|
|
|
@ -1,652 +0,0 @@
|
|
|
|
|
From 162f94957f5a65aa0177bdea2b5810d44b637b5a Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: Mark Lam <mark.lam@apple.com>
|
|
|
|
|
Date: Fri, 31 Mar 2023 10:49:49 -0700
|
|
|
|
|
Subject: [PATCH] Cherry-pick 259548.395@safari-7615.1.26.11-branch
|
|
|
|
|
(1039f0c3235f). <bug>
|
|
|
|
|
|
|
|
|
|
Cherry-pick 2c49ff7b0481. rdar://problem/107369977
|
|
|
|
|
|
|
|
|
|
CloneDeserializer::deserialize() should store cell pointers in a MarkedVector.
|
|
|
|
|
https://bugs.webkit.org/show_bug.cgi?id=254797
|
|
|
|
|
rdar://107369977
|
|
|
|
|
|
|
|
|
|
Reviewed by Justin Michaud.
|
|
|
|
|
|
|
|
|
|
Previously, CloneDeserializer::deserialize() was storing pointers to newly created objects
|
|
|
|
|
in a few Vectors. This is problematic because the GC is not aware of Vectors, and cannot
|
|
|
|
|
scan them. In this patch, we refactor the MarkedArgumentBuffer class into a MarkedVector
|
|
|
|
|
template class that offer 2 enhancements:
|
|
|
|
|
|
|
|
|
|
1. It can be configured to store specific types of cell pointer types. This avoids us
|
|
|
|
|
having to constantly cast JSValues into these pointers.
|
|
|
|
|
|
|
|
|
|
2. It allows us to specify the type of OverflowHandler we want to use. In this case,
|
|
|
|
|
we want to use CrashOnOverflow. The previous MarkedArgumentBuffer always assumes
|
|
|
|
|
RecordOnOverflow. This allows us to avoid having to manually check for overflows,
|
|
|
|
|
or have to use appendWithCrashOnOverflow. For our current needs, MarkedVector can be
|
|
|
|
|
used as a drop in replacement for Vector.
|
|
|
|
|
|
|
|
|
|
And we fix the CloneDeserializer::deserialize() issue by replacing the use of Vectors
|
|
|
|
|
with MarkedVector instead.
|
|
|
|
|
|
|
|
|
|
* Source/JavaScriptCore/heap/Heap.cpp:
|
|
|
|
|
(JSC::Heap::addCoreConstraints):
|
|
|
|
|
* Source/JavaScriptCore/heap/Heap.h:
|
|
|
|
|
* Source/JavaScriptCore/heap/HeapInlines.h:
|
|
|
|
|
* Source/JavaScriptCore/runtime/ArgList.cpp:
|
|
|
|
|
(JSC::MarkedVectorBase::addMarkSet):
|
|
|
|
|
(JSC::MarkedVectorBase::markLists):
|
|
|
|
|
(JSC::MarkedVectorBase::slowEnsureCapacity):
|
|
|
|
|
(JSC::MarkedVectorBase::expandCapacity):
|
|
|
|
|
(JSC::MarkedVectorBase::slowAppend):
|
|
|
|
|
(JSC::MarkedArgumentBufferBase::addMarkSet): Deleted.
|
|
|
|
|
(JSC::MarkedArgumentBufferBase::markLists): Deleted.
|
|
|
|
|
(JSC::MarkedArgumentBufferBase::slowEnsureCapacity): Deleted.
|
|
|
|
|
(JSC::MarkedArgumentBufferBase::expandCapacity): Deleted.
|
|
|
|
|
(JSC::MarkedArgumentBufferBase::slowAppend): Deleted.
|
|
|
|
|
* Source/JavaScriptCore/runtime/ArgList.h:
|
|
|
|
|
(JSC::MarkedVectorWithSize::MarkedVectorWithSize):
|
|
|
|
|
(JSC::MarkedVectorWithSize::at const):
|
|
|
|
|
(JSC::MarkedVectorWithSize::clear):
|
|
|
|
|
(JSC::MarkedVectorWithSize::append):
|
|
|
|
|
(JSC::MarkedVectorWithSize::appendWithCrashOnOverflow):
|
|
|
|
|
(JSC::MarkedVectorWithSize::last const):
|
|
|
|
|
(JSC::MarkedVectorWithSize::takeLast):
|
|
|
|
|
(JSC::MarkedVectorWithSize::ensureCapacity):
|
|
|
|
|
(JSC::MarkedVectorWithSize::hasOverflowed):
|
|
|
|
|
(JSC::MarkedVectorWithSize::fill):
|
|
|
|
|
(JSC::MarkedArgumentBufferWithSize::MarkedArgumentBufferWithSize): Deleted.
|
|
|
|
|
* Source/WebCore/Modules/webaudio/AudioWorkletProcessor.cpp:
|
|
|
|
|
(WebCore::AudioWorkletProcessor::buildJSArguments):
|
|
|
|
|
* Source/WebCore/Modules/webaudio/AudioWorkletProcessor.h:
|
|
|
|
|
* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
|
|
|
|
|
(WebCore::CloneDeserializer::deserialize):
|
|
|
|
|
|
|
|
|
|
Canonical link: https://commits.webkit.org/259548.530@safari-7615-branch
|
|
|
|
|
|
|
|
|
|
Identifier: 259548.395@safari-7615.1.26.11-branch
|
|
|
|
|
---
|
|
|
|
|
Source/JavaScriptCore/heap/Heap.cpp | 6 +-
|
|
|
|
|
Source/JavaScriptCore/heap/Heap.h | 8 +-
|
|
|
|
|
Source/JavaScriptCore/heap/HeapInlines.h | 6 +-
|
|
|
|
|
Source/JavaScriptCore/runtime/ArgList.cpp | 46 ++--
|
|
|
|
|
Source/JavaScriptCore/runtime/ArgList.h | 206 ++++++++++--------
|
|
|
|
|
.../webaudio/AudioWorkletProcessor.cpp | 4 +-
|
|
|
|
|
.../Modules/webaudio/AudioWorkletProcessor.h | 7 +-
|
|
|
|
|
.../bindings/js/SerializedScriptValue.cpp | 11 +-
|
|
|
|
|
8 files changed, 160 insertions(+), 134 deletions(-)
|
|
|
|
|
|
|
|
|
|
diff --git a/Source/JavaScriptCore/heap/Heap.cpp b/Source/JavaScriptCore/heap/Heap.cpp
|
|
|
|
|
index 8e53ddead1fd..7e3f8487f3db 100644
|
|
|
|
|
--- a/Source/JavaScriptCore/heap/Heap.cpp
|
|
|
|
|
+++ b/Source/JavaScriptCore/heap/Heap.cpp
|
|
|
|
|
@@ -1,5 +1,5 @@
|
|
|
|
|
/*
|
|
|
|
|
- * Copyright (C) 2003-2022 Apple Inc. All rights reserved.
|
|
|
|
|
+ * Copyright (C) 2003-2023 Apple Inc. All rights reserved.
|
|
|
|
|
* Copyright (C) 2007 Eric Seidel <eric@webkit.org>
|
|
|
|
|
*
|
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
|
@@ -2836,9 +2836,9 @@ void Heap::addCoreConstraints()
|
|
|
|
|
visitor.appendUnbarriered(pair.key);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
- if (m_markListSet && m_markListSet->size()) {
|
|
|
|
|
+ if (!m_markListSet.isEmpty()) {
|
|
|
|
|
SetRootMarkReasonScope rootScope(visitor, RootMarkReason::ConservativeScan);
|
|
|
|
|
- MarkedArgumentBufferBase::markLists(visitor, *m_markListSet);
|
|
|
|
|
+ MarkedVectorBase::markLists(visitor, m_markListSet);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
diff --git a/Source/JavaScriptCore/heap/Heap.h b/Source/JavaScriptCore/heap/Heap.h
|
|
|
|
|
index af0e4c46a6ce..fd8cf668baae 100644
|
|
|
|
|
--- a/Source/JavaScriptCore/heap/Heap.h
|
|
|
|
|
+++ b/Source/JavaScriptCore/heap/Heap.h
|
|
|
|
|
@@ -1,7 +1,7 @@
|
|
|
|
|
/*
|
|
|
|
|
* Copyright (C) 1999-2000 Harri Porten (porten@kde.org)
|
|
|
|
|
* Copyright (C) 2001 Peter Kelly (pmk@post.com)
|
|
|
|
|
- * Copyright (C) 2003-2022 Apple Inc. All rights reserved.
|
|
|
|
|
+ * Copyright (C) 2003-2023 Apple Inc. All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
|
@@ -85,7 +85,7 @@ class MarkStackArray;
|
|
|
|
|
class MarkStackMergingConstraint;
|
|
|
|
|
class MarkedJSValueRefArray;
|
|
|
|
|
class BlockDirectory;
|
|
|
|
|
-class MarkedArgumentBufferBase;
|
|
|
|
|
+class MarkedVectorBase;
|
|
|
|
|
class MarkingConstraint;
|
|
|
|
|
class MarkingConstraintSet;
|
|
|
|
|
class MutatorScheduler;
|
|
|
|
|
@@ -410,7 +410,7 @@ public:
|
|
|
|
|
JS_EXPORT_PRIVATE std::unique_ptr<TypeCountSet> protectedObjectTypeCounts();
|
|
|
|
|
JS_EXPORT_PRIVATE std::unique_ptr<TypeCountSet> objectTypeCounts();
|
|
|
|
|
|
|
|
|
|
- HashSet<MarkedArgumentBufferBase*>& markListSet();
|
|
|
|
|
+ HashSet<MarkedVectorBase*>& markListSet();
|
|
|
|
|
void addMarkedJSValueRefArray(MarkedJSValueRefArray*);
|
|
|
|
|
|
|
|
|
|
template<typename Functor> void forEachProtectedCell(const Functor&);
|
|
|
|
|
@@ -779,7 +779,7 @@ private:
|
|
|
|
|
size_t m_deprecatedExtraMemorySize { 0 };
|
|
|
|
|
|
|
|
|
|
ProtectCountSet m_protectedValues;
|
|
|
|
|
- std::unique_ptr<HashSet<MarkedArgumentBufferBase*>> m_markListSet;
|
|
|
|
|
+ HashSet<MarkedVectorBase*> m_markListSet;
|
|
|
|
|
SentinelLinkedList<MarkedJSValueRefArray, BasicRawSentinelNode<MarkedJSValueRefArray>> m_markedJSValueRefArrays;
|
|
|
|
|
|
|
|
|
|
std::unique_ptr<MachineThreads> m_machineThreads;
|
|
|
|
|
diff --git a/Source/JavaScriptCore/heap/HeapInlines.h b/Source/JavaScriptCore/heap/HeapInlines.h
|
|
|
|
|
index 39c06b659d9c..4d767a564d5f 100644
|
|
|
|
|
--- a/Source/JavaScriptCore/heap/HeapInlines.h
|
|
|
|
|
+++ b/Source/JavaScriptCore/heap/HeapInlines.h
|
|
|
|
|
@@ -206,11 +206,9 @@ inline void Heap::decrementDeferralDepthAndGCIfNeeded()
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
-inline HashSet<MarkedArgumentBufferBase*>& Heap::markListSet()
|
|
|
|
|
+inline HashSet<MarkedVectorBase*>& Heap::markListSet()
|
|
|
|
|
{
|
|
|
|
|
- if (!m_markListSet)
|
|
|
|
|
- m_markListSet = makeUnique<HashSet<MarkedArgumentBufferBase*>>();
|
|
|
|
|
- return *m_markListSet;
|
|
|
|
|
+ return m_markListSet;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
inline void Heap::reportExtraMemoryAllocated(size_t size)
|
|
|
|
|
diff --git a/Source/JavaScriptCore/runtime/ArgList.cpp b/Source/JavaScriptCore/runtime/ArgList.cpp
|
|
|
|
|
index f2815b80c8c7..a72dea74a56f 100644
|
|
|
|
|
--- a/Source/JavaScriptCore/runtime/ArgList.cpp
|
|
|
|
|
+++ b/Source/JavaScriptCore/runtime/ArgList.cpp
|
|
|
|
|
@@ -1,5 +1,5 @@
|
|
|
|
|
/*
|
|
|
|
|
- * Copyright (C) 2003-2021 Apple Inc. All rights reserved.
|
|
|
|
|
+ * Copyright (C) 2003-2023 Apple Inc. All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU Library General Public
|
|
|
|
|
@@ -27,7 +27,7 @@ using std::min;
|
|
|
|
|
|
|
|
|
|
namespace JSC {
|
|
|
|
|
|
|
|
|
|
-void MarkedArgumentBufferBase::addMarkSet(JSValue v)
|
|
|
|
|
+void MarkedVectorBase::addMarkSet(JSValue v)
|
|
|
|
|
{
|
|
|
|
|
if (m_markSet)
|
|
|
|
|
return;
|
|
|
|
|
@@ -52,47 +52,47 @@ void ArgList::getSlice(int startIndex, ArgList& result) const
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
template<typename Visitor>
|
|
|
|
|
-void MarkedArgumentBufferBase::markLists(Visitor& visitor, ListSet& markSet)
|
|
|
|
|
+void MarkedVectorBase::markLists(Visitor& visitor, ListSet& markSet)
|
|
|
|
|
{
|
|
|
|
|
ListSet::iterator end = markSet.end();
|
|
|
|
|
for (ListSet::iterator it = markSet.begin(); it != end; ++it) {
|
|
|
|
|
- MarkedArgumentBufferBase* list = *it;
|
|
|
|
|
+ MarkedVectorBase* list = *it;
|
|
|
|
|
for (int i = 0; i < list->m_size; ++i)
|
|
|
|
|
visitor.appendUnbarriered(JSValue::decode(list->slotFor(i)));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
-template void MarkedArgumentBufferBase::markLists(AbstractSlotVisitor&, ListSet&);
|
|
|
|
|
-template void MarkedArgumentBufferBase::markLists(SlotVisitor&, ListSet&);
|
|
|
|
|
+template void MarkedVectorBase::markLists(AbstractSlotVisitor&, ListSet&);
|
|
|
|
|
+template void MarkedVectorBase::markLists(SlotVisitor&, ListSet&);
|
|
|
|
|
|
|
|
|
|
-void MarkedArgumentBufferBase::slowEnsureCapacity(size_t requestedCapacity)
|
|
|
|
|
+auto MarkedVectorBase::slowEnsureCapacity(size_t requestedCapacity) -> Status
|
|
|
|
|
{
|
|
|
|
|
setNeedsOverflowCheck();
|
|
|
|
|
auto checkedNewCapacity = CheckedInt32(requestedCapacity);
|
|
|
|
|
if (UNLIKELY(checkedNewCapacity.hasOverflowed()))
|
|
|
|
|
- return this->overflowed();
|
|
|
|
|
- expandCapacity(checkedNewCapacity);
|
|
|
|
|
+ return Status::Overflowed;
|
|
|
|
|
+ return expandCapacity(checkedNewCapacity);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
-void MarkedArgumentBufferBase::expandCapacity()
|
|
|
|
|
+auto MarkedVectorBase::expandCapacity() -> Status
|
|
|
|
|
{
|
|
|
|
|
setNeedsOverflowCheck();
|
|
|
|
|
auto checkedNewCapacity = CheckedInt32(m_capacity) * 2;
|
|
|
|
|
if (UNLIKELY(checkedNewCapacity.hasOverflowed()))
|
|
|
|
|
- return this->overflowed();
|
|
|
|
|
- expandCapacity(checkedNewCapacity);
|
|
|
|
|
+ return Status::Overflowed;
|
|
|
|
|
+ return expandCapacity(checkedNewCapacity);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
-void MarkedArgumentBufferBase::expandCapacity(int newCapacity)
|
|
|
|
|
+auto MarkedVectorBase::expandCapacity(int newCapacity) -> Status
|
|
|
|
|
{
|
|
|
|
|
setNeedsOverflowCheck();
|
|
|
|
|
ASSERT(m_capacity < newCapacity);
|
|
|
|
|
auto checkedSize = CheckedSize(newCapacity) * sizeof(EncodedJSValue);
|
|
|
|
|
if (UNLIKELY(checkedSize.hasOverflowed()))
|
|
|
|
|
- return this->overflowed();
|
|
|
|
|
+ return Status::Overflowed;
|
|
|
|
|
EncodedJSValue* newBuffer = static_cast<EncodedJSValue*>(Gigacage::tryMalloc(Gigacage::JSValue, checkedSize));
|
|
|
|
|
if (!newBuffer)
|
|
|
|
|
- return this->overflowed();
|
|
|
|
|
+ return Status::Overflowed;
|
|
|
|
|
for (int i = 0; i < m_size; ++i) {
|
|
|
|
|
newBuffer[i] = m_buffer[i];
|
|
|
|
|
addMarkSet(JSValue::decode(m_buffer[i]));
|
|
|
|
|
@@ -103,21 +103,23 @@ void MarkedArgumentBufferBase::expandCapacity(int newCapacity)
|
|
|
|
|
|
|
|
|
|
m_buffer = newBuffer;
|
|
|
|
|
m_capacity = newCapacity;
|
|
|
|
|
+ return Status::Success;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
-void MarkedArgumentBufferBase::slowAppend(JSValue v)
|
|
|
|
|
+auto MarkedVectorBase::slowAppend(JSValue v) -> Status
|
|
|
|
|
{
|
|
|
|
|
ASSERT(m_size <= m_capacity);
|
|
|
|
|
- if (m_size == m_capacity)
|
|
|
|
|
- expandCapacity();
|
|
|
|
|
- if (UNLIKELY(Base::hasOverflowed())) {
|
|
|
|
|
- ASSERT(m_needsOverflowCheck);
|
|
|
|
|
- return;
|
|
|
|
|
+ if (m_size == m_capacity) {
|
|
|
|
|
+ auto status = expandCapacity();
|
|
|
|
|
+ if (status == Status::Overflowed) {
|
|
|
|
|
+ ASSERT(m_needsOverflowCheck);
|
|
|
|
|
+ return status;
|
|
|
|
|
+ }
|
|
|
|
|
}
|
|
|
|
|
-
|
|
|
|
|
slotFor(m_size) = JSValue::encode(v);
|
|
|
|
|
++m_size;
|
|
|
|
|
addMarkSet(v);
|
|
|
|
|
+ return Status::Success;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
} // namespace JSC
|
|
|
|
|
diff --git a/Source/JavaScriptCore/runtime/ArgList.h b/Source/JavaScriptCore/runtime/ArgList.h
|
|
|
|
|
index 8ea9b0e308b8..07632263266b 100644
|
|
|
|
|
--- a/Source/JavaScriptCore/runtime/ArgList.h
|
|
|
|
|
+++ b/Source/JavaScriptCore/runtime/ArgList.h
|
|
|
|
|
@@ -28,20 +28,20 @@
|
|
|
|
|
|
|
|
|
|
namespace JSC {
|
|
|
|
|
|
|
|
|
|
-class alignas(alignof(EncodedJSValue)) MarkedArgumentBufferBase : public RecordOverflow {
|
|
|
|
|
- WTF_MAKE_NONCOPYABLE(MarkedArgumentBufferBase);
|
|
|
|
|
- WTF_MAKE_NONMOVABLE(MarkedArgumentBufferBase);
|
|
|
|
|
+class alignas(alignof(EncodedJSValue)) MarkedVectorBase {
|
|
|
|
|
+ WTF_MAKE_NONCOPYABLE(MarkedVectorBase);
|
|
|
|
|
+ WTF_MAKE_NONMOVABLE(MarkedVectorBase);
|
|
|
|
|
WTF_FORBID_HEAP_ALLOCATION;
|
|
|
|
|
friend class VM;
|
|
|
|
|
friend class ArgList;
|
|
|
|
|
|
|
|
|
|
+protected:
|
|
|
|
|
+ enum class Status { Success, Overflowed };
|
|
|
|
|
public:
|
|
|
|
|
- using Base = RecordOverflow;
|
|
|
|
|
- typedef HashSet<MarkedArgumentBufferBase*> ListSet;
|
|
|
|
|
+ typedef HashSet<MarkedVectorBase*> ListSet;
|
|
|
|
|
|
|
|
|
|
- ~MarkedArgumentBufferBase()
|
|
|
|
|
+ ~MarkedVectorBase()
|
|
|
|
|
{
|
|
|
|
|
- ASSERT(!m_needsOverflowCheck);
|
|
|
|
|
if (m_markSet)
|
|
|
|
|
m_markSet->remove(this);
|
|
|
|
|
|
|
|
|
|
@@ -52,92 +52,20 @@ public:
|
|
|
|
|
size_t size() const { return m_size; }
|
|
|
|
|
bool isEmpty() const { return !m_size; }
|
|
|
|
|
|
|
|
|
|
- JSValue at(int i) const
|
|
|
|
|
- {
|
|
|
|
|
- if (i >= m_size)
|
|
|
|
|
- return jsUndefined();
|
|
|
|
|
-
|
|
|
|
|
- return JSValue::decode(slotFor(i));
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- void clear()
|
|
|
|
|
- {
|
|
|
|
|
- ASSERT(!m_needsOverflowCheck);
|
|
|
|
|
- clearOverflow();
|
|
|
|
|
- m_size = 0;
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- enum OverflowCheckAction {
|
|
|
|
|
- CrashOnOverflow,
|
|
|
|
|
- WillCheckLater
|
|
|
|
|
- };
|
|
|
|
|
- template<OverflowCheckAction action>
|
|
|
|
|
- void appendWithAction(JSValue v)
|
|
|
|
|
- {
|
|
|
|
|
- ASSERT(m_size <= m_capacity);
|
|
|
|
|
- if (m_size == m_capacity || mallocBase()) {
|
|
|
|
|
- slowAppend(v);
|
|
|
|
|
- if (action == CrashOnOverflow)
|
|
|
|
|
- RELEASE_ASSERT(!hasOverflowed());
|
|
|
|
|
- return;
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- slotFor(m_size) = JSValue::encode(v);
|
|
|
|
|
- ++m_size;
|
|
|
|
|
- }
|
|
|
|
|
- void append(JSValue v) { appendWithAction<WillCheckLater>(v); }
|
|
|
|
|
- void appendWithCrashOnOverflow(JSValue v) { appendWithAction<CrashOnOverflow>(v); }
|
|
|
|
|
-
|
|
|
|
|
void removeLast()
|
|
|
|
|
{
|
|
|
|
|
ASSERT(m_size);
|
|
|
|
|
m_size--;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
- JSValue last()
|
|
|
|
|
- {
|
|
|
|
|
- ASSERT(m_size);
|
|
|
|
|
- return JSValue::decode(slotFor(m_size - 1));
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- JSValue takeLast()
|
|
|
|
|
- {
|
|
|
|
|
- JSValue result = last();
|
|
|
|
|
- removeLast();
|
|
|
|
|
- return result;
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
template<typename Visitor> static void markLists(Visitor&, ListSet&);
|
|
|
|
|
|
|
|
|
|
- void ensureCapacity(size_t requestedCapacity)
|
|
|
|
|
- {
|
|
|
|
|
- if (requestedCapacity > static_cast<size_t>(m_capacity))
|
|
|
|
|
- slowEnsureCapacity(requestedCapacity);
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- bool hasOverflowed()
|
|
|
|
|
- {
|
|
|
|
|
- clearNeedsOverflowCheck();
|
|
|
|
|
- return Base::hasOverflowed();
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
void overflowCheckNotNeeded() { clearNeedsOverflowCheck(); }
|
|
|
|
|
|
|
|
|
|
- template<typename Functor>
|
|
|
|
|
- void fill(size_t count, const Functor& func)
|
|
|
|
|
- {
|
|
|
|
|
- ASSERT(!m_size);
|
|
|
|
|
- ensureCapacity(count);
|
|
|
|
|
- if (Base::hasOverflowed())
|
|
|
|
|
- return;
|
|
|
|
|
- m_size = count;
|
|
|
|
|
- func(reinterpret_cast<JSValue*>(&slotFor(0)));
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
protected:
|
|
|
|
|
// Constructor for a read-write list, to which you may append values.
|
|
|
|
|
// FIXME: Remove all clients of this API, then remove this API.
|
|
|
|
|
- MarkedArgumentBufferBase(size_t capacity)
|
|
|
|
|
+ MarkedVectorBase(size_t capacity)
|
|
|
|
|
: m_size(0)
|
|
|
|
|
, m_capacity(capacity)
|
|
|
|
|
, m_buffer(inlineBuffer())
|
|
|
|
|
@@ -147,17 +75,16 @@ protected:
|
|
|
|
|
|
|
|
|
|
EncodedJSValue* inlineBuffer()
|
|
|
|
|
{
|
|
|
|
|
- return bitwise_cast<EncodedJSValue*>(bitwise_cast<uint8_t*>(this) + sizeof(MarkedArgumentBufferBase));
|
|
|
|
|
+ return bitwise_cast<EncodedJSValue*>(bitwise_cast<uint8_t*>(this) + sizeof(MarkedVectorBase));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
-private:
|
|
|
|
|
- void expandCapacity();
|
|
|
|
|
- void expandCapacity(int newCapacity);
|
|
|
|
|
- void slowEnsureCapacity(size_t requestedCapacity);
|
|
|
|
|
+ Status expandCapacity();
|
|
|
|
|
+ Status expandCapacity(int newCapacity);
|
|
|
|
|
+ Status slowEnsureCapacity(size_t requestedCapacity);
|
|
|
|
|
|
|
|
|
|
void addMarkSet(JSValue);
|
|
|
|
|
|
|
|
|
|
- JS_EXPORT_PRIVATE void slowAppend(JSValue);
|
|
|
|
|
+ JS_EXPORT_PRIVATE Status slowAppend(JSValue);
|
|
|
|
|
|
|
|
|
|
EncodedJSValue& slotFor(int item) const
|
|
|
|
|
{
|
|
|
|
|
@@ -172,11 +99,14 @@ private:
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#if ASSERT_ENABLED
|
|
|
|
|
- void setNeedsOverflowCheck() { m_needsOverflowCheck = true; }
|
|
|
|
|
+ void disableNeedsOverflowCheck() { m_overflowCheckEnabled = false; }
|
|
|
|
|
+ void setNeedsOverflowCheck() { m_needsOverflowCheck = m_overflowCheckEnabled; }
|
|
|
|
|
void clearNeedsOverflowCheck() { m_needsOverflowCheck = false; }
|
|
|
|
|
|
|
|
|
|
bool m_needsOverflowCheck { false };
|
|
|
|
|
+ bool m_overflowCheckEnabled { true };
|
|
|
|
|
#else
|
|
|
|
|
+ void disableNeedsOverflowCheck() { }
|
|
|
|
|
void setNeedsOverflowCheck() { }
|
|
|
|
|
void clearNeedsOverflowCheck() { }
|
|
|
|
|
#endif // ASSERT_ENABLED
|
|
|
|
|
@@ -186,22 +116,114 @@ private:
|
|
|
|
|
ListSet* m_markSet;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
-template<size_t passedInlineCapacity = 8>
|
|
|
|
|
-class MarkedArgumentBufferWithSize : public MarkedArgumentBufferBase {
|
|
|
|
|
+template<typename T, size_t passedInlineCapacity = 8, class OverflowHandler = CrashOnOverflow>
|
|
|
|
|
+class MarkedVector : public OverflowHandler, public MarkedVectorBase {
|
|
|
|
|
public:
|
|
|
|
|
static constexpr size_t inlineCapacity = passedInlineCapacity;
|
|
|
|
|
|
|
|
|
|
- MarkedArgumentBufferWithSize()
|
|
|
|
|
- : MarkedArgumentBufferBase(inlineCapacity)
|
|
|
|
|
+ MarkedVector()
|
|
|
|
|
+ : MarkedVectorBase(inlineCapacity)
|
|
|
|
|
{
|
|
|
|
|
ASSERT(inlineBuffer() == m_inlineBuffer);
|
|
|
|
|
+ if constexpr (std::is_same_v<OverflowHandler, CrashOnOverflow>) {
|
|
|
|
|
+ // CrashOnOverflow handles overflows immediately. So, we do not
|
|
|
|
|
+ // need to check for it after.
|
|
|
|
|
+ disableNeedsOverflowCheck();
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ auto at(int i) const -> decltype(auto)
|
|
|
|
|
+ {
|
|
|
|
|
+ if constexpr (std::is_same_v<T, JSValue>) {
|
|
|
|
|
+ if (i >= m_size)
|
|
|
|
|
+ return jsUndefined();
|
|
|
|
|
+ return JSValue::decode(slotFor(i));
|
|
|
|
|
+ } else {
|
|
|
|
|
+ if (i >= m_size)
|
|
|
|
|
+ return static_cast<T>(nullptr);
|
|
|
|
|
+ return jsCast<T>(JSValue::decode(slotFor(i)).asCell());
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ void clear()
|
|
|
|
|
+ {
|
|
|
|
|
+ ASSERT(!m_needsOverflowCheck);
|
|
|
|
|
+ OverflowHandler::clearOverflow();
|
|
|
|
|
+ m_size = 0;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ void append(T v)
|
|
|
|
|
+ {
|
|
|
|
|
+ ASSERT(m_size <= m_capacity);
|
|
|
|
|
+ if (m_size == m_capacity || mallocBase()) {
|
|
|
|
|
+ if (slowAppend(v) == Status::Overflowed)
|
|
|
|
|
+ this->overflowed();
|
|
|
|
|
+ return;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ slotFor(m_size) = JSValue::encode(v);
|
|
|
|
|
+ ++m_size;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ void appendWithCrashOnOverflow(T v)
|
|
|
|
|
+ {
|
|
|
|
|
+ append(v);
|
|
|
|
|
+ if constexpr (!std::is_same<OverflowHandler, CrashOnOverflow>::value)
|
|
|
|
|
+ RELEASE_ASSERT(!this->hasOverflowed());
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ auto last() const -> decltype(auto)
|
|
|
|
|
+ {
|
|
|
|
|
+ if constexpr (std::is_same_v<T, JSValue>) {
|
|
|
|
|
+ ASSERT(m_size);
|
|
|
|
|
+ return JSValue::decode(slotFor(m_size - 1));
|
|
|
|
|
+ } else {
|
|
|
|
|
+ ASSERT(m_size);
|
|
|
|
|
+ return jsCast<T>(JSValue::decode(slotFor(m_size - 1)).asCell());
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ JSValue takeLast()
|
|
|
|
|
+ {
|
|
|
|
|
+ JSValue result = last();
|
|
|
|
|
+ removeLast();
|
|
|
|
|
+ return result;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ void ensureCapacity(size_t requestedCapacity)
|
|
|
|
|
+ {
|
|
|
|
|
+ if (requestedCapacity > static_cast<size_t>(m_capacity)) {
|
|
|
|
|
+ if (slowEnsureCapacity(requestedCapacity) == Status::Overflowed)
|
|
|
|
|
+ this->overflowed();
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ bool hasOverflowed()
|
|
|
|
|
+ {
|
|
|
|
|
+ clearNeedsOverflowCheck();
|
|
|
|
|
+ return OverflowHandler::hasOverflowed();
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ template<typename Functor>
|
|
|
|
|
+ void fill(size_t count, const Functor& func)
|
|
|
|
|
+ {
|
|
|
|
|
+ ASSERT(!m_size);
|
|
|
|
|
+ ensureCapacity(count);
|
|
|
|
|
+ if (OverflowHandler::hasOverflowed())
|
|
|
|
|
+ return;
|
|
|
|
|
+ m_size = count;
|
|
|
|
|
+ func(reinterpret_cast<JSValue*>(&slotFor(0)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
EncodedJSValue m_inlineBuffer[inlineCapacity] { };
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
-using MarkedArgumentBuffer = MarkedArgumentBufferWithSize<>;
|
|
|
|
|
+template<size_t passedInlineCapacity>
|
|
|
|
|
+class MarkedArgumentBufferWithSize : public MarkedVector<JSValue, passedInlineCapacity, RecordOverflow> {
|
|
|
|
|
+};
|
|
|
|
|
+
|
|
|
|
|
+using MarkedArgumentBuffer = MarkedVector<JSValue, 8, RecordOverflow>;
|
|
|
|
|
|
|
|
|
|
class ArgList {
|
|
|
|
|
WTF_MAKE_FAST_ALLOCATED;
|
|
|
|
|
diff --git a/Source/WebCore/Modules/webaudio/AudioWorkletProcessor.cpp b/Source/WebCore/Modules/webaudio/AudioWorkletProcessor.cpp
|
|
|
|
|
index c8c486a6e9a6..4f0a26574132 100644
|
|
|
|
|
--- a/Source/WebCore/Modules/webaudio/AudioWorkletProcessor.cpp
|
|
|
|
|
+++ b/Source/WebCore/Modules/webaudio/AudioWorkletProcessor.cpp
|
|
|
|
|
@@ -1,5 +1,5 @@
|
|
|
|
|
/*
|
|
|
|
|
- * Copyright (C) 2020 Apple Inc. All rights reserved.
|
|
|
|
|
+ * Copyright (C) 2020-2023 Apple Inc. All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
@@ -218,7 +218,7 @@ AudioWorkletProcessor::AudioWorkletProcessor(AudioWorkletGlobalScope& globalScop
|
|
|
|
|
ASSERT(!isMainThread());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
-void AudioWorkletProcessor::buildJSArguments(VM& vm, JSGlobalObject& globalObject, MarkedArgumentBufferBase& args, const Vector<RefPtr<AudioBus>>& inputs, Vector<Ref<AudioBus>>& outputs, const HashMap<String, std::unique_ptr<AudioFloatArray>>& paramValuesMap)
|
|
|
|
|
+void AudioWorkletProcessor::buildJSArguments(VM& vm, JSGlobalObject& globalObject, MarkedArgumentBuffer& args, const Vector<RefPtr<AudioBus>>& inputs, Vector<Ref<AudioBus>>& outputs, const HashMap<String, std::unique_ptr<AudioFloatArray>>& paramValuesMap)
|
|
|
|
|
{
|
|
|
|
|
// For performance reasons, we cache the arrays passed to JS and reconstruct them only when the topology changes.
|
|
|
|
|
if (!copyDataFromBusesToJSArray(vm, globalObject, inputs, toJSArray(m_jsInputs)))
|
|
|
|
|
diff --git a/Source/WebCore/Modules/webaudio/AudioWorkletProcessor.h b/Source/WebCore/Modules/webaudio/AudioWorkletProcessor.h
|
|
|
|
|
index 7d256ea557bb..9ad78225ee51 100644
|
|
|
|
|
--- a/Source/WebCore/Modules/webaudio/AudioWorkletProcessor.h
|
|
|
|
|
+++ b/Source/WebCore/Modules/webaudio/AudioWorkletProcessor.h
|
|
|
|
|
@@ -1,5 +1,5 @@
|
|
|
|
|
/*
|
|
|
|
|
- * Copyright (C) 2020 Apple Inc. All rights reserved.
|
|
|
|
|
+ * Copyright (C) 2020-2023 Apple Inc. All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
@@ -40,7 +40,8 @@
|
|
|
|
|
|
|
|
|
|
namespace JSC {
|
|
|
|
|
class JSArray;
|
|
|
|
|
-class MarkedArgumentBufferBase;
|
|
|
|
|
+template<typename T, size_t, class> class MarkedVector;
|
|
|
|
|
+using MarkedArgumentBuffer = MarkedVector<JSValue, 8, RecordOverflow>;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
namespace WebCore {
|
|
|
|
|
@@ -69,7 +70,7 @@ public:
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
explicit AudioWorkletProcessor(AudioWorkletGlobalScope&, const AudioWorkletProcessorConstructionData&);
|
|
|
|
|
- void buildJSArguments(JSC::VM&, JSC::JSGlobalObject&, JSC::MarkedArgumentBufferBase&, const Vector<RefPtr<AudioBus>>& inputs, Vector<Ref<AudioBus>>& outputs, const HashMap<String, std::unique_ptr<AudioFloatArray>>& paramValuesMap);
|
|
|
|
|
+ void buildJSArguments(JSC::VM&, JSC::JSGlobalObject&, JSC::MarkedArgumentBuffer&, const Vector<RefPtr<AudioBus>>& inputs, Vector<Ref<AudioBus>>& outputs, const HashMap<String, std::unique_ptr<AudioFloatArray>>& paramValuesMap);
|
|
|
|
|
|
|
|
|
|
AudioWorkletGlobalScope& m_globalScope;
|
|
|
|
|
String m_name;
|
|
|
|
|
diff --git a/Source/WebCore/bindings/js/SerializedScriptValue.cpp b/Source/WebCore/bindings/js/SerializedScriptValue.cpp
|
|
|
|
|
index 2e6038948a8a..a9841fe057b8 100644
|
|
|
|
|
--- a/Source/WebCore/bindings/js/SerializedScriptValue.cpp
|
|
|
|
|
+++ b/Source/WebCore/bindings/js/SerializedScriptValue.cpp
|
|
|
|
|
@@ -539,6 +539,7 @@ static const unsigned StringDataIs8BitFlag = 0x80000000;
|
|
|
|
|
using DeserializationResult = std::pair<JSC::JSValue, SerializationReturnCode>;
|
|
|
|
|
|
|
|
|
|
class CloneBase {
|
|
|
|
|
+ WTF_FORBID_HEAP_ALLOCATION;
|
|
|
|
|
protected:
|
|
|
|
|
CloneBase(JSGlobalObject* lexicalGlobalObject)
|
|
|
|
|
: m_lexicalGlobalObject(lexicalGlobalObject)
|
|
|
|
|
@@ -616,6 +617,7 @@ template <> bool writeLittleEndian<uint8_t>(Vector<uint8_t>& buffer, const uint8
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
class CloneSerializer : CloneBase {
|
|
|
|
|
+ WTF_FORBID_HEAP_ALLOCATION;
|
|
|
|
|
public:
|
|
|
|
|
static SerializationReturnCode serialize(JSGlobalObject* lexicalGlobalObject, JSValue value, Vector<RefPtr<MessagePort>>& messagePorts, Vector<RefPtr<JSC::ArrayBuffer>>& arrayBuffers, const Vector<RefPtr<ImageBitmap>>& imageBitmaps,
|
|
|
|
|
#if ENABLE(OFFSCREEN_CANVAS_IN_WORKERS)
|
|
|
|
|
@@ -2148,6 +2150,7 @@ SerializationReturnCode CloneSerializer::serialize(JSValue in)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
class CloneDeserializer : CloneBase {
|
|
|
|
|
+ WTF_FORBID_HEAP_ALLOCATION;
|
|
|
|
|
public:
|
|
|
|
|
static String deserializeString(const Vector<uint8_t>& buffer)
|
|
|
|
|
{
|
|
|
|
|
@@ -3920,10 +3923,10 @@ DeserializationResult CloneDeserializer::deserialize()
|
|
|
|
|
|
|
|
|
|
Vector<uint32_t, 16> indexStack;
|
|
|
|
|
Vector<Identifier, 16> propertyNameStack;
|
|
|
|
|
- Vector<JSObject*, 32> outputObjectStack;
|
|
|
|
|
- Vector<JSValue, 4> mapKeyStack;
|
|
|
|
|
- Vector<JSMap*, 4> mapStack;
|
|
|
|
|
- Vector<JSSet*, 4> setStack;
|
|
|
|
|
+ MarkedVector<JSObject*, 32> outputObjectStack;
|
|
|
|
|
+ MarkedVector<JSValue, 4> mapKeyStack;
|
|
|
|
|
+ MarkedVector<JSMap*, 4> mapStack;
|
|
|
|
|
+ MarkedVector<JSSet*, 4> setStack;
|
|
|
|
|
Vector<WalkerState, 16> stateStack;
|
|
|
|
|
WalkerState lexicalGlobalObject = StateUnknown;
|
|
|
|
|
JSValue outValue;
|
|
|
|
|
--
|
|
|
|
|
2.40.0
|
|
|
|
|
|