[Webkit-unassigned] [Bug 196022] New: [JSC] Reorganize JSScope mechanism

Wed Mar 20 12:03:36 PDT 2019

https://bugs.webkit.org/show_bug.cgi?id=196022

            Bug ID: 196022
           Summary: [JSC] Reorganize JSScope mechanism
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ysuzuki at apple.com

Currently, all the scopes inherit JSScope, and JSScope inherits JSNonFinalObject!
This is because,

1. One of the JSScope class, JSGlobalObject needs to be an object.
2. We would like to have a convenient way to get `globalObject` from JSScope `scope->globalObject(vm)`

But this convenient inheritance hierarchy results in memory bloat now. All the scopes have Butterfly pointer, and it is nullptr except for JSGlobalObject.
If we cut this butterfly pointer, we can make JSLexicalEnvironment small. And we can find so many small JSLexicalEnvironments (scopeSize = 1) are allocated in RAMification's Air test.
This is largely because of closures I think. And I think such a small JSLexicalEnvironment can be seen in the wild due to closures. Reducing size of JSLexicalEnvironment tighten our memory footprint.

My current plan is,

Break the current inheritance hierarchy and make JSScope something like an interface.
Put m_next field in all the scope objects in the same offset (we can ensure it by RELEASE_ASSERT in LLIntData etc.)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190320/52552ce4/attachment.html>