Implementing this would require each TypeSet keeping track of which StructureIDs it has seen that have been garbage collected. Currently, when a GC happens, each TypeSet will clear its StructureID cache, this change would require a more sophisticated purging of the StructureIDs a TypeSet has seen to only remove the StructureIDs that are being GCed.
Created attachment 239854 [details] patch
Comment on attachment 239854 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=239854&action=review > Source/JavaScriptCore/runtime/TypeProfiler.h:117 > + std::unique_ptr<Bag<TypeLocation>> m_typeLocationInfo; Maybe you could just do Bag<TypeLocation>. A Bag is just a pointer-sized word if it's empty; > Source/JavaScriptCore/runtime/TypeSet.cpp:115 > + Vector<Structure*> willBeSwept; > + for (Structure* structure : m_structureSet) { > + if (!Heap::isMarked(structure)) > + willBeSwept.append(structure); > + } > + for (Structure* structure : willBeSwept) > + m_structureSet.remove(structure); Now that we have all of the C++, this could be written as: m_structureSet.genericFilter([] (Structure* structure) -> bool { return Heap::isMarked(sturcture); });
Created attachment 239956 [details] patch with suggested changes.
Comment on attachment 239956 [details] patch Committed r174789: http://trac.webkit.org/changeset/174789