MarkedBlock::tryCreate(Heap& heap, MarkedAllocator* allocator, size_t cellSize, const AllocatorAttributes& attributes)
</ins><span class="cx"> {
</span><span class="cx"> if (computeBalance) {
</span><span class="cx"> balance++;
</span><span class="lines">@@ -42,62 +43,94 @@
</span><span class="cx"> if (!(balance % 10))
</span><span class="cx"> dataLog("MarkedBlock Balance: ", balance, "\n");
</span><span class="cx"> }
</span><del>- MarkedBlock* block = new (NotNull, fastAlignedMalloc(blockSize, capacity)) MarkedBlock(allocator, capacity, cellSize, attributes);
- heap.didAllocateBlock(capacity);
- return block;
</del><ins>+ void* blockSpace = tryFastAlignedMalloc(blockSize, blockSize);
+ if (!blockSpace)
+ return nullptr;
+ if (scribbleFreeCells())
+ scribble(blockSpace, blockSize);
+ return new Handle(heap, allocator, cellSize, attributes, blockSpace);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-void MarkedBlock::destroy(Heap& heap, MarkedBlock* block)
</del><ins>+MarkedBlock::Handle::Handle(Heap& heap, MarkedAllocator* allocator, size_t cellSize, const AllocatorAttributes& attributes, void* blockSpace)
+ : m_atomsPerCell((cellSize + atomSize - 1) / atomSize)
+ , m_endAtom(atomsPerBlock - m_atomsPerCell + 1)
+ , m_attributes(attributes)
+ , m_state(New) // All cells start out unmarked.
+ , m_allocator(allocator)
+ , m_weakSet(allocator->heap()->vm(), CellContainer())
</ins><span class="cx"> {
</span><ins>+ m_block = new (NotNull, blockSpace) MarkedBlock(*heap.vm(), *this);
+
+ m_weakSet.setContainer(*m_block);
+
+ heap.didAllocateBlock(blockSize);
+ HEAP_LOG_BLOCK_STATE_TRANSITION(this);
+ ASSERT(allocator);
+ if (m_attributes.cellKind != HeapCell::JSCell)
+ RELEASE_ASSERT(m_attributes.destruction == DoesNotNeedDestruction);
+}
+
+MarkedBlock::Handle::~Handle()
+{
+ Heap& heap = *this->heap();
</ins><span class="cx"> if (computeBalance) {
</span><span class="cx"> balance--;
</span><span class="cx"> if (!(balance % 10))
</span><span class="cx"> dataLog("MarkedBlock Balance: ", balance, "\n");
</span><span class="cx"> }
</span><del>- size_t capacity = block->capacity();
- block->~MarkedBlock();
- fastAlignedFree(block);
- heap.didFreeBlock(capacity);
</del><ins>+ m_block->~MarkedBlock();
+ fastAlignedFree(m_block);
+ heap.didFreeBlock(blockSize);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-MarkedBlock::MarkedBlock(MarkedAllocator* allocator, size_t capacity, size_t cellSize, const AllocatorAttributes& attributes)
- : DoublyLinkedListNode<MarkedBlock>()
- , m_atomsPerCell((cellSize + atomSize - 1) / atomSize)
- , m_endAtom((allocator->cellSize() ? atomsPerBlock - m_atomsPerCell : firstAtom()) + 1)
- , m_capacity(capacity)
- , m_attributes(attributes)
- , m_allocator(allocator)
- , m_state(New) // All cells start out unmarked.
- , m_weakSet(allocator->heap()->vm(), *this)
</del><ins>+MarkedBlock::MarkedBlock(VM& vm, Handle& handle)
+ : m_needsDestruction(handle.needsDestruction())
+ , m_handle(handle)
+ , m_vm(&vm)
+ , m_version(vm.heap.objectSpace().version())
</ins><span class="cx"> {
</span><del>- ASSERT(allocator);
- HEAP_LOG_BLOCK_STATE_TRANSITION(this);
- if (m_attributes.cellKind != HeapCell::JSCell)
- RELEASE_ASSERT(m_attributes.destruction == DoesNotNeedDestruction);
</del><ins>+ unsigned cellsPerBlock = MarkedSpace::blockPayload / handle.cellSize();
+ double markCountBias = -(Options::minMarkedBlockUtilization() * cellsPerBlock);
+
+ // The mark count bias should be comfortably within this range.
+ RELEASE_ASSERT(markCountBias > static_cast<double>(std::numeric_limits<int16_t>::min()));
+ RELEASE_ASSERT(markCountBias < 0);
+
+ m_markCountBias = static_cast<int16_t>(markCountBias);
+
+ m_biasedMarkCount = m_markCountBias; // This means we haven't marked anything yet.
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-inline void MarkedBlock::callDestructor(HeapCell* cell)
</del><ins>+template<MarkedBlock::BlockState blockState, MarkedBlock::Handle::SweepMode sweepMode, DestructionMode destructionMode, MarkedBlock::Handle::ScribbleMode scribbleMode, MarkedBlock::Handle::NewlyAllocatedMode newlyAllocatedMode>
+FreeList MarkedBlock::Handle::specializedSweep()
</ins><span class="cx"> {
</span><del>- // A previous eager sweep may already have run cell's destructor.
- if (cell->isZapped())
- return;
</del><ins>+ SuperSamplerScope superSamplerScope(false);
+ ASSERT(blockState == New || blockState == Marked);
+ ASSERT(!(destructionMode == DoesNotNeedDestruction && sweepMode == SweepOnly));
</ins><span class="cx">
</span><del>- JSCell* jsCell = static_cast<JSCell*>(cell);
</del><ins>+ assertFlipped();
+ MarkedBlock& block = this->block();
+
+ bool isNewBlock = blockState == New;
+ bool isEmptyBlock = !block.hasAnyMarked()
+ && newlyAllocatedMode == DoesNotHaveNewlyAllocated
+ && destructionMode == DoesNotNeedDestruction;
+ if (Options::useBumpAllocator() && (isNewBlock || isEmptyBlock)) {
+ ASSERT(block.m_marks.isEmpty());
+
+ char* startOfLastCell = static_cast<char*>(cellAlign(block.atoms() + m_endAtom - 1));
+ char* payloadEnd = startOfLastCell + cellSize();
+ RELEASE_ASSERT(payloadEnd - MarkedBlock::blockSize <= bitwise_cast<char*>(&block));
+ char* payloadBegin = bitwise_cast<char*>(block.atoms() + firstAtom());
+ if (scribbleMode == Scribble)
+ scribble(payloadBegin, payloadEnd - payloadBegin);
+ m_state = ((sweepMode == SweepToFreeList) ? FreeListed : Marked);
+ FreeList result = FreeList::bump(payloadEnd, payloadEnd - payloadBegin);
+ if (false)
+ dataLog("Quickly swept block ", RawPointer(this), " with cell size ", cellSize(), " and attributes ", m_attributes, ": ", result, "\n");
+ return result;
+ }
</ins><span class="cx">
</span><del>- ASSERT(jsCell->structureID());
- if (jsCell->inlineTypeFlags() & StructureIsImmortal)
- jsCell->structure(*vm())->classInfo()->methodTable.destroy(jsCell);
- else
- jsCast<JSDestructibleObject*>(jsCell)->classInfo()->methodTable.destroy(jsCell);
- cell->zap();
-}
-
-template<MarkedBlock::BlockState blockState, MarkedBlock::SweepMode sweepMode, bool callDestructors>
-MarkedBlock::FreeList MarkedBlock::specializedSweep()
-{
- ASSERT(blockState != Allocated && blockState != FreeListed);
- ASSERT(!(!callDestructors && sweepMode == SweepOnly));
-
</del><span class="cx"> // This produces a free list that is ordered in reverse through the block.
</span><span class="cx"> // This is fine, since the allocation code makes no assumptions about the
</span><span class="cx"> // order of the free list.
</span><span class="lines">@@ -104,16 +137,20 @@
</span><span class="cx"> FreeCell* head = 0;
</span><span class="cx"> size_t count = 0;
</span><span class="cx"> for (size_t i = firstAtom(); i < m_endAtom; i += m_atomsPerCell) {
</span><del>- if (blockState == Marked && (m_marks.get(i) || (m_newlyAllocated && m_newlyAllocated->get(i))))
</del><ins>+ if (blockState == Marked
+ && (block.m_marks.get(i)
+ || (newlyAllocatedMode == HasNewlyAllocated && m_newlyAllocated->get(i))))
</ins><span class="cx"> continue;
</span><span class="cx">
</span><del>- HeapCell* cell = reinterpret_cast_ptr<HeapCell*>(&atoms()[i]);
</del><ins>+ HeapCell* cell = reinterpret_cast_ptr<HeapCell*>(&block.atoms()[i]);
</ins><span class="cx">
</span><del>- if (callDestructors && blockState != New)
- callDestructor(cell);
</del><ins>+ if (destructionMode == NeedsDestruction && blockState != New)
+ static_cast<JSCell*>(cell)->callDestructor(*vm());
</ins><span class="cx">
</span><span class="cx"> if (sweepMode == SweepToFreeList) {
</span><span class="cx"> FreeCell* freeCell = reinterpret_cast<FreeCell*>(cell);
</span><ins>+ if (scribbleMode == Scribble)
+ scribble(freeCell, cellSize());
</ins><span class="cx"> freeCell->next = head;
</span><span class="cx"> head = freeCell;
</span><span class="cx"> ++count;
</span><span class="lines">@@ -122,15 +159,20 @@
</span><span class="cx">
</span><span class="cx"> // We only want to discard the newlyAllocated bits if we're creating a FreeList,
</span><span class="cx"> // otherwise we would lose information on what's currently alive.
</span><del>- if (sweepMode == SweepToFreeList && m_newlyAllocated)
</del><ins>+ if (sweepMode == SweepToFreeList && newlyAllocatedMode == HasNewlyAllocated)
</ins><span class="cx"> m_newlyAllocated = nullptr;
</span><span class="cx">
</span><del>- m_state = ((sweepMode == SweepToFreeList) ? FreeListed : Marked);
- return FreeList(head, count * cellSize());
</del><ins>+ FreeList result = FreeList::list(head, count * cellSize());
+ m_state = (sweepMode == SweepToFreeList ? FreeListed : Marked);
+ if (false)
+ dataLog("Slowly swept block ", RawPointer(&block), " with cell size ", cellSize(), " and attributes ", m_attributes, ": ", result, "\n");
+ return result;
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-MarkedBlock::FreeList MarkedBlock::sweep(SweepMode sweepMode)
</del><ins>+FreeList MarkedBlock::Handle::sweep(SweepMode sweepMode)
</ins><span class="cx"> {
</span><ins>+ flipIfNecessary();
+
</ins><span class="cx"> HEAP_LOG_BLOCK_STATE_TRANSITION(this);
</span><span class="cx">
</span><span class="cx"> m_weakSet.sweep();
</span><span class="lines">@@ -139,37 +181,60 @@
</span><span class="cx"> return FreeList();
</span><span class="cx">
</span><span class="cx"> if (m_attributes.destruction == NeedsDestruction)
</span><del>- return sweepHelper<true>(sweepMode);
- return sweepHelper<false>(sweepMode);
</del><ins>+ return sweepHelperSelectScribbleMode<NeedsDestruction>(sweepMode);
+ return sweepHelperSelectScribbleMode<DoesNotNeedDestruction>(sweepMode);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-template<bool callDestructors>
-MarkedBlock::FreeList MarkedBlock::sweepHelper(SweepMode sweepMode)
</del><ins>+template<DestructionMode destructionMode>
+FreeList MarkedBlock::Handle::sweepHelperSelectScribbleMode(SweepMode sweepMode)
</ins><span class="cx"> {
</span><ins>+ if (scribbleFreeCells())
+ return sweepHelperSelectStateAndSweepMode<destructionMode, Scribble>(sweepMode);
+ return sweepHelperSelectStateAndSweepMode<destructionMode, DontScribble>(sweepMode);
+}
+
+template<DestructionMode destructionMode, MarkedBlock::Handle::ScribbleMode scribbleMode>
+FreeList MarkedBlock::Handle::sweepHelperSelectStateAndSweepMode(SweepMode sweepMode)
+{
</ins><span class="cx"> switch (m_state) {
</span><span class="cx"> case New:
</span><span class="cx"> ASSERT(sweepMode == SweepToFreeList);
</span><del>- return specializedSweep<New, SweepToFreeList, callDestructors>();
</del><ins>+ return specializedSweep<New, SweepToFreeList, destructionMode, scribbleMode, DoesNotHaveNewlyAllocated>();
</ins><span class="cx"> case FreeListed:
</span><span class="cx"> // Happens when a block transitions to fully allocated.
</span><span class="cx"> ASSERT(sweepMode == SweepToFreeList);
</span><span class="cx"> return FreeList();
</span><del>- case Retired:
</del><span class="cx"> case Allocated:
</span><span class="cx"> RELEASE_ASSERT_NOT_REACHED();
</span><span class="cx"> return FreeList();
</span><span class="cx"> case Marked:
</span><del>- return sweepMode == SweepToFreeList
- ? specializedSweep<Marked, SweepToFreeList, callDestructors>()
- : specializedSweep<Marked, SweepOnly, callDestructors>();
</del><ins>+ if (m_newlyAllocated) {
+ return sweepMode == SweepToFreeList
+ ? specializedSweep<Marked, SweepToFreeList, destructionMode, scribbleMode, HasNewlyAllocated>()
+ : specializedSweep<Marked, SweepOnly, destructionMode, scribbleMode, HasNewlyAllocated>();
+ } else {
+ return sweepMode == SweepToFreeList
+ ? specializedSweep<Marked, SweepToFreeList, destructionMode, scribbleMode, DoesNotHaveNewlyAllocated>()
+ : specializedSweep<Marked, SweepOnly, destructionMode, scribbleMode, DoesNotHaveNewlyAllocated>();
+ }
</ins><span class="cx"> }
</span><span class="cx"> RELEASE_ASSERT_NOT_REACHED();
</span><span class="cx"> return FreeList();
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void MarkedBlock::Handle::unsweepWithNoNewlyAllocated()
+{
+ flipIfNecessary();
+
+ HEAP_LOG_BLOCK_STATE_TRANSITION(this);
+
+ RELEASE_ASSERT(m_state == FreeListed);
+ m_state = Marked;
+}
+
</ins><span class="cx"> class SetNewlyAllocatedFunctor : public MarkedBlock::VoidFunctor {
</span><span class="cx"> public:
</span><del>- SetNewlyAllocatedFunctor(MarkedBlock* block)
</del><ins>+ SetNewlyAllocatedFunctor(MarkedBlock::Handle* block)
</ins><span class="cx"> : m_block(block)
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="lines">@@ -176,31 +241,35 @@
</span><span class="cx">
</span><span class="cx"> IterationStatus operator()(HeapCell* cell, HeapCell::Kind) const
</span><span class="cx"> {
</span><del>- ASSERT(MarkedBlock::blockFor(cell) == m_block);
</del><ins>+ ASSERT(MarkedBlock::blockFor(cell) == &m_block->block());
</ins><span class="cx"> m_block->setNewlyAllocated(cell);
</span><span class="cx"> return IterationStatus::Continue;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> private:
</span><del>- MarkedBlock* m_block;
</del><ins>+ MarkedBlock::Handle* m_block;
</ins><span class="cx"> };
</span><span class="cx">
</span><del>-void MarkedBlock::stopAllocating(const FreeList& freeList)
</del><ins>+void MarkedBlock::Handle::stopAllocating(const FreeList& freeList)
</ins><span class="cx"> {
</span><ins>+ flipIfNecessary();
</ins><span class="cx"> HEAP_LOG_BLOCK_STATE_TRANSITION(this);
</span><del>- FreeCell* head = freeList.head;
</del><span class="cx">
</span><span class="cx"> if (m_state == Marked) {
</span><del>- // If the block is in the Marked state then we know that:
- // 1) It was not used for allocation during the previous allocation cycle.
- // 2) It may have dead objects, and we only know them to be dead by the
- // fact that their mark bits are unset.
</del><ins>+ // If the block is in the Marked state then we know that one of these
+ // conditions holds:
+ //
+ // - It was not used for allocation during the previous allocation cycle.
+ // It may have dead objects, and we only know them to be dead by the
+ // fact that their mark bits are unset.
+ //
+ // - Someone had already done stopAllocating(), for example because of
+ // heap iteration, and they had already
</ins><span class="cx"> // Hence if the block is Marked we need to leave it Marked.
</span><del>-
- ASSERT(!head);
</del><ins>+ ASSERT(freeList.allocationWillFail());
</ins><span class="cx"> return;
</span><span class="cx"> }
</span><del>-
</del><ins>+
</ins><span class="cx"> ASSERT(m_state == FreeListed);
</span><span class="cx">
</span><span class="cx"> // Roll back to a coherent state for Heap introspection. Cells newly
</span><span class="lines">@@ -213,57 +282,29 @@
</span><span class="cx"> SetNewlyAllocatedFunctor functor(this);
</span><span class="cx"> forEachCell(functor);
</span><span class="cx">
</span><del>- FreeCell* next;
- for (FreeCell* current = head; current; current = next) {
- next = current->next;
- if (m_attributes.destruction == NeedsDestruction)
- reinterpret_cast<HeapCell*>(current)->zap();
- clearNewlyAllocated(current);
- }
</del><ins>+ forEachFreeCell(
+ freeList,
+ [&] (HeapCell* cell) {
+ if (m_attributes.destruction == NeedsDestruction)
+ cell->zap();
+ clearNewlyAllocated(cell);
+ });
</ins><span class="cx">
</span><span class="cx"> m_state = Marked;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void MarkedBlock::clearMarks()
</del><ins>+void MarkedBlock::Handle::lastChanceToFinalize()
</ins><span class="cx"> {
</span><del>- if (heap()->operationInProgress() == JSC::EdenCollection)
- this->clearMarksWithCollectionType<EdenCollection>();
- else
- this->clearMarksWithCollectionType<FullCollection>();
-}
-
-template <HeapOperation collectionType>
-void MarkedBlock::clearMarksWithCollectionType()
-{
- ASSERT(collectionType == FullCollection || collectionType == EdenCollection);
- HEAP_LOG_BLOCK_STATE_TRANSITION(this);
-
- ASSERT(m_state != New && m_state != FreeListed);
- if (collectionType == FullCollection) {
- m_marks.clearAll();
- // This will become true at the end of the mark phase. We set it now to
- // avoid an extra pass to do so later.
- m_state = Marked;
- return;
- }
-
- ASSERT(collectionType == EdenCollection);
- // If a block was retired then there's no way an EdenCollection can un-retire it.
- if (m_state != Retired)
- m_state = Marked;
-}
-
-void MarkedBlock::lastChanceToFinalize()
-{
</del><ins>+ m_block->clearMarks();
</ins><span class="cx"> m_weakSet.lastChanceToFinalize();
</span><span class="cx">
</span><span class="cx"> clearNewlyAllocated();
</span><del>- clearMarksWithCollectionType<FullCollection>();
</del><span class="cx"> sweep();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-MarkedBlock::FreeList MarkedBlock::resumeAllocating()
</del><ins>+FreeList MarkedBlock::Handle::resumeAllocating()
</ins><span class="cx"> {
</span><ins>+ flipIfNecessary();
</ins><span class="cx"> HEAP_LOG_BLOCK_STATE_TRANSITION(this);
</span><span class="cx">
</span><span class="cx"> ASSERT(m_state == Marked);
</span><span class="lines">@@ -274,32 +315,148 @@
</span><span class="cx"> return FreeList();
</span><span class="cx"> }
</span><span class="cx">
</span><del>- // Re-create our free list from before stopping allocation.
</del><ins>+ // Re-create our free list from before stopping allocation. Note that this may return an empty
+ // freelist, in which case the block will still be Marked!
</ins><span class="cx"> return sweep(SweepToFreeList);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void MarkedBlock::didRetireBlock(const FreeList& freeList)
</del><ins>+void MarkedBlock::Handle::zap(const FreeList& freeList)
</ins><span class="cx"> {
</span><del>- HEAP_LOG_BLOCK_STATE_TRANSITION(this);
- FreeCell* head = freeList.head;
</del><ins>+ forEachFreeCell(
+ freeList,
+ [&] (HeapCell* cell) {
+ if (m_attributes.destruction == NeedsDestruction)
+ cell->zap();
+ });
+}
</ins><span class="cx">
</span><del>- // Currently we don't notify the Heap that we're giving up on this block.
- // The Heap might be able to make a better decision about how many bytes should
- // be allocated before the next collection if it knew about this retired block.
- // On the other hand we'll waste at most 10% of our Heap space between FullCollections
- // and only under heavy fragmentation.
-
- // We need to zap the free list when retiring a block so that we don't try to destroy
- // previously destroyed objects when we re-sweep the block in the future.
- FreeCell* next;
- for (FreeCell* current = head; current; current = next) {
- next = current->next;
- if (m_attributes.destruction == NeedsDestruction)
- reinterpret_cast<HeapCell*>(current)->zap();
</del><ins>+template<typename Func>
+void MarkedBlock::Handle::forEachFreeCell(const FreeList& freeList, const Func& func)
+{
+ if (freeList.remaining) {
+ for (unsigned remaining = freeList.remaining; remaining; remaining -= cellSize())
+ func(bitwise_cast<HeapCell*>(freeList.payloadEnd - remaining));
+ } else {
+ for (FreeCell* current = freeList.head; current;) {
+ FreeCell* next = current->next;
+ func(bitwise_cast<HeapCell*>(current));
+ current = next;
+ }
</ins><span class="cx"> }
</span><ins>+}
</ins><span class="cx">
</span><ins>+void MarkedBlock::flipIfNecessary()
+{
+ flipIfNecessary(vm()->heap.objectSpace().version());
+}
+
+void MarkedBlock::Handle::flipIfNecessary()
+{
+ block().flipIfNecessary();
+}
+
+void MarkedBlock::flipIfNecessarySlow()
+{
+ ASSERT(m_version != vm()->heap.objectSpace().version());
+ clearMarks();
+}
+
+void MarkedBlock::flipIfNecessaryConcurrentlySlow()
+{
+ LockHolder locker(m_lock);
+ if (m_version != vm()->heap.objectSpace().version())
+ clearMarks();
+}
+
+void MarkedBlock::clearMarks()
+{
+ m_marks.clearAll();
+ clearHasAnyMarked();
+ // This will become true at the end of the mark phase. We set it now to
+ // avoid an extra pass to do so later.
+ handle().m_state = Marked;
+ WTF::storeStoreFence();
+ m_version = vm()->heap.objectSpace().version();
+}
+
+#if !ASSERT_DISABLED
+void MarkedBlock::assertFlipped()
+{
+ ASSERT(m_version == vm()->heap.objectSpace().version());
+}
+#endif // !ASSERT_DISABLED
+
+bool MarkedBlock::needsFlip()
+{
+ return vm()->heap.objectSpace().version() != m_version;
+}
+
+bool MarkedBlock::Handle::needsFlip()
+{
+ return m_block->needsFlip();
+}
+
+void MarkedBlock::Handle::willRemoveBlock()
+{
+ flipIfNecessary();
+}
+
+void MarkedBlock::Handle::didConsumeFreeList()
+{
+ flipIfNecessary();
+ HEAP_LOG_BLOCK_STATE_TRANSITION(this);
+
</ins><span class="cx"> ASSERT(m_state == FreeListed);
</span><del>- m_state = Retired;
</del><ins>+
+ m_state = Allocated;
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+size_t MarkedBlock::markCount()
+{
+ flipIfNecessary();
+ return m_marks.count();
+}
+
+bool MarkedBlock::Handle::isEmpty()
+{
+ flipIfNecessary();
+ return m_state == Marked && !block().hasAnyMarked() && m_weakSet.isEmpty() && (!m_newlyAllocated || m_newlyAllocated->isEmpty());
+}
+
+void MarkedBlock::clearHasAnyMarked()
+{
+ m_biasedMarkCount = m_markCountBias;
+}
+
+void MarkedBlock::noteMarkedSlow()
+{
+ handle().m_allocator->retire(&handle());
+}
+
</ins><span class="cx"> } // namespace JSC
</span><ins>+
+namespace WTF {
+
+using namespace JSC;
+
+void printInternal(PrintStream& out, MarkedBlock::BlockState blockState)
+{
+ switch (blockState) {
+ case MarkedBlock::New:
+ out.print("New");
+ return;
+ case MarkedBlock::FreeListed:
+ out.print("FreeListed");
+ return;
+ case MarkedBlock::Allocated:
+ out.print("Allocated");
+ return;
+ case MarkedBlock::Marked:
+ out.print("Marked");
+ return;
+ }
+ RELEASE_ASSERT_NOT_REACHED();
+}
+
+} // namespace WTF
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapMarkedBlockh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedBlock.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedBlock.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedBlock.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -24,6 +24,7 @@
</span><span class="cx">
</span><span class="cx"> #include "AllocatorAttributes.h"
</span><span class="cx"> #include "DestructionMode.h"
</span><ins>+#include "FreeList.h"
</ins><span class="cx"> #include "HeapCell.h"
</span><span class="cx"> #include "HeapOperation.h"
</span><span class="cx"> #include "IterationStatus.h"
</span><span class="lines">@@ -34,88 +35,93 @@
</span><span class="cx"> #include <wtf/HashFunctions.h>
</span><span class="cx"> #include <wtf/StdLibExtras.h>
</span><span class="cx">
</span><ins>+namespace JSC {
+
+class Heap;
+class JSCell;
+class MarkedAllocator;
+
+typedef uintptr_t Bits;
+
</ins><span class="cx"> // Set to log state transitions of blocks.
</span><span class="cx"> #define HEAP_LOG_BLOCK_STATE_TRANSITIONS 0
</span><span class="cx">
</span><span class="cx"> #if HEAP_LOG_BLOCK_STATE_TRANSITIONS
</span><del>-#define HEAP_LOG_BLOCK_STATE_TRANSITION(block) do { \
- dataLogF( \
- "%s:%d %s: block %s = %p, %d\n", \
- __FILE__, __LINE__, __FUNCTION__, \
- #block, (block), (block)->m_state); \
</del><ins>+#define HEAP_LOG_BLOCK_STATE_TRANSITION(handle) do { \
+ dataLogF( \
+ "%s:%d %s: block %s = %p, %d\n", \
+ __FILE__, __LINE__, __FUNCTION__, \
+ #handle, &(handle)->block(), (handle)->m_state); \
</ins><span class="cx"> } while (false)
</span><span class="cx"> #else
</span><del>-#define HEAP_LOG_BLOCK_STATE_TRANSITION(block) ((void)0)
</del><ins>+#define HEAP_LOG_BLOCK_STATE_TRANSITION(handle) ((void)0)
</ins><span class="cx"> #endif
</span><span class="cx">
</span><del>-namespace JSC {
-
- class Heap;
- class JSCell;
- class MarkedAllocator;
</del><ins>+// A marked block is a page-aligned container for heap-allocated objects.
+// Objects are allocated within cells of the marked block. For a given
+// marked block, all cells have the same size. Objects smaller than the
+// cell size may be allocated in the marked block, in which case the
+// allocation suffers from internal fragmentation: wasted space whose
+// size is equal to the difference between the cell size and the object
+// size.
</ins><span class="cx">
</span><del>- typedef uintptr_t Bits;
</del><ins>+class MarkedBlock {
+ WTF_MAKE_NONCOPYABLE(MarkedBlock);
+ friend class LLIntOffsetsExtractor;
+ friend struct VerifyMarked;
</ins><span class="cx">
</span><del>- // A marked block is a page-aligned container for heap-allocated objects.
- // Objects are allocated within cells of the marked block. For a given
- // marked block, all cells have the same size. Objects smaller than the
- // cell size may be allocated in the marked block, in which case the
- // allocation suffers from internal fragmentation: wasted space whose
- // size is equal to the difference between the cell size and the object
- // size.
-
- class MarkedBlock : public DoublyLinkedListNode<MarkedBlock> {
- friend class WTF::DoublyLinkedListNode<MarkedBlock>;
- friend class LLIntOffsetsExtractor;
- friend struct VerifyMarkedOrRetired;
- public:
- static const size_t atomSize = 16; // bytes
- static const size_t blockSize = 16 * KB;
- static const size_t blockMask = ~(blockSize - 1); // blockSize must be a power of two.
-
- static const size_t atomsPerBlock = blockSize / atomSize;
-
- static_assert(!(MarkedBlock::atomSize & (MarkedBlock::atomSize - 1)), "MarkedBlock::atomSize must be a power of two.");
- static_assert(!(MarkedBlock::blockSize & (MarkedBlock::blockSize - 1)), "MarkedBlock::blockSize must be a power of two.");
-
- struct FreeCell {
- FreeCell* next;
- };
</del><ins>+public:
+ class Handle;
+private:
+ friend class Handle;
+public:
+ enum BlockState : uint8_t { New, FreeListed, Allocated, Marked };
</ins><span class="cx">
</span><del>- struct FreeList {
- FreeCell* head;
- size_t bytes;
</del><ins>+ static const size_t atomSize = 16; // bytes
+ static const size_t blockSize = 16 * KB;
+ static const size_t blockMask = ~(blockSize - 1); // blockSize must be a power of two.
</ins><span class="cx">
</span><del>- FreeList();
- FreeList(FreeCell*, size_t);
- };
</del><ins>+ static const size_t atomsPerBlock = blockSize / atomSize;
</ins><span class="cx">
</span><del>- struct VoidFunctor {
- typedef void ReturnType;
- void returnValue() { }
- };
</del><ins>+ static_assert(!(MarkedBlock::atomSize & (MarkedBlock::atomSize - 1)), "MarkedBlock::atomSize must be a power of two.");
+ static_assert(!(MarkedBlock::blockSize & (MarkedBlock::blockSize - 1)), "MarkedBlock::blockSize must be a power of two.");
</ins><span class="cx">
</span><del>- class CountFunctor {
- public:
- typedef size_t ReturnType;
</del><ins>+ struct VoidFunctor {
+ typedef void ReturnType;
+ void returnValue() { }
+ };
</ins><span class="cx">
</span><del>- CountFunctor() : m_count(0) { }
- void count(size_t count) const { m_count += count; }
- ReturnType returnValue() const { return m_count; }
</del><ins>+ class CountFunctor {
+ public:
+ typedef size_t ReturnType;
</ins><span class="cx">
</span><del>- private:
- // FIXME: This is mutable because we're using a functor rather than C++ lambdas.
- // https://bugs.webkit.org/show_bug.cgi?id=159644
- mutable ReturnType m_count;
- };
</del><ins>+ CountFunctor() : m_count(0) { }
+ void count(size_t count) const { m_count += count; }
+ ReturnType returnValue() const { return m_count; }
</ins><span class="cx">
</span><del>- static MarkedBlock* create(Heap&, MarkedAllocator*, size_t capacity, size_t cellSize, const AllocatorAttributes&);
- static void destroy(Heap&, MarkedBlock*);
</del><ins>+ private:
+ // FIXME: This is mutable because we're using a functor rather than C++ lambdas.
+ // https://bugs.webkit.org/show_bug.cgi?id=159644
+ mutable ReturnType m_count;
+ };
+
+ class Handle : public BasicRawSentinelNode<Handle> {
+ WTF_MAKE_NONCOPYABLE(Handle);
+ WTF_MAKE_FAST_ALLOCATED;
+ friend class DoublyLinkedListNode<Handle>;
+ friend class LLIntOffsetsExtractor;
+ friend class MarkedBlock;
+ friend struct VerifyMarked;
+ public:
+
+ ~Handle();
+
+ MarkedBlock& block();
+
+ void* cellAlign(void*);
+
+ bool isEmpty();
</ins><span class="cx">
</span><del>- static bool isAtomAligned(const void*);
- static MarkedBlock* blockFor(const void*);
- static size_t firstAtom();
-
</del><span class="cx"> void lastChanceToFinalize();
</span><span class="cx">
</span><span class="cx"> MarkedAllocator* allocator() const;
</span><span class="lines">@@ -122,15 +128,19 @@
</span><span class="cx"> Heap* heap() const;
</span><span class="cx"> VM* vm() const;
</span><span class="cx"> WeakSet& weakSet();
</span><del>-
</del><ins>+
</ins><span class="cx"> enum SweepMode { SweepOnly, SweepToFreeList };
</span><span class="cx"> FreeList sweep(SweepMode = SweepOnly);
</span><del>-
</del><ins>+
+ void unsweepWithNoNewlyAllocated();
+
+ void zap(const FreeList&);
+
</ins><span class="cx"> void shrink();
</span><del>-
- void visitWeakSet(HeapRootVisitor&);
</del><ins>+
+ unsigned visitWeakSet(HeapRootVisitor&);
</ins><span class="cx"> void reapWeakSet();
</span><del>-
</del><ins>+
</ins><span class="cx"> // While allocating from a free list, MarkedBlock temporarily has bogus
</span><span class="cx"> // cell liveness data. To restore accurate cell liveness data, call one
</span><span class="cx"> // of these functions:
</span><span class="lines">@@ -137,382 +147,557 @@
</span><span class="cx"> void didConsumeFreeList(); // Call this once you've allocated all the items in the free list.
</span><span class="cx"> void stopAllocating(const FreeList&);
</span><span class="cx"> FreeList resumeAllocating(); // Call this if you canonicalized a block for some non-collection related purpose.
</span><del>-
</del><ins>+
</ins><span class="cx"> // Returns true if the "newly allocated" bitmap was non-null
</span><span class="cx"> // and was successfully cleared and false otherwise.
</span><span class="cx"> bool clearNewlyAllocated();
</span><del>- void clearMarks();
- template <HeapOperation collectionType>
- void clearMarksWithCollectionType();
-
- size_t markCount();
- bool isEmpty();
-
</del><ins>+
+ void flipForEdenCollection();
+
</ins><span class="cx"> size_t cellSize();
</span><span class="cx"> const AllocatorAttributes& attributes() const;
</span><span class="cx"> DestructionMode destruction() const;
</span><span class="cx"> bool needsDestruction() const;
</span><span class="cx"> HeapCell::Kind cellKind() const;
</span><del>-
</del><ins>+
+ size_t markCount();
</ins><span class="cx"> size_t size();
</span><del>- size_t capacity();
-
- bool isMarked(const void*);
- bool testAndSetMarked(const void*);
</del><ins>+
</ins><span class="cx"> bool isLive(const HeapCell*);
</span><span class="cx"> bool isLiveCell(const void*);
</span><del>- bool isAtom(const void*);
</del><span class="cx"> bool isMarkedOrNewlyAllocated(const HeapCell*);
</span><del>- void setMarked(const void*);
- void clearMarked(const void*);
-
</del><ins>+
</ins><span class="cx"> bool isNewlyAllocated(const void*);
</span><span class="cx"> void setNewlyAllocated(const void*);
</span><span class="cx"> void clearNewlyAllocated(const void*);
</span><del>-
</del><ins>+
+ bool hasAnyNewlyAllocated() const { return !!m_newlyAllocated; }
+
</ins><span class="cx"> bool isAllocated() const;
</span><del>- bool isMarkedOrRetired() const;
</del><ins>+ bool isMarked() const;
+ bool isFreeListed() const;
</ins><span class="cx"> bool needsSweeping() const;
</span><del>- void didRetireBlock(const FreeList&);
</del><span class="cx"> void willRemoveBlock();
</span><span class="cx">
</span><span class="cx"> template <typename Functor> IterationStatus forEachCell(const Functor&);
</span><span class="cx"> template <typename Functor> IterationStatus forEachLiveCell(const Functor&);
</span><span class="cx"> template <typename Functor> IterationStatus forEachDeadCell(const Functor&);
</span><del>-
</del><ins>+
+ bool needsFlip();
+
+ void flipIfNecessaryConcurrently(uint64_t heapVersion);
+ void flipIfNecessary(uint64_t heapVersion);
+ void flipIfNecessary();
+
+ void assertFlipped();
+
+ bool isOnBlocksToSweep() const { return m_isOnBlocksToSweep; }
+ void setIsOnBlocksToSweep(bool value) { m_isOnBlocksToSweep = value; }
+
+ BlockState state() const { return m_state; }
+
</ins><span class="cx"> private:
</span><del>- static const size_t atomAlignmentMask = atomSize - 1;
-
- // During allocation, we look for available space in free lists in blocks.
- // If a block's utilization is sufficiently high (i.e. it's almost full),
- // we want to remove that block as a candidate for allocating to reduce
- // the likelihood of allocation having to take a slow path. When the
- // block is in this state, we say that it is "Retired".
- //
- // A full GC can take a Retired blocks out of retirement. An eden GC
- // will simply ignore Retired blocks (i.e. they will not be swept even
- // if they no longer have live objects).
-
- enum BlockState { New, FreeListed, Allocated, Marked, Retired };
- template<bool callDestructors> FreeList sweepHelper(SweepMode = SweepOnly);
-
- typedef char Atom[atomSize];
-
- MarkedBlock(MarkedAllocator*, size_t capacity, size_t cellSize, const AllocatorAttributes&);
- Atom* atoms();
- size_t atomNumber(const void*);
- void callDestructor(HeapCell*);
- template<BlockState, SweepMode, bool callDestructors> FreeList specializedSweep();
-
- MarkedBlock* m_prev;
- MarkedBlock* m_next;
-
</del><ins>+ Handle(Heap&, MarkedAllocator*, size_t cellSize, const AllocatorAttributes&, void*);
+
+ template<DestructionMode>
+ FreeList sweepHelperSelectScribbleMode(SweepMode = SweepOnly);
+
+ enum ScribbleMode { DontScribble, Scribble };
+
+ template<DestructionMode, ScribbleMode>
+ FreeList sweepHelperSelectStateAndSweepMode(SweepMode = SweepOnly);
+
+ enum NewlyAllocatedMode { HasNewlyAllocated, DoesNotHaveNewlyAllocated };
+
+ template<BlockState, SweepMode, DestructionMode, ScribbleMode, NewlyAllocatedMode>
+ FreeList specializedSweep();
+
+ template<typename Func>
+ void forEachFreeCell(const FreeList&, const Func&);
+
+ MarkedBlock::Handle* m_prev;
+ MarkedBlock::Handle* m_next;
+
</ins><span class="cx"> size_t m_atomsPerCell;
</span><span class="cx"> size_t m_endAtom; // This is a fuzzy end. Always test for < m_endAtom.
</span><del>- WTF::Bitmap<atomsPerBlock, WTF::BitmapAtomic, uint8_t> m_marks;
</del><ins>+
</ins><span class="cx"> std::unique_ptr<WTF::Bitmap<atomsPerBlock>> m_newlyAllocated;
</span><del>-
- size_t m_capacity;
</del><ins>+
</ins><span class="cx"> AllocatorAttributes m_attributes;
</span><ins>+ BlockState m_state;
+ bool m_isOnBlocksToSweep { false };
+
</ins><span class="cx"> MarkedAllocator* m_allocator;
</span><del>- BlockState m_state;
</del><span class="cx"> WeakSet m_weakSet;
</span><ins>+
+ MarkedBlock* m_block;
</ins><span class="cx"> };
</span><ins>+
+ static MarkedBlock::Handle* tryCreate(Heap&, MarkedAllocator*, size_t cellSize, const AllocatorAttributes&);
+
+ Handle& handle();
+
+ VM* vm() const;
</ins><span class="cx">
</span><del>- inline MarkedBlock::FreeList::FreeList()
- : head(0)
- , bytes(0)
- {
- }
</del><ins>+ static bool isAtomAligned(const void*);
+ static MarkedBlock* blockFor(const void*);
+ static size_t firstAtom();
+ size_t atomNumber(const void*);
+
+ size_t markCount();
</ins><span class="cx">
</span><del>- inline MarkedBlock::FreeList::FreeList(FreeCell* head, size_t bytes)
- : head(head)
- , bytes(bytes)
- {
- }
</del><ins>+ bool isMarked(const void*);
+ bool testAndSetMarked(const void*);
+
+ bool isMarkedOrNewlyAllocated(const HeapCell*);
</ins><span class="cx">
</span><del>- inline size_t MarkedBlock::firstAtom()
- {
- return WTF::roundUpToMultipleOf<atomSize>(sizeof(MarkedBlock)) / atomSize;
- }
</del><ins>+ bool isAtom(const void*);
+ void setMarked(const void*);
+ void clearMarked(const void*);
+
+ size_t cellSize();
+ const AllocatorAttributes& attributes() const;
</ins><span class="cx">
</span><del>- inline MarkedBlock::Atom* MarkedBlock::atoms()
- {
- return reinterpret_cast<Atom*>(this);
- }
</del><ins>+ bool hasAnyMarked() const;
+ void noteMarked();
+
+ WeakSet& weakSet();
</ins><span class="cx">
</span><del>- inline bool MarkedBlock::isAtomAligned(const void* p)
- {
- return !(reinterpret_cast<Bits>(p) & atomAlignmentMask);
- }
</del><ins>+ bool needsFlip();
+
+ void flipIfNecessaryConcurrently(uint64_t heapVersion);
+ void flipIfNecessary(uint64_t heapVersion);
+ void flipIfNecessary();
+
+ void assertFlipped();
+
+ bool needsDestruction() const { return m_needsDestruction; }
+
+private:
+ static const size_t atomAlignmentMask = atomSize - 1;
</ins><span class="cx">
</span><del>- inline MarkedBlock* MarkedBlock::blockFor(const void* p)
- {
- return reinterpret_cast<MarkedBlock*>(reinterpret_cast<Bits>(p) & blockMask);
- }
</del><ins>+ typedef char Atom[atomSize];
</ins><span class="cx">
</span><del>- inline MarkedAllocator* MarkedBlock::allocator() const
- {
- return m_allocator;
- }
</del><ins>+ MarkedBlock(VM&, Handle&);
+ Atom* atoms();
+
+ void flipIfNecessaryConcurrentlySlow();
+ void flipIfNecessarySlow();
+ void clearMarks();
+ void clearHasAnyMarked();
+
+ void noteMarkedSlow();
+
+ WTF::Bitmap<atomsPerBlock, WTF::BitmapAtomic, uint8_t> m_marks;
</ins><span class="cx">
</span><del>- inline Heap* MarkedBlock::heap() const
- {
- return m_weakSet.heap();
- }
</del><ins>+ bool m_needsDestruction;
+ Lock m_lock;
+
+ // The actual mark count can be computed by doing: m_biasedMarkCount - m_markCountBias. Note
+ // that this count is racy. It will accurately detect whether or not exactly zero things were
+ // marked, but if N things got marked, then this may report anything in the range [1, N] (or
+ // before unbiased, it would be [1 + m_markCountBias, N + m_markCountBias].)
+ int16_t m_biasedMarkCount;
+
+ // We bias the mark count so that if m_biasedMarkCount >= 0 then the block should be retired.
+ // We go to all this trouble to make marking a bit faster: this way, marking knows when to
+ // retire a block using a js/jns on m_biasedMarkCount.
+ //
+ // For example, if a block has room for 100 objects and retirement happens whenever 90% are
+ // live, then m_markCountBias will be -90. This way, when marking begins, this will cause us to
+ // set m_biasedMarkCount to -90 as well, since:
+ //
+ // m_biasedMarkCount = actualMarkCount + m_markCountBias.
+ //
+ // Marking an object will increment m_biasedMarkCount. Once 90 objects get marked, we will have
+ // m_biasedMarkCount = 0, which will trigger retirement. In other words, we want to set
+ // m_markCountBias like so:
+ //
+ // m_markCountBias = -(minMarkedBlockUtilization * cellsPerBlock)
+ //
+ // All of this also means that you can detect if any objects are marked by doing:
+ //
+ // m_biasedMarkCount != m_markCountBias
+ int16_t m_markCountBias;
+
+ Handle& m_handle;
+ VM* m_vm;
+
+ uint64_t m_version;
+};
</ins><span class="cx">
</span><del>- inline VM* MarkedBlock::vm() const
- {
- return m_weakSet.vm();
- }
</del><ins>+inline MarkedBlock::Handle& MarkedBlock::handle()
+{
+ return m_handle;
+}
</ins><span class="cx">
</span><del>- inline WeakSet& MarkedBlock::weakSet()
- {
- return m_weakSet;
- }
</del><ins>+inline MarkedBlock& MarkedBlock::Handle::block()
+{
+ return *m_block;
+}
</ins><span class="cx">
</span><del>- inline void MarkedBlock::shrink()
- {
- m_weakSet.shrink();
- }
</del><ins>+inline size_t MarkedBlock::firstAtom()
+{
+ return WTF::roundUpToMultipleOf<atomSize>(sizeof(MarkedBlock)) / atomSize;
+}
</ins><span class="cx">
</span><del>- inline void MarkedBlock::visitWeakSet(HeapRootVisitor& heapRootVisitor)
- {
- m_weakSet.visit(heapRootVisitor);
- }
</del><ins>+inline MarkedBlock::Atom* MarkedBlock::atoms()
+{
+ return reinterpret_cast<Atom*>(this);
+}
</ins><span class="cx">
</span><del>- inline void MarkedBlock::reapWeakSet()
- {
- m_weakSet.reap();
- }
</del><ins>+inline bool MarkedBlock::isAtomAligned(const void* p)
+{
+ return !(reinterpret_cast<Bits>(p) & atomAlignmentMask);
+}
</ins><span class="cx">
</span><del>- inline void MarkedBlock::willRemoveBlock()
- {
- ASSERT(m_state != Retired);
- }
</del><ins>+inline void* MarkedBlock::Handle::cellAlign(void* p)
+{
+ Bits base = reinterpret_cast<Bits>(block().atoms() + firstAtom());
+ Bits bits = reinterpret_cast<Bits>(p);
+ bits -= base;
+ bits -= bits % cellSize();
+ bits += base;
+ return reinterpret_cast<void*>(bits);
+}
</ins><span class="cx">
</span><del>- inline void MarkedBlock::didConsumeFreeList()
- {
- HEAP_LOG_BLOCK_STATE_TRANSITION(this);
</del><ins>+inline MarkedBlock* MarkedBlock::blockFor(const void* p)
+{
+ return reinterpret_cast<MarkedBlock*>(reinterpret_cast<Bits>(p) & blockMask);
+}
</ins><span class="cx">
</span><del>- ASSERT(m_state == FreeListed);
- m_state = Allocated;
- }
</del><ins>+inline MarkedAllocator* MarkedBlock::Handle::allocator() const
+{
+ return m_allocator;
+}
</ins><span class="cx">
</span><del>- inline size_t MarkedBlock::markCount()
- {
- return m_marks.count();
- }
</del><ins>+inline Heap* MarkedBlock::Handle::heap() const
+{
+ return m_weakSet.heap();
+}
</ins><span class="cx">
</span><del>- inline bool MarkedBlock::isEmpty()
- {
- return m_marks.isEmpty() && m_weakSet.isEmpty() && (!m_newlyAllocated || m_newlyAllocated->isEmpty());
- }
</del><ins>+inline VM* MarkedBlock::Handle::vm() const
+{
+ return m_weakSet.vm();
+}
</ins><span class="cx">
</span><del>- inline size_t MarkedBlock::cellSize()
- {
- return m_atomsPerCell * atomSize;
- }
</del><ins>+inline VM* MarkedBlock::vm() const
+{
+ return m_vm;
+}
</ins><span class="cx">
</span><del>- inline const AllocatorAttributes& MarkedBlock::attributes() const
- {
- return m_attributes;
- }
</del><ins>+inline WeakSet& MarkedBlock::Handle::weakSet()
+{
+ return m_weakSet;
+}
</ins><span class="cx">
</span><del>- inline bool MarkedBlock::needsDestruction() const
- {
- return m_attributes.destruction == NeedsDestruction;
- }
</del><ins>+inline WeakSet& MarkedBlock::weakSet()
+{
+ return m_handle.weakSet();
+}
</ins><span class="cx">
</span><del>- inline DestructionMode MarkedBlock::destruction() const
- {
- return m_attributes.destruction;
- }
</del><ins>+inline void MarkedBlock::Handle::shrink()
+{
+ m_weakSet.shrink();
+}
</ins><span class="cx">
</span><del>- inline HeapCell::Kind MarkedBlock::cellKind() const
- {
- return m_attributes.cellKind;
- }
</del><ins>+inline unsigned MarkedBlock::Handle::visitWeakSet(HeapRootVisitor& heapRootVisitor)
+{
+ return m_weakSet.visit(heapRootVisitor);
+}
</ins><span class="cx">
</span><del>- inline size_t MarkedBlock::size()
- {
- return markCount() * cellSize();
- }
</del><ins>+inline void MarkedBlock::Handle::reapWeakSet()
+{
+ m_weakSet.reap();
+}
</ins><span class="cx">
</span><del>- inline size_t MarkedBlock::capacity()
- {
- return m_capacity;
- }
</del><ins>+inline size_t MarkedBlock::Handle::cellSize()
+{
+ return m_atomsPerCell * atomSize;
+}
</ins><span class="cx">
</span><del>- inline size_t MarkedBlock::atomNumber(const void* p)
- {
- return (reinterpret_cast<Bits>(p) - reinterpret_cast<Bits>(this)) / atomSize;
- }
</del><ins>+inline size_t MarkedBlock::cellSize()
+{
+ return m_handle.cellSize();
+}
</ins><span class="cx">
</span><del>- inline bool MarkedBlock::isMarked(const void* p)
- {
- return m_marks.get(atomNumber(p));
- }
</del><ins>+inline const AllocatorAttributes& MarkedBlock::Handle::attributes() const
+{
+ return m_attributes;
+}
</ins><span class="cx">
</span><del>- inline bool MarkedBlock::testAndSetMarked(const void* p)
- {
- return m_marks.concurrentTestAndSet(atomNumber(p));
- }
</del><ins>+inline const AllocatorAttributes& MarkedBlock::attributes() const
+{
+ return m_handle.attributes();
+}
</ins><span class="cx">
</span><del>- inline void MarkedBlock::setMarked(const void* p)
- {
- m_marks.set(atomNumber(p));
- }
</del><ins>+inline bool MarkedBlock::Handle::needsDestruction() const
+{
+ return m_attributes.destruction == NeedsDestruction;
+}
</ins><span class="cx">
</span><del>- inline void MarkedBlock::clearMarked(const void* p)
- {
- ASSERT(m_marks.get(atomNumber(p)));
- m_marks.clear(atomNumber(p));
- }
</del><ins>+inline DestructionMode MarkedBlock::Handle::destruction() const
+{
+ return m_attributes.destruction;
+}
</ins><span class="cx">
</span><del>- inline bool MarkedBlock::isNewlyAllocated(const void* p)
- {
- return m_newlyAllocated->get(atomNumber(p));
- }
</del><ins>+inline HeapCell::Kind MarkedBlock::Handle::cellKind() const
+{
+ return m_attributes.cellKind;
+}
</ins><span class="cx">
</span><del>- inline void MarkedBlock::setNewlyAllocated(const void* p)
- {
- m_newlyAllocated->set(atomNumber(p));
- }
</del><ins>+inline size_t MarkedBlock::Handle::markCount()
+{
+ return m_block->markCount();
+}
</ins><span class="cx">
</span><del>- inline void MarkedBlock::clearNewlyAllocated(const void* p)
- {
- m_newlyAllocated->clear(atomNumber(p));
- }
</del><ins>+inline size_t MarkedBlock::Handle::size()
+{
+ return markCount() * cellSize();
+}
</ins><span class="cx">
</span><del>- inline bool MarkedBlock::clearNewlyAllocated()
- {
- if (m_newlyAllocated) {
- m_newlyAllocated = nullptr;
- return true;
- }
- return false;
- }
</del><ins>+inline size_t MarkedBlock::atomNumber(const void* p)
+{
+ return (reinterpret_cast<Bits>(p) - reinterpret_cast<Bits>(this)) / atomSize;
+}
</ins><span class="cx">
</span><del>- inline bool MarkedBlock::isMarkedOrNewlyAllocated(const HeapCell* cell)
- {
- ASSERT(m_state == Retired || m_state == Marked);
- return m_marks.get(atomNumber(cell)) || (m_newlyAllocated && isNewlyAllocated(cell));
</del><ins>+inline void MarkedBlock::flipIfNecessary(uint64_t heapVersion)
+{
+ if (UNLIKELY(heapVersion != m_version))
+ flipIfNecessarySlow();
+}
+
+inline void MarkedBlock::flipIfNecessaryConcurrently(uint64_t heapVersion)
+{
+ if (UNLIKELY(heapVersion != m_version))
+ flipIfNecessaryConcurrentlySlow();
+ WTF::loadLoadFence();
+}
+
+inline void MarkedBlock::Handle::flipIfNecessary(uint64_t heapVersion)
+{
+ block().flipIfNecessary(heapVersion);
+}
+
+inline void MarkedBlock::Handle::flipIfNecessaryConcurrently(uint64_t heapVersion)
+{
+ block().flipIfNecessaryConcurrently(heapVersion);
+}
+
+inline void MarkedBlock::Handle::flipForEdenCollection()
+{
+ assertFlipped();
+
+ HEAP_LOG_BLOCK_STATE_TRANSITION(this);
+
+ ASSERT(m_state != New && m_state != FreeListed);
+
+ m_state = Marked;
+}
+
+#if ASSERT_DISABLED
+inline void MarkedBlock::assertFlipped()
+{
+}
+#endif // ASSERT_DISABLED
+
+inline void MarkedBlock::Handle::assertFlipped()
+{
+ block().assertFlipped();
+}
+
+inline bool MarkedBlock::isMarked(const void* p)
+{
+ assertFlipped();
+ return m_marks.get(atomNumber(p));
+}
+
+inline bool MarkedBlock::testAndSetMarked(const void* p)
+{
+ assertFlipped();
+ return m_marks.concurrentTestAndSet(atomNumber(p));
+}
+
+inline bool MarkedBlock::Handle::isNewlyAllocated(const void* p)
+{
+ return m_newlyAllocated->get(m_block->atomNumber(p));
+}
+
+inline void MarkedBlock::Handle::setNewlyAllocated(const void* p)
+{
+ m_newlyAllocated->set(m_block->atomNumber(p));
+}
+
+inline void MarkedBlock::Handle::clearNewlyAllocated(const void* p)
+{
+ m_newlyAllocated->clear(m_block->atomNumber(p));
+}
+
+inline bool MarkedBlock::Handle::clearNewlyAllocated()
+{
+ if (m_newlyAllocated) {
+ m_newlyAllocated = nullptr;
+ return true;
</ins><span class="cx"> }
</span><ins>+ return false;
+}
</ins><span class="cx">
</span><del>- inline bool MarkedBlock::isLive(const HeapCell* cell)
- {
- switch (m_state) {
- case Allocated:
- return true;
</del><ins>+inline bool MarkedBlock::Handle::isMarkedOrNewlyAllocated(const HeapCell* cell)
+{
+ ASSERT(m_state == Marked);
+ return m_block->isMarked(cell) || (m_newlyAllocated && isNewlyAllocated(cell));
+}
</ins><span class="cx">
</span><del>- case Retired:
- case Marked:
- return isMarkedOrNewlyAllocated(cell);
</del><ins>+inline bool MarkedBlock::isMarkedOrNewlyAllocated(const HeapCell* cell)
+{
+ ASSERT(m_handle.m_state == Marked);
+ return isMarked(cell) || (m_handle.m_newlyAllocated && m_handle.isNewlyAllocated(cell));
+}
</ins><span class="cx">
</span><del>- case New:
- case FreeListed:
- RELEASE_ASSERT_NOT_REACHED();
- return false;
- }
</del><ins>+inline bool MarkedBlock::Handle::isLive(const HeapCell* cell)
+{
+ assertFlipped();
+ switch (m_state) {
+ case Allocated:
+ return true;
</ins><span class="cx">
</span><ins>+ case Marked:
+ return isMarkedOrNewlyAllocated(cell);
+
+ case New:
+ case FreeListed:
</ins><span class="cx"> RELEASE_ASSERT_NOT_REACHED();
</span><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- inline bool MarkedBlock::isAtom(const void* p)
- {
- ASSERT(MarkedBlock::isAtomAligned(p));
- size_t atomNumber = this->atomNumber(p);
- size_t firstAtom = this->firstAtom();
- if (atomNumber < firstAtom) // Filters pointers into MarkedBlock metadata.
- return false;
- if ((atomNumber - firstAtom) % m_atomsPerCell) // Filters pointers into cell middles.
- return false;
- if (atomNumber >= m_endAtom) // Filters pointers into invalid cells out of the range.
- return false;
- return true;
- }
</del><ins>+ RELEASE_ASSERT_NOT_REACHED();
+ return false;
+}
</ins><span class="cx">
</span><del>- inline bool MarkedBlock::isLiveCell(const void* p)
- {
- if (!isAtom(p))
- return false;
- return isLive(static_cast<const HeapCell*>(p));
- }
</del><ins>+inline bool MarkedBlock::isAtom(const void* p)
+{
+ ASSERT(MarkedBlock::isAtomAligned(p));
+ size_t atomNumber = this->atomNumber(p);
+ size_t firstAtom = MarkedBlock::firstAtom();
+ if (atomNumber < firstAtom) // Filters pointers into MarkedBlock metadata.
+ return false;
+ if ((atomNumber - firstAtom) % m_handle.m_atomsPerCell) // Filters pointers into cell middles.
+ return false;
+ if (atomNumber >= m_handle.m_endAtom) // Filters pointers into invalid cells out of the range.
+ return false;
+ return true;
+}
</ins><span class="cx">
</span><del>- template <typename Functor> inline IterationStatus MarkedBlock::forEachCell(const Functor& functor)
- {
- HeapCell::Kind kind = m_attributes.cellKind;
- for (size_t i = firstAtom(); i < m_endAtom; i += m_atomsPerCell) {
- HeapCell* cell = reinterpret_cast_ptr<HeapCell*>(&atoms()[i]);
- if (functor(cell, kind) == IterationStatus::Done)
- return IterationStatus::Done;
- }
- return IterationStatus::Continue;
</del><ins>+inline bool MarkedBlock::Handle::isLiveCell(const void* p)
+{
+ if (!m_block->isAtom(p))
+ return false;
+ return isLive(static_cast<const HeapCell*>(p));
+}
+
+template <typename Functor>
+inline IterationStatus MarkedBlock::Handle::forEachCell(const Functor& functor)
+{
+ HeapCell::Kind kind = m_attributes.cellKind;
+ for (size_t i = firstAtom(); i < m_endAtom; i += m_atomsPerCell) {
+ HeapCell* cell = reinterpret_cast_ptr<HeapCell*>(&m_block->atoms()[i]);
+ if (functor(cell, kind) == IterationStatus::Done)
+ return IterationStatus::Done;
</ins><span class="cx"> }
</span><ins>+ return IterationStatus::Continue;
+}
</ins><span class="cx">
</span><del>- template <typename Functor> inline IterationStatus MarkedBlock::forEachLiveCell(const Functor& functor)
- {
- HeapCell::Kind kind = m_attributes.cellKind;
- for (size_t i = firstAtom(); i < m_endAtom; i += m_atomsPerCell) {
- HeapCell* cell = reinterpret_cast_ptr<HeapCell*>(&atoms()[i]);
- if (!isLive(cell))
- continue;
</del><ins>+template <typename Functor>
+inline IterationStatus MarkedBlock::Handle::forEachLiveCell(const Functor& functor)
+{
+ flipIfNecessary();
+ HeapCell::Kind kind = m_attributes.cellKind;
+ for (size_t i = firstAtom(); i < m_endAtom; i += m_atomsPerCell) {
+ HeapCell* cell = reinterpret_cast_ptr<HeapCell*>(&m_block->atoms()[i]);
+ if (!isLive(cell))
+ continue;
</ins><span class="cx">
</span><del>- if (functor(cell, kind) == IterationStatus::Done)
- return IterationStatus::Done;
- }
- return IterationStatus::Continue;
</del><ins>+ if (functor(cell, kind) == IterationStatus::Done)
+ return IterationStatus::Done;
</ins><span class="cx"> }
</span><ins>+ return IterationStatus::Continue;
+}
</ins><span class="cx">
</span><del>- template <typename Functor> inline IterationStatus MarkedBlock::forEachDeadCell(const Functor& functor)
- {
- HeapCell::Kind kind = m_attributes.cellKind;
- for (size_t i = firstAtom(); i < m_endAtom; i += m_atomsPerCell) {
- HeapCell* cell = reinterpret_cast_ptr<HeapCell*>(&atoms()[i]);
- if (isLive(cell))
- continue;
</del><ins>+template <typename Functor>
+inline IterationStatus MarkedBlock::Handle::forEachDeadCell(const Functor& functor)
+{
+ flipIfNecessary();
+ HeapCell::Kind kind = m_attributes.cellKind;
+ for (size_t i = firstAtom(); i < m_endAtom; i += m_atomsPerCell) {
+ HeapCell* cell = reinterpret_cast_ptr<HeapCell*>(&m_block->atoms()[i]);
+ if (isLive(cell))
+ continue;
</ins><span class="cx">
</span><del>- if (functor(cell, kind) == IterationStatus::Done)
- return IterationStatus::Done;
- }
- return IterationStatus::Continue;
</del><ins>+ if (functor(cell, kind) == IterationStatus::Done)
+ return IterationStatus::Done;
</ins><span class="cx"> }
</span><ins>+ return IterationStatus::Continue;
+}
</ins><span class="cx">
</span><del>- inline bool MarkedBlock::needsSweeping() const
- {
- return m_state == Marked;
- }
</del><ins>+inline bool MarkedBlock::Handle::needsSweeping() const
+{
+ const_cast<MarkedBlock::Handle*>(this)->flipIfNecessary();
+ return m_state == Marked;
+}
</ins><span class="cx">
</span><del>- inline bool MarkedBlock::isAllocated() const
- {
- return m_state == Allocated;
- }
</del><ins>+inline bool MarkedBlock::Handle::isAllocated() const
+{
+ const_cast<MarkedBlock::Handle*>(this)->flipIfNecessary();
+ return m_state == Allocated;
+}
</ins><span class="cx">
</span><del>- inline bool MarkedBlock::isMarkedOrRetired() const
- {
- return m_state == Marked || m_state == Retired;
- }
</del><ins>+inline bool MarkedBlock::Handle::isMarked() const
+{
+ const_cast<MarkedBlock::Handle*>(this)->flipIfNecessary();
+ return m_state == Marked;
+}
</ins><span class="cx">
</span><ins>+inline bool MarkedBlock::Handle::isFreeListed() const
+{
+ const_cast<MarkedBlock::Handle*>(this)->flipIfNecessary();
+ return m_state == FreeListed;
+}
+
+inline bool MarkedBlock::hasAnyMarked() const
+{
+ return m_biasedMarkCount != m_markCountBias;
+}
+
+inline void MarkedBlock::noteMarked()
+{
+ // This is racy by design. We don't want to pay the price of an atomic increment!
+ int16_t biasedMarkCount = m_biasedMarkCount;
+ ++biasedMarkCount;
+ m_biasedMarkCount = biasedMarkCount;
+ if (UNLIKELY(!biasedMarkCount))
+ noteMarkedSlow();
+}
+
</ins><span class="cx"> } // namespace JSC
</span><span class="cx">
</span><span class="cx"> namespace WTF {
</span><span class="cx">
</span><del>- struct MarkedBlockHash : PtrHash<JSC::MarkedBlock*> {
- static unsigned hash(JSC::MarkedBlock* const& key)
- {
- // Aligned VM regions tend to be monotonically increasing integers,
- // which is a great hash function, but we have to remove the low bits,
- // since they're always zero, which is a terrible hash function!
- return reinterpret_cast<JSC::Bits>(key) / JSC::MarkedBlock::blockSize;
- }
- };
</del><ins>+struct MarkedBlockHash : PtrHash<JSC::MarkedBlock*> {
+ static unsigned hash(JSC::MarkedBlock* const& key)
+ {
+ // Aligned VM regions tend to be monotonically increasing integers,
+ // which is a great hash function, but we have to remove the low bits,
+ // since they're always zero, which is a terrible hash function!
+ return reinterpret_cast<JSC::Bits>(key) / JSC::MarkedBlock::blockSize;
+ }
+};
</ins><span class="cx">
</span><del>- template<> struct DefaultHash<JSC::MarkedBlock*> {
- typedef MarkedBlockHash Hash;
- };
</del><ins>+template<> struct DefaultHash<JSC::MarkedBlock*> {
+ typedef MarkedBlockHash Hash;
+};
</ins><span class="cx">
</span><ins>+void printInternal(PrintStream& out, JSC::MarkedBlock::BlockState);
+
</ins><span class="cx"> } // namespace WTF
</span><span class="cx">
</span><span class="cx"> #endif // MarkedBlock_h
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapMarkedSpacecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedSpace.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedSpace.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedSpace.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -24,17 +24,175 @@
</span><span class="cx"> #include "IncrementalSweeper.h"
</span><span class="cx"> #include "JSObject.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><ins>+#include "SuperSampler.h"
+#include <wtf/ListDump.h>
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><ins>+std::array<size_t, MarkedSpace::numSizeClasses> MarkedSpace::s_sizeClassForSizeStep;
+
+namespace {
+
+const Vector<size_t>& sizeClasses()
+{
+ static Vector<size_t>* result;
+ static std::once_flag once;
+ std::call_once(
+ once,
+ [] {
+ result = new Vector<size_t>();
+
+ auto add = [&] (size_t sizeClass) {
+ if (Options::dumpSizeClasses())
+ dataLog("Adding JSC MarkedSpace size class: ", sizeClass, "\n");
+ // Perform some validation as we go.
+ RELEASE_ASSERT(!(sizeClass % MarkedSpace::sizeStep));
+ if (result->isEmpty())
+ RELEASE_ASSERT(sizeClass == MarkedSpace::sizeStep);
+ else
+ RELEASE_ASSERT(sizeClass > result->last());
+ result->append(sizeClass);
+ };
+
+ // This is a definition of the size classes in our GC. It must define all of the
+ // size classes from sizeStep up to largeCutoff.
+
+ // Have very precise size classes for the small stuff. This is a loop to make it easy to reduce
+ // atomSize.
+ for (size_t size = MarkedSpace::sizeStep; size < MarkedSpace::preciseCutoff; size += MarkedSpace::sizeStep)
+ add(size);
+
+ // We want to make sure that the remaining size classes minimize internal fragmentation (i.e.
+ // the wasted space at the tail end of a MarkedBlock) while proceeding roughly in an exponential
+ // way starting at just above the precise size classes to four cells per block.
+
+ if (Options::dumpSizeClasses())
+ dataLog(" Marked block payload size: ", static_cast<size_t>(MarkedSpace::blockPayload), "\n");
+
+ for (unsigned i = 0; ; ++i) {
+ double approximateSize = MarkedSpace::preciseCutoff * pow(Options::sizeClassProgression(), i);
+
+ if (Options::dumpSizeClasses())
+ dataLog(" Next size class as a double: ", approximateSize, "\n");
+
+ size_t approximateSizeInBytes = static_cast<size_t>(approximateSize);
+
+ if (Options::dumpSizeClasses())
+ dataLog(" Next size class as bytes: ", approximateSizeInBytes, "\n");
+
+ // Make sure that the computer did the math correctly.
+ RELEASE_ASSERT(approximateSizeInBytes >= MarkedSpace::preciseCutoff);
+
+ if (approximateSizeInBytes > MarkedSpace::largeCutoff)
+ break;
+
+ size_t sizeClass =
+ WTF::roundUpToMultipleOf<MarkedSpace::sizeStep>(approximateSizeInBytes);
+
+ if (Options::dumpSizeClasses())
+ dataLog(" Size class: ", sizeClass, "\n");
+
+ // Optimize the size class so that there isn't any slop at the end of the block's
+ // payload.
+ unsigned cellsPerBlock = MarkedSpace::blockPayload / sizeClass;
+ size_t possiblyBetterSizeClass = (MarkedSpace::blockPayload / cellsPerBlock) & ~(MarkedSpace::sizeStep - 1);
+
+ if (Options::dumpSizeClasses())
+ dataLog(" Possibly better size class: ", possiblyBetterSizeClass, "\n");
+
+ // The size class we just came up with is better than the other one if it reduces
+ // total wastage assuming we only allocate cells of that size.
+ size_t originalWastage = MarkedSpace::blockPayload - cellsPerBlock * sizeClass;
+ size_t newWastage = (possiblyBetterSizeClass - sizeClass) * cellsPerBlock;
+
+ if (Options::dumpSizeClasses())
+ dataLog(" Original wastage: ", originalWastage, ", new wastage: ", newWastage, "\n");
+
+ size_t betterSizeClass;
+ if (newWastage > originalWastage)
+ betterSizeClass = sizeClass;
+ else
+ betterSizeClass = possiblyBetterSizeClass;
+
+ if (Options::dumpSizeClasses())
+ dataLog(" Choosing size class: ", betterSizeClass, "\n");
+
+ if (betterSizeClass == result->last()) {
+ // Defense for when expStep is small.
+ continue;
+ }
+
+ // This is usually how we get out of the loop.
+ if (betterSizeClass > MarkedSpace::largeCutoff
+ || betterSizeClass > Options::largeAllocationCutoff())
+ break;
+
+ add(betterSizeClass);
+ }
+
+ if (Options::dumpSizeClasses())
+ dataLog("JSC Heap MarkedSpace size class dump: ", listDump(*result), "\n");
+
+ // We have an optimiation in MarkedSpace::optimalSizeFor() that assumes things about
+ // the size class table. This checks our results against that function's assumptions.
+ for (size_t size = MarkedSpace::sizeStep, i = 0; size <= MarkedSpace::preciseCutoff; size += MarkedSpace::sizeStep, i++)
+ RELEASE_ASSERT(result->at(i) == size);
+ });
+ return *result;
+}
+
+template<typename TableType, typename SizeClassCons, typename DefaultCons>
+void buildSizeClassTable(TableType& table, const SizeClassCons& cons, const DefaultCons& defaultCons)
+{
+ size_t nextIndex = 0;
+ for (size_t sizeClass : sizeClasses()) {
+ auto entry = cons(sizeClass);
+ size_t index = MarkedSpace::sizeClassToIndex(sizeClass);
+ for (size_t i = nextIndex; i <= index; ++i)
+ table[i] = entry;
+ nextIndex = index + 1;
+ }
+ for (size_t i = nextIndex; i < MarkedSpace::numSizeClasses; ++i)
+ table[i] = defaultCons(MarkedSpace::indexToSizeClass(i));
+}
+
+} // anonymous namespace
+
+void MarkedSpace::initializeSizeClassForStepSize()
+{
+ // We call this multiple times and we may call it simultaneously from multiple threads. That's
+ // OK, since it always stores the same values into the table.
+
+ buildSizeClassTable(
+ s_sizeClassForSizeStep,
+ [&] (size_t sizeClass) -> size_t {
+ return sizeClass;
+ },
+ [&] (size_t sizeClass) -> size_t {
+ return sizeClass;
+ });
+}
+
</ins><span class="cx"> MarkedSpace::MarkedSpace(Heap* heap)
</span><span class="cx"> : m_heap(heap)
</span><span class="cx"> , m_capacity(0)
</span><span class="cx"> , m_isIterating(false)
</span><span class="cx"> {
</span><del>- forEachAllocator(
- [&] (MarkedAllocator& allocator, size_t cellSize, AllocatorAttributes attributes) -> IterationStatus {
- allocator.init(heap, this, cellSize, attributes);
</del><ins>+ initializeSizeClassForStepSize();
+
+ forEachSubspace(
+ [&] (Subspace& subspace, AllocatorAttributes attributes) -> IterationStatus {
+ subspace.attributes = attributes;
+
+ buildSizeClassTable(
+ subspace.allocatorForSizeStep,
+ [&] (size_t sizeClass) -> MarkedAllocator* {
+ return subspace.bagOfAllocators.add(heap, this, sizeClass, attributes);
+ },
+ [&] (size_t) -> MarkedAllocator* {
+ return nullptr;
+ });
+
</ins><span class="cx"> return IterationStatus::Continue;
</span><span class="cx"> });
</span><span class="cx"> }
</span><span class="lines">@@ -42,7 +200,7 @@
</span><span class="cx"> MarkedSpace::~MarkedSpace()
</span><span class="cx"> {
</span><span class="cx"> forEachBlock(
</span><del>- [&] (MarkedBlock* block) {
</del><ins>+ [&] (MarkedBlock::Handle* block) {
</ins><span class="cx"> freeBlock(block);
</span><span class="cx"> });
</span><span class="cx"> ASSERT(!m_blocks.set().size());
</span><span class="lines">@@ -52,21 +210,78 @@
</span><span class="cx"> {
</span><span class="cx"> stopAllocating();
</span><span class="cx"> forEachAllocator(
</span><del>- [&] (MarkedAllocator& allocator, size_t, AllocatorAttributes) -> IterationStatus {
</del><ins>+ [&] (MarkedAllocator& allocator) -> IterationStatus {
</ins><span class="cx"> allocator.lastChanceToFinalize();
</span><span class="cx"> return IterationStatus::Continue;
</span><span class="cx"> });
</span><ins>+ for (LargeAllocation* allocation : m_largeAllocations)
+ allocation->lastChanceToFinalize();
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+void* MarkedSpace::allocate(Subspace& subspace, size_t bytes)
+{
+ if (MarkedAllocator* allocator = allocatorFor(subspace, bytes))
+ return allocator->allocate();
+ return allocateLarge(subspace, bytes);
+}
+
+void* MarkedSpace::tryAllocate(Subspace& subspace, size_t bytes)
+{
+ if (MarkedAllocator* allocator = allocatorFor(subspace, bytes))
+ return allocator->tryAllocate();
+ return tryAllocateLarge(subspace, bytes);
+}
+
+void* MarkedSpace::allocateLarge(Subspace& subspace, size_t size)
+{
+ void* result = tryAllocateLarge(subspace, size);
+ RELEASE_ASSERT(result);
+ return result;
+}
+
+void* MarkedSpace::tryAllocateLarge(Subspace& subspace, size_t size)
+{
+ m_heap->collectIfNecessaryOrDefer();
+
+ size = WTF::roundUpToMultipleOf<sizeStep>(size);
+ LargeAllocation* allocation = LargeAllocation::tryCreate(*m_heap, size, subspace.attributes);
+ if (!allocation)
+ return nullptr;
+
+ m_largeAllocations.append(allocation);
+ m_heap->didAllocate(size);
+ m_capacity += size;
+ return allocation->cell();
+}
+
</ins><span class="cx"> void MarkedSpace::sweep()
</span><span class="cx"> {
</span><span class="cx"> m_heap->sweeper()->willFinishSweeping();
</span><span class="cx"> forEachBlock(
</span><del>- [&] (MarkedBlock* block) {
</del><ins>+ [&] (MarkedBlock::Handle* block) {
</ins><span class="cx"> block->sweep();
</span><span class="cx"> });
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void MarkedSpace::sweepLargeAllocations()
+{
+ RELEASE_ASSERT(m_largeAllocationsNurseryOffset == m_largeAllocations.size());
+ unsigned srcIndex = m_largeAllocationsNurseryOffsetForSweep;
+ unsigned dstIndex = srcIndex;
+ while (srcIndex < m_largeAllocations.size()) {
+ LargeAllocation* allocation = m_largeAllocations[srcIndex++];
+ allocation->sweep();
+ if (allocation->isEmpty()) {
+ m_capacity -= allocation->cellSize();
+ allocation->destroy();
+ continue;
+ }
+ m_largeAllocations[dstIndex++] = allocation;
+ }
+ m_largeAllocations.resize(dstIndex);
+ m_largeAllocationsNurseryOffset = m_largeAllocations.size();
+}
+
</ins><span class="cx"> void MarkedSpace::zombifySweep()
</span><span class="cx"> {
</span><span class="cx"> if (Options::logGC())
</span><span class="lines">@@ -73,7 +288,7 @@
</span><span class="cx"> dataLog("Zombifying sweep...");
</span><span class="cx"> m_heap->sweeper()->willFinishSweeping();
</span><span class="cx"> forEachBlock(
</span><del>- [&] (MarkedBlock* block) {
</del><ins>+ [&] (MarkedBlock::Handle* block) {
</ins><span class="cx"> if (block->needsSweeping())
</span><span class="cx"> block->sweep();
</span><span class="cx"> });
</span><span class="lines">@@ -82,78 +297,80 @@
</span><span class="cx"> void MarkedSpace::resetAllocators()
</span><span class="cx"> {
</span><span class="cx"> forEachAllocator(
</span><del>- [&] (MarkedAllocator& allocator, size_t, AllocatorAttributes) -> IterationStatus {
</del><ins>+ [&] (MarkedAllocator& allocator) -> IterationStatus {
</ins><span class="cx"> allocator.reset();
</span><span class="cx"> return IterationStatus::Continue;
</span><span class="cx"> });
</span><span class="cx">
</span><span class="cx"> m_blocksWithNewObjects.clear();
</span><ins>+ m_activeWeakSets.takeFrom(m_newActiveWeakSets);
+ if (m_heap->operationInProgress() == EdenCollection)
+ m_largeAllocationsNurseryOffsetForSweep = m_largeAllocationsNurseryOffset;
+ else
+ m_largeAllocationsNurseryOffsetForSweep = 0;
+ m_largeAllocationsNurseryOffset = m_largeAllocations.size();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void MarkedSpace::visitWeakSets(HeapRootVisitor& heapRootVisitor)
</span><span class="cx"> {
</span><del>- if (m_heap->operationInProgress() == EdenCollection) {
- for (unsigned i = 0; i < m_blocksWithNewObjects.size(); ++i)
- m_blocksWithNewObjects[i]->visitWeakSet(heapRootVisitor);
- } else {
- forEachBlock(
- [&] (MarkedBlock* block) {
- block->visitWeakSet(heapRootVisitor);
- });
- }
</del><ins>+ auto visit = [&] (WeakSet* weakSet) {
+ weakSet->visit(heapRootVisitor);
+ };
+
+ m_newActiveWeakSets.forEach(visit);
+
+ if (m_heap->operationInProgress() == FullCollection)
+ m_activeWeakSets.forEach(visit);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void MarkedSpace::reapWeakSets()
</span><span class="cx"> {
</span><del>- if (m_heap->operationInProgress() == EdenCollection) {
- for (unsigned i = 0; i < m_blocksWithNewObjects.size(); ++i)
- m_blocksWithNewObjects[i]->reapWeakSet();
- } else {
- forEachBlock(
- [&] (MarkedBlock* block) {
- block->reapWeakSet();
- });
- }
</del><ins>+ auto visit = [&] (WeakSet* weakSet) {
+ weakSet->reap();
+ };
+
+ m_newActiveWeakSets.forEach(visit);
+
+ if (m_heap->operationInProgress() == FullCollection)
+ m_activeWeakSets.forEach(visit);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-template <typename Functor>
-void MarkedSpace::forEachAllocator(const Functor& functor)
-{
- forEachSubspace(
- [&] (Subspace& subspace, AllocatorAttributes attributes) -> IterationStatus {
- for (size_t cellSize = preciseStep; cellSize <= preciseCutoff; cellSize += preciseStep) {
- if (functor(allocatorFor(subspace, cellSize), cellSize, attributes) == IterationStatus::Done)
- return IterationStatus::Done;
- }
- for (size_t cellSize = impreciseStart; cellSize <= impreciseCutoff; cellSize += impreciseStep) {
- if (functor(allocatorFor(subspace, cellSize), cellSize, attributes) == IterationStatus::Done)
- return IterationStatus::Done;
- }
- if (functor(subspace.largeAllocator, 0, attributes) == IterationStatus::Done)
- return IterationStatus::Done;
-
- return IterationStatus::Continue;
- });
-}
-
</del><span class="cx"> void MarkedSpace::stopAllocating()
</span><span class="cx"> {
</span><span class="cx"> ASSERT(!isIterating());
</span><span class="cx"> forEachAllocator(
</span><del>- [&] (MarkedAllocator& allocator, size_t, AllocatorAttributes) -> IterationStatus {
</del><ins>+ [&] (MarkedAllocator& allocator) -> IterationStatus {
</ins><span class="cx"> allocator.stopAllocating();
</span><span class="cx"> return IterationStatus::Continue;
</span><span class="cx"> });
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void MarkedSpace::prepareForMarking()
+{
+ if (m_heap->operationInProgress() == EdenCollection)
+ m_largeAllocationsOffsetForThisCollection = m_largeAllocationsNurseryOffset;
+ else
+ m_largeAllocationsOffsetForThisCollection = 0;
+ m_largeAllocationsForThisCollectionBegin = m_largeAllocations.begin() + m_largeAllocationsOffsetForThisCollection;
+ m_largeAllocationsForThisCollectionSize = m_largeAllocations.size() - m_largeAllocationsOffsetForThisCollection;
+ m_largeAllocationsForThisCollectionEnd = m_largeAllocations.end();
+ RELEASE_ASSERT(m_largeAllocationsForThisCollectionEnd == m_largeAllocationsForThisCollectionBegin + m_largeAllocationsForThisCollectionSize);
+ std::sort(
+ m_largeAllocationsForThisCollectionBegin, m_largeAllocationsForThisCollectionEnd,
+ [&] (LargeAllocation* a, LargeAllocation* b) {
+ return a < b;
+ });
+}
+
</ins><span class="cx"> void MarkedSpace::resumeAllocating()
</span><span class="cx"> {
</span><span class="cx"> ASSERT(isIterating());
</span><span class="cx"> forEachAllocator(
</span><del>- [&] (MarkedAllocator& allocator, size_t, AllocatorAttributes) -> IterationStatus {
</del><ins>+ [&] (MarkedAllocator& allocator) -> IterationStatus {
</ins><span class="cx"> allocator.resumeAllocating();
</span><span class="cx"> return IterationStatus::Continue;
</span><span class="cx"> });
</span><ins>+ // Nothing to do for LargeAllocations.
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> bool MarkedSpace::isPagedOut(double deadline)
</span><span class="lines">@@ -160,7 +377,7 @@
</span><span class="cx"> {
</span><span class="cx"> bool result = false;
</span><span class="cx"> forEachAllocator(
</span><del>- [&] (MarkedAllocator& allocator, size_t, AllocatorAttributes) -> IterationStatus {
</del><ins>+ [&] (MarkedAllocator& allocator) -> IterationStatus {
</ins><span class="cx"> if (allocator.isPagedOut(deadline)) {
</span><span class="cx"> result = true;
</span><span class="cx"> return IterationStatus::Done;
</span><span class="lines">@@ -167,18 +384,19 @@
</span><span class="cx"> }
</span><span class="cx"> return IterationStatus::Continue;
</span><span class="cx"> });
</span><ins>+ // FIXME: Consider taking LargeAllocations into account here.
</ins><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void MarkedSpace::freeBlock(MarkedBlock* block)
</del><ins>+void MarkedSpace::freeBlock(MarkedBlock::Handle* block)
</ins><span class="cx"> {
</span><span class="cx"> block->allocator()->removeBlock(block);
</span><del>- m_capacity -= block->capacity();
- m_blocks.remove(block);
- MarkedBlock::destroy(*m_heap, block);
</del><ins>+ m_capacity -= MarkedBlock::blockSize;
+ m_blocks.remove(&block->block());
+ delete block;
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-void MarkedSpace::freeOrShrinkBlock(MarkedBlock* block)
</del><ins>+void MarkedSpace::freeOrShrinkBlock(MarkedBlock::Handle* block)
</ins><span class="cx"> {
</span><span class="cx"> if (!block->isEmpty()) {
</span><span class="cx"> block->shrink();
</span><span class="lines">@@ -191,44 +409,43 @@
</span><span class="cx"> void MarkedSpace::shrink()
</span><span class="cx"> {
</span><span class="cx"> forEachBlock(
</span><del>- [&] (MarkedBlock* block) {
</del><ins>+ [&] (MarkedBlock::Handle* block) {
</ins><span class="cx"> freeOrShrinkBlock(block);
</span><span class="cx"> });
</span><ins>+ // For LargeAllocations, we do the moral equivalent in sweepLargeAllocations().
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void MarkedSpace::clearNewlyAllocated()
</span><span class="cx"> {
</span><span class="cx"> forEachAllocator(
</span><del>- [&] (MarkedAllocator& allocator, size_t size, AllocatorAttributes) -> IterationStatus {
- if (!size) {
- // This means it's a largeAllocator.
- allocator.forEachBlock(
- [&] (MarkedBlock* block) {
- block->clearNewlyAllocated();
- });
- return IterationStatus::Continue;
- }
-
- if (MarkedBlock* block = allocator.takeLastActiveBlock())
</del><ins>+ [&] (MarkedAllocator& allocator) -> IterationStatus {
+ if (MarkedBlock::Handle* block = allocator.takeLastActiveBlock())
</ins><span class="cx"> block->clearNewlyAllocated();
</span><span class="cx"> return IterationStatus::Continue;
</span><span class="cx"> });
</span><ins>+
+ for (unsigned i = m_largeAllocationsOffsetForThisCollection; i < m_largeAllocations.size(); ++i)
+ m_largeAllocations[i]->clearNewlyAllocated();
</ins><span class="cx">
</span><span class="cx"> #if !ASSERT_DISABLED
</span><span class="cx"> forEachBlock(
</span><del>- [&] (MarkedBlock* block) {
</del><ins>+ [&] (MarkedBlock::Handle* block) {
</ins><span class="cx"> ASSERT(!block->clearNewlyAllocated());
</span><span class="cx"> });
</span><ins>+
+ for (LargeAllocation* allocation : m_largeAllocations)
+ ASSERT(!allocation->isNewlyAllocated());
</ins><span class="cx"> #endif // !ASSERT_DISABLED
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> #ifndef NDEBUG
</span><del>-struct VerifyMarkedOrRetired : MarkedBlock::VoidFunctor {
- void operator()(MarkedBlock* block) const
</del><ins>+struct VerifyMarked : MarkedBlock::VoidFunctor {
+ void operator()(MarkedBlock::Handle* block) const
</ins><span class="cx"> {
</span><ins>+ if (block->needsFlip())
+ return;
</ins><span class="cx"> switch (block->m_state) {
</span><span class="cx"> case MarkedBlock::Marked:
</span><del>- case MarkedBlock::Retired:
</del><span class="cx"> return;
</span><span class="cx"> default:
</span><span class="cx"> RELEASE_ASSERT_NOT_REACHED();
</span><span class="lines">@@ -237,20 +454,19 @@
</span><span class="cx"> };
</span><span class="cx"> #endif
</span><span class="cx">
</span><del>-void MarkedSpace::clearMarks()
</del><ins>+void MarkedSpace::flip()
</ins><span class="cx"> {
</span><span class="cx"> if (m_heap->operationInProgress() == EdenCollection) {
</span><span class="cx"> for (unsigned i = 0; i < m_blocksWithNewObjects.size(); ++i)
</span><del>- m_blocksWithNewObjects[i]->clearMarks();
</del><ins>+ m_blocksWithNewObjects[i]->flipForEdenCollection();
</ins><span class="cx"> } else {
</span><del>- forEachBlock(
- [&] (MarkedBlock* block) {
- block->clearMarks();
- });
</del><ins>+ m_version++; // Henceforth, flipIfNecessary() will trigger on all blocks.
+ for (LargeAllocation* allocation : m_largeAllocations)
+ allocation->flip();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> #ifndef NDEBUG
</span><del>- VerifyMarkedOrRetired verifyFunctor;
</del><ins>+ VerifyMarked verifyFunctor;
</ins><span class="cx"> forEachBlock(verifyFunctor);
</span><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="lines">@@ -269,4 +485,63 @@
</span><span class="cx"> m_isIterating = false;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+size_t MarkedSpace::objectCount()
+{
+ size_t result = 0;
+ forEachBlock(
+ [&] (MarkedBlock::Handle* block) {
+ result += block->markCount();
+ });
+ for (LargeAllocation* allocation : m_largeAllocations) {
+ if (allocation->isMarked())
+ result++;
+ }
+ return result;
+}
+
+size_t MarkedSpace::size()
+{
+ size_t result = 0;
+ forEachBlock(
+ [&] (MarkedBlock::Handle* block) {
+ result += block->markCount() * block->cellSize();
+ });
+ for (LargeAllocation* allocation : m_largeAllocations) {
+ if (allocation->isMarked())
+ result += allocation->cellSize();
+ }
+ return result;
+}
+
+size_t MarkedSpace::capacity()
+{
+ return m_capacity;
+}
+
+void MarkedSpace::addActiveWeakSet(WeakSet* weakSet)
+{
+ // We conservatively assume that the WeakSet should belong in the new set. In fact, some weak
+ // sets might contain new weak handles even though they are tied to old objects. This slightly
+ // increases the amount of scanning that an eden collection would have to do, but the effect
+ // ought to be small.
+ m_newActiveWeakSets.append(weakSet);
+}
+
+void MarkedSpace::didAddBlock(MarkedBlock::Handle* block)
+{
+ m_capacity += MarkedBlock::blockSize;
+ m_blocks.add(&block->block());
+}
+
+void MarkedSpace::didAllocateInBlock(MarkedBlock::Handle* block)
+{
+ block->assertFlipped();
+ m_blocksWithNewObjects.append(block);
+
+ if (block->weakSet().isOnList()) {
+ block->weakSet().remove();
+ m_newActiveWeakSets.append(&block->weakSet());
+ }
+}
+
</ins><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapMarkedSpaceh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedSpace.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedSpace.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/MarkedSpace.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -23,13 +23,16 @@
</span><span class="cx"> #define MarkedSpace_h
</span><span class="cx">
</span><span class="cx"> #include "IterationStatus.h"
</span><ins>+#include "LargeAllocation.h"
</ins><span class="cx"> #include "MarkedAllocator.h"
</span><span class="cx"> #include "MarkedBlock.h"
</span><span class="cx"> #include "MarkedBlockSet.h"
</span><span class="cx"> #include <array>
</span><ins>+#include <wtf/Bag.h>
</ins><span class="cx"> #include <wtf/HashSet.h>
</span><span class="cx"> #include <wtf/Noncopyable.h>
</span><span class="cx"> #include <wtf/RetainPtr.h>
</span><ins>+#include <wtf/SentinelLinkedList.h>
</ins><span class="cx"> #include <wtf/Vector.h>
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="lines">@@ -37,42 +40,76 @@
</span><span class="cx"> class Heap;
</span><span class="cx"> class HeapIterationScope;
</span><span class="cx"> class LLIntOffsetsExtractor;
</span><ins>+class WeakSet;
</ins><span class="cx">
</span><span class="cx"> class MarkedSpace {
</span><span class="cx"> WTF_MAKE_NONCOPYABLE(MarkedSpace);
</span><span class="cx"> public:
</span><del>- // [ 16 ... 768 ]
- static const size_t preciseStep = MarkedBlock::atomSize;
- static const size_t preciseCutoff = 768;
- static const size_t preciseCount = preciseCutoff / preciseStep;
</del><ins>+ // sizeStep is really a synonym for atomSize; it's no accident that they are the same.
+ static const size_t sizeStep = MarkedBlock::atomSize;
+
+ // Sizes up to this amount get a size class for each size step.
+ static const size_t preciseCutoff = 80;
+
+ // The amount of available payload in a block is the block's size minus the header. But the
+ // header size might not be atom size aligned, so we round down the result accordingly.
+ static const size_t blockPayload = (MarkedBlock::blockSize - sizeof(MarkedBlock)) & ~(MarkedBlock::atomSize - 1);
+
+ // The largest cell we're willing to allocate in a MarkedBlock the "normal way" (i.e. using size
+ // classes, rather than a large allocation) is half the size of the payload, rounded down. This
+ // ensures that we only use the size class approach if it means being able to pack two things
+ // into one block.
+ static const size_t largeCutoff = (blockPayload / 2) & ~(sizeStep - 1);
</ins><span class="cx">
</span><del>- // [ 1024 ... blockSize/2 ]
- static const size_t impreciseStart = 1024;
- static const size_t impreciseStep = 256;
- static const size_t impreciseCutoff = MarkedBlock::blockSize / 2;
- static const size_t impreciseCount = impreciseCutoff / impreciseStep;
-
</del><ins>+ static const size_t numSizeClasses = largeCutoff / sizeStep;
+
+ static size_t sizeClassToIndex(size_t size)
+ {
+ ASSERT(size);
+ return (size + sizeStep - 1) / sizeStep - 1;
+ }
+
+ static size_t indexToSizeClass(size_t index)
+ {
+ return (index + 1) * sizeStep;
+ }
+
+ // Each Subspace corresponds to all of the blocks for all of the sizes for some "class" of
+ // objects. There are three classes: non-destructor JSCells, destructor JSCells, and auxiliary.
+ // MarkedSpace is set up to make it relatively easy to add new Subspaces.
</ins><span class="cx"> struct Subspace {
</span><del>- std::array<MarkedAllocator, preciseCount> preciseAllocators;
- std::array<MarkedAllocator, impreciseCount> impreciseAllocators;
- MarkedAllocator largeAllocator;
</del><ins>+ std::array<MarkedAllocator*, numSizeClasses> allocatorForSizeStep;
+
+ // Each MarkedAllocator is a size class.
+ Bag<MarkedAllocator> bagOfAllocators;
+
+ AllocatorAttributes attributes;
</ins><span class="cx"> };
</span><del>-
</del><ins>+
</ins><span class="cx"> MarkedSpace(Heap*);
</span><span class="cx"> ~MarkedSpace();
</span><span class="cx"> void lastChanceToFinalize();
</span><span class="cx">
</span><del>- MarkedAllocator& allocatorFor(size_t);
- MarkedAllocator& destructorAllocatorFor(size_t);
- MarkedAllocator& auxiliaryAllocatorFor(size_t);
</del><ins>+ static size_t optimalSizeFor(size_t);
+
+ static MarkedAllocator* allocatorFor(Subspace&, size_t);
+
+ MarkedAllocator* allocatorFor(size_t);
+ MarkedAllocator* destructorAllocatorFor(size_t);
+ MarkedAllocator* auxiliaryAllocatorFor(size_t);
+
+ JS_EXPORT_PRIVATE void* allocate(Subspace&, size_t);
+ JS_EXPORT_PRIVATE void* tryAllocate(Subspace&, size_t);
+
</ins><span class="cx"> void* allocateWithDestructor(size_t);
</span><span class="cx"> void* allocateWithoutDestructor(size_t);
</span><span class="cx"> void* allocateAuxiliary(size_t);
</span><del>-
</del><ins>+ void* tryAllocateAuxiliary(size_t);
+
</ins><span class="cx"> Subspace& subspaceForObjectsWithDestructor() { return m_destructorSpace; }
</span><span class="cx"> Subspace& subspaceForObjectsWithoutDestructor() { return m_normalSpace; }
</span><span class="cx"> Subspace& subspaceForAuxiliaryData() { return m_auxiliarySpace; }
</span><del>-
</del><ins>+
</ins><span class="cx"> void resetAllocators();
</span><span class="cx">
</span><span class="cx"> void visitWeakSets(HeapRootVisitor&);
</span><span class="lines">@@ -86,6 +123,8 @@
</span><span class="cx">
</span><span class="cx"> void stopAllocating();
</span><span class="cx"> void resumeAllocating(); // If we just stopped allocation but we didn't do a collection, we need to resume allocation.
</span><ins>+
+ void prepareForMarking();
</ins><span class="cx">
</span><span class="cx"> typedef HashSet<MarkedBlock*>::iterator BlockIterator;
</span><span class="cx">
</span><span class="lines">@@ -94,16 +133,17 @@
</span><span class="cx"> template<typename Functor> void forEachBlock(const Functor&);
</span><span class="cx">
</span><span class="cx"> void shrink();
</span><del>- void freeBlock(MarkedBlock*);
- void freeOrShrinkBlock(MarkedBlock*);
</del><ins>+ void freeBlock(MarkedBlock::Handle*);
+ void freeOrShrinkBlock(MarkedBlock::Handle*);
</ins><span class="cx">
</span><del>- void didAddBlock(MarkedBlock*);
- void didConsumeFreeList(MarkedBlock*);
- void didAllocateInBlock(MarkedBlock*);
</del><ins>+ void didAddBlock(MarkedBlock::Handle*);
+ void didConsumeFreeList(MarkedBlock::Handle*);
+ void didAllocateInBlock(MarkedBlock::Handle*);
</ins><span class="cx">
</span><del>- void clearMarks();
</del><ins>+ void flip();
</ins><span class="cx"> void clearNewlyAllocated();
</span><span class="cx"> void sweep();
</span><ins>+ void sweepLargeAllocations();
</ins><span class="cx"> void zombifySweep();
</span><span class="cx"> size_t objectCount();
</span><span class="cx"> size_t size();
</span><span class="lines">@@ -110,16 +150,39 @@
</span><span class="cx"> size_t capacity();
</span><span class="cx">
</span><span class="cx"> bool isPagedOut(double deadline);
</span><ins>+
+ uint64_t version() const { return m_version; }
</ins><span class="cx">
</span><del>- const Vector<MarkedBlock*>& blocksWithNewObjects() const { return m_blocksWithNewObjects; }
</del><ins>+ const Vector<MarkedBlock::Handle*>& blocksWithNewObjects() const { return m_blocksWithNewObjects; }
+
+ const Vector<LargeAllocation*>& largeAllocations() const { return m_largeAllocations; }
+ unsigned largeAllocationsNurseryOffset() const { return m_largeAllocationsNurseryOffset; }
+ unsigned largeAllocationsOffsetForThisCollection() const { return m_largeAllocationsOffsetForThisCollection; }
+
+ // These are cached pointers and offsets for quickly searching the large allocations that are
+ // relevant to this collection.
+ LargeAllocation** largeAllocationsForThisCollectionBegin() const { return m_largeAllocationsForThisCollectionBegin; }
+ LargeAllocation** largeAllocationsForThisCollectionEnd() const { return m_largeAllocationsForThisCollectionEnd; }
+ unsigned largeAllocationsForThisCollectionSize() const { return m_largeAllocationsForThisCollectionSize; }
</ins><span class="cx">
</span><span class="cx"> private:
</span><span class="cx"> friend class LLIntOffsetsExtractor;
</span><span class="cx"> friend class JIT;
</span><ins>+ friend class WeakSet;
+
+ JS_EXPORT_PRIVATE static std::array<size_t, numSizeClasses> s_sizeClassForSizeStep;
+
+ JS_EXPORT_PRIVATE void* allocateLarge(Subspace&, size_t);
+ JS_EXPORT_PRIVATE void* tryAllocateLarge(Subspace&, size_t);
</ins><span class="cx">
</span><ins>+ static void initializeSizeClassForStepSize();
+
+ void initializeSubspace(Subspace&);
+
</ins><span class="cx"> template<typename Functor> void forEachAllocator(const Functor&);
</span><span class="cx"> template<typename Functor> void forEachSubspace(const Functor&);
</span><del>- MarkedAllocator& allocatorFor(Subspace&, size_t);
</del><ins>+
+ void addActiveWeakSet(WeakSet*);
</ins><span class="cx">
</span><span class="cx"> Subspace m_destructorSpace;
</span><span class="cx"> Subspace m_normalSpace;
</span><span class="lines">@@ -126,10 +189,20 @@
</span><span class="cx"> Subspace m_auxiliarySpace;
</span><span class="cx">
</span><span class="cx"> Heap* m_heap;
</span><ins>+ uint64_t m_version { 42 }; // This can start at any value, including random garbage values.
</ins><span class="cx"> size_t m_capacity;
</span><span class="cx"> bool m_isIterating;
</span><span class="cx"> MarkedBlockSet m_blocks;
</span><del>- Vector<MarkedBlock*> m_blocksWithNewObjects;
</del><ins>+ Vector<MarkedBlock::Handle*> m_blocksWithNewObjects;
+ Vector<LargeAllocation*> m_largeAllocations;
+ unsigned m_largeAllocationsNurseryOffset { 0 };
+ unsigned m_largeAllocationsOffsetForThisCollection { 0 };
+ unsigned m_largeAllocationsNurseryOffsetForSweep { 0 };
+ LargeAllocation** m_largeAllocationsForThisCollectionBegin { nullptr };
+ LargeAllocation** m_largeAllocationsForThisCollectionEnd { nullptr };
+ unsigned m_largeAllocationsForThisCollectionSize { 0 };
+ SentinelLinkedList<WeakSet, BasicRawSentinelNode<WeakSet>> m_activeWeakSets;
+ SentinelLinkedList<WeakSet, BasicRawSentinelNode<WeakSet>> m_newActiveWeakSets;
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> template<typename Functor> inline void MarkedSpace::forEachLiveCell(HeapIterationScope&, const Functor& functor)
</span><span class="lines">@@ -137,9 +210,15 @@
</span><span class="cx"> ASSERT(isIterating());
</span><span class="cx"> BlockIterator end = m_blocks.set().end();
</span><span class="cx"> for (BlockIterator it = m_blocks.set().begin(); it != end; ++it) {
</span><del>- if ((*it)->forEachLiveCell(functor) == IterationStatus::Done)
- break;
</del><ins>+ if ((*it)->handle().forEachLiveCell(functor) == IterationStatus::Done)
+ return;
</ins><span class="cx"> }
</span><ins>+ for (LargeAllocation* allocation : m_largeAllocations) {
+ if (allocation->isLive()) {
+ if (functor(allocation->cell(), allocation->attributes().cellKind) == IterationStatus::Done)
+ return;
+ }
+ }
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename Functor> inline void MarkedSpace::forEachDeadCell(HeapIterationScope&, const Functor& functor)
</span><span class="lines">@@ -147,22 +226,36 @@
</span><span class="cx"> ASSERT(isIterating());
</span><span class="cx"> BlockIterator end = m_blocks.set().end();
</span><span class="cx"> for (BlockIterator it = m_blocks.set().begin(); it != end; ++it) {
</span><del>- if ((*it)->forEachDeadCell(functor) == IterationStatus::Done)
- break;
</del><ins>+ if ((*it)->handle().forEachDeadCell(functor) == IterationStatus::Done)
+ return;
</ins><span class="cx"> }
</span><ins>+ for (LargeAllocation* allocation : m_largeAllocations) {
+ if (!allocation->isLive()) {
+ if (functor(allocation->cell(), allocation->attributes().cellKind) == IterationStatus::Done)
+ return;
+ }
+ }
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-inline MarkedAllocator& MarkedSpace::allocatorFor(size_t bytes)
</del><ins>+inline MarkedAllocator* MarkedSpace::allocatorFor(Subspace& space, size_t bytes)
</ins><span class="cx"> {
</span><ins>+ ASSERT(bytes);
+ if (bytes <= largeCutoff)
+ return space.allocatorForSizeStep[sizeClassToIndex(bytes)];
+ return nullptr;
+}
+
+inline MarkedAllocator* MarkedSpace::allocatorFor(size_t bytes)
+{
</ins><span class="cx"> return allocatorFor(m_normalSpace, bytes);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline MarkedAllocator& MarkedSpace::destructorAllocatorFor(size_t bytes)
</del><ins>+inline MarkedAllocator* MarkedSpace::destructorAllocatorFor(size_t bytes)
</ins><span class="cx"> {
</span><span class="cx"> return allocatorFor(m_destructorSpace, bytes);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline MarkedAllocator& MarkedSpace::auxiliaryAllocatorFor(size_t bytes)
</del><ins>+inline MarkedAllocator* MarkedSpace::auxiliaryAllocatorFor(size_t bytes)
</ins><span class="cx"> {
</span><span class="cx"> return allocatorFor(m_auxiliarySpace, bytes);
</span><span class="cx"> }
</span><span class="lines">@@ -169,68 +262,47 @@
</span><span class="cx">
</span><span class="cx"> inline void* MarkedSpace::allocateWithoutDestructor(size_t bytes)
</span><span class="cx"> {
</span><del>- return allocatorFor(bytes).allocate(bytes);
</del><ins>+ return allocate(m_normalSpace, bytes);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> inline void* MarkedSpace::allocateWithDestructor(size_t bytes)
</span><span class="cx"> {
</span><del>- return destructorAllocatorFor(bytes).allocate(bytes);
</del><ins>+ return allocate(m_destructorSpace, bytes);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> inline void* MarkedSpace::allocateAuxiliary(size_t bytes)
</span><span class="cx"> {
</span><del>- return auxiliaryAllocatorFor(bytes).allocate(bytes);
</del><ins>+ return allocate(m_auxiliarySpace, bytes);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-template <typename Functor> inline void MarkedSpace::forEachBlock(const Functor& functor)
</del><ins>+inline void* MarkedSpace::tryAllocateAuxiliary(size_t bytes)
</ins><span class="cx"> {
</span><del>- forEachSubspace(
- [&] (Subspace& subspace, AllocatorAttributes) -> IterationStatus {
- for (size_t i = 0; i < preciseCount; ++i)
- subspace.preciseAllocators[i].forEachBlock(functor);
- for (size_t i = 0; i < impreciseCount; ++i)
- subspace.impreciseAllocators[i].forEachBlock(functor);
- subspace.largeAllocator.forEachBlock(functor);
- return IterationStatus::Continue;
- });
</del><ins>+ return tryAllocate(m_auxiliarySpace, bytes);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-inline void MarkedSpace::didAddBlock(MarkedBlock* block)
</del><ins>+template <typename Functor> inline void MarkedSpace::forEachBlock(const Functor& functor)
</ins><span class="cx"> {
</span><del>- m_capacity += block->capacity();
- m_blocks.add(block);
-}
-
-inline void MarkedSpace::didAllocateInBlock(MarkedBlock* block)
-{
- m_blocksWithNewObjects.append(block);
-}
-
-inline size_t MarkedSpace::objectCount()
-{
- size_t result = 0;
- forEachBlock(
- [&] (MarkedBlock* block) {
- result += block->markCount();
</del><ins>+ forEachAllocator(
+ [&] (MarkedAllocator& allocator) -> IterationStatus {
+ allocator.forEachBlock(functor);
+ return IterationStatus::Continue;
</ins><span class="cx"> });
</span><del>- return result;
</del><span class="cx"> }
</span><span class="cx">
</span><del>-inline size_t MarkedSpace::size()
</del><ins>+template <typename Functor>
+void MarkedSpace::forEachAllocator(const Functor& functor)
</ins><span class="cx"> {
</span><del>- size_t result = 0;
- forEachBlock(
- [&] (MarkedBlock* block) {
- result += block->markCount() * block->cellSize();
</del><ins>+ forEachSubspace(
+ [&] (Subspace& subspace, AllocatorAttributes) -> IterationStatus {
+ for (MarkedAllocator* allocator : subspace.bagOfAllocators) {
+ if (functor(*allocator) == IterationStatus::Done)
+ return IterationStatus::Done;
+ }
+
+ return IterationStatus::Continue;
</ins><span class="cx"> });
</span><del>- return result;
</del><span class="cx"> }
</span><span class="cx">
</span><del>-inline size_t MarkedSpace::capacity()
-{
- return m_capacity;
-}
-
</del><span class="cx"> template<typename Functor>
</span><span class="cx"> inline void MarkedSpace::forEachSubspace(const Functor& func)
</span><span class="cx"> {
</span><span class="lines">@@ -251,14 +323,14 @@
</span><span class="cx"> func(m_auxiliarySpace, attributes);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline MarkedAllocator& MarkedSpace::allocatorFor(Subspace& space, size_t bytes)
</del><ins>+ALWAYS_INLINE size_t MarkedSpace::optimalSizeFor(size_t bytes)
</ins><span class="cx"> {
</span><span class="cx"> ASSERT(bytes);
</span><span class="cx"> if (bytes <= preciseCutoff)
</span><del>- return space.preciseAllocators[(bytes - 1) / preciseStep];
- if (bytes <= impreciseCutoff)
- return space.impreciseAllocators[(bytes - 1) / impreciseStep];
- return space.largeAllocator;
</del><ins>+ return WTF::roundUpToMultipleOf<sizeStep>(bytes);
+ if (bytes <= largeCutoff)
+ return s_sizeClassForSizeStep[sizeClassToIndex(bytes)];
+ return bytes;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapSlotVisitorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/SlotVisitor.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/SlotVisitor.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/SlotVisitor.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012, 2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2015-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -31,14 +31,16 @@
</span><span class="cx"> #include "CopiedBlockInlines.h"
</span><span class="cx"> #include "CopiedSpace.h"
</span><span class="cx"> #include "CopiedSpaceInlines.h"
</span><ins>+#include "HeapCellInlines.h"
</ins><span class="cx"> #include "HeapProfiler.h"
</span><span class="cx"> #include "HeapSnapshotBuilder.h"
</span><span class="cx"> #include "JSArray.h"
</span><span class="cx"> #include "JSDestructibleObject.h"
</span><del>-#include "VM.h"
</del><span class="cx"> #include "JSObject.h"
</span><span class="cx"> #include "JSString.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><ins>+#include "SuperSampler.h"
+#include "VM.h"
</ins><span class="cx"> #include <wtf/Lock.h>
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="lines">@@ -79,6 +81,7 @@
</span><span class="cx"> , m_bytesCopied(0)
</span><span class="cx"> , m_visitCount(0)
</span><span class="cx"> , m_isInParallelMode(false)
</span><ins>+ , m_version(42)
</ins><span class="cx"> , m_heap(heap)
</span><span class="cx"> #if !ASSERT_DISABLED
</span><span class="cx"> , m_isCheckingForDefaultMarkViolation(false)
</span><span class="lines">@@ -96,9 +99,13 @@
</span><span class="cx"> {
</span><span class="cx"> if (heap()->operationInProgress() == FullCollection)
</span><span class="cx"> ASSERT(m_opaqueRoots.isEmpty()); // Should have merged by now.
</span><ins>+ else
+ reset();
</ins><span class="cx">
</span><span class="cx"> if (HeapProfiler* heapProfiler = vm().heapProfiler())
</span><span class="cx"> m_heapSnapshotBuilder = heapProfiler->activeSnapshotBuilder();
</span><ins>+
+ m_version = heap()->objectSpace().version();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void SlotVisitor::reset()
</span><span class="lines">@@ -108,7 +115,6 @@
</span><span class="cx"> m_visitCount = 0;
</span><span class="cx"> m_heapSnapshotBuilder = nullptr;
</span><span class="cx"> ASSERT(!m_currentCell);
</span><del>- ASSERT(m_stack.isEmpty());
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void SlotVisitor::clearMarkStack()
</span><span class="lines">@@ -118,12 +124,43 @@
</span><span class="cx">
</span><span class="cx"> void SlotVisitor::append(ConservativeRoots& conservativeRoots)
</span><span class="cx"> {
</span><del>- JSCell** roots = conservativeRoots.roots();
</del><ins>+ HeapCell** roots = conservativeRoots.roots();
</ins><span class="cx"> size_t size = conservativeRoots.size();
</span><span class="cx"> for (size_t i = 0; i < size; ++i)
</span><del>- append(roots[i]);
</del><ins>+ appendJSCellOrAuxiliary(roots[i]);
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+void SlotVisitor::appendJSCellOrAuxiliary(HeapCell* heapCell)
+{
+ if (!heapCell)
+ return;
+
+ ASSERT(!m_isCheckingForDefaultMarkViolation);
+
+ if (Heap::testAndSetMarked(m_version, heapCell))
+ return;
+
+ switch (heapCell->cellKind()) {
+ case HeapCell::JSCell: {
+ JSCell* jsCell = static_cast<JSCell*>(heapCell);
+
+ if (!jsCell->structure()) {
+ ASSERT_NOT_REACHED();
+ return;
+ }
+
+ jsCell->setCellState(CellState::NewGrey);
+
+ appendToMarkStack(jsCell);
+ return;
+ }
+
+ case HeapCell::Auxiliary: {
+ noteLiveAuxiliaryCell(heapCell);
+ return;
+ } }
+}
+
</ins><span class="cx"> void SlotVisitor::append(JSValue value)
</span><span class="cx"> {
</span><span class="cx"> if (!value || !value.isCell())
</span><span class="lines">@@ -145,6 +182,8 @@
</span><span class="cx">
</span><span class="cx"> void SlotVisitor::setMarkedAndAppendToMarkStack(JSCell* cell)
</span><span class="cx"> {
</span><ins>+ SuperSamplerScope superSamplerScope(false);
+
</ins><span class="cx"> ASSERT(!m_isCheckingForDefaultMarkViolation);
</span><span class="cx"> if (!cell)
</span><span class="cx"> return;
</span><span class="lines">@@ -152,27 +191,52 @@
</span><span class="cx"> #if ENABLE(GC_VALIDATION)
</span><span class="cx"> validate(cell);
</span><span class="cx"> #endif
</span><ins>+
+ if (cell->isLargeAllocation())
+ setMarkedAndAppendToMarkStack(cell->largeAllocation(), cell);
+ else
+ setMarkedAndAppendToMarkStack(cell->markedBlock(), cell);
+}
</ins><span class="cx">
</span><del>- if (Heap::testAndSetMarked(cell) || !cell->structure()) {
- ASSERT(cell->structure());
</del><ins>+template<typename ContainerType>
+ALWAYS_INLINE void SlotVisitor::setMarkedAndAppendToMarkStack(ContainerType& container, JSCell* cell)
+{
+ container.flipIfNecessaryConcurrently(m_version);
+
+ if (container.testAndSetMarked(cell))
</ins><span class="cx"> return;
</span><del>- }
-
</del><ins>+
+ ASSERT(cell->structure());
+
</ins><span class="cx"> // Indicate that the object is grey and that:
</span><span class="cx"> // In case of concurrent GC: it's the first time it is grey in this GC cycle.
</span><span class="cx"> // In case of eden collection: it's a new object that became grey rather than an old remembered object.
</span><span class="cx"> cell->setCellState(CellState::NewGrey);
</span><del>-
- appendToMarkStack(cell);
</del><ins>+
+ appendToMarkStack(container, cell);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void SlotVisitor::appendToMarkStack(JSCell* cell)
</span><span class="cx"> {
</span><ins>+ if (cell->isLargeAllocation())
+ appendToMarkStack(cell->largeAllocation(), cell);
+ else
+ appendToMarkStack(cell->markedBlock(), cell);
+}
+
+template<typename ContainerType>
+ALWAYS_INLINE void SlotVisitor::appendToMarkStack(ContainerType& container, JSCell* cell)
+{
</ins><span class="cx"> ASSERT(Heap::isMarked(cell));
</span><span class="cx"> ASSERT(!cell->isZapped());
</span><del>-
</del><ins>+
+ container.noteMarked();
+
+ // FIXME: These "just work" because the GC resets these fields before doing anything else. But
+ // that won't be the case when we do concurrent GC.
</ins><span class="cx"> m_visitCount++;
</span><del>- m_bytesVisited += MarkedBlock::blockFor(cell)->cellSize();
</del><ins>+ m_bytesVisited += container.cellSize();
+
</ins><span class="cx"> m_stack.append(cell);
</span><span class="cx">
</span><span class="cx"> if (UNLIKELY(m_heapSnapshotBuilder))
</span><span class="lines">@@ -179,6 +243,34 @@
</span><span class="cx"> m_heapSnapshotBuilder->appendNode(cell);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void SlotVisitor::markAuxiliary(const void* base)
+{
+ HeapCell* cell = bitwise_cast<HeapCell*>(base);
+
+ if (Heap::testAndSetMarked(m_version, cell)) {
+ RELEASE_ASSERT(Heap::isMarked(cell));
+ return;
+ }
+
+ noteLiveAuxiliaryCell(cell);
+}
+
+void SlotVisitor::noteLiveAuxiliaryCell(HeapCell* cell)
+{
+ // We get here once per GC under these circumstances:
+ //
+ // Eden collection: if the cell was allocated since the last collection and is live somehow.
+ //
+ // Full collection: if the cell is live somehow.
+
+ CellContainer container = cell->cellContainer();
+
+ container.noteMarked();
+
+ m_visitCount++;
+ m_bytesVisited += container.cellSize();
+}
+
</ins><span class="cx"> class SetCurrentCellScope {
</span><span class="cx"> public:
</span><span class="cx"> SetCurrentCellScope(SlotVisitor& visitor, const JSCell* cell)
</span><span class="lines">@@ -202,9 +294,9 @@
</span><span class="cx"> ALWAYS_INLINE void SlotVisitor::visitChildren(const JSCell* cell)
</span><span class="cx"> {
</span><span class="cx"> ASSERT(Heap::isMarked(cell));
</span><del>-
</del><ins>+
</ins><span class="cx"> SetCurrentCellScope currentCellScope(*this, cell);
</span><del>-
</del><ins>+
</ins><span class="cx"> m_currentObjectCellStateBeforeVisiting = cell->cellState();
</span><span class="cx"> cell->setCellState(CellState::OldBlack);
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapSlotVisitorh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/SlotVisitor.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/SlotVisitor.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/SlotVisitor.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -37,8 +37,10 @@
</span><span class="cx"> class ConservativeRoots;
</span><span class="cx"> class GCThreadSharedData;
</span><span class="cx"> class Heap;
</span><ins>+class HeapCell;
</ins><span class="cx"> class HeapSnapshotBuilder;
</span><span class="cx"> template<typename T> class JITWriteBarrier;
</span><ins>+class MarkedBlock;
</ins><span class="cx"> class UnconditionalFinalizer;
</span><span class="cx"> template<typename T> class Weak;
</span><span class="cx"> class WeakReferenceHarvester;
</span><span class="lines">@@ -104,6 +106,10 @@
</span><span class="cx">
</span><span class="cx"> void harvestWeakReferences();
</span><span class="cx"> void finalizeUnconditionalFinalizers();
</span><ins>+
+ // This informs the GC about auxiliary of some size that we are keeping alive. If you don't do
+ // this then the space will be freed at end of GC.
+ void markAuxiliary(const void* base);
</ins><span class="cx">
</span><span class="cx"> void copyLater(JSCell*, CopyToken, void*, size_t);
</span><span class="cx">
</span><span class="lines">@@ -123,11 +129,21 @@
</span><span class="cx"> friend class ParallelModeEnabler;
</span><span class="cx">
</span><span class="cx"> JS_EXPORT_PRIVATE void append(JSValue); // This is private to encourage clients to use WriteBarrier<T>.
</span><ins>+ void appendJSCellOrAuxiliary(HeapCell*);
</ins><span class="cx"> void appendHidden(JSValue);
</span><span class="cx">
</span><span class="cx"> JS_EXPORT_PRIVATE void setMarkedAndAppendToMarkStack(JSCell*);
</span><ins>+
+ template<typename ContainerType>
+ void setMarkedAndAppendToMarkStack(ContainerType&, JSCell*);
+
</ins><span class="cx"> void appendToMarkStack(JSCell*);
</span><span class="cx">
</span><ins>+ template<typename ContainerType>
+ void appendToMarkStack(ContainerType&, JSCell*);
+
+ void noteLiveAuxiliaryCell(HeapCell*);
+
</ins><span class="cx"> JS_EXPORT_PRIVATE void mergeOpaqueRoots();
</span><span class="cx"> void mergeOpaqueRootsIfNecessary();
</span><span class="cx"> void mergeOpaqueRootsIfProfitable();
</span><span class="lines">@@ -144,6 +160,8 @@
</span><span class="cx"> size_t m_visitCount;
</span><span class="cx"> bool m_isInParallelMode;
</span><span class="cx">
</span><ins>+ uint64_t m_version;
+
</ins><span class="cx"> Heap& m_heap;
</span><span class="cx">
</span><span class="cx"> HeapSnapshotBuilder* m_heapSnapshotBuilder { nullptr };
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapWeakBlockcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/WeakBlock.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/WeakBlock.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/WeakBlock.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -26,6 +26,7 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "WeakBlock.h"
</span><span class="cx">
</span><ins>+#include "CellContainerInlines.h"
</ins><span class="cx"> #include "Heap.h"
</span><span class="cx"> #include "HeapRootVisitor.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><span class="lines">@@ -34,10 +35,10 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><del>-WeakBlock* WeakBlock::create(Heap& heap, MarkedBlock& markedBlock)
</del><ins>+WeakBlock* WeakBlock::create(Heap& heap, CellContainer container)
</ins><span class="cx"> {
</span><span class="cx"> heap.didAllocateBlock(WeakBlock::blockSize);
</span><del>- return new (NotNull, fastMalloc(blockSize)) WeakBlock(markedBlock);
</del><ins>+ return new (NotNull, fastMalloc(blockSize)) WeakBlock(container);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void WeakBlock::destroy(Heap& heap, WeakBlock* block)
</span><span class="lines">@@ -47,9 +48,9 @@
</span><span class="cx"> heap.didFreeBlock(WeakBlock::blockSize);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-WeakBlock::WeakBlock(MarkedBlock& markedBlock)
</del><ins>+WeakBlock::WeakBlock(CellContainer container)
</ins><span class="cx"> : DoublyLinkedListNode<WeakBlock>()
</span><del>- , m_markedBlock(&markedBlock)
</del><ins>+ , m_container(container)
</ins><span class="cx"> {
</span><span class="cx"> for (size_t i = 0; i < weakImplCount(); ++i) {
</span><span class="cx"> WeakImpl* weakImpl = &weakImpls()[i];
</span><span class="lines">@@ -101,11 +102,13 @@
</span><span class="cx"> if (isEmpty())
</span><span class="cx"> return;
</span><span class="cx">
</span><del>- // If this WeakBlock doesn't belong to a MarkedBlock, we won't even be here.
- ASSERT(m_markedBlock);
</del><ins>+ // If this WeakBlock doesn't belong to a CellContainer, we won't even be here.
+ ASSERT(m_container);
+
+ m_container.flipIfNecessary();
</ins><span class="cx">
</span><span class="cx"> // We only visit after marking.
</span><del>- ASSERT(m_markedBlock->isMarkedOrRetired());
</del><ins>+ ASSERT(m_container.isMarked());
</ins><span class="cx">
</span><span class="cx"> SlotVisitor& visitor = heapRootVisitor.visitor();
</span><span class="cx">
</span><span class="lines">@@ -119,9 +122,9 @@
</span><span class="cx"> continue;
</span><span class="cx">
</span><span class="cx"> const JSValue& jsValue = weakImpl->jsValue();
</span><del>- if (m_markedBlock->isMarkedOrNewlyAllocated(jsValue.asCell()))
</del><ins>+ if (m_container.isMarkedOrNewlyAllocated(jsValue.asCell()))
</ins><span class="cx"> continue;
</span><del>-
</del><ins>+
</ins><span class="cx"> if (!weakHandleOwner->isReachableFromOpaqueRoots(Handle<Unknown>::wrapSlot(&const_cast<JSValue&>(jsValue)), weakImpl->context(), visitor))
</span><span class="cx"> continue;
</span><span class="cx">
</span><span class="lines">@@ -135,11 +138,13 @@
</span><span class="cx"> if (isEmpty())
</span><span class="cx"> return;
</span><span class="cx">
</span><del>- // If this WeakBlock doesn't belong to a MarkedBlock, we won't even be here.
- ASSERT(m_markedBlock);
</del><ins>+ // If this WeakBlock doesn't belong to a CellContainer, we won't even be here.
+ ASSERT(m_container);
+
+ m_container.flipIfNecessary();
</ins><span class="cx">
</span><span class="cx"> // We only reap after marking.
</span><del>- ASSERT(m_markedBlock->isMarkedOrRetired());
</del><ins>+ ASSERT(m_container.isMarked());
</ins><span class="cx">
</span><span class="cx"> for (size_t i = 0; i < weakImplCount(); ++i) {
</span><span class="cx"> WeakImpl* weakImpl = &weakImpls()[i];
</span><span class="lines">@@ -146,7 +151,7 @@
</span><span class="cx"> if (weakImpl->state() > WeakImpl::Dead)
</span><span class="cx"> continue;
</span><span class="cx">
</span><del>- if (m_markedBlock->isMarkedOrNewlyAllocated(weakImpl->jsValue().asCell())) {
</del><ins>+ if (m_container.isMarkedOrNewlyAllocated(weakImpl->jsValue().asCell())) {
</ins><span class="cx"> ASSERT(weakImpl->state() == WeakImpl::Live);
</span><span class="cx"> continue;
</span><span class="cx"> }
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapWeakBlockh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/WeakBlock.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/WeakBlock.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/WeakBlock.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -26,6 +26,7 @@
</span><span class="cx"> #ifndef WeakBlock_h
</span><span class="cx"> #define WeakBlock_h
</span><span class="cx">
</span><ins>+#include "CellContainer.h"
</ins><span class="cx"> #include "WeakImpl.h"
</span><span class="cx"> #include <wtf/DoublyLinkedList.h>
</span><span class="cx"> #include <wtf/StdLibExtras.h>
</span><span class="lines">@@ -34,12 +35,11 @@
</span><span class="cx">
</span><span class="cx"> class Heap;
</span><span class="cx"> class HeapRootVisitor;
</span><del>-class MarkedBlock;
</del><span class="cx">
</span><span class="cx"> class WeakBlock : public DoublyLinkedListNode<WeakBlock> {
</span><span class="cx"> public:
</span><span class="cx"> friend class WTF::DoublyLinkedListNode<WeakBlock>;
</span><del>- static const size_t blockSize = 1 * KB; // 1/16 of MarkedBlock size
</del><ins>+ static const size_t blockSize = 256; // 1/16 of MarkedBlock size
</ins><span class="cx">
</span><span class="cx"> struct FreeCell {
</span><span class="cx"> FreeCell* next;
</span><span class="lines">@@ -53,7 +53,7 @@
</span><span class="cx"> FreeCell* freeList { nullptr };
</span><span class="cx"> };
</span><span class="cx">
</span><del>- static WeakBlock* create(Heap&, MarkedBlock&);
</del><ins>+ static WeakBlock* create(Heap&, CellContainer);
</ins><span class="cx"> static void destroy(Heap&, WeakBlock*);
</span><span class="cx">
</span><span class="cx"> static WeakImpl* asWeakImpl(FreeCell*);
</span><span class="lines">@@ -68,18 +68,18 @@
</span><span class="cx"> void reap();
</span><span class="cx">
</span><span class="cx"> void lastChanceToFinalize();
</span><del>- void disconnectMarkedBlock() { m_markedBlock = nullptr; }
</del><ins>+ void disconnectContainer() { m_container = CellContainer(); }
</ins><span class="cx">
</span><span class="cx"> private:
</span><span class="cx"> static FreeCell* asFreeCell(WeakImpl*);
</span><span class="cx">
</span><del>- explicit WeakBlock(MarkedBlock&);
</del><ins>+ explicit WeakBlock(CellContainer);
</ins><span class="cx"> void finalize(WeakImpl*);
</span><span class="cx"> WeakImpl* weakImpls();
</span><span class="cx"> size_t weakImplCount();
</span><span class="cx"> void addToFreeList(FreeCell**, WeakImpl*);
</span><span class="cx">
</span><del>- MarkedBlock* m_markedBlock;
</del><ins>+ CellContainer m_container;
</ins><span class="cx"> WeakBlock* m_prev;
</span><span class="cx"> WeakBlock* m_next;
</span><span class="cx"> SweepResult m_sweepResult;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapWeakSetcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/WeakSet.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/WeakSet.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/WeakSet.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -34,6 +34,9 @@
</span><span class="cx">
</span><span class="cx"> WeakSet::~WeakSet()
</span><span class="cx"> {
</span><ins>+ if (isOnList())
+ remove();
+
</ins><span class="cx"> Heap& heap = *this->heap();
</span><span class="cx"> WeakBlock* next = 0;
</span><span class="cx"> for (WeakBlock* block = m_blocks.head(); block; block = next) {
</span><span class="lines">@@ -53,10 +56,10 @@
</span><span class="cx"> if (block->isLogicallyEmptyButNotFree()) {
</span><span class="cx"> // If this WeakBlock is logically empty, but still has Weaks pointing into it,
</span><span class="cx"> // we can't destroy it just yet. Detach it from the WeakSet and hand ownership
</span><del>- // to the Heap so we don't pin down the entire 64kB MarkedBlock.
</del><ins>+ // to the Heap so we don't pin down the entire MarkedBlock or LargeAllocation.
</ins><span class="cx"> m_blocks.remove(block);
</span><span class="cx"> heap()->addLogicallyEmptyWeakBlock(block);
</span><del>- block->disconnectMarkedBlock();
</del><ins>+ block->disconnectContainer();
</ins><span class="cx"> }
</span><span class="cx"> block = nextBlock;
</span><span class="cx"> }
</span><span class="lines">@@ -64,6 +67,22 @@
</span><span class="cx"> resetAllocator();
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void WeakSet::shrink()
+{
+ WeakBlock* next;
+ for (WeakBlock* block = m_blocks.head(); block; block = next) {
+ next = block->next();
+
+ if (block->isEmpty())
+ removeAllocator(block);
+ }
+
+ resetAllocator();
+
+ if (m_blocks.isEmpty() && isOnList())
+ remove();
+}
+
</ins><span class="cx"> WeakBlock::FreeCell* WeakSet::findAllocator()
</span><span class="cx"> {
</span><span class="cx"> if (WeakBlock::FreeCell* allocator = tryFindAllocator())
</span><span class="lines">@@ -88,7 +107,10 @@
</span><span class="cx">
</span><span class="cx"> WeakBlock::FreeCell* WeakSet::addAllocator()
</span><span class="cx"> {
</span><del>- WeakBlock* block = WeakBlock::create(*heap(), m_markedBlock);
</del><ins>+ if (m_blocks.isEmpty() && !isOnList())
+ heap()->objectSpace().addActiveWeakSet(this);
+
+ WeakBlock* block = WeakBlock::create(*heap(), m_container);
</ins><span class="cx"> heap()->didAllocate(WeakBlock::blockSize);
</span><span class="cx"> m_blocks.append(block);
</span><span class="cx"> WeakBlock::SweepResult sweepResult = block->takeSweepResult();
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapWeakSeth"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/WeakSet.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/WeakSet.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/WeakSet.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -26,15 +26,16 @@
</span><span class="cx"> #ifndef WeakSet_h
</span><span class="cx"> #define WeakSet_h
</span><span class="cx">
</span><ins>+#include "CellContainer.h"
</ins><span class="cx"> #include "WeakBlock.h"
</span><ins>+#include <wtf/SentinelLinkedList.h>
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="cx"> class Heap;
</span><del>-class MarkedBlock;
</del><span class="cx"> class WeakImpl;
</span><span class="cx">
</span><del>-class WeakSet {
</del><ins>+class WeakSet : public BasicRawSentinelNode<WeakSet> {
</ins><span class="cx"> friend class LLIntOffsetsExtractor;
</span><span class="cx">
</span><span class="cx"> public:
</span><span class="lines">@@ -41,9 +42,12 @@
</span><span class="cx"> static WeakImpl* allocate(JSValue, WeakHandleOwner* = 0, void* context = 0);
</span><span class="cx"> static void deallocate(WeakImpl*);
</span><span class="cx">
</span><del>- WeakSet(VM*, MarkedBlock&);
</del><ins>+ WeakSet(VM*, CellContainer);
</ins><span class="cx"> ~WeakSet();
</span><span class="cx"> void lastChanceToFinalize();
</span><ins>+
+ CellContainer container() const { return m_container; }
+ void setContainer(CellContainer container) { m_container = container; }
</ins><span class="cx">
</span><span class="cx"> Heap* heap() const;
</span><span class="cx"> VM* vm() const;
</span><span class="lines">@@ -50,7 +54,7 @@
</span><span class="cx">
</span><span class="cx"> bool isEmpty() const;
</span><span class="cx">
</span><del>- void visit(HeapRootVisitor&);
</del><ins>+ unsigned visit(HeapRootVisitor&);
</ins><span class="cx"> void reap();
</span><span class="cx"> void sweep();
</span><span class="cx"> void shrink();
</span><span class="lines">@@ -66,14 +70,14 @@
</span><span class="cx"> WeakBlock* m_nextAllocator;
</span><span class="cx"> DoublyLinkedList<WeakBlock> m_blocks;
</span><span class="cx"> VM* m_vm;
</span><del>- MarkedBlock& m_markedBlock;
</del><ins>+ CellContainer m_container;
</ins><span class="cx"> };
</span><span class="cx">
</span><del>-inline WeakSet::WeakSet(VM* vm, MarkedBlock& markedBlock)
</del><ins>+inline WeakSet::WeakSet(VM* vm, CellContainer container)
</ins><span class="cx"> : m_allocator(0)
</span><span class="cx"> , m_nextAllocator(0)
</span><span class="cx"> , m_vm(vm)
</span><del>- , m_markedBlock(markedBlock)
</del><ins>+ , m_container(container)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -103,10 +107,14 @@
</span><span class="cx"> block->lastChanceToFinalize();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline void WeakSet::visit(HeapRootVisitor& visitor)
</del><ins>+inline unsigned WeakSet::visit(HeapRootVisitor& visitor)
</ins><span class="cx"> {
</span><del>- for (WeakBlock* block = m_blocks.head(); block; block = block->next())
</del><ins>+ unsigned count = 0;
+ for (WeakBlock* block = m_blocks.head(); block; block = block->next()) {
+ count++;
</ins><span class="cx"> block->visit(visitor);
</span><ins>+ }
+ return count;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> inline void WeakSet::reap()
</span><span class="lines">@@ -115,19 +123,6 @@
</span><span class="cx"> block->reap();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline void WeakSet::shrink()
-{
- WeakBlock* next;
- for (WeakBlock* block = m_blocks.head(); block; block = next) {
- next = block->next();
-
- if (block->isEmpty())
- removeAllocator(block);
- }
-
- resetAllocator();
-}
-
</del><span class="cx"> inline void WeakSet::resetAllocator()
</span><span class="cx"> {
</span><span class="cx"> m_allocator = 0;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreheapWeakSetInlinesh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/WeakSetInlines.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/WeakSetInlines.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/WeakSetInlines.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -26,6 +26,7 @@
</span><span class="cx"> #ifndef WeakSetInlines_h
</span><span class="cx"> #define WeakSetInlines_h
</span><span class="cx">
</span><ins>+#include "CellContainerInlines.h"
</ins><span class="cx"> #include "MarkedBlock.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="lines">@@ -32,7 +33,7 @@
</span><span class="cx">
</span><span class="cx"> inline WeakImpl* WeakSet::allocate(JSValue jsValue, WeakHandleOwner* weakHandleOwner, void* context)
</span><span class="cx"> {
</span><del>- WeakSet& weakSet = MarkedBlock::blockFor(jsValue.asCell())->weakSet();
</del><ins>+ WeakSet& weakSet = jsValue.asCell()->cellContainer().weakSet();
</ins><span class="cx"> WeakBlock::FreeCell* allocator = weakSet.m_allocator;
</span><span class="cx"> if (UNLIKELY(!allocator))
</span><span class="cx"> allocator = weakSet.findAllocator();
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreinspectorInjectedScriptManagercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/inspector/InjectedScriptManager.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/inspector/InjectedScriptManager.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/inspector/InjectedScriptManager.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -35,6 +35,7 @@
</span><span class="cx"> #include "InjectedScriptHost.h"
</span><span class="cx"> #include "InjectedScriptSource.h"
</span><span class="cx"> #include "InspectorValues.h"
</span><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSInjectedScriptHost.h"
</span><span class="cx"> #include "JSLock.h"
</span><span class="cx"> #include "ScriptObject.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreinspectorJSGlobalObjectInspectorControllercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/inspector/JSGlobalObjectInspectorController.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/inspector/JSGlobalObjectInspectorController.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/inspector/JSGlobalObjectInspectorController.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -38,6 +38,7 @@
</span><span class="cx"> #include "InspectorFrontendRouter.h"
</span><span class="cx"> #include "InspectorHeapAgent.h"
</span><span class="cx"> #include "InspectorScriptProfilerAgent.h"
</span><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx"> #include "JSGlobalObjectConsoleAgent.h"
</span><span class="cx"> #include "JSGlobalObjectConsoleClient.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreinspectorJSJavaScriptCallFramecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/inspector/JSJavaScriptCallFrame.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/inspector/JSJavaScriptCallFrame.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/inspector/JSJavaScriptCallFrame.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,11 +29,9 @@
</span><span class="cx"> #include "DebuggerScope.h"
</span><span class="cx"> #include "Error.h"
</span><span class="cx"> #include "IdentifierInlines.h"
</span><del>-#include "JSCJSValue.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSJavaScriptCallFramePrototype.h"
</span><span class="cx"> #include "ObjectConstructor.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> using namespace JSC;
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreinspectorScriptDebugServercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/inspector/ScriptDebugServer.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/inspector/ScriptDebugServer.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/inspector/ScriptDebugServer.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -34,6 +34,7 @@
</span><span class="cx"> #include "DebuggerCallFrame.h"
</span><span class="cx"> #include "DebuggerScope.h"
</span><span class="cx"> #include "Exception.h"
</span><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSJavaScriptCallFrame.h"
</span><span class="cx"> #include "JSLock.h"
</span><span class="cx"> #include "JavaScriptCallFrame.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreinspectoragentsInspectorDebuggerAgentcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/inspector/agents/InspectorDebuggerAgent.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/inspector/agents/InspectorDebuggerAgent.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/inspector/agents/InspectorDebuggerAgent.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -35,6 +35,7 @@
</span><span class="cx"> #include "InjectedScriptManager.h"
</span><span class="cx"> #include "InspectorFrontendRouter.h"
</span><span class="cx"> #include "InspectorValues.h"
</span><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "RegularExpression.h"
</span><span class="cx"> #include "ScriptDebugServer.h"
</span><span class="cx"> #include "ScriptObject.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreinterpreterCachedCallh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/interpreter/CachedCall.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/interpreter/CachedCall.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/interpreter/CachedCall.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -42,7 +42,8 @@
</span><span class="cx"> CachedCall(CallFrame* callFrame, JSFunction* function, int argumentCount)
</span><span class="cx"> : m_valid(false)
</span><span class="cx"> , m_interpreter(callFrame->interpreter())
</span><del>- , m_entryScope(callFrame->vm(), function->scope()->globalObject())
</del><ins>+ , m_vm(callFrame->vm())
+ , m_entryScope(m_vm, function->scope()->globalObject(m_vm))
</ins><span class="cx"> {
</span><span class="cx"> VM& vm = m_entryScope.vm();
</span><span class="cx"> auto scope = DECLARE_THROW_SCOPE(vm);
</span><span class="lines">@@ -67,6 +68,7 @@
</span><span class="cx"> private:
</span><span class="cx"> bool m_valid;
</span><span class="cx"> Interpreter* m_interpreter;
</span><ins>+ VM& m_vm;
</ins><span class="cx"> VMEntryScope m_entryScope;
</span><span class="cx"> ProtoCallFrame m_protoCallFrame;
</span><span class="cx"> Vector<JSValue> m_arguments;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreinterpreterInterpretercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/interpreter/Interpreter.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/interpreter/Interpreter.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/interpreter/Interpreter.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -51,6 +51,7 @@
</span><span class="cx"> #include "JSString.h"
</span><span class="cx"> #include "JSWithScope.h"
</span><span class="cx"> #include "LLIntCLoop.h"
</span><ins>+#include "LLIntData.h"
</ins><span class="cx"> #include "LLIntThunks.h"
</span><span class="cx"> #include "LiteralParser.h"
</span><span class="cx"> #include "ObjectPrototype.h"
</span><span class="lines">@@ -85,46 +86,6 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><del>-intptr_t StackFrame::sourceID() const
-{
- if (!codeBlock)
- return noSourceID;
- return codeBlock->ownerScriptExecutable()->sourceID();
-}
-
-String StackFrame::sourceURL() const
-{
- if (!codeBlock)
- return ASCIILiteral("[native code]");
-
- String sourceURL = codeBlock->ownerScriptExecutable()->sourceURL();
- if (!sourceURL.isNull())
- return sourceURL;
- return emptyString();
-}
-
-String StackFrame::functionName(VM& vm) const
-{
- if (codeBlock) {
- switch (codeBlock->codeType()) {
- case EvalCode:
- return ASCIILiteral("eval code");
- case ModuleCode:
- return ASCIILiteral("module code");
- case FunctionCode:
- break;
- case GlobalCode:
- return ASCIILiteral("global code");
- default:
- ASSERT_NOT_REACHED();
- }
- }
- String name;
- if (callee)
- name = getCalculatedDisplayName(vm, callee.get()).impl();
- return name.isNull() ? emptyString() : name;
-}
-
</del><span class="cx"> JSValue eval(CallFrame* callFrame)
</span><span class="cx"> {
</span><span class="cx"> VM& vm = callFrame->vm();
</span><span class="lines">@@ -274,6 +235,7 @@
</span><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> JSCell* cell = arguments.asCell();
</span><ins>+
</ins><span class="cx"> switch (cell->type()) {
</span><span class="cx"> case DirectArgumentsType:
</span><span class="cx"> jsCast<DirectArguments*>(cell)->copyToArguments(callFrame, firstElementDest, offset, length);
</span><span class="lines">@@ -482,48 +444,6 @@
</span><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void StackFrame::computeLineAndColumn(unsigned& line, unsigned& column) const
-{
- if (!codeBlock) {
- line = 0;
- column = 0;
- return;
- }
-
- int divot = 0;
- int unusedStartOffset = 0;
- int unusedEndOffset = 0;
- codeBlock->expressionRangeForBytecodeOffset(bytecodeOffset, divot, unusedStartOffset, unusedEndOffset, line, column);
-
- ScriptExecutable* executable = codeBlock->ownerScriptExecutable();
- if (executable->hasOverrideLineNumber())
- line = executable->overrideLineNumber();
-}
-
-String StackFrame::toString(VM& vm) const
-{
- StringBuilder traceBuild;
- String functionName = this->functionName(vm);
- String sourceURL = this->sourceURL();
- traceBuild.append(functionName);
- if (!sourceURL.isEmpty()) {
- if (!functionName.isEmpty())
- traceBuild.append('@');
- traceBuild.append(sourceURL);
- if (codeBlock) {
- unsigned line;
- unsigned column;
- computeLineAndColumn(line, column);
-
- traceBuild.append(':');
- traceBuild.appendNumber(line);
- traceBuild.append(':');
- traceBuild.appendNumber(column);
- }
- }
- return traceBuild.toString().impl();
-}
-
</del><span class="cx"> static inline bool isWebAssemblyExecutable(ExecutableBase* executable)
</span><span class="cx"> {
</span><span class="cx"> #if !ENABLE(WEBASSEMBLY)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreinterpreterInterpreterh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/interpreter/Interpreter.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/interpreter/Interpreter.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/interpreter/Interpreter.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -37,6 +37,7 @@
</span><span class="cx"> #include "Opcode.h"
</span><span class="cx"> #include "SourceProvider.h"
</span><span class="cx"> #include "StackAlignment.h"
</span><ins>+#include "StackFrame.h"
</ins><span class="cx"> #include <wtf/HashMap.h>
</span><span class="cx"> #include <wtf/text/StringBuilder.h>
</span><span class="cx">
</span><span class="lines">@@ -67,7 +68,7 @@
</span><span class="cx"> struct ProtoCallFrame;
</span><span class="cx"> struct UnlinkedInstruction;
</span><span class="cx">
</span><del>- enum UnwindStart { UnwindFromCurrentFrame, UnwindFromCallerFrame };
</del><ins>+ enum UnwindStart : uint8_t { UnwindFromCurrentFrame, UnwindFromCallerFrame };
</ins><span class="cx">
</span><span class="cx"> enum DebugHookID {
</span><span class="cx"> WillExecuteProgram,
</span><span class="lines">@@ -86,20 +87,6 @@
</span><span class="cx"> StackFrameNativeCode
</span><span class="cx"> };
</span><span class="cx">
</span><del>- struct StackFrame {
- Strong<JSObject> callee;
- Strong<CodeBlock> codeBlock;
- unsigned bytecodeOffset;
-
- bool isNative() const { return !codeBlock; }
-
- void computeLineAndColumn(unsigned& line, unsigned& column) const;
- String functionName(VM&) const;
- intptr_t sourceID() const;
- String sourceURL() const;
- String toString(VM&) const;
- };
-
</del><span class="cx"> class SuspendExceptionScope {
</span><span class="cx"> public:
</span><span class="cx"> SuspendExceptionScope(VM* vm)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorejitAssemblyHelpersh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/AssemblyHelpers.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/AssemblyHelpers.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/AssemblyHelpers.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1405,33 +1405,74 @@
</span><span class="cx"> void emitRandomThunk(JSGlobalObject*, GPRReg scratch0, GPRReg scratch1, GPRReg scratch2, FPRReg result);
</span><span class="cx"> void emitRandomThunk(GPRReg scratch0, GPRReg scratch1, GPRReg scratch2, GPRReg scratch3, FPRReg result);
</span><span class="cx"> #endif
</span><del>-
- void emitAllocate(GPRReg resultGPR, GPRReg allocatorGPR, GPRReg scratchGPR, JumpList& slowPath)
</del><ins>+
+ // Call this if you know that the value held in allocatorGPR is non-null. This DOES NOT mean
+ // that allocator is non-null; allocator can be null as a signal that we don't know what the
+ // value of allocatorGPR is.
+ void emitAllocateWithNonNullAllocator(GPRReg resultGPR, MarkedAllocator* allocator, GPRReg allocatorGPR, GPRReg scratchGPR, JumpList& slowPath)
</ins><span class="cx"> {
</span><del>- if (Options::forceGCSlowPaths())
</del><ins>+ // NOTE: This is carefully written so that we can call it while we disallow scratch
+ // register usage.
+
+ if (Options::forceGCSlowPaths()) {
</ins><span class="cx"> slowPath.append(jump());
</span><ins>+ return;
+ }
+
+ Jump popPath;
+ Jump done;
+
+ load32(Address(allocatorGPR, MarkedAllocator::offsetOfFreeList() + OBJECT_OFFSETOF(FreeList, remaining)), resultGPR);
+ popPath = branchTest32(Zero, resultGPR);
+ if (allocator)
+ add32(TrustedImm32(-allocator->cellSize()), resultGPR, scratchGPR);
</ins><span class="cx"> else {
</span><del>- loadPtr(Address(allocatorGPR, MarkedAllocator::offsetOfFreeListHead()), resultGPR);
- slowPath.append(branchTestPtr(Zero, resultGPR));
</del><ins>+ move(resultGPR, scratchGPR);
+ sub32(Address(allocatorGPR, MarkedAllocator::offsetOfCellSize()), scratchGPR);
</ins><span class="cx"> }
</span><ins>+ negPtr(resultGPR);
+ store32(scratchGPR, Address(allocatorGPR, MarkedAllocator::offsetOfFreeList() + OBJECT_OFFSETOF(FreeList, remaining)));
+ Address payloadEndAddr = Address(allocatorGPR, MarkedAllocator::offsetOfFreeList() + OBJECT_OFFSETOF(FreeList, payloadEnd));
+ if (isX86())
+ addPtr(payloadEndAddr, resultGPR);
+ else {
+ loadPtr(payloadEndAddr, scratchGPR);
+ addPtr(scratchGPR, resultGPR);
+ }
</ins><span class="cx">
</span><ins>+ done = jump();
+
+ popPath.link(this);
+
+ loadPtr(Address(allocatorGPR, MarkedAllocator::offsetOfFreeList() + OBJECT_OFFSETOF(FreeList, head)), resultGPR);
+ slowPath.append(branchTestPtr(Zero, resultGPR));
+
</ins><span class="cx"> // The object is half-allocated: we have what we know is a fresh object, but
</span><span class="cx"> // it's still on the GC's free list.
</span><span class="cx"> loadPtr(Address(resultGPR), scratchGPR);
</span><del>- storePtr(scratchGPR, Address(allocatorGPR, MarkedAllocator::offsetOfFreeListHead()));
</del><ins>+ storePtr(scratchGPR, Address(allocatorGPR, MarkedAllocator::offsetOfFreeList() + OBJECT_OFFSETOF(FreeList, head)));
+
+ done.link(this);
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+ void emitAllocate(GPRReg resultGPR, MarkedAllocator* allocator, GPRReg allocatorGPR, GPRReg scratchGPR, JumpList& slowPath)
+ {
+ if (!allocator)
+ slowPath.append(branchTestPtr(Zero, allocatorGPR));
+ emitAllocateWithNonNullAllocator(resultGPR, allocator, allocatorGPR, scratchGPR, slowPath);
+ }
+
</ins><span class="cx"> template<typename StructureType>
</span><del>- void emitAllocateJSCell(GPRReg resultGPR, GPRReg allocatorGPR, StructureType structure, GPRReg scratchGPR, JumpList& slowPath)
</del><ins>+ void emitAllocateJSCell(GPRReg resultGPR, MarkedAllocator* allocator, GPRReg allocatorGPR, StructureType structure, GPRReg scratchGPR, JumpList& slowPath)
</ins><span class="cx"> {
</span><del>- emitAllocate(resultGPR, allocatorGPR, scratchGPR, slowPath);
</del><ins>+ emitAllocate(resultGPR, allocator, allocatorGPR, scratchGPR, slowPath);
</ins><span class="cx"> emitStoreStructureWithTypeInfo(structure, resultGPR, scratchGPR);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename StructureType, typename StorageType>
</span><del>- void emitAllocateJSObject(GPRReg resultGPR, GPRReg allocatorGPR, StructureType structure, StorageType storage, GPRReg scratchGPR, JumpList& slowPath)
</del><ins>+ void emitAllocateJSObject(GPRReg resultGPR, MarkedAllocator* allocator, GPRReg allocatorGPR, StructureType structure, StorageType storage, GPRReg scratchGPR, JumpList& slowPath)
</ins><span class="cx"> {
</span><del>- emitAllocateJSCell(resultGPR, allocatorGPR, structure, scratchGPR, slowPath);
</del><ins>+ emitAllocateJSCell(resultGPR, allocator, allocatorGPR, structure, scratchGPR, slowPath);
</ins><span class="cx"> storePtr(storage, Address(resultGPR, JSObject::butterflyOffset()));
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1440,9 +1481,13 @@
</span><span class="cx"> GPRReg resultGPR, StructureType structure, StorageType storage, GPRReg scratchGPR1,
</span><span class="cx"> GPRReg scratchGPR2, JumpList& slowPath, size_t size)
</span><span class="cx"> {
</span><del>- MarkedAllocator* allocator = &vm()->heap.allocatorForObjectOfType<ClassType>(size);
</del><ins>+ MarkedAllocator* allocator = vm()->heap.allocatorForObjectOfType<ClassType>(size);
+ if (!allocator) {
+ slowPath.append(jump());
+ return;
+ }
</ins><span class="cx"> move(TrustedImmPtr(allocator), scratchGPR1);
</span><del>- emitAllocateJSObject(resultGPR, scratchGPR1, structure, storage, scratchGPR2, slowPath);
</del><ins>+ emitAllocateJSObject(resultGPR, allocator, scratchGPR1, structure, storage, scratchGPR2, slowPath);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename ClassType, typename StructureType, typename StorageType>
</span><span class="lines">@@ -1451,27 +1496,21 @@
</span><span class="cx"> emitAllocateJSObjectWithKnownSize<ClassType>(resultGPR, structure, storage, scratchGPR1, scratchGPR2, slowPath, ClassType::allocationSize(0));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ // allocationSize can be aliased with any of the other input GPRs. If it's not aliased then it
+ // won't be clobbered.
</ins><span class="cx"> void emitAllocateVariableSized(GPRReg resultGPR, MarkedSpace::Subspace& subspace, GPRReg allocationSize, GPRReg scratchGPR1, GPRReg scratchGPR2, JumpList& slowPath)
</span><span class="cx"> {
</span><del>- static_assert(!(MarkedSpace::preciseStep & (MarkedSpace::preciseStep - 1)), "MarkedSpace::preciseStep must be a power of two.");
- static_assert(!(MarkedSpace::impreciseStep & (MarkedSpace::impreciseStep - 1)), "MarkedSpace::impreciseStep must be a power of two.");
</del><ins>+ static_assert(!(MarkedSpace::sizeStep & (MarkedSpace::sizeStep - 1)), "MarkedSpace::sizeStep must be a power of two.");
</ins><span class="cx">
</span><del>- add32(TrustedImm32(MarkedSpace::preciseStep - 1), allocationSize);
- Jump notSmall = branch32(AboveOrEqual, allocationSize, TrustedImm32(MarkedSpace::preciseCutoff));
- rshift32(allocationSize, TrustedImm32(getLSBSet(MarkedSpace::preciseStep)), scratchGPR1);
- mul32(TrustedImm32(sizeof(MarkedAllocator)), scratchGPR1, scratchGPR1);
- addPtr(TrustedImmPtr(&subspace.preciseAllocators[0]), scratchGPR1);
-
- Jump selectedSmallSpace = jump();
- notSmall.link(this);
- slowPath.append(branch32(AboveOrEqual, allocationSize, TrustedImm32(MarkedSpace::impreciseCutoff)));
- rshift32(allocationSize, TrustedImm32(getLSBSet(MarkedSpace::impreciseStep)), scratchGPR1);
- mul32(TrustedImm32(sizeof(MarkedAllocator)), scratchGPR1, scratchGPR1);
- addPtr(TrustedImmPtr(&subspace.impreciseAllocators[0]), scratchGPR1);
-
- selectedSmallSpace.link(this);
</del><ins>+ unsigned stepShift = getLSBSet(MarkedSpace::sizeStep);
</ins><span class="cx">
</span><del>- emitAllocate(resultGPR, scratchGPR1, scratchGPR2, slowPath);
</del><ins>+ add32(TrustedImm32(MarkedSpace::sizeStep - 1), allocationSize, scratchGPR1);
+ urshift32(TrustedImm32(stepShift), scratchGPR1);
+ slowPath.append(branch32(Above, scratchGPR1, TrustedImm32(MarkedSpace::largeCutoff >> stepShift)));
+ move(TrustedImmPtr(&subspace.allocatorForSizeStep[0] - 1), scratchGPR2);
+ loadPtr(BaseIndex(scratchGPR2, scratchGPR1, timesPtr()), scratchGPR1);
+
+ emitAllocate(resultGPR, nullptr, scratchGPR1, scratchGPR2, slowPath);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename ClassType, typename StructureType>
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorejitCCallHelpersh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/CCallHelpers.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/CCallHelpers.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/CCallHelpers.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -296,6 +296,15 @@
</span><span class="cx"> addCallArgument(arg3);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImmPtr arg1, TrustedImm32 arg2, GPRReg arg3)
+ {
+ resetCallArguments();
+ addCallArgument(GPRInfo::callFrameRegister);
+ addCallArgument(arg1);
+ addCallArgument(arg2);
+ addCallArgument(arg3);
+ }
+
</ins><span class="cx"> ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, GPRReg arg3)
</span><span class="cx"> {
</span><span class="cx"> resetCallArguments();
</span><span class="lines">@@ -1408,6 +1417,14 @@
</span><span class="cx"> move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImmPtr arg1, TrustedImm32 arg2, GPRReg arg3)
+ {
+ move(arg3, GPRInfo::argumentGPR3);
+ move(arg1, GPRInfo::argumentGPR1);
+ move(arg2, GPRInfo::argumentGPR2);
+ move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
+ }
+
</ins><span class="cx"> ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImmPtr arg1, TrustedImm32 arg2, TrustedImm32 arg3)
</span><span class="cx"> {
</span><span class="cx"> move(arg1, GPRInfo::argumentGPR1);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorejitGCAwareJITStubRoutinecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -32,6 +32,7 @@
</span><span class="cx"> #include "DFGCommonData.h"
</span><span class="cx"> #include "Heap.h"
</span><span class="cx"> #include "VM.h"
</span><ins>+#include "JITStubRoutineSet.h"
</ins><span class="cx"> #include "JSCInlines.h"
</span><span class="cx"> #include "SlotVisitor.h"
</span><span class="cx"> #include "Structure.h"
</span><span class="lines">@@ -45,7 +46,7 @@
</span><span class="cx"> , m_mayBeExecuting(false)
</span><span class="cx"> , m_isJettisoned(false)
</span><span class="cx"> {
</span><del>- vm.heap.m_jitStubRoutines.add(this);
</del><ins>+ vm.heap.m_jitStubRoutines->add(this);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> GCAwareJITStubRoutine::~GCAwareJITStubRoutine() { }
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorejitJITcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JIT.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JIT.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JIT.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -48,6 +48,7 @@
</span><span class="cx"> #include "SuperSampler.h"
</span><span class="cx"> #include "TypeProfilerLog.h"
</span><span class="cx"> #include <wtf/CryptographicallyRandomNumber.h>
</span><ins>+#include <wtf/SimpleStats.h>
</ins><span class="cx">
</span><span class="cx"> using namespace std;
</span><span class="cx">
</span><span class="lines">@@ -66,6 +67,14 @@
</span><span class="cx"> newCalleeFunction);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+JIT::CodeRef JIT::compileCTINativeCall(VM* vm, NativeFunction func)
+{
+ if (!vm->canUseJIT())
+ return CodeRef::createLLIntCodeRef(llint_native_call_trampoline);
+ JIT jit(vm, 0);
+ return jit.privateCompileCTINativeCall(vm, func);
+}
+
</ins><span class="cx"> JIT::JIT(VM* vm, CodeBlock* codeBlock)
</span><span class="cx"> : JSInterfaceJIT(vm, codeBlock)
</span><span class="cx"> , m_interpreter(vm->interpreter)
</span><span class="lines">@@ -786,7 +795,7 @@
</span><span class="cx"> patchBuffer,
</span><span class="cx"> ("Baseline JIT code for %s", toCString(CodeBlockWithJITType(m_codeBlock, JITCode::BaselineJIT)).data()));
</span><span class="cx">
</span><del>- m_vm->machineCodeBytesPerBytecodeWordForBaselineJIT.add(
</del><ins>+ m_vm->machineCodeBytesPerBytecodeWordForBaselineJIT->add(
</ins><span class="cx"> static_cast<double>(result.size()) /
</span><span class="cx"> static_cast<double>(m_instructions.size()));
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorejitJITh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JIT.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JIT.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JIT.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -40,17 +40,17 @@
</span><span class="cx">
</span><span class="cx"> #include "CodeBlock.h"
</span><span class="cx"> #include "CompactJITCodeMap.h"
</span><del>-#include "Interpreter.h"
</del><span class="cx"> #include "JITDisassembler.h"
</span><span class="cx"> #include "JITInlineCacheGenerator.h"
</span><span class="cx"> #include "JITMathIC.h"
</span><span class="cx"> #include "JSInterfaceJIT.h"
</span><del>-#include "Opcode.h"
</del><span class="cx"> #include "PCToCodeOriginMap.h"
</span><span class="cx"> #include "UnusedPointer.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><ins>+ enum OpcodeID : unsigned;
+
</ins><span class="cx"> class ArrayAllocationProfile;
</span><span class="cx"> class CallLinkInfo;
</span><span class="cx"> class CodeBlock;
</span><span class="lines">@@ -248,14 +248,7 @@
</span><span class="cx"> jit.privateCompileHasIndexedProperty(byValInfo, returnAddress, arrayMode);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- static CodeRef compileCTINativeCall(VM* vm, NativeFunction func)
- {
- if (!vm->canUseJIT()) {
- return CodeRef::createLLIntCodeRef(llint_native_call_trampoline);
- }
- JIT jit(vm, 0);
- return jit.privateCompileCTINativeCall(vm, func);
- }
</del><ins>+ static CodeRef compileCTINativeCall(VM*, NativeFunction);
</ins><span class="cx">
</span><span class="cx"> static unsigned frameRegisterCountFor(CodeBlock*);
</span><span class="cx"> static int stackPointerOffsetFor(CodeBlock*);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorejitJITExceptionscpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITExceptions.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITExceptions.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITExceptions.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -90,4 +90,9 @@
</span><span class="cx"> RELEASE_ASSERT(catchRoutine);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void genericUnwind(VM* vm, ExecState* callFrame)
+{
+ genericUnwind(vm, callFrame, UnwindFromCurrentFrame);
+}
+
</ins><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorejitJITExceptionsh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITExceptions.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITExceptions.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITExceptions.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,15 +26,15 @@
</span><span class="cx"> #ifndef JITExceptions_h
</span><span class="cx"> #define JITExceptions_h
</span><span class="cx">
</span><del>-#include "Interpreter.h"
-#include "JSCJSValue.h"
-
</del><span class="cx"> namespace JSC {
</span><span class="cx">
</span><ins>+enum UnwindStart : uint8_t;
+
</ins><span class="cx"> class ExecState;
</span><span class="cx"> class VM;
</span><span class="cx">
</span><del>-void genericUnwind(VM*, ExecState*, UnwindStart = UnwindFromCurrentFrame);
</del><ins>+void genericUnwind(VM*, ExecState*, UnwindStart);
+void genericUnwind(VM*, ExecState*);
</ins><span class="cx">
</span><span class="cx"> } // namespace JSC
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorejitJITOpcodescpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITOpcodes.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITOpcodes.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITOpcodes.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -32,6 +32,7 @@
</span><span class="cx"> #include "CopiedSpaceInlines.h"
</span><span class="cx"> #include "Exception.h"
</span><span class="cx"> #include "Heap.h"
</span><ins>+#include "Interpreter.h"
</ins><span class="cx"> #include "JITInlines.h"
</span><span class="cx"> #include "JSArray.h"
</span><span class="cx"> #include "JSCell.h"
</span><span class="lines">@@ -83,7 +84,7 @@
</span><span class="cx"> {
</span><span class="cx"> Structure* structure = currentInstruction[3].u.objectAllocationProfile->structure();
</span><span class="cx"> size_t allocationSize = JSFinalObject::allocationSize(structure->inlineCapacity());
</span><del>- MarkedAllocator* allocator = &m_vm->heap.allocatorForObjectWithoutDestructor(allocationSize);
</del><ins>+ MarkedAllocator* allocator = m_vm->heap.allocatorForObjectWithoutDestructor(allocationSize);
</ins><span class="cx">
</span><span class="cx"> RegisterID resultReg = regT0;
</span><span class="cx"> RegisterID allocatorReg = regT1;
</span><span class="lines">@@ -90,8 +91,10 @@
</span><span class="cx"> RegisterID scratchReg = regT2;
</span><span class="cx">
</span><span class="cx"> move(TrustedImmPtr(allocator), allocatorReg);
</span><ins>+ if (allocator)
+ addSlowCase(Jump());
</ins><span class="cx"> JumpList slowCases;
</span><del>- emitAllocateJSObject(resultReg, allocatorReg, TrustedImmPtr(structure), TrustedImmPtr(0), scratchReg, slowCases);
</del><ins>+ emitAllocateJSObject(resultReg, allocator, allocatorReg, TrustedImmPtr(structure), TrustedImmPtr(0), scratchReg, slowCases);
</ins><span class="cx"> addSlowCase(slowCases);
</span><span class="cx"> emitPutVirtualRegister(currentInstruction[1].u.operand);
</span><span class="cx"> }
</span><span class="lines">@@ -99,6 +102,7 @@
</span><span class="cx"> void JIT::emitSlow_op_new_object(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
</span><span class="cx"> {
</span><span class="cx"> linkSlowCase(iter);
</span><ins>+ linkSlowCase(iter);
</ins><span class="cx"> int dst = currentInstruction[1].u.operand;
</span><span class="cx"> Structure* structure = currentInstruction[3].u.objectAllocationProfile->structure();
</span><span class="cx"> callOperation(operationNewObject, structure);
</span><span class="lines">@@ -772,7 +776,7 @@
</span><span class="cx"> hasSeenMultipleCallees.link(this);
</span><span class="cx">
</span><span class="cx"> JumpList slowCases;
</span><del>- emitAllocateJSObject(resultReg, allocatorReg, structureReg, TrustedImmPtr(0), scratchReg, slowCases);
</del><ins>+ emitAllocateJSObject(resultReg, nullptr, allocatorReg, structureReg, TrustedImmPtr(0), scratchReg, slowCases);
</ins><span class="cx"> addSlowCase(slowCases);
</span><span class="cx"> emitPutVirtualRegister(currentInstruction[1].u.operand);
</span><span class="cx"> }
</span><span class="lines">@@ -782,7 +786,8 @@
</span><span class="cx"> linkSlowCase(iter); // Callee::m_type != JSFunctionType.
</span><span class="cx"> linkSlowCase(iter); // doesn't have rare data
</span><span class="cx"> linkSlowCase(iter); // doesn't have an allocation profile
</span><del>- linkSlowCase(iter); // allocation failed
</del><ins>+ linkSlowCase(iter); // allocation failed (no allocator)
+ linkSlowCase(iter); // allocation failed (allocator empty)
</ins><span class="cx"> linkSlowCase(iter); // cached function didn't match
</span><span class="cx">
</span><span class="cx"> JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_create_this);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorejitJITOpcodes32_64cpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -39,6 +39,7 @@
</span><span class="cx"> #include "JSPropertyNameEnumerator.h"
</span><span class="cx"> #include "LinkBuffer.h"
</span><span class="cx"> #include "MaxFrameExtentForSlowPathCall.h"
</span><ins>+#include "Opcode.h"
</ins><span class="cx"> #include "SlowPathCall.h"
</span><span class="cx"> #include "TypeProfilerLog.h"
</span><span class="cx"> #include "VirtualRegister.h"
</span><span class="lines">@@ -163,7 +164,7 @@
</span><span class="cx"> {
</span><span class="cx"> Structure* structure = currentInstruction[3].u.objectAllocationProfile->structure();
</span><span class="cx"> size_t allocationSize = JSFinalObject::allocationSize(structure->inlineCapacity());
</span><del>- MarkedAllocator* allocator = &m_vm->heap.allocatorForObjectWithoutDestructor(allocationSize);
</del><ins>+ MarkedAllocator* allocator = m_vm->heap.allocatorForObjectWithoutDestructor(allocationSize);
</ins><span class="cx">
</span><span class="cx"> RegisterID resultReg = returnValueGPR;
</span><span class="cx"> RegisterID allocatorReg = regT1;
</span><span class="lines">@@ -170,8 +171,10 @@
</span><span class="cx"> RegisterID scratchReg = regT3;
</span><span class="cx">
</span><span class="cx"> move(TrustedImmPtr(allocator), allocatorReg);
</span><ins>+ if (allocator)
+ addSlowCase(Jump());
</ins><span class="cx"> JumpList slowCases;
</span><del>- emitAllocateJSObject(resultReg, allocatorReg, TrustedImmPtr(structure), TrustedImmPtr(0), scratchReg, slowCases);
</del><ins>+ emitAllocateJSObject(resultReg, allocator, allocatorReg, TrustedImmPtr(structure), TrustedImmPtr(0), scratchReg, slowCases);
</ins><span class="cx"> addSlowCase(slowCases);
</span><span class="cx"> emitStoreCell(currentInstruction[1].u.operand, resultReg);
</span><span class="cx"> }
</span><span class="lines">@@ -179,6 +182,7 @@
</span><span class="cx"> void JIT::emitSlow_op_new_object(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
</span><span class="cx"> {
</span><span class="cx"> linkSlowCase(iter);
</span><ins>+ linkSlowCase(iter);
</ins><span class="cx"> int dst = currentInstruction[1].u.operand;
</span><span class="cx"> Structure* structure = currentInstruction[3].u.objectAllocationProfile->structure();
</span><span class="cx"> callOperation(operationNewObject, structure);
</span><span class="lines">@@ -1032,7 +1036,7 @@
</span><span class="cx"> hasSeenMultipleCallees.link(this);
</span><span class="cx">
</span><span class="cx"> JumpList slowCases;
</span><del>- emitAllocateJSObject(resultReg, allocatorReg, structureReg, TrustedImmPtr(0), scratchReg, slowCases);
</del><ins>+ emitAllocateJSObject(resultReg, nullptr, allocatorReg, structureReg, TrustedImmPtr(0), scratchReg, slowCases);
</ins><span class="cx"> addSlowCase(slowCases);
</span><span class="cx"> emitStoreCell(currentInstruction[1].u.operand, resultReg);
</span><span class="cx"> }
</span><span class="lines">@@ -1042,7 +1046,8 @@
</span><span class="cx"> linkSlowCase(iter); // Callee::m_type != JSFunctionType.
</span><span class="cx"> linkSlowCase(iter); // doesn't have rare data
</span><span class="cx"> linkSlowCase(iter); // doesn't have an allocation profile
</span><del>- linkSlowCase(iter); // allocation failed
</del><ins>+ linkSlowCase(iter); // allocation failed (no allocator)
+ linkSlowCase(iter); // allocation failed (allocator empty)
</ins><span class="cx"> linkSlowCase(iter); // cached function didn't match
</span><span class="cx">
</span><span class="cx"> JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_create_this);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorejitJITOperationscpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITOperations.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITOperations.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITOperations.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -44,6 +44,7 @@
</span><span class="cx"> #include "GetterSetter.h"
</span><span class="cx"> #include "HostCallReturnValue.h"
</span><span class="cx"> #include "ICStats.h"
</span><ins>+#include "Interpreter.h"
</ins><span class="cx"> #include "JIT.h"
</span><span class="cx"> #include "JITExceptions.h"
</span><span class="cx"> #include "JITToDFGDeferredCompilationCallback.h"
</span><span class="lines">@@ -480,17 +481,6 @@
</span><span class="cx"> repatchPutByID(exec, baseObject, structure, ident, slot, *stubInfo, Direct);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void JIT_OPERATION operationReallocateStorageAndFinishPut(ExecState* exec, JSObject* base, Structure* structure, PropertyOffset offset, EncodedJSValue value)
-{
- VM& vm = exec->vm();
- NativeCallFrameTracer tracer(&vm, exec);
-
- ASSERT(structure->outOfLineCapacity() > base->structure(vm)->outOfLineCapacity());
- ASSERT(!vm.heap.storageAllocator().fastPathShouldSucceed(structure->outOfLineCapacity() * sizeof(JSValue)));
- base->setStructureAndReallocateStorageIfNecessary(vm, structure);
- base->putDirect(vm, offset, JSValue::decode(value));
-}
-
</del><span class="cx"> ALWAYS_INLINE static bool isStringOrSymbol(JSValue value)
</span><span class="cx"> {
</span><span class="cx"> return value.isString() || value.isSymbol();
</span><span class="lines">@@ -2157,7 +2147,6 @@
</span><span class="cx"> NativeCallFrameTracer tracer(&vm, exec);
</span><span class="cx">
</span><span class="cx"> ASSERT(!object->structure()->outOfLineCapacity());
</span><del>- DeferGC deferGC(vm.heap);
</del><span class="cx"> Butterfly* result = object->growOutOfLineStorage(vm, 0, initialOutOfLineCapacity);
</span><span class="cx"> object->setButterflyWithoutChangingStructure(vm, result);
</span><span class="cx"> return reinterpret_cast<char*>(result);
</span><span class="lines">@@ -2168,7 +2157,6 @@
</span><span class="cx"> VM& vm = exec->vm();
</span><span class="cx"> NativeCallFrameTracer tracer(&vm, exec);
</span><span class="cx">
</span><del>- DeferGC deferGC(vm.heap);
</del><span class="cx"> Butterfly* result = object->growOutOfLineStorage(vm, object->structure()->outOfLineCapacity(), newSize);
</span><span class="cx"> object->setButterflyWithoutChangingStructure(vm, result);
</span><span class="cx"> return reinterpret_cast<char*>(result);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorejitJITOperationsh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITOperations.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITOperations.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITOperations.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -38,18 +38,27 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><ins>+typedef int64_t EncodedJSValue;
+
</ins><span class="cx"> class ArrayAllocationProfile;
</span><span class="cx"> class ArrayProfile;
</span><ins>+class Butterfly;
</ins><span class="cx"> class CallLinkInfo;
</span><span class="cx"> class CodeBlock;
</span><span class="cx"> class ExecState;
</span><span class="cx"> class JITAddGenerator;
</span><span class="cx"> class JSArray;
</span><ins>+class JSCell;
</ins><span class="cx"> class JSFunction;
</span><ins>+class JSGlobalObject;
</ins><span class="cx"> class JSLexicalEnvironment;
</span><ins>+class JSObject;
</ins><span class="cx"> class JSScope;
</span><ins>+class JSString;
+class JSValue;
</ins><span class="cx"> class RegExpObject;
</span><span class="cx"> class Register;
</span><ins>+class Structure;
</ins><span class="cx"> class StructureStubInfo;
</span><span class="cx"> class SymbolTable;
</span><span class="cx"> class WatchpointSet;
</span><span class="lines">@@ -56,6 +65,7 @@
</span><span class="cx">
</span><span class="cx"> struct ByValInfo;
</span><span class="cx"> struct InlineCallFrame;
</span><ins>+struct Instruction;
</ins><span class="cx"> struct ArithProfile;
</span><span class="cx">
</span><span class="cx"> typedef ExecState CallFrame;
</span><span class="lines">@@ -72,6 +82,7 @@
</span><span class="cx"> Aap: ArrayAllocationProfile*
</span><span class="cx"> Ap: ArrayProfile*
</span><span class="cx"> Arp: ArithProfile*
</span><ins>+ B: Butterfly*
</ins><span class="cx"> By: ByValInfo*
</span><span class="cx"> C: JSCell*
</span><span class="cx"> Cb: CodeBlock*
</span><span class="lines">@@ -279,6 +290,7 @@
</span><span class="cx"> typedef char* (JIT_OPERATION *P_JITOperation_EStPS)(ExecState*, Structure*, void*, size_t);
</span><span class="cx"> typedef char* (JIT_OPERATION *P_JITOperation_EStSS)(ExecState*, Structure*, size_t, size_t);
</span><span class="cx"> typedef char* (JIT_OPERATION *P_JITOperation_EStZ)(ExecState*, Structure*, int32_t);
</span><ins>+typedef char* (JIT_OPERATION *P_JITOperation_EStZB)(ExecState*, Structure*, int32_t, Butterfly*);
</ins><span class="cx"> typedef char* (JIT_OPERATION *P_JITOperation_EZZ)(ExecState*, int32_t, int32_t);
</span><span class="cx"> typedef SlowPathReturnType (JIT_OPERATION *Sprt_JITOperation_ECli)(ExecState*, CallLinkInfo*);
</span><span class="cx"> typedef StringImpl* (JIT_OPERATION *T_JITOperation_EJss)(ExecState*, JSString*);
</span><span class="lines">@@ -320,7 +332,6 @@
</span><span class="cx"> void JIT_OPERATION operationPutByIdNonStrictBuildList(ExecState*, StructureStubInfo*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, UniquedStringImpl*) WTF_INTERNAL;
</span><span class="cx"> void JIT_OPERATION operationPutByIdDirectStrictBuildList(ExecState*, StructureStubInfo*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, UniquedStringImpl*) WTF_INTERNAL;
</span><span class="cx"> void JIT_OPERATION operationPutByIdDirectNonStrictBuildList(ExecState*, StructureStubInfo*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, UniquedStringImpl*) WTF_INTERNAL;
</span><del>-void JIT_OPERATION operationReallocateStorageAndFinishPut(ExecState*, JSObject*, Structure*, PropertyOffset, EncodedJSValue) WTF_INTERNAL;
</del><span class="cx"> void JIT_OPERATION operationPutByValOptimize(ExecState*, EncodedJSValue, EncodedJSValue, EncodedJSValue, ByValInfo*) WTF_INTERNAL;
</span><span class="cx"> void JIT_OPERATION operationDirectPutByValOptimize(ExecState*, EncodedJSValue, EncodedJSValue, EncodedJSValue, ByValInfo*) WTF_INTERNAL;
</span><span class="cx"> void JIT_OPERATION operationPutByValGeneric(ExecState*, EncodedJSValue, EncodedJSValue, EncodedJSValue, ByValInfo*) WTF_INTERNAL;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorejitJITPropertyAccesscpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITPropertyAccess.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITPropertyAccess.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITPropertyAccess.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1246,7 +1246,7 @@
</span><span class="cx">
</span><span class="cx"> void JIT::emitWriteBarrier(JSCell* owner)
</span><span class="cx"> {
</span><del>- if (!MarkedBlock::blockFor(owner)->isMarked(owner)) {
</del><ins>+ if (!owner->cellContainer().isMarked(owner)) {
</ins><span class="cx"> Jump ownerIsRememberedOrInEden = jumpIfIsRememberedOrInEden(owner);
</span><span class="cx"> callOperation(operationUnconditionalWriteBarrier, owner);
</span><span class="cx"> ownerIsRememberedOrInEden.link(this);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorejitJITThunkscpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITThunks.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITThunks.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITThunks.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -30,8 +30,9 @@
</span><span class="cx">
</span><span class="cx"> #include "Executable.h"
</span><span class="cx"> #include "JIT.h"
</span><ins>+#include "JSCInlines.h"
+#include "LLIntData.h"
</ins><span class="cx"> #include "VM.h"
</span><del>-#include "JSCInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorejitJITThunksh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITThunks.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITThunks.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jit/JITThunks.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -30,7 +30,6 @@
</span><span class="cx">
</span><span class="cx"> #include "CallData.h"
</span><span class="cx"> #include "Intrinsic.h"
</span><del>-#include "LowLevelInterpreter.h"
</del><span class="cx"> #include "MacroAssemblerCodeRef.h"
</span><span class="cx"> #include "ThunkGenerator.h"
</span><span class="cx"> #include "Weak.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorejsccpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jsc.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jsc.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/jsc.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -635,6 +635,8 @@
</span><span class="cx"> static EncodedJSValue JSC_HOST_CALL functionCheckModuleSyntax(ExecState*);
</span><span class="cx"> static EncodedJSValue JSC_HOST_CALL functionPlatformSupportsSamplingProfiler(ExecState*);
</span><span class="cx"> static EncodedJSValue JSC_HOST_CALL functionGenerateHeapSnapshot(ExecState*);
</span><ins>+static EncodedJSValue JSC_HOST_CALL functionResetSuperSamplerState(ExecState*);
+static EncodedJSValue JSC_HOST_CALL functionEnsureArrayStorage(ExecState*);
</ins><span class="cx"> #if ENABLE(SAMPLING_PROFILER)
</span><span class="cx"> static EncodedJSValue JSC_HOST_CALL functionStartSamplingProfiler(ExecState*);
</span><span class="cx"> static EncodedJSValue JSC_HOST_CALL functionSamplingProfilerStackTraces(ExecState*);
</span><span class="lines">@@ -869,6 +871,8 @@
</span><span class="cx">
</span><span class="cx"> addFunction(vm, "platformSupportsSamplingProfiler", functionPlatformSupportsSamplingProfiler, 0);
</span><span class="cx"> addFunction(vm, "generateHeapSnapshot", functionGenerateHeapSnapshot, 0);
</span><ins>+ addFunction(vm, "resetSuperSamplerState", functionResetSuperSamplerState, 0);
+ addFunction(vm, "ensureArrayStorage", functionEnsureArrayStorage, 0);
</ins><span class="cx"> #if ENABLE(SAMPLING_PROFILER)
</span><span class="cx"> addFunction(vm, "startSamplingProfiler", functionStartSamplingProfiler, 0);
</span><span class="cx"> addFunction(vm, "samplingProfilerStackTraces", functionSamplingProfilerStackTraces, 0);
</span><span class="lines">@@ -1204,7 +1208,7 @@
</span><span class="cx"> JSObject* object = jsDynamicCast<JSObject*>(exec->argument(0));
</span><span class="cx"> if (!object)
</span><span class="cx"> return JSValue::encode(jsNontrivialString(exec, ASCIILiteral("<not object>")));
</span><del>- return JSValue::encode(jsNontrivialString(exec, toString("<Public length: ", object->getArrayLength(), "; vector length: ", object->getVectorLength(), ">")));
</del><ins>+ return JSValue::encode(jsNontrivialString(exec, toString("<Butterfly: ", RawPointer(object->butterfly()), "; public length: ", object->getArrayLength(), "; vector length: ", object->getVectorLength(), ">")));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> class FunctionJSCStackFunctor {
</span><span class="lines">@@ -1951,6 +1955,21 @@
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+EncodedJSValue JSC_HOST_CALL functionResetSuperSamplerState(ExecState*)
+{
+ resetSuperSamplerState();
+ return JSValue::encode(jsUndefined());
+}
+
+EncodedJSValue JSC_HOST_CALL functionEnsureArrayStorage(ExecState* exec)
+{
+ for (unsigned i = 0; i < exec->argumentCount(); ++i) {
+ if (JSObject* object = jsDynamicCast<JSObject*>(exec->argument(0)))
+ object->ensureArrayStorage(exec->vm());
+ }
+ return JSValue::encode(jsUndefined());
+}
+
</ins><span class="cx"> #if ENABLE(SAMPLING_PROFILER)
</span><span class="cx"> EncodedJSValue JSC_HOST_CALL functionStartSamplingProfiler(ExecState* exec)
</span><span class="cx"> {
</span><span class="lines">@@ -2062,10 +2081,7 @@
</span><span class="cx"> TRY
</span><span class="cx"> res = jscmain(argc, argv);
</span><span class="cx"> EXCEPT(res = 3)
</span><del>- if (Options::logHeapStatisticsAtExit())
- HeapStatistics::reportSuccess();
- if (Options::reportLLIntStats())
- LLInt::Data::finalizeStats();
</del><ins>+ finalizeStatsAtEndOfTesting();
</ins><span class="cx">
</span><span class="cx"> #if PLATFORM(EFL)
</span><span class="cx"> ecore_shutdown();
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorellintLLIntDatacpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LLIntData.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LLIntData.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LLIntData.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -211,7 +211,7 @@
</span><span class="cx"> STATIC_ASSERT(GetPutInfo::initializationShift == 10);
</span><span class="cx"> STATIC_ASSERT(GetPutInfo::initializationBits == 0xffc00);
</span><span class="cx">
</span><del>- STATIC_ASSERT(MarkedBlock::blockMask == ~static_cast<decltype(MarkedBlock::blockMask)>(0x3fff));
</del><ins>+ STATIC_ASSERT(MarkedBlock::blockSize == 16 * 1024);
</ins><span class="cx">
</span><span class="cx"> ASSERT(bitwise_cast<uintptr_t>(ShadowChicken::Packet::tailMarker()) == static_cast<uintptr_t>(0x7a11));
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorellintLLIntExceptionscpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LLIntExceptions.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LLIntExceptions.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LLIntExceptions.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,6 +29,7 @@
</span><span class="cx"> #include "CodeBlock.h"
</span><span class="cx"> #include "Instruction.h"
</span><span class="cx"> #include "LLIntCommon.h"
</span><ins>+#include "LLIntData.h"
</ins><span class="cx"> #include "LowLevelInterpreter.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorellintLLIntThunkscpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LLIntThunks.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LLIntThunks.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LLIntThunks.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -33,6 +33,7 @@
</span><span class="cx"> #include "JSInterfaceJIT.h"
</span><span class="cx"> #include "JSObject.h"
</span><span class="cx"> #include "LLIntCLoop.h"
</span><ins>+#include "LLIntData.h"
</ins><span class="cx"> #include "LinkBuffer.h"
</span><span class="cx"> #include "LowLevelInterpreter.h"
</span><span class="cx"> #include "ProtoCallFrame.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorellintLLIntThunksh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LLIntThunks.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LLIntThunks.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LLIntThunks.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -32,6 +32,7 @@
</span><span class="cx">
</span><span class="cx"> class VM;
</span><span class="cx"> struct ProtoCallFrame;
</span><ins>+typedef int64_t EncodedJSValue;
</ins><span class="cx">
</span><span class="cx"> extern "C" {
</span><span class="cx"> EncodedJSValue vmEntryToJavaScript(void*, VM*, ProtoCallFrame*);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorellintLowLevelInterpreterasm"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LowLevelInterpreter.asm (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LowLevelInterpreter.asm 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LowLevelInterpreter.asm 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1068,24 +1068,6 @@
</span><span class="cx"> .argumentProfileDone:
</span><span class="cx"> end
</span><span class="cx">
</span><del>-macro allocateJSObject(allocator, structure, result, scratch1, slowCase)
- const offsetOfFirstFreeCell =
- MarkedAllocator::m_freeList +
- MarkedBlock::FreeList::head
-
- # Get the object from the free list.
- loadp offsetOfFirstFreeCell[allocator], result
- btpz result, slowCase
-
- # Remove the object from the free list.
- loadp [result], scratch1
- storep scratch1, offsetOfFirstFreeCell[allocator]
-
- # Initialize the object.
- storep 0, JSObject::m_butterfly[result]
- storeStructureWithTypeInfo(result, structure, scratch1)
-end
-
</del><span class="cx"> macro doReturn()
</span><span class="cx"> restoreCalleeSavesUsedByLLInt()
</span><span class="cx"> restoreCallerPCAndCFR()
</span><span class="lines">@@ -1307,6 +1289,18 @@
</span><span class="cx"> dispatch(2)
</span><span class="cx">
</span><span class="cx">
</span><ins>+_llint_op_create_this:
+ traceExecution()
+ callOpcodeSlowPath(_slow_path_create_this)
+ dispatch(5)
+
+
+_llint_op_new_object:
+ traceExecution()
+ callOpcodeSlowPath(_llint_slow_path_new_object)
+ dispatch(4)
+
+
</ins><span class="cx"> _llint_op_new_func:
</span><span class="cx"> traceExecution()
</span><span class="cx"> callOpcodeSlowPath(_llint_slow_path_new_func)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorellintLowLevelInterpretercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -25,13 +25,17 @@
</span><span class="cx">
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "LowLevelInterpreter.h"
</span><ins>+
</ins><span class="cx"> #include "LLIntOfflineAsmConfig.h"
</span><span class="cx"> #include <wtf/InlineASM.h>
</span><span class="cx">
</span><span class="cx"> #if !ENABLE(JIT)
</span><ins>+#include "CLoopStackInlines.h"
</ins><span class="cx"> #include "CodeBlock.h"
</span><span class="cx"> #include "CommonSlowPaths.h"
</span><ins>+#include "Interpreter.h"
</ins><span class="cx"> #include "LLIntCLoop.h"
</span><ins>+#include "LLIntData.h"
</ins><span class="cx"> #include "LLIntSlowPaths.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><span class="cx"> #include <wtf/Assertions.h>
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorellintLowLevelInterpreter32_64asm"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -305,7 +305,7 @@
</span><span class="cx"> _handleUncaughtException:
</span><span class="cx"> loadp Callee + PayloadOffset[cfr], t3
</span><span class="cx"> andp MarkedBlockMask, t3
</span><del>- loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t3], t3
</del><ins>+ loadp MarkedBlock::m_vm[t3], t3
</ins><span class="cx"> restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer(t3, t0)
</span><span class="cx"> loadp VM::callFrameForCatch[t3], cfr
</span><span class="cx"> storep 0, VM::callFrameForCatch[t3]
</span><span class="lines">@@ -653,7 +653,7 @@
</span><span class="cx"> macro branchIfException(label)
</span><span class="cx"> loadp Callee + PayloadOffset[cfr], t3
</span><span class="cx"> andp MarkedBlockMask, t3
</span><del>- loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t3], t3
</del><ins>+ loadp MarkedBlock::m_vm[t3], t3
</ins><span class="cx"> btiz VM::m_exception[t3], .noException
</span><span class="cx"> jmp label
</span><span class="cx"> .noException:
</span><span class="lines">@@ -702,31 +702,6 @@
</span><span class="cx"> dispatch(2)
</span><span class="cx">
</span><span class="cx">
</span><del>-_llint_op_create_this:
- traceExecution()
- loadi 8[PC], t0
- loadp PayloadOffset[cfr, t0, 8], t0
- bbneq JSCell::m_type[t0], JSFunctionType, .opCreateThisSlow
- loadp JSFunction::m_rareData[t0], t5
- btpz t5, .opCreateThisSlow
- loadp FunctionRareData::m_objectAllocationProfile + ObjectAllocationProfile::m_allocator[t5], t1
- loadp FunctionRareData::m_objectAllocationProfile + ObjectAllocationProfile::m_structure[t5], t2
- btpz t1, .opCreateThisSlow
- loadpFromInstruction(4, t5)
- bpeq t5, 1, .hasSeenMultipleCallee
- bpneq t5, t0, .opCreateThisSlow
-.hasSeenMultipleCallee:
- allocateJSObject(t1, t2, t0, t3, .opCreateThisSlow)
- loadi 4[PC], t1
- storei CellTag, TagOffset[cfr, t1, 8]
- storei t0, PayloadOffset[cfr, t1, 8]
- dispatch(5)
-
-.opCreateThisSlow:
- callOpcodeSlowPath(_slow_path_create_this)
- dispatch(5)
-
-
</del><span class="cx"> _llint_op_to_this:
</span><span class="cx"> traceExecution()
</span><span class="cx"> loadi 4[PC], t0
</span><span class="lines">@@ -742,22 +717,6 @@
</span><span class="cx"> dispatch(4)
</span><span class="cx">
</span><span class="cx">
</span><del>-_llint_op_new_object:
- traceExecution()
- loadpFromInstruction(3, t0)
- loadp ObjectAllocationProfile::m_allocator[t0], t1
- loadp ObjectAllocationProfile::m_structure[t0], t2
- allocateJSObject(t1, t2, t0, t3, .opNewObjectSlow)
- loadi 4[PC], t1
- storei CellTag, TagOffset[cfr, t1, 8]
- storei t0, PayloadOffset[cfr, t1, 8]
- dispatch(4)
-
-.opNewObjectSlow:
- callOpcodeSlowPath(_llint_slow_path_new_object)
- dispatch(4)
-
-
</del><span class="cx"> _llint_op_check_tdz:
</span><span class="cx"> traceExecution()
</span><span class="cx"> loadisFromInstruction(1, t0)
</span><span class="lines">@@ -1997,7 +1956,7 @@
</span><span class="cx"> # and have set VM::targetInterpreterPCForThrow.
</span><span class="cx"> loadp Callee + PayloadOffset[cfr], t3
</span><span class="cx"> andp MarkedBlockMask, t3
</span><del>- loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t3], t3
</del><ins>+ loadp MarkedBlock::m_vm[t3], t3
</ins><span class="cx"> restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer(t3, t0)
</span><span class="cx"> loadp VM::callFrameForCatch[t3], cfr
</span><span class="cx"> storep 0, VM::callFrameForCatch[t3]
</span><span class="lines">@@ -2012,7 +1971,7 @@
</span><span class="cx"> .isCatchableException:
</span><span class="cx"> loadp Callee + PayloadOffset[cfr], t3
</span><span class="cx"> andp MarkedBlockMask, t3
</span><del>- loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t3], t3
</del><ins>+ loadp MarkedBlock::m_vm[t3], t3
</ins><span class="cx">
</span><span class="cx"> loadi VM::m_exception[t3], t0
</span><span class="cx"> storei 0, VM::m_exception[t3]
</span><span class="lines">@@ -2047,7 +2006,7 @@
</span><span class="cx"> # This essentially emulates the JIT's throwing protocol.
</span><span class="cx"> loadp Callee[cfr], t1
</span><span class="cx"> andp MarkedBlockMask, t1
</span><del>- loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t1], t1
</del><ins>+ loadp MarkedBlock::m_vm[t1], t1
</ins><span class="cx"> copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(t1, t2)
</span><span class="cx"> jmp VM::targetMachinePCForThrow[t1]
</span><span class="cx">
</span><span class="lines">@@ -2066,7 +2025,7 @@
</span><span class="cx"> if X86 or X86_WIN
</span><span class="cx"> subp 8, sp # align stack pointer
</span><span class="cx"> andp MarkedBlockMask, t1
</span><del>- loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t1], t3
</del><ins>+ loadp MarkedBlock::m_vm[t1], t3
</ins><span class="cx"> storep cfr, VM::topCallFrame[t3]
</span><span class="cx"> move cfr, a0 # a0 = ecx
</span><span class="cx"> storep a0, [sp]
</span><span class="lines">@@ -2076,13 +2035,13 @@
</span><span class="cx"> call executableOffsetToFunction[t1]
</span><span class="cx"> loadp Callee + PayloadOffset[cfr], t3
</span><span class="cx"> andp MarkedBlockMask, t3
</span><del>- loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t3], t3
</del><ins>+ loadp MarkedBlock::m_vm[t3], t3
</ins><span class="cx"> addp 8, sp
</span><span class="cx"> elsif ARM or ARMv7 or ARMv7_TRADITIONAL or C_LOOP or MIPS or SH4
</span><span class="cx"> subp 8, sp # align stack pointer
</span><span class="cx"> # t1 already contains the Callee.
</span><span class="cx"> andp MarkedBlockMask, t1
</span><del>- loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t1], t1
</del><ins>+ loadp MarkedBlock::m_vm[t1], t1
</ins><span class="cx"> storep cfr, VM::topCallFrame[t1]
</span><span class="cx"> move cfr, a0
</span><span class="cx"> loadi Callee + PayloadOffset[cfr], t1
</span><span class="lines">@@ -2095,7 +2054,7 @@
</span><span class="cx"> end
</span><span class="cx"> loadp Callee + PayloadOffset[cfr], t3
</span><span class="cx"> andp MarkedBlockMask, t3
</span><del>- loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t3], t3
</del><ins>+ loadp MarkedBlock::m_vm[t3], t3
</ins><span class="cx"> addp 8, sp
</span><span class="cx"> else
</span><span class="cx"> error
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCorellintLowLevelInterpreter64asm"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -277,7 +277,7 @@
</span><span class="cx"> _handleUncaughtException:
</span><span class="cx"> loadp Callee[cfr], t3
</span><span class="cx"> andp MarkedBlockMask, t3
</span><del>- loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t3], t3
</del><ins>+ loadp MarkedBlock::m_vm[t3], t3
</ins><span class="cx"> restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer(t3, t0)
</span><span class="cx"> loadp VM::callFrameForCatch[t3], cfr
</span><span class="cx"> storep 0, VM::callFrameForCatch[t3]
</span><span class="lines">@@ -559,7 +559,7 @@
</span><span class="cx"> macro branchIfException(label)
</span><span class="cx"> loadp Callee[cfr], t3
</span><span class="cx"> andp MarkedBlockMask, t3
</span><del>- loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t3], t3
</del><ins>+ loadp MarkedBlock::m_vm[t3], t3
</ins><span class="cx"> btqz VM::m_exception[t3], .noException
</span><span class="cx"> jmp label
</span><span class="cx"> .noException:
</span><span class="lines">@@ -607,30 +607,6 @@
</span><span class="cx"> dispatch(2)
</span><span class="cx">
</span><span class="cx">
</span><del>-_llint_op_create_this:
- traceExecution()
- loadisFromInstruction(2, t0)
- loadp [cfr, t0, 8], t0
- bbneq JSCell::m_type[t0], JSFunctionType, .opCreateThisSlow
- loadp JSFunction::m_rareData[t0], t3
- btpz t3, .opCreateThisSlow
- loadp FunctionRareData::m_objectAllocationProfile + ObjectAllocationProfile::m_allocator[t3], t1
- loadp FunctionRareData::m_objectAllocationProfile + ObjectAllocationProfile::m_structure[t3], t2
- btpz t1, .opCreateThisSlow
- loadpFromInstruction(4, t3)
- bpeq t3, 1, .hasSeenMultipleCallee
- bpneq t3, t0, .opCreateThisSlow
-.hasSeenMultipleCallee:
- allocateJSObject(t1, t2, t0, t3, .opCreateThisSlow)
- loadisFromInstruction(1, t1)
- storeq t0, [cfr, t1, 8]
- dispatch(5)
-
-.opCreateThisSlow:
- callOpcodeSlowPath(_slow_path_create_this)
- dispatch(5)
-
-
</del><span class="cx"> _llint_op_to_this:
</span><span class="cx"> traceExecution()
</span><span class="cx"> loadisFromInstruction(1, t0)
</span><span class="lines">@@ -647,21 +623,6 @@
</span><span class="cx"> dispatch(4)
</span><span class="cx">
</span><span class="cx">
</span><del>-_llint_op_new_object:
- traceExecution()
- loadpFromInstruction(3, t0)
- loadp ObjectAllocationProfile::m_allocator[t0], t1
- loadp ObjectAllocationProfile::m_structure[t0], t2
- allocateJSObject(t1, t2, t0, t3, .opNewObjectSlow)
- loadisFromInstruction(1, t1)
- storeq t0, [cfr, t1, 8]
- dispatch(4)
-
-.opNewObjectSlow:
- callOpcodeSlowPath(_llint_slow_path_new_object)
- dispatch(4)
-
-
</del><span class="cx"> _llint_op_check_tdz:
</span><span class="cx"> traceExecution()
</span><span class="cx"> loadisFromInstruction(1, t0)
</span><span class="lines">@@ -1958,7 +1919,7 @@
</span><span class="cx"> # and have set VM::targetInterpreterPCForThrow.
</span><span class="cx"> loadp Callee[cfr], t3
</span><span class="cx"> andp MarkedBlockMask, t3
</span><del>- loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t3], t3
</del><ins>+ loadp MarkedBlock::m_vm[t3], t3
</ins><span class="cx"> restoreCalleeSavesFromVMEntryFrameCalleeSavesBuffer(t3, t0)
</span><span class="cx"> loadp VM::callFrameForCatch[t3], cfr
</span><span class="cx"> storep 0, VM::callFrameForCatch[t3]
</span><span class="lines">@@ -1977,7 +1938,7 @@
</span><span class="cx"> .isCatchableException:
</span><span class="cx"> loadp Callee[cfr], t3
</span><span class="cx"> andp MarkedBlockMask, t3
</span><del>- loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t3], t3
</del><ins>+ loadp MarkedBlock::m_vm[t3], t3
</ins><span class="cx">
</span><span class="cx"> loadq VM::m_exception[t3], t0
</span><span class="cx"> storeq 0, VM::m_exception[t3]
</span><span class="lines">@@ -2004,7 +1965,7 @@
</span><span class="cx"> _llint_throw_from_slow_path_trampoline:
</span><span class="cx"> loadp Callee[cfr], t1
</span><span class="cx"> andp MarkedBlockMask, t1
</span><del>- loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t1], t1
</del><ins>+ loadp MarkedBlock::m_vm[t1], t1
</ins><span class="cx"> copyCalleeSavesToVMEntryFrameCalleeSavesBuffer(t1, t2)
</span><span class="cx">
</span><span class="cx"> callSlowPath(_llint_slow_path_handle_exception)
</span><span class="lines">@@ -2014,7 +1975,7 @@
</span><span class="cx"> # This essentially emulates the JIT's throwing protocol.
</span><span class="cx"> loadp Callee[cfr], t1
</span><span class="cx"> andp MarkedBlockMask, t1
</span><del>- loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t1], t1
</del><ins>+ loadp MarkedBlock::m_vm[t1], t1
</ins><span class="cx"> jmp VM::targetMachinePCForThrow[t1]
</span><span class="cx">
</span><span class="cx">
</span><span class="lines">@@ -2029,7 +1990,7 @@
</span><span class="cx"> storep 0, CodeBlock[cfr]
</span><span class="cx"> loadp Callee[cfr], t0
</span><span class="cx"> andp MarkedBlockMask, t0, t1
</span><del>- loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t1], t1
</del><ins>+ loadp MarkedBlock::m_vm[t1], t1
</ins><span class="cx"> storep cfr, VM::topCallFrame[t1]
</span><span class="cx"> if ARM64 or C_LOOP
</span><span class="cx"> storep lr, ReturnPC[cfr]
</span><span class="lines">@@ -2051,7 +2012,7 @@
</span><span class="cx"> end
</span><span class="cx"> loadp Callee[cfr], t3
</span><span class="cx"> andp MarkedBlockMask, t3
</span><del>- loadp MarkedBlock::m_weakSet + WeakSet::m_vm[t3], t3
</del><ins>+ loadp MarkedBlock::m_vm[t3], t3
</ins><span class="cx">
</span><span class="cx"> functionEpilogue()
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreparserModuleAnalyzercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/parser/ModuleAnalyzer.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/parser/ModuleAnalyzer.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/parser/ModuleAnalyzer.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2015-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -26,9 +26,7 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "ModuleAnalyzer.h"
</span><span class="cx">
</span><del>-#include "IdentifierInlines.h"
-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx"> #include "JSModuleRecord.h"
</span><span class="cx"> #include "ModuleScopeData.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreparserNodeConstructorsh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/parser/NodeConstructors.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/parser/NodeConstructors.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/parser/NodeConstructors.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -23,6 +23,7 @@
</span><span class="cx">
</span><span class="cx"> #include "Nodes.h"
</span><span class="cx"> #include "Lexer.h"
</span><ins>+#include "Opcode.h"
</ins><span class="cx"> #include "Parser.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreparserNodesh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/parser/Nodes.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/parser/Nodes.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/parser/Nodes.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,7 +29,6 @@
</span><span class="cx"> #include "BuiltinNames.h"
</span><span class="cx"> #include "Error.h"
</span><span class="cx"> #include "JITCode.h"
</span><del>-#include "Opcode.h"
</del><span class="cx"> #include "ParserArena.h"
</span><span class="cx"> #include "ParserTokens.h"
</span><span class="cx"> #include "ResultType.h"
</span><span class="lines">@@ -41,6 +40,8 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><ins>+ enum OpcodeID : unsigned;
+
</ins><span class="cx"> class ArgumentListNode;
</span><span class="cx"> class BytecodeGenerator;
</span><span class="cx"> class FunctionMetadataNode;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreprofilerProfilerBytecodecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/profiler/ProfilerBytecode.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/profiler/ProfilerBytecode.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/profiler/ProfilerBytecode.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,6 +28,7 @@
</span><span class="cx">
</span><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx"> #include "ObjectConstructor.h"
</span><ins>+#include "Opcode.h"
</ins><span class="cx"> #include "JSCInlines.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC { namespace Profiler {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreprofilerProfilerBytecodeh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/profiler/ProfilerBytecode.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/profiler/ProfilerBytecode.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/profiler/ProfilerBytecode.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -27,11 +27,14 @@
</span><span class="cx"> #define ProfilerBytecode_h
</span><span class="cx">
</span><span class="cx"> #include "JSCJSValue.h"
</span><del>-#include "Opcode.h"
</del><span class="cx"> #include <wtf/text/CString.h>
</span><span class="cx">
</span><del>-namespace JSC { namespace Profiler {
</del><ins>+namespace JSC {
</ins><span class="cx">
</span><ins>+enum OpcodeID : unsigned;
+
+namespace Profiler {
+
</ins><span class="cx"> class Bytecode {
</span><span class="cx"> public:
</span><span class="cx"> Bytecode()
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreprofilerProfilerBytecodeSequencecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/profiler/ProfilerBytecodeSequence.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/profiler/ProfilerBytecodeSequence.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/profiler/ProfilerBytecodeSequence.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -27,9 +27,10 @@
</span><span class="cx"> #include "ProfilerBytecodeSequence.h"
</span><span class="cx">
</span><span class="cx"> #include "CodeBlock.h"
</span><ins>+#include "Interpreter.h"
+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx"> #include "Operands.h"
</span><del>-#include "JSCInlines.h"
</del><span class="cx"> #include <wtf/StringPrintStream.h>
</span><span class="cx">
</span><span class="cx"> namespace JSC { namespace Profiler {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeArrayConventionscppfromrev205702releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeECMAScriptSpecInternalFunctionscpp"></a>
<div class="copfile"><h4>Copied: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ArrayConventions.cpp (from rev 205702, releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ECMAScriptSpecInternalFunctions.cpp) (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ArrayConventions.cpp (rev 0)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ArrayConventions.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,68 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "ArrayConventions.h"
+
+#include "JSCInlines.h"
+
+namespace JSC {
+
+#if USE(JSVALUE64)
+void clearArrayMemset(WriteBarrier<Unknown>* base, unsigned count)
+{
+#if CPU(X86_64)
+ uint64_t zero = 0;
+ asm volatile (
+ "rep stosq\n\t"
+ : "+D"(base), "+c"(count)
+ : "a"(zero)
+ : "memory"
+ );
+#else // not CPU(X86_64)
+ memset(base, 0, count * sizeof(WriteBarrier<Unknown>));
+#endif // generic CPU
+}
+
+void clearArrayMemset(double* base, unsigned count)
+{
+#if CPU(X86_64)
+ uint64_t pnan = bitwise_cast<uint64_t>(PNaN);
+ asm volatile (
+ "rep stosq\n\t"
+ : "+D"(base), "+c"(count)
+ : "a"(pnan)
+ : "memory"
+ );
+#else // not CPU(X86_64)
+ // Oh no, we can't actually do any better than this!
+ for (unsigned i = count; i--;)
+ base[i] = PNaN;
+#endif // generic CPU
+}
+#endif // USE(JSVALUE64)
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeArrayConventionsh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ArrayConventions.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ArrayConventions.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ArrayConventions.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,6 +1,6 @@
</span><span class="cx"> /*
</span><span class="cx"> * Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
</span><del>- * Copyright (C) 2003, 2007, 2008, 2009, 2012 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2003, 2007, 2008, 2009, 2012, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * This library is free software; you can redistribute it and/or
</span><span class="cx"> * modify it under the terms of the GNU Lesser General Public
</span><span class="lines">@@ -70,13 +70,15 @@
</span><span class="cx"> // 0xFFFFFFFF is a bit weird -- is not an array index even though it's an integer.
</span><span class="cx"> #define MAX_ARRAY_INDEX 0xFFFFFFFEU
</span><span class="cx">
</span><del>-// The value BASE_VECTOR_LEN is the maximum number of vector elements we'll allocate
</del><ins>+// The value BASE_XXX_VECTOR_LEN is the maximum number of vector elements we'll allocate
</ins><span class="cx"> // for an array that was created with a sepcified length (e.g. a = new Array(123))
</span><del>-#define BASE_VECTOR_LEN 4U
-
</del><ins>+#define BASE_CONTIGUOUS_VECTOR_LEN 3U
+#define BASE_CONTIGUOUS_VECTOR_LEN_EMPTY 5U
+#define BASE_ARRAY_STORAGE_VECTOR_LEN 4U
+
</ins><span class="cx"> // The upper bound to the size we'll grow a zero length array when the first element
</span><span class="cx"> // is added.
</span><del>-#define FIRST_VECTOR_GROW 4U
</del><ins>+#define FIRST_ARRAY_STORAGE_VECTOR_GROW 4U
</ins><span class="cx">
</span><span class="cx"> #define MIN_BEYOND_LENGTH_SPARSE_INDEX 1000
</span><span class="cx">
</span><span class="lines">@@ -96,7 +98,7 @@
</span><span class="cx"> return i >= MIN_BEYOND_LENGTH_SPARSE_INDEX && i > length;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline IndexingHeader indexingHeaderForArray(unsigned length, unsigned vectorLength)
</del><ins>+inline IndexingHeader indexingHeaderForArrayStorage(unsigned length, unsigned vectorLength)
</ins><span class="cx"> {
</span><span class="cx"> IndexingHeader result;
</span><span class="cx"> result.setPublicLength(length);
</span><span class="lines">@@ -104,11 +106,44 @@
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline IndexingHeader baseIndexingHeaderForArray(unsigned length)
</del><ins>+inline IndexingHeader baseIndexingHeaderForArrayStorage(unsigned length)
</ins><span class="cx"> {
</span><del>- return indexingHeaderForArray(length, BASE_VECTOR_LEN);
</del><ins>+ return indexingHeaderForArrayStorage(length, BASE_ARRAY_STORAGE_VECTOR_LEN);
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+#if USE(JSVALUE64)
+JS_EXPORT_PRIVATE void clearArrayMemset(WriteBarrier<Unknown>* base, unsigned count);
+JS_EXPORT_PRIVATE void clearArrayMemset(double* base, unsigned count);
+#endif // USE(JSVALUE64)
+
+ALWAYS_INLINE void clearArray(WriteBarrier<Unknown>* base, unsigned count)
+{
+#if USE(JSVALUE64)
+ const unsigned minCountForMemset = 100;
+ if (count >= minCountForMemset) {
+ clearArrayMemset(base, count);
+ return;
+ }
+#endif
+
+ for (unsigned i = count; i--;)
+ base[i].clear();
+}
+
+ALWAYS_INLINE void clearArray(double* base, unsigned count)
+{
+#if USE(JSVALUE64)
+ const unsigned minCountForMemset = 100;
+ if (count >= minCountForMemset) {
+ clearArrayMemset(base, count);
+ return;
+ }
+#endif
+
+ for (unsigned i = count; i--;)
+ base[i] = PNaN;
+}
+
</ins><span class="cx"> } // namespace JSC
</span><span class="cx">
</span><span class="cx"> #endif // ArrayConventions_h
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeArrayPrototypecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ArrayPrototype.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ArrayPrototype.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ArrayPrototype.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1006,7 +1006,7 @@
</span><span class="cx"> if (UNLIKELY(vm.exception()))
</span><span class="cx"> return JSValue::encode(jsUndefined());
</span><span class="cx"> }
</span><del>-
</del><ins>+
</ins><span class="cx"> setLength(exec, thisObj, length - deleteCount + additionalArgs);
</span><span class="cx"> return JSValue::encode(result);
</span><span class="cx"> }
</span><span class="lines">@@ -1143,6 +1143,7 @@
</span><span class="cx"> unsigned firstArraySize = firstButterfly->publicLength();
</span><span class="cx">
</span><span class="cx"> IndexingType type = first->mergeIndexingTypeForCopying(indexingTypeForValue(second) | IsArray);
</span><ins>+
</ins><span class="cx"> if (type == NonArray)
</span><span class="cx"> type = first->indexingType();
</span><span class="cx">
</span><span class="lines">@@ -1171,7 +1172,7 @@
</span><span class="cx"> auto scope = DECLARE_THROW_SCOPE(vm);
</span><span class="cx">
</span><span class="cx"> JSArray* firstArray = jsCast<JSArray*>(exec->uncheckedArgument(0));
</span><del>-
</del><ins>+
</ins><span class="cx"> // This code assumes that neither array has set Symbol.isConcatSpreadable. If the first array
</span><span class="cx"> // has indexed accessors then one of those accessors might change the value of Symbol.isConcatSpreadable
</span><span class="cx"> // on the second argument.
</span><span class="lines">@@ -1187,7 +1188,7 @@
</span><span class="cx"> return concatAppendOne(exec, vm, firstArray, second);
</span><span class="cx">
</span><span class="cx"> JSArray* secondArray = jsCast<JSArray*>(second);
</span><del>-
</del><ins>+
</ins><span class="cx"> Butterfly* firstButterfly = firstArray->butterfly();
</span><span class="cx"> Butterfly* secondButterfly = secondArray->butterfly();
</span><span class="cx">
</span><span class="lines">@@ -1194,7 +1195,8 @@
</span><span class="cx"> unsigned firstArraySize = firstButterfly->publicLength();
</span><span class="cx"> unsigned secondArraySize = secondButterfly->publicLength();
</span><span class="cx">
</span><del>- IndexingType type = firstArray->mergeIndexingTypeForCopying(secondArray->indexingType());
</del><ins>+ IndexingType secondType = secondArray->indexingType();
+ IndexingType type = firstArray->mergeIndexingTypeForCopying(secondType);
</ins><span class="cx"> if (type == NonArray || !firstArray->canFastCopy(vm, secondArray) || firstArraySize + secondArraySize >= MIN_SPARSE_ARRAY_INDEX) {
</span><span class="cx"> JSArray* result = constructEmptyArray(exec, nullptr, firstArraySize + secondArraySize);
</span><span class="cx"> if (vm.exception())
</span><span class="lines">@@ -1213,7 +1215,7 @@
</span><span class="cx"> JSArray* result = JSArray::tryCreateUninitialized(vm, resultStructure, firstArraySize + secondArraySize);
</span><span class="cx"> if (!result)
</span><span class="cx"> return JSValue::encode(throwOutOfMemoryError(exec, scope));
</span><del>-
</del><ins>+
</ins><span class="cx"> if (type == ArrayWithDouble) {
</span><span class="cx"> double* buffer = result->butterfly()->contiguousDouble().data();
</span><span class="cx"> memcpy(buffer, firstButterfly->contiguousDouble().data(), sizeof(JSValue) * firstArraySize);
</span><span class="lines">@@ -1221,7 +1223,12 @@
</span><span class="cx"> } else if (type != ArrayWithUndecided) {
</span><span class="cx"> WriteBarrier<Unknown>* buffer = result->butterfly()->contiguous().data();
</span><span class="cx"> memcpy(buffer, firstButterfly->contiguous().data(), sizeof(JSValue) * firstArraySize);
</span><del>- memcpy(buffer + firstArraySize, secondButterfly->contiguous().data(), sizeof(JSValue) * secondArraySize);
</del><ins>+ if (secondType != ArrayWithUndecided)
+ memcpy(buffer + firstArraySize, secondButterfly->contiguous().data(), sizeof(JSValue) * secondArraySize);
+ else {
+ for (unsigned i = secondArraySize; i--;)
+ buffer[i + firstArraySize].clear();
+ }
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> result->butterfly()->setPublicLength(firstArraySize + secondArraySize);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeArrayStorageh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ArrayStorage.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ArrayStorage.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ArrayStorage.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -29,7 +29,9 @@
</span><span class="cx"> #include "ArrayConventions.h"
</span><span class="cx"> #include "Butterfly.h"
</span><span class="cx"> #include "IndexingHeader.h"
</span><ins>+#include "MarkedSpace.h"
</ins><span class="cx"> #include "SparseArrayValueMap.h"
</span><ins>+#include "Structure.h"
</ins><span class="cx"> #include "WriteBarrier.h"
</span><span class="cx"> #include <wtf/Noncopyable.h>
</span><span class="cx">
</span><span class="lines">@@ -58,7 +60,7 @@
</span><span class="cx"> // We steal two fields from the indexing header: vectorLength and length.
</span><span class="cx"> unsigned length() const { return indexingHeader()->publicLength(); }
</span><span class="cx"> void setLength(unsigned length) { indexingHeader()->setPublicLength(length); }
</span><del>- unsigned vectorLength() { return indexingHeader()->vectorLength(); }
</del><ins>+ unsigned vectorLength() const { return indexingHeader()->vectorLength(); }
</ins><span class="cx"> void setVectorLength(unsigned length) { indexingHeader()->setVectorLength(length); }
</span><span class="cx">
</span><span class="cx"> ALWAYS_INLINE void copyHeaderFromDuringGC(const ArrayStorage& other)
</span><span class="lines">@@ -99,6 +101,66 @@
</span><span class="cx"> {
</span><span class="cx"> return ArrayStorage::vectorOffset() + vectorLength * sizeof(WriteBarrier<Unknown>);
</span><span class="cx"> }
</span><ins>+
+ static size_t totalSizeFor(unsigned indexBias, size_t propertyCapacity, unsigned vectorLength)
+ {
+ return Butterfly::totalSize(indexBias, propertyCapacity, true, sizeFor(vectorLength));
+ }
+
+ size_t totalSize(size_t propertyCapacity) const
+ {
+ return totalSizeFor(m_indexBias, propertyCapacity, vectorLength());
+ }
+
+ size_t totalSize(Structure* structure) const
+ {
+ return totalSize(structure->outOfLineCapacity());
+ }
+
+ static unsigned availableVectorLength(unsigned indexBias, size_t propertyCapacity, unsigned vectorLength)
+ {
+ size_t cellSize = MarkedSpace::optimalSizeFor(totalSizeFor(indexBias, propertyCapacity, vectorLength));
+
+ vectorLength = (cellSize - totalSizeFor(indexBias, propertyCapacity, 0)) / sizeof(WriteBarrier<Unknown>);
+
+ return vectorLength;
+ }
+
+ static unsigned availableVectorLength(unsigned indexBias, Structure* structure, unsigned vectorLength)
+ {
+ return availableVectorLength(indexBias, structure->outOfLineCapacity(), vectorLength);
+ }
+
+ unsigned availableVectorLength(size_t propertyCapacity, unsigned vectorLength)
+ {
+ return availableVectorLength(m_indexBias, propertyCapacity, vectorLength);
+ }
+
+ unsigned availableVectorLength(Structure* structure, unsigned vectorLength)
+ {
+ return availableVectorLength(structure->outOfLineCapacity(), vectorLength);
+ }
+
+ static unsigned optimalVectorLength(unsigned indexBias, size_t propertyCapacity, unsigned vectorLength)
+ {
+ vectorLength = std::max(BASE_ARRAY_STORAGE_VECTOR_LEN, vectorLength);
+ return availableVectorLength(indexBias, propertyCapacity, vectorLength);
+ }
+
+ static unsigned optimalVectorLength(unsigned indexBias, Structure* structure, unsigned vectorLength)
+ {
+ return optimalVectorLength(indexBias, structure->outOfLineCapacity(), vectorLength);
+ }
+
+ unsigned optimalVectorLength(size_t propertyCapacity, unsigned vectorLength)
+ {
+ return optimalVectorLength(m_indexBias, propertyCapacity, vectorLength);
+ }
+
+ unsigned optimalVectorLength(Structure* structure, unsigned vectorLength)
+ {
+ return optimalVectorLength(structure->outOfLineCapacity(), vectorLength);
+ }
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeAuxiliaryBarrierhfromrev205702releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSIDBCursorWithValueCustomcpp"></a>
<div class="copfile"><h4>Copied: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/AuxiliaryBarrier.h (from rev 205702, releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSIDBCursorWithValueCustom.cpp) (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/AuxiliaryBarrier.h (rev 0)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/AuxiliaryBarrier.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,63 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+namespace JSC {
+
+class JSCell;
+class VM;
+
+// An Auxiliary barrier is a barrier that does not try to reason about the value being stored into
+// it, other than interpreting a falsy value as not needing a barrier. It's OK to use this for either
+// JSCells or any other kind of data, so long as it responds to operator!().
+template<typename T>
+class AuxiliaryBarrier {
+public:
+ AuxiliaryBarrier() { }
+
+ template<typename U>
+ AuxiliaryBarrier(VM&, JSCell*, U&&);
+
+ void clear() { m_value = T(); }
+
+ template<typename U>
+ void set(VM&, JSCell*, U&&);
+
+ const T& get() const { return m_value; }
+
+ T* slot() { return &m_value; }
+
+ explicit operator bool() const { return !!m_value; }
+
+ template<typename U>
+ void setWithoutBarrier(U&& value) { m_value = std::forward<U>(value); }
+
+private:
+ T m_value;
+};
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeAuxiliaryBarrierInlineshfromrev205702releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSApplePayShippingContactSelectedEventCustomcpp"></a>
<div class="copfile"><h4>Copied: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/AuxiliaryBarrierInlines.h (from rev 205702, releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSApplePayShippingContactSelectedEventCustom.cpp) (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/AuxiliaryBarrierInlines.h (rev 0)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/AuxiliaryBarrierInlines.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,51 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "AuxiliaryBarrier.h"
+#include "Heap.h"
+#include "VM.h"
+
+namespace JSC {
+
+template<typename T>
+template<typename U>
+AuxiliaryBarrier<T>::AuxiliaryBarrier(VM& vm, JSCell* owner, U&& value)
+{
+ m_value = std::forward<U>(value);
+ vm.heap.writeBarrier(owner);
+}
+
+template<typename T>
+template<typename U>
+void AuxiliaryBarrier<T>::set(VM& vm, JSCell* owner, U&& value)
+{
+ m_value = std::forward<U>(value);
+ vm.heap.writeBarrier(owner);
+}
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeButterflyh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Butterfly.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Butterfly.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Butterfly.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -90,6 +90,12 @@
</span><span class="cx"> return reinterpret_cast<Butterfly*>(static_cast<EncodedJSValue*>(base) + preCapacity + propertyCapacity + 1);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ ALWAYS_INLINE static unsigned availableContiguousVectorLength(size_t propertyCapacity, unsigned vectorLength);
+ static unsigned availableContiguousVectorLength(Structure*, unsigned vectorLength);
+
+ ALWAYS_INLINE static unsigned optimalContiguousVectorLength(size_t propertyCapacity, unsigned vectorLength);
+ static unsigned optimalContiguousVectorLength(Structure*, unsigned vectorLength);
+
</ins><span class="cx"> // This method is here not just because it's handy, but to remind you that
</span><span class="cx"> // the whole point of butterflies is to do evil pointer arithmetic.
</span><span class="cx"> static Butterfly* fromPointer(char* ptr)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeButterflyInlinesh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ButterflyInlines.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ButterflyInlines.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ButterflyInlines.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -35,12 +35,38 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><ins>+ALWAYS_INLINE unsigned Butterfly::availableContiguousVectorLength(size_t propertyCapacity, unsigned vectorLength)
+{
+ size_t cellSize = totalSize(0, propertyCapacity, true, sizeof(EncodedJSValue) * vectorLength);
+ cellSize = MarkedSpace::optimalSizeFor(cellSize);
+ vectorLength = (cellSize - totalSize(0, propertyCapacity, true, 0)) / sizeof(EncodedJSValue);
+ return vectorLength;
+}
+
+ALWAYS_INLINE unsigned Butterfly::availableContiguousVectorLength(Structure* structure, unsigned vectorLength)
+{
+ return availableContiguousVectorLength(structure ? structure->outOfLineCapacity() : 0, vectorLength);
+}
+
+ALWAYS_INLINE unsigned Butterfly::optimalContiguousVectorLength(size_t propertyCapacity, unsigned vectorLength)
+{
+ if (!vectorLength)
+ vectorLength = BASE_CONTIGUOUS_VECTOR_LEN_EMPTY;
+ else
+ vectorLength = std::max(BASE_CONTIGUOUS_VECTOR_LEN, vectorLength);
+ return availableContiguousVectorLength(propertyCapacity, vectorLength);
+}
+
+ALWAYS_INLINE unsigned Butterfly::optimalContiguousVectorLength(Structure* structure, unsigned vectorLength)
+{
+ return optimalContiguousVectorLength(structure ? structure->outOfLineCapacity() : 0, vectorLength);
+}
+
</ins><span class="cx"> inline Butterfly* Butterfly::createUninitialized(VM& vm, JSCell* intendedOwner, size_t preCapacity, size_t propertyCapacity, bool hasIndexingHeader, size_t indexingPayloadSizeInBytes)
</span><span class="cx"> {
</span><del>- void* temp;
</del><span class="cx"> size_t size = totalSize(preCapacity, propertyCapacity, hasIndexingHeader, indexingPayloadSizeInBytes);
</span><del>- RELEASE_ASSERT(vm.heap.tryAllocateStorage(intendedOwner, size, &temp));
- Butterfly* result = fromBase(temp, preCapacity, propertyCapacity);
</del><ins>+ void* base = vm.heap.allocateAuxiliary(intendedOwner, size);
+ Butterfly* result = fromBase(base, preCapacity, propertyCapacity);
</ins><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -119,7 +145,8 @@
</span><span class="cx"> void* theBase = base(0, propertyCapacity);
</span><span class="cx"> size_t oldSize = totalSize(0, propertyCapacity, hadIndexingHeader, oldIndexingPayloadSizeInBytes);
</span><span class="cx"> size_t newSize = totalSize(0, propertyCapacity, true, newIndexingPayloadSizeInBytes);
</span><del>- if (!vm.heap.tryReallocateStorage(intendedOwner, &theBase, oldSize, newSize))
</del><ins>+ theBase = vm.heap.tryReallocateAuxiliary(intendedOwner, theBase, oldSize, newSize);
+ if (!theBase)
</ins><span class="cx"> return 0;
</span><span class="cx"> return fromBase(theBase, 0, propertyCapacity);
</span><span class="cx"> }
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeClonedArgumentscpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ClonedArguments.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ClonedArguments.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ClonedArguments.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -44,16 +44,19 @@
</span><span class="cx"> ClonedArguments* ClonedArguments::createEmpty(
</span><span class="cx"> VM& vm, Structure* structure, JSFunction* callee, unsigned length)
</span><span class="cx"> {
</span><del>- unsigned vectorLength = std::max(BASE_VECTOR_LEN, length);
</del><ins>+ unsigned vectorLength = length;
</ins><span class="cx"> if (vectorLength > MAX_STORAGE_VECTOR_LENGTH)
</span><span class="cx"> return 0;
</span><span class="cx">
</span><del>- void* temp;
- if (!vm.heap.tryAllocateStorage(0, Butterfly::totalSize(0, structure->outOfLineCapacity(), true, vectorLength * sizeof(EncodedJSValue)), &temp))
</del><ins>+ void* temp = vm.heap.tryAllocateAuxiliary(nullptr, Butterfly::totalSize(0, structure->outOfLineCapacity(), true, vectorLength * sizeof(EncodedJSValue)));
+ if (!temp)
</ins><span class="cx"> return 0;
</span><span class="cx"> Butterfly* butterfly = Butterfly::fromBase(temp, 0, structure->outOfLineCapacity());
</span><span class="cx"> butterfly->setVectorLength(vectorLength);
</span><span class="cx"> butterfly->setPublicLength(length);
</span><ins>+
+ for (unsigned i = length; i < vectorLength; ++i)
+ butterfly->contiguous()[i].clear();
</ins><span class="cx">
</span><span class="cx"> ClonedArguments* result =
</span><span class="cx"> new (NotNull, allocateCell<ClonedArguments>(vm.heap))
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeCommonSlowPathsExceptionscpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/CommonSlowPathsExceptions.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/CommonSlowPathsExceptions.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/CommonSlowPathsExceptions.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,6 +28,7 @@
</span><span class="cx">
</span><span class="cx"> #include "CallFrame.h"
</span><span class="cx"> #include "CodeBlock.h"
</span><ins>+#include "Interpreter.h"
</ins><span class="cx"> #include "JITExceptions.h"
</span><span class="cx"> #include "LLIntCommon.h"
</span><span class="cx"> #include "JSCInlines.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeCommonSlowPathsExceptionsh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/CommonSlowPathsExceptions.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/CommonSlowPathsExceptions.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/CommonSlowPathsExceptions.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,11 +26,10 @@
</span><span class="cx"> #ifndef CommonSlowPathExceptions_h
</span><span class="cx"> #define CommonSlowPathExceptions_h
</span><span class="cx">
</span><del>-#include "MacroAssemblerCodeRef.h"
-
</del><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="cx"> class ExecState;
</span><ins>+class JSObject;
</ins><span class="cx">
</span><span class="cx"> namespace CommonSlowPaths {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeDataViewcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/DataView.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/DataView.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/DataView.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,6 +26,7 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "DataView.h"
</span><span class="cx">
</span><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSDataView.h"
</span><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeDirectArgumentsh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/DirectArguments.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/DirectArguments.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/DirectArguments.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,6 +26,7 @@
</span><span class="cx"> #ifndef DirectArguments_h
</span><span class="cx"> #define DirectArguments_h
</span><span class="cx">
</span><ins>+#include "CopyBarrier.h"
</ins><span class="cx"> #include "DirectArgumentsOffset.h"
</span><span class="cx"> #include "GenericArguments.h"
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeECMAScriptSpecInternalFunctionscpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ECMAScriptSpecInternalFunctions.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ECMAScriptSpecInternalFunctions.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ECMAScriptSpecInternalFunctions.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,7 +28,7 @@
</span><span class="cx">
</span><span class="cx"> #include "CallFrame.h"
</span><span class="cx"> #include "ConstructData.h"
</span><del>-#include "JSCJSValueInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "RegExpObject.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeErrorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Error.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Error.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Error.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,14 +28,16 @@
</span><span class="cx"> #include "ErrorConstructor.h"
</span><span class="cx"> #include "ExceptionHelpers.h"
</span><span class="cx"> #include "FunctionPrototype.h"
</span><ins>+#include "Interpreter.h"
</ins><span class="cx"> #include "JSArray.h"
</span><span class="cx"> #include "JSFunction.h"
</span><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx"> #include "JSObject.h"
</span><span class="cx"> #include "JSString.h"
</span><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "NativeErrorConstructor.h"
</span><del>-#include "JSCInlines.h"
</del><span class="cx"> #include "SourceCode.h"
</span><ins>+#include "StackFrame.h"
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeErrorh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Error.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Error.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Error.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -25,7 +25,6 @@
</span><span class="cx">
</span><span class="cx"> #include "ErrorInstance.h"
</span><span class="cx"> #include "InternalFunction.h"
</span><del>-#include "Interpreter.h"
</del><span class="cx"> #include "JSObject.h"
</span><span class="cx"> #include "ThrowScope.h"
</span><span class="cx"> #include <stdint.h>
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeErrorInstancecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ErrorInstance.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ErrorInstance.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ErrorInstance.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,6 +26,7 @@
</span><span class="cx"> #include "JSScope.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><span class="cx"> #include "JSGlobalObjectFunctions.h"
</span><ins>+#include <wtf/text/StringBuilder.h>
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeErrorInstanceh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ErrorInstance.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ErrorInstance.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ErrorInstance.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -21,7 +21,7 @@
</span><span class="cx"> #ifndef ErrorInstance_h
</span><span class="cx"> #define ErrorInstance_h
</span><span class="cx">
</span><del>-#include "Interpreter.h"
</del><ins>+#include "JSObject.h"
</ins><span class="cx"> #include "RuntimeType.h"
</span><span class="cx"> #include "SourceProvider.h"
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeExceptioncpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Exception.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Exception.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Exception.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,6 +26,7 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "Exception.h"
</span><span class="cx">
</span><ins>+#include "Interpreter.h"
</ins><span class="cx"> #include "JSCInlines.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeExceptionh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Exception.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Exception.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Exception.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,7 +26,8 @@
</span><span class="cx"> #ifndef Exception_h
</span><span class="cx"> #define Exception_h
</span><span class="cx">
</span><del>-#include "Interpreter.h"
</del><ins>+#include "JSObject.h"
+#include "StackFrame.h"
</ins><span class="cx"> #include <wtf/Vector.h>
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeGeneratorPrototypecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/GeneratorPrototype.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/GeneratorPrototype.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/GeneratorPrototype.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -27,10 +27,8 @@
</span><span class="cx"> #include "GeneratorPrototype.h"
</span><span class="cx">
</span><span class="cx"> #include "JSCBuiltins.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSGlobalObject.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> #include "GeneratorPrototype.lut.h"
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeInternalFunctioncpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/InternalFunction.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/InternalFunction.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/InternalFunction.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -37,6 +37,8 @@
</span><span class="cx"> InternalFunction::InternalFunction(VM& vm, Structure* structure)
</span><span class="cx"> : JSDestructibleObject(vm, structure)
</span><span class="cx"> {
</span><ins>+ // exec->vm() wants callees to not be large allocations.
+ RELEASE_ASSERT(!isLargeAllocation());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void InternalFunction::finishCreation(VM& vm, const String& name)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeIntlCollatorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlCollator.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlCollator.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlCollator.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,6 +1,7 @@
</span><span class="cx"> /*
</span><span class="cx"> * Copyright (C) 2015 Andy VanWagoner (thetalecrafter@gmail.com)
</span><span class="cx"> * Copyright (C) 2015 Sukolsak Sakshuwong (sukolsak@gmail.com)
</span><ins>+ * Copyright (C) 2016 Apple Inc. All Rights Reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -33,8 +34,7 @@
</span><span class="cx"> #include "IntlCollatorConstructor.h"
</span><span class="cx"> #include "IntlObject.h"
</span><span class="cx"> #include "JSBoundFunction.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "ObjectConstructor.h"
</span><span class="cx"> #include "SlotVisitorInlines.h"
</span><span class="cx"> #include "StructureInlines.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeIntlCollatorConstructorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlCollatorConstructor.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlCollatorConstructor.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlCollatorConstructor.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -33,11 +33,8 @@
</span><span class="cx"> #include "IntlCollator.h"
</span><span class="cx"> #include "IntlCollatorPrototype.h"
</span><span class="cx"> #include "IntlObject.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "Lookup.h"
</span><del>-#include "SlotVisitorInlines.h"
-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeIntlCollatorPrototypecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -32,10 +32,7 @@
</span><span class="cx"> #include "Error.h"
</span><span class="cx"> #include "IntlCollator.h"
</span><span class="cx"> #include "JSBoundFunction.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
-#include "JSObject.h"
-#include "StructureInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeIntlDateTimeFormatcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlDateTimeFormat.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlDateTimeFormat.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlDateTimeFormat.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -34,12 +34,12 @@
</span><span class="cx"> #include "IntlDateTimeFormatConstructor.h"
</span><span class="cx"> #include "IntlObject.h"
</span><span class="cx"> #include "JSBoundFunction.h"
</span><del>-#include "JSCellInlines.h"
</del><span class="cx"> #include "JSCInlines.h"
</span><span class="cx"> #include "ObjectConstructor.h"
</span><span class="cx"> #include <unicode/ucal.h>
</span><span class="cx"> #include <unicode/udatpg.h>
</span><span class="cx"> #include <unicode/uenum.h>
</span><ins>+#include <wtf/text/StringBuilder.h>
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeIntlDateTimeFormatConstructorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlDateTimeFormatConstructor.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlDateTimeFormatConstructor.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlDateTimeFormatConstructor.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -33,11 +33,8 @@
</span><span class="cx"> #include "IntlDateTimeFormatPrototype.h"
</span><span class="cx"> #include "IntlObject.h"
</span><span class="cx"> #include "IntlObjectInlines.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "Lookup.h"
</span><del>-#include "SlotVisitorInlines.h"
-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeIntlDateTimeFormatPrototypecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlDateTimeFormatPrototype.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlDateTimeFormatPrototype.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlDateTimeFormatPrototype.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -35,10 +35,8 @@
</span><span class="cx"> #include "IntlDateTimeFormat.h"
</span><span class="cx"> #include "IntlObject.h"
</span><span class="cx"> #include "JSBoundFunction.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSObjectInlines.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeIntlNumberFormatcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlNumberFormat.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlNumberFormat.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlNumberFormat.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -34,7 +34,6 @@
</span><span class="cx"> #include "IntlNumberFormatConstructor.h"
</span><span class="cx"> #include "IntlObject.h"
</span><span class="cx"> #include "JSBoundFunction.h"
</span><del>-#include "JSCellInlines.h"
</del><span class="cx"> #include "JSCInlines.h"
</span><span class="cx"> #include "ObjectConstructor.h"
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeIntlNumberFormatConstructorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlNumberFormatConstructor.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlNumberFormatConstructor.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlNumberFormatConstructor.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -33,11 +33,8 @@
</span><span class="cx"> #include "IntlNumberFormatPrototype.h"
</span><span class="cx"> #include "IntlObject.h"
</span><span class="cx"> #include "IntlObjectInlines.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "Lookup.h"
</span><del>-#include "SlotVisitorInlines.h"
-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeIntlNumberFormatPrototypecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlNumberFormatPrototype.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlNumberFormatPrototype.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlNumberFormatPrototype.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -33,10 +33,8 @@
</span><span class="cx"> #include "Error.h"
</span><span class="cx"> #include "IntlNumberFormat.h"
</span><span class="cx"> #include "JSBoundFunction.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSObjectInlines.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeIntlObjectcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlObject.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlObject.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IntlObject.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -50,6 +50,7 @@
</span><span class="cx"> #include <wtf/Assertions.h>
</span><span class="cx"> #include <wtf/NeverDestroyed.h>
</span><span class="cx"> #include <wtf/PlatformUserPreferredLanguages.h>
</span><ins>+#include <wtf/text/StringBuilder.h>
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeIteratorPrototypecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IteratorPrototype.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IteratorPrototype.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/IteratorPrototype.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -27,11 +27,9 @@
</span><span class="cx"> #include "IteratorPrototype.h"
</span><span class="cx">
</span><span class="cx"> #include "JSCBuiltins.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx"> #include "ObjectConstructor.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSArraycpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSArray.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSArray.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSArray.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -60,6 +60,54 @@
</span><span class="cx"> return butterfly;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+JSArray* JSArray::tryCreateUninitialized(VM& vm, Structure* structure, unsigned initialLength)
+{
+ if (initialLength > MAX_STORAGE_VECTOR_LENGTH)
+ return 0;
+
+ unsigned outOfLineStorage = structure->outOfLineCapacity();
+
+ Butterfly* butterfly;
+ IndexingType indexingType = structure->indexingType();
+ if (LIKELY(!hasAnyArrayStorage(indexingType))) {
+ ASSERT(
+ hasUndecided(indexingType)
+ || hasInt32(indexingType)
+ || hasDouble(indexingType)
+ || hasContiguous(indexingType));
+
+ unsigned vectorLength = Butterfly::optimalContiguousVectorLength(structure, initialLength);
+ void* temp = vm.heap.tryAllocateAuxiliary(nullptr, Butterfly::totalSize(0, outOfLineStorage, true, vectorLength * sizeof(EncodedJSValue)));
+ if (!temp)
+ return nullptr;
+ butterfly = Butterfly::fromBase(temp, 0, outOfLineStorage);
+ butterfly->setVectorLength(vectorLength);
+ butterfly->setPublicLength(initialLength);
+ if (hasDouble(indexingType)) {
+ for (unsigned i = initialLength; i < vectorLength; ++i)
+ butterfly->contiguousDouble()[i] = PNaN;
+ } else {
+ for (unsigned i = initialLength; i < vectorLength; ++i)
+ butterfly->contiguous()[i].clear();
+ }
+ } else {
+ unsigned vectorLength = ArrayStorage::optimalVectorLength(0, structure, initialLength);
+ void* temp = vm.heap.tryAllocateAuxiliary(nullptr, Butterfly::totalSize(0, outOfLineStorage, true, ArrayStorage::sizeFor(vectorLength)));
+ if (!temp)
+ return nullptr;
+ butterfly = Butterfly::fromBase(temp, 0, outOfLineStorage);
+ *butterfly->indexingHeader() = indexingHeaderForArrayStorage(initialLength, vectorLength);
+ ArrayStorage* storage = butterfly->arrayStorage();
+ storage->m_indexBias = 0;
+ storage->m_sparseMap.clear();
+ storage->m_numValuesInVector = initialLength;
+ for (unsigned i = initialLength; i < vectorLength; ++i)
+ storage->m_vector[i].clear();
+ }
+
+ return createWithButterfly(vm, structure, butterfly);
+}
+
</ins><span class="cx"> void JSArray::setLengthWritable(ExecState* exec, bool writable)
</span><span class="cx"> {
</span><span class="cx"> ASSERT(isLengthWritable() || !writable);
</span><span class="lines">@@ -243,13 +291,14 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // This method makes room in the vector, but leaves the new space for count slots uncleared.
</span><del>-bool JSArray::unshiftCountSlowCase(VM& vm, bool addToFront, unsigned count)
</del><ins>+bool JSArray::unshiftCountSlowCase(VM& vm, DeferGC&, bool addToFront, unsigned count)
</ins><span class="cx"> {
</span><span class="cx"> ArrayStorage* storage = ensureArrayStorage(vm);
</span><span class="cx"> Butterfly* butterfly = storage->butterfly();
</span><del>- unsigned propertyCapacity = structure(vm)->outOfLineCapacity();
- unsigned propertySize = structure(vm)->outOfLineSize();
-
</del><ins>+ Structure* structure = this->structure(vm);
+ unsigned propertyCapacity = structure->outOfLineCapacity();
+ unsigned propertySize = structure->outOfLineSize();
+
</ins><span class="cx"> // If not, we should have handled this on the fast path.
</span><span class="cx"> ASSERT(!addToFront || count > storage->m_indexBias);
</span><span class="cx">
</span><span class="lines">@@ -261,7 +310,8 @@
</span><span class="cx"> // * desiredCapacity - how large should we like to grow the vector to - based on 2x requiredVectorLength.
</span><span class="cx">
</span><span class="cx"> unsigned length = storage->length();
</span><del>- unsigned usedVectorLength = min(storage->vectorLength(), length);
</del><ins>+ unsigned oldVectorLength = storage->vectorLength();
+ unsigned usedVectorLength = min(oldVectorLength, length);
</ins><span class="cx"> ASSERT(usedVectorLength <= MAX_STORAGE_VECTOR_LENGTH);
</span><span class="cx"> // Check that required vector length is possible, in an overflow-safe fashion.
</span><span class="cx"> if (count > MAX_STORAGE_VECTOR_LENGTH - usedVectorLength)
</span><span class="lines">@@ -272,23 +322,29 @@
</span><span class="cx"> ASSERT(storage->vectorLength() <= MAX_STORAGE_VECTOR_LENGTH && (MAX_STORAGE_VECTOR_LENGTH - storage->vectorLength()) >= storage->m_indexBias);
</span><span class="cx"> unsigned currentCapacity = storage->vectorLength() + storage->m_indexBias;
</span><span class="cx"> // The calculation of desiredCapacity won't overflow, due to the range of MAX_STORAGE_VECTOR_LENGTH.
</span><del>- unsigned desiredCapacity = min(MAX_STORAGE_VECTOR_LENGTH, max(BASE_VECTOR_LEN, requiredVectorLength) << 1);
</del><ins>+ // FIXME: This code should be fixed to avoid internal fragmentation. It's not super high
+ // priority since increaseVectorLength() will "fix" any mistakes we make, but it would be cool
+ // to get this right eventually.
+ unsigned desiredCapacity = min(MAX_STORAGE_VECTOR_LENGTH, max(BASE_ARRAY_STORAGE_VECTOR_LEN, requiredVectorLength) << 1);
</ins><span class="cx">
</span><span class="cx"> // Step 2:
</span><span class="cx"> // We're either going to choose to allocate a new ArrayStorage, or we're going to reuse the existing one.
</span><span class="cx">
</span><del>- DeferGC deferGC(vm.heap);
</del><span class="cx"> void* newAllocBase = 0;
</span><span class="cx"> unsigned newStorageCapacity;
</span><ins>+ bool allocatedNewStorage;
</ins><span class="cx"> // If the current storage array is sufficiently large (but not too large!) then just keep using it.
</span><span class="cx"> if (currentCapacity > desiredCapacity && isDenseEnoughForVector(currentCapacity, requiredVectorLength)) {
</span><del>- newAllocBase = butterfly->base(structure(vm));
</del><ins>+ newAllocBase = butterfly->base(structure);
</ins><span class="cx"> newStorageCapacity = currentCapacity;
</span><ins>+ allocatedNewStorage = false;
</ins><span class="cx"> } else {
</span><span class="cx"> size_t newSize = Butterfly::totalSize(0, propertyCapacity, true, ArrayStorage::sizeFor(desiredCapacity));
</span><del>- if (!vm.heap.tryAllocateStorage(this, newSize, &newAllocBase))
</del><ins>+ newAllocBase = vm.heap.tryAllocateAuxiliary(this, newSize);
+ if (!newAllocBase)
</ins><span class="cx"> return false;
</span><span class="cx"> newStorageCapacity = desiredCapacity;
</span><ins>+ allocatedNewStorage = true;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // Step 3:
</span><span class="lines">@@ -306,7 +362,7 @@
</span><span class="cx"> // Atomic decay, + the post-capacity cannot be greater than what is available.
</span><span class="cx"> postCapacity = min((storage->vectorLength() - length) >> 1, newStorageCapacity - requiredVectorLength);
</span><span class="cx"> // If we're moving contents within the same allocation, the post-capacity is being reduced.
</span><del>- ASSERT(newAllocBase != butterfly->base(structure(vm)) || postCapacity < storage->vectorLength() - length);
</del><ins>+ ASSERT(newAllocBase != butterfly->base(structure) || postCapacity < storage->vectorLength() - length);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> unsigned newVectorLength = requiredVectorLength + postCapacity;
</span><span class="lines">@@ -318,17 +374,24 @@
</span><span class="cx"> ASSERT(count + usedVectorLength <= newVectorLength);
</span><span class="cx"> memmove(newButterfly->arrayStorage()->m_vector + count, storage->m_vector, sizeof(JSValue) * usedVectorLength);
</span><span class="cx"> memmove(newButterfly->propertyStorage() - propertySize, butterfly->propertyStorage() - propertySize, sizeof(JSValue) * propertySize + sizeof(IndexingHeader) + ArrayStorage::sizeFor(0));
</span><del>- } else if ((newAllocBase != butterfly->base(structure(vm))) || (newIndexBias != storage->m_indexBias)) {
</del><ins>+
+ if (allocatedNewStorage) {
+ // We will set the vectorLength to newVectorLength. We populated requiredVectorLength
+ // (usedVectorLength + count), which is less. Clear the difference.
+ for (unsigned i = requiredVectorLength; i < newVectorLength; ++i)
+ newButterfly->arrayStorage()->m_vector[i].clear();
+ }
+ } else if ((newAllocBase != butterfly->base(structure)) || (newIndexBias != storage->m_indexBias)) {
</ins><span class="cx"> memmove(newButterfly->propertyStorage() - propertySize, butterfly->propertyStorage() - propertySize, sizeof(JSValue) * propertySize + sizeof(IndexingHeader) + ArrayStorage::sizeFor(0));
</span><span class="cx"> memmove(newButterfly->arrayStorage()->m_vector, storage->m_vector, sizeof(JSValue) * usedVectorLength);
</span><del>-
- WriteBarrier<Unknown>* newVector = newButterfly->arrayStorage()->m_vector;
</del><ins>+
</ins><span class="cx"> for (unsigned i = requiredVectorLength; i < newVectorLength; i++)
</span><del>- newVector[i].clear();
</del><ins>+ newButterfly->arrayStorage()->m_vector[i].clear();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> newButterfly->arrayStorage()->setVectorLength(newVectorLength);
</span><span class="cx"> newButterfly->arrayStorage()->m_indexBias = newIndexBias;
</span><ins>+
</ins><span class="cx"> setButterflyWithoutChangingStructure(vm, newButterfly);
</span><span class="cx">
</span><span class="cx"> return true;
</span><span class="lines">@@ -337,7 +400,7 @@
</span><span class="cx"> bool JSArray::setLengthWithArrayStorage(ExecState* exec, unsigned newLength, bool throwException, ArrayStorage* storage)
</span><span class="cx"> {
</span><span class="cx"> unsigned length = storage->length();
</span><del>-
</del><ins>+
</ins><span class="cx"> // If the length is read only then we enter sparse mode, so should enter the following 'if'.
</span><span class="cx"> ASSERT(isLengthWritable() || storage->m_sparseMap);
</span><span class="cx">
</span><span class="lines">@@ -997,6 +1060,10 @@
</span><span class="cx">
</span><span class="cx"> unsigned vectorLength = storage->vectorLength();
</span><span class="cx">
</span><ins>+ // Need to have GC deferred around the unshiftCountSlowCase(), since that leaves the butterfly in
+ // a weird state: some parts of it will be left uninitialized, which we will fill in here.
+ DeferGC deferGC(vm.heap);
+
</ins><span class="cx"> if (moveFront && storage->m_indexBias >= count) {
</span><span class="cx"> Butterfly* newButterfly = storage->butterfly()->unshift(structure(), count);
</span><span class="cx"> storage = newButterfly->arrayStorage();
</span><span class="lines">@@ -1005,7 +1072,7 @@
</span><span class="cx"> setButterflyWithoutChangingStructure(vm, newButterfly);
</span><span class="cx"> } else if (!moveFront && vectorLength - length >= count)
</span><span class="cx"> storage = storage->butterfly()->arrayStorage();
</span><del>- else if (unshiftCountSlowCase(vm, moveFront, count))
</del><ins>+ else if (unshiftCountSlowCase(vm, deferGC, moveFront, count))
</ins><span class="cx"> storage = arrayStorage();
</span><span class="cx"> else {
</span><span class="cx"> throwOutOfMemoryError(exec, scope);
</span><span class="lines">@@ -1199,7 +1266,6 @@
</span><span class="cx"> ASSERT(length == this->length());
</span><span class="cx">
</span><span class="cx"> Butterfly* butterfly = m_butterfly.get();
</span><del>-
</del><span class="cx"> switch (indexingType()) {
</span><span class="cx"> case ArrayClass:
</span><span class="cx"> return;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSArrayh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSArray.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSArray.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSArray.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,6 +1,6 @@
</span><span class="cx"> /*
</span><span class="cx"> * Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
</span><del>- * Copyright (C) 2003, 2007, 2008, 2009, 2012, 2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2003, 2007, 2008, 2009, 2012, 2015-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * This library is free software; you can redistribute it and/or
</span><span class="cx"> * modify it under the terms of the GNU Lesser General Public
</span><span class="lines">@@ -60,7 +60,7 @@
</span><span class="cx"> // contents are known at time of creation. Clients of this interface must:
</span><span class="cx"> // - null-check the result (indicating out of memory, or otherwise unable to allocate vector).
</span><span class="cx"> // - call 'initializeIndex' for all properties in sequence, for 0 <= i < initialLength.
</span><del>- static JSArray* tryCreateUninitialized(VM&, Structure*, unsigned initialLength);
</del><ins>+ JS_EXPORT_PRIVATE static JSArray* tryCreateUninitialized(VM&, Structure*, unsigned initialLength);
</ins><span class="cx">
</span><span class="cx"> JS_EXPORT_PRIVATE static bool defineOwnProperty(JSObject*, ExecState*, PropertyName, const PropertyDescriptor&, bool throwException);
</span><span class="cx">
</span><span class="lines">@@ -168,7 +168,7 @@
</span><span class="cx">
</span><span class="cx"> bool unshiftCountWithAnyIndexingType(ExecState*, unsigned startIndex, unsigned count);
</span><span class="cx"> bool unshiftCountWithArrayStorage(ExecState*, unsigned startIndex, unsigned count, ArrayStorage*);
</span><del>- bool unshiftCountSlowCase(VM&, bool, unsigned);
</del><ins>+ bool unshiftCountSlowCase(VM&, DeferGC&, bool, unsigned);
</ins><span class="cx">
</span><span class="cx"> bool setLengthWithArrayStorage(ExecState*, unsigned newLength, bool throwException, ArrayStorage*);
</span><span class="cx"> void setLengthWritable(ExecState*, bool writable);
</span><span class="lines">@@ -177,7 +177,8 @@
</span><span class="cx"> inline Butterfly* createContiguousArrayButterfly(VM& vm, JSCell* intendedOwner, unsigned length, unsigned& vectorLength)
</span><span class="cx"> {
</span><span class="cx"> IndexingHeader header;
</span><del>- vectorLength = std::max(length, BASE_VECTOR_LEN);
</del><ins>+ vectorLength = Butterfly::optimalContiguousVectorLength(
+ intendedOwner ? intendedOwner->structure(vm) : 0, length);
</ins><span class="cx"> header.setVectorLength(vectorLength);
</span><span class="cx"> header.setPublicLength(length);
</span><span class="cx"> Butterfly* result = Butterfly::create(
</span><span class="lines">@@ -188,11 +189,11 @@
</span><span class="cx"> inline Butterfly* createArrayButterfly(VM& vm, JSCell* intendedOwner, unsigned initialLength)
</span><span class="cx"> {
</span><span class="cx"> Butterfly* butterfly = Butterfly::create(
</span><del>- vm, intendedOwner, 0, 0, true, baseIndexingHeaderForArray(initialLength),
- ArrayStorage::sizeFor(BASE_VECTOR_LEN));
</del><ins>+ vm, intendedOwner, 0, 0, true, baseIndexingHeaderForArrayStorage(initialLength),
+ ArrayStorage::sizeFor(BASE_ARRAY_STORAGE_VECTOR_LEN));
</ins><span class="cx"> ArrayStorage* storage = butterfly->arrayStorage();
</span><ins>+ storage->m_sparseMap.clear();
</ins><span class="cx"> storage->m_indexBias = 0;
</span><del>- storage->m_sparseMap.clear();
</del><span class="cx"> storage->m_numValuesInVector = 0;
</span><span class="cx"> return butterfly;
</span><span class="cx"> }
</span><span class="lines">@@ -211,62 +212,22 @@
</span><span class="cx"> || hasContiguous(structure->indexingType()));
</span><span class="cx"> unsigned vectorLength;
</span><span class="cx"> butterfly = createContiguousArrayButterfly(vm, 0, initialLength, vectorLength);
</span><del>- ASSERT(initialLength < MIN_ARRAY_STORAGE_CONSTRUCTION_LENGTH);
- if (hasDouble(structure->indexingType())) {
- for (unsigned i = 0; i < vectorLength; ++i)
- butterfly->contiguousDouble()[i] = PNaN;
- }
</del><ins>+ if (hasDouble(structure->indexingType()))
+ clearArray(butterfly->contiguousDouble().data(), vectorLength);
+ else
+ clearArray(butterfly->contiguous().data(), vectorLength);
</ins><span class="cx"> } else {
</span><span class="cx"> ASSERT(
</span><span class="cx"> structure->indexingType() == ArrayWithSlowPutArrayStorage
</span><span class="cx"> || structure->indexingType() == ArrayWithArrayStorage);
</span><span class="cx"> butterfly = createArrayButterfly(vm, 0, initialLength);
</span><ins>+ for (unsigned i = 0; i < BASE_ARRAY_STORAGE_VECTOR_LEN; ++i)
+ butterfly->arrayStorage()->m_vector[i].clear();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> return createWithButterfly(vm, structure, butterfly);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline JSArray* JSArray::tryCreateUninitialized(VM& vm, Structure* structure, unsigned initialLength)
-{
- unsigned vectorLength = std::max(BASE_VECTOR_LEN, initialLength);
- if (vectorLength > MAX_STORAGE_VECTOR_LENGTH)
- return 0;
-
- unsigned outOfLineStorage = structure->outOfLineCapacity();
-
- Butterfly* butterfly;
- if (LIKELY(!hasAnyArrayStorage(structure->indexingType()))) {
- ASSERT(
- hasUndecided(structure->indexingType())
- || hasInt32(structure->indexingType())
- || hasDouble(structure->indexingType())
- || hasContiguous(structure->indexingType()));
-
- void* temp;
- if (!vm.heap.tryAllocateStorage(0, Butterfly::totalSize(0, outOfLineStorage, true, vectorLength * sizeof(EncodedJSValue)), &temp))
- return 0;
- butterfly = Butterfly::fromBase(temp, 0, outOfLineStorage);
- butterfly->setVectorLength(vectorLength);
- butterfly->setPublicLength(initialLength);
- if (hasDouble(structure->indexingType())) {
- for (unsigned i = initialLength; i < vectorLength; ++i)
- butterfly->contiguousDouble()[i] = PNaN;
- }
- } else {
- void* temp;
- if (!vm.heap.tryAllocateStorage(0, Butterfly::totalSize(0, outOfLineStorage, true, ArrayStorage::sizeFor(vectorLength)), &temp))
- return 0;
- butterfly = Butterfly::fromBase(temp, 0, outOfLineStorage);
- *butterfly->indexingHeader() = indexingHeaderForArray(initialLength, vectorLength);
- ArrayStorage* storage = butterfly->arrayStorage();
- storage->m_indexBias = 0;
- storage->m_sparseMap.clear();
- storage->m_numValuesInVector = initialLength;
- }
-
- return createWithButterfly(vm, structure, butterfly);
-}
-
</del><span class="cx"> inline JSArray* JSArray::createWithButterfly(VM& vm, Structure* structure, Butterfly* butterfly)
</span><span class="cx"> {
</span><span class="cx"> JSArray* array = new (NotNull, allocateCell<JSArray>(vm.heap)) JSArray(vm, structure, butterfly);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSArrayBufferViewh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSArrayBufferView.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSArrayBufferView.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSArrayBufferView.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,6 +26,7 @@
</span><span class="cx"> #ifndef JSArrayBufferView_h
</span><span class="cx"> #define JSArrayBufferView_h
</span><span class="cx">
</span><ins>+#include "CopyBarrier.h"
</ins><span class="cx"> #include "JSObject.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSCInlinesh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCInlines.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCInlines.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCInlines.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -41,7 +41,6 @@
</span><span class="cx"> #include "GCIncomingRefCountedInlines.h"
</span><span class="cx"> #include "HeapInlines.h"
</span><span class="cx"> #include "IdentifierInlines.h"
</span><del>-#include "Interpreter.h"
</del><span class="cx"> #include "JSArrayBufferViewInlines.h"
</span><span class="cx"> #include "JSCJSValueInlines.h"
</span><span class="cx"> #include "JSFunctionInlines.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSCJSValuecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCJSValue.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCJSValue.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCJSValue.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,11 +29,10 @@
</span><span class="cx"> #include "Error.h"
</span><span class="cx"> #include "ExceptionHelpers.h"
</span><span class="cx"> #include "GetterSetter.h"
</span><del>-#include "JSCJSValueInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSFunction.h"
</span><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx"> #include "NumberObject.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx"> #include <wtf/MathExtras.h>
</span><span class="cx"> #include <wtf/StringExtras.h>
</span><span class="cx">
</span><span class="lines">@@ -278,7 +277,11 @@
</span><span class="cx"> out.print("Symbol: ", RawPointer(asCell()));
</span><span class="cx"> else if (structure->classInfo()->isSubClassOf(Structure::info()))
</span><span class="cx"> out.print("Structure: ", inContext(*jsCast<Structure*>(asCell()), context));
</span><del>- else {
</del><ins>+ else if (structure->classInfo()->isSubClassOf(JSObject::info())) {
+ out.print("Object: ", RawPointer(asCell()));
+ out.print(" with butterfly ", RawPointer(asObject(asCell())->butterfly()));
+ out.print(" (", inContext(*structure, context), ")");
+ } else {
</ins><span class="cx"> out.print("Cell: ", RawPointer(asCell()));
</span><span class="cx"> out.print(" (", inContext(*structure, context), ")");
</span><span class="cx"> }
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSCalleecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCallee.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCallee.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCallee.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -27,13 +27,9 @@
</span><span class="cx"> #include "JSCallee.h"
</span><span class="cx">
</span><span class="cx"> #include "GetterSetter.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCell.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSGlobalObject.h"
</span><del>-#include "SlotVisitorInlines.h"
</del><span class="cx"> #include "StackVisitor.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="lines">@@ -43,6 +39,7 @@
</span><span class="cx"> : Base(vm, structure)
</span><span class="cx"> , m_scope(vm, this, globalObject)
</span><span class="cx"> {
</span><ins>+ RELEASE_ASSERT(!isLargeAllocation());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> JSCallee::JSCallee(VM& vm, JSScope* scope, Structure* structure)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSCellcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCell.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCell.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCell.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -58,7 +58,7 @@
</span><span class="cx">
</span><span class="cx"> size_t JSCell::estimatedSize(JSCell* cell)
</span><span class="cx"> {
</span><del>- return MarkedBlock::blockFor(cell)->cellSize();
</del><ins>+ return cell->cellSize();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void JSCell::copyBackingStore(JSCell*, CopyVisitor&, CopyToken)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSCellh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCell.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCell.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCell.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -80,7 +80,7 @@
</span><span class="cx">
</span><span class="cx"> enum CreatingEarlyCellTag { CreatingEarlyCell };
</span><span class="cx"> JSCell(CreatingEarlyCellTag);
</span><del>-
</del><ins>+
</ins><span class="cx"> protected:
</span><span class="cx"> JSCell(VM&, Structure*);
</span><span class="cx"> JS_EXPORT_PRIVATE static void destroy(JSCell*);
</span><span class="lines">@@ -108,8 +108,6 @@
</span><span class="cx">
</span><span class="cx"> const char* className() const;
</span><span class="cx">
</span><del>- VM* vm() const;
-
</del><span class="cx"> // Extracting the value.
</span><span class="cx"> JS_EXPORT_PRIVATE bool getString(ExecState*, String&) const;
</span><span class="cx"> JS_EXPORT_PRIVATE String getString(ExecState*) const; // null string if not a string
</span><span class="lines">@@ -190,6 +188,8 @@
</span><span class="cx"> {
</span><span class="cx"> return OBJECT_OFFSETOF(JSCell, m_cellState);
</span><span class="cx"> }
</span><ins>+
+ void callDestructor(VM&);
</ins><span class="cx">
</span><span class="cx"> static const TypedArrayType TypedArrayStorageType = NotTypedArray;
</span><span class="cx"> protected:
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSCellInlinesh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCellInlines.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCellInlines.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSCellInlines.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -113,16 +113,13 @@
</span><span class="cx"> visitor.appendUnbarrieredPointer(&structure);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline VM* JSCell::vm() const
-{
- return MarkedBlock::blockFor(this)->vm();
-}
-
</del><span class="cx"> ALWAYS_INLINE VM& ExecState::vm() const
</span><span class="cx"> {
</span><span class="cx"> ASSERT(callee());
</span><span class="cx"> ASSERT(callee()->vm());
</span><del>- return *calleeAsValue().asCell()->vm();
</del><ins>+ ASSERT(!callee()->isLargeAllocation());
+ // This is an important optimization since we access this so often.
+ return *calleeAsValue().asCell()->markedBlock().vm();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<typename T>
</span><span class="lines">@@ -233,12 +230,19 @@
</span><span class="cx"> && !structure.typeInfo().overridesGetOwnPropertySlot();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline const ClassInfo* JSCell::classInfo() const
</del><ins>+ALWAYS_INLINE const ClassInfo* JSCell::classInfo() const
</ins><span class="cx"> {
</span><del>- MarkedBlock* block = MarkedBlock::blockFor(this);
- if (block->needsDestruction() && !(inlineTypeFlags() & StructureIsImmortal))
</del><ins>+ if (isLargeAllocation()) {
+ LargeAllocation& allocation = largeAllocation();
+ if (allocation.attributes().destruction == NeedsDestruction
+ && !(inlineTypeFlags() & StructureIsImmortal))
+ return static_cast<const JSDestructibleObject*>(this)->classInfo();
+ return structure(*allocation.vm())->classInfo();
+ }
+ MarkedBlock& block = markedBlock();
+ if (block.needsDestruction() && !(inlineTypeFlags() & StructureIsImmortal))
</ins><span class="cx"> return static_cast<const JSDestructibleObject*>(this)->classInfo();
</span><del>- return structure(*block->vm())->classInfo();
</del><ins>+ return structure(*block.vm())->classInfo();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> inline bool JSCell::toBoolean(ExecState* exec) const
</span><span class="lines">@@ -257,6 +261,18 @@
</span><span class="cx"> return MixedTriState;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+inline void JSCell::callDestructor(VM& vm)
+{
+ if (isZapped())
+ return;
+ ASSERT(structureID());
+ if (inlineTypeFlags() & StructureIsImmortal)
+ structure(vm)->classInfo()->methodTable.destroy(this);
+ else
+ jsCast<JSDestructibleObject*>(this)->classInfo()->methodTable.destroy(this);
+ zap();
+}
+
</ins><span class="cx"> } // namespace JSC
</span><span class="cx">
</span><span class="cx"> #endif // JSCellInlines_h
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSFunctioncpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSFunction.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSFunction.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSFunction.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -64,7 +64,7 @@
</span><span class="cx">
</span><span class="cx"> JSFunction* JSFunction::create(VM& vm, FunctionExecutable* executable, JSScope* scope)
</span><span class="cx"> {
</span><del>- return create(vm, executable, scope, scope->globalObject()->functionStructure());
</del><ins>+ return create(vm, executable, scope, scope->globalObject(vm)->functionStructure());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> JSFunction* JSFunction::create(VM& vm, FunctionExecutable* executable, JSScope* scope, Structure* structure)
</span><span class="lines">@@ -78,7 +78,7 @@
</span><span class="cx"> JSFunction* JSFunction::create(VM& vm, WebAssemblyExecutable* executable, JSScope* scope)
</span><span class="cx"> {
</span><span class="cx"> JSFunction* function = new (NotNull, allocateCell<JSFunction>(vm.heap)) JSFunction(vm, executable, scope);
</span><del>- ASSERT(function->structure()->globalObject());
</del><ins>+ ASSERT(function->structure(vm)->globalObject());
</ins><span class="cx"> function->finishCreation(vm);
</span><span class="cx"> return function;
</span><span class="cx"> }
</span><span class="lines">@@ -145,9 +145,9 @@
</span><span class="cx"> VM& vm = exec->vm();
</span><span class="cx"> JSObject* prototype = jsDynamicCast<JSObject*>(get(exec, vm.propertyNames->prototype));
</span><span class="cx"> if (!prototype)
</span><del>- prototype = globalObject()->objectPrototype();
</del><ins>+ prototype = globalObject(vm)->objectPrototype();
</ins><span class="cx"> FunctionRareData* rareData = FunctionRareData::create(vm);
</span><del>- rareData->initializeObjectAllocationProfile(globalObject()->vm(), prototype, inlineCapacity);
</del><ins>+ rareData->initializeObjectAllocationProfile(vm, prototype, inlineCapacity);
</ins><span class="cx">
</span><span class="cx"> // A DFG compilation thread may be trying to read the rare data
</span><span class="cx"> // We want to ensure that it sees it properly allocated
</span><span class="lines">@@ -163,8 +163,8 @@
</span><span class="cx"> VM& vm = exec->vm();
</span><span class="cx"> JSObject* prototype = jsDynamicCast<JSObject*>(get(exec, vm.propertyNames->prototype));
</span><span class="cx"> if (!prototype)
</span><del>- prototype = globalObject()->objectPrototype();
- m_rareData->initializeObjectAllocationProfile(globalObject()->vm(), prototype, inlineCapacity);
</del><ins>+ prototype = globalObject(vm)->objectPrototype();
+ m_rareData->initializeObjectAllocationProfile(vm, prototype, inlineCapacity);
</ins><span class="cx"> return m_rareData.get();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -345,26 +345,26 @@
</span><span class="cx">
</span><span class="cx"> bool JSFunction::getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
</span><span class="cx"> {
</span><ins>+ VM& vm = exec->vm();
</ins><span class="cx"> JSFunction* thisObject = jsCast<JSFunction*>(object);
</span><span class="cx"> if (thisObject->isHostOrBuiltinFunction()) {
</span><del>- thisObject->reifyBoundNameIfNeeded(exec, propertyName);
</del><ins>+ thisObject->reifyBoundNameIfNeeded(vm, exec, propertyName);
</ins><span class="cx"> return Base::getOwnPropertySlot(thisObject, exec, propertyName, slot);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (propertyName == exec->propertyNames().prototype && !thisObject->jsExecutable()->isArrowFunction()) {
- VM& vm = exec->vm();
</del><ins>+ if (propertyName == vm.propertyNames->prototype && !thisObject->jsExecutable()->isArrowFunction()) {
</ins><span class="cx"> unsigned attributes;
</span><span class="cx"> PropertyOffset offset = thisObject->getDirectOffset(vm, propertyName, attributes);
</span><span class="cx"> if (!isValidOffset(offset)) {
</span><span class="cx"> JSObject* prototype = nullptr;
</span><span class="cx"> if (thisObject->jsExecutable()->parseMode() == SourceParseMode::GeneratorWrapperFunctionMode)
</span><del>- prototype = constructEmptyObject(exec, thisObject->globalObject()->generatorPrototype());
</del><ins>+ prototype = constructEmptyObject(exec, thisObject->globalObject(vm)->generatorPrototype());
</ins><span class="cx"> else
</span><span class="cx"> prototype = constructEmptyObject(exec);
</span><span class="cx">
</span><del>- prototype->putDirect(vm, exec->propertyNames().constructor, thisObject, DontEnum);
- thisObject->putDirect(vm, exec->propertyNames().prototype, prototype, DontDelete | DontEnum);
- offset = thisObject->getDirectOffset(vm, exec->propertyNames().prototype, attributes);
</del><ins>+ prototype->putDirect(vm, vm.propertyNames->constructor, thisObject, DontEnum);
+ thisObject->putDirect(vm, vm.propertyNames->prototype, prototype, DontDelete | DontEnum);
+ offset = thisObject->getDirectOffset(vm, vm.propertyNames->prototype, attributes);
</ins><span class="cx"> ASSERT(isValidOffset(offset));
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -371,11 +371,11 @@
</span><span class="cx"> slot.setValue(thisObject, attributes, thisObject->getDirect(offset), offset);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (propertyName == exec->propertyNames().arguments) {
</del><ins>+ if (propertyName == vm.propertyNames->arguments) {
</ins><span class="cx"> if (thisObject->jsExecutable()->isStrictMode() || thisObject->jsExecutable()->isClassConstructorFunction()) {
</span><span class="cx"> bool result = Base::getOwnPropertySlot(thisObject, exec, propertyName, slot);
</span><span class="cx"> if (!result) {
</span><del>- GetterSetter* errorGetterSetter = thisObject->globalObject()->throwTypeErrorArgumentsCalleeAndCallerGetterSetter();
</del><ins>+ GetterSetter* errorGetterSetter = thisObject->globalObject(vm)->throwTypeErrorArgumentsCalleeAndCallerGetterSetter();
</ins><span class="cx"> thisObject->putDirectAccessor(exec, propertyName, errorGetterSetter, DontDelete | DontEnum | Accessor);
</span><span class="cx"> result = Base::getOwnPropertySlot(thisObject, exec, propertyName, slot);
</span><span class="cx"> ASSERT(result);
</span><span class="lines">@@ -386,11 +386,11 @@
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (propertyName == exec->propertyNames().caller) {
</del><ins>+ if (propertyName == vm.propertyNames->caller) {
</ins><span class="cx"> if (thisObject->jsExecutable()->isStrictMode() || thisObject->jsExecutable()->isClassConstructorFunction()) {
</span><span class="cx"> bool result = Base::getOwnPropertySlot(thisObject, exec, propertyName, slot);
</span><span class="cx"> if (!result) {
</span><del>- GetterSetter* errorGetterSetter = thisObject->globalObject()->throwTypeErrorArgumentsCalleeAndCallerGetterSetter();
</del><ins>+ GetterSetter* errorGetterSetter = thisObject->globalObject(vm)->throwTypeErrorArgumentsCalleeAndCallerGetterSetter();
</ins><span class="cx"> thisObject->putDirectAccessor(exec, propertyName, errorGetterSetter, DontDelete | DontEnum | Accessor);
</span><span class="cx"> result = Base::getOwnPropertySlot(thisObject, exec, propertyName, slot);
</span><span class="cx"> ASSERT(result);
</span><span class="lines">@@ -401,7 +401,7 @@
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- thisObject->reifyLazyPropertyIfNeeded(exec, propertyName);
</del><ins>+ thisObject->reifyLazyPropertyIfNeeded(vm, exec, propertyName);
</ins><span class="cx">
</span><span class="cx"> return Base::getOwnPropertySlot(thisObject, exec, propertyName, slot);
</span><span class="cx"> }
</span><span class="lines">@@ -437,11 +437,11 @@
</span><span class="cx"> return ordinarySetSlow(exec, thisObject, propertyName, value, slot.thisValue(), slot.isStrictMode());
</span><span class="cx">
</span><span class="cx"> if (thisObject->isHostOrBuiltinFunction()) {
</span><del>- thisObject->reifyBoundNameIfNeeded(exec, propertyName);
</del><ins>+ thisObject->reifyBoundNameIfNeeded(vm, exec, propertyName);
</ins><span class="cx"> return Base::put(thisObject, exec, propertyName, value, slot);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (propertyName == exec->propertyNames().prototype) {
</del><ins>+ if (propertyName == vm.propertyNames->prototype) {
</ins><span class="cx"> // Make sure prototype has been reified, such that it can only be overwritten
</span><span class="cx"> // following the rules set out in ECMA-262 8.12.9.
</span><span class="cx"> PropertySlot slot(thisObject, PropertySlot::InternalMethodType::VMInquiry);
</span><span class="lines">@@ -453,7 +453,7 @@
</span><span class="cx"> scope.release();
</span><span class="cx"> return Base::put(thisObject, exec, propertyName, value, dontCache);
</span><span class="cx"> }
</span><del>- if (thisObject->jsExecutable()->isStrictMode() && (propertyName == exec->propertyNames().arguments || propertyName == exec->propertyNames().caller)) {
</del><ins>+ if (thisObject->jsExecutable()->isStrictMode() && (propertyName == vm.propertyNames->arguments || propertyName == vm.propertyNames->caller)) {
</ins><span class="cx"> // This will trigger the property to be reified, if this is not already the case!
</span><span class="cx"> bool okay = thisObject->hasProperty(exec, propertyName);
</span><span class="cx"> ASSERT_UNUSED(okay, okay);
</span><span class="lines">@@ -460,12 +460,12 @@
</span><span class="cx"> scope.release();
</span><span class="cx"> return Base::put(thisObject, exec, propertyName, value, slot);
</span><span class="cx"> }
</span><del>- if (propertyName == exec->propertyNames().arguments || propertyName == exec->propertyNames().caller) {
</del><ins>+ if (propertyName == vm.propertyNames->arguments || propertyName == vm.propertyNames->caller) {
</ins><span class="cx"> if (slot.isStrictMode())
</span><span class="cx"> throwTypeError(exec, scope, StrictModeReadonlyPropertyWriteError);
</span><span class="cx"> return false;
</span><span class="cx"> }
</span><del>- thisObject->reifyLazyPropertyIfNeeded(exec, propertyName);
</del><ins>+ thisObject->reifyLazyPropertyIfNeeded(vm, exec, propertyName);
</ins><span class="cx"> scope.release();
</span><span class="cx"> return Base::put(thisObject, exec, propertyName, value, slot);
</span><span class="cx"> }
</span><span class="lines">@@ -474,16 +474,17 @@
</span><span class="cx"> {
</span><span class="cx"> JSFunction* thisObject = jsCast<JSFunction*>(cell);
</span><span class="cx"> if (thisObject->isHostOrBuiltinFunction())
</span><del>- thisObject->reifyBoundNameIfNeeded(exec, propertyName);
</del><ins>+ thisObject->reifyBoundNameIfNeeded(exec->vm(), exec, propertyName);
</ins><span class="cx"> else if (exec->vm().deletePropertyMode() != VM::DeletePropertyMode::IgnoreConfigurable) {
</span><span class="cx"> // For non-host functions, don't let these properties by deleted - except by DefineOwnProperty.
</span><ins>+ VM& vm = exec->vm();
</ins><span class="cx"> FunctionExecutable* executable = thisObject->jsExecutable();
</span><del>- if (propertyName == exec->propertyNames().arguments
- || (propertyName == exec->propertyNames().prototype && !executable->isArrowFunction())
- || propertyName == exec->propertyNames().caller)
</del><ins>+ if (propertyName == vm.propertyNames->arguments
+ || (propertyName == vm.propertyNames->prototype && !executable->isArrowFunction())
+ || propertyName == vm.propertyNames->caller)
</ins><span class="cx"> return false;
</span><span class="cx">
</span><del>- thisObject->reifyLazyPropertyIfNeeded(exec, propertyName);
</del><ins>+ thisObject->reifyLazyPropertyIfNeeded(vm, exec, propertyName);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> return Base::deleteProperty(thisObject, exec, propertyName);
</span><span class="lines">@@ -496,11 +497,11 @@
</span><span class="cx">
</span><span class="cx"> JSFunction* thisObject = jsCast<JSFunction*>(object);
</span><span class="cx"> if (thisObject->isHostOrBuiltinFunction()) {
</span><del>- thisObject->reifyBoundNameIfNeeded(exec, propertyName);
</del><ins>+ thisObject->reifyBoundNameIfNeeded(vm, exec, propertyName);
</ins><span class="cx"> return Base::defineOwnProperty(object, exec, propertyName, descriptor, throwException);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (propertyName == exec->propertyNames().prototype) {
</del><ins>+ if (propertyName == vm.propertyNames->prototype) {
</ins><span class="cx"> // Make sure prototype has been reified, such that it can only be overwritten
</span><span class="cx"> // following the rules set out in ECMA-262 8.12.9.
</span><span class="cx"> PropertySlot slot(thisObject, PropertySlot::InternalMethodType::VMInquiry);
</span><span class="lines">@@ -511,24 +512,24 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> bool valueCheck;
</span><del>- if (propertyName == exec->propertyNames().arguments) {
</del><ins>+ if (propertyName == vm.propertyNames->arguments) {
</ins><span class="cx"> if (thisObject->jsExecutable()->isStrictMode()) {
</span><span class="cx"> PropertySlot slot(thisObject, PropertySlot::InternalMethodType::VMInquiry);
</span><span class="cx"> if (!Base::getOwnPropertySlot(thisObject, exec, propertyName, slot))
</span><del>- thisObject->putDirectAccessor(exec, propertyName, thisObject->globalObject()->throwTypeErrorArgumentsCalleeAndCallerGetterSetter(), DontDelete | DontEnum | Accessor);
</del><ins>+ thisObject->putDirectAccessor(exec, propertyName, thisObject->globalObject(vm)->throwTypeErrorArgumentsCalleeAndCallerGetterSetter(), DontDelete | DontEnum | Accessor);
</ins><span class="cx"> return Base::defineOwnProperty(object, exec, propertyName, descriptor, throwException);
</span><span class="cx"> }
</span><span class="cx"> valueCheck = !descriptor.value() || sameValue(exec, descriptor.value(), retrieveArguments(exec, thisObject));
</span><del>- } else if (propertyName == exec->propertyNames().caller) {
</del><ins>+ } else if (propertyName == vm.propertyNames->caller) {
</ins><span class="cx"> if (thisObject->jsExecutable()->isStrictMode()) {
</span><span class="cx"> PropertySlot slot(thisObject, PropertySlot::InternalMethodType::VMInquiry);
</span><span class="cx"> if (!Base::getOwnPropertySlot(thisObject, exec, propertyName, slot))
</span><del>- thisObject->putDirectAccessor(exec, propertyName, thisObject->globalObject()->throwTypeErrorArgumentsCalleeAndCallerGetterSetter(), DontDelete | DontEnum | Accessor);
</del><ins>+ thisObject->putDirectAccessor(exec, propertyName, thisObject->globalObject(vm)->throwTypeErrorArgumentsCalleeAndCallerGetterSetter(), DontDelete | DontEnum | Accessor);
</ins><span class="cx"> return Base::defineOwnProperty(object, exec, propertyName, descriptor, throwException);
</span><span class="cx"> }
</span><span class="cx"> valueCheck = !descriptor.value() || sameValue(exec, descriptor.value(), retrieveCallerFunction(exec, thisObject));
</span><span class="cx"> } else {
</span><del>- thisObject->reifyLazyPropertyIfNeeded(exec, propertyName);
</del><ins>+ thisObject->reifyLazyPropertyIfNeeded(vm, exec, propertyName);
</ins><span class="cx"> return Base::defineOwnProperty(object, exec, propertyName, descriptor, throwException);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -590,6 +591,7 @@
</span><span class="cx">
</span><span class="cx"> void JSFunction::setFunctionName(ExecState* exec, JSValue value)
</span><span class="cx"> {
</span><ins>+ VM& vm = exec->vm();
</ins><span class="cx"> // The "name" property may have been already been defined as part of a property list in an
</span><span class="cx"> // object literal (and therefore reified).
</span><span class="cx"> if (hasReifiedName())
</span><span class="lines">@@ -605,7 +607,6 @@
</span><span class="cx"> else
</span><span class="cx"> name = makeString('[', String(uid), ']');
</span><span class="cx"> } else {
</span><del>- VM& vm = exec->vm();
</del><span class="cx"> JSString* jsStr = value.toString(exec);
</span><span class="cx"> if (vm.exception())
</span><span class="cx"> return;
</span><span class="lines">@@ -613,12 +614,11 @@
</span><span class="cx"> if (vm.exception())
</span><span class="cx"> return;
</span><span class="cx"> }
</span><del>- reifyName(exec, name);
</del><ins>+ reifyName(vm, exec, name);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-void JSFunction::reifyLength(ExecState* exec)
</del><ins>+void JSFunction::reifyLength(VM& vm)
</ins><span class="cx"> {
</span><del>- VM& vm = exec->vm();
</del><span class="cx"> FunctionRareData* rareData = this->rareData(vm);
</span><span class="cx">
</span><span class="cx"> ASSERT(!hasReifiedLength());
</span><span class="lines">@@ -625,13 +625,13 @@
</span><span class="cx"> ASSERT(!isHostFunction());
</span><span class="cx"> JSValue initialValue = jsNumber(jsExecutable()->parameterCount());
</span><span class="cx"> unsigned initialAttributes = DontEnum | ReadOnly;
</span><del>- const Identifier& identifier = exec->propertyNames().length;
</del><ins>+ const Identifier& identifier = vm.propertyNames->length;
</ins><span class="cx"> putDirect(vm, identifier, initialValue, initialAttributes);
</span><span class="cx">
</span><span class="cx"> rareData->setHasReifiedLength();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void JSFunction::reifyName(ExecState* exec)
</del><ins>+void JSFunction::reifyName(VM& vm, ExecState* exec)
</ins><span class="cx"> {
</span><span class="cx"> const Identifier& ecmaName = jsExecutable()->ecmaName();
</span><span class="cx"> String name;
</span><span class="lines">@@ -642,18 +642,17 @@
</span><span class="cx"> name = exec->propertyNames().defaultKeyword.string();
</span><span class="cx"> else
</span><span class="cx"> name = ecmaName.string();
</span><del>- reifyName(exec, name);
</del><ins>+ reifyName(vm, exec, name);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-void JSFunction::reifyName(ExecState* exec, String name)
</del><ins>+void JSFunction::reifyName(VM& vm, ExecState* exec, String name)
</ins><span class="cx"> {
</span><del>- VM& vm = exec->vm();
</del><span class="cx"> FunctionRareData* rareData = this->rareData(vm);
</span><span class="cx">
</span><span class="cx"> ASSERT(!hasReifiedName());
</span><span class="cx"> ASSERT(!isHostFunction());
</span><span class="cx"> unsigned initialAttributes = DontEnum | ReadOnly;
</span><del>- const Identifier& propID = exec->propertyNames().name;
</del><ins>+ const Identifier& propID = vm.propertyNames->name;
</ins><span class="cx">
</span><span class="cx"> if (exec->lexicalGlobalObject()->needsSiteSpecificQuirks()) {
</span><span class="cx"> auto illegalCharMatcher = [] (UChar ch) -> bool {
</span><span class="lines">@@ -672,20 +671,20 @@
</span><span class="cx"> rareData->setHasReifiedName();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void JSFunction::reifyLazyPropertyIfNeeded(ExecState* exec, PropertyName propertyName)
</del><ins>+void JSFunction::reifyLazyPropertyIfNeeded(VM& vm, ExecState* exec, PropertyName propertyName)
</ins><span class="cx"> {
</span><del>- if (propertyName == exec->propertyNames().length) {
</del><ins>+ if (propertyName == vm.propertyNames->length) {
</ins><span class="cx"> if (!hasReifiedLength())
</span><del>- reifyLength(exec);
- } else if (propertyName == exec->propertyNames().name) {
</del><ins>+ reifyLength(vm);
+ } else if (propertyName == vm.propertyNames->name) {
</ins><span class="cx"> if (!hasReifiedName())
</span><del>- reifyName(exec);
</del><ins>+ reifyName(vm, exec);
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void JSFunction::reifyBoundNameIfNeeded(ExecState* exec, PropertyName propertyName)
</del><ins>+void JSFunction::reifyBoundNameIfNeeded(VM& vm, ExecState* exec, PropertyName propertyName)
</ins><span class="cx"> {
</span><del>- const Identifier& nameIdent = exec->propertyNames().name;
</del><ins>+ const Identifier& nameIdent = vm.propertyNames->name;
</ins><span class="cx"> if (propertyName != nameIdent)
</span><span class="cx"> return;
</span><span class="cx">
</span><span class="lines">@@ -693,7 +692,6 @@
</span><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> if (this->inherits(JSBoundFunction::info())) {
</span><del>- VM& vm = exec->vm();
</del><span class="cx"> FunctionRareData* rareData = this->rareData(vm);
</span><span class="cx"> String name = makeString("bound ", static_cast<NativeExecutable*>(m_executable.get())->name());
</span><span class="cx"> unsigned initialAttributes = DontEnum | ReadOnly;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSFunctionh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSFunction.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSFunction.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSFunction.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -189,11 +189,11 @@
</span><span class="cx">
</span><span class="cx"> bool hasReifiedLength() const;
</span><span class="cx"> bool hasReifiedName() const;
</span><del>- void reifyLength(ExecState*);
- void reifyName(ExecState*);
- void reifyBoundNameIfNeeded(ExecState*, PropertyName);
- void reifyName(ExecState*, String name);
- void reifyLazyPropertyIfNeeded(ExecState*, PropertyName propertyName);
</del><ins>+ void reifyLength(VM&);
+ void reifyName(VM&, ExecState*);
+ void reifyBoundNameIfNeeded(VM&, ExecState*, PropertyName);
+ void reifyName(VM&, ExecState*, String name);
+ void reifyLazyPropertyIfNeeded(VM&, ExecState*, PropertyName propertyName);
</ins><span class="cx">
</span><span class="cx"> friend class LLIntOffsetsExtractor;
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSFunctionInlinesh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSFunctionInlines.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSFunctionInlines.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSFunctionInlines.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -35,7 +35,7 @@
</span><span class="cx"> VM& vm, FunctionExecutable* executable, JSScope* scope)
</span><span class="cx"> {
</span><span class="cx"> ASSERT(executable->singletonFunction()->hasBeenInvalidated());
</span><del>- return createImpl(vm, executable, scope, scope->globalObject()->functionStructure());
</del><ins>+ return createImpl(vm, executable, scope, scope->globalObject(vm)->functionStructure());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> inline JSFunction::JSFunction(VM& vm, FunctionExecutable* executable, JSScope* scope, Structure* structure)
</span><span class="lines">@@ -47,7 +47,7 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(WEBASSEMBLY)
</span><span class="cx"> inline JSFunction::JSFunction(VM& vm, WebAssemblyExecutable* executable, JSScope* scope)
</span><del>- : Base(vm, scope, scope->globalObject()->functionStructure())
</del><ins>+ : Base(vm, scope, scope->globalObject(vm)->functionStructure())
</ins><span class="cx"> , m_executable(vm, this, executable)
</span><span class="cx"> , m_rareData()
</span><span class="cx"> {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSGenericTypedArrayViewInlinesh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSGenericTypedArrayViewInlines.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -520,25 +520,15 @@
</span><span class="cx"> // up. But if you do *anything* to trigger a GC watermark check, it will know
</span><span class="cx"> // that you *had* done those allocations and it will GC appropriately.
</span><span class="cx"> Heap* heap = Heap::heap(thisObject);
</span><ins>+ VM& vm = *heap->vm();
</ins><span class="cx"> DeferGCForAWhile deferGC(*heap);
</span><span class="cx">
</span><span class="cx"> ASSERT(!thisObject->hasIndexingHeader());
</span><span class="cx">
</span><del>- size_t size = thisObject->byteSize();
-
- if (thisObject->m_mode == FastTypedArray
- && !thisObject->butterfly() && size >= sizeof(IndexingHeader)) {
- ASSERT(thisObject->m_vector);
- // Reuse already allocated memory if at all possible.
- thisObject->m_butterfly.setWithoutBarrier(
- bitwise_cast<IndexingHeader*>(thisObject->vector())->butterfly());
- } else {
- RELEASE_ASSERT(!thisObject->hasIndexingHeader());
- VM& vm = *heap->vm();
- thisObject->m_butterfly.set(vm, thisObject, Butterfly::createOrGrowArrayRight(
- thisObject->butterfly(), vm, thisObject, thisObject->structure(),
- thisObject->structure()->outOfLineCapacity(), false, 0, 0));
- }
</del><ins>+ RELEASE_ASSERT(!thisObject->hasIndexingHeader());
+ thisObject->m_butterfly.set(vm, thisObject, Butterfly::createOrGrowArrayRight(
+ thisObject->butterfly(), vm, thisObject, thisObject->structure(),
+ thisObject->structure()->outOfLineCapacity(), false, 0, 0));
</ins><span class="cx">
</span><span class="cx"> RefPtr<ArrayBuffer> buffer;
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSInternalPromisecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSInternalPromise.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSInternalPromise.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSInternalPromise.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -27,10 +27,7 @@
</span><span class="cx"> #include "JSInternalPromise.h"
</span><span class="cx">
</span><span class="cx"> #include "BuiltinNames.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
-#include "JSObjectInlines.h"
-#include "StructureInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSInternalPromiseConstructorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSInternalPromiseConstructor.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSInternalPromiseConstructor.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSInternalPromiseConstructor.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -27,11 +27,9 @@
</span><span class="cx"> #include "JSInternalPromiseConstructor.h"
</span><span class="cx">
</span><span class="cx"> #include "JSCBuiltins.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSInternalPromise.h"
</span><span class="cx"> #include "JSInternalPromisePrototype.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> #include "JSInternalPromiseConstructor.lut.h"
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSInternalPromiseDeferredcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSInternalPromiseDeferred.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSInternalPromiseDeferred.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSInternalPromiseDeferred.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,13 +29,9 @@
</span><span class="cx"> #include "BuiltinNames.h"
</span><span class="cx"> #include "Error.h"
</span><span class="cx"> #include "Exception.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSInternalPromise.h"
</span><span class="cx"> #include "JSInternalPromiseConstructor.h"
</span><del>-#include "JSObjectInlines.h"
-#include "SlotVisitorInlines.h"
-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSInternalPromisePrototypecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSInternalPromisePrototype.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSInternalPromisePrototype.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSInternalPromisePrototype.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,12 +28,10 @@
</span><span class="cx">
</span><span class="cx"> #include "Error.h"
</span><span class="cx"> #include "JSCBuiltins.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx"> #include "JSInternalPromise.h"
</span><span class="cx"> #include "Microtask.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSJobcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSJob.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSJob.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSJob.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,12 +28,10 @@
</span><span class="cx">
</span><span class="cx"> #include "Error.h"
</span><span class="cx"> #include "Exception.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx"> #include "JSObjectInlines.h"
</span><span class="cx"> #include "Microtask.h"
</span><del>-#include "SlotVisitorInlines.h"
</del><span class="cx"> #include "StrongInlines.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSMapIteratorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSMapIterator.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSMapIterator.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSMapIterator.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple, Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2016 Apple, Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -26,12 +26,9 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "JSMapIterator.h"
</span><span class="cx">
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSMap.h"
</span><span class="cx"> #include "MapDataInlines.h"
</span><del>-#include "SlotVisitorInlines.h"
-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSModuleNamespaceObjectcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSModuleNamespaceObject.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSModuleNamespaceObject.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSModuleNamespaceObject.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2015-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -27,14 +27,10 @@
</span><span class="cx"> #include "JSModuleNamespaceObject.h"
</span><span class="cx">
</span><span class="cx"> #include "Error.h"
</span><del>-#include "IdentifierInlines.h"
-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSModuleEnvironment.h"
</span><span class="cx"> #include "JSModuleRecord.h"
</span><span class="cx"> #include "JSPropertyNameIterator.h"
</span><del>-#include "SlotVisitorInlines.h"
-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSModuleRecordcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSModuleRecord.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSModuleRecord.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSModuleRecord.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2015-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -28,15 +28,11 @@
</span><span class="cx">
</span><span class="cx"> #include "Error.h"
</span><span class="cx"> #include "Executable.h"
</span><del>-#include "IdentifierInlines.h"
-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "Interpreter.h"
+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSMap.h"
</span><span class="cx"> #include "JSModuleEnvironment.h"
</span><span class="cx"> #include "JSModuleNamespaceObject.h"
</span><del>-#include "JSObjectInlines.h"
-#include "SlotVisitorInlines.h"
-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSObjectcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSObject.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSObject.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSObject.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -88,77 +88,6 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>-ALWAYS_INLINE void JSObject::copyButterfly(CopyVisitor& visitor, Butterfly* butterfly, size_t storageSize)
-{
- ASSERT(butterfly);
-
- Structure* structure = this->structure();
-
- size_t propertyCapacity = structure->outOfLineCapacity();
- size_t preCapacity;
- size_t indexingPayloadSizeInBytes;
- bool hasIndexingHeader = this->hasIndexingHeader();
- if (UNLIKELY(hasIndexingHeader)) {
- preCapacity = butterfly->indexingHeader()->preCapacity(structure);
- indexingPayloadSizeInBytes = butterfly->indexingHeader()->indexingPayloadSizeInBytes(structure);
- } else {
- preCapacity = 0;
- indexingPayloadSizeInBytes = 0;
- }
- size_t capacityInBytes = Butterfly::totalSize(preCapacity, propertyCapacity, hasIndexingHeader, indexingPayloadSizeInBytes);
- if (visitor.checkIfShouldCopy(butterfly->base(preCapacity, propertyCapacity))) {
- Butterfly* newButterfly = Butterfly::createUninitializedDuringCollection(visitor, preCapacity, propertyCapacity, hasIndexingHeader, indexingPayloadSizeInBytes);
-
- // Copy the properties.
- PropertyStorage currentTarget = newButterfly->propertyStorage();
- PropertyStorage currentSource = butterfly->propertyStorage();
- for (size_t count = storageSize; count--;)
- (--currentTarget)->setWithoutWriteBarrier((--currentSource)->get());
-
- if (UNLIKELY(hasIndexingHeader)) {
- *newButterfly->indexingHeader() = *butterfly->indexingHeader();
-
- // Copy the array if appropriate.
-
- WriteBarrier<Unknown>* currentTarget;
- WriteBarrier<Unknown>* currentSource;
- size_t count;
-
- switch (this->indexingType()) {
- case ALL_UNDECIDED_INDEXING_TYPES:
- case ALL_CONTIGUOUS_INDEXING_TYPES:
- case ALL_INT32_INDEXING_TYPES:
- case ALL_DOUBLE_INDEXING_TYPES: {
- currentTarget = newButterfly->contiguous().data();
- currentSource = butterfly->contiguous().data();
- RELEASE_ASSERT(newButterfly->publicLength() <= newButterfly->vectorLength());
- count = newButterfly->vectorLength();
- break;
- }
-
- case ALL_ARRAY_STORAGE_INDEXING_TYPES: {
- newButterfly->arrayStorage()->copyHeaderFromDuringGC(*butterfly->arrayStorage());
- currentTarget = newButterfly->arrayStorage()->m_vector;
- currentSource = butterfly->arrayStorage()->m_vector;
- count = newButterfly->arrayStorage()->vectorLength();
- break;
- }
-
- default:
- currentTarget = 0;
- currentSource = 0;
- count = 0;
- break;
- }
-
- memcpy(currentTarget, currentSource, count * sizeof(EncodedJSValue));
- }
-
- m_butterfly.setWithoutBarrier(newButterfly);
- visitor.didCopy(butterfly->base(preCapacity, propertyCapacity), capacityInBytes);
- }
-}
-
</del><span class="cx"> ALWAYS_INLINE void JSObject::visitButterfly(SlotVisitor& visitor, Butterfly* butterfly, Structure* structure)
</span><span class="cx"> {
</span><span class="cx"> ASSERT(butterfly);
</span><span class="lines">@@ -166,22 +95,21 @@
</span><span class="cx"> size_t storageSize = structure->outOfLineSize();
</span><span class="cx"> size_t propertyCapacity = structure->outOfLineCapacity();
</span><span class="cx"> size_t preCapacity;
</span><del>- size_t indexingPayloadSizeInBytes;
</del><span class="cx"> bool hasIndexingHeader = this->hasIndexingHeader();
</span><del>- if (UNLIKELY(hasIndexingHeader)) {
</del><ins>+ if (UNLIKELY(hasIndexingHeader))
</ins><span class="cx"> preCapacity = butterfly->indexingHeader()->preCapacity(structure);
</span><del>- indexingPayloadSizeInBytes = butterfly->indexingHeader()->indexingPayloadSizeInBytes(structure);
- } else {
</del><ins>+ else
</ins><span class="cx"> preCapacity = 0;
</span><del>- indexingPayloadSizeInBytes = 0;
- }
- size_t capacityInBytes = Butterfly::totalSize(preCapacity, propertyCapacity, hasIndexingHeader, indexingPayloadSizeInBytes);
</del><ins>+
+ HeapCell* base = bitwise_cast<HeapCell*>(butterfly->base(preCapacity, propertyCapacity));
+
+ ASSERT(Heap::heap(base) == visitor.heap());
</ins><span class="cx">
</span><ins>+ // Keep the butterfly alive.
+ visitor.markAuxiliary(base);
+
</ins><span class="cx"> // Mark the properties.
</span><span class="cx"> visitor.appendValuesHidden(butterfly->propertyStorage() - storageSize, storageSize);
</span><del>- visitor.copyLater(
- this, ButterflyCopyToken,
- butterfly->base(preCapacity, propertyCapacity), capacityInBytes);
</del><span class="cx">
</span><span class="cx"> // Mark the array if appropriate.
</span><span class="cx"> switch (this->indexingType()) {
</span><span class="lines">@@ -225,19 +153,6 @@
</span><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void JSObject::copyBackingStore(JSCell* cell, CopyVisitor& visitor, CopyToken token)
-{
- JSObject* thisObject = jsCast<JSObject*>(cell);
- ASSERT_GC_OBJECT_INHERITS(thisObject, info());
-
- if (token != ButterflyCopyToken)
- return;
-
- Butterfly* butterfly = thisObject->m_butterfly.get();
- if (butterfly)
- thisObject->copyButterfly(visitor, butterfly, thisObject->structure()->outOfLineSize());
-}
-
</del><span class="cx"> void JSObject::heapSnapshot(JSCell* cell, HeapSnapshotBuilder& builder)
</span><span class="cx"> {
</span><span class="cx"> JSObject* thisObject = jsCast<JSObject*>(cell);
</span><span class="lines">@@ -783,10 +698,10 @@
</span><span class="cx"> if (!vm.prototypeMap.isPrototype(this))
</span><span class="cx"> return;
</span><span class="cx">
</span><del>- globalObject()->haveABadTime(vm);
</del><ins>+ globalObject(vm)->haveABadTime(vm);
</ins><span class="cx"> }
</span><span class="cx">
</span><del>-Butterfly* JSObject::createInitialIndexedStorage(VM& vm, unsigned length, size_t elementSize)
</del><ins>+Butterfly* JSObject::createInitialIndexedStorage(VM& vm, unsigned length)
</ins><span class="cx"> {
</span><span class="cx"> ASSERT(length < MAX_ARRAY_INDEX);
</span><span class="cx"> IndexingType oldType = indexingType();
</span><span class="lines">@@ -793,10 +708,12 @@
</span><span class="cx"> ASSERT_UNUSED(oldType, !hasIndexedProperties(oldType));
</span><span class="cx"> ASSERT(!structure()->needsSlowPutIndexing());
</span><span class="cx"> ASSERT(!indexingShouldBeSparse());
</span><del>- unsigned vectorLength = std::max(length, BASE_VECTOR_LEN);
</del><ins>+ Structure* structure = this->structure(vm);
+ unsigned propertyCapacity = structure->outOfLineCapacity();
+ unsigned vectorLength = Butterfly::optimalContiguousVectorLength(propertyCapacity, length);
</ins><span class="cx"> Butterfly* newButterfly = Butterfly::createOrGrowArrayRight(
</span><del>- m_butterfly.get(), vm, this, structure(), structure()->outOfLineCapacity(), false, 0,
- elementSize * vectorLength);
</del><ins>+ m_butterfly.get(), vm, this, structure, propertyCapacity, false, 0,
+ sizeof(EncodedJSValue) * vectorLength);
</ins><span class="cx"> newButterfly->setPublicLength(length);
</span><span class="cx"> newButterfly->setVectorLength(vectorLength);
</span><span class="cx"> return newButterfly;
</span><span class="lines">@@ -805,7 +722,7 @@
</span><span class="cx"> Butterfly* JSObject::createInitialUndecided(VM& vm, unsigned length)
</span><span class="cx"> {
</span><span class="cx"> DeferGC deferGC(vm.heap);
</span><del>- Butterfly* newButterfly = createInitialIndexedStorage(vm, length, sizeof(EncodedJSValue));
</del><ins>+ Butterfly* newButterfly = createInitialIndexedStorage(vm, length);
</ins><span class="cx"> Structure* newStructure = Structure::nonPropertyTransition(vm, structure(vm), NonPropertyTransition::AllocateUndecided);
</span><span class="cx"> setStructureAndButterfly(vm, newStructure, newButterfly);
</span><span class="cx"> return newButterfly;
</span><span class="lines">@@ -814,7 +731,9 @@
</span><span class="cx"> ContiguousJSValues JSObject::createInitialInt32(VM& vm, unsigned length)
</span><span class="cx"> {
</span><span class="cx"> DeferGC deferGC(vm.heap);
</span><del>- Butterfly* newButterfly = createInitialIndexedStorage(vm, length, sizeof(EncodedJSValue));
</del><ins>+ Butterfly* newButterfly = createInitialIndexedStorage(vm, length);
+ for (unsigned i = newButterfly->vectorLength(); i--;)
+ newButterfly->contiguousInt32()[i].setWithoutWriteBarrier(JSValue());
</ins><span class="cx"> Structure* newStructure = Structure::nonPropertyTransition(vm, structure(vm), NonPropertyTransition::AllocateInt32);
</span><span class="cx"> setStructureAndButterfly(vm, newStructure, newButterfly);
</span><span class="cx"> return newButterfly->contiguousInt32();
</span><span class="lines">@@ -823,7 +742,7 @@
</span><span class="cx"> ContiguousDoubles JSObject::createInitialDouble(VM& vm, unsigned length)
</span><span class="cx"> {
</span><span class="cx"> DeferGC deferGC(vm.heap);
</span><del>- Butterfly* newButterfly = createInitialIndexedStorage(vm, length, sizeof(double));
</del><ins>+ Butterfly* newButterfly = createInitialIndexedStorage(vm, length);
</ins><span class="cx"> for (unsigned i = newButterfly->vectorLength(); i--;)
</span><span class="cx"> newButterfly->contiguousDouble()[i] = PNaN;
</span><span class="cx"> Structure* newStructure = Structure::nonPropertyTransition(vm, structure(vm), NonPropertyTransition::AllocateDouble);
</span><span class="lines">@@ -834,7 +753,9 @@
</span><span class="cx"> ContiguousJSValues JSObject::createInitialContiguous(VM& vm, unsigned length)
</span><span class="cx"> {
</span><span class="cx"> DeferGC deferGC(vm.heap);
</span><del>- Butterfly* newButterfly = createInitialIndexedStorage(vm, length, sizeof(EncodedJSValue));
</del><ins>+ Butterfly* newButterfly = createInitialIndexedStorage(vm, length);
+ for (unsigned i = newButterfly->vectorLength(); i--;)
+ newButterfly->contiguous()[i].setWithoutWriteBarrier(JSValue());
</ins><span class="cx"> Structure* newStructure = Structure::nonPropertyTransition(vm, structure(vm), NonPropertyTransition::AllocateContiguous);
</span><span class="cx"> setStructureAndButterfly(vm, newStructure, newButterfly);
</span><span class="cx"> return newButterfly->contiguous();
</span><span class="lines">@@ -857,6 +778,8 @@
</span><span class="cx"> result->m_sparseMap.clear();
</span><span class="cx"> result->m_numValuesInVector = 0;
</span><span class="cx"> result->m_indexBias = 0;
</span><ins>+ for (size_t i = vectorLength; i--;)
+ result->m_vector[i].setWithoutWriteBarrier(JSValue());
</ins><span class="cx"> Structure* newStructure = Structure::nonPropertyTransition(vm, structure, structure->suggestedArrayStorageTransition());
</span><span class="cx"> setStructureAndButterfly(vm, newStructure, newButterfly);
</span><span class="cx"> return result;
</span><span class="lines">@@ -864,12 +787,18 @@
</span><span class="cx">
</span><span class="cx"> ArrayStorage* JSObject::createInitialArrayStorage(VM& vm)
</span><span class="cx"> {
</span><del>- return createArrayStorage(vm, 0, BASE_VECTOR_LEN);
</del><ins>+ return createArrayStorage(
+ vm, 0, ArrayStorage::optimalVectorLength(0, structure(vm)->outOfLineCapacity(), 0));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> ContiguousJSValues JSObject::convertUndecidedToInt32(VM& vm)
</span><span class="cx"> {
</span><span class="cx"> ASSERT(hasUndecided(indexingType()));
</span><ins>+
+ Butterfly* butterfly = m_butterfly.get();
+ for (unsigned i = butterfly->vectorLength(); i--;)
+ butterfly->contiguousInt32()[i].setWithoutWriteBarrier(JSValue());
+
</ins><span class="cx"> setStructure(vm, Structure::nonPropertyTransition(vm, structure(vm), NonPropertyTransition::AllocateInt32));
</span><span class="cx"> return m_butterfly.get()->contiguousInt32();
</span><span class="cx"> }
</span><span class="lines">@@ -889,6 +818,11 @@
</span><span class="cx"> ContiguousJSValues JSObject::convertUndecidedToContiguous(VM& vm)
</span><span class="cx"> {
</span><span class="cx"> ASSERT(hasUndecided(indexingType()));
</span><ins>+
+ Butterfly* butterfly = m_butterfly.get();
+ for (unsigned i = butterfly->vectorLength(); i--;)
+ butterfly->contiguous()[i].setWithoutWriteBarrier(JSValue());
+
</ins><span class="cx"> setStructure(vm, Structure::nonPropertyTransition(vm, structure(vm), NonPropertyTransition::AllocateContiguous));
</span><span class="cx"> return m_butterfly.get()->contiguous();
</span><span class="cx"> }
</span><span class="lines">@@ -925,8 +859,10 @@
</span><span class="cx">
</span><span class="cx"> unsigned vectorLength = m_butterfly.get()->vectorLength();
</span><span class="cx"> ArrayStorage* storage = constructConvertedArrayStorageWithoutCopyingElements(vm, vectorLength);
</span><del>- // No need to copy elements.
</del><span class="cx">
</span><ins>+ for (unsigned i = vectorLength; i--;)
+ storage->m_vector[i].setWithoutWriteBarrier(JSValue());
+
</ins><span class="cx"> Structure* newStructure = Structure::nonPropertyTransition(vm, structure(vm), transition);
</span><span class="cx"> setStructureAndButterfly(vm, newStructure, storage->butterfly());
</span><span class="cx"> return storage;
</span><span class="lines">@@ -946,11 +882,12 @@
</span><span class="cx"> WriteBarrier<Unknown>* current = &butterfly->contiguousInt32()[i];
</span><span class="cx"> double* currentAsDouble = bitwise_cast<double*>(current);
</span><span class="cx"> JSValue v = current->get();
</span><del>- if (!v) {
</del><ins>+ // NOTE: Since this may be used during initialization, v could be garbage. If it's garbage,
+ // that means it will be overwritten later.
+ if (!v.isInt32()) {
</ins><span class="cx"> *currentAsDouble = PNaN;
</span><span class="cx"> continue;
</span><span class="cx"> }
</span><del>- ASSERT(v.isInt32());
</del><span class="cx"> *currentAsDouble = v.asInt32();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -974,13 +911,11 @@
</span><span class="cx"> unsigned vectorLength = m_butterfly.get()->vectorLength();
</span><span class="cx"> ArrayStorage* newStorage = constructConvertedArrayStorageWithoutCopyingElements(vm, vectorLength);
</span><span class="cx"> Butterfly* butterfly = m_butterfly.get();
</span><del>- for (unsigned i = 0; i < butterfly->publicLength(); i++) {
</del><ins>+ for (unsigned i = 0; i < vectorLength; i++) {
</ins><span class="cx"> JSValue v = butterfly->contiguous()[i].get();
</span><del>- if (v) {
- newStorage->m_vector[i].setWithoutWriteBarrier(v);
</del><ins>+ newStorage->m_vector[i].setWithoutWriteBarrier(v);
+ if (v)
</ins><span class="cx"> newStorage->m_numValuesInVector++;
</span><del>- } else
- ASSERT(newStorage->m_vector[i].get().isEmpty());
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> Structure* newStructure = Structure::nonPropertyTransition(vm, structure(vm), transition);
</span><span class="lines">@@ -1022,13 +957,11 @@
</span><span class="cx"> unsigned vectorLength = m_butterfly.get()->vectorLength();
</span><span class="cx"> ArrayStorage* newStorage = constructConvertedArrayStorageWithoutCopyingElements(vm, vectorLength);
</span><span class="cx"> Butterfly* butterfly = m_butterfly.get();
</span><del>- for (unsigned i = 0; i < butterfly->publicLength(); i++) {
</del><ins>+ for (unsigned i = 0; i < vectorLength; i++) {
</ins><span class="cx"> double value = butterfly->contiguousDouble()[i];
</span><del>- if (value == value) {
- newStorage->m_vector[i].setWithoutWriteBarrier(JSValue(JSValue::EncodeAsDouble, value));
</del><ins>+ newStorage->m_vector[i].setWithoutWriteBarrier(JSValue(JSValue::EncodeAsDouble, value));
+ if (value == value)
</ins><span class="cx"> newStorage->m_numValuesInVector++;
</span><del>- } else
- ASSERT(newStorage->m_vector[i].get().isEmpty());
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> Structure* newStructure = Structure::nonPropertyTransition(vm, structure(vm), transition);
</span><span class="lines">@@ -1049,13 +982,11 @@
</span><span class="cx"> unsigned vectorLength = m_butterfly.get()->vectorLength();
</span><span class="cx"> ArrayStorage* newStorage = constructConvertedArrayStorageWithoutCopyingElements(vm, vectorLength);
</span><span class="cx"> Butterfly* butterfly = m_butterfly.get();
</span><del>- for (unsigned i = 0; i < butterfly->publicLength(); i++) {
</del><ins>+ for (unsigned i = 0; i < vectorLength; i++) {
</ins><span class="cx"> JSValue v = butterfly->contiguous()[i].get();
</span><del>- if (v) {
- newStorage->m_vector[i].setWithoutWriteBarrier(v);
</del><ins>+ newStorage->m_vector[i].setWithoutWriteBarrier(v);
+ if (v)
</ins><span class="cx"> newStorage->m_numValuesInVector++;
</span><del>- } else
- ASSERT(newStorage->m_vector[i].get().isEmpty());
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> Structure* newStructure = Structure::nonPropertyTransition(vm, structure(vm), transition);
</span><span class="lines">@@ -2406,7 +2337,7 @@
</span><span class="cx"> }
</span><span class="cx"> if (structure(vm)->needsSlowPutIndexing()) {
</span><span class="cx"> // Convert the indexing type to the SlowPutArrayStorage and retry.
</span><del>- createArrayStorage(vm, i + 1, getNewVectorLength(0, 0, i + 1));
</del><ins>+ createArrayStorage(vm, i + 1, getNewVectorLength(0, 0, 0, i + 1));
</ins><span class="cx"> return putByIndex(this, exec, i, value, shouldThrow);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -2547,7 +2478,7 @@
</span><span class="cx"> exec, i, value, attributes, mode, createArrayStorage(vm, 0, 0));
</span><span class="cx"> }
</span><span class="cx"> if (structure(vm)->needsSlowPutIndexing()) {
</span><del>- ArrayStorage* storage = createArrayStorage(vm, i + 1, getNewVectorLength(0, 0, i + 1));
</del><ins>+ ArrayStorage* storage = createArrayStorage(vm, i + 1, getNewVectorLength(0, 0, 0, i + 1));
</ins><span class="cx"> storage->m_vector[i].set(vm, this, value);
</span><span class="cx"> storage->m_numValuesInVector++;
</span><span class="cx"> return true;
</span><span class="lines">@@ -2666,7 +2597,8 @@
</span><span class="cx"> putDirectWithoutTransition(vm, propertyName, function, attributes);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-ALWAYS_INLINE unsigned JSObject::getNewVectorLength(unsigned currentVectorLength, unsigned currentLength, unsigned desiredLength)
</del><ins>+// NOTE: This method is for ArrayStorage vectors.
+ALWAYS_INLINE unsigned JSObject::getNewVectorLength(unsigned indexBias, unsigned currentVectorLength, unsigned currentLength, unsigned desiredLength)
</ins><span class="cx"> {
</span><span class="cx"> ASSERT(desiredLength <= MAX_STORAGE_VECTOR_LENGTH);
</span><span class="cx">
</span><span class="lines">@@ -2683,25 +2615,27 @@
</span><span class="cx">
</span><span class="cx"> ASSERT(increasedLength >= desiredLength);
</span><span class="cx">
</span><del>- lastArraySize = std::min(increasedLength, FIRST_VECTOR_GROW);
</del><ins>+ lastArraySize = std::min(increasedLength, FIRST_ARRAY_STORAGE_VECTOR_GROW);
</ins><span class="cx">
</span><del>- return std::min(increasedLength, MAX_STORAGE_VECTOR_LENGTH);
</del><ins>+ return ArrayStorage::optimalVectorLength(
+ indexBias, structure()->outOfLineCapacity(),
+ std::min(increasedLength, MAX_STORAGE_VECTOR_LENGTH));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> ALWAYS_INLINE unsigned JSObject::getNewVectorLength(unsigned desiredLength)
</span><span class="cx"> {
</span><del>- unsigned vectorLength;
- unsigned length;
</del><ins>+ unsigned indexBias = 0;
+ unsigned vectorLength = 0;
+ unsigned length = 0;
</ins><span class="cx">
</span><span class="cx"> if (hasIndexedProperties(indexingType())) {
</span><ins>+ if (ArrayStorage* storage = arrayStorageOrNull())
+ indexBias = storage->m_indexBias;
</ins><span class="cx"> vectorLength = m_butterfly.get()->vectorLength();
</span><span class="cx"> length = m_butterfly.get()->publicLength();
</span><del>- } else {
- vectorLength = 0;
- length = 0;
</del><span class="cx"> }
</span><span class="cx">
</span><del>- return getNewVectorLength(vectorLength, length, desiredLength);
</del><ins>+ return getNewVectorLength(indexBias, vectorLength, length, desiredLength);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> template<IndexingType indexingShape>
</span><span class="lines">@@ -2754,19 +2688,28 @@
</span><span class="cx">
</span><span class="cx"> bool JSObject::increaseVectorLength(VM& vm, unsigned newLength)
</span><span class="cx"> {
</span><ins>+ ArrayStorage* storage = arrayStorage();
+
+ unsigned vectorLength = storage->vectorLength();
+ unsigned availableVectorLength = storage->availableVectorLength(structure(vm), vectorLength);
+ if (availableVectorLength >= newLength) {
+ // The cell was already big enough for the desired length!
+ for (unsigned i = vectorLength; i < availableVectorLength; ++i)
+ storage->m_vector[i].clear();
+ storage->setVectorLength(availableVectorLength);
+ return true;
+ }
+
</ins><span class="cx"> // This function leaves the array in an internally inconsistent state, because it does not move any values from sparse value map
</span><span class="cx"> // to the vector. Callers have to account for that, because they can do it more efficiently.
</span><span class="cx"> if (newLength > MAX_STORAGE_VECTOR_LENGTH)
</span><span class="cx"> return false;
</span><span class="cx">
</span><del>- ArrayStorage* storage = arrayStorage();
-
</del><span class="cx"> if (newLength >= MIN_SPARSE_ARRAY_INDEX
</span><span class="cx"> && !isDenseEnoughForVector(newLength, storage->m_numValuesInVector))
</span><span class="cx"> return false;
</span><span class="cx">
</span><span class="cx"> unsigned indexBias = storage->m_indexBias;
</span><del>- unsigned vectorLength = storage->vectorLength();
</del><span class="cx"> ASSERT(newLength > vectorLength);
</span><span class="cx"> unsigned newVectorLength = getNewVectorLength(newLength);
</span><span class="cx">
</span><span class="lines">@@ -2779,6 +2722,8 @@
</span><span class="cx"> ArrayStorage::sizeFor(vectorLength), ArrayStorage::sizeFor(newVectorLength));
</span><span class="cx"> if (!newButterfly)
</span><span class="cx"> return false;
</span><ins>+ for (unsigned i = vectorLength; i < newVectorLength; ++i)
+ newButterfly->arrayStorage()->m_vector[i].clear();
</ins><span class="cx"> newButterfly->arrayStorage()->setVectorLength(newVectorLength);
</span><span class="cx"> setButterflyWithoutChangingStructure(vm, newButterfly);
</span><span class="cx"> return true;
</span><span class="lines">@@ -2793,6 +2738,8 @@
</span><span class="cx"> newIndexBias, true, ArrayStorage::sizeFor(newVectorLength));
</span><span class="cx"> if (!newButterfly)
</span><span class="cx"> return false;
</span><ins>+ for (unsigned i = vectorLength; i < newVectorLength; ++i)
+ newButterfly->arrayStorage()->m_vector[i].clear();
</ins><span class="cx"> newButterfly->arrayStorage()->setVectorLength(newVectorLength);
</span><span class="cx"> newButterfly->arrayStorage()->m_indexBias = newIndexBias;
</span><span class="cx"> setButterflyWithoutChangingStructure(vm, newButterfly);
</span><span class="lines">@@ -2807,25 +2754,41 @@
</span><span class="cx"> ASSERT(hasContiguous(indexingType()) || hasInt32(indexingType()) || hasDouble(indexingType()) || hasUndecided(indexingType()));
</span><span class="cx"> ASSERT(length > butterfly->vectorLength());
</span><span class="cx">
</span><del>- unsigned newVectorLength = std::min(
- length << 1,
- MAX_STORAGE_VECTOR_LENGTH);
</del><span class="cx"> unsigned oldVectorLength = butterfly->vectorLength();
</span><del>- DeferGC deferGC(vm.heap);
- butterfly = butterfly->growArrayRight(
- vm, this, structure(), structure()->outOfLineCapacity(), true,
- oldVectorLength * sizeof(EncodedJSValue),
- newVectorLength * sizeof(EncodedJSValue));
- if (!butterfly)
- return false;
- m_butterfly.set(vm, this, butterfly);
</del><ins>+ unsigned newVectorLength;
+
+ Structure* structure = this->structure(vm);
+ unsigned propertyCapacity = structure->outOfLineCapacity();
+
+ unsigned availableOldLength =
+ Butterfly::availableContiguousVectorLength(propertyCapacity, oldVectorLength);
+ if (availableOldLength >= length) {
+ // This is the case where someone else selected a vector length that caused internal
+ // fragmentation. If we did our jobs right, this would never happen. But I bet we will mess
+ // this up, so this defense should stay.
+ newVectorLength = availableOldLength;
+ } else {
+ newVectorLength = Butterfly::optimalContiguousVectorLength(
+ propertyCapacity, std::min(length << 1, MAX_STORAGE_VECTOR_LENGTH));
+ butterfly = butterfly->growArrayRight(
+ vm, this, structure, propertyCapacity, true,
+ oldVectorLength * sizeof(EncodedJSValue),
+ newVectorLength * sizeof(EncodedJSValue));
+ if (!butterfly)
+ return false;
+ m_butterfly.set(vm, this, butterfly);
+ }
</ins><span class="cx">
</span><span class="cx"> butterfly->setVectorLength(newVectorLength);
</span><span class="cx">
</span><span class="cx"> if (hasDouble(indexingType())) {
</span><span class="cx"> for (unsigned i = oldVectorLength; i < newVectorLength; ++i)
</span><del>- butterfly->contiguousDouble().data()[i] = PNaN;
</del><ins>+ butterfly->contiguousDouble()[i] = PNaN;
+ } else {
+ for (unsigned i = oldVectorLength; i < newVectorLength; ++i)
+ butterfly->contiguous()[i].clear();
</ins><span class="cx"> }
</span><ins>+
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSObjecth"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSObject.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSObject.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSObject.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,15 +26,14 @@
</span><span class="cx"> #include "ArgList.h"
</span><span class="cx"> #include "ArrayConventions.h"
</span><span class="cx"> #include "ArrayStorage.h"
</span><ins>+#include "AuxiliaryBarrier.h"
</ins><span class="cx"> #include "Butterfly.h"
</span><span class="cx"> #include "CallFrame.h"
</span><span class="cx"> #include "ClassInfo.h"
</span><span class="cx"> #include "CommonIdentifiers.h"
</span><del>-#include "CopyBarrier.h"
</del><span class="cx"> #include "CustomGetterSetter.h"
</span><span class="cx"> #include "DeferGC.h"
</span><span class="cx"> #include "Heap.h"
</span><del>-#include "HeapInlines.h"
</del><span class="cx"> #include "IndexingHeaderInlines.h"
</span><span class="cx"> #include "JSCell.h"
</span><span class="cx"> #include "PropertySlot.h"
</span><span class="lines">@@ -103,7 +102,6 @@
</span><span class="cx">
</span><span class="cx"> JS_EXPORT_PRIVATE static size_t estimatedSize(JSCell*);
</span><span class="cx"> JS_EXPORT_PRIVATE static void visitChildren(JSCell*, SlotVisitor&);
</span><del>- JS_EXPORT_PRIVATE static void copyBackingStore(JSCell*, CopyVisitor&, CopyToken);
</del><span class="cx"> JS_EXPORT_PRIVATE static void heapSnapshot(JSCell*, HeapSnapshotBuilder&);
</span><span class="cx">
</span><span class="cx"> JS_EXPORT_PRIVATE static String className(const JSObject*);
</span><span class="lines">@@ -420,6 +418,8 @@
</span><span class="cx"> initializeIndex(vm, i, v, indexingType());
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ // NOTE: Clients of this method may call it more than once for any index, and this is supposed
+ // to work.
</ins><span class="cx"> void initializeIndex(VM& vm, unsigned i, JSValue v, IndexingType indexingType)
</span><span class="cx"> {
</span><span class="cx"> Butterfly* butterfly = m_butterfly.get();
</span><span class="lines">@@ -692,8 +692,6 @@
</span><span class="cx">
</span><span class="cx"> void setStructure(VM&, Structure*);
</span><span class="cx"> void setStructureAndButterfly(VM&, Structure*, Butterfly*);
</span><del>- void setStructureAndReallocateStorageIfNecessary(VM&, unsigned oldCapacity, Structure*);
- void setStructureAndReallocateStorageIfNecessary(VM&, Structure*);
</del><span class="cx">
</span><span class="cx"> JS_EXPORT_PRIVATE void convertToDictionary(VM&);
</span><span class="cx">
</span><span class="lines">@@ -710,6 +708,13 @@
</span><span class="cx"> return structure()->globalObject();
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ JSGlobalObject* globalObject(VM& vm) const
+ {
+ ASSERT(structure(vm)->globalObject());
+ ASSERT(!isGlobalObject() || ((JSObject*)structure()->globalObject()) == this);
+ return structure(vm)->globalObject();
+ }
+
</ins><span class="cx"> void switchToSlowPutArrayStorage(VM&);
</span><span class="cx">
</span><span class="cx"> // The receiver is the prototype in this case. The following:
</span><span class="lines">@@ -803,7 +808,6 @@
</span><span class="cx"> JSObject(VM&, Structure*, Butterfly* = 0);
</span><span class="cx">
</span><span class="cx"> void visitButterfly(SlotVisitor&, Butterfly*, Structure*);
</span><del>- void copyButterfly(CopyVisitor&, Butterfly*, size_t storageSize);
</del><span class="cx">
</span><span class="cx"> // Call this if you know that the object is in a mode where it has array
</span><span class="cx"> // storage. This will assert otherwise.
</span><span class="lines">@@ -914,7 +918,7 @@
</span><span class="cx"> void isObject();
</span><span class="cx"> void isString();
</span><span class="cx">
</span><del>- Butterfly* createInitialIndexedStorage(VM&, unsigned length, size_t elementSize);
</del><ins>+ Butterfly* createInitialIndexedStorage(VM&, unsigned length);
</ins><span class="cx">
</span><span class="cx"> ArrayStorage* enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(VM&, ArrayStorage*);
</span><span class="cx">
</span><span class="lines">@@ -938,7 +942,7 @@
</span><span class="cx"> bool putDirectIndexBeyondVectorLengthWithArrayStorage(ExecState*, unsigned propertyName, JSValue, unsigned attributes, PutDirectIndexMode, ArrayStorage*);
</span><span class="cx"> JS_EXPORT_PRIVATE bool putDirectIndexBeyondVectorLength(ExecState*, unsigned propertyName, JSValue, unsigned attributes, PutDirectIndexMode);
</span><span class="cx">
</span><del>- unsigned getNewVectorLength(unsigned currentVectorLength, unsigned currentLength, unsigned desiredLength);
</del><ins>+ unsigned getNewVectorLength(unsigned indexBias, unsigned currentVectorLength, unsigned currentLength, unsigned desiredLength);
</ins><span class="cx"> unsigned getNewVectorLength(unsigned desiredLength);
</span><span class="cx">
</span><span class="cx"> ArrayStorage* constructConvertedArrayStorageWithoutCopyingElements(VM&, unsigned neededLength);
</span><span class="lines">@@ -955,7 +959,7 @@
</span><span class="cx"> JS_EXPORT_PRIVATE ArrayStorage* ensureArrayStorageSlow(VM&);
</span><span class="cx">
</span><span class="cx"> protected:
</span><del>- CopyBarrier<Butterfly> m_butterfly;
</del><ins>+ AuxiliaryBarrier<Butterfly*> m_butterfly;
</ins><span class="cx"> #if USE(JSVALUE32_64)
</span><span class="cx"> private:
</span><span class="cx"> uint32_t m_padding;
</span><span class="lines">@@ -1417,8 +1421,16 @@
</span><span class="cx">
</span><span class="cx"> validateOffset(offset);
</span><span class="cx"> ASSERT(newStructure->isValidOffset(offset));
</span><del>- setStructureAndReallocateStorageIfNecessary(vm, newStructure);
-
</del><ins>+ DeferGC deferGC(vm.heap);
+ size_t oldCapacity = structure->outOfLineCapacity();
+ size_t newCapacity = newStructure->outOfLineCapacity();
+ ASSERT(oldCapacity <= newCapacity);
+ if (oldCapacity == newCapacity)
+ setStructure(vm, newStructure);
+ else {
+ Butterfly* newButterfly = growOutOfLineStorage(vm, oldCapacity, newCapacity);
+ setStructureAndButterfly(vm, newStructure, newButterfly);
+ }
</ins><span class="cx"> putDirect(vm, offset, value);
</span><span class="cx"> slot.setNewProperty(this, offset);
</span><span class="cx"> if (attributes & ReadOnly)
</span><span class="lines">@@ -1426,27 +1438,6 @@
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline void JSObject::setStructureAndReallocateStorageIfNecessary(VM& vm, unsigned oldCapacity, Structure* newStructure)
-{
- ASSERT(oldCapacity <= newStructure->outOfLineCapacity());
-
- if (oldCapacity == newStructure->outOfLineCapacity()) {
- setStructure(vm, newStructure);
- return;
- }
-
- DeferGC deferGC(vm.heap);
- Butterfly* newButterfly = growOutOfLineStorage(
- vm, oldCapacity, newStructure->outOfLineCapacity());
- setStructureAndButterfly(vm, newStructure, newButterfly);
-}
-
-inline void JSObject::setStructureAndReallocateStorageIfNecessary(VM& vm, Structure* newStructure)
-{
- setStructureAndReallocateStorageIfNecessary(
- vm, structure(vm)->outOfLineCapacity(), newStructure);
-}
-
</del><span class="cx"> inline bool JSObject::putOwnDataProperty(VM& vm, PropertyName propertyName, JSValue value, PutPropertySlot& slot)
</span><span class="cx"> {
</span><span class="cx"> ASSERT(value);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSObjectInlinesh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSObjectInlines.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSObjectInlines.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSObjectInlines.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,7 +1,7 @@
</span><span class="cx"> /*
</span><span class="cx"> * Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
</span><span class="cx"> * Copyright (C) 2001 Peter Kelly (pmk@post.com)
</span><del>- * Copyright (C) 2003-2006, 2008, 2009, 2012-2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2003-2006, 2008, 2009, 2012-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> * Copyright (C) 2007 Eric Seidel (eric@webkit.org)
</span><span class="cx"> *
</span><span class="cx"> * This library is free software; you can redistribute it and/or
</span><span class="lines">@@ -24,6 +24,7 @@
</span><span class="cx"> #ifndef JSObjectInlines_h
</span><span class="cx"> #define JSObjectInlines_h
</span><span class="cx">
</span><ins>+#include "AuxiliaryBarrierInlines.h"
</ins><span class="cx"> #include "Error.h"
</span><span class="cx"> #include "JSObject.h"
</span><span class="cx"> #include "Lookup.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSPromisecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSPromise.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSPromise.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSPromise.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,12 +28,9 @@
</span><span class="cx">
</span><span class="cx"> #include "BuiltinNames.h"
</span><span class="cx"> #include "Error.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSPromiseConstructor.h"
</span><span class="cx"> #include "Microtask.h"
</span><del>-#include "SlotVisitorInlines.h"
-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSPromiseConstructorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSPromiseConstructor.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSPromiseConstructor.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSPromiseConstructor.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -32,14 +32,12 @@
</span><span class="cx"> #include "GetterSetter.h"
</span><span class="cx"> #include "IteratorOperations.h"
</span><span class="cx"> #include "JSCBuiltins.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSFunction.h"
</span><span class="cx"> #include "JSPromise.h"
</span><span class="cx"> #include "JSPromisePrototype.h"
</span><span class="cx"> #include "Lookup.h"
</span><span class="cx"> #include "NumberObject.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSPromiseDeferredcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSPromiseDeferred.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSPromiseDeferred.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSPromiseDeferred.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,13 +29,10 @@
</span><span class="cx"> #include "BuiltinNames.h"
</span><span class="cx"> #include "Error.h"
</span><span class="cx"> #include "Exception.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSObjectInlines.h"
</span><span class="cx"> #include "JSPromise.h"
</span><span class="cx"> #include "JSPromiseConstructor.h"
</span><del>-#include "SlotVisitorInlines.h"
-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSPromisePrototypecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSPromisePrototype.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSPromisePrototype.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSPromisePrototype.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,13 +29,11 @@
</span><span class="cx"> #include "BuiltinNames.h"
</span><span class="cx"> #include "Error.h"
</span><span class="cx"> #include "JSCBuiltins.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSFunction.h"
</span><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx"> #include "JSPromise.h"
</span><span class="cx"> #include "Microtask.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSPropertyNameIteratorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSPropertyNameIterator.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSPropertyNameIterator.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSPropertyNameIterator.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2015 Apple, Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2015-2016 Apple, Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -26,13 +26,9 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "JSPropertyNameIterator.h"
</span><span class="cx">
</span><del>-#include "IdentifierInlines.h"
</del><span class="cx"> #include "IteratorOperations.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSPropertyNameEnumerator.h"
</span><del>-#include "SlotVisitorInlines.h"
-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSScopecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSScope.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSScope.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSScope.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -217,6 +217,7 @@
</span><span class="cx">
</span><span class="cx"> JSObject* JSScope::resolve(ExecState* exec, JSScope* scope, const Identifier& ident)
</span><span class="cx"> {
</span><ins>+ VM& vm = exec->vm();
</ins><span class="cx"> ScopeChainIterator end = scope->end();
</span><span class="cx"> ScopeChainIterator it = scope->begin();
</span><span class="cx"> while (1) {
</span><span class="lines">@@ -225,7 +226,7 @@
</span><span class="cx">
</span><span class="cx"> // Global scope.
</span><span class="cx"> if (++it == end) {
</span><del>- JSScope* globalScopeExtension = scope->globalObject()->globalScopeExtension();
</del><ins>+ JSScope* globalScopeExtension = scope->globalObject(vm)->globalScopeExtension();
</ins><span class="cx"> if (UNLIKELY(globalScopeExtension)) {
</span><span class="cx"> if (object->hasProperty(exec, ident))
</span><span class="cx"> return object;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSScopeh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSScope.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSScope.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSScope.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -69,7 +69,7 @@
</span><span class="cx"> JSScope* next();
</span><span class="cx">
</span><span class="cx"> JSGlobalObject* globalObject();
</span><del>- VM* vm();
</del><ins>+ JSGlobalObject* globalObject(VM&);
</ins><span class="cx"> JSObject* globalThis();
</span><span class="cx">
</span><span class="cx"> SymbolTable* symbolTable();
</span><span class="lines">@@ -129,9 +129,9 @@
</span><span class="cx"> return structure()->globalObject();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-inline VM* JSScope::vm()
</del><ins>+inline JSGlobalObject* JSScope::globalObject(VM& vm)
</ins><span class="cx"> {
</span><del>- return MarkedBlock::blockFor(this)->vm();
</del><ins>+ return structure(vm)->globalObject();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> inline Register& Register::operator=(JSScope* scope)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSSetIteratorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSSetIterator.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSSetIterator.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSSetIterator.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple, Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2016 Apple, Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -26,12 +26,9 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "JSSetIterator.h"
</span><span class="cx">
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSSet.h"
</span><span class="cx"> #include "MapDataInlines.h"
</span><del>-#include "SlotVisitorInlines.h"
-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSStringIteratorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSStringIterator.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSStringIterator.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSStringIterator.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,9 +28,7 @@
</span><span class="cx"> #include "JSStringIterator.h"
</span><span class="cx">
</span><span class="cx"> #include "BuiltinNames.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
-#include "StructureInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSTemplateRegistryKeycpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSTemplateRegistryKey.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSTemplateRegistryKey.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSTemplateRegistryKey.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,6 @@
</span><span class="cx"> /*
</span><span class="cx"> * Copyright (C) 2015 Yusuke Suzuki <utatane.tea@gmail.com>.
</span><ins>+ * Copyright (C) 2016 Apple Inc. All Rights Reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -26,9 +27,7 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "JSTemplateRegistryKey.h"
</span><span class="cx">
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
-#include "StructureInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "VM.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSTypedArrayViewConstructorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSTypedArrayViewConstructor.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSTypedArrayViewConstructor.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSTypedArrayViewConstructor.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -30,9 +30,8 @@
</span><span class="cx"> #include "Error.h"
</span><span class="cx"> #include "GetterSetter.h"
</span><span class="cx"> #include "JSCBuiltins.h"
</span><del>-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSGenericTypedArrayViewConstructorInlines.h"
</span><del>-#include "JSObject.h"
</del><span class="cx"> #include "JSTypedArrayViewPrototype.h"
</span><span class="cx"> #include "JSTypedArrays.h"
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSTypedArrayViewPrototypecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,7 +29,7 @@
</span><span class="cx"> #include "BuiltinNames.h"
</span><span class="cx"> #include "CallFrame.h"
</span><span class="cx"> #include "GetterSetter.h"
</span><del>-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSFunction.h"
</span><span class="cx"> #include "JSGenericTypedArrayViewPrototypeFunctions.h"
</span><span class="cx"> #include "JSObjectInlines.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSWeakMapcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSWeakMap.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSWeakMap.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSWeakMap.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,11 +26,8 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "JSWeakMap.h"
</span><span class="cx">
</span><del>-#include "JSCJSValueInlines.h"
-#include "SlotVisitorInlines.h"
-#include "StructureInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "WeakMapData.h"
</span><del>-#include "WriteBarrierInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeJSWeakSetcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSWeakSet.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSWeakSet.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/JSWeakSet.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,11 +26,8 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "JSWeakSet.h"
</span><span class="cx">
</span><del>-#include "JSCJSValueInlines.h"
-#include "SlotVisitorInlines.h"
-#include "StructureInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "WeakMapData.h"
</span><del>-#include "WriteBarrierInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeMapConstructorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/MapConstructor.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/MapConstructor.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/MapConstructor.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,13 +29,11 @@
</span><span class="cx"> #include "Error.h"
</span><span class="cx"> #include "GetterSetter.h"
</span><span class="cx"> #include "IteratorOperations.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx"> #include "JSMap.h"
</span><span class="cx"> #include "JSObjectInlines.h"
</span><span class="cx"> #include "MapPrototype.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeMapIteratorPrototypecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/MapIteratorPrototype.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/MapIteratorPrototype.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/MapIteratorPrototype.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -27,10 +27,8 @@
</span><span class="cx"> #include "MapIteratorPrototype.h"
</span><span class="cx">
</span><span class="cx"> #include "IteratorOperations.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSMapIterator.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeMapPrototypecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/MapPrototype.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/MapPrototype.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/MapPrototype.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -31,13 +31,11 @@
</span><span class="cx"> #include "ExceptionHelpers.h"
</span><span class="cx"> #include "GetterSetter.h"
</span><span class="cx"> #include "IteratorOperations.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSFunctionInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSMap.h"
</span><span class="cx"> #include "JSMapIterator.h"
</span><span class="cx"> #include "Lookup.h"
</span><span class="cx"> #include "MapDataInlines.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> #include "MapPrototype.lut.h"
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeNativeErrorConstructorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/NativeErrorConstructor.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/NativeErrorConstructor.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/NativeErrorConstructor.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -22,6 +22,7 @@
</span><span class="cx"> #include "NativeErrorConstructor.h"
</span><span class="cx">
</span><span class="cx"> #include "ErrorInstance.h"
</span><ins>+#include "Interpreter.h"
</ins><span class="cx"> #include "JSFunction.h"
</span><span class="cx"> #include "JSString.h"
</span><span class="cx"> #include "NativeErrorPrototype.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeNativeStdFunctionCellcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/NativeStdFunctionCell.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/NativeStdFunctionCell.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/NativeStdFunctionCell.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,10 +26,7 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "NativeStdFunctionCell.h"
</span><span class="cx">
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
-#include "JSFunctionInlines.h"
-#include "SlotVisitorInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeOperationsh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Operations.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Operations.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Operations.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -199,6 +199,20 @@
</span><span class="cx"> return jsAddSlowCase(callFrame, v1, v2);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+inline bool scribbleFreeCells()
+{
+ return !ASSERT_DISABLED || Options::scribbleFreeCells();
+}
+
+inline void scribble(void* base, size_t size)
+{
+ for (size_t i = size / sizeof(EncodedJSValue); i--;) {
+ // Use a 16-byte aligned value to ensure that it passes the cell check.
+ static_cast<EncodedJSValue*>(base)[i] = JSValue::encode(
+ bitwise_cast<JSCell*>(static_cast<intptr_t>(0xbadbeef0)));
+ }
+}
+
</ins><span class="cx"> } // namespace JSC
</span><span class="cx">
</span><span class="cx"> #endif // Operations_h
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeOptionscpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Options.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Options.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Options.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -370,7 +370,7 @@
</span><span class="cx"> Options::useOSREntryToDFG() = false;
</span><span class="cx"> Options::useOSREntryToFTL() = false;
</span><span class="cx"> }
</span><del>-
</del><ins>+
</ins><span class="cx"> #if PLATFORM(IOS) && !PLATFORM(IOS_SIMULATOR) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 100000
</span><span class="cx"> // Override globally for now. Longer term we'll just make the default
</span><span class="cx"> // be to have this option enabled, and have platforms that don't support
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeOptionsh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Options.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Options.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/Options.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -182,6 +182,11 @@
</span><span class="cx"> v(bool, testTheFTL, false, Normal, nullptr) \
</span><span class="cx"> v(bool, verboseSanitizeStack, false, Normal, nullptr) \
</span><span class="cx"> v(bool, useGenerationalGC, true, Normal, nullptr) \
</span><ins>+ v(bool, scribbleFreeCells, false, Normal, nullptr) \
+ v(double, sizeClassProgression, 1.4, Normal, nullptr) \
+ v(unsigned, largeAllocationCutoff, 100000, Normal, nullptr) \
+ v(bool, dumpSizeClasses, false, Normal, nullptr) \
+ v(bool, useBumpAllocator, true, Normal, nullptr) \
</ins><span class="cx"> v(bool, eagerlyUpdateTopCallFrame, false, Normal, nullptr) \
</span><span class="cx"> \
</span><span class="cx"> v(bool, useOSREntryToDFG, true, Normal, nullptr) \
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimePropertyTablecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/PropertyTable.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/PropertyTable.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/PropertyTable.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,10 +26,7 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "PropertyMapHashTable.h"
</span><span class="cx">
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
-#include "SlotVisitorInlines.h"
-#include "StructureInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeProxyConstructorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ProxyConstructor.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ProxyConstructor.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ProxyConstructor.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,8 +28,7 @@
</span><span class="cx">
</span><span class="cx"> #include "Error.h"
</span><span class="cx"> #include "IdentifierInlines.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "ObjectConstructor.h"
</span><span class="cx"> #include "ObjectPrototype.h"
</span><span class="cx"> #include "ProxyObject.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeProxyObjectcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ProxyObject.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ProxyObject.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ProxyObject.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,8 +29,7 @@
</span><span class="cx"> #include "ArrayConstructor.h"
</span><span class="cx"> #include "Error.h"
</span><span class="cx"> #include "IdentifierInlines.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSObjectInlines.h"
</span><span class="cx"> #include "ObjectConstructor.h"
</span><span class="cx"> #include "SlotVisitorInlines.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeProxyRevokecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ProxyRevoke.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ProxyRevoke.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ProxyRevoke.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,10 +26,8 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "ProxyRevoke.h"
</span><span class="cx">
</span><del>-#include "JSCJSValueInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "ProxyObject.h"
</span><del>-#include "SlotVisitorInlines.h"
-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeRegExpcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExp.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExp.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExp.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -296,13 +296,13 @@
</span><span class="cx"> m_regExpBytecode = Yarr::byteCompile(pattern, &vm->m_regExpAllocator, &vm->m_regExpAllocatorLock);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-int RegExp::match(VM& vm, const String& s, unsigned startOffset, Vector<int, 32>& ovector)
</del><ins>+int RegExp::match(VM& vm, const String& s, unsigned startOffset, Vector<int>& ovector)
</ins><span class="cx"> {
</span><span class="cx"> return matchInline(vm, s, startOffset, ovector);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> bool RegExp::matchConcurrently(
</span><del>- VM& vm, const String& s, unsigned startOffset, int& position, Vector<int, 32>& ovector)
</del><ins>+ VM& vm, const String& s, unsigned startOffset, int& position, Vector<int>& ovector)
</ins><span class="cx"> {
</span><span class="cx"> ConcurrentJITLocker locker(m_lock);
</span><span class="cx">
</span><span class="lines">@@ -382,7 +382,7 @@
</span><span class="cx"> void RegExp::matchCompareWithInterpreter(const String& s, int startOffset, int* offsetVector, int jitResult)
</span><span class="cx"> {
</span><span class="cx"> int offsetVectorSize = (m_numSubpatterns + 1) * 2;
</span><del>- Vector<int, 32> interpreterOvector;
</del><ins>+ Vector<int> interpreterOvector;
</ins><span class="cx"> interpreterOvector.resize(offsetVectorSize);
</span><span class="cx"> int* interpreterOffsetVector = interpreterOvector.data();
</span><span class="cx"> int interpreterResult = 0;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeRegExph"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExp.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExp.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExp.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -64,10 +64,10 @@
</span><span class="cx"> bool isValid() const { return !m_constructionError && m_flags != InvalidFlags; }
</span><span class="cx"> const char* errorMessage() const { return m_constructionError; }
</span><span class="cx">
</span><del>- JS_EXPORT_PRIVATE int match(VM&, const String&, unsigned startOffset, Vector<int, 32>& ovector);
</del><ins>+ JS_EXPORT_PRIVATE int match(VM&, const String&, unsigned startOffset, Vector<int>& ovector);
</ins><span class="cx">
</span><span class="cx"> // Returns false if we couldn't run the regular expression for any reason.
</span><del>- bool matchConcurrently(VM&, const String&, unsigned startOffset, int& position, Vector<int, 32>& ovector);
</del><ins>+ bool matchConcurrently(VM&, const String&, unsigned startOffset, int& position, Vector<int>& ovector);
</ins><span class="cx">
</span><span class="cx"> JS_EXPORT_PRIVATE MatchResult match(VM&, const String&, unsigned startOffset);
</span><span class="cx">
</span><span class="lines">@@ -74,7 +74,8 @@
</span><span class="cx"> bool matchConcurrently(VM&, const String&, unsigned startOffset, MatchResult&);
</span><span class="cx">
</span><span class="cx"> // Call these versions of the match functions if you're desperate for performance.
</span><del>- int matchInline(VM&, const String&, unsigned startOffset, Vector<int, 32>& ovector);
</del><ins>+ template<typename VectorType>
+ int matchInline(VM&, const String&, unsigned startOffset, VectorType& ovector);
</ins><span class="cx"> MatchResult matchInline(VM&, const String&, unsigned startOffset);
</span><span class="cx">
</span><span class="cx"> unsigned numSubpatterns() const { return m_numSubpatterns; }
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeRegExpConstructorh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExpConstructor.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExpConstructor.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExpConstructor.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -80,7 +80,7 @@
</span><span class="cx">
</span><span class="cx"> RegExpCachedResult m_cachedResult;
</span><span class="cx"> bool m_multiline;
</span><del>- Vector<int, 32> m_ovector;
</del><ins>+ Vector<int> m_ovector;
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> RegExpConstructor* asRegExpConstructor(JSValue);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeRegExpInlinesh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExpInlines.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExpInlines.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExpInlines.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -94,7 +94,8 @@
</span><span class="cx"> compile(&vm, charSize);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-ALWAYS_INLINE int RegExp::matchInline(VM& vm, const String& s, unsigned startOffset, Vector<int, 32>& ovector)
</del><ins>+template<typename VectorType>
+ALWAYS_INLINE int RegExp::matchInline(VM& vm, const String& s, unsigned startOffset, VectorType& ovector)
</ins><span class="cx"> {
</span><span class="cx"> #if ENABLE(REGEXP_TRACING)
</span><span class="cx"> m_rtMatchCallCount++;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeRegExpMatchesArrayh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExpMatchesArray.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExpMatchesArray.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExpMatchesArray.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -34,17 +34,20 @@
</span><span class="cx">
</span><span class="cx"> ALWAYS_INLINE JSArray* tryCreateUninitializedRegExpMatchesArray(VM& vm, Structure* structure, unsigned initialLength)
</span><span class="cx"> {
</span><del>- unsigned vectorLength = std::max(BASE_VECTOR_LEN, initialLength);
</del><ins>+ unsigned vectorLength = initialLength;
</ins><span class="cx"> if (vectorLength > MAX_STORAGE_VECTOR_LENGTH)
</span><span class="cx"> return 0;
</span><span class="cx">
</span><del>- void* temp;
- if (!vm.heap.tryAllocateStorage(0, Butterfly::totalSize(0, structure->outOfLineCapacity(), true, vectorLength * sizeof(EncodedJSValue)), &temp))
- return 0;
</del><ins>+ void* temp = vm.heap.tryAllocateAuxiliary(nullptr, Butterfly::totalSize(0, structure->outOfLineCapacity(), true, vectorLength * sizeof(EncodedJSValue)));
+ if (!temp)
+ return nullptr;
</ins><span class="cx"> Butterfly* butterfly = Butterfly::fromBase(temp, 0, structure->outOfLineCapacity());
</span><span class="cx"> butterfly->setVectorLength(vectorLength);
</span><span class="cx"> butterfly->setPublicLength(initialLength);
</span><del>-
</del><ins>+
+ for (unsigned i = initialLength; i < vectorLength; ++i)
+ butterfly->contiguous()[i].clear();
+
</ins><span class="cx"> return JSArray::createWithButterfly(vm, structure, butterfly);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -67,40 +70,54 @@
</span><span class="cx"> // FIXME: This should handle array allocation errors gracefully.
</span><span class="cx"> // https://bugs.webkit.org/show_bug.cgi?id=155144
</span><span class="cx">
</span><ins>+ auto setProperties = [&] () {
+ array->putDirect(vm, RegExpMatchesArrayIndexPropertyOffset, jsNumber(result.start));
+ array->putDirect(vm, RegExpMatchesArrayInputPropertyOffset, input);
+ };
+
+ unsigned numSubpatterns = regExp->numSubpatterns();
+
</ins><span class="cx"> if (UNLIKELY(globalObject->isHavingABadTime())) {
</span><del>- array = JSArray::tryCreateUninitialized(vm, globalObject->regExpMatchesArrayStructure(), regExp->numSubpatterns() + 1);
</del><ins>+ array = JSArray::tryCreateUninitialized(vm, globalObject->regExpMatchesArrayStructure(), numSubpatterns + 1);
</ins><span class="cx">
</span><ins>+ setProperties();
+
+ array->initializeIndex(vm, 0, jsUndefined());
+
+ for (unsigned i = 1; i <= numSubpatterns; ++i)
+ array->initializeIndex(vm, i, jsUndefined());
+
+ // Now the object is safe to scan by GC.
+
</ins><span class="cx"> array->initializeIndex(vm, 0, jsSubstringOfResolved(vm, input, result.start, result.end - result.start));
</span><span class="cx">
</span><del>- if (unsigned numSubpatterns = regExp->numSubpatterns()) {
- for (unsigned i = 1; i <= numSubpatterns; ++i) {
- int start = subpatternResults[2 * i];
- if (start >= 0)
- array->initializeIndex(vm, i, JSRopeString::createSubstringOfResolved(vm, input, start, subpatternResults[2 * i + 1] - start));
- else
- array->initializeIndex(vm, i, jsUndefined());
- }
</del><ins>+ for (unsigned i = 1; i <= numSubpatterns; ++i) {
+ int start = subpatternResults[2 * i];
+ if (start >= 0)
+ array->initializeIndex(vm, i, JSRopeString::createSubstringOfResolved(vm, input, start, subpatternResults[2 * i + 1] - start));
</ins><span class="cx"> }
</span><span class="cx"> } else {
</span><del>- array = tryCreateUninitializedRegExpMatchesArray(vm, globalObject->regExpMatchesArrayStructure(), regExp->numSubpatterns() + 1);
</del><ins>+ array = tryCreateUninitializedRegExpMatchesArray(vm, globalObject->regExpMatchesArrayStructure(), numSubpatterns + 1);
</ins><span class="cx"> RELEASE_ASSERT(array);
</span><span class="cx">
</span><ins>+ setProperties();
+
+ array->initializeIndex(vm, 0, jsUndefined(), ArrayWithContiguous);
+
+ for (unsigned i = 1; i <= numSubpatterns; ++i)
+ array->initializeIndex(vm, i, jsUndefined(), ArrayWithContiguous);
+
+ // Now the object is safe to scan by GC.
+
</ins><span class="cx"> array->initializeIndex(vm, 0, jsSubstringOfResolved(vm, input, result.start, result.end - result.start), ArrayWithContiguous);
</span><span class="cx">
</span><del>- if (unsigned numSubpatterns = regExp->numSubpatterns()) {
- for (unsigned i = 1; i <= numSubpatterns; ++i) {
- int start = subpatternResults[2 * i];
- if (start >= 0)
- array->initializeIndex(vm, i, JSRopeString::createSubstringOfResolved(vm, input, start, subpatternResults[2 * i + 1] - start), ArrayWithContiguous);
- else
- array->initializeIndex(vm, i, jsUndefined(), ArrayWithContiguous);
- }
</del><ins>+ for (unsigned i = 1; i <= numSubpatterns; ++i) {
+ int start = subpatternResults[2 * i];
+ if (start >= 0)
+ array->initializeIndex(vm, i, JSRopeString::createSubstringOfResolved(vm, input, start, subpatternResults[2 * i + 1] - start), ArrayWithContiguous);
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><del>- array->putDirect(vm, RegExpMatchesArrayIndexPropertyOffset, jsNumber(result.start));
- array->putDirect(vm, RegExpMatchesArrayInputPropertyOffset, input);
-
</del><span class="cx"> return array;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeRegExpPrototypecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExpPrototype.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExpPrototype.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RegExpPrototype.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -503,12 +503,14 @@
</span><span class="cx"> unsigned& matchPosition, bool regExpIsSticky, bool regExpIsUnicode,
</span><span class="cx"> const ControlFunc& control, const PushFunc& push)
</span><span class="cx"> {
</span><ins>+ Vector<int> ovector;
+
</ins><span class="cx"> while (matchPosition < inputSize) {
</span><span class="cx"> if (control() == AbortSplit)
</span><span class="cx"> return;
</span><span class="cx">
</span><del>- Vector<int, 32> ovector;
-
</del><ins>+ ovector.resize(0);
+
</ins><span class="cx"> // a. Perform ? Set(splitter, "lastIndex", q, true).
</span><span class="cx"> // b. Let z be ? RegExpExec(splitter, S).
</span><span class="cx"> int mpos = regexp->match(vm, input, matchPosition, ovector);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeRuntimeTypecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RuntimeType.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RuntimeType.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/RuntimeType.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,8 +28,7 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "RuntimeType.h"
</span><span class="cx">
</span><del>-#include "JSCJSValue.h"
-#include "JSCJSValueInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeSamplingProfilercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/SamplingProfiler.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/SamplingProfiler.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/SamplingProfiler.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -33,6 +33,7 @@
</span><span class="cx"> #include "Executable.h"
</span><span class="cx"> #include "HeapInlines.h"
</span><span class="cx"> #include "HeapIterationScope.h"
</span><ins>+#include "HeapUtil.h"
</ins><span class="cx"> #include "InlineCallFrame.h"
</span><span class="cx"> #include "Interpreter.h"
</span><span class="cx"> #include "JSCJSValueInlines.h"
</span><span class="lines">@@ -357,7 +358,6 @@
</span><span class="cx"> RELEASE_ASSERT(m_lock.isLocked());
</span><span class="cx">
</span><span class="cx"> TinyBloomFilter filter = m_vm.heap.objectSpace().blocks().filter();
</span><del>- MarkedBlockSet& markedBlockSet = m_vm.heap.objectSpace().blocks();
</del><span class="cx">
</span><span class="cx"> for (UnprocessedStackTrace& unprocessedStackTrace : m_unprocessedStackTraces) {
</span><span class="cx"> m_stackTraces.append(StackTrace());
</span><span class="lines">@@ -391,7 +391,7 @@
</span><span class="cx"> JSValue callee = JSValue::decode(encodedCallee);
</span><span class="cx"> StackFrame& stackFrame = stackTrace.frames.last();
</span><span class="cx"> bool alreadyHasExecutable = !!stackFrame.executable;
</span><del>- if (!Heap::isValueGCObject(filter, markedBlockSet, callee)) {
</del><ins>+ if (!HeapUtil::isValueGCObject(m_vm.heap, filter, callee)) {
</ins><span class="cx"> if (!alreadyHasExecutable)
</span><span class="cx"> stackFrame.frameType = FrameType::Unknown;
</span><span class="cx"> return;
</span><span class="lines">@@ -436,7 +436,7 @@
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- RELEASE_ASSERT(Heap::isPointerGCObject(filter, markedBlockSet, executable));
</del><ins>+ RELEASE_ASSERT(HeapUtil::isPointerGCObjectJSCell(m_vm.heap, filter, executable));
</ins><span class="cx"> stackFrame.frameType = FrameType::Executable;
</span><span class="cx"> stackFrame.executable = executable;
</span><span class="cx"> m_liveCellPointers.add(executable);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeSetConstructorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/SetConstructor.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/SetConstructor.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/SetConstructor.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,14 +29,12 @@
</span><span class="cx"> #include "Error.h"
</span><span class="cx"> #include "GetterSetter.h"
</span><span class="cx"> #include "IteratorOperations.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx"> #include "JSObjectInlines.h"
</span><span class="cx"> #include "JSSet.h"
</span><span class="cx"> #include "MapData.h"
</span><span class="cx"> #include "SetPrototype.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeSetIteratorPrototypecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/SetIteratorPrototype.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/SetIteratorPrototype.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/SetIteratorPrototype.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -27,10 +27,8 @@
</span><span class="cx"> #include "SetIteratorPrototype.h"
</span><span class="cx">
</span><span class="cx"> #include "IteratorOperations.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSSetIterator.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeSetPrototypecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/SetPrototype.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/SetPrototype.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/SetPrototype.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -31,13 +31,11 @@
</span><span class="cx"> #include "ExceptionHelpers.h"
</span><span class="cx"> #include "GetterSetter.h"
</span><span class="cx"> #include "IteratorOperations.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSFunctionInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSSet.h"
</span><span class="cx"> #include "JSSetIterator.h"
</span><span class="cx"> #include "Lookup.h"
</span><span class="cx"> #include "MapDataInlines.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> #include "SetPrototype.lut.h"
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeStackFramecpp"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/StackFrame.cpp (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/StackFrame.cpp (rev 0)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/StackFrame.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,119 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "StackFrame.h"
+
+#include "CodeBlock.h"
+#include "DebuggerPrimitives.h"
+#include "JSCInlines.h"
+#include <wtf/text/StringBuilder.h>
+
+namespace JSC {
+
+intptr_t StackFrame::sourceID() const
+{
+ if (!codeBlock)
+ return noSourceID;
+ return codeBlock->ownerScriptExecutable()->sourceID();
+}
+
+String StackFrame::sourceURL() const
+{
+ if (!codeBlock)
+ return ASCIILiteral("[native code]");
+
+ String sourceURL = codeBlock->ownerScriptExecutable()->sourceURL();
+ if (!sourceURL.isNull())
+ return sourceURL;
+ return emptyString();
+}
+
+String StackFrame::functionName(VM& vm) const
+{
+ if (codeBlock) {
+ switch (codeBlock->codeType()) {
+ case EvalCode:
+ return ASCIILiteral("eval code");
+ case ModuleCode:
+ return ASCIILiteral("module code");
+ case FunctionCode:
+ break;
+ case GlobalCode:
+ return ASCIILiteral("global code");
+ default:
+ ASSERT_NOT_REACHED();
+ }
+ }
+ String name;
+ if (callee)
+ name = getCalculatedDisplayName(vm, callee.get()).impl();
+ return name.isNull() ? emptyString() : name;
+}
+
+void StackFrame::computeLineAndColumn(unsigned& line, unsigned& column) const
+{
+ if (!codeBlock) {
+ line = 0;
+ column = 0;
+ return;
+ }
+
+ int divot = 0;
+ int unusedStartOffset = 0;
+ int unusedEndOffset = 0;
+ codeBlock->expressionRangeForBytecodeOffset(bytecodeOffset, divot, unusedStartOffset, unusedEndOffset, line, column);
+
+ ScriptExecutable* executable = codeBlock->ownerScriptExecutable();
+ if (executable->hasOverrideLineNumber())
+ line = executable->overrideLineNumber();
+}
+
+String StackFrame::toString(VM& vm) const
+{
+ StringBuilder traceBuild;
+ String functionName = this->functionName(vm);
+ String sourceURL = this->sourceURL();
+ traceBuild.append(functionName);
+ if (!sourceURL.isEmpty()) {
+ if (!functionName.isEmpty())
+ traceBuild.append('@');
+ traceBuild.append(sourceURL);
+ if (codeBlock) {
+ unsigned line;
+ unsigned column;
+ computeLineAndColumn(line, column);
+
+ traceBuild.append(':');
+ traceBuild.appendNumber(line);
+ traceBuild.append(':');
+ traceBuild.appendNumber(column);
+ }
+ }
+ return traceBuild.toString().impl();
+}
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeStackFramehfromrev205702releasesWebKitGTKwebkit214SourceJavaScriptCoreheapHeapCellh"></a>
<div class="copfile"><h4>Copied: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/StackFrame.h (from rev 205702, releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/heap/HeapCell.h) (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/StackFrame.h (rev 0)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/StackFrame.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,50 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "Strong.h"
+
+namespace JSC {
+
+class CodeBlock;
+class JSObject;
+
+struct StackFrame {
+ Strong<JSObject> callee;
+ Strong<CodeBlock> codeBlock;
+ unsigned bytecodeOffset;
+
+ bool isNative() const { return !codeBlock; }
+
+ void computeLineAndColumn(unsigned& line, unsigned& column) const;
+ String functionName(VM&) const;
+ intptr_t sourceID() const;
+ String sourceURL() const;
+ String toString(VM&) const;
+};
+
+} // namespace JSC
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeStringConstructorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/StringConstructor.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/StringConstructor.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/StringConstructor.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,6 +28,7 @@
</span><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><span class="cx"> #include "StringPrototype.h"
</span><ins>+#include <wtf/text/StringBuilder.h>
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeStringIteratorPrototypecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/StringIteratorPrototype.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/StringIteratorPrototype.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/StringIteratorPrototype.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -27,12 +27,10 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "StringIteratorPrototype.h"
</span><span class="cx">
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx"> #include "JSStringIterator.h"
</span><span class="cx"> #include "ObjectConstructor.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx">
</span><span class="cx"> #include "StringIteratorPrototype.lut.h"
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeStructureInlinesh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/StructureInlines.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/StructureInlines.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/StructureInlines.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -242,7 +242,6 @@
</span><span class="cx">
</span><span class="cx"> ALWAYS_INLINE WriteBarrier<PropertyTable>& Structure::propertyTable()
</span><span class="cx"> {
</span><del>- ASSERT(!globalObject() || (!globalObject()->vm().heap.isCollecting() || globalObject()->vm().heap.isHeapSnapshotting()));
</del><span class="cx"> return m_propertyTableUnsafe;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeTemplateRegistrycpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/TemplateRegistry.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/TemplateRegistry.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/TemplateRegistry.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,10 +26,9 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "TemplateRegistry.h"
</span><span class="cx">
</span><del>-#include "JSCJSValueInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx"> #include "ObjectConstructor.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx"> #include "WeakGCMapInlines.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeTestRunnerUtilscpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/TestRunnerUtils.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/TestRunnerUtils.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/TestRunnerUtils.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013-2014, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -27,7 +27,9 @@
</span><span class="cx"> #include "TestRunnerUtils.h"
</span><span class="cx">
</span><span class="cx"> #include "CodeBlock.h"
</span><ins>+#include "HeapStatistics.h"
</ins><span class="cx"> #include "JSCInlines.h"
</span><ins>+#include "LLIntData.h"
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="lines">@@ -150,5 +152,14 @@
</span><span class="cx"> return optimizeNextInvocation(exec->uncheckedArgument(0));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+// This is a hook called at the bitter end of some of our tests.
+void finalizeStatsAtEndOfTesting()
+{
+ if (Options::logHeapStatisticsAtExit())
+ HeapStatistics::reportSuccess();
+ if (Options::reportLLIntStats())
+ LLInt::Data::finalizeStats();
+}
+
</ins><span class="cx"> } // namespace JSC
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeTestRunnerUtilsh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/TestRunnerUtils.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/TestRunnerUtils.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/TestRunnerUtils.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -53,6 +53,8 @@
</span><span class="cx"> JS_EXPORT_PRIVATE unsigned numberOfStaticOSRExitFuzzChecks();
</span><span class="cx"> JS_EXPORT_PRIVATE unsigned numberOfOSRExitFuzzChecks();
</span><span class="cx">
</span><ins>+JS_EXPORT_PRIVATE void finalizeStatsAtEndOfTesting();
+
</ins><span class="cx"> } // namespace JSC
</span><span class="cx">
</span><span class="cx"> #endif // TestRunnerUtils_h
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeThrowScopecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ThrowScope.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ThrowScope.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/ThrowScope.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,7 +26,7 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "ThrowScope.h"
</span><span class="cx">
</span><del>-#include "JSCJSValueInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "VM.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeTypeProfilerLogcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/TypeProfilerLog.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/TypeProfilerLog.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/TypeProfilerLog.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,7 +29,7 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "TypeProfilerLog.h"
</span><span class="cx">
</span><del>-#include "JSCJSValueInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "TypeLocation.h"
</span><span class="cx"> #include <wtf/CurrentTime.h>
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeTypeSetcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/TypeSet.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/TypeSet.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/TypeSet.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -27,8 +27,7 @@
</span><span class="cx"> #include "TypeSet.h"
</span><span class="cx">
</span><span class="cx"> #include "InspectorProtocolObjects.h"
</span><del>-#include "JSCJSValue.h"
-#include "JSCJSValueInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include <wtf/text/CString.h>
</span><span class="cx"> #include <wtf/text/WTFString.h>
</span><span class="cx"> #include <wtf/text/StringBuilder.h>
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeVMcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/VM.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/VM.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/VM.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -69,6 +69,7 @@
</span><span class="cx"> #include "JSPropertyNameEnumerator.h"
</span><span class="cx"> #include "JSTemplateRegistryKey.h"
</span><span class="cx"> #include "JSWithScope.h"
</span><ins>+#include "LLIntData.h"
</ins><span class="cx"> #include "Lexer.h"
</span><span class="cx"> #include "Lookup.h"
</span><span class="cx"> #include "MapData.h"
</span><span class="lines">@@ -98,6 +99,7 @@
</span><span class="cx"> #include "WeakMapData.h"
</span><span class="cx"> #include <wtf/CurrentTime.h>
</span><span class="cx"> #include <wtf/ProcessID.h>
</span><ins>+#include <wtf/SimpleStats.h>
</ins><span class="cx"> #include <wtf/StringPrintStream.h>
</span><span class="cx"> #include <wtf/Threading.h>
</span><span class="cx"> #include <wtf/WTFThreadData.h>
</span><span class="lines">@@ -106,6 +108,7 @@
</span><span class="cx">
</span><span class="cx"> #if !ENABLE(JIT)
</span><span class="cx"> #include "CLoopStack.h"
</span><ins>+#include "CLoopStackInlines.h"
</ins><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> #if ENABLE(DFG_JIT)
</span><span class="lines">@@ -162,6 +165,7 @@
</span><span class="cx"> , m_atomicStringTable(vmType == Default ? wtfThreadData().atomicStringTable() : new AtomicStringTable)
</span><span class="cx"> , propertyNames(nullptr)
</span><span class="cx"> , emptyList(new MarkedArgumentBuffer)
</span><ins>+ , machineCodeBytesPerBytecodeWordForBaselineJIT(std::make_unique<SimpleStats>())
</ins><span class="cx"> , customGetterSetterFunctionMap(*this)
</span><span class="cx"> , stringCache(*this)
</span><span class="cx"> , symbolImplToSymbolMap(*this)
</span><span class="lines">@@ -873,4 +877,16 @@
</span><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+#if !ENABLE(JIT)
+bool VM::ensureStackCapacityForCLoop(Register* newTopOfStack)
+{
+ return interpreter->cloopStack().ensureCapacityFor(newTopOfStack);
+}
+
+bool VM::isSafeToRecurseSoftCLoop() const
+{
+ return interpreter->cloopStack().isSafeToRecurse();
+}
+#endif // !ENABLE(JIT)
+
</ins><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeVMh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/VM.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/VM.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/VM.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -39,7 +39,6 @@
</span><span class="cx"> #include "JITThunks.h"
</span><span class="cx"> #include "JSCJSValue.h"
</span><span class="cx"> #include "JSLock.h"
</span><del>-#include "LLIntData.h"
</del><span class="cx"> #include "MacroAssemblerCodeRef.h"
</span><span class="cx"> #include "Microtask.h"
</span><span class="cx"> #include "NumericStrings.h"
</span><span class="lines">@@ -60,7 +59,6 @@
</span><span class="cx"> #include <wtf/Forward.h>
</span><span class="cx"> #include <wtf/HashMap.h>
</span><span class="cx"> #include <wtf/HashSet.h>
</span><del>-#include <wtf/SimpleStats.h>
</del><span class="cx"> #include <wtf/StackBounds.h>
</span><span class="cx"> #include <wtf/Stopwatch.h>
</span><span class="cx"> #include <wtf/ThreadSafeRefCounted.h>
</span><span class="lines">@@ -72,6 +70,11 @@
</span><span class="cx"> #include <wtf/ListHashSet.h>
</span><span class="cx"> #endif
</span><span class="cx">
</span><ins>+namespace WTF {
+class SimpleStats;
+} // namespace WTF
+using WTF::SimpleStats;
+
</ins><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="cx"> class BuiltinExecutables;
</span><span class="lines">@@ -342,7 +345,7 @@
</span><span class="cx"> SmallStrings smallStrings;
</span><span class="cx"> NumericStrings numericStrings;
</span><span class="cx"> DateInstanceCache dateInstanceCache;
</span><del>- WTF::SimpleStats machineCodeBytesPerBytecodeWordForBaselineJIT;
</del><ins>+ std::unique_ptr<SimpleStats> machineCodeBytesPerBytecodeWordForBaselineJIT;
</ins><span class="cx"> WeakGCMap<std::pair<CustomGetterSetter*, int>, JSCustomGetterSetterFunction> customGetterSetterFunctionMap;
</span><span class="cx"> WeakGCMap<StringImpl*, JSString, PtrHash<StringImpl*>> stringCache;
</span><span class="cx"> Strong<JSString> lastCachedString;
</span><span class="lines">@@ -642,6 +645,11 @@
</span><span class="cx"> m_lastException = exception;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+#if !ENABLE(JIT)
+ bool ensureStackCapacityForCLoop(Register* newTopOfStack);
+ bool isSafeToRecurseSoftCLoop() const;
+#endif // !ENABLE(JIT)
+
</ins><span class="cx"> JS_EXPORT_PRIVATE void throwException(ExecState*, Exception*);
</span><span class="cx"> JS_EXPORT_PRIVATE JSValue throwException(ExecState*, JSValue);
</span><span class="cx"> JS_EXPORT_PRIVATE JSObject* throwException(ExecState*, JSObject*);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeVMEntryScopeh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/VMEntryScope.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/VMEntryScope.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/VMEntryScope.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,7 +26,6 @@
</span><span class="cx"> #ifndef VMEntryScope_h
</span><span class="cx"> #define VMEntryScope_h
</span><span class="cx">
</span><del>-#include "Interpreter.h"
</del><span class="cx"> #include <wtf/StackBounds.h>
</span><span class="cx"> #include <wtf/StackStats.h>
</span><span class="cx"> #include <wtf/Vector.h>
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeVMInlinesh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/VMInlines.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/VMInlines.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/VMInlines.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -30,10 +30,6 @@
</span><span class="cx"> #include "VM.h"
</span><span class="cx"> #include "Watchdog.h"
</span><span class="cx">
</span><del>-#if !ENABLE(JIT)
-#include "CLoopStackInlines.h"
-#endif
-
</del><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="cx"> bool VM::ensureStackCapacityFor(Register* newTopOfStack)
</span><span class="lines">@@ -42,7 +38,7 @@
</span><span class="cx"> ASSERT(wtfThreadData().stack().isGrowingDownward());
</span><span class="cx"> return newTopOfStack >= m_softStackLimit;
</span><span class="cx"> #else
</span><del>- return interpreter->cloopStack().ensureCapacityFor(newTopOfStack);
</del><ins>+ return ensureStackCapacityForCLoop(newTopOfStack);
</ins><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> }
</span><span class="lines">@@ -51,7 +47,7 @@
</span><span class="cx"> {
</span><span class="cx"> bool safe = isSafeToRecurse(m_softStackLimit);
</span><span class="cx"> #if !ENABLE(JIT)
</span><del>- safe = safe && interpreter->cloopStack().isSafeToRecurse();
</del><ins>+ safe = safe && isSafeToRecurseSoftCLoop();
</ins><span class="cx"> #endif
</span><span class="cx"> return safe;
</span><span class="cx"> }
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeWeakMapConstructorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/WeakMapConstructor.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/WeakMapConstructor.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/WeakMapConstructor.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013 Apple, Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013, 2016 Apple, Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -28,12 +28,10 @@
</span><span class="cx">
</span><span class="cx"> #include "Error.h"
</span><span class="cx"> #include "IteratorOperations.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx"> #include "JSObjectInlines.h"
</span><span class="cx"> #include "JSWeakMap.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx"> #include "WeakMapPrototype.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeWeakMapDatacpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/WeakMapData.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/WeakMapData.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/WeakMapData.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,8 +29,7 @@
</span><span class="cx"> #include "CopiedAllocator.h"
</span><span class="cx"> #include "CopyVisitorInlines.h"
</span><span class="cx"> #include "ExceptionHelpers.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "SlotVisitorInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx">
</span><span class="cx"> #include <wtf/MathExtras.h>
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeWeakMapPrototypecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/WeakMapPrototype.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/WeakMapPrototype.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/WeakMapPrototype.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,9 +26,8 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "WeakMapPrototype.h"
</span><span class="cx">
</span><del>-#include "JSCJSValueInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSWeakMap.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx"> #include "WeakMapData.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeWeakSetConstructorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/WeakSetConstructor.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/WeakSetConstructor.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/WeakSetConstructor.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2015 Apple, Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2015-2016 Apple, Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -28,12 +28,10 @@
</span><span class="cx">
</span><span class="cx"> #include "Error.h"
</span><span class="cx"> #include "IteratorOperations.h"
</span><del>-#include "JSCJSValueInlines.h"
-#include "JSCellInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSGlobalObject.h"
</span><span class="cx"> #include "JSObjectInlines.h"
</span><span class="cx"> #include "JSWeakSet.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx"> #include "WeakSetPrototype.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoreruntimeWeakSetPrototypecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/WeakSetPrototype.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/WeakSetPrototype.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/runtime/WeakSetPrototype.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,9 +26,8 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "WeakSetPrototype.h"
</span><span class="cx">
</span><del>-#include "JSCJSValueInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx"> #include "JSWeakSet.h"
</span><del>-#include "StructureInlines.h"
</del><span class="cx"> #include "WeakMapData.h"
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoretestRegExpcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/testRegExp.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/testRegExp.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/testRegExp.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -191,7 +191,7 @@
</span><span class="cx"> static bool testOneRegExp(VM& vm, RegExp* regexp, RegExpTest* regExpTest, bool verbose, unsigned int lineNumber)
</span><span class="cx"> {
</span><span class="cx"> bool result = true;
</span><del>- Vector<int, 32> outVector;
</del><ins>+ Vector<int> outVector;
</ins><span class="cx"> outVector.resize(regExpTest->expectVector.size());
</span><span class="cx"> int matchResult = regexp->match(vm, regExpTest->subject, regExpTest->offset, outVector);
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoretoolsJSDollarVMcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/tools/JSDollarVM.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/tools/JSDollarVM.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/tools/JSDollarVM.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,8 +26,7 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "JSDollarVM.h"
</span><span class="cx">
</span><del>-#include "JSCJSValueInlines.h"
-#include "StructureInlines.h"
</del><ins>+#include "JSCInlines.h"
</ins><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceJavaScriptCoretoolsJSDollarVMPrototypecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/tools/JSDollarVMPrototype.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/tools/JSDollarVMPrototype.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/JavaScriptCore/tools/JSDollarVMPrototype.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -146,7 +146,13 @@
</span><span class="cx"> bool JSDollarVMPrototype::isInObjectSpace(Heap* heap, void* ptr)
</span><span class="cx"> {
</span><span class="cx"> MarkedBlock* candidate = MarkedBlock::blockFor(ptr);
</span><del>- return heap->objectSpace().blocks().set().contains(candidate);
</del><ins>+ if (heap->objectSpace().blocks().set().contains(candidate))
+ return true;
+ for (LargeAllocation* allocation : heap->objectSpace().largeAllocations()) {
+ if (allocation->contains(ptr))
+ return true;
+ }
+ return false;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> bool JSDollarVMPrototype::isInStorageSpace(Heap* heap, void* ptr)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWTFChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WTF/ChangeLog (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WTF/ChangeLog 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WTF/ChangeLog 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,3 +1,31 @@
</span><ins>+2016-08-31 Filip Pizlo <fpizlo@apple.com>
+
+ Butterflies should be allocated in Auxiliary MarkedSpace instead of CopiedSpace and we should rewrite as much of the GC as needed to make this not a regression
+ https://bugs.webkit.org/show_bug.cgi?id=160125
+
+ Reviewed by Geoffrey Garen and Keith Miller.
+
+ I needed tryFastAlignedMalloc() so I added it.
+
+ * wtf/FastMalloc.cpp:
+ (WTF::tryFastAlignedMalloc):
+ * wtf/FastMalloc.h:
+ * wtf/ParkingLot.cpp:
+ (WTF::ParkingLot::forEachImpl):
+ (WTF::ParkingLot::forEach): Deleted.
+ * wtf/ParkingLot.h:
+ (WTF::ParkingLot::parkConditionally):
+ (WTF::ParkingLot::unparkOne):
+ (WTF::ParkingLot::forEach):
+ * wtf/ScopedLambda.h:
+ (WTF::scopedLambdaRef):
+ * wtf/SentinelLinkedList.h:
+ (WTF::SentinelLinkedList::forEach):
+ (WTF::RawNode>::takeFrom):
+ * wtf/SimpleStats.h:
+ (WTF::SimpleStats::operator bool):
+ (WTF::SimpleStats::operator!): Deleted.
+
</ins><span class="cx"> 2016-09-02 JF Bastien <jfbastien@apple.com>
</span><span class="cx">
</span><span class="cx"> bitwise_cast infinite loops if called from the default constructor in ToType
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWTFwtfFastMalloccpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/FastMalloc.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/FastMalloc.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/FastMalloc.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,7 +1,6 @@
</span><del>-// Copyright (c) 2005, 2007, Google Inc. All rights reserved.
-
</del><span class="cx"> /*
</span><del>- * Copyright (C) 2005-2009, 2011, 2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (c) 2005, 2007, Google Inc. All rights reserved.
+ * Copyright (C) 2005-2009, 2011, 2015-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="cx"> * are met:
</span><span class="lines">@@ -102,6 +101,11 @@
</span><span class="cx"> return _aligned_malloc(size, alignment);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void* tryFastAlignedMalloc(size_t alignment, size_t size)
+{
+ return _aligned_malloc(size, alignment);
+}
+
</ins><span class="cx"> void fastAlignedFree(void* p)
</span><span class="cx"> {
</span><span class="cx"> _aligned_free(p);
</span><span class="lines">@@ -116,6 +120,13 @@
</span><span class="cx"> return p;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void* tryFastAlignedMalloc(size_t alignment, size_t size)
+{
+ void* p = nullptr;
+ posix_memalign(&p, alignment, size);
+ return p;
+}
+
</ins><span class="cx"> void fastAlignedFree(void* p)
</span><span class="cx"> {
</span><span class="cx"> free(p);
</span><span class="lines">@@ -241,6 +252,11 @@
</span><span class="cx"> return bmalloc::api::memalign(alignment, size);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void* tryFastAlignedMalloc(size_t alignment, size_t size)
+{
+ return bmalloc::api::tryMemalign(alignment, size);
+}
+
</ins><span class="cx"> void fastAlignedFree(void* p)
</span><span class="cx"> {
</span><span class="cx"> bmalloc::api::free(p);
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWTFwtfFastMalloch"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/FastMalloc.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/FastMalloc.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/FastMalloc.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2005-2009, 2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2005-2009, 2015-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * This library is free software; you can redistribute it and/or
</span><span class="cx"> * modify it under the terms of the GNU Library General Public
</span><span class="lines">@@ -55,6 +55,7 @@
</span><span class="cx">
</span><span class="cx"> // Allocations from fastAlignedMalloc() must be freed using fastAlignedFree().
</span><span class="cx"> WTF_EXPORT_PRIVATE void* fastAlignedMalloc(size_t alignment, size_t);
</span><ins>+WTF_EXPORT_PRIVATE void* tryFastAlignedMalloc(size_t alignment, size_t);
</ins><span class="cx"> WTF_EXPORT_PRIVATE void fastAlignedFree(void*);
</span><span class="cx">
</span><span class="cx"> WTF_EXPORT_PRIVATE size_t fastMallocSize(const void*);
</span><span class="lines">@@ -110,6 +111,7 @@
</span><span class="cx"> using WTF::fastRealloc;
</span><span class="cx"> using WTF::fastStrDup;
</span><span class="cx"> using WTF::fastZeroedMalloc;
</span><ins>+using WTF::tryFastAlignedMalloc;
</ins><span class="cx"> using WTF::tryFastCalloc;
</span><span class="cx"> using WTF::tryFastMalloc;
</span><span class="cx"> using WTF::tryFastZeroedMalloc;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWTFwtfParkingLotcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/ParkingLot.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/ParkingLot.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/ParkingLot.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -767,7 +767,7 @@
</span><span class="cx"> dataLog(toString(currentThread(), ": done unparking.\n"));
</span><span class="cx"> }
</span><span class="cx">
</span><del>-NEVER_INLINE void ParkingLot::forEach(std::function<void(ThreadIdentifier, const void*)> callback)
</del><ins>+NEVER_INLINE void ParkingLot::forEachImpl(const ScopedLambda<void(ThreadIdentifier, const void*)>& callback)
</ins><span class="cx"> {
</span><span class="cx"> Vector<Bucket*> bucketsToUnlock = lockHashtable();
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWTFwtfParkingLoth"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/ParkingLot.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/ParkingLot.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/ParkingLot.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -66,14 +66,14 @@
</span><span class="cx"> template<typename ValidationFunctor, typename BeforeSleepFunctor>
</span><span class="cx"> static ParkResult parkConditionally(
</span><span class="cx"> const void* address,
</span><del>- ValidationFunctor&& validation,
- BeforeSleepFunctor&& beforeSleep,
</del><ins>+ const ValidationFunctor& validation,
+ const BeforeSleepFunctor& beforeSleep,
</ins><span class="cx"> Clock::time_point timeout)
</span><span class="cx"> {
</span><span class="cx"> return parkConditionallyImpl(
</span><span class="cx"> address,
</span><del>- scopedLambda<bool()>(std::forward<ValidationFunctor>(validation)),
- scopedLambda<void()>(std::forward<BeforeSleepFunctor>(beforeSleep)),
</del><ins>+ scopedLambdaRef<bool()>(validation),
+ scopedLambdaRef<void()>(beforeSleep),
</ins><span class="cx"> timeout);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -124,9 +124,9 @@
</span><span class="cx"> // moment nobody can add any threads to the queue because the queue lock is still held. Also,
</span><span class="cx"> // WTF::Lock uses the timeToBeFair and token mechanism to implement eventual fairness.
</span><span class="cx"> template<typename Callback>
</span><del>- static void unparkOne(const void* address, Callback&& callback)
</del><ins>+ static void unparkOne(const void* address, const Callback& callback)
</ins><span class="cx"> {
</span><del>- unparkOneImpl(address, scopedLambda<intptr_t(UnparkResult)>(std::forward<Callback>(callback)));
</del><ins>+ unparkOneImpl(address, scopedLambdaRef<intptr_t(UnparkResult)>(callback));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // Unparks every thread from the queue associated with the given address, which cannot be null.
</span><span class="lines">@@ -145,7 +145,11 @@
</span><span class="cx"> // As well as many other possible interleavings that all have T1 before T2 and T3 before T4 but are
</span><span class="cx"> // otherwise unconstrained. This method is useful primarily for debugging. It's also used by unit
</span><span class="cx"> // tests.
</span><del>- WTF_EXPORT_PRIVATE static void forEach(std::function<void(ThreadIdentifier, const void*)>);
</del><ins>+ template<typename Func>
+ static void forEach(const Func& func)
+ {
+ forEachImpl(scopedLambdaRef<void(ThreadIdentifier, const void*)>(func));
+ }
</ins><span class="cx">
</span><span class="cx"> private:
</span><span class="cx"> WTF_EXPORT_PRIVATE static ParkResult parkConditionallyImpl(
</span><span class="lines">@@ -157,7 +161,7 @@
</span><span class="cx"> WTF_EXPORT_PRIVATE static void unparkOneImpl(
</span><span class="cx"> const void* address, const ScopedLambda<intptr_t(UnparkResult)>& callback);
</span><span class="cx">
</span><del>- WTF_EXPORT_PRIVATE static void forEachImpl(const std::function<void(ThreadIdentifier, const void*)>&);
</del><ins>+ WTF_EXPORT_PRIVATE static void forEachImpl(const ScopedLambda<void(ThreadIdentifier, const void*)>&);
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace WTF
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWTFwtfScopedLambdah"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/ScopedLambda.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/ScopedLambda.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/ScopedLambda.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -126,10 +126,65 @@
</span><span class="cx"> return ScopedLambdaFunctor<FunctionType, Functor>(WTFMove(functor));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+template<typename FunctionType, typename Functor> class ScopedLambdaRefFunctor;
+template<typename ResultType, typename... ArgumentTypes, typename Functor>
+class ScopedLambdaRefFunctor<ResultType (ArgumentTypes...), Functor> : public ScopedLambda<ResultType (ArgumentTypes...)> {
+public:
+ ScopedLambdaRefFunctor(const Functor& functor)
+ : ScopedLambda<ResultType (ArgumentTypes...)>(implFunction, this)
+ , m_functor(&functor)
+ {
+ }
+
+ // We need to make sure that copying and moving ScopedLambdaRefFunctor results in a
+ // ScopedLambdaRefFunctor whose ScopedLambda supertype still points to this rather than
+ // other.
+ ScopedLambdaRefFunctor(const ScopedLambdaRefFunctor& other)
+ : ScopedLambda<ResultType (ArgumentTypes...)>(implFunction, this)
+ , m_functor(other.m_functor)
+ {
+ }
+
+ ScopedLambdaRefFunctor(ScopedLambdaRefFunctor&& other)
+ : ScopedLambda<ResultType (ArgumentTypes...)>(implFunction, this)
+ , m_functor(other.m_functor)
+ {
+ }
+
+ ScopedLambdaRefFunctor& operator=(const ScopedLambdaRefFunctor& other)
+ {
+ m_functor = other.m_functor;
+ return *this;
+ }
+
+ ScopedLambdaRefFunctor& operator=(ScopedLambdaRefFunctor&& other)
+ {
+ m_functor = other.m_functor;
+ return *this;
+ }
+
+private:
+ static ResultType implFunction(void* argument, ArgumentTypes... arguments)
+ {
+ return (*static_cast<ScopedLambdaRefFunctor*>(argument)->m_functor)(arguments...);
+ }
+
+ const Functor* m_functor;
+};
+
+// This is for when you already refer to a functor by reference, and you know its lifetime is
+// good. This just creates a ScopedLambda that points to your functor.
+template<typename FunctionType, typename Functor>
+ScopedLambdaRefFunctor<FunctionType, Functor> scopedLambdaRef(const Functor& functor)
+{
+ return ScopedLambdaRefFunctor<FunctionType, Functor>(functor);
+}
+
</ins><span class="cx"> } // namespace WTF
</span><span class="cx">
</span><span class="cx"> using WTF::ScopedLambda;
</span><span class="cx"> using WTF::scopedLambda;
</span><ins>+using WTF::scopedLambdaRef;
</ins><span class="cx">
</span><span class="cx"> #endif // ScopedLambda_h
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWTFwtfSentinelLinkedListh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/SentinelLinkedList.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/SentinelLinkedList.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/SentinelLinkedList.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -101,7 +101,19 @@
</span><span class="cx"> iterator end();
</span><span class="cx">
</span><span class="cx"> bool isEmpty() { return begin() == end(); }
</span><del>-
</del><ins>+
+ template<typename Func>
+ void forEach(const Func& func)
+ {
+ for (iterator iter = begin(); iter != end();) {
+ iterator next = iter->next();
+ func(iter);
+ iter = next;
+ }
+ }
+
+ void takeFrom(SentinelLinkedList<T, RawNode>&);
+
</ins><span class="cx"> private:
</span><span class="cx"> RawNode m_headSentinel;
</span><span class="cx"> RawNode m_tailSentinel;
</span><span class="lines">@@ -244,8 +256,24 @@
</span><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+template <typename T, typename RawNode>
+inline void SentinelLinkedList<T, RawNode>::takeFrom(SentinelLinkedList<T, RawNode>& other)
+{
+ if (other.isEmpty())
+ return;
+
+ m_tailSentinel.prev()->setNext(other.m_headSentinel.next());
+ other.m_headSentinel.next()->setPrev(m_tailSentinel.prev());
+
+ m_tailSentinel.setPrev(other.m_tailSentinel.prev());
+ m_tailSentinel.prev()->setNext(&m_tailSentinel);
+
+ other.m_headSentinel.setNext(&other.m_tailSentinel);
+ other.m_tailSentinel.setPrev(&other.m_headSentinel);
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+}
+
</ins><span class="cx"> using WTF::BasicRawSentinelNode;
</span><span class="cx"> using WTF::SentinelLinkedList;
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWTFwtfSimpleStatsh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/SimpleStats.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/SimpleStats.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/SimpleStats.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -49,9 +49,9 @@
</span><span class="cx"> m_sumOfSquares += value * value;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- bool operator!() const
</del><ins>+ explicit operator bool() const
</ins><span class="cx"> {
</span><del>- return !m_count;
</del><ins>+ return !!m_count;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> double count() const
</span><span class="lines">@@ -110,5 +110,7 @@
</span><span class="cx">
</span><span class="cx"> } // namespace WTF
</span><span class="cx">
</span><ins>+using WTF::SimpleStats;
+
</ins><span class="cx"> #endif // SimpleStats_h
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,3 +1,50 @@
</span><ins>+2016-08-31 Filip Pizlo <fpizlo@apple.com>
+
+ Butterflies should be allocated in Auxiliary MarkedSpace instead of CopiedSpace and we should rewrite as much of the GC as needed to make this not a regression
+ https://bugs.webkit.org/show_bug.cgi?id=160125
+
+ Reviewed by Geoffrey Garen and Keith Miller.
+
+ No new tests because no new WebCore behavior.
+
+ Just rewiring #includes.
+
+ * ForwardingHeaders/heap/HeapInlines.h: Added.
+ * ForwardingHeaders/interpreter/Interpreter.h: Removed.
+ * ForwardingHeaders/runtime/AuxiliaryBarrierInlines.h: Added.
+ * Modules/indexeddb/IDBCursorWithValue.cpp:
+ * Modules/indexeddb/client/TransactionOperation.cpp:
+ * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
+ * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
+ * bindings/js/JSApplePayPaymentAuthorizedEventCustom.cpp:
+ * bindings/js/JSApplePayPaymentMethodSelectedEventCustom.cpp:
+ * bindings/js/JSApplePayShippingContactSelectedEventCustom.cpp:
+ * bindings/js/JSApplePayShippingMethodSelectedEventCustom.cpp:
+ * bindings/js/JSClientRectCustom.cpp:
+ * bindings/js/JSDOMBinding.cpp:
+ * bindings/js/JSDOMBinding.h:
+ * bindings/js/JSDeviceMotionEventCustom.cpp:
+ * bindings/js/JSDeviceOrientationEventCustom.cpp:
+ * bindings/js/JSErrorEventCustom.cpp:
+ * bindings/js/JSIDBCursorWithValueCustom.cpp:
+ * bindings/js/JSIDBIndexCustom.cpp:
+ * bindings/js/JSPopStateEventCustom.cpp:
+ * bindings/js/JSWebGL2RenderingContextCustom.cpp:
+ * bindings/js/JSWorkerGlobalScopeCustom.cpp:
+ * bindings/js/WorkerScriptController.cpp:
+ * contentextensions/ContentExtensionParser.cpp:
+ * dom/ErrorEvent.cpp:
+ * html/HTMLCanvasElement.cpp:
+ * html/MediaDocument.cpp:
+ * inspector/CommandLineAPIModule.cpp:
+ * loader/EmptyClients.cpp:
+ * page/CaptionUserPreferences.cpp:
+ * page/Frame.cpp:
+ * page/PageGroup.cpp:
+ * page/UserContentController.cpp:
+ * platform/mock/mediasource/MockBox.cpp:
+ * testing/GCObservation.cpp:
+
</ins><span class="cx"> 2016-09-05 Fujii Hironori <Hironori.Fujii@sony.com>
</span><span class="cx">
</span><span class="cx"> [CMake] Duplicated IDL files in WebCore_IDL_FILES
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCoreForwardingHeadersheapHeapInlinesh"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.14/Source/WebCore/ForwardingHeaders/heap/HeapInlines.h (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/ForwardingHeaders/heap/HeapInlines.h (rev 0)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/ForwardingHeaders/heap/HeapInlines.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,3 @@
</span><ins>+#pragma once
+#include <JavaScriptCore/HeapInlines.h>
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCoreForwardingHeadersinterpreterInterpreterh"></a>
<div class="delfile"><h4>Deleted: releases/WebKitGTK/webkit-2.14/Source/WebCore/ForwardingHeaders/interpreter/Interpreter.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/ForwardingHeaders/interpreter/Interpreter.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/ForwardingHeaders/interpreter/Interpreter.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,4 +0,0 @@
</span><del>-#ifndef WebCore_FWD_Interpreter_h
-#define WebCore_FWD_Interpreter_h
-#include <JavaScriptCore/Interpreter.h>
-#endif
</del></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCoreForwardingHeadersruntimeAuxiliaryBarrierInlinesh"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.14/Source/WebCore/ForwardingHeaders/runtime/AuxiliaryBarrierInlines.h (0 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/ForwardingHeaders/runtime/AuxiliaryBarrierInlines.h (rev 0)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/ForwardingHeaders/runtime/AuxiliaryBarrierInlines.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -0,0 +1,3 @@
</span><ins>+#pragma once
+#include <JavaScriptCore/AuxiliaryBarrierInlines.h>
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCoreModulesindexeddbIDBCursorWithValuecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/Modules/indexeddb/IDBCursorWithValue.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/Modules/indexeddb/IDBCursorWithValue.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/Modules/indexeddb/IDBCursorWithValue.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,6 +28,8 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(INDEXED_DATABASE)
</span><span class="cx">
</span><ins>+#include <heap/HeapInlines.h>
+
</ins><span class="cx"> namespace WebCore {
</span><span class="cx">
</span><span class="cx"> Ref<IDBCursorWithValue> IDBCursorWithValue::create(IDBTransaction& transaction, IDBObjectStore& objectStore, const IDBCursorInfo& info)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCoreModulesindexeddbclientTransactionOperationcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/Modules/indexeddb/client/TransactionOperation.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/Modules/indexeddb/client/TransactionOperation.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/Modules/indexeddb/client/TransactionOperation.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,6 +29,7 @@
</span><span class="cx"> #if ENABLE(INDEXED_DATABASE)
</span><span class="cx">
</span><span class="cx"> #include "IDBCursor.h"
</span><ins>+#include <heap/HeapInlines.h>
</ins><span class="cx">
</span><span class="cx"> namespace WebCore {
</span><span class="cx"> namespace IDBClient {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCoreModulesindexeddbserverSQLiteIDBBackingStorecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/Modules/indexeddb/server/SQLiteIDBBackingStore.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -45,7 +45,9 @@
</span><span class="cx"> #include "SQLiteStatement.h"
</span><span class="cx"> #include "SQLiteTransaction.h"
</span><span class="cx"> #include "ThreadSafeDataBuffer.h"
</span><ins>+#include <heap/HeapInlines.h>
</ins><span class="cx"> #include <heap/StrongInlines.h>
</span><ins>+#include <runtime/AuxiliaryBarrierInlines.h>
</ins><span class="cx"> #include <runtime/JSCJSValueInlines.h>
</span><span class="cx"> #include <runtime/JSGlobalObject.h>
</span><span class="cx"> #include <runtime/StructureInlines.h>
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCoreModulesindexeddbserverUniqueIDBDatabasecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -39,6 +39,8 @@
</span><span class="cx"> #include "ScopeGuard.h"
</span><span class="cx"> #include "SerializedScriptValue.h"
</span><span class="cx"> #include "UniqueIDBDatabaseConnection.h"
</span><ins>+#include <heap/HeapInlines.h>
+#include <runtime/AuxiliaryBarrierInlines.h>
</ins><span class="cx"> #include <runtime/StructureInlines.h>
</span><span class="cx"> #include <wtf/MainThread.h>
</span><span class="cx"> #include <wtf/NeverDestroyed.h>
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSApplePayPaymentAuthorizedEventCustomcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSApplePayPaymentAuthorizedEventCustom.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSApplePayPaymentAuthorizedEventCustom.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSApplePayPaymentAuthorizedEventCustom.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,6 +28,7 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(APPLE_PAY)
</span><span class="cx">
</span><ins>+#include <heap/HeapInlines.h>
</ins><span class="cx"> #include <runtime/JSCJSValueInlines.h>
</span><span class="cx">
</span><span class="cx"> namespace WebCore {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSApplePayPaymentMethodSelectedEventCustomcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSApplePayPaymentMethodSelectedEventCustom.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSApplePayPaymentMethodSelectedEventCustom.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSApplePayPaymentMethodSelectedEventCustom.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,6 +28,7 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(APPLE_PAY)
</span><span class="cx">
</span><ins>+#include <heap/HeapInlines.h>
</ins><span class="cx"> #include <runtime/JSCJSValueInlines.h>
</span><span class="cx">
</span><span class="cx"> using namespace JSC;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSApplePayShippingContactSelectedEventCustomcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSApplePayShippingContactSelectedEventCustom.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSApplePayShippingContactSelectedEventCustom.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSApplePayShippingContactSelectedEventCustom.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,6 +28,7 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(APPLE_PAY)
</span><span class="cx">
</span><ins>+#include <heap/HeapInlines.h>
</ins><span class="cx"> #include <runtime/JSCJSValueInlines.h>
</span><span class="cx">
</span><span class="cx"> using namespace JSC;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSApplePayShippingMethodSelectedEventCustomcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSApplePayShippingMethodSelectedEventCustom.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSApplePayShippingMethodSelectedEventCustom.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSApplePayShippingMethodSelectedEventCustom.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,10 +28,9 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(APPLE_PAY)
</span><span class="cx">
</span><del>-#include <runtime/IdentifierInlines.h>
-#include <runtime/JSCJSValueInlines.h>
</del><ins>+#include <runtime/JSCInlines.h>
</ins><span class="cx"> #include <runtime/ObjectConstructor.h>
</span><del>-#include <runtime/StructureInlines.h>
</del><ins>+#include <wtf/text/StringBuilder.h>
</ins><span class="cx">
</span><span class="cx"> using namespace JSC;
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSClientRectCustomcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSClientRectCustom.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSClientRectCustom.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSClientRectCustom.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,6 +28,8 @@
</span><span class="cx">
</span><span class="cx"> #include "ClientRect.h"
</span><span class="cx"> #include <bytecode/CodeBlock.h>
</span><ins>+#include <heap/HeapInlines.h>
+#include <runtime/AuxiliaryBarrierInlines.h>
</ins><span class="cx"> #include <runtime/IdentifierInlines.h>
</span><span class="cx"> #include <runtime/JSObject.h>
</span><span class="cx"> #include <runtime/ObjectConstructor.h>
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSDOMBindingcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSDOMBinding.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSDOMBinding.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSDOMBinding.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -38,7 +38,6 @@
</span><span class="cx"> #include <bytecode/CodeBlock.h>
</span><span class="cx"> #include <inspector/ScriptCallStack.h>
</span><span class="cx"> #include <inspector/ScriptCallStackFactory.h>
</span><del>-#include <interpreter/Interpreter.h>
</del><span class="cx"> #include <runtime/DateInstance.h>
</span><span class="cx"> #include <runtime/Error.h>
</span><span class="cx"> #include <runtime/ErrorHandlingScope.h>
</span><span class="lines">@@ -49,6 +48,7 @@
</span><span class="cx"> #include <stdarg.h>
</span><span class="cx"> #include <wtf/MathExtras.h>
</span><span class="cx"> #include <wtf/unicode/CharacterNames.h>
</span><ins>+#include <wtf/text/StringBuilder.h>
</ins><span class="cx">
</span><span class="cx"> using namespace JSC;
</span><span class="cx"> using namespace Inspector;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSDOMBindingh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSDOMBinding.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSDOMBinding.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSDOMBinding.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -30,9 +30,11 @@
</span><span class="cx"> #include "ScriptWrappableInlines.h"
</span><span class="cx"> #include "WebCoreTypedArrayController.h"
</span><span class="cx"> #include <cstddef>
</span><ins>+#include <heap/HeapInlines.h>
</ins><span class="cx"> #include <heap/SlotVisitorInlines.h>
</span><span class="cx"> #include <heap/Weak.h>
</span><span class="cx"> #include <heap/WeakInlines.h>
</span><ins>+#include <runtime/AuxiliaryBarrierInlines.h>
</ins><span class="cx"> #include <runtime/Error.h>
</span><span class="cx"> #include <runtime/IteratorOperations.h>
</span><span class="cx"> #include <runtime/JSArray.h>
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSDeviceMotionEventCustomcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSDeviceMotionEventCustom.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSDeviceMotionEventCustom.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSDeviceMotionEventCustom.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -31,6 +31,8 @@
</span><span class="cx">
</span><span class="cx"> #include "DeviceMotionData.h"
</span><span class="cx"> #include "DeviceMotionEvent.h"
</span><ins>+#include <heap/HeapInlines.h>
+#include <runtime/AuxiliaryBarrierInlines.h>
</ins><span class="cx"> #include <runtime/IdentifierInlines.h>
</span><span class="cx"> #include <runtime/JSCJSValueInlines.h>
</span><span class="cx"> #include <runtime/ObjectConstructor.h>
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSDeviceOrientationEventCustomcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSDeviceOrientationEventCustom.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSDeviceOrientationEventCustom.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSDeviceOrientationEventCustom.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -31,6 +31,7 @@
</span><span class="cx">
</span><span class="cx"> #include "DeviceOrientationData.h"
</span><span class="cx"> #include "DeviceOrientationEvent.h"
</span><ins>+#include <heap/HeapInlines.h>
</ins><span class="cx"> #include <runtime/JSCJSValueInlines.h>
</span><span class="cx"> #include <runtime/StructureInlines.h>
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSErrorEventCustomcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSErrorEventCustom.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSErrorEventCustom.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSErrorEventCustom.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -27,6 +27,7 @@
</span><span class="cx"> #include "JSErrorEvent.h"
</span><span class="cx">
</span><span class="cx"> #include "ErrorEvent.h"
</span><ins>+#include <heap/HeapInlines.h>
</ins><span class="cx">
</span><span class="cx"> using namespace JSC;
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSIDBCursorWithValueCustomcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSIDBCursorWithValueCustom.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSIDBCursorWithValueCustom.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSIDBCursorWithValueCustom.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,6 +29,7 @@
</span><span class="cx"> #if ENABLE(INDEXED_DATABASE)
</span><span class="cx">
</span><span class="cx"> #include "IDBCursorWithValue.h"
</span><ins>+#include <heap/HeapInlines.h>
</ins><span class="cx">
</span><span class="cx"> using namespace JSC;
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSIDBIndexCustomcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSIDBIndexCustom.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSIDBIndexCustom.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSIDBIndexCustom.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,6 +29,7 @@
</span><span class="cx"> #if ENABLE(INDEXED_DATABASE)
</span><span class="cx">
</span><span class="cx"> #include "IDBIndex.h"
</span><ins>+#include <heap/HeapInlines.h>
</ins><span class="cx">
</span><span class="cx"> using namespace JSC;
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSPerformanceTimingCustomcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSPerformanceTimingCustom.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSPerformanceTimingCustom.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSPerformanceTimingCustom.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,6 +29,8 @@
</span><span class="cx"> #if ENABLE(WEB_TIMING)
</span><span class="cx">
</span><span class="cx"> #include "DOMWrapperWorld.h"
</span><ins>+#include <heap/HeapInlines.h>
+#include <runtime/AuxiliaryBarrierInlines.h>
</ins><span class="cx"> #include <runtime/IdentifierInlines.h>
</span><span class="cx"> #include <runtime/JSObject.h>
</span><span class="cx"> #include <runtime/ObjectConstructor.h>
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSPopStateEventCustomcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSPopStateEventCustom.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSPopStateEventCustom.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSPopStateEventCustom.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -33,6 +33,7 @@
</span><span class="cx">
</span><span class="cx"> #include "DOMWrapperWorld.h"
</span><span class="cx"> #include "JSHistory.h"
</span><ins>+#include <heap/HeapInlines.h>
</ins><span class="cx"> #include <runtime/JSCJSValueInlines.h>
</span><span class="cx">
</span><span class="cx"> using namespace JSC;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSWebGL2RenderingContextCustomcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSWebGL2RenderingContextCustom.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSWebGL2RenderingContextCustom.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSWebGL2RenderingContextCustom.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,6 +28,7 @@
</span><span class="cx"> #if ENABLE(WEBGL) && ENABLE(WEBGL2)
</span><span class="cx"> #include "JSWebGL2RenderingContext.h"
</span><span class="cx">
</span><ins>+#include <heap/HeapInlines.h>
</ins><span class="cx"> #include <runtime/Error.h>
</span><span class="cx"> #include "NotImplemented.h"
</span><span class="cx"> #include "WebGL2RenderingContext.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSWorkerGlobalScopeCustomcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSWorkerGlobalScopeCustom.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSWorkerGlobalScopeCustom.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSWorkerGlobalScopeCustom.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -41,7 +41,6 @@
</span><span class="cx"> #include "WorkerGlobalScope.h"
</span><span class="cx"> #include "WorkerLocation.h"
</span><span class="cx"> #include "WorkerNavigator.h"
</span><del>-#include <interpreter/Interpreter.h>
</del><span class="cx">
</span><span class="cx"> #if ENABLE(WEB_SOCKETS)
</span><span class="cx"> #include "JSWebSocket.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorebindingsjsWorkerScriptControllercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/WorkerScriptController.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/WorkerScriptController.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/WorkerScriptController.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -39,7 +39,6 @@
</span><span class="cx"> #include "WorkerThread.h"
</span><span class="cx"> #include <bindings/ScriptValue.h>
</span><span class="cx"> #include <heap/StrongInlines.h>
</span><del>-#include <interpreter/Interpreter.h>
</del><span class="cx"> #include <runtime/Completion.h>
</span><span class="cx"> #include <runtime/Error.h>
</span><span class="cx"> #include <runtime/Exception.h>
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorecontentextensionsContentExtensionParsercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/contentextensions/ContentExtensionParser.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/contentextensions/ContentExtensionParser.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/contentextensions/ContentExtensionParser.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -35,12 +35,9 @@
</span><span class="cx"> #include "ContentExtensionRule.h"
</span><span class="cx"> #include "ContentExtensionsBackend.h"
</span><span class="cx"> #include "ContentExtensionsDebugging.h"
</span><del>-#include <JavaScriptCore/IdentifierInlines.h>
-#include <JavaScriptCore/JSCJSValueInlines.h>
</del><ins>+#include <JavaScriptCore/JSCInlines.h>
</ins><span class="cx"> #include <JavaScriptCore/JSGlobalObject.h>
</span><span class="cx"> #include <JavaScriptCore/JSONObject.h>
</span><del>-#include <JavaScriptCore/JSObjectInlines.h>
-#include <JavaScriptCore/StructureInlines.h>
</del><span class="cx"> #include <JavaScriptCore/VM.h>
</span><span class="cx"> #include <wtf/CurrentTime.h>
</span><span class="cx"> #include <wtf/text/WTFString.h>
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCoredomErrorEventcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/dom/ErrorEvent.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/dom/ErrorEvent.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/dom/ErrorEvent.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -34,6 +34,7 @@
</span><span class="cx">
</span><span class="cx"> #include "DOMWrapperWorld.h"
</span><span class="cx"> #include "EventNames.h"
</span><ins>+#include <heap/HeapInlines.h>
</ins><span class="cx">
</span><span class="cx"> using namespace JSC;
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorehtmlHTMLCanvasElementcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/html/HTMLCanvasElement.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/html/HTMLCanvasElement.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/html/HTMLCanvasElement.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -51,6 +51,7 @@
</span><span class="cx"> #include <runtime/JSCInlines.h>
</span><span class="cx"> #include <runtime/JSLock.h>
</span><span class="cx"> #include <wtf/RAMSize.h>
</span><ins>+#include <wtf/text/StringBuilder.h>
</ins><span class="cx">
</span><span class="cx"> #if ENABLE(WEBGL)
</span><span class="cx"> #include "WebGLContextAttributes.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorehtmlMediaDocumentcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/html/MediaDocument.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/html/MediaDocument.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/html/MediaDocument.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -48,6 +48,7 @@
</span><span class="cx"> #include "ScriptController.h"
</span><span class="cx"> #include "ShadowRoot.h"
</span><span class="cx"> #include "TypedElementDescendantIterator.h"
</span><ins>+#include <wtf/text/StringBuilder.h>
</ins><span class="cx">
</span><span class="cx"> namespace WebCore {
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCoreinspectorCommandLineAPIModulecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/inspector/CommandLineAPIModule.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/inspector/CommandLineAPIModule.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/inspector/CommandLineAPIModule.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,6 +29,7 @@
</span><span class="cx"> #include "CommandLineAPIModuleSource.h"
</span><span class="cx"> #include "JSDOMGlobalObject.h"
</span><span class="cx"> #include "WebInjectedScriptManager.h"
</span><ins>+#include <heap/HeapInlines.h>
</ins><span class="cx"> #include <inspector/InjectedScript.h>
</span><span class="cx">
</span><span class="cx"> using namespace JSC;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCoreloaderEmptyClientscpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/loader/EmptyClients.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/loader/EmptyClients.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/loader/EmptyClients.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -48,6 +48,7 @@
</span><span class="cx"> #include "StorageNamespaceProvider.h"
</span><span class="cx"> #include "ThreadableWebSocketChannel.h"
</span><span class="cx"> #include "UserContentProvider.h"
</span><ins>+#include <heap/HeapInlines.h>
</ins><span class="cx"> #include <wtf/NeverDestroyed.h>
</span><span class="cx">
</span><span class="cx"> namespace WebCore {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorepageCaptionUserPreferencescpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/page/CaptionUserPreferences.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/page/CaptionUserPreferences.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/page/CaptionUserPreferences.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -38,6 +38,7 @@
</span><span class="cx"> #include "UserContentTypes.h"
</span><span class="cx"> #include "UserStyleSheet.h"
</span><span class="cx"> #include "UserStyleSheetTypes.h"
</span><ins>+#include <heap/HeapInlines.h>
</ins><span class="cx"> #include <runtime/JSCellInlines.h>
</span><span class="cx"> #include <runtime/StructureInlines.h>
</span><span class="cx"> #include <wtf/NeverDestroyed.h>
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorepageFramecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/page/Frame.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/page/Frame.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/page/Frame.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -110,6 +110,7 @@
</span><span class="cx"> #include <bindings/ScriptValue.h>
</span><span class="cx"> #include <wtf/RefCountedLeakCounter.h>
</span><span class="cx"> #include <wtf/StdLibExtras.h>
</span><ins>+#include <wtf/text/StringBuilder.h>
</ins><span class="cx"> #include <yarr/RegularExpression.h>
</span><span class="cx">
</span><span class="cx"> #if PLATFORM(IOS)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorepagePageGroupcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/page/PageGroup.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/page/PageGroup.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/page/PageGroup.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -36,6 +36,7 @@
</span><span class="cx"> #include "SecurityOrigin.h"
</span><span class="cx"> #include "Settings.h"
</span><span class="cx"> #include "StorageNamespace.h"
</span><ins>+#include <heap/HeapInlines.h>
</ins><span class="cx"> #include <runtime/StructureInlines.h>
</span><span class="cx"> #include <wtf/StdLibExtras.h>
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorepageUserContentControllercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/page/UserContentController.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/page/UserContentController.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/page/UserContentController.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,6 +29,7 @@
</span><span class="cx"> #include "DOMWrapperWorld.h"
</span><span class="cx"> #include "UserScript.h"
</span><span class="cx"> #include "UserStyleSheet.h"
</span><ins>+#include <heap/HeapInlines.h>
</ins><span class="cx"> #include <runtime/JSCellInlines.h>
</span><span class="cx"> #include <runtime/StructureInlines.h>
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCoreplatformmockmediasourceMockBoxcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/mock/mediasource/MockBox.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/mock/mediasource/MockBox.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/platform/mock/mediasource/MockBox.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -28,6 +28,7 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(MEDIA_SOURCE)
</span><span class="cx">
</span><ins>+#include <JavaScriptCore/HeapInlines.h>
</ins><span class="cx"> #include <JavaScriptCore/JSCJSValueInlines.h>
</span><span class="cx"> #include <JavaScriptCore/TypedArrayInlines.h>
</span><span class="cx"> #include <runtime/ArrayBuffer.h>
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCoretestingGCObservationcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/testing/GCObservation.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/testing/GCObservation.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/testing/GCObservation.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -26,6 +26,8 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "GCObservation.h"
</span><span class="cx">
</span><ins>+#include <heap/HeapInlines.h>
+
</ins><span class="cx"> namespace WebCore {
</span><span class="cx">
</span><span class="cx"> GCObservation::GCObservation(JSC::JSObject* object)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebKit2ChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebKit2/ChangeLog (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebKit2/ChangeLog 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebKit2/ChangeLog 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,3 +1,19 @@
</span><ins>+2016-08-31 Filip Pizlo <fpizlo@apple.com>
+
+ Butterflies should be allocated in Auxiliary MarkedSpace instead of CopiedSpace and we should rewrite as much of the GC as needed to make this not a regression
+ https://bugs.webkit.org/show_bug.cgi?id=160125
+
+ Reviewed by Geoffrey Garen and Keith Miller.
+
+ Just rewiring some #includes.
+
+ * UIProcess/ViewGestureController.cpp:
+ * UIProcess/WebPageProxy.cpp:
+ * UIProcess/WebProcessPool.cpp:
+ * UIProcess/WebProcessProxy.cpp:
+ * WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp:
+ * WebProcess/Plugins/Netscape/JSNPObject.cpp:
+
</ins><span class="cx"> 2016-09-05 Gustavo Noronha Silva <gustavo.noronha@collabora.co.uk>
</span><span class="cx">
</span><span class="cx"> [GTK] GL_PACK_ROW_LENGTH is not available in GLES2
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebKit2UIProcessViewGestureControllercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebKit2/UIProcess/ViewGestureController.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebKit2/UIProcess/ViewGestureController.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebKit2/UIProcess/ViewGestureController.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -33,6 +33,7 @@
</span><span class="cx"> #import "WebProcessProxy.h"
</span><span class="cx"> #import <wtf/MathExtras.h>
</span><span class="cx"> #import <wtf/NeverDestroyed.h>
</span><ins>+#import <wtf/text/StringBuilder.h>
</ins><span class="cx">
</span><span class="cx"> using namespace WebCore;
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebKit2UIProcessWebPageProxycpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebKit2/UIProcess/WebPageProxy.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebKit2/UIProcess/WebPageProxy.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebKit2/UIProcess/WebPageProxy.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -125,6 +125,7 @@
</span><span class="cx"> #include <WebCore/WindowFeatures.h>
</span><span class="cx"> #include <stdio.h>
</span><span class="cx"> #include <wtf/NeverDestroyed.h>
</span><ins>+#include <wtf/text/StringBuilder.h>
</ins><span class="cx"> #include <wtf/text/StringView.h>
</span><span class="cx">
</span><span class="cx"> #if ENABLE(ASYNC_SCROLLING)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebKit2UIProcessWebProcessPoolcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebKit2/UIProcess/WebProcessPool.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebKit2/UIProcess/WebProcessPool.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebKit2/UIProcess/WebProcessPool.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -74,6 +74,7 @@
</span><span class="cx"> #include <wtf/MainThread.h>
</span><span class="cx"> #include <wtf/NeverDestroyed.h>
</span><span class="cx"> #include <wtf/RunLoop.h>
</span><ins>+#include <wtf/text/StringBuilder.h>
</ins><span class="cx">
</span><span class="cx"> #if ENABLE(BATTERY_STATUS)
</span><span class="cx"> #include "WebBatteryManagerProxy.h"
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebKit2UIProcessWebProcessProxycpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebKit2/UIProcess/WebProcessProxy.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebKit2/UIProcess/WebProcessProxy.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebKit2/UIProcess/WebProcessProxy.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -56,6 +56,7 @@
</span><span class="cx"> #include <wtf/NeverDestroyed.h>
</span><span class="cx"> #include <wtf/RunLoop.h>
</span><span class="cx"> #include <wtf/text/CString.h>
</span><ins>+#include <wtf/text/StringBuilder.h>
</ins><span class="cx"> #include <wtf/text/WTFString.h>
</span><span class="cx">
</span><span class="cx"> #if PLATFORM(COCOA)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebKit2WebProcessInjectedBundleDOMInjectedBundleRangeHandlecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebKit2/WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebKit2/WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebKit2/WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -29,6 +29,7 @@
</span><span class="cx"> #include "ShareableBitmap.h"
</span><span class="cx"> #include "WebImage.h"
</span><span class="cx"> #include <JavaScriptCore/APICast.h>
</span><ins>+#include <JavaScriptCore/HeapInlines.h>
</ins><span class="cx"> #include <WebCore/Document.h>
</span><span class="cx"> #include <WebCore/FloatRect.h>
</span><span class="cx"> #include <WebCore/Frame.h>
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebKit2WebProcessPluginsNetscapeJSNPObjectcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebKit2/WebProcess/Plugins/Netscape/JSNPObject.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebKit2/WebProcess/Plugins/Netscape/JSNPObject.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/WebKit2/WebProcess/Plugins/Netscape/JSNPObject.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2010 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2010, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -32,6 +32,7 @@
</span><span class="cx"> #include "NPJSObject.h"
</span><span class="cx"> #include "NPRuntimeObjectMap.h"
</span><span class="cx"> #include "NPRuntimeUtilities.h"
</span><ins>+#include <JavaScriptCore/AuxiliaryBarrierInlines.h>
</ins><span class="cx"> #include <JavaScriptCore/Error.h>
</span><span class="cx"> #include <JavaScriptCore/IdentifierInlines.h>
</span><span class="cx"> #include <JavaScriptCore/JSGlobalObject.h>
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourcebmallocChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/bmalloc/ChangeLog (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/bmalloc/ChangeLog 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/bmalloc/ChangeLog 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,3 +1,22 @@
</span><ins>+2016-08-31 Filip Pizlo <fpizlo@apple.com>
+
+ Butterflies should be allocated in Auxiliary MarkedSpace instead of CopiedSpace and we should rewrite as much of the GC as needed to make this not a regression
+ https://bugs.webkit.org/show_bug.cgi?id=160125
+
+ Reviewed by Geoffrey Garen and Keith Miller.
+
+ I needed to tryMemalign, so I added such a thing.
+
+ * bmalloc/Allocator.cpp:
+ (bmalloc::Allocator::allocate):
+ (bmalloc::Allocator::tryAllocate):
+ (bmalloc::Allocator::allocateImpl):
+ * bmalloc/Allocator.h:
+ * bmalloc/Cache.h:
+ (bmalloc::Cache::tryAllocate):
+ * bmalloc/bmalloc.h:
+ (bmalloc::api::tryMemalign):
+
</ins><span class="cx"> 2016-08-30 Geoffrey Garen <ggaren@apple.com>
</span><span class="cx">
</span><span class="cx"> bmalloc: speed up the lock slow path
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourcebmallocbmallocAllocatorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/bmalloc/bmalloc/Allocator.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/bmalloc/bmalloc/Allocator.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/bmalloc/bmalloc/Allocator.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014, 2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -64,6 +64,18 @@
</span><span class="cx">
</span><span class="cx"> void* Allocator::allocate(size_t alignment, size_t size)
</span><span class="cx"> {
</span><ins>+ bool crashOnFailure = true;
+ return allocateImpl(alignment, size, crashOnFailure);
+}
+
+void* Allocator::tryAllocate(size_t alignment, size_t size)
+{
+ bool crashOnFailure = false;
+ return allocateImpl(alignment, size, crashOnFailure);
+}
+
+void* Allocator::allocateImpl(size_t alignment, size_t size, bool crashOnFailure)
+{
</ins><span class="cx"> BASSERT(isPowerOfTwo(alignment));
</span><span class="cx">
</span><span class="cx"> if (!m_isBmallocEnabled) {
</span><span class="lines">@@ -80,7 +92,10 @@
</span><span class="cx"> return allocate(roundUpToMultipleOf(alignment, size));
</span><span class="cx">
</span><span class="cx"> std::lock_guard<StaticMutex> lock(PerProcess<Heap>::mutex());
</span><del>- return PerProcess<Heap>::getFastCase()->allocateLarge(lock, alignment, size);
</del><ins>+ Heap* heap = PerProcess<Heap>::getFastCase();
+ if (crashOnFailure)
+ return heap->allocateLarge(lock, alignment, size);
+ return heap->tryAllocateLarge(lock, alignment, size);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void* Allocator::reallocate(void* object, size_t newSize)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourcebmallocbmallocAllocatorh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/bmalloc/bmalloc/Allocator.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/bmalloc/bmalloc/Allocator.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/bmalloc/bmalloc/Allocator.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -43,6 +43,7 @@
</span><span class="cx">
</span><span class="cx"> void* tryAllocate(size_t);
</span><span class="cx"> void* allocate(size_t);
</span><ins>+ void* tryAllocate(size_t alignment, size_t);
</ins><span class="cx"> void* allocate(size_t alignment, size_t);
</span><span class="cx"> void* reallocate(void*, size_t);
</span><span class="cx">
</span><span class="lines">@@ -49,6 +50,8 @@
</span><span class="cx"> void scavenge();
</span><span class="cx">
</span><span class="cx"> private:
</span><ins>+ void* allocateImpl(size_t alignment, size_t, bool crashOnFailure);
+
</ins><span class="cx"> bool allocateFastCase(size_t, void*&);
</span><span class="cx"> void* allocateSlowCase(size_t);
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourcebmallocbmallocCacheh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/bmalloc/bmalloc/Cache.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/bmalloc/bmalloc/Cache.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/bmalloc/bmalloc/Cache.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014, 2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -41,6 +41,7 @@
</span><span class="cx">
</span><span class="cx"> static void* tryAllocate(size_t);
</span><span class="cx"> static void* allocate(size_t);
</span><ins>+ static void* tryAllocate(size_t alignment, size_t);
</ins><span class="cx"> static void* allocate(size_t alignment, size_t);
</span><span class="cx"> static void deallocate(void*);
</span><span class="cx"> static void* reallocate(void*, size_t);
</span><span class="lines">@@ -79,6 +80,14 @@
</span><span class="cx"> return cache->allocator().allocate(size);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+inline void* Cache::tryAllocate(size_t alignment, size_t size)
+{
+ Cache* cache = PerThread<Cache>::getFastCase();
+ if (!cache)
+ return allocateSlowCaseNullCache(alignment, size);
+ return cache->allocator().tryAllocate(alignment, size);
+}
+
</ins><span class="cx"> inline void* Cache::allocate(size_t alignment, size_t size)
</span><span class="cx"> {
</span><span class="cx"> Cache* cache = PerThread<Cache>::getFastCase();
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214Sourcebmallocbmallocbmalloch"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/bmalloc/bmalloc/bmalloc.h (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/bmalloc/bmalloc/bmalloc.h 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Source/bmalloc/bmalloc/bmalloc.h 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014, 2015 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -43,6 +43,12 @@
</span><span class="cx"> return Cache::allocate(size);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+// Returns null on failure.
+inline void* tryMemalign(size_t alignment, size_t size)
+{
+ return Cache::tryAllocate(alignment, size);
+}
+
</ins><span class="cx"> // Crashes on failure.
</span><span class="cx"> inline void* memalign(size_t alignment, size_t size)
</span><span class="cx"> {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214ToolsChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Tools/ChangeLog (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Tools/ChangeLog 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Tools/ChangeLog 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -1,3 +1,17 @@
</span><ins>+2016-08-31 Filip Pizlo <fpizlo@apple.com>
+
+ Butterflies should be allocated in Auxiliary MarkedSpace instead of CopiedSpace and we should rewrite as much of the GC as needed to make this not a regression
+ https://bugs.webkit.org/show_bug.cgi?id=160125
+
+ Reviewed by Geoffrey Garen and Keith Miller.
+
+ * DumpRenderTree/TestRunner.cpp:
+ * DumpRenderTree/mac/DumpRenderTree.mm:
+ (DumpRenderTreeMain):
+ * Scripts/run-jsc-stress-tests:
+ * TestWebKitAPI/Tests/WTF/Vector.cpp:
+ (TestWebKitAPI::TEST):
+
</ins><span class="cx"> 2016-09-03 Youenn Fablet <youenn@apple.com>
</span><span class="cx">
</span><span class="cx"> run-webkit-tests should detect w3c test resource files
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214ToolsDumpRenderTreeTestRunnercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Tools/DumpRenderTree/TestRunner.cpp (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Tools/DumpRenderTree/TestRunner.cpp 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Tools/DumpRenderTree/TestRunner.cpp 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -34,6 +34,7 @@
</span><span class="cx"> #include "WorkQueue.h"
</span><span class="cx"> #include "WorkQueueItem.h"
</span><span class="cx"> #include <JavaScriptCore/APICast.h>
</span><ins>+#include <JavaScriptCore/HeapInlines.h>
</ins><span class="cx"> #include <JavaScriptCore/JSContextRef.h>
</span><span class="cx"> #include <JavaScriptCore/JSCTestRunnerUtils.h>
</span><span class="cx"> #include <JavaScriptCore/JSObjectRef.h>
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214ToolsDumpRenderTreemacDumpRenderTreemm"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Tools/DumpRenderTree/mac/DumpRenderTree.mm (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Tools/DumpRenderTree/mac/DumpRenderTree.mm 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Tools/DumpRenderTree/mac/DumpRenderTree.mm 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -56,9 +56,7 @@
</span><span class="cx"> #import "WorkQueue.h"
</span><span class="cx"> #import "WorkQueueItem.h"
</span><span class="cx"> #import <CoreFoundation/CoreFoundation.h>
</span><del>-#import <JavaScriptCore/HeapStatistics.h>
-#import <JavaScriptCore/LLIntData.h>
-#import <JavaScriptCore/Options.h>
</del><ins>+#import <JavaScriptCore/TestRunnerUtils.h>
</ins><span class="cx"> #import <WebCore/LogInitialization.h>
</span><span class="cx"> #import <WebKit/DOMElement.h>
</span><span class="cx"> #import <WebKit/DOMExtensions.h>
</span><span class="lines">@@ -1429,10 +1427,7 @@
</span><span class="cx"> #endif
</span><span class="cx"> [WebCoreStatistics garbageCollectJavaScriptObjects];
</span><span class="cx"> [WebCoreStatistics emptyCache]; // Otherwise SVGImages trigger false positives for Frame/Node counts
</span><del>- if (JSC::Options::logHeapStatisticsAtExit())
- JSC::HeapStatistics::reportSuccess();
- if (JSC::Options::reportLLIntStats())
- JSC::LLInt::Data::finalizeStats();
</del><ins>+ JSC::finalizeStatsAtEndOfTesting();
</ins><span class="cx"> [pool release];
</span><span class="cx"> returningFromMain = true;
</span><span class="cx"> return 0;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214ToolsScriptsrunjscstresstests"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Tools/Scripts/run-jsc-stress-tests (205716 => 205717)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Tools/Scripts/run-jsc-stress-tests 2016-09-09 08:42:48 UTC (rev 205716)
+++ releases/WebKitGTK/webkit-2.14/Tools/Scripts/run-jsc-stress-tests 2016-09-09 08:55:20 UTC (rev 205717)
</span><span class="lines">@@ -420,7 +420,7 @@
</span><span class="cx"> # We force all tests to use a smaller (1.5M) stack so that stack overflow tests can run faster.
</span><span class="cx"> BASE_OPTIONS = ["--useFTLJIT=false", "--useFunctionDotArguments=true", "--maxPerThreadStackUsage=1572864"]
</span><span class="cx"> EAGER_OPTIONS = ["--thresholdForJITAfterWarmUp=10", "--thresholdForJITSoon=10", "--thresholdForOptimizeAfterWarmUp=20", "--thresholdForOptimizeAfterLongWarmUp=20", "--thresholdForOptimizeSoon=20", "--thresholdForFTLOptimizeAfterWarmUp=20", "--thresholdForFTLOptimizeSoon=20", "--maximumEvalCacheableSourceLength=150000", "--useEagerCodeBlockJettisonTiming=true"]
</span><del>-NO_CJIT_OPTIONS = ["--useConcurrentJIT=false", "--thresholdForJITAfterWarmUp=100"]
</del><ins>+NO_CJIT_OPTIONS = ["--useConcurrentJIT=false", "--thresholdForJITAfterWarmUp=100", "--scribbleFreeCells=true"]
</ins><span class="cx"> FTL_OPTIONS = ["--useFTLJIT=true"]
</span><span class="cx">
</span><span class="cx"> $runlist = []
</span></span></pre>
</div>
</div>
</body>
</html>