Modified: trunk/Source/_javascript_Core/ChangeLog (240858 => 240859)
--- trunk/Source/_javascript_Core/ChangeLog 2019-02-01 17:49:10 UTC (rev 240858)
+++ trunk/Source/_javascript_Core/ChangeLog 2019-02-01 18:59:55 UTC (rev 240859)
@@ -1,3 +1,16 @@
+2019-02-01 Yusuke Suzuki <ysuz...@apple.com>
+
+ [JSC] Remove cellJSValueOOBSpace
+ https://bugs.webkit.org/show_bug.cgi?id=194145
+
+ Reviewed by Mark Lam.
+
+ * runtime/JSObject.h:
+ (JSC::JSObject::subspaceFor): Deleted.
+ * runtime/VM.cpp:
+ (JSC::VM::VM):
+ * runtime/VM.h:
+
2019-01-31 Mark Lam <mark....@apple.com>
Remove poisoning from CodeBlock and LLInt code.
Modified: trunk/Source/_javascript_Core/runtime/JSObject.h (240858 => 240859)
--- trunk/Source/_javascript_Core/runtime/JSObject.h 2019-02-01 17:49:10 UTC (rev 240858)
+++ trunk/Source/_javascript_Core/runtime/JSObject.h 2019-02-01 18:59:55 UTC (rev 240859)
@@ -104,12 +104,6 @@
public:
typedef JSCell Base;
- template<typename>
- static CompleteSubspace* subspaceFor(VM& vm)
- {
- return &vm.cellJSValueOOBSpace;
- }
-
// This is a super dangerous method for JITs. Sometimes the JITs will want to create either a
// JSFinalObject or a JSArray. This is the method that will do that.
static JSObject* createRawObject(ExecState* exec, Structure* structure, Butterfly* = nullptr);
Modified: trunk/Source/_javascript_Core/runtime/VM.cpp (240858 => 240859)
--- trunk/Source/_javascript_Core/runtime/VM.cpp 2019-02-01 17:49:10 UTC (rev 240858)
+++ trunk/Source/_javascript_Core/runtime/VM.cpp 2019-02-01 18:59:55 UTC (rev 240859)
@@ -281,7 +281,6 @@
, primitiveGigacageAuxiliarySpace("Primitive Gigacage Auxiliary", heap, auxiliaryHeapCellType.get(), primitiveGigacageAllocator.get())
, jsValueGigacageAuxiliarySpace("JSValue Gigacage Auxiliary", heap, auxiliaryHeapCellType.get(), jsValueGigacageAllocator.get())
, immutableButterflyJSValueGigacageAuxiliarySpace("ImmutableButterfly Gigacage JSCellWithInteriorPointers", heap, immutableButterflyHeapCellType.get(), jsValueGigacageAllocator.get())
- , cellJSValueOOBSpace("JSCell JSValueOOB", heap, cellJSValueOOBHeapCellType.get(), fastMallocAllocator.get())
, cellDangerousBitsSpace("JSCell DangerousBits", heap, cellDangerousBitsHeapCellType.get(), fastMallocAllocator.get())
, jsValueGigacageCellSpace("JSValue Gigacage JSCell", heap, cellJSValueOOBHeapCellType.get(), jsValueGigacageAllocator.get())
, destructibleCellSpace("Destructible JSCell", heap, destructibleCellHeapCellType.get(), fastMallocAllocator.get())
Modified: trunk/Source/_javascript_Core/runtime/VM.h (240858 => 240859)
--- trunk/Source/_javascript_Core/runtime/VM.h 2019-02-01 17:49:10 UTC (rev 240858)
+++ trunk/Source/_javascript_Core/runtime/VM.h 2019-02-01 18:59:55 UTC (rev 240859)
@@ -359,7 +359,6 @@
}
// Whenever possible, use subspaceFor<CellType>(vm) to get one of these subspaces.
- CompleteSubspace cellJSValueOOBSpace;
CompleteSubspace cellDangerousBitsSpace;
CompleteSubspace jsValueGigacageCellSpace; // FIXME: This space is problematic because we have things in here like DirectArguments and ScopedArguments; those should be split into JSValueOOB cells and JSValueStrict auxiliaries. https://bugs.webkit.org/show_bug.cgi?id=182858
CompleteSubspace destructibleCellSpace;