In order to get rid of ClassInfo from our objects, we need to be able to safely get the ClassInfo during the destruction of objects. We'd like to get the ClassInfo out of the Structure, but currently it is not safe to do so because the order of destruction of objects is not guaranteed to sweep objects before their corresponding Structure. We can fix this by sweeping Structures after everything else.
Created attachment 155389 [details] Patch
Comment on attachment 155389 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=155389&action=review > Source/JavaScriptCore/heap/HeapTimer.h:44 > + Kill it with fire! > Source/JavaScriptCore/heap/IncrementalSweeper.cpp:74 > + return !m_blocksToSweep.size() || m_currentBlockToSweepIndex >= m_blocksToSweep.size(); I can has assert that m_currentBlockToSweepIndex <= m_blocksToSweep.size()
Committed r124123: <http://trac.webkit.org/changeset/124123>
Comment on attachment 155389 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=155389&action=review > Source/JavaScriptCore/heap/IncrementalSweeper.cpp:83 > + MarkedBlock* block = m_blocksToSweep[m_currentBlockToSweepIndex]; > + if (block->onlyContainsStructures()) { > + m_currentBlockToSweepIndex++; > + continue; This logic gets a little whacky. Can't we just arrange for all the Structure blocks to be added to the array last, so we naturally sweep them last?
Re-opened since this is blocked by 92700
Created attachment 155621 [details] Patch
Committed r124265: <http://trac.webkit.org/changeset/124265>