Title: [105816] trunk/Source/_javascript_Core
- Revision
- 105816
- Author
- [email protected]
- Date
- 2012-01-24 14:54:31 -0800 (Tue, 24 Jan 2012)
Log Message
Use copying collector for out-of-line JSObject property storage
https://bugs.webkit.org/show_bug.cgi?id=76665
Reviewed by Geoffrey Garen.
* runtime/JSObject.cpp:
(JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line.
Also added a temporary variable to avoid warnings from GCC.
(JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to
operator new. Also added a temporary variable to avoid warnings from GCC.
* runtime/JSObject.h:
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (105815 => 105816)
--- trunk/Source/_javascript_Core/ChangeLog 2012-01-24 22:52:24 UTC (rev 105815)
+++ trunk/Source/_javascript_Core/ChangeLog 2012-01-24 22:54:31 UTC (rev 105816)
@@ -1,3 +1,17 @@
+2012-01-24 Mark Hahnenberg <[email protected]>
+
+ Use copying collector for out-of-line JSObject property storage
+ https://bugs.webkit.org/show_bug.cgi?id=76665
+
+ Reviewed by Geoffrey Garen.
+
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::visitChildren): Changed to use copyAndAppend whenever the property storage is out-of-line.
+ Also added a temporary variable to avoid warnings from GCC.
+ (JSC::JSObject::allocatePropertyStorage): Changed to use tryAllocateStorage/tryReallocateStorage as opposed to
+ operator new. Also added a temporary variable to avoid warnings from GCC.
+ * runtime/JSObject.h:
+
2012-01-24 Geoffrey Garen <[email protected]>
JSValue::toString() should return a JSString* instead of a UString
Modified: trunk/Source/_javascript_Core/runtime/JSObject.cpp (105815 => 105816)
--- trunk/Source/_javascript_Core/runtime/JSObject.cpp 2012-01-24 22:52:24 UTC (rev 105815)
+++ trunk/Source/_javascript_Core/runtime/JSObject.cpp 2012-01-24 22:54:31 UTC (rev 105816)
@@ -24,6 +24,7 @@
#include "config.h"
#include "JSObject.h"
+#include "BumpSpaceInlineMethods.h"
#include "DatePrototype.h"
#include "ErrorConstructor.h"
#include "GetterSetter.h"
@@ -83,11 +84,6 @@
}
}
-void JSObject::finalize(JSCell* cell)
-{
- delete [] jsCast<JSObject*>(cell)->m_propertyStorage.get();
-}
-
void JSObject::destroy(JSCell* cell)
{
jsCast<JSObject*>(cell)->JSObject::~JSObject();
@@ -106,7 +102,16 @@
PropertyStorage storage = thisObject->propertyStorage();
size_t storageSize = thisObject->structure()->propertyStorageSize();
- visitor.appendValues(storage, storageSize);
+ if (thisObject->isUsingInlineStorage())
+ visitor.appendValues(storage, storageSize);
+ else {
+ // We have this extra temp here to slake GCC's thirst for the blood of those who dereference type-punned pointers.
+ void* temp = storage;
+ visitor.copyAndAppend(&temp, thisObject->structure()->propertyStorageCapacity() * sizeof(WriteBarrierBase<Unknown>), storage->slot(), storageSize);
+ storage = static_cast<PropertyStorage>(temp);
+ thisObject->m_propertyStorage.set(storage, StorageBarrier::Unchecked);
+ }
+
if (thisObject->m_inheritorID)
visitor.append(&thisObject->m_inheritorID);
@@ -633,20 +638,28 @@
// It's important that this function not rely on structure(), since
// we might be in the middle of a transition.
- PropertyStorage newPropertyStorage = 0;
- newPropertyStorage = new WriteBarrierBase<Unknown>[newSize];
PropertyStorage oldPropertyStorage = m_propertyStorage.get();
- ASSERT(newPropertyStorage);
+ PropertyStorage newPropertyStorage = 0;
- for (unsigned i = 0; i < oldSize; ++i)
- newPropertyStorage[i] = oldPropertyStorage[i];
+ if (isUsingInlineStorage()) {
+ // We have this extra temp here to slake GCC's thirst for the blood of those who dereference type-punned pointers.
+ void* temp = newPropertyStorage;
+ if (!globalData.heap.tryAllocateStorage(sizeof(WriteBarrierBase<Unknown>) * newSize, &temp))
+ CRASH();
+ newPropertyStorage = static_cast<PropertyStorage>(temp);
- if (isUsingInlineStorage())
- Heap::heap(this)->addFinalizer(this, &finalize);
- else
- delete [] oldPropertyStorage;
+ for (unsigned i = 0; i < oldSize; ++i)
+ newPropertyStorage[i] = oldPropertyStorage[i];
+ } else {
+ // We have this extra temp here to slake GCC's thirst for the blood of those who dereference type-punned pointers.
+ void* temp = oldPropertyStorage;
+ if (!globalData.heap.tryReallocateStorage(&temp, sizeof(WriteBarrierBase<Unknown>) * oldSize, sizeof(WriteBarrierBase<Unknown>) * newSize))
+ CRASH();
+ newPropertyStorage = static_cast<PropertyStorage>(temp);
+ }
+ ASSERT(newPropertyStorage);
m_propertyStorage.set(globalData, this, newPropertyStorage);
}
Modified: trunk/Source/_javascript_Core/runtime/JSObject.h (105815 => 105816)
--- trunk/Source/_javascript_Core/runtime/JSObject.h 2012-01-24 22:52:24 UTC (rev 105815)
+++ trunk/Source/_javascript_Core/runtime/JSObject.h 2012-01-24 22:54:31 UTC (rev 105816)
@@ -90,8 +90,6 @@
JS_EXPORT_PRIVATE static UString className(const JSObject*);
- static void finalize(JSCell*);
-
JSValue prototype() const;
void setPrototype(JSGlobalData&, JSValue prototype);
bool setPrototypeWithCycleCheck(JSGlobalData&, JSValue prototype);
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
